Omnye ubuthathaka obutsha bubeka i-7-Zip kwindawo ebonakalayo, enye yezona nkqubo zisetyenziswayo zokucinezela iifayile kwihlabathi jikelele. Le software, kunye nembali ende yokuthembela kwiinkqubo ezininzi zokusebenza, ichongiwe njengento esengozini yokuhlaselwa okunokuthi kuphazamise zombini izixhobo zomntu kunye neenethiwekhi zenkampani.
Oku buthathaka, ibhalisiwe njengaye I-CVE-2024-11477, ichaphazela zonke iinguqulelo ezingaphambi kwe-7-Zip 24.07 kwaye ivumela abahlaseli ukuba benze ikhowudi engalunganga. Ingxaki ilele kwimodyuli ye-Zstandard decompression, apho ukuqinisekiswa kwedatha engafanelekanga kunokubangela ukuphuphuma kwenani elipheleleyo, ukudala ukuphulwa okuququzelela ukufikelela okungagunyaziswanga kwinkqubo.
Izizathu zobuchwephesha emva kokuba sesichengeni
I-bug ikwithala leencwadi le-Zstandard decompression, icandelo eliphambili elidumileyo ngakumbi kwiinkqubo zeLinux njengoko lihambelana neeBtrfs, SquashFS kunye ne-OpenZFS. Uxhatshazo lwenzeka xa iifayile ezilungiselelwe ngokukodwa ukuthabatha olu buthathaka zitshintshwa. Ngokunxibelelana nezi fayile, umhlaseli unokusebenzisa ikhowudi kumxholo womsebenzisi wangoku, ezinokuthi zibeke esichengeni iinkqubo ziphela.
Ngokweengxelo ezivela kwi-Trend Micro Security kunye neZero Day Initiative (ZDI), obu buthathaka bufunyenwe ngoJuni 2024 kwaye bafumana amanqaku e-CVSS ye-7.8, beyichaza njengengozi enkulu. Nangona idinga ukusebenzisana komsebenzisi, njengokuvula ifayile, umngcipheko ophakamileyo uvela ekufikeleleni lula kwezi fayile ngee-imeyile okanye ukwabelana ngefayile.
Impembelelo kubasebenzisi kunye namanyathelo okunciphisa
Ubunzima boku kusilela bukwisiseko esikhulu somsebenzisi we-7-Zip, equka abantu kunye neenkampani ezixhomekeke kwesi sixhobo ukulawula umthamo omkhulu wedatha. Ngaphandle kokukhululwa kwe-patch kwi-version 24.07 kunye nokuphuculwa okulandelayo kwi-24.08, abasebenzisi abaninzi abawazi umcimbi ngenxa yokungabikho kwenkqubo yokuhlaziya ngokuzenzekelayo kwi-7-Zip.
Iingcali zokhuseleko zicebisa Hlaziya isoftware kuguqulelo olukhoyo lwamva nje ukuvala obu buthathaka. Ukongeza, abaphuhlisi abanoxanduva lweemveliso ezidibanisa i-7-Zip kwiinkqubo zabo kufuneka baqhubeke kwangoko nokuphunyezwa okuhlaziyiweyo.
Iingcebiso zokukhusela
Imeko yangoku igxininisa ukubaluleka kokuthatha amanyathelo okuthintela. Nanga amanye amanyathelo asebenzayo:
- Hlaziya kwinguqulo 24.08 ye-7-Zip ngokusebenzisa iwebhusayithi yayo esemthethweni.
- Kuphephe ukuvula iifayile ezicinezelweyo ukusuka imithombo engathembekanga.
- Khipha iinguqulelo ezindala ukuba akukho mfuneko ngokupheleleyo ku funeka ukusetyenziswa kwayo.
- Gcwalisa ukhuseleko lwakho ngokulungileyo isoftware ye-antivirus ukufumana izoyikiso ezongezelelweyo ezinokwenzeka, nangona le ngongoma inokuthi ingabikho kuyimfuneko kakhulu KwiLinux.
Ukongezelela, imibutho iyacetyiswa ukuba ihlolisise iinkqubo zabo zokulawula iifayile kunye yenza amaphulo okwazisa malunga nemingcipheko ehambelana nokuphatha iifayile ezicinezelweyo.
Ukuba sesichengeni kwe-7-Zip isebenza njengesikhumbuzo ngokubaluleka kokwamkela iindlela ezilungileyo zokhuseleko lwe-intanethi. Ukusuka ekuhlaziyweni rhoqo usetyenziso ukuya ekulumkeni kwiifayile ezingaziwayo, amanyathelo amancinci anokwenza umahluko ekugcineni idatha yakho kunye nezixhobo zikhuselekile kuhlaselo lwe-cyber.