Achọpụtala adịghị ike dị oke egwu (CVE-2022-0811) na CRI-O, oge ịgba ọsọ maka ijikwa arịa ndị dịpụrụ adịpụ, nke na-enye gị ohere ịgafe ikewapụ ma mebie koodu gị n'akụkụ sistemụ nnabata. Ọ bụrụ na a na-eji CRI-O kama echekwa ya na Docker na-agba ọsọ na-agba ọsọ n'okpuru ikpo okwu Kubernetes, onye na-awakpo nwere ike ijikwa ọnụ ọ bụla na ụyọkọ Kubernetes. Iji mee mbuso agha, naanị ị nwere ikike zuru oke iji tinye akpa gị na ụyọkọ Kubernetes.
A na-akpata adịghị ike ahụ site na ohere nke ịgbanwe kernel sysctl parameter "kernel.core_pattern" ("/proc/sys/kernel/core_pattern"), ịnweta nke na-egbochighị, n'agbanyeghị eziokwu na ọ bụghị n'etiti paramita dị mma. mgbanwe, dị irè naanị na oghere aha nke akpa dị ugbu a. Iji paramita a, onye ọrụ site na akpa nwere ike ịgbanwe omume nke Linux kernel n'ihe gbasara nhazi faịlụ ndị dị n'akụkụ ebe ndị ọbịa wee hazie mmalite nke iwu aka ike nwere ikike mgbọrọgwụ n'akụkụ onye ọbịa site na ịkọwapụta onye njikwa dị ka. "|/bin/sh -c 'iwu'" .
Nsogbu a adịla kemgbe a tọhapụrụ CRI-O 1.19.0 ma dozie ya na mmelite 1.19.6, 1.20.7, 1.21.6, 1.22.3, 1.23.2 na 1.24.0. N'ime nkesa, nsogbu ahụ na-apụta na Red Hat OpenShift Container Platform na openSUSE / SUSE ngwaahịa, nke nwere ngwugwu cri-o na ebe nchekwa ha.
isi: opennet.ru
