ProHoster > ื‘ืœื•ื’ > ื—ื“ืฉื•ืช ื‘ืื™ื ื˜ืจื ื˜ > ืคื’ื™ืขื•ื™ื•ืช ื”ื ื™ืชื ื•ืช ืœื ื™ืฆื•ืœ ืžืจื—ื•ืง ื‘- FreeBSD

ืคื’ื™ืขื•ื™ื•ืช ื”ื ื™ืชื ื•ืช ืœื ื™ืฆื•ืœ ืžืจื—ื•ืง ื‘- FreeBSD

ืขืœ FreeBSD ื—ื•ืกืœื• ื—ืžืฉ ืคื’ื™ืขื•ื™ื•ืช, ื›ื•ืœืœ ื‘ืขื™ื•ืช ืฉืขืœื•ืœื•ืช ืœื”ื•ื‘ื™ืœ ืœื”ื—ืœืคืช ื ืชื•ื ื™ื ื‘ืจืžืช ื”ืœื™ื‘ื” ื‘ืขืช ืฉืœื™ื—ืช ืžื ื•ืช ืจืฉืช ืžืกื•ื™ืžื•ืช ืื• ืœืืคืฉืจ ืœืžืฉืชืžืฉ ืžืงื•ืžื™ ืœื”ืกืœื™ื ืืช ื”ื”ืจืฉืื•ืช ืฉืœื•. ื”ืคื’ื™ืขื•ื™ื•ืช ืชื•ืงื ื• ื‘ืขื“ื›ื•ื ื™ื 12.1-RELEASE-p5 ื•-11.3-RELEASE-p9.

ื”ืคื’ื™ืขื•ืช ื”ืžืกื•ื›ื ืช ื‘ื™ื•ืชืจ (CVE-2020-7454) ื ื’ืจืžืช ืขืœ ื™ื“ื™ ื—ื•ืกืจ ื‘ื‘ื“ื™ืงืช ื’ื•ื“ืœ ืžื ื•ืช ื ืื•ืชื” ื‘ืกืคืจื™ื™ืช libalias ื‘ืขืช ื ื™ืชื•ื— ื›ื•ืชืจื•ืช ืกืคืฆื™ืคื™ื•ืช ืœืคืจื•ื˜ื•ืงื•ืœ. ืกืคืจื™ื™ืช libalias ืžืฉืžืฉืช ื‘ืžืกื ืŸ ืžื ื•ืช ipfw ืœืชืจื’ื•ื ื›ืชื•ื‘ื•ืช ื•ื›ื•ืœืœืช ืคื•ื ืงืฆื™ื•ืช ืกื˜ื ื“ืจื˜ื™ื•ืช ืœื”ื—ืœืคืช ื›ืชื•ื‘ื•ืช ื‘ื—ื‘ื™ืœื•ืช IP ื•ื‘ืคืจื•ื˜ื•ืงื•ืœื™ ื ื™ืชื•ื—. ื”ืคื’ื™ืขื•ืช ืžืืคืฉืจืช, ืขืœ ื™ื“ื™ ืฉืœื™ื—ืช ื—ื‘ื™ืœืช ืจืฉืช ืฉืชื•ื›ื ื ื” ื‘ืžื™ื•ื—ื“, ืœืงืจื•ื ืื• ืœื›ืชื•ื‘ ื ืชื•ื ื™ื ื‘ืื–ื•ืจ ื–ื™ื›ืจื•ืŸ ื”ืœื™ื‘ื” (ื‘ืขืช ืฉื™ืžื•ืฉ ื‘ื™ื™ืฉื•ื NAT ื‘ืงืจื ืœ) ืื• ืœืชื”ืœื™ืš
natd (ืื ืžืฉืชืžืฉื™ื ื‘ื™ื™ืฉื•ื NAT ืฉืœ ืžืจื—ื‘ ืžืฉืชืžืฉ). ื”ื‘ืขื™ื” ืื™ื ื” ืžืฉืคื™ืขื” ืขืœ ืชืฆื•ืจื•ืช NAT ืฉื ื‘ื ื• ื‘ืืžืฆืขื•ืช ืžืกื ื ื™ ืžื ื•ืช PF ื•-ipf, ืื• ืชืฆื•ืจื•ืช ipfw ืฉืื™ื ืŸ ืžืฉืชืžืฉื•ืช ื‘-NAT.

ื ืงื•ื“ื•ืช ืชื•ืจืคื” ืื—ืจื•ืช:

