O faʻafitauli ua faʻaalia i le Linux kernel subsystems Netfilter ma io_uring e mafai ai e se tagata faʻaoga faʻapitonuʻu ona faʻateleina o latou avanoa i totonu o le polokalama:
- O se fa'aletonu (CVE-2023-32233) i totonu o le Netfilter subsystem e mafua mai i le fa'aoga-pe'a-leai se manatua avanoa i le nf_tables module, lea e maua ai le nftables packet filter. E mafai ona faʻaogaina le faʻafitauli e ala i le tuʻuina atu o talosaga faʻapitoa e faʻafouina le faʻatulagaina o nftables. Ina ia faʻataunuʻuina le osofaʻiga, e manaʻomia le avanoa i nftables, lea e mafai ona maua i se isi igoa ole upega tafaʻilagi pe a iai sau CLONE_NEWUSER, CLONE_NEWNS poʻo CLONE_NEWNET aia tatau (mo se faʻataʻitaʻiga, pe afai e mafai ona e faʻaogaina se atigipusa tuʻufua).
Ina ia tuʻuina atu i tagata faʻaoga le taimi e faʻapipiʻi ai faʻafouga, na folafola atu e le tagata suʻesuʻe na faʻaalia le faʻafitauli e tolopo mo le vaiaso (seia oʻo ia Me 15) le faʻasalalauga o faʻamatalaga auiliili ma se faʻataʻitaʻiga o se faʻaogaina galue e maua ai se atigi aʻa. O le faʻafitauli na faʻamautuina i le faʻafouga 6.4-rc1. E mafai ona e siaki le faʻasaʻoga o le faʻafitauli i tufatufaga i luga o itulau: Debian, Ubuntu, Gentoo, RHEL, Fedora, SUSE/openSUSE, Arch.
- O se faʻafitauli (CVE e leʻi tuʻuina atu) i le faʻatinoga o le io_uring asynchronous input / output interface, e aofia i le Linux kernel talu mai le faʻamalolo 5.1. O le faʻafitauli e mafua mai i se pusa i totonu o le io_sqe_buffer_register galuega, lea e mafai ai ona maua le mafaufau faaletino i tua atu o le tuaoi o se paʻu tuʻufaʻatasia. O le faʻafitauli e aliali mai naʻo le lala 6.3 ma o le a faʻaleleia i le faʻafouga 6.3.2 o loʻo lumanaʻi. O se faʻataʻitaʻiga galue o le faʻaogaina o loʻo avanoa mo le suʻega, e mafai ai ona e faʻatinoina le code faʻatasi ai ma le kernel privileges.
puna: opennet.ru