ProHoster > Блог > ozi ịntanetị > Nsogbu nke kernel Linux, Glibc, GStreamer, Ghostscript, BIND na CUPS

Nsogbu nke kernel Linux, Glibc, GStreamer, Ghostscript, BIND na CUPS

Ọtụtụ adịghị ike achọpụtara nso nso a:

  • CVE-2023-39191 – Enweghị ike dị na sistemụ eBPF nwere ike inye onye ọrụ mpaghara ohere ịbawanye ikike ha ma mee koodu kernel. LinuxIhe na-akpata adịghị ike a bụ nkwenye na-ezighi ezi nke mmemme eBPF nke onye ọrụ nyefere maka igbu. Iji mee mwakpo ahụ, onye ọrụ ga-enwerịrị ike ibuli mmemme BPF nke ya (ọ bụrụ na edobere paramita kernel.unprivileged_bpf_disabled ka ọ bụrụ 0, dịka ọmụmaatụ, dịka ọ dị na Ubuntu Eprel 20.04). E kọọrọ ndị mmepe kernel ozi gbasara adịghị ike ahụ na Disemba nke afọ gara aga, e mekwara ndozi nwayọ na Jenụwarị.
  • CVE-2023-42753 Esemokwu nwere akara n'usoro na mmejuputa ipset n'ime sistemu kernel netfilter, nke enwere ike iji abawanye / belata ihe nrịbama wee mepụta ọnọdụ maka ide ma ọ bụ ịgụ na ebe nchekwa na mpụga ebe nchekwa ekenyela. Iji lelee ọnụnọ nke adịghị ike, akwadoro ụdị nrigbu nke na-akpata njedebe na-adịghị mma (enweghị ike iwepụ ọnọdụ nrigbu dị ize ndụ karịa). A na-etinye ndozi ahụ na mwepụta kernel 5.4.257, 6.5.3, 6.4.16, 6.1.53, 5.10.195, 5.15.132.
  • CVE-2023-39192, CVE-2023-39193, CVE-2023-39193 - ọtụtụ nsogbu kernel Linux, nke na-ebute ntapu ebe nchekwa kernel n'ihi ikike ịgụ ihe site na ebe nchekwa na-abụghị nke oke na match_flags na ọrụ u32_match_it nke sistemụ Netfilter, yana na koodu nhazi nzacha steeti. Edoziri adịghị ike ndị ahụ na Ọgọst (1, 2) na Juun.
  • CVE-2023-42755 bụ adịghị ike nke na-enye ohere ka onye ọrụ mpaghara na-enweghị ihe ọ bụla kpatara nsogbu kernel n'ihi njehie mgbe ọ na-arụ ọrụ na pointers na rsvp okporo ụzọ classifier. Nsogbu a pụtara na kernel LTS 6.1, 5.15, 5.10, 5.4, 4.19 na 4.14. Emebela ihe nleba anya nke erigbu. Anabatabeghị ihe ndozi ahụ n'ime kernel ma dị ka patch.
  • CVE-2023-42756 bụ ọnọdụ agbụrụ na NetFilter kernel subsystem nke enwere ike iji mee ka onye ọrụ mpaghara kpalite ọnọdụ ụjọ. Ụdị nrigbu dị na-arụ ọrụ opekata mpe na kernels 6.5.rc7, 6.1 na 5.10. Anabatabeghị ihe ndozi ahụ n'ime kernel ma dị ka patch.
  • CVE-2023-4527 Ngwunye njupụta n'ọbá akwụkwọ Glibc na-eme na ọrụ getaddrinfo mgbe ị na-ahazi nzaghachi DNS karịrị 2048 bytes. Ọdịmma ahụ nwere ike ibute mwepu data ma ọ bụ mkpọka. Ọdịmma ahụ na-apụta naanị na ụdị Glibc ọhụrụ karịa 2.36 mgbe ị na-eji nhọrọ “no-aaaa” na /etc/resolv.conf.
  • CVE-2023-40474, CVE-2023-40475 bụ adịghị ike na GStreamer multimedia kpuchie nke integer njupụta na ndị na-ahụ maka faịlụ vidiyo MXF. Ọdịmma ndị ahụ nwere ike iduga mkpochapụ koodu mwakpo mgbe ị na-ahazi faịlụ MXF emebere nke ọma na ngwa na-eji GStreamer. A doziri nsogbu ahụ na ngwungwu gst-plugins-bad 1.22.6.
  • CVE-2023-40476 - Ihe nkpuchi na-ejupụta na H.265 video processor na-enye na GStreamer, nke na-enye ohere igbu koodu mgbe ị na-ahazi vidiyo ahaziri iche. Edobere adịghị ike ahụ na ngwugwu gst-plugins-bad 1.22.6.
  • Nyocha - nyocha nke nrigbu na-eji adịghị ike CVE-2023-36664 na ngwugwu Ghostscript mebie koodu ya mgbe imepe akwụkwọ PostScript emebere nke ọma. Ihe kpatara nsogbu a bụ nhazi aha faịlụ na-ezighi ezi na-amalite site na agwa "|". ma ọ bụ prefix% pipe%. Edobere adịghị ike ahụ na ntọhapụ Ghostscript 10.01.2.
  • CVE-2023-3341, CVE-2023-4236 - adịghị ike na ihe nkesa BIND 9 DNS nke na-eduga na mkpọka nke usoro aha ya mgbe ị na-ahazi ozi njikwa ahaziri nke ọma (ịnweta ọdụ ụgbọ mmiri TCP nke ejiri aha ya mee ihe zuru ezu (naanị imeghe na ndabara). E doziri adịghị ike ndị ahụ na mwepụta BIND 9.16.44, 9.18.19, na 9.19.17.
  • CVE-2023-4504 - adịghị ike dị na ihe nkesa Nsogbu dị na mbipụta CUPS na ọbá akwụkwọ libppd mere ka ihe nchekwa jupụta mgbe a na-enyocha akwụkwọ Postscript a haziri nke ọma. O kwere omume iji adịghị ike a mee ihe iji mepụta koodu omenala na sistemụ ahụ. Edoziri nsogbu ahụ na CUPS 2.4.7 (patch) na libppd 2.0.0 (patch).

isi: opennet.ru

Zụta nnabata ntụkwasị obi maka saịtị nwere nchekwa DDoS, sava VPS VDS 🔥 Zụta ebe nrụọrụ weebụ a pụrụ ịtụkwasị obi na nchekwa DDoS, sava VPS VDS | ProHoster