Qhov tsis zoo (CVE-2021-3997) tau raug txheeb xyuas nyob rau hauv qhov systemd-tmpfiles qhov hluav taws xob uas tso cai rau qhov rov tshwm sim tsis tau. Qhov teeb meem tuaj yeem siv los ua qhov tsis lees paub ntawm kev pabcuam thaum lub sijhawm khau raj los ntawm kev tsim ntau tus subdirectories hauv /tmp directory. Txoj kev kho tam sim no muaj nyob rau hauv daim ntawv thaj. Pob ntawv hloov tshiab los kho qhov teeb meem muaj nyob rau hauv Ubuntu thiab SUSE, tab sis tseem tsis tau muaj nyob rau hauv Debian, RHEL thiab Fedora (kev kho yog nyob rau hauv kev sim).
Thaum tsim phav phav subdirectories, ua qhov "systemd-tmpfiles --remove" kev ua haujlwm poob vim yog pawg qaug zog. Feem ntau, cov khoom siv hluav taws xob systemd-tmpfiles ua haujlwm ntawm kev tshem tawm thiab tsim cov npe hauv ib qho hu ("systemd-tmpfiles -create -remove -boot -exclude-prefix=/dev"), nrog rau kev tshem tawm ua ntej thiab tom qab ntawd tsim, i.e. Kev ua tsis tiav ntawm theem kev tshem tawm yuav ua rau cov ntaub ntawv tseem ceeb tau teev tseg hauv /usr/lib/tmpfiles.d/*.conf tsis raug tsim.
Qhov xwm txheej txaus ntshai tshaj tawm tsam ntawm Ubuntu 21.04 kuj tau hais: txij li kev sib tsoo ntawm systemd-tmpfiles tsis tsim cov ntaub ntawv /run/lock/subsys, thiab /run/lock directory sau tau los ntawm txhua tus neeg siv, tus neeg tawm tsam tuaj yeem tsim / khiav / xauv / directory subsys nyob rau hauv nws tus lej cim thiab, los ntawm kev tsim cov cim kev sib txuas nrog cov ntaub ntawv xauv los ntawm cov txheej txheem, teeb tsa cov ntaub ntawv kaw lus.
Tsis tas li ntawd, peb tuaj yeem nco ntsoov cov ntawv tshaj tawm tshiab ntawm Flatpak, Samba, FreeRDP, Clamav thiab Node.js cov haujlwm, uas qhov kev pheej hmoo raug kho:
- Hauv kev kho cov khoom siv rau kev tsim cov pob Flatpak tus kheej 1.10.6 thiab 1.12.3, ob qhov tsis zoo tau raug kho: Thawj qhov tsis zoo (CVE-2021-43860) tso cai, thaum rub tawm ib pob los ntawm qhov chaw khaws cia tsis ntseeg, dhau los. manipulation ntawm metadata, mus nkaum cov zaub ntawm tej yam advanced permissions thaum lub installation txheej txheem. Qhov thib ob qhov tsis zoo (tsis muaj CVE) tso cai rau cov lus txib "flatpak-builder - daim iav-screenshots-url" los tsim cov npe hauv cov ntaub ntawv hauv cheeb tsam sab nraum cov ntaub ntawv tsim thaum lub sij hawm sib dhos pob.
- Samba 4.13.16 hloov tshiab tshem tawm qhov tsis zoo (CVE-2021-43566) uas tso cai rau tus neeg siv los tsim cov npe ntawm tus neeg rau zaub mov sab nraud FS cheeb tsam uas tau xa tawm los ntawm kev siv cov cim txuas ntawm SMB1 lossis NFS partitions (qhov teeb meem yog tshwm sim los ntawm kev sib tw. thiab nyuaj rau kev siv hauv kev xyaum, tab sis theoretical ua tau). Versions ua ntej 4.13.16 cuam tshuam los ntawm qhov teeb meem.
Ib daim ntawv tshaj tawm kuj tau tshaj tawm txog lwm qhov tsis zoo sib xws (CVE-2021-20316), uas tso cai rau tus neeg siv khoom lees paub los nyeem lossis hloov cov ntsiab lus ntawm cov ntaub ntawv lossis cov npe metadata hauv thaj chaw FS server sab nraum seem xa tawm los ntawm kev siv cov cim txuas. Qhov teeb meem tau kho hauv kev tso tawm 4.15.0, tab sis kuj cuam tshuam rau cov ceg ntoo dhau los. Txawm li cas los xij, kev kho rau cov ceg qub yuav tsis raug luam tawm, txij li Samba VFS architecture qub tsis tso cai kho qhov teeb meem vim yog kev khi ntawm cov ntaub ntawv metadata rau cov ntaub ntawv taug kev (hauv Samba 4.15 txheej VFS tau raug kho dua tshiab). Dab tsi ua rau qhov teeb meem tsis txaus ntshai yog tias nws yog qhov nyuaj heev rau kev khiav lag luam thiab tus neeg siv txoj cai nkag yuav tsum tso cai nyeem ntawv lossis sau ntawv rau lub hom phiaj cov ntaub ntawv lossis cov npe.
- Qhov kev tso tawm ntawm FreeRDP 2.5 qhov project, uas muaj kev siv dawb ntawm Chaw Taws Teeb Desktop Protocol (RDP), kho peb qhov teeb meem kev nyab xeeb (CVE tus cim tsis raug muab) uas tuaj yeem ua rau muaj qhov tsis txaus thaum siv qhov chaw tsis raug, ua haujlwm tshwj xeeb tsim npe. teeb tsa thiab qhia lub npe tsis raug formatted add-on. Cov kev hloov pauv hauv cov ntawv tshiab suav nrog kev txhawb nqa rau OpenSSL 3.0 lub tsev qiv ntawv, kev siv TcpConnectTimeout teeb tsa, txhim kho kev sib raug zoo nrog LibreSSL thiab kev daws teeb meem nrog cov ntawv teev cia hauv Wayland-raws li ib puag ncig.
- Cov kev tshaj tawm tshiab ntawm pob dawb antivirus ClamAV 0.103.5 thiab 0.104.2 tshem tawm qhov tsis muaj zog CVE-2022-20698, uas cuam tshuam nrog kev nyeem ntawv tsis raug thiab tso cai rau koj mus deb ua rau kev sib tsoo yog tias lub pob raug suav nrog libjson- c tsev qiv ntawv thiab CL_SCAN_GENERAL_COLLECT_METADATA kev xaiv tau qhib rau hauv cov chaw (clamscan --gen-json).
- Lub Node.js platform hloov kho 16.13.2, 14.18.3, 17.3.1 thiab 12.22.9 kho plaub qhov tsis zoo: hla daim ntawv pov thawj pov thawj thaum txheeb xyuas qhov kev sib txuas hauv network vim tsis raug hloov pauv ntawm SAN (Subject Alternative Names) rau txoj hlua hom (CVE- 2021 -44532); Kev tuav pov hwm tsis raug ntawm ntau qhov tseem ceeb hauv cov ncauj lus thiab cov ntawv tshaj tawm, uas tuaj yeem siv los hla kev txheeb xyuas cov lus hais hauv daim ntawv pov thawj (CVE-2021-44533); bypass kev txwv ntsig txog SAN URI hom ntawv pov thawj (CVE-2021-44531); Input validation tsis txaus nyob rau hauv lub console.table() muaj nuj nqi, uas yuav siv tau los muab cov hlua khoob rau cov yuam sij digital (CVE-2022-21824).
Tau qhov twg los: opennet.ru