ProHoster > Blog > internet nhau > Nginx 1.22.1 uye 1.23.2 update ine vulnerabilities yakagadziriswa

Nginx 1.22.1 uye 1.23.2 update ine vulnerabilities yakagadziriswa

Bazi guru re nginx 1.23.2 rakabudiswa, mukati umo kuvandudzwa kwezvinhu zvitsva zvinoenderera mberi, pamwe nekusunungurwa kwebazi rinotsigira rakagadzikana rakagadzikana re nginx 1.22.1, iro rinongosanganisira kuchinja kune chokuita nekubviswa kwezvikanganiso zvakakomba uye vulnerabilities.

Idzi shanduro itsva dzinobvisa kukanganisa kuviri (CVE-2022-41741, CVE-2022-41742) mu ngx_http_mp4_module module, inoshandiswa kuronga kubuda kubva kumafaira muH.264/AAC format. Kusagadzikana kunogona kutungamira kuhuwori hwekurangarira kana kudonha kwendangariro paunenge uchigadzira yakanyatsogadzirwa mp4 faira. Kumiswa kwechimbichimbi kwekuita basa kunotaurwa semhedzisiro, asi kumwe kuratidzwa hakuna kuisirwa, senge sangano rekuita kwekodhi pane server.

Zvinokosha kuziva kuti kusagadzikana kwakafanana kwakatogadziriswa mu ngx_http_mp4_module module muna 2012. Pamusoro pezvo, F5 yakashuma kusagadzikana kwakafanana (CVE-2022-41743) mune NGINX Plus chigadzirwa, inokanganisa ngx_http_hls_module module, inopa rutsigiro rweHLS (Apple HTTP Live Streaming) protocol.

Pamusoro pekubvisa kusagadzikana, shanduko dzinotevera dzinotsanangurwa munginx 1.23.2:

  • Yakawedzerwa tsigiro ye β€œ$proxy_protocol_tlv_*” zvinosiyana, izvo zvine hushe hwenzvimbo dzeTLV (Type-Length-Value) dzinoonekwa muType-Length-Value PROXY v2 protocol.
  • Inopa otomatiki kutenderedzwa kwemakiyi ekuvharidzira eTLS matikiti echikamu, anoshandiswa kana uchishandisa yakagovaniswa memory mune ssl_session_cache kuraira.
  • Iyo yekutema matanda yezvikanganiso zvine chekuita neisiriyo SSL rekodhi mhando yakadzikiswa kubva pakukosha kusvika padanho reruzivo.
  • Chiyero chekutema mameseji nezvekusakwanisa kugovera ndangariro kuchikamu chitsva chashandurwa kubva payambiro kuenda kunyevera uye inogumira pakuburitsa imwe yekupinda pasekondi.
  • PaWindows platform, musangano neOpenSSL 3.0 wakatangwa.
  • Kuratidzwa kwakavandudzwa kwePROXY protocol kukanganisa murogi.
  • Tagadzirisa nyaya apo nguva yekupera yakataurwa mu "ssl_session_timeout" rairo haina kushanda pakushandisa TLSv1.3 zvichibva paOpenSSL kana BoringSSL.

Source: opennet.ru

Voeg