Vulnerabilities tau raug txheeb xyuas nyob rau hauv Linux ntsiav subsystems Netfilter thiab io_uring uas tso cai rau tus neeg siv hauv zos nce lawv cov cai hauv lub cev:
- Qhov tsis zoo (CVE-2023-32233) hauv Netfilter subsystem tshwm sim los ntawm kev siv-tom qab-dawb nco nkag rau hauv nf_tables module, uas muab cov nftables pob ntawv lim. Qhov tsis zoo tuaj yeem raug siv los ntawm kev xa cov ntawv thov tshwj xeeb los hloov kho nftables teeb tsa. Txhawm rau ua qhov kev tawm tsam, kev nkag mus rau nftables yog qhov yuav tsum tau, uas tuaj yeem tau txais nyob rau hauv ib qho chaw sib cais network yog tias koj muaj CLONE_NEWUSER, CLONE_NEWNS lossis CLONE_NEWNET txoj cai (piv txwv li, yog tias koj tuaj yeem khiav ib lub thawv cais).
Txhawm rau muab sijhawm rau cov neeg siv los txhim kho cov kev hloov tshiab, tus kws tshawb nrhiav uas tau txheeb xyuas qhov teeb meem tau cog lus tias yuav ncua ib lub lim tiam (txog lub Tsib Hlis 15) tshaj tawm cov ncauj lus kom ntxaws thiab piv txwv ntawm kev siv ua haujlwm uas muab lub plhaub hauv paus. Qhov tsis zoo tau raug kho hauv kev hloov tshiab 6.4-rc1. Koj tuaj yeem taug qab kev kho qhov tsis zoo hauv kev faib tawm ntawm nplooj ntawv: Debian, Ubuntu, Gentoo, RHEL, Fedora, SUSE/openSUSE, Arch.
- Qhov tsis zoo (CVE tseem tsis tau muab) hauv kev siv io_uring asynchronous input/output interface, suav nrog hauv Linux ntsiav txij li tso tawm 5.1. Qhov teeb meem yog tshwm sim los ntawm kab laum nyob rau hauv io_sqe_buffer_register muaj nuj nqi, uas tso cai rau nkag mus rau lub cev nco tshaj tus ciam teb ntawm ib tug statically faib tsis. Qhov teeb meem tshwm sim tsuas yog hauv ceg 6.3 thiab yuav raug kho hauv qhov kev hloov tshiab 6.3.2 yav tom ntej. Ib tus qauv ua haujlwm ntawm kev siv dag zog yog twb muaj rau kev sim, tso cai rau koj ua tiav cov cai nrog cov cai kernel.
Tau qhov twg los: opennet.ru