Vagadziri veAuroraOS nhare yekushandisa (forogo yeiyo Sailfish inoshanda sisitimu, yakagadzirwa nekambani yeOpen Mobile Platform) akagovana gadziriso yekusagadzikana iyo yavakaona mu memcpy. Kubviswa kwekushushikana kwakanyanya (CVE-2020-6096) muGlibc, inozviratidza chete papuratifomu yeARMv7.
Ruzivo nezve kushomeka rwakaratidzwa muna Chivabvu, asi kusvika mazuva mashoma apfuura, zvigadziriso zvaive zvisipo, kunyangwe nenjodzi iri kupihwa nengozi yepamusoro uye kune inoshanda prototype yekushandisa iyo inobvumidza kuronga kuitiswa kwekodhi.
Kushandisa kwakagadzirirwa inoshanda panguva yekugadzirisa memcpy () uye memmove () mabasa yeimwe data rakamisikidzwa.
Kukosha kweGlibc ndechekuti raibhurari iyi inotsanangudza mafoni kufona uye mamwe mabasa ekutanga mukuwedzera kune anoshandiswa neanenge ese mapurogiramu
Nezve dambudziko
Kudzvinyirirwa kunoratidzwa mukuitwa memcpy () uye memmove () mumutauro wegungano weARMv7 uye zvakakonzerwa nekurongeka kwekugadziriswa kweetsika dzisina kunaka dzeparamende inoona saizi yenzvimbo.
Zvinetso nekukura kwechigamba zvakatanga apo SUSE neRed Hat vakazivisa kuti mapuratifomu avo haana kubatika nekuda kwedambudziko, sezvo ivo vasina kuumbiridza 7-bit ARMv32 masystem uye havana kutora chikamu mukugadzira chigamba.
Ivo vanogadzira akawanda akadzika akagoverwa sezviri pachena vaivimba timu yeGlibc, uye naivowo havana kutora chikamu chinoshanda mukugadzirira chigamba.
Mhinduro
Huawei akapa sarudzo kwechigamba kuvharira dambudziko nekukasira, iyo yakaedza kutsiva mirayiridzo inosangana iyo inoshanda pane yakasainwa oparesheni (bge uye blt) ine isina kusaina analogs (blo uye bhs).
Glibc vanochengetedza vakagadzira bvunzo suite kuyedza mamiriro akasiyana ekuitika kwekukanganisa, mushure zvakazoitika kuti chigamba cheHuawei hachikwane uye haigadzirise ese musanganiswa unogona we data yekuisa
Kubvira AuroraOS ine 32-bit inovaka ARM, yako vagadziri vakasarudza kuvhara kutadza kwavo vega uye taura mhinduro kunharaunda.
Dambudziko raive rekuti, zvaive zvakakodzera kunyora kuita kwakanaka kuunganidza basa racho uye funga sarudzo dzinoverengeka dzekupokana kwekuisa.
Iyo yekumisikidza yanyorwazve uchishandisa isina kunyorwa mirairo. Iyo chigamba yakazove diki, asi nyaya hombe yaive yekuchengetedza kumhanyisa kumhanyisa uye kubvisa kudzikisira kwekuita kubva mumemcpy uye memmove mabasa, uku uchichengetedza kuenderana nemisanganiswa yese yeakakosha maitiro.
Pakutanga kwaJune, mhinduro mbiri dzakagadzirirwa, kupfuura Glibc yekuchengetedza bvunzo sisitimu uye yeAurora yemukati bvunzo suite. Musi waJune 3, imwe yesarudzo yakasarudzwa ikatumirwa kune yeGlibc tsamba yekutumira.
Kwapera vhiki, imwe nzira yakafanana yakataurwa, iyo yakagadzirisa dambudziko mukuitwa kwakawanda, uko Huawei akamboedza kugadzirisa. Mwedzi wakatora kuyedzwa uye kunyoreswa zviri pamutemo nekuda kwekukosha kwechigamba.
Musi waChikunguru 8, zvigadziriso zvakagamuchirwa mubazi guru yeiyo inotevera glibc 2.32 kuburitswa. Iko kunyorera kunosanganisira maviri makwapa.
- Yekutanga yekumisikidza ndangariro Multiarch kunyorera yeARMv7
- Yechipiri yeyakajairika musangano kuisirwa memcpy () uye memmove () yeARM.
Dambudziko rinobata mamirioni eARMv7 Linux zvishandiso uye pasina kuvandudzwa kwakakodzera, varidzi vari panjodzi yekuvabatanidza kunetiweki (masevhisi nemaapplication anowanikwa padandemutande anogamuchira kupinza pasina zviyero zvesayizi zvinogona kurwiswa).
Semuenzaniso, yakagadzirirwa kugadzirira nevatsvakurudzi avo yakawana kushomeka kunoratidza maitiro ekurwisa sevha ye http inosanganisirwa mumotokari ruzivo system nekutumira chikumbiro chakakura kwazvo cheGET uye kuwana midzi yekuwana kune system.
Mapakeji mhinduro eDebian neUbuntu haasati aburitswa y kukuvadzwa kunoramba kusiri kugadziriswa kweinenge mwedzi miviri kubva panguva yekuburitswa neruzhinji uye mwedzi mishanu kubva panguva iyo vagadziri veGlibc vakaziviswa.