I-Systemd manje inemigqa yekhodi engaphezu kwezigidi eziyi-1.2

Darkcrizt

Imizuzu ye-4

I-Debian-ne-systemd

I-Systemd uhlelo lokuqalisa kanye ne-daemon eklanyelwe ngokukhethekile i-Linux kernel njengenye indlela yedemon yokuqalisa yeSystem V (sysvinit). Inhloso yayo enkulu ukuhlinzeka ngohlaka olungcono lokuphatha ukuncika phakathi kwezinsizakalo, ukuvumela ukulayishwa okufanayo kwezinsizakalo ekuqaleni nasekunciphiseni izingcingo ezibhaliwe zeShell.

Ngemuva kokudlula imigqa yekhodi eyisigidi ngo-2017, okubekiwe kwesistimu kwe-Git kukhombisa ukuthi manje ifinyelela imigqa yekhodi engu-1.207.302. Le migqa eyizigidi eziyi-1.2 isatshalaliswa kumafayela angu-3,260 futhi inama-40,057 okuqinisekiswa kusuka kubalobi abahlukene abacishe babe ngu-1,400.

USystemd urekhode inani elirekhodiwe lokwenza ngonyaka odlule, Pero kuze kube manje, kunzima ukukucabanga lokho leli rekhodi lingahle liphulwe ngo-2019.

Lo nyaka, sekuvele kukhona ama-2 commits. Ngonyaka odlule, izibalo zikhombise abangu-145 6,245, ngenkathi ngo-2016 nango-2017 uhlelo selufinyelele ngaphansi kokuzibophezela okungaphezu kwezinkulungwane ezine.

ULennart Poettering uhlala enikela kakhulu ngokuhlelwa okungaphezulu kokungu-32% wemisebenzi kuze kube manje kulo nyaka.

Ngemuva kwakhe singathola ukuthi abanye ababhali abalandela uLennart Poettering kulo nyaka nguYu Watanabe, uZbigniew Jędrzejewski-Szmek, uFrantisek Sumsal, uSusant Sahani no-Evgeny Vereshchagin. Cishe abantu abayi-142 banikele esihlahleni somthombo weSystemd selokhu kuqale unyaka.

I-Systemd ayisathandwa ngabaningi

Yize namuhla ukusatshalaliswa okuningi kwe-GNU / Linux kuthola isistimu, lokhu kugxekwe kakhulu (futhi akuyona eyabanye) ngamanye amalungu omphakathi ovulekile, lokho bakholelwa ukuthi iphrojekthi iphikisana nefilosofi ye-Unix nokuthi onjiniyela bayo banokuziphatha okuphikisana ne-Unix, ngoba i-systemd ayihambisani nazo zonke izinhlelo ezingezona ze-Linux.

Kungakho Kubalulekile ukukhumbula ukuthi i-systemd yayikumvelaphi yokuqhekeka komphakathi we-Debian ngenkathi ithatha isinqumo sokuyamukela. njengohlelo lokuqalisa oluzenzakalelayo, ngaphandle kwezinsongo ezivela kwabanye abakhokhi bentela.

Ngayiphi ngaphambi kwezenzo ezinjalo ngakho-ke bashiye iphrojekthi kaDebian benza imfoloko ebizwa ngeDevuan (iDebian engasebenzisi i-systemd).

Kahle Inhloso eyinhloko yephrojekthi ukuhlinzeka ngokuhlukile kweDebian ngaphandle kobunzima nokuncika kohlelo, uhlelo lwe-init nomphathi wesevisi owakhiwa iRed Hat futhi kamuva wamukelwa amanye ama-distros amaningi.

Futhi yilokho ekuqaleni konyaka sikubikile lokho okunye ukusatshalaliswa okukhulu kweLinux kwakusengozini kwezinye izimbungulu ezihleliwe.

i-systemd
I-athikili ehlobene:
Kutholwe ukuba sengozini okusha ku-Systemd

Phakathi kwengxenye yamaphutha ayekhona, omunye wabo wayesenkonzweni 'yejenali', eqoqa futhi igcine idatha ye-log. Bangasizakala ukuthola amalungelo empande kumshini oqondisiwe noma ukuveza imininingwane.

Amanye ala maphutha atholwe ngabaphenyi benkampani yonogada iQualys, amaphutha kwakuyizingcuphe ezimbili zenkohlakalo yenkumbulo (ukuchichima kwesitaki okugcwele - i-CVE-2018-16864 nokwabiwa kwememori okungenamkhawulo - i-CVE-2018-16865) nokukodwa okuvumela ukuvuza kolwazi (kufundwe ngaphandle kwemingcele, i-CVE- 2018-16866).

Abaphenyi bakha ukuxhaphaza kwe-CVE-2018-16865 ne-CVE-2018-16866 enikezela ngegobolondo lempande lendawo kumishini ye-x86 ne-x64.

Ukuxhaphaza igijime ngokushesha endaweni yesikhulumi se-x86 futhi ifinyelele umgomo wayo ngemizuzu eyishumi. Ku-x64, ukuxhaphaza kuthathe imizuzu engama-70.

I-Qualys imemezele ukuthi ihlela ukukhipha ikhodi yokuxhaphaza i-PoC ukufakazela ubukhona bamaphutha futhi ichaze ngokuningiliziwe ukuthi ikwazi kanjani ukusebenzisa la maphutha. Abaphenyi baphinde basungula ubufakazi bomqondo we-CVE-2018-16864 okuvumela ukuthi ulawule i-eip, ifulegi lokufundisa le-i386.

Ukuba sengozini kokuchichima kwe-buffer (CVE-2018-16864) kwethulwe ngo-Ephreli 2013 (systemd v203) futhi yaxhashazwa ngoFebhuwari 2016 (systemd v230).

Mayelana nobungozi bokwabiwa kwememori okungenamkhawulo (i-CVE-2018-16865), yethulwa ngoDisemba 2011 (systemd v38) futhi yenziwa yaxhashazwa ngo-Ephreli 2013 (systemd v201), ngenkathi ubungozi bokuvuza kwenkumbulo (CVE-2018-16866) kwethulwa ku- UJuni 2015 (systemd v221) futhi walungiswa ngokungaqondile ngo-Agasti 2018.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   luix kusho
    kwenza iminyaka 5

    i-systemd iyamunca !!!!!!!!!!!!!!!

    Phendula ku-luix
  2.   I-01101001b kusho
    kwenza iminyaka 5

    - Sawubona lapho? Amarekhodi Omhlaba eGuinness? Lapha nginenye! I-malware yemigqa yekhodi eyizigidi eziyi-1.2!
    - Siyabonga ngokushaya ucingo! Kepha irekhodi lamanje elinezigidi ezingama-50 liphethwe okweshumi ngabakwaMSWi ...
    - Ungabe usasho lutho.

    Phendula ku-01101001b