bukatar sake farawa, kayan aiki mai mahimmanci ga masu amfani da Linux, sun shiga cikin jerin ƙananan lahani waɗanda zasu iya lalata tsaro na tsarin. Waɗannan kurakuran sun fi shafar rarraba tushen Ubuntu kuma an bi su a ƙarƙashin masu gano CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224 da CVE-2024-11003, kamar yadda kamar yadda aka ruwaito akan shafin yanar gizon Ubuntu na hukuma. Waɗannan matsalolin, waɗanda aka ɓoye sama da shekaru goma, suna ba wa maharan damar samun damar gida shugaba gata, don haka fallasa tsarin zuwa haɗarin haɗari.
An gano ta ƙungiyar tsaro ta Qualys, waɗannan raunin suna wakiltar muhimmiyar tunatarwa Muhimmancin kiyaye software da daidaitawa na zamani. Musamman a wurare masu mahimmanci, tabbatar da tsaro shine fifiko wanda bai kamata a raina shi ba.
Menene Need sake farawa kuma me yasa yake da mahimmanci?
Needrestart kayan aiki ne wanda, tun lokacin gabatarwar ta ta tsohuwa a cikin Ubuntu daga 21.04 version, ya zama a maɓalli don sarrafa ayyuka bayan sabuntawa. Matsayinta shine gano waɗanne ayyuka ne ake buƙatar sake kunnawa don tabbatar da cewa an sabunta ɗakunan karatu daidai. Duk da fa'idarsa, aiwatar da shi na farko ya gabatar da raunin da maharan suka yi amfani da su don haɓaka gata da kuma lalata tsaro.
Tun lokacin da aka ƙirƙira shi a cikin Afrilu 2014, Needrestart yana jigilar kaya tare da lahani masu mahimmanci waɗanda ba a daidaita su ba har sai an fitar da sigar 3.8 na kayan aiki a cikin Nuwamba 2024. Wannan yana nufin cewa Shekaru, miliyoyin sabobin suna cikin haɗari ba tare da masu gudanar da aiki sun sani ba.
Binciken rashin ƙarfi a cikin Needrestart
Waɗannan gazawar fallasa tsarin zuwa hare-hare, amma don cin moriyar su, maharin yana buƙatar shiga gida. A ƙasa akwai taƙaitaccen matsalolin da aka rubuta:
- CVE-2024-48990:
- Dalilin: Yin amfani da canjin mara kyau PYTHONPATH lokacin fara Python.
- Impact: Ba ka damar aiwatar da malicious code a matsayin tushen.
- CVE-2024-48991:
- Dalilin: Yanayin tsere a ingantaccen fassarar Python.
- Impact: Mai hari zai iya maye gurbin halaltaccen binary da mugun abu.
- CVE-2024-48992:
- Dalilin: Rashin aminci amfani da m RUBYLIB a cikin fassarar Ruby.
- Impact: Gudanar da lambar sabani a madadin mai gudanarwa.
- CVE-2024-10224:
- Dalilin: Ba daidai ba sarrafa sunayen fayil a cikin tsarin ScanDeps daga Perl.
- Impact: Yana ba da damar aiwatar da umarni mara izini.
- CVE-2024-11003:
- Dalilin: Rashin aminci amfani da aikin eval() en ScanDeps.
- Impact: Kisa na mugun code a ƙarƙashin ikon maharin.
Dabarun ragi
Don kariya daga waɗannan lahani, masana suna ba da shawarar bin waɗannan matakan:
- Sabunta Bukatar sake farawa: Shigar da nau'in 3.8 ko sama da haka don facin sanannun lahani. Wannan yana da mahimmanci don rufe hanyoyin kai hari.
- Daidaita Daidai: A cikin fayil buqatar sake farawa.conf, kashe duban fassarar ta ƙara:
$nrconf{interpscan} = 0;
. - Ƙuntata shiga gida: Aiwatar da tsauraran manufofin tabbatarwa don iyakance wanda zai iya shiga jiki ko nesa da injin.
Tasiri kan yanayin kasuwanci
Ko da yake da rauni yana buƙatar samun damar gida don amfani, haɗarin yana da yawa a cikin mahallin kamfanoni inda Ubuntu ya shahara sosai. Sabar akan waɗannan cibiyoyin sadarwa galibi suna ɗaukar bayanai masu mahimmanci kuma suna ɗaukar aikace-aikace masu mahimmanci, don haka cin nasara na iya haifar da mummunan sakamako. Don haka, dole ne masu gudanar da tsarin su yi aiki da sauri kuma su ɗauki matakan gyara don tabbatar da gaskiya da amincin bayanan da aka karɓa akan waɗannan sabar.
Ana ɗaukaka zuwa nau'in 3.8 na Needrestart ba wai kawai yana ba da kariya daga lahani na yanzu ba, har ma. yana ƙarfafa tsaro gabaɗaya a kan yunƙurin amfani na gaba.
Gano waɗannan lahani a cikin Needrestart tunatarwa ce akan lokaci kan yadda yake da mahimmanci a kiyaye hanyar kai tsaye ga tsaro ta intanet. Matakan rigakafi da sabuntawa na yau da kullun Suna iya bambanta tsakanin tsarin tsaro da mai rauni. Linux da, musamman, masu amfani da Ubuntu yakamata su ba da fifikon waɗannan gyare-gyaren don taurare mahallin su da rage haɗarin amfani.