Cisco Security Researchers Cov ntaub ntawv tsis muaj zog (CVE-2019-5021) in Alpine faib rau Docker thawv cais qhov system. Lub ntsiab lus ntawm qhov teeb meem uas tau txheeb xyuas yog tias lub neej ntawd lo lus zais rau tus neeg siv hauv paus tau teeb tsa rau tus password khoob yam tsis thaiv kev nkag mus ncaj qha li hauv paus. Cia peb nco ntsoov tias Alpine yog siv los tsim cov duab raug cai los ntawm Docker qhov project (yav dhau los ua haujlwm tau tsim los ntawm Ubuntu, tab sis tom qab ntawd muaj ntawm Alpine).
Qhov teeb meem tau tshwm sim txij li Alpine Docker 3.3 tsim thiab tau tshwm sim los ntawm kev hloov pauv hloov ntxiv hauv 2015 (ua ntej version 3.3, /etc/shadow siv kab "root:!::0::::", thiab tom qab ntawd deprecation ntawm chij "-d" kab "hauv paus:::0:::::") tau ntxiv. Qhov teeb meem tau pib txheeb xyuas thiab thaum lub Kaum Ib Hlis 2015, tab sis lub Kaum Ob Hlis los ntawm kev yuam kev dua nyob rau hauv cov ntaub ntawv tsim ntawm cov ceg sim, thiab tom qab ntawd raug xa mus rau cov khoom ruaj khov.
Cov ntaub ntawv tsis muaj zog hais tias qhov teeb meem kuj tshwm sim hauv ceg tshiab ntawm Alpine Docker 3.9. Alpine developers nyob rau lub Peb Hlis thaj thiab qhov tsis zoo pib nrog tsim 3.9.2, 3.8.4, 3.7.3 thiab 3.6.5, tab sis tseem nyob hauv cov ceg qub 3.4.x thiab 3.5.x, uas twb tau txiav lawm. Tsis tas li ntawd, cov neeg tsim khoom thov tias qhov kev tawm tsam vector yog qhov txwv tsis pub dhau thiab xav kom tus neeg tawm tsam muaj kev nkag mus rau tib qhov chaw.
Tau qhov twg los: opennet.ru