ProHoster > Blog > ozi ịntanetị > Mwepụta nke ọba akwụkwọ sistemụ Glibc 2.39 yana ngwa GNU Binutils 2.42.

Mwepụta nke ọba akwụkwọ sistemụ Glibc 2.39 yana ngwa GNU Binutils 2.42.

Mgbe ọnwa isii nke mmepe gachara, ewepụtara ọbá akwụkwọ usoro GNU C Library (glibc) 2.39, nke na-akwado nke ọma na ụkpụrụ ISO C11 na POSIX.1-2017 chọrọ. Mwepụta ọhụrụ a gụnyere ndozi sitere na ndị nrụpụta 67.

Ụfọdụ n'ime nkwalite ndị etinyere na Glibc 2.39 gụnyere:

  • E nyela nkwado maka ndò e tinyere n'ime kernel. Linux 6.6, nke na-egbochi ọtụtụ ihe ọjọọ site n'iji ikike ngwaike nke ndị nhazi Intel iji chebe onwe ha pụọ ​​na idegharị adreesị nloghachi site na ọrụ ma ọ bụrụ na ihe nchekwa stack jupụta. Nchedo a na-arụ ọrụ site na ịchekwa adreesị nloghachi ọ bụghị naanị na stack nkịtị kamakwa na stack "shadow" dị iche, nke enweghị ike ịgbanwe ozugbo, mgbe ebugharị njikwa na ọrụ. Tupu ịpụ na ọrụ ahụ, a na-apụta adreesị nloghachi site na stack onyinyo ma tụnyere adreesị nloghachi site na stack isi. Enweghị ndakọrịta na adreesị na-emepụta ihe dị iche, na-egbochi ọnọdụ ebe ihe ọjọọ ejirila dee adreesị na stack isi. Agbakwunyela nhọrọ nrụpụta "--enable-cet" iji mee ka nchekwa a nwee ike.
  • Etinyere faịlụ nkụnye eji isi mee ọhụrụ , kọwapụtara na ọkọlọtọ ISO C2X na-arụ ọrụ stdc_leading_zeros, stdc_leading_ones, stdc_trailing_zeros, stdc_trailing_ones, stdc_first_leading_zero, stdc_first_leading_one, stdc_first_leading_one, stdc_first_leading_one stdc_count_zeros, stdc_count_ones, s_single_bit, stdc_bit_width, stdc_bit_floor na stdc_bit_ceil n'ụdị dị iche iche nwere ụdị "char na-edebanyeghị aha", "anaghị edebanye aha mkpirisi” , “edebanyeghị aha ogologo int”, “ogologo int na-edoghị aka na ya” na “ogologo ogologo int na-edoghị aka na ya”.
  • Maka ikpo okwu Linux E tinyela ọrụ posix_spawnattr_getcgroup_np na posix_spawnattr_setcgroup_np, tinyere ọkọlọtọ POSIX_SPAWN_SETCGROUP. Ndị a na-enye ohere ịtọlite ​​​​cgroupv2 n'ime usoro ọhụrụ site na iji ọrụ posix_spawn na posix_spawnp, na-ewepụ ọnọdụ agbụrụ. Ọrụ ndị a bụ ndọtị GNU ma chọọ ka kernel rụọ ọrụ. Linux na nkwado oku sistemụ clone3.
  • Maka ikpo okwu Linux E tinyela ọrụ pidfd_spawn na pidfd_spawp, nke yiri nke a na nkọwa na ọrụ posix_spawn, mana ọ bụghị ihe nchọpụta usoro (PID), kama ihe nkọwa faịlụ maka ojiji na ọrụ ndị na-akwado usoro PIDFD, dị ka pidfd_send_signal, poll, na waitid (a na-ejikọ PIDFD na usoro akọwapụtara ma ọ naghị agbanwe agbanwe, ebe enwere ike ijikọ PID na usoro ọzọ mgbe usoro dị ugbu a metụtara PID a kwụsịrị).
  • Maka ikpo okwu Linux Agbakwunyere ọrụ pidfd_getpid iji chọpụta ihe njirimara usoro (PID) dabere na nkọwa faịlụ usoro (PIDFD) nke pid_spawn, fork_np na pidfd_open weghachitere.
  • Agbakwunyela ihe mgbanwe nha "wN" na ọrụ ezinụlọ scanf, ejiri maka arụmụka nke ụdị intN_t, int_leastN_t, uintN_t na uint_leastN_t. Dịka ọmụmaatụ, iji gụọ ụkpụrụ ngụkọ nwere ụdị int32_t na int_least32_t, ị nwere ike ịkọwapụta "% w32d", yana ụkpụrụ hexadecimal nwere ike ịkọwa dị ka "% w32x". N'otu aka ahụ, agbakwunyere "wfN" modifier na ụdị int_fastN_t na uint_fastN_t ewebata n'ụdị ISO C2X ọkọlọtọ.
