Ezinsukwini ezimbalwa ezedlule, kwamenyezelwa ulwazi mayelana nokuhlolwa kwezokuphepha eyembule ubungozi obuhlanu ku-terminal multiplexer edumile I-GNU Screen, esetshenziselwa ukuphatha izikhathi eziningi zekhonsoli kutheminali eyodwa.
Okukodwa kwakho (CVE-2025-23395, ubungozi obuyingozi kakhulu) ivumela umhlaseli ukuthi athole amalungelo ezimpande kumasistimu athintekile (ukuba sengozini kuthinta kuphela inguqulo 5.0.0 ye-GNU Screen), okuhlanganisa nokusatshalaliswa okufana ne-Fedora, i-Arch Linux, i-NetBSD, phakathi kokunye. Ezinye izinguqulo ezifana ne-Debian, Ubuntu kanye ne-RHEL, nokho, zisasebenzisa igatsha le-4.x, elingekho engozini yaleli phutha elithile.
I-CVE-2025-23395: Ukwenyuka Kwelungelo Elibalulekile
Kuthiwa inkinga iyenzeka lapho isikrini se-GNU sisetshenziswa ne-setuid root bit (icala lika-Arch ne-NetBSD), kusukelafuthi umsebenzi we-logfile_reopen() usetshenziswa ngaphambi kokwehlisa amalungelo, okuvumela umsebenzisi ukukhohlisa ukubhalisa ukuze abhale amafayela angenangqondo njengempande. Epulazini elijwayelekile, futhiUmhlaseli ususa ifayela lokungena langempela futhi esikhundleni salo alifake isixhumanisi esingokomfanekiso. kufayela lesistimu. Lapho uphinda uvula ifayela, Isikrini silibhala ngezimvume zezimpande, sivumela okuqukethwe okunonya ukuthi kungene.
Le nkinga ithinta i-Screen 5.0.0 uma isebenza ngamalungelo e-setuid-root. Umsebenzi we-logfile_reopen() awususi amalungelo lapho usebenza endleleni enikezwe umsebenzisi. Lokhu kuvumela abasebenzisi abangenamalungelo ukuthi bakhe amafayela ezindaweni ezingafanele ezinobunikazi bempande, ubunikazi beqembu (langempela) bomsebenzisi ocelayo, kanye nemodi yefayela 0644. Yonke idatha ebhalwe ku-Screen PTY izofakwa kuleli fayela. Amafayela akhona nawo angasetshenziselwa ukubhaliswa ngale ndlela: idatha izokwengezwa efayeleni okukhulunywa ngalo, kodwa imodi yefayela nobunikazi kuzohlala kungashintshiwe.
Lokhu kuhlasela kungaholela ekulawuleni ngokuphelele uhlelo uma luxhashazwe ngendlela efanele, njengoba ikuvumela ukuthi uguqule amafayela abucayi noma uguqule izikripthi zokuqalisa. I-Fedora ivikelwe kancane ngoba Isikrini sifakwe ne-setgid bit, sikhawulela indawo yokuhlasela.
Obunye ubungozi obuhlobene
Ukucwaninga, okwenziwa ithimba lezokuphepha le-SUSE Linux, futhi kukhombe okunye ukwehluleka okubalulekile:
- I-CVE-2025-46802: Ezikhathini zabasebenzisi abaningi, umhlaseli angathola izimvume zokufunda nokubhala zomhlaba wonke kumadivayisi e-TTY afana ne-/dev/pts/1, okuthinta womabili amagatsha angu-4.x kanye ne-5.x.
- I-CVE-2025-46803: Igatsha le-5.0 lisetha izimvume ezingavikelekile (0622) kumadivayisi we-PTY, okuvumela ukubhala inoma yimuphi umsebenzisi.
- I-CVE-2025-46804: Ukuvuza kolwazi kuvumela ukuba khona kwamafayela noma uhla lwemibhalo ukuthi kuthathwe kusetshenziswa imilayezo yamaphutha lapho kuchazwa okuguquguqukayo kwe-SCREENDIR.
- I-CVE-2025-46805: Isimo somjaho lapho kuthunyelwa amasiginali we-SIGCONT kanye ne-SIGHUP kungase kubangele ukunqatshelwa kwesevisi.
Kuphinde kwatholwa ukusetshenziswa kabi kwe-strncpy, okungabangela ukuphahlazeka lapho kusetshenziswa imiyalo ngokufometha okukhethekile, okuyinkinga etholakala egatsheni le-5.0 kuphela.
Ukushoda kwesondlo nokusekelwa yi-SUSE
Ukutholwa kwalobu bungozi kudalule izinkinga ezijulile ekunakekelweni kwesikrini se-GNU. Ngokusho kwethimba le-SUSE, Abanakekeli bamanje bephrojekthi abayiqondi ngokugcwele isisekelo sekhodi noma izinkinga zokuphepha, okubaphoqe ukuthi bakhe iziqephu kwamanye amaphutha atholakele bebodwa. Umbiko uthunyelwe konjiniyela ngomhla ka-7 Februwari, kodwa lonke isethi yobungozi ayikwazanga ukulungiswa phakathi nesikhathi somusa esiyizinsuku ezingu-90 okuvunyelwene ngaso.
Yini okufanele uyenze uma usebenzisa i-GNU Screen?
Abasebenzisi bezinhlelo ezihlanganisa i-Screen 5.0.0 ene-setuid root kufanele ibuyekezele ngokushesha inguqulo 5.0.1 noma buyela enguqulweni ye-4.x okwesikhashana uma engekho amaphakheji atholakalayo. Njengesilinganiso sokunciphisa, i-setuid bit nayo ingasuswa esikrinini esisebenzisekayo:
sudo chmod u-s /usr/bin/screen
Nokho, Lokhu kungase kuthinte ukusebenza njengokwabelana ngeseshini phakathi kwabasebenzisi. Okokugcina, kuhle ukubalula ukuthi inguqulo esanda kukhishwa engu-5.0.1 ilungisa lokhu nezinye iziphazamisi futhi isiyatholakala ekusabalaliseni okufana ne-Arch Linux ne-FreeBSD.
Uma unjalo unentshisekelo yokwazi okwengeziwe ngayo, ungabheka imininingwane kufayela le- isixhumanisi esilandelayo.