Kampani ya Oracle kumasulidwa kosinthidwa kwazinthu zawo (Critical Patch Update), pofuna kuthetsa mavuto aakulu ndi ziwopsezo. Mu Januwale pomwe, ndalamazo zidachotsedwa .
Mu nkhani kuthetsedwa . Zowopsa zonse zitha kugwiritsidwa ntchito kutali popanda kutsimikizika. Mulingo wapamwamba kwambiri ndi 8.3, womwe umaperekedwa kumavuto m'malaibulale (CVE-2020-2803, CVE-2020-2805). Ziwopsezo ziwiri (mu libxslt ndi JSSE) zili ndi milingo yowopsa ya 8.1 ndi 7.5.
Kuphatikiza pazovuta za Java SE, zofooka zawonetsedwa poyera pazinthu zina za Oracle, kuphatikiza:
- mu seva ya MySQL ndi
2 pakukhazikitsa kasitomala wa MySQL (C API). Mulingo wapamwamba kwambiri wa 9.8 umaperekedwa pachiwopsezo cha CVE-2019-5482, chomwe chimawoneka chikaphatikizidwa ndi chithandizo cha cURL. Nkhani zokhazikika muzotulutsa . - , omwe mavuto a 7 ali ndi mlingo woopsa kwambiri (CVSS wamkulu kuposa 8). Izi zikuphatikiza kukonza zofooka zomwe zimagwiritsidwa ntchito pamipikisano yomwe ikuwonetsedwa pampikisano ndi kulola, kupyolera mwachinyengo kumbali ya kachitidwe ka alendo, kuti apeze njira yosungiramo alendo ndikuchita kachidindo ndi ufulu wa hypervisor. Zowopsa zimakhazikika pazosintha .
- ku Solaris. Mulingo wowopsa kwambiri 8.8 - wogwiritsidwa ntchito kwanuko mu Common Desktop Environment, kulola wogwiritsa ntchito wopanda mwayi kuti agwiritse ntchito code ndi mwayi wa mizu. Nkhani zakhazikitsidwanso mu gawo la kernel pokhazikitsa protocol ya SMB, mu Whodo, ndi svcbundle SMF command. Nkhani zakonzedwa muzosintha zadzulo .
Source: opennet.ru