He whakaraeraetanga nui (CVE-2022-0811) kua kitea i roto i te CRI-O, he wa whakahaere mo te whakahaere ipu taratahi, ka taea e koe te karo i te wehe me te mahi i to waehere ki te taha o te punaha manaaki. Mena ka whakamahia te CRI-O hei utu mo te ipu me te Docker hei whakahaere ipu e rere ana i raro i te papaaho Kubernetes, ka taea e te kaitukino te whakahaere i tetahi node o te roopu Kubernetes. Ki te kawe i te whakaeke, he nui noa to mana ki te whakahaere i to ipu ki te roopu Kubernetes.
Ko te whakaraeraetanga na te kaha ki te whakarereke i te tawhā sysctl kernel "kernel.core_pattern" ("/proc/sys/kernel/core_pattern"), te urunga kaore i aukatihia, ahakoa te mea kaore i roto i nga taapiri haumaru ki te huringa, whai mana anake ki te mokowāingoa o te ipu onāianei. Ma te whakamahi i tenei tawhā, ka taea e te kaiwhakamahi mai i te ipu te whakarereke i te whanonga o te kakano Linux e pa ana ki te tukatuka i nga konae matua kei te taha o te taiao kaihautu me te whakarite i te whakarewatanga o te whakahau whai mana me nga mana pakiaka ki te taha kaihautu ma te tohu i tetahi kaihautu penei "|/bin/sh -c 'whakahau'" .
Ko te raruraru kua puta mai i te tukunga o CRI-O 1.19.0 me te whakatika i nga whakahou 1.19.6, 1.20.7, 1.21.6, 1.22.3, 1.23.2 me 1.24.0. I roto i nga tohatoha, ka puta te raruraru i roto i te Red Hat OpenShift Container Platform me nga hua openSUSE / SUSE, kei a raatau te putea cri-o i roto i o raatau waahi.
Source: opennet.ru