ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Nginx 1.22.1 thiab 1.23.2 hloov tshiab nrog qhov tsis zoo tau kho

Nginx 1.22.1 thiab 1.23.2 hloov tshiab nrog qhov tsis zoo tau kho

Cov ceg tseem ceeb ntawm nginx 1.23.2 tau raug tso tawm, nyob rau hauv uas txoj kev loj hlob ntawm cov yam ntxwv tshiab txuas ntxiv, nrog rau kev tso tawm ntawm qhov sib npaug txhawb nqa ruaj khov ceg ntawm nginx 1.22.1, uas tsuas yog suav nrog cov kev hloov pauv cuam tshuam txog kev tshem tawm qhov yuam kev loj thiab yooj yim.

Cov qauv tshiab tshem tawm ob qhov tsis zoo (CVE-2022-41741, CVE-2022-41742) hauv ngx_http_mp4_module module, siv los npaj streaming los ntawm cov ntaub ntawv hauv H.264 / AAC hom. Qhov tsis zoo tuaj yeem ua rau lub cim xeeb kev noj nyiaj txiag lossis lub cim xeeb xau thaum ua cov ntaub ntawv tshwj xeeb mp4. Kev txiav tawm thaum muaj xwm txheej ceev ntawm cov txheej txheem ua haujlwm tau hais tias yog qhov tshwm sim, tab sis lwm yam kev tshwm sim tsis raug cais tawm, xws li lub koom haum ntawm kev ua txhaum cai ntawm lub server.

Nws yog ib qho tseem ceeb uas qhov tsis zoo sib xws twb tau kho nyob rau hauv ngx_http_mp4_module module hauv 2012. Tsis tas li ntawd, F5 tau tshaj tawm qhov tsis zoo sib xws (CVE-2022-41743) hauv NGINX Plus cov khoom, cuam tshuam rau ngx_http_hls_module module, uas muab kev txhawb nqa rau HLS (Apple HTTP Live Streaming) raws tu qauv.

Ntxiv rau kev tshem tawm qhov tsis zoo, cov kev hloov pauv hauv qab no tau thov hauv nginx 1.23.2:

  • Ntxiv kev txhawb nqa rau "$proxy_protocol_tlv_*" qhov sib txawv, uas muaj cov txiaj ntsig ntawm TLV (Type-Length-Value) teb uas tshwm sim hauv Hom-Length-Value PROXY v2 raws tu qauv.
  • Muab kev hloov pauv tsis siv neeg ntawm cov yuam sij encryption rau TLS daim pib sib tham, siv thaum siv kev sib koom ua ke hauv ssl_session_cache cov lus qhia.
  • Qib kev txiav txim siab rau qhov tsis raug cuam tshuam nrog cov ntaub ntawv tsis raug SSL tau raug txo qis los ntawm qhov tseem ceeb rau cov ntaub ntawv qib siab.
  • Qib nkag rau cov lus hais txog qhov tsis muaj peev xwm faib cov cim xeeb rau qhov kev sib tham tshiab tau hloov pauv los ntawm kev ceeb toom rau ceeb toom thiab txwv tsis pub tso tawm ib qho nkag rau ib ob.
  • Ntawm lub Windows platform, sib dhos nrog OpenSSL 3.0 tau tsim.
  • Txhim kho qhov kev xav ntawm PROXY raws tu qauv yuam kev hauv lub cav.
  • Kho qhov teeb meem uas lub sijhawm teev tseg hauv "ssl_session_timeout" cov lus qhia tsis ua haujlwm thaum siv TLSv1.3 raws li OpenSSL lossis BoringSSL.

Tau qhov twg los: opennet.ru

Ntxiv ib saib