Kusagadzikana kwakakosha (CVE-2022-0811) kwave kucherechedzwa muCRI-O, nguva yekumhanyisa yekugadzirisa midziyo yakasarudzika, iyo inokutendera kuti upfuure wega wega uye kuita kodhi yako padivi redhisheni system. Kana CRI-O ikashandiswa pachinzvimbo chemukati uye Docker kumhanya midziyo inomhanya pasi peKubernetes chikuva, anorwisa anogona kuwana kutonga kwechero node muKubernetes cluster. Kuita kurwiswa, iwe unongove nekodzero dzakakwana dzekumhanyisa mudziyo wako muKubernetes cluster.
Kusagadzikana kunokonzerwa nekukwanisa kushandura kernel sysctl parameter "kernel.core_pattern" ("/proc/sys/kernel/core_pattern"), kupinda kwanga kusina kuvharwa, zvisinei nekuti haisi pakati pemaparamita akachengeteka. shanduko, inoshanda chete munzvimbo yezita yemudziyo wazvino. Uchishandisa iyi parameter, mushandisi kubva mumudziyo anogona kushandura maitiro eLinux kernel zvine chekuita nekugadzirisa mafaera epakati padivi penzvimbo inotambira uye kuronga kuvhurwa kwemutemo unopokana une kodzero dzemidzi padivi rekugamuchira nekutsanangura mubatiri senge. "|/bin/sh -c 'mirairo'" .
Dambudziko rave riripo kubva pakaburitswa CRI-O 1.19.0 uye yakagadziriswa mukuvandudza 1.19.6, 1.20.7, 1.21.6, 1.22.3, 1.23.2 uye 1.24.0. Pakati pekugovera, dambudziko rinoonekwa muRed Hat OpenShift Container Platform uye yakavhurikaSUSE / SUSE zvigadzirwa, izvo zvine cri-o package mumatura avo.
Source: opennet.ru