  • Agbakwunyere ntọala “glibc.cpu.plt_rewrite”, nke na-enyere aka idegharị PLT (Table Linkage Table) na sistemu x86-64, nke onye na-ejikọ ya ga-eji dochie alaka ndị na-apụtaghị ìhè na PLT.
  • Agbakwunyere ntọala "glibc.mem.decorate_maps" iji gbakwunye ozi oke ebe nchekwa (dịka nchịkọta eri nke ptread_create mepụtara ma ọ bụ ebe nchekwa ekenyere site na malloc).
  • Nhazi "statvfs" na-ejupụta ubi "f_type" ugbu a na ozi gbasara ụdị sistemụ faịlụ, nke kwekọrọ na ọdịnaya nke ubi dị na nhazi "statfs". Na mbụ, Linux Ahịrị "f_type" nwere 0 mgbe niile.
  • Maka ikpo okwu AArch64, agbakwunyere nkọwa na libmvec na math.h nke na-enye ohere, mgbe ị na-akọwapụta nhọrọ "-fast-math" mgbe ị na-ewu ụlọ, iji oku vectoring mgbe a na-ewu na GCC 9 na nsụgharị ọhụrụ nke nchịkọta. Agbanyere vectorization maka ọrụ mgbakọ na mwepụ acos, acosf, asin, asinf, atan, atanf, atan2, atan2f, cos, cosf, exp, expf, exp10, exp10f, exp2, exp2f, expm1, expm1f, log, logf, log10, log10f, log1p , log1pf, log2, log2f, mmehie, sinf, tan na tanf.
  • Ewepụla ọba akwụkwọ libcrypt na faịlụ nkụnye eji isi mee ihe na ngwugwu " " A na-agba ndị mmepe ngwa ume ka ha gbanwee gaa na ọba akwụkwọ ọzọ dị ka libxcrypt.
  • Utility ldconfig na-amafe faịlụ na agwa ';'. na aha faịlụ ma ọ bụ mechie ".dpkg.tmp" na ".dpkg.new", nke na-enye gị ohere iji zere nhazi faịlụ nwa oge nke rpm na dpkg ngwugwu njikwa.
  • Nkwado maka ia64 architecture (ia64*-*-linux-gnu), eji na Intel Itanium processors, akwụsịla.
  • Edoziri adịghị ike:
    • CVE-2023-6246, CVE-2023-6779, CVE-2023-6780 bụ adịghị ike dị oke egwu na ọrụ __vsyslog_internal(), nke na-enye mmadụ ohere ịme koodu site na iji ohere dị elu mee ihe site na ịmegharị ya na mmalite nke ngwa SUID.
    • CVE-2023-4911 bụ adịghị ike na Glibc ld.so nke na-enye gị ohere ịnweta ohere mgbọrọgwụ na sistemụ. Ọdịmma ahụ bụ n'ihi mperi dị na koodu nzacha eriri akọwapụtara na mgbanwe gburugburu GLIBC_TUNABLES, nke nwere ike ime ka e depụta uru atụgharịghị na oke na nchekwa ekenyela. A na-arụ ọrụ nke ukwuu.
    • CVE-2023-4806 bụ adịghị ike na-enweghị n'efu na ọrụ getaddrinfo. Nsogbu a na-eme mgbe NSS ngwa mgbakwunye na-arụ ọrụ naanị "_gethostbyname2_r" na "_getcanonname_r" oku-azụ, mana anaghị akwado oku "_gethostbyname3_r". Iji mee ihe adịghị ike, ihe nkesa DNS ga-eweghachite ọnụ ọgụgụ dị ukwuu nke adreesị IPv6 na IPv4 maka onye na-arịọ arịrịọ, nke ga-eduga na mmebi nke usoro a na-akpọ ọrụ getaddrinfo maka ezinụlọ AF_INET6 mgbe AI_CANONNAME, AI_ALL na AI_V4MAPPED flags bụ. setịpụrụ.
    • CVE-2023-4527 bụ adịghị ike na ọrụ getaddrinfo nke na-enye ohere ịgụ data site na mpaghara na-abụghị ókèala nchekwa mgbe ị na-edozi nzaghachi DNS natara n'elu TCP nke karịrị 2048 bytes. Ọdịmma ahụ na-eme mgbe ị na-eji nhọrọ "no-aaaa" na /etc/resolv.conf.

    Na mgbakwunye, anyị nwere ike ịhụ ntọhapụ nke otu ngwa ngwa GNU Binutils 2.42, nke gụnyere mmemme dị ka GNU linker, GNU assembler, nm, objdump, strings, strip.

