Ba fumane tlokotsi ho Ghostscript e sebelisitsoeng hampe ka ImageMagick

Haufinyane litaba li ile tsa senola seo e supile bofokoli bo tebileng (e seng e thathamisitsoe e le CVE-2021-3781) ho Ghostscript (sete ea lisebelisoa tsa ho sebetsana le ho fetola le ho hlahisa litokomane ka lifomate tsa PostScript le PDF) tseo e lumella ho etsa khoutu e hatellang ha o sebetsana le faele e hlophisitsoeng ka ho khetheha.

Qalong, Emil Lerner o bontšitse hore ho na le bothata mme eo hape e neng e le eena ea buileng ka ts'oaetso ka la 25 Phatokapa kopanong ea ho qetela ea Saint Petersburg ZeroNights X (Tlalehong e bonts'a kamoo Emile ka har'a lenaneo la bounty bounty a sebelisang bofokoli ho fumana meputso bakeng sa litlhaselo tsa lipontšo ho AirBNB, Dropbox le Yandex.Realty services).

Ka la 5 Loetse, ts'ebeliso e sebetsang e ile ea hlaha sebaka sa sechaba se lumellang ho hlasela litsamaiso tsa Ubuntu 20.04 ka ho fetisa sengoloa sa marang-rang se tsamaisang seva se sebelisa php-imagemagick package, tokomane e entsoeng ka mokhoa o khethehileng e laetsoeng tlasa setšoantšo sa setšoantšo.

Re na le tharollo ha re lekoa hona joale.

Kaha ts'ebetso ena e ntse e potoloha ho tloha ka Hlakubele mme e tsebahala ka botlalo ho tloha ka la 25 Phato (haholo bakeng sa ho tsebahatsa ka boikarabello!), Ke ikemiselitse ho beha tokiso eo phatlalatsa hang ha re qeta ho etsa liteko le ho e hlahloba.

Leha ka lehlakoreng le leng, ho boetse ho boletsoe hore ho latela tlhaiso-leseling ea pele, ts'ebeliso e joalo e sebelisitsoe ho tloha ka Hlakubele mme ha phatlalatsoa hore e ka hlasela litsamaiso tse sebelisang GhostScript 9.50, empa ho senotsoe hore ts'oaetso e ntse e tsoela pele liphetolelong tsohle tse latelang tsa GhostScript, ho kenyeletsoa mofuta oa ntlafatso oa Git 9.55.

Khalemelo e ile ea hlahisoa ka la 8 Loetse mme kamora tlhahlobo ea lithaka ea amoheloa polokelong ea GhostScript ka la 9 Loetse.

Joalo ka ha ke boletse pejana, kaha tlatlapo e bile "naheng" bonyane likhoeli tse 6, ke se ke rometse setsiba polokelong ea sechaba; ho boloka sekhahla e le lekunutu maemong ana ho ne ho bonahala ho se na thuso.

Ke tla tsebisa bothata bona phatlalatsa pele khoebo e haufi (UK) ka Labohlano, hape, ntle le haeba ho na le mabaka a matla le a qobellang ho se etse joalo (o ntse o ka hokahana le eona, ho e etsa hore sechaba se se fetole URL).

Bothata bo bakoa ke bokhoni ba ho feta mokhoa oa ho itšehla thajana "-dSAFER" ka lebaka la netefatso e sa lekanang ea mekhahlelo ea sesebelisoa sa PostScript "% pipe%", e neng e lumella ho phethahatsa litaelo tsa likhetla tse hatellang.

Mohlala, ho tsamaisa sesebelisoa sa boitsebiso ho tokomane, o hloka feela ho hlakisa khoele "(% pipe% / tmp / & id) (w) file" kapa "(% pipe% / tmp /; id) (r) faele ».

E le khopotso, bofokoli ho Ghostscript bo tebile haholo, hobane sephutheloana sena se sebelisoa lits'ebetsong tse ngata e tsebahala haholo bakeng sa ho sebetsana le lifomate tsa PostScript le PDF. Mohlala, Ghostscript e bitsoa ha o theha lits'oants'o tse nyane ho desktop, ha o etsa index ea data ka morao le ha o fetola litšoantšo. Bakeng sa tlhaselo e atlehileng, maemong a mangata, ho lekane ho jarolla faele ea tlatlapo kapa ho bala bukana le eona ho mookameli oa faele o ts'ehetsang ponts'o ea lits'oants'o tsa litokomane, mohlala ho Nautilus.

Likotsi ho Ghostscript e ka sebelisoa hampe ka balaoli ba litšoantšo e ipapisitse le liphutheloana tsa ImageMagick le GraphicsMagick, e fetisang file ea JPEG kapa PNG, e nang le khoutu ea PostScript sebakeng sa setšoantšo (faele ena e tla sebetsoa ho Ghostscript, kaha mofuta oa MIME o tsejoa ke litaba, ntle le ho ipapisa le katoloso).

Joalo ka ts'ebetso ea ho itšireletsa khahlano le ho sebelisa hampe ts'oaetso ka jenereithara e iketsang ea li-thumbnail ho GNOME le ImageMagick, ho kgothaletswa ho thiba mohala oa evince-thumbnailer ho /usr/share/thumbnailers/evince.thumbnailer le ho tima phano ea PS, EPS, PDF le lifomate tsa XPS ho ImageMagick,

Qetellong Ho boleloa hore likabong tse ngata bothata bo ntse bo sa rarolloe (Boemo ba ho lokolloa ha lintlafatso bo ka bonoa maqepheng a Debian, Botho, Fedora, SUSE, RHEL, Arch Linux, FreeBSD, NetBSD).

Ho boetse ho boleloa hore tokollo ea GhostScript ka ho felisa ts'oaetso e reretsoe ho phatlalatsoa pele khoeli e fela. Haeba u batla ho tseba ho eketsehileng ka eona, u ka sheba lintlha tse fumanehang ho khokahano e latelang.


Litaba tsa sengoloa sena li latela melao-motheo ea rona ea melao ea boitšoaro ea bongoli. Ho tlaleha phoso tlanya mona.

E-ba oa pele ho fana ka maikutlo

Siea maikutlo a hau

aterese ya hao ya imeile ke ke ho phatlalatswa. masimo a hlokahala a tšoailoe ka *

*

*

  1. E ikarabella bakeng sa data: Miguel Ángel Gatón
  2. Morero oa data: Laola SPAM, tsamaiso ea maikutlo.
  3. Molao: Tumello ea hau
  4. Puisano ea data: Lintlha li ke ke tsa tsebisoa batho ba boraro ntle le ka tlamo ea molao.
  5. Polokelo ea data: Database e hapiloeng ke Occentus Networks (EU)
  6. Litokelo: Nako efe kapa efe o ka fokotsa, oa hlaphoheloa mme oa hlakola tlhaiso-leseling ea hau.