Chiwopsezo chachikulu (CVE-2022-0811) chadziwika mu CRI-O, nthawi yoyendetsera zotengera zakutali, zomwe zimakulolani kuti mudutse kudzipatula ndikuyika khodi yanu kumbali ya wolandila. Ngati CRI-O ikugwiritsidwa ntchito m'malo mosungidwa ndi Docker kuyendetsa zotengera zomwe zikuyenda pansi pa nsanja ya Kubernetes, wowukira atha kuwongolera node iliyonse mgulu la Kubernetes. Kuti muchite chiwembu, muli ndi ufulu wokwanira woyendetsa chidebe chanu mgulu la Kubernetes.
Chiwopsezochi chimayamba chifukwa cha kuthekera kosintha kernel sysctl parameter "kernel.core_pattern" ("/proc/sys/kernel/core_pattern"), mwayi wofikira womwe sunatsekedwe, ngakhale sunali pakati pa magawo otetezeka ku. kusintha, koyenera mu malo a mayina a chidebe chomwe chilipo. Pogwiritsa ntchito chizindikirochi, wogwiritsa ntchito kuchokera m'chidebe akhoza kusintha khalidwe la Linux kernel pokhudzana ndi kukonza mafayilo akuluakulu kumbali ya malo osungiramo malo ndikukonzekera kukhazikitsidwa kwa lamulo lopanda pake lomwe liri ndi ufulu wa mizu kumbali ya wolandirayo potchula wothandizira ngati. "|/bin/sh -c 'malamulo'" .
Vutoli lidakhalapo kuyambira pomwe CRI-O 1.19.0 idatulutsidwa ndipo idakonzedwa pazosintha 1.19.6, 1.20.7, 1.21.6, 1.22.3, 1.23.2 ndi 1.24.0. Pakati pa magawowa, vuto limapezeka mu Red Hat OpenShift Container Platform ndi zinthu za openSUSE/SUSE, zomwe zili ndi phukusi la cri-o m'malo awo.
Source: opennet.ru