Matsalolin da aka gano a cikin Needrestart waɗanda suka shafi Ubuntu kusan shekaru 10

  • An gano munanan lahani guda biyar a cikin buƙatun sake farawa.
  • Laifi suna ba da damar maharan gida su haɓaka gata zuwa matakin tushen.
  • Haɓaka kai tsaye zuwa sigar 3.8 ko sama shine mabuɗin don rage haɗari.
  • Rashin lahani yana nuna buƙatar amintattun saiti akan tsarin Linux.

Ana buƙatar sake farawa

bukatar sake farawa, kayan aiki mai mahimmanci ga masu amfani da Linux, sun shiga cikin jerin ƙananan lahani waɗanda zasu iya lalata tsaro na tsarin. Waɗannan kurakuran sun fi shafar rarraba tushen Ubuntu kuma an bi su a ƙarƙashin masu gano CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224 da CVE-2024-11003, kamar yadda kamar yadda aka ruwaito akan shafin yanar gizon Ubuntu na hukuma. Waɗannan matsalolin, waɗanda aka ɓoye sama da shekaru goma, suna ba wa maharan damar samun damar gida shugaba gata, don haka fallasa tsarin zuwa haɗarin haɗari.

An gano ta ƙungiyar tsaro ta Qualys, waɗannan raunin suna wakiltar muhimmiyar tunatarwa Muhimmancin kiyaye software da daidaitawa na zamani. Musamman a wurare masu mahimmanci, tabbatar da tsaro shine fifiko wanda bai kamata a raina shi ba.

Menene Need sake farawa kuma me yasa yake da mahimmanci?

Needrestart kayan aiki ne wanda, tun lokacin gabatarwar ta ta tsohuwa a cikin Ubuntu daga 21.04 version, ya zama a maɓalli don sarrafa ayyuka bayan sabuntawa. Matsayinta shine gano waɗanne ayyuka ne ake buƙatar sake kunnawa don tabbatar da cewa an sabunta ɗakunan karatu daidai. Duk da fa'idarsa, aiwatar da shi na farko ya gabatar da raunin da maharan suka yi amfani da su don haɓaka gata da kuma lalata tsaro.

Tun lokacin da aka ƙirƙira shi a cikin Afrilu 2014, Needrestart yana jigilar kaya tare da lahani masu mahimmanci waɗanda ba a daidaita su ba har sai an fitar da sigar 3.8 na kayan aiki a cikin Nuwamba 2024. Wannan yana nufin cewa Shekaru, miliyoyin sabobin suna cikin haɗari ba tare da masu gudanar da aiki sun sani ba.

Binciken rashin ƙarfi a cikin Needrestart

Waɗannan gazawar fallasa tsarin zuwa hare-hare, amma don cin moriyar su, maharin yana buƙatar shiga gida. A ƙasa akwai taƙaitaccen matsalolin da aka rubuta:

  1. CVE-2024-48990:
    • Dalilin: Yin amfani da canjin mara kyau PYTHONPATH lokacin fara Python.
    • Impact: Ba ka damar aiwatar da malicious code a matsayin tushen.
  2. CVE-2024-48991:
    • Dalilin: Yanayin tsere a ingantaccen fassarar Python.
    • Impact: Mai hari zai iya maye gurbin halaltaccen binary da mugun abu.
  3. CVE-2024-48992:
    • Dalilin: Rashin aminci amfani da m RUBYLIB a cikin fassarar Ruby.
    • Impact: Gudanar da lambar sabani a madadin mai gudanarwa.
  4. CVE-2024-10224:
    • Dalilin: Ba daidai ba sarrafa sunayen fayil a cikin tsarin ScanDeps daga Perl.
    • Impact: Yana ba da damar aiwatar da umarni mara izini.
  5. CVE-2024-11003:
    • Dalilin: Rashin aminci amfani da aikin eval() en ScanDeps.
    • Impact: Kisa na mugun code a ƙarƙashin ikon maharin.

Dabarun ragi

Don kariya daga waɗannan lahani, masana suna ba da shawarar bin waɗannan matakan:

  1. Sabunta Bukatar sake farawa: Shigar da nau'in 3.8 ko sama da haka don facin sanannun lahani. Wannan yana da mahimmanci don rufe hanyoyin kai hari.
  2. Daidaita Daidai: A cikin fayil buqatar sake farawa.conf, kashe duban fassarar ta ƙara: $nrconf{interpscan} = 0;.
  3. Ƙuntata shiga gida: Aiwatar da tsauraran manufofin tabbatarwa don iyakance wanda zai iya shiga jiki ko nesa da injin.

Tasiri kan yanayin kasuwanci

Ko da yake da rauni yana buƙatar samun damar gida don amfani, haɗarin yana da yawa a cikin mahallin kamfanoni inda Ubuntu ya shahara sosai. Sabar akan waɗannan cibiyoyin sadarwa galibi suna ɗaukar bayanai masu mahimmanci kuma suna ɗaukar aikace-aikace masu mahimmanci, don haka cin nasara na iya haifar da mummunan sakamako. Don haka, dole ne masu gudanar da tsarin su yi aiki da sauri kuma su ɗauki matakan gyara don tabbatar da gaskiya da amincin bayanan da aka karɓa akan waɗannan sabar.

Ana ɗaukaka zuwa nau'in 3.8 na Needrestart ba wai kawai yana ba da kariya daga lahani na yanzu ba, har ma. yana ƙarfafa tsaro gabaɗaya a kan yunƙurin amfani na gaba.

Gano waɗannan lahani a cikin Needrestart tunatarwa ce akan lokaci kan yadda yake da mahimmanci a kiyaye hanyar kai tsaye ga tsaro ta intanet. Matakan rigakafi da sabuntawa na yau da kullun Suna iya bambanta tsakanin tsarin tsaro da mai rauni. Linux da, musamman, masu amfani da Ubuntu yakamata su ba da fifikon waɗannan gyare-gyaren don taurare mahallin su da rage haɗarin amfani.


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.