Kusagadzikana (CVE-2021-38604) kwaonekwa muGlibc, izvo zvinoita kuti zvikwanise kutangisa kuparara kwemaitiro muhurongwa nekutumira meseji yakanyatsogadzirwa kuburikidza nePOSIX meseji mitsetse API. Dambudziko harisati raonekwa mukugovera, sezvo riripo chete mukuburitswa 2.34, yakaburitswa mavhiki maviri apfuura.
Dambudziko ririkukonzerwa nekubata zvisirizvo kweNOTIFY_REMOVED data mumq_notify.c kodhi, zvinotungamira kuNULL pointer kureferensi uye process crash. Sezvineiwo, dambudziko iri mhedzisiro yekukanganisa kugadzirisa kumwe kusagadzikana (CVE-2021-33574), yakagadziriswa mukuburitswa kweGlibc 2.34. Uyezve, kana kusazvibata kwekutanga kwaive kwakaoma kushandisa uye kwaida kusanganiswa kwemamwe mamiriro, saka zviri nyore kuita kurwisa uchishandisa dambudziko rechipiri.
Source: opennet.ru