    Na ụdị Binutils ọhụrụ:

    • agbakwunyere nhọrọ nnwale "--scfi = nnwale" na onye na-ezukọta (gas) maka sistemu x86-64 iji mepụta CFI (Control Flow Integrity) na-ewu maka koodu mgbakọ ejiri aka dee kwekọrọ na Sistemu V AMD64 ABI.
    • agbakwunyere nhọrọ "--extra-sym-info" iji gụgharịa iji gosipụta ozi agbatịkwuru gbasara akara ("-akara ngosi"), dị ka aha ngalaba nke st_shndx index zoro aka na ya.
    • Utility objcopy na-enye ike iji nhọrọ "--set-section-flags" nwere uru "nnukwu" iji tọọ ngalaba ọkọlọtọ SHF_X86_64_LARGE maka ihe ELF na sistemụ x86-64. Nhọrọ "-visualize-jumps" na-akwado nkwado maka nhazi ụlọ s390.
    • Mgbe ị na-agbasa ntuziaka s390, ike igosipụta nkọwa na nkọwa ntuziaka ka etinyere ya. Iji mee nkọwa, ị nwere ike ezipụta nhọrọ "-M insndesc" na objdump, yana nhọrọ "set disassembler-options insndesc" na gdb.
    • Agbakwunyere nhọrọ "-z mark-plt" na "-z nomark-plt" na onye na-ejikọta ya iji akara ndenye na tebụl PLT site na iji DT_X86_64_PLT, DT_X86_64_PLTSZ na DT_X86_64_PLTENT mkpado.
    • Nkwado agbakwunyere maka ntụgharị ntụgharị na njikọ njikọ.
    • Agbakwunyere nhọrọ "--warn-execstack-objects", "-error-execstack" na "--error-rxw-segments" iji wepụta ịdọ aka ná ntị ma ọ bụ mperi mgbe ejiri ya na ihe mkpoko nwere ike ime.
    • E mejuputara nkwado maka ABI 2.30 nke ihe owuwu LoongArch, yana nkwado maka ntuziaka ọhụrụ akọwapụtara na nkọwapụta LoongArch 1.10.
    • Nkwado agbakwunyere maka nhazi ntuziaka KVX ejiri na ndị nrụpụta Kalray (dịka ọmụmaatụ, ejiri na SoC Coolidge).
    • Maka sistemụ dabere na nhazi ụlọ Intel, agbakwunyela nkwado maka ndọtị:
      • Intel APX: 32 GPR, NDD, PUSH2/POP2, PUSHP/POPP.
      • USER_MSR.
      • AVX10.1.
      • PBNKB.
      • SM4.
      • SM3.
      • SHA512.
      • AVX-VNNI-INT16.
    • Agbakwunyela nkwado maka ndọtị n'ọdụ ụgbọ mmiri RISC-V:
      • T-isi (XTheadVector, XTheadZvlsseg na XTheadZvamo).
      • CORE-V (XCVmac, XCValu).
      • SiFive VCIX (XSfVcp).
    • Agbakwunyela nkwado maka ndọtị n'ọdụ ụgbọ mmiri maka ihe owuwu AArch64:
      • SVE2.1 (Mgbatị vector Scalable 2.1).
      • SME2.1 (Mgbakwunye Matrix Scalable 2.1).
      • B16B16 (BFloat16 na BFloat16 maka SVE2 na SME2).
      • RASv2 (Ntụkwasị obi, nnweta na ọrụ v2).
      • LSE128 (Atomic 128-bit).
      • GCS (Stac njikwa echedoro).
      • CHK (Lelee ọnọdụ njirimara).
      • SPECRES2 (mmachibido nkọwapụta).
      • LRCPC3 (Ibu Ibu-Nweta RCpc).
      • OTU (Nsụgharị Hardening).
      • ITE (ntụgharị ntụziaka).
      • D128 (128-bit ebe nchekwa page nkọwa).
      • XS (Ụdị ebe nchekwa XS).
    • Nkwado agbakwunyere maka AArch64 Cortex-A520, Cortex-A720, Cortex-X3 na Cortex-X4 processors.
    • Maka ndakọrịta na onye na-ezukọta clang/LLVM, ndị na-ezukọ BPF agbakwunyela nkwado maka ikewa nkọwa na akara “#” na “//”, yana iji akara “;” ikewapụta okwu n'ime ahịrị (";" enweghịzi ike iji kwuo okwu).

    isi: opennet.ru

Zụta nnabata ntụkwasị obi maka saịtị nwere nchekwa DDoS, sava VPS VDS 🔥 Zụta ebe nrụọrụ weebụ a pụrụ ịtụkwasị obi na nchekwa DDoS, sava VPS VDS | ProHoster