Ua ʻike ʻia ʻelua mau mea nāwaliwali i loko o ka ʻōnaehana hale paʻahao o nā wahi kaʻawale i hoʻomohala ʻia e ka papahana FreeBSD:
- ʻO CVE-2020-25582 kahi mea nāwaliwali i ka hoʻokō ʻana i ka jail_attach system call, i hoʻolālā ʻia e hoʻopili i nā kaʻina hana waho i nā kaiapuni hale paʻahao. Loaʻa ka pilikia i ke kāhea ʻana iā jail_attach me ka hoʻohana ʻana i nā kauoha jexec a i ʻole killall, a ʻae i kahi kaʻina hana i hoʻokaʻawale ʻia i loko o ka hale paʻahao e hoʻololi i kāna papa kuhikuhi kumu a loaʻa ke komo piha i nā faila a me nā papa kuhikuhi ma ka ʻōnaehana.
- CVE-2020-25581 - he kūlana heihei i ka wā e wehe ai i nā kaʻina hana me ka jail_remove system call e hiki ai i kahi kaʻina hana pono e holo ana i loko o ka hale paʻahao e pale aku i ka wehe ʻana i ka wā e pani ʻia ai ka hale paʻahao a loaʻa ke komo piha i ka ʻōnaehana ma o devfs ke hoʻomaka ʻia ka hale paʻahao ma hope. ka papa kuhikuhi kumu like, me ka hoʻohana ʻana i ka manawa, i ka wā i kau ʻia ai nā devfs no ka hale paʻahao, akā ʻaʻole i hoʻohana ʻia nā lula kaʻawale.
Eia hou, hiki iā ʻoe ke hoʻomaopopo i kahi nāwaliwali (CVE-2020-25580) i ka module PAM pam_login_access, nona ke kuleana no ka hoʻoponopono ʻana i ka faila login_access, e wehewehe ana i nā lula komo no nā mea hoʻohana a me nā hui i hoʻopili ʻia i ka wā e komo ai i ka ʻōnaehana (ma ka maʻamau, komo ma o ʻae ʻia ka console, sshd a me telnetd). Hāʻawi ka haʻahaʻa iā ʻoe e kāpae i nā palena login_access a komo i loko ʻoiai ke kū nei nā kānāwai pāpā.
Ua hoʻopaʻa ʻia nā mea palupalu i nā lālā 13.0-STABLE, 12.2-STABLE a me 11.4-STABLE, a me ka FreeBSD 12.2-RELEASE-p4 a me 11.4-RELEASE-p8 hoʻoponopono hou.
Source: opennet.ru