ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Nginx 1.21.0 thiab nginx 1.20.1 tso tawm nrog qhov tsis zoo kho

Nginx 1.21.0 thiab nginx 1.20.1 tso tawm nrog qhov tsis zoo kho

Thawj qhov kev tso tawm ntawm cov ceg tseem ceeb tshiab ntawm nginx 1.21.0 tau nthuav tawm, nyob rau hauv uas txoj kev loj hlob ntawm cov yam ntxwv tshiab yuav txuas ntxiv mus. Nyob rau tib lub sijhawm, qhov kev tso tawm kho tau raug npaj ua ke nrog kev txhawb nqa ruaj khov ceg 1.20.1, uas tsuas yog qhia txog kev hloov pauv cuam tshuam txog kev tshem tawm qhov ua yuam kev loj thiab qhov tsis zoo. Xyoo tom ntej, raws li lub ntsiab ceg 1.21.x, ib ceg ruaj khov 1.22 yuav raug tsim.

Cov tshiab versions kho qhov tsis zoo (CVE-2021-23017) hauv cov cai rau kev daws cov hostnames hauv DNS, uas tuaj yeem ua rau muaj kev sib tsoo lossis muaj peev xwm ua rau tus neeg tawm tsam code. Qhov teeb meem tshwm sim nws tus kheej hauv kev ua tiav ntawm qee cov lus teb DNS server uas ua rau muaj ib-byte tsis dhau. Qhov tsis zoo tsuas yog tshwm sim thaum qhib hauv DNS daws teeb meem siv cov lus qhia "resolver". Txhawm rau ua qhov kev tawm tsam, tus neeg tawm tsam yuav tsum muaj peev xwm spoof UDP pob ntawv los ntawm DNS server lossis nce kev tswj hwm ntawm DNS server. Qhov teeb meem tau tshwm sim txij li thaum tso tawm nginx 0.6.18. Ib thaj tuaj yeem siv los kho qhov teeb meem hauv kev tshaj tawm qub.

Tsis muaj kev ruaj ntseg hloov pauv hauv nginx 1.21.0:

  • Kev txhawb nqa sib txawv tau ntxiv rau cov lus qhia "proxy_ssl_certificate", "proxy_ssl_certificate_key", "grpc_ssl_certificate", "grpc_ssl_certificate_key", "uwsgi_ssl_certificate" thiab "uwsgi_ssl_certificate".
  • mail proxy module tau ntxiv kev txhawb nqa rau "pipelining" rau xa ntau qhov kev thov POP3 lossis IMAP hauv ib qho kev sib txuas, thiab tseem tau ntxiv cov lus qhia tshiab "max_errors", uas txhais tau hais tias qhov ntau tshaj ntawm cov txheej txheem yuam kev tom qab qhov kev sib txuas yuav raug kaw.
  • Ntxiv qhov "fstopen" parameter rau cov kwj module, ua kom "TCP Fast Open" hom rau cov mloog pob ntseg.
  • Cov teeb meem nrog kev khiav tawm cov cim tshwj xeeb thaum lub sijhawm hloov pauv tsis siv neeg los ntawm kev ntxiv ib qho hlais thaum kawg tau raug daws.
  • Qhov teeb meem nrog kaw kev sib txuas rau cov neeg siv khoom thaum siv SMTP pipelining tau raug daws lawm.

Tau qhov twg los: opennet.ru

Ntxiv ib saib