Muva nje izindaba zikuqedile lokho ikhombe ubungozi obubucayi (esivele ihlelwe njenge-CVE-2021-3781) ku-Ghostscript (iqoqo lamathuluzi wokucubungula, ukuguqula nokukhiqiza amadokhumenti ngamafomethi we-PostScript nama-PDF) lokho ivumela ukwenza ikhodi engafanele lapho ucubungula ifayela elifomethwe ngokukhethekile.
Ekuqaleni, U-Emil Lerner uveze ukuthi kunenkinga futhi okunguyena futhi okhulume ngobungozi ngo-Agasti 25noma engqungqutheleni yokugcina yaseSaint Petersburg ZeroNights X (Embikweni ukhombise ukuthi u-Emile ngaphakathi kohlelo lwe-bug bounty ukusebenzisa ubungozi ukuthola imivuzo ngokuhlaselwa kwe-AirBNB, iDropbox neYandex.Realty services).
Nanka amaslayidi avela enkulumweni yami eZeroNights X! Usuku olungu-0 lwe-GhostScript 9.50, i-RCE yokuxhaphaza uchungechunge lwe-ImageMagick ngezilungiselelo ezizenzakalelayo ezivela kuma-repos e-Ubuntu nezindaba eziningana ze-bug bounty ngaphakathi https://t.co/7JHotVa5DQ
- U-Emil Lerner (@emil_lerner) August 25, 2021
NgoSepthemba 5, ukuxhaphaza okusebenzayo kwavela isizinda somphakathi esivumela ukuhlasela kwezinhlelo ze-Ubuntu 20.04 ngokudlulisa iskripthi sewebhu esisebenza kuseva sisebenzisa iphakheji ye-php-imagemagick, idokhumenti elenzelwe ngokukhethekile elilayishwe ngaphansi kwesithunzi sesithombe.
Sinesixazululo ekuhlolweni manje.
Njengoba lokhu kuxhaphaza kubonakala sengathi bekusakazeka kusukela ngoMashi futhi kusesidlangalaleni ngokuphelele kusukela okungenani ngo-Agasti 25 (kakhulu ukudalulwa okufanele!), Ngithambekele ekuthumeleni lokho kulungiswa esidlangalaleni ngokushesha nje lapho sesiqede ukuhlolwa nokubuyekeza.
Yize ngakolunye uhlangothi, kushiwo nokuthi ngokuya ngemininingwane yokuqala, ukusetshenziswa okunjalo kusetshenziswe kusukela ngoMashi futhi kwamenyezelwa ukuthi ingahlasela amasistimu asebenzisa i-GhostScript 9.50, kepha kudalulwe ukuthi ukuba sengozini kuqhubekile kuzo zonke izinhlobo ezalandela ze-GhostScript, kufaka phakathi inguqulo yokuthuthukisa i-Git 9.55.
Ukulungiswa kwaphinde kwaphakanyiswa ngoSepthemba 8 futhi ngemuva kokubuyekezwa kontanga kwamukelwa endaweni yokugcina yamaGhostScript ngoSepthemba 9.
Njengoba ngishilo ekuqaleni, njengoba ukuxhaphaza sekube "endle" okungenani izinyanga eziyisithupha, sengivele ngithumele isichibi endaweni yethu yokugcina yomphakathi; ukugcina isichibi kuyimfihlo kulesi simo kubonakala kungenamsebenzi.
Ngizoyenza le bug ibe sesidlangalaleni ngaphambi kokuvalwa kwebhizinisi (UK) ngoLwesihlanu, futhi, ngaphandle kwalapho kunezimpikiswano eziqinile neziphoqayo zokungakwenzi lokho (usengakwazi ukuxhumana nayo, ukuyenza ibe sesidlangalaleni ngeke kuyishintshe i-URL).
Inkinga ingenxa yekhono lokudlula imodi yokuhlukanisa "-dSAFER" ngenxa yokunganele kokuqinisekiswa kwamapharamitha wedivayisi ye-PostScript "% pipe%", evumela ukwenza imiyalo yeShell engqubuzanayo.
Isibonelo, ukusebenzisa insiza yokukhomba kudokhumenti, udinga kuphela ukucacisa umucu "(% pipe% / tmp / & id) (w) file" or "(% pipe% / tmp /; id) (r) ifayela ».
Njengesikhumbuzo, ukuba sengozini ku-Ghostscript kubucayi kakhulu, ngoba leli phakheji lisetshenziswa ezinhlelweni eziningi idume ngokucubungula amafomethi we-PostScript nama-PDF. Isibonelo, i-Ghostscript ibizwa lapho idala izithonjana kwideskithophu, lapho ikhomba idatha ngemuva, nalapho kuguqulwa izithombe. Ngokuhlaselwa okuphumelelayo, ezimweni eziningi, kwanele ukulanda ifayili lokuxhaphaza noma upheqa umkhombandlela ngalo kumphathi wefayela osekela ukuboniswa kwezithonjana zedokhumenti, ngokwesibonelo eNautilus.
Ukuba sengozini ku-Ghostscript kungasetshenziswa futhi ngabalawuli bezithombe ngokususelwa kumaphakheji we-ImageMagick ne-GraphicsMagick, kudlulisa ifayili le-JPEG noma le-PNG, eliqukethe ikhodi yePostScript esikhundleni sesithombe (leli fayela lizocutshungulwa ku-Ghostscript, ngoba uhlobo lwe-MIME lwaziwa ngokuqukethwe, futhi ngaphandle kokuya ngesandiso).
Njengokusebenzela ukuvikela ekusebenziseni ubungozi ngokusebenzisa i-generator yesithonjana esizenzakalelayo ku-GNOME naku-ImageMagick, kunconywa ukukhubaza ikholi ye-evince-thumbnailer ku /usr/share/thumbnailers/evince.thumbnailer futhi ukhubaze ukunikezwa kwePS, EPS, PDF namafomethi we-XPS ku-ImageMagick,
Okokugcina Kushiwo ukuthi ekusabalalisweni okuningi inkinga ayikalungiswa (isimo sokukhishwa kwezibuyekezo singabonakala emakhasini we- Debian, Ubuntu, Fedora, SUSE, RHEL, I-Arch Linux, I-FreeBSD, I-NetBSD).
Kuyakhulunywa futhi ukuthi ukukhishwa kweGhostScript ngokuqedwa kobungozi kuhlelwe ukuthi kushicilelwe ngaphambi kokuphela kwenyanga. Uma ufuna ukwazi kabanzi ngayo, ungabheka imininingwane ku- isixhumanisi esilandelayo.