Qhov teeb meem tseem ceeb (CVE-2022-0811) tau raug txheeb xyuas hauv CRI-O, lub sijhawm ua haujlwm rau kev tswj cov thawv cais, uas tso cai rau koj hla kev sib cais thiab ua tiav koj cov cai ntawm tus tswv tsev sab. Yog tias CRI-O tau siv los hloov cov thawv ntim khoom thiab Docker los khiav cov thawv khiav hauv qab Kubernetes platform, tus neeg tawm tsam tuaj yeem tau txais kev tswj hwm ntawm txhua qhov ntawm Kubernetes pawg. Txhawm rau ua qhov kev tawm tsam, koj tsuas muaj cai txaus los khiav koj lub thawv hauv Kubernetes pawg.
Qhov tsis zoo yog tshwm sim los ntawm qhov muaj peev xwm hloov pauv kernel sysctl parameter "kernel.core_pattern" ("/proc/sys/kernel/core_pattern"), nkag mus rau uas tsis tau thaiv, txawm tias qhov tseeb tias nws tsis yog ntawm qhov tsis muaj kev nyab xeeb. hloov, siv tau tsuas yog nyob rau hauv namespace ntawm lub thawv tam sim no. Siv qhov ntsuas no, tus neeg siv los ntawm lub thawv tuaj yeem hloov pauv tus cwj pwm ntawm Linux ntsiav hais txog kev ua cov ntaub ntawv tseem ceeb nyob rau sab ntawm tus tswv tsev ib puag ncig thiab teeb tsa kev tshaj tawm ntawm qhov kev txiav txim siab tsis ncaj ncees nrog cov cai hauv paus ntawm tus tswv tsev los ntawm kev qhia tus neeg tuav haujlwm zoo li "|/bin/sh -c 'commands'".
Qhov teeb meem tau tshwm sim txij li thaum tso tawm ntawm CRI-O 1.19.0 thiab tau kho tshiab 1.19.6, 1.20.7, 1.21.6, 1.22.3, 1.23.2 thiab 1.24.0. Ntawm cov kev faib tawm, qhov teeb meem tshwm sim hauv Red Hat OpenShift Container Platform thiab openSUSE / SUSE cov khoom, uas muaj cov pob cri-o hauv lawv cov chaw cia khoom.
Tau qhov twg los: opennet.ru