Ndị nyocha nchekwa Cisco ozi adịghị ike (CVE-2019-5021) na Nkesa Alpine maka sistemụ ikewa akpa Docker. Isi ihe kpatara nsogbu ahụ bụ na edobere paswọọdụ ndabara maka onye ọrụ mgbọrọgwụ na paswọọdụ efu na-egbochighị nbanye ozugbo dị ka mgbọrọgwụ. Ka anyị cheta na a na-eji Alpine wepụta onyonyo gọọmentị sitere na ọrụ Docker (nke bụbu ụlọ ọrụ gọọmentị dabere na Ubuntu, mana enwerekwa ya. na Alpine).
Nsogbu a dị ebe ọ bụ na Alpine Docker 3.3 na-ewu ma kpatara mgbanwe mgbanwe agbakwunyere na 2015 (tupu ụdị 3.3, /etc/shadow jiri akara "mgbọrọgwụ :: 0::::") nbibi nke ọkọlọtọ "-d" ahịrị "mgbọrọgwụ:: 0::::::" malitere ịgbakwunye. Achọpụtara nsogbu ahụ na mbụ na Nọvemba 2015, ma na December na ndudue ọzọ na faịlụ wuo nke alaka nnwale ahụ, wee bufee ya na ụlọ ndị kwụsiri ike.
Ozi adịghị ike na-ekwu na nsogbu ahụ pụtakwara na ngalaba Alpine Docker 3.9 kachasị ọhụrụ. Ndị mmepe Alpine na March kwachie na vulnerability malite na-ewuli 3.9.2, 3.8.4, 3.7.3 na 3.6.5, ma na-anọgide na ochie alaka 3.4.x na 3.5.x, nke a kwụsịrị. Na mgbakwunye, ndị mmepe na-ekwu na vector ọgụ dị oke oke ma na-achọ ka onye mwakpo ahụ nweta otu akụrụngwa ahụ.
isi: opennet.ru