  • CVE-2020-7455 - ืคื’ื™ืขื•ืช ื ื•ืกืคืช ื”ื ื™ืชื ืช ืœื ื™ืฆื•ืœ ืžืจื—ื•ืง ื‘ืœื™ื‘ืœื™ื•ืช ื”ืงืฉื•ืจื•ืช ืœื—ื™ืฉื•ื‘ ืฉื’ื•ื™ ืฉืœ ืื•ืจื›ื™ ืžื ื•ืช ื‘ืžื˜ืคืœ ื”-FTP. ื”ื‘ืขื™ื” ืžื•ื’ื‘ืœืช ืœื“ืœื™ืคืช ืชื•ื›ืŸ ืฉืœ ื›ืžื” ื‘ืชื™ื ืฉืœ ื ืชื•ื ื™ื ืžืื–ื•ืจ ื–ื™ื›ืจื•ืŸ ื”ืœื™ื‘ื” ืื• ืชื”ืœื™ืš natd.
  • CVE-2019-15879 - ืคื’ื™ืขื•ืช ื‘ืžื•ื“ื•ืœ cryptodev ื”ื ื’ืจืžืช ืขืœ ื™ื“ื™ ื’ื™ืฉื” ืœืื–ื•ืจ ื–ื™ื›ืจื•ืŸ ืžืฉื•ื—ืจืจ ื›ื‘ืจ (ืฉื™ืžื•ืฉ-ืื—ืจื™-ื—ื•ืคืฉื™), ื•ืžืืคืฉืจืช ืœืชื”ืœื™ืš ื—ืกืจ ื”ืจืฉืื•ืช ืœื“ืจื•ืก ืื–ื•ืจื™ื ืฉืจื™ืจื•ืชื™ื™ื ืฉืœ ื–ื™ื›ืจื•ืŸ ื”ืœื™ื‘ื”. ื›ืคืชืจื•ืŸ ืขื•ืงืฃ ืœื—ืกื™ืžืช ื”ืคื’ื™ืขื•ืช, ืžื•ืžืœืฅ ืœืคืจื•ืง ืืช ืžื•ื“ื•ืœ cryptodev ืขื ื”ืคืงื•ื“ื” "kldunload cryptodev" ืื ื”ื•ื ื ื˜ืขืŸ (cryptdev ืื™ื ื• ื ื˜ืขืŸ ื›ื‘ืจื™ืจืช ืžื—ื“ืœ). ืžื•ื“ื•ืœ cryptodev ืžืกืคืง ืœื™ื™ืฉื•ืžื™ ืžืจื—ื‘ ืžืฉืชืžืฉ ื’ื™ืฉื” ืœืžืžืฉืง /dev/crypto ื›ื“ื™ ืœื’ืฉืช ืœืคืขื•ืœื•ืช ืงืจื™ืคื˜ื•ื’ืจืคื™ื•ืช ืžื•ืืฆื•ืช ื‘ื—ื•ืžืจื” (/dev/crypto ืื™ื ื• ื‘ืฉื™ืžื•ืฉ ื‘-AES-NI ื•-OpenSSL).
  • CVE-2019-15880 - ื”ืคื’ื™ืขื•ืช ื”ืฉื ื™ื™ื” ื‘-cryptodev, ื”ืžืืคืฉืจืช ืœืžืฉืชืžืฉ ื—ืกืจ ื”ืจืฉืื•ืช ืœื™ื–ื•ื ืงืจื™ืกืช ืœื™ื‘ื” ืขืœ ื™ื“ื™ ืฉืœื™ื—ืช ื‘ืงืฉื” ืœื‘ืฆืข ืคืขื•ืœืช ื”ืฆืคื ื” ืขื MAC ืฉื’ื•ื™. ื”ื‘ืขื™ื” ื ื’ืจืžืช ืžื”ื™ืขื“ืจ ื‘ื“ื™ืงืช ื’ื•ื“ืœ ืžืคืชื— MAC ื‘ืขืช ื”ืงืฆืืช ืžืื’ืจ ืœืื—ืกื•ืŸ ืื•ืชื• (ื”ืžืื’ืจ ื ื•ืฆืจ ืขืœ ืกืžืš ื ืชื•ื ื™ ื”ื’ื•ื“ืœ ืฉืกื•ืคืงื• ืขืœ ื™ื“ื™ ื”ืžืฉืชืžืฉ, ืžื‘ืœื™ ืœื‘ื“ื•ืง ืืช ื”ื’ื•ื“ืœ ื”ืืžื™ืชื™).
  • CVE-2019-15878 - ืคื’ื™ืขื•ืช ื‘ื™ื™ืฉื•ื ืคืจื•ื˜ื•ืงื•ืœ SCTP (Stream Control Transmission Protocol) ื”ื ื’ืจืžืช ืžืื™ืžื•ืช ืฉื’ื•ื™ ืฉืœ ื”ืžืคืชื— ื”ืžืฉื•ืชืฃ ื”ืžืฉืžืฉ ืืช ื”ืจื—ื‘ืช SCTP-AUTH ืœืื™ืžื•ืช ืจืฆืคื™ SCTP. ืืคืœื™ืงืฆื™ื” ืžืงื•ืžื™ืช ื™ื›ื•ืœื” ืœืขื“ื›ืŸ ืืช ื”ืžืคืชื— ื“ืจืš ื”-API ืฉืœ Socket ื•ื‘ื• ื–ืžื ื™ืช ืœืกื™ื™ื ืืช ื—ื™ื‘ื•ืจ ื”-SCTP, ืžื” ืฉื™ื•ื‘ื™ืœ ืœื’ื™ืฉื” ืœืื–ื•ืจ ื–ื™ื›ืจื•ืŸ ืคื ื•ื™ ื›ื‘ืจ (ืฉื™ืžื•ืฉ-ืื—ืจื™-ื—ื•ืคืฉื™).

ืžืงื•ืจ: OpenNet.ru

ื”ื•ืกืคืช ืชื’ื•ื‘ื”