ProHoster > Blog > nkhani zapaintaneti > Zofooka za Kernel Linux, Glibc, GStreamer, Ghostscript, BIND ndi CUPS

Zofooka za Kernel Linux, Glibc, GStreamer, Ghostscript, BIND ndi CUPS

Zowopsa zingapo zomwe zadziwika posachedwa:

  • CVE-2023-39191 - Kufooka mu dongosolo la eBPF kungalole wogwiritsa ntchito wakomweko kukulitsa mwayi wawo ndikugwiritsa ntchito code ya kernel. LinuxKufooka kumeneku kumachitika chifukwa cha kutsimikizika kosayenera kwa mapulogalamu a eBPF omwe wogwiritsa ntchito amawapereka kuti agwire ntchito. Kuti achite kuukiraku, wogwiritsa ntchito ayenera kukhala ndi mwayi wotsegula pulogalamu yake ya BPF (ngati gawo la kernel.unprivileged_bpf_disabled lakhazikitsidwa ku 0, mwachitsanzo, monga mu Ubuntu Epulo 20.04). Chidziwitso chokhudza kufooka kwa kernel chinanenedwa kwa opanga kernel mu Disembala chaka chatha, ndipo kukonza kunachitika mwakachetechete mu Januwale.
  • CVE-2023-42753 Nkhani yokhala ndi ma index ambiri pakukhazikitsa ipset mu netfilter kernel subsystem, yomwe ingagwiritsidwe ntchito kukulitsa / kuchepetsa zolozera ndikupanga mikhalidwe yolembera kapena kuwerengera kumalo okumbukira kunja kwa buffer yomwe yaperekedwa. Kuti muwone ngati pali chiwopsezo, fanizo lachiwembu lakonzedwa lomwe limayambitsa kuthetsedwa kwachilendo (zochitika zowopsa kwambiri sizingasinthidwe). Kukonzekera kumaphatikizidwa ndi kutulutsidwa kwa kernel 5.4.257, 6.5.3, 6.4.16, 6.1.53, 5.10.195, 5.15.132.
  • CVE-2023-39192, CVE-2023-39193, CVE-2023-39193 - zofooka zingapo za kernel Linux, zomwe zimapangitsa kuti kernel memory leak iyambe chifukwa cha kuthekera kowerenga kuchokera ku ma buffers akunja mu match_flags ndi ntchito za u32_match_it za Netfilter subsystem, komanso mu state filter processing code. Zofookazo zidakonzedwa mu Ogasiti (1, 2) ndi Juni.
  • CVE-2023-42755 ndi pachiwopsezo chomwe chimalola wogwiritsa ntchito wamba wopanda mwayi kuti apangitse kuwonongeka kwa kernel chifukwa cholakwitsa pogwira ntchito ndi zolozera mu gulu la rsvp traffic. Vutoli limapezeka mu LTS kernels 6.1, 5.15, 5.10, 5.4, 4.19 ndi 4.14. An exploit prototype yakonzedwa. Kukonzekera sikunavomerezedwebe mu kernel ndipo kumapezeka ngati chigamba.
  • CVE-2023-42756 ndi mtundu wamtundu mu NetFilter kernel subsystem yomwe ingagwiritsidwe ntchito kuti ipangitse wogwiritsa ntchito wakomweko kuyambitsa Mantha. Exploit prototype ilipo yomwe imagwira ntchito osachepera 6.5.rc7, 6.1 ndi 5.10. Kukonzekera sikunavomerezedwebe mu kernel ndipo kumapezeka ngati chigamba.
  • CVE-2023-4527 Kusefukira mu laibulale ya Glibc kumachitika mu getaddrininfo ntchito pokonza yankho la DNS lalikulu kuposa ma 2048 byte. Kusatetezeka kungayambitse kutayikira kwa data kapena kuwonongeka. Kusatetezeka kumangowoneka mumitundu ya Glibc yatsopano kuposa 2.36 mukamagwiritsa ntchito njira ya "no-aaaa" mu /etc/resolv.conf.
  • CVE-2023-40474, CVE-2023-40475 ndizosatetezeka mu GStreamer multimedia chimango choyambitsidwa ndi kusefukira kwa ma fayilo a MXF. Zowopsazi zitha kupangitsa kuti owukira awonongedwe akamakonza mafayilo opangidwa mwapadera a MXF mu pulogalamu yomwe imagwiritsa ntchito GStreamer. Vuto limakhazikika mu phukusi la gst-plugins-bad 1.22.6.
  • CVE-2023-40476 - Chosungira chikusefukira mu pulosesa ya kanema ya H.265 yoperekedwa ku GStreamer, yomwe imalola kupha ma code pokonza kanema wopangidwa mwapadera. Chiwopsezo chakhazikika mu phukusi la gst-plugins-bad 1.22.6.
  • Kuwunika - kusanthula zachinyengo chomwe chimagwiritsa ntchito kusatetezeka kwa CVE-2023-36664 mu phukusi la Ghostscript kuti lipereke nambala yake mukatsegula zikalata zopangidwa mwapadera za PostScript. Vutoli limadza chifukwa chakusintha kolakwika kwa mayina a mafayilo kuyambira ndi "|". kapena mawu oyamba %pipe%. Chiwopsezocho chidakhazikika pakutulutsidwa kwa Ghostscript 10.01.2.
  • CVE-2023-3341, CVE-2023-4236 - Zofooka mu seva ya BIND 9 DNS zomwe zimatsogolera ku kuwonongeka kwa njira yomwe yatchulidwa mukamakonza mauthenga owongolera opangidwa mwapadera (kufikira padoko la TCP lomwe limayendetsedwa ndikwanira (lotseguka kokha mwachisawawa). pa mawonekedwe a loopback), kudziwa kiyi ya RNDC sikufunika) kapena kupanga katundu wina wapamwamba mu mawonekedwe a DNS-over-TLS. Zowopsazo zidathetsedwa mu zotulutsa za BIND 9.16.44, 9.18.19, ndi 9.19.17.
  • CVE-2023-4504 - kufooka mu Seva Kufooka kwa kusindikiza kwa CUPS ndi laibulale ya libppd kunapangitsa kuti buffer ichuluke kwambiri pofufuza zikalata za Postscript zopangidwa mwapadera. N'zotheka kugwiritsa ntchito kufooka kumeneku polemba code yapadera pa dongosololi. Vutoli linakonzedwa mu CUPS 2.4.7 (patch) ndi libppd 2.0.0 (patch).

Source: opennet.ru

Gulani kuchititsa kodalirika kwamasamba okhala ndi chitetezo cha DDoS, ma seva a VPS VDS Gulani malo odalirika osungira mawebusayiti okhala ndi chitetezo cha DDoS, ma seva a VPS VDS | ProHoster