Cisco Security Researchers ruzivo rwekusagadzikana (CVE-2019-5021) mukati Alpine kugoverwa kweiyo Docker mudziyo wekuzviparadzanisa nevamwe system. Chinokosha chedambudziko rakaonekwa ndechekuti iyo default password yemudzi mushandisi yakaiswa kune isina chinhu pasiwedhi pasina kuvhara yakananga kupinda semidzi. Ngatiyeukei kuti Alpine inoshandiswa kugadzira mifananidzo yepamutemo kubva kuDocker purojekiti (yaimbove yepamutemo inovaka yakavakirwa paUbuntu, asi ipapo pakanga paine paAlpine).
Dambudziko rave riripo kubvira Alpine Docker 3.3 kuvaka uye yakakonzerwa neshanduko yekudzokorodza yakawedzerwa muna 2015 (shanduro isati yasvika 3.3, /etc/shadow yakashandisa mutsara "root:!::0:::::", uye mushure meiyo kuderedzwa kwemureza β-dβ mutsara wekuti βmudzi:::0:::::β kwakatanga kuwedzerwa. Dambudziko rakaonekwa pakutanga uye munaNovember 2015, asi munaDecember nekukanganisa zvakare mumafaira ekuvaka ebazi rekuyedza, uye ndokuzoendeswa kune yakagadzikana inovaka.
Iyo ruzivo rwekusagadzikana inotaura kuti dambudziko rinoonekwawo mubazi razvino reAlpine Docker 3.9. Alpine Developers muna Kurume chigamba uye kusagadzikana kutanga nekuvaka 3.9.2, 3.8.4, 3.7.3 uye 3.6.5, asi inoramba iri mumatavi ekare 3.4.x uye 3.5.x, ayo akatomiswa. Pamusoro pezvo, vagadziri vacho vanoti vheti yekurwisa ishoma uye inoda kuti munhu anorwisa awane mukana kune imwecheteyo masisitimu.
Source: opennet.ru