Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Nginx 1.22.1 ndi 1.23.2 zosintha zokhala ndi zovuta zokhazikika

Nginx 1.22.1 ndi 1.23.2 zosintha zokhala ndi zovuta zokhazikika

Nthambi yayikulu ya nginx 1.23.2 yatulutsidwa, mkati momwe chitukuko cha zinthu zatsopano chikupitilira, komanso kutulutsidwa kwa nthambi yokhazikika yokhazikika ya nginx 1.22.1, yomwe imaphatikizapo kusintha kokhudzana ndi kuchotsedwa kwa zolakwika zazikulu ndi zofooka.

Mabaibulo atsopanowa amachotsa zofooka ziwiri (CVE-2022-41741, CVE-2022-41742) mu ngx_http_mp4_module module, yomwe imagwiritsidwa ntchito pokonzekera kusuntha kuchokera ku mafayilo mumtundu wa H.264 / AAC. Zowopsazi zitha kubweretsa kuwonongeka kwamakumbukiro kapena kutayikira kukumbukira mukakonza fayilo yopangidwa mwapadera ya mp4. Kuthetsedwa kwadzidzidzi kwa ntchito kumatchulidwa ngati chotsatira, koma mawonetseredwe ena samachotsedwa, monga kulinganiza kachitidwe ka code pa seva.

Ndizofunikira kudziwa kuti kusatetezeka kofananako kudakhazikitsidwa kale mu ngx_http_mp4_module mu 2012. Kuphatikiza apo, F5 inanenanso za chiopsezo chofananira (CVE-2022-41743) muzinthu za NGINX Plus, zomwe zimakhudza gawo la ngx_http_hls_module, lomwe limapereka chithandizo cha protocol ya HLS (Apple HTTP Live Streaming).

Kuphatikiza pakuchotsa zofooka, zosintha zotsatirazi zikuperekedwa mu nginx 1.23.2:

  • Thandizo lowonjezera pazosintha za "$proxy_protocol_tlv_*", zomwe zili ndi makonda a magawo a TLV (Type-Length-Value) omwe amawonekera mu protocol ya Type-Length-Value PROXY v2.
  • Anapereka makiyi osinthasintha achinsinsi a matikiti a gawo la TLS, omwe amagwiritsidwa ntchito pogwiritsa ntchito kukumbukira kogawana mu ssl_session_cache malangizo.
  • Mulingo wodula mitengo pazolakwa zokhudzana ndi mitundu yolakwika ya SSL yatsitsidwa kuchoka pazovuta kupita pazambiri.
  • Kudula mitengo kwa mauthenga okhudzana ndi kulephera kugawa kukumbukira gawo latsopano lasinthidwa kuchoka ku chenjezo mpaka kuchenjeza ndipo kumangokhala kutulutsa cholowa chimodzi pamphindikati.
  • Pa nsanja ya Windows, msonkhano ndi OpenSSL 3.0 wakhazikitsidwa.
  • Kuwoneka bwino kwa zolakwika za protocol ya PROXY mu chipika.
  • Tinakonza vuto pomwe nthawi yomaliza yotchulidwa mu "ssl_session_timeout" sinagwire ntchito pogwiritsa ntchito TLSv1.3 kutengera OpenSSL kapena BoringSSL.

Source: opennet.ru

Kuwonjezera ndemanga