Achọpụtala adịghị ike (CVE-2021-3997) n'ime akụrụngwa sistemu-tmpfiles nke na-enye ohere nlọghachi na-achịkwaghị achịkwa ime. Enwere ike iji nsogbu ahụ mee ka ịgọnarị ọrụ n'oge buut sistemụ site na ịmepụta ọnụ ọgụgụ dị ukwuu nke subdirectories na / tmp ndekọ. Ndozi ahụ dị ugbu a n'ụdị patch. A na-enye mmelite ngwugwu iji dozie nsogbu ahụ na Ubuntu na SUSE, mana ọ dịbeghị na Debian, RHEL na Fedora (ndozi na-anwale).
Mgbe ị na-eke ọtụtụ puku subdirectories, na-arụ ọrụ mkpọka nke "systemd-tmpfiles --remove" n'ihi oke ike ọgwụgwụ. A, sistemu-tmpfiles utility na-arụ ọrụ nke ihichapụ na imepụta akwụkwọ ndekọ aha n'otu oku (“systemd-tmpfiles —create —remove —boot —exclude-prefix=/dev”), na nhichapụ a rụrụ na mbụ wee kee ya, ya bụ. Ọdịda na ọkwa ihichapụ ga-ebute faịlụ ndị dị egwu akọwapụtara na /usr/lib/tmpfiles.d/*.conf adịghị eme ya.
A na-akpọkwa ọnọdụ ọgụ dị ize ndụ na Ubuntu 21.04: ebe ọ bụ na okuku nke systemd-tmpfiles adịghị emepụta faịlụ / run / mkpọchi / subsys faịlụ, na / run / mkpọchi ndekọ bụ ndị ọrụ niile dere, onye na-awakpo nwere ike ịmepụta / ịgba ọsọ / mkpọchi / ndekọ ndekọ n'okpuru njirimara ya na, site na ịmepụta njikọ ihe atụ na-ejikọta na faịlụ mkpọchi site na usoro sistemụ, hazie ndetu faịlụ sistemụ.
Na mgbakwunye, anyị nwere ike mara mbipụta nke mbipụta ọhụrụ nke Flatpak, Samba, FreeRDP, Clamav na Node.js, bụ nke edoziri adịghị ike:
- Na mwepụta mmezi nke ngwa ngwa maka iwulite ngwugwu Flatpak nwere onwe 1.10.6 na 1.12.3, edozila adịghị ike abụọ: Ihe ọghọm nke mbụ (CVE-2021-43860) na-enye ohere, mgbe nbudata ngwugwu sitere na ebe nchekwa enweghị ntụkwasị obi, site na nhazi nke metadata, iji zoo ngosipụta nke ụfọdụ ikike dị elu n'oge usoro nrụnye. Ọdịmma nke abụọ (na-enweghị CVE) na-enye iwu "flatpak-builder-mirror-screenshots-url" ịmepụta akwụkwọ ndekọ aha na mpaghara sistemụ faịlụ na-abụghị akwụkwọ ndekọ aha n'oge mgbakọ ngwugwu.
- Mmelite Samba 4.13.16 na-ewepụ adịghị ike (CVE-2021-43566) nke na-enye onye ahịa ohere ịmegharị njikọ ihe atụ na akụkụ SMB1 ma ọ bụ NFS iji mepụta ndekọ na ihe nkesa na-abụghị mpaghara FS mbupụ (nsogbu ahụ kpatara ọnọdụ agbụrụ. na ọ siri ike irigbu na omume, ma usoro iwu ga-ekwe omume). Ụdị dị tupu 4.13.16 na-emetụta nsogbu ahụ.
Ebipụtakwala akụkọ gbasara adịghị ike ọzọ yiri ya (CVE-2021-20316), nke na-enye onye ahịa nwere ikike ịgụ ma ọ bụ gbanwee ọdịnaya nke faịlụ ma ọ bụ metadata ndekọ na mpaghara ihe nkesa FS na mpụga ngalaba mbupụ site na iji njikwa njikọ ihe atụ. A na-edozi okwu ahụ na ntọhapụ 4.15.0, mana ọ na-emetụta alaka ndị gara aga. Otú ọ dị, a gaghị ebipụta ndozi maka alaka ochie, ebe ọ bụ na ochie Samba VFS architecture anaghị ekwe ka edozi nsogbu ahụ n'ihi njide nke ọrụ metadata na faịlụ n'ụzọ (na Samba 4.15 na VFS oyi akwa e kpamkpam redesigned). Ihe na-eme ka nsogbu ahụ ghara ịdị ize ndụ bụ na ọ dị mgbagwoju anya iji rụọ ọrụ yana ikike ịnweta onye ọrụ ga-ekwe ka ịgụ ma ọ bụ ide ihe na faịlụ ma ọ bụ ndekọ aha.
- Ntọhapụ nke FreeRDP 2.5 oru ngo, nke na-enye mmejuputa atumatu nke Remote Desktop Protocol (RDP), na-edozi nsogbu nchekwa atọ (adịghị ekenye ihe nchọpụta CVE) nke nwere ike iduga njupụta njupụta mgbe ị na-eji mpaghara na-ezighi ezi, na-ahazi ndekọ ahaziri iche. ntọala na igosi aha mgbakwunye ahaziri ezighi ezi. Mgbanwe na ụdị ọhụrụ a gụnyere nkwado maka ọbá akwụkwọ OpenSSL 3.0, mmejuputa ntọala TcpConnectTimeout, ndakọrịta dị mma na LibreSSL yana ngwọta maka nsogbu dị na klipbọọdụ na gburugburu ndị dabeere na Wayland.
- Mwepụta ọhụrụ nke ngwugwu antivirus efu ClamAV 0.103.5 na 0.104.2 na-ewepụ adịghị ike CVE-2022-20698, nke jikọtara ya na ọgụgụ isi na-ezighi ezi ma na-enye gị ohere ime ka ọ ghara imebi usoro ma ọ bụrụ na ejiri libjson chịkọta ngwugwu ahụ. c n'ọbá akwụkwọ na CL_SCAN_GENERAL_COLLECT_METADATA akwadoro na ntọala (clamscan --gen-json).
- N'elu ikpo okwu Node.js na-emelite 16.13.2, 14.18.3, 17.3.1 na 12.22.9 na-edozi adịghị ike anọ: ịgafe nkwenye akwụkwọ mgbe ị na-enyocha njikọ netwọk n'ihi ntụgharị na-ezighi ezi nke SAN (Aha Nhọrọ Aha) na usoro eriri (CVE- 2021 -44532); ezighi ezi njikwa nke ngụkọ nke ọtụtụ ụkpụrụ na isiokwu na mpaghara ndị na-enye ihe, nke enwere ike iji gafere nkwenye nke mpaghara ndị a kpọtụrụ aha na asambodo (CVE-2021-44533); ngafe mgbochi metụtara ụdị SAN URI na asambodo (CVE-2021-44531); Ntinye ntinye ezughị oke na ọrụ console.table(), nke enwere ike iji kenye eriri efu na igodo dijitalụ (CVE-2022-21824).
isi: opennet.ru