An gano wani rauni (CVE-2021-3997) a cikin tsarin tsarind-tmpfiles mai amfani wanda ke ba da damar sake dawowa mara sarrafawa. Ana iya amfani da matsalar don haifar da ƙin sabis yayin boot ɗin tsarin ta hanyar ƙirƙirar ɗimbin kundin adireshi a cikin /tmp directory. Gyaran yana samuwa a halin yanzu a cikin sigar faci. Ana ba da sabuntawar fakitin don gyara matsalar a cikin Ubuntu da SUSE, amma har yanzu ba a samuwa a Debian, RHEL da Fedora (gyaran suna cikin gwaji).
Lokacin ƙirƙirar dubban kundin adireshi, yin "systemd-tmpfiles --remove" aiki ya ruguje saboda gajiyar tari. Yawanci, tsarin amfani da systemd-tmpfiles yana aiwatar da ayyukan sharewa da ƙirƙirar kundayen adireshi a cikin kira ɗaya (“systemd-tmpfiles —create —remove —boot — ban da prefix =/ dev”), tare da gogewa da farko sannan kuma ƙirƙirar, watau. Rashin gazawa a matakin sharewa zai haifar da mahimman fayilolin da aka ƙayyade a /usr/lib/tmpfiles.d/*.conf ba a ƙirƙira su ba.
Hakanan an ambaci yanayin harin da ya fi haɗari akan Ubuntu 21.04: tunda faɗuwar systemd-tmpfiles baya ƙirƙirar fayil ɗin / gudu / kulle / subsys, kuma duk masu amfani da / run / kulle directory ne, mai hari zai iya ƙirƙirar / gudu/kulle/ tallafin kundin adireshi a ƙarƙashin mai gano shi kuma, ta hanyar ƙirƙirar hanyoyin haɗin kai na alama da ke haɗuwa da fayilolin kulle daga tsarin tsarin, tsara rubutun fayilolin tsarin.
Bugu da ƙari, za mu iya lura da buga sabbin abubuwan da aka saki na ayyukan Flatpak, Samba, FreeRDP, Clamav da Node.js, waɗanda aka gyara masu lahani:
- A cikin gyaran gyaran kayan aikin don gina fakitin Flatpak 1.10.6 da 1.12.3, an gyara lahani biyu: Rashin lahani na farko (CVE-2021-43860) yana ba da izini, lokacin zazzage fakiti daga wurin ajiyar da ba a amince da shi ba, ta hanyar sarrafa metadata, don ɓoye nunin wasu manyan izini yayin aikin shigarwa. Rashin lahani na biyu (ba tare da CVE ba) yana ba da izinin umarnin "flatpak-builder-mirror-screenshots-url" don ƙirƙirar kundayen adireshi a cikin yankin tsarin fayil a wajen ginin ginin yayin taron kunshin.
- Sabuntawar Samba 4.13.16 yana kawar da rashin lahani (CVE-2021-43566) wanda ke bawa abokin ciniki damar ƙirƙirar shugabanci a kan uwar garke a waje da yankin FS da aka fitar ta hanyar yin amfani da alaƙa na alama akan sassan SMB1 ko NFS (matsalar tana haifar da yanayin tsere. kuma yana da wahala a yi amfani da shi a aikace, amma a ka'idar zai yiwu). Siffofin kafin 4.13.16 matsalar ta shafa.
An kuma buga rahoto game da wani irin raunin da ya faru (CVE-2021-20316), wanda ke ba da ingantaccen abokin ciniki damar karanta ko canza abubuwan da ke cikin fayil ko metadata na adireshi a cikin yankin uwar garken FS a waje da sashin da aka fitar ta hanyar yin amfani da hanyoyin haɗin yanar gizo. An gyara matsalar a cikin sakin 4.15.0, amma kuma yana shafar rassan da suka gabata. Duk da haka, ba za a buga gyare-gyare na tsofaffin rassan ba, tun da tsohon tsarin gine-gine na Samba VFS bai ba da damar gyara matsalar ba saboda daurin ayyukan metadata zuwa hanyar fayil (a cikin Samba 4.15 an sake fasalin Layer na VFS gaba daya). Abin da ke sa matsalar ba ta da haɗari shi ne cewa tana da wahala sosai don aiki kuma dole ne haƙƙin samun damar mai amfani ya ba da damar karantawa ko rubutawa zuwa fayil ɗin da aka yi niyya ko kundin adireshi.
- Sakin aikin FreeRDP 2.5, wanda ke ba da aiwatarwa kyauta na Yarjejeniyar Desktop Protocol (RDP), yana gyara batutuwan tsaro guda uku (ba a sanya masu gano CVE ba) waɗanda zasu iya haifar da cikar buffer lokacin amfani da wurin da ba daidai ba, sarrafa na'urar yin rajista na musamman. saituna da nuna sunan ƙarawa da ba daidai ba. Canje-canje a cikin sabon sigar sun haɗa da goyan baya ga ɗakin karatu na OpenSSL 3.0, aiwatar da saitin TcpConnectTimeout, ingantacciyar dacewa tare da LibreSSL da mafita ga matsaloli tare da allo a cikin mahallin tushen Wayland.
- Sabbin fitowar fakitin riga-kafi na kyauta ClamAV 0.103.5 da 0.104.2 suna kawar da raunin CVE-2022-20698, wanda ke da alaƙa da karanta madaidaicin kuskure kuma yana ba ku damar haifar da ɓarna daga nesa idan an haɗa kunshin tare da libjson- c ɗakin karatu da zaɓin CL_SCAN_GENERAL_COLLECT_METADATA an kunna a cikin saitunan (clamscan --gen-json).
- Dandali na Node.js yana sabunta 16.13.2, 14.18.3, 17.3.1 da 12.22.9 yana gyara lahani huɗu: ƙetare tabbacin takaddun shaida lokacin tabbatar da haɗin yanar gizo saboda kuskuren juyawa na SAN (Subject Madadin Suna) zuwa tsarin kirtani (CVE- 2021 -44532); ba daidai ba na ƙididdigar ƙididdiga na ƙididdiga masu yawa a cikin batun da filayen masu bayarwa, waɗanda za a iya amfani da su don ƙetare tabbatar da filayen da aka ambata a cikin takaddun shaida (CVE-2021-44533); ƙuntatawa na ketare masu alaƙa da nau'in SAN URI a cikin takaddun shaida (CVE-2021-44531); Rashin isassun ingantattun shigar da bayanai a cikin aikin console.table(), wanda za'a iya amfani dashi don sanya igiyoyi marasa amfani zuwa maɓallan dijital (CVE-2022-21824).
source: budenet.ru