Chengetedzo chenjedzo: bug mune Sudo CVE-2017-1000367

IT Kuchengetedza

Pane a kushungurudzika kwakanyanya mune yakakurumbira Sudo chishandiso. Kukanganisika kuri nekuda kwechipenga muchirongwa cheichi chishandiso chinobvumidza chero mushandisi ane musangano muShell (kunyangwe neSELinux inogoneswa) kukwidziridza mikana yekuva mudzi. Dambudziko ririko mukusashanda kweSudo kupatsanura zvirimo / proc / [PID] / stat paunenge uchiedza kuona iyo terminal.

Iyo bhagi yakawanikwa iri chaizvo mukufona tora_process_ttyname () Sudo yeLinux, inova ndiyo inovhura dhairekitori rakambotaurwa kuti uverenge iyo tty nhamba yeiyo tty_nr munda. Uku kunetsekana kwakarongedzwa seCVE-2017-1000367 kunogona kushandiswa kuwana ropafadzo dzehurongwa, sezvandataura, saka zvakanyanyisa uye zvinokanganisa zvakawanda zvinozivikanwa uye zvakakosha kugoverwa. Asi usatyawo, ikozvino tinokuudza maitiro ekuzvidzivirira ...

Zvakanaka, iyo migove yakakanganiswa iri:

  1. Red Hat Enterprise Linux 6, 7 uye Server
  2. Oracle Enterprise 6, 7 uye Server
  3. CentOS Linux 6 uye 7
  4. Debian Wheezy, Jessie, Tambanudza, Sid
  5. Ubuntu 14.04 LTS, 16.04 LTS, 16.10 uye 17.04
  6. SuSE LInux Enterpsrise Software Development Kit 12-SP2, Server yeRaspberry Pi 12-SP2, Server 12-SP2 uye Desktop 12-SP2
  7. OpenSuSE
  8. Slackware
  9. Gentoo
  10. Arch Linux
  11. Fedora

Naizvozvo, unofanira chigamba kana kugadzirisa yako system ASAP kana iwe uine imwe yeaya masisitimu (kana zvigadzirwa):

  • ZveDebian uye zvigadzirwa (Ubuntu, ...):
sudo apt update

sudo apt upgrade

  • YeRHEL uye zvigadzirwa (CentOS, Oracle, ...):
sudo yum update

  • MuFedora:
sudo dnf update

  • SuSE uye zvigadzirwa (OpenSUSE, ...):
sudo zypper update

ArchLinux:

sudo pacman -Syu

  • Slackware:
upgradepkg sudo-1.8.20p1-i586-1_slack14.2.txz

  • Gentoo:
emerge --sync

emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.20_p1"


Makomendi gumi, siya zvako

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

  1.   fedu akadaro

    Ndeipi yaizoshandiswa Archlinux uye pakutanga?

    1.    Isaac PE akadaro

      Sawa,

      Pane zvakakanganiswa pakuisa kodhi. Iye zvino unogona kuzviona.

      Kwaziso nekutenda nekuraira.

  2.   fernan akadaro

    Hi,
    Zvakanaka, kune arch uye zvigadzirwa sudo pacman -Syyu
    Thanks.

  3.   lorabian akadaro

    Saka ndosaka Sudo yakagadziridzwa ... zvakadaro, chinhu chine njodzi inyaya yekuti hazvizivikanwe kuti ndiani, kunze kweuyo anga aine bhudhi, ndiani zvekare aiziva. Uye izvo zvinogona kuve zvine njodzi.