Log4j 2.16 mai rauni ga hare-haren DoS, an ba da shawarar facin gaggawa 2.17

Tasirin mummunan rauni a cikin ɗakin karatu na Java Log4j yana ja. Kodayake an magance babbar matsalar tare da faci na gaggawa 2.16, wannan sigar kuma da alama tana da saurin cutarwa. Masu bincike na tsaro sun gano hanyar shiga Deal of Service (DoS) harin. Log4j 2.17 an buga shi don rufe shigarwar.

Apache, mai haɓaka ɗakin karatu na Java, yana ba ƙungiyoyi shawara su yi amfani da facin gaggawa. Wannan shawarar ta shafi karo na uku tun lokacin da aka gano ɗakin karatu yana da rauni.

Mako daya da rabi da suka wuce, masu binciken tsaro daga Alibaba's cloud Ƙungiyar tsaro ta bayyana wata hanya don cin zarafin aikace-aikace tare da Log4j. Ana amfani da Log4j a aikace-aikace don shiga abubuwan da suka faru. Ya zama mai yiwuwa don samun damar aikace-aikace tare da ɗakin karatu daga waje tare da umarnin aiwatar da malware. Cin zarafi yana ɗaukar kaɗan fiye da ɗauka. Ƙara zuwa wancan kiyasin abin da ya faru na ɗakin karatu a yawancin wuraren haɗin gwiwar kuma kun fahimci girman bala'in da ke fuskantar yanayin IT na duniya.

Masu haɓaka software kamar Fortinet, Cisco, IBM da wasu da dama na amfani da ɗakin karatu a cikin software. Masu haɓaka su sun yi aiki akan kari a ƙarshen mako na Disamba 11 don aiwatar da facin gaggawa na farko don raunin da kuma isar da shi ga ƙungiyoyin masu amfani. Haƙiƙa ana tsammanin zaɓe iri ɗaya daga ƙungiyoyin IT a cikin waɗannan ƙungiyoyin. Dubban daruruwan yunkurin kai hari ne aka yi a duniya. Dole ne kowa ya canza zuwa 2.15 da wuri-wuri - har sai 2.15 kuma an gano yana da rauni.

Wasu saitunan ɗakin karatu sun kasance mai yiwuwa a sigar 2.15. Yin amfani da waɗannan saitunan ya ci gaba da rashin lafiyar. Shafin 2.16 ya sanya saitunan ba zai yiwu ba, yana ba da garantin sabon facin. Sau da yawa ga baƙin ciki na ƙungiyoyin IT da tuni sun yi yawa fiye da kima. Koyaya, koyaushe yana iya zama mafi muni, saboda 2.16 shima yana da rashin lafiya.

Komawa farawa

Babban hankalin duniya game da matsalar ya haifar da babban bincike a duniya. Apache, mai haɓaka ɗakin karatu, ba zai iya kama numfashinsa na kwanaki biyu ba tare da wani kamfanin tsaro ya nuna wata sabuwar matsala ba.

A takaice, ya bayyana cewa yana yiwuwa a gudanar da nau'ikan log4j - gami da 2.16 - tare da layi ɗaya (kirtani) don fara madawwamin madauki wanda ya rushe aikace-aikacen. Sharuɗɗan da dole ne muhalli ya cika domin a cutar da su suna da yawa. Yawaita har ta kai ga ana jayayya akan muhimmancin matsalar. An ba da shawarar facin bisa hukuma, amma ba kowa ya gamsu ba.

Hakanan, ba kowane misali na Log4j ke da rauni ba, amma kawai lokuta inda ɗakin karatu ke gudana akan saitunan al'ada. Mai yuwuwar maharin kuma yana buƙatar cikakken haske kan yadda Log4j ke aiki. Bambanci da na farko, rashin lahani mai sauƙi.