ProHoster > Blog > internet nhau > Kusagadzikana muOpenSSL, Glibc, util-linux, i915 uye vmwgfx vatyairi

Kusagadzikana muOpenSSL, Glibc, util-linux, i915 uye vmwgfx vatyairi

Kusagadzikana kwave kuburitswa (CVE-2021-4160) muOpenSSL cryptographic library nekuda kwekukanganisa mukuita kweadder muBN_mod_exp basa, zvichikonzera kudzoserwa kwemhedzisiro ye squaring operation. Iyo nyaya inongoitika pane Hardware yakavakirwa paMIPS32 uye MIPS64 architecture, uye inogona kutungamira mukukanganisika kweelliptic curve algorithms, kusanganisira ayo anoshandiswa nekusarudzika muTLS 1.3. Nyaya yakagadziriswa muna Zvita OpenSSL 1.1.1m uye 3.0.1 inogadziridza.

Zvinocherechedzwa kuti kuitwa kwekurwiswa chaiko kuti uwane ruzivo nezve akavanzika makiyi uchishandisa dambudziko rakaonekwa rinotariswa kuRSA, DSA uye Diffie-Hellman algorithm (DH, Diffie-Hellman) sezvinobvira, asi zvisingaite, zvakanyanya kuoma kuita uye. zvinoda zviwanikwa zvemakomputa zvakakura. Muchiitiko ichi, kurwiswa kweTLS hakubatanidzwe, sezvo muna 2016, pakubvisa CVE-2016-0701 kusagadzikana, kugoverana kweDH imwe yakavanzika kiyi pakati pevatengi kwakarambidzwa.

Pamusoro pezvo, akati wandei achangoonekwa kusasimba mumapurojekiti akavhurika sosi anogona kucherechedzwa:

  • Multiple vulnerabilities (CVE-2022-0330) mui915 graphics driver nekuda kwekushaikwa kweGPU TLB reset. Kana IOMMU (shanduro yekero) ikasashandiswa, kusazvibata kunobvumira kuwana mapeji endangariro asina kurongeka kubva munzvimbo yemushandisi. Dambudziko rinogona kushandiswa kukanganisa kana kuverenga data kubva munzvimbo dzisina kurongeka dzendangariro. Dambudziko rinoitika pane ese akabatanidzwa uye discrete Intel GPUs. Kugadzirisa kunoitwa nekuwedzera inosungirwa TLB flush usati waita yega yega GPU buffer kudzoka oparesheni kune sisitimu, izvo zvinozotungamira mukuderedzwa kwekuita. Maitiro ekuita zvinoenderana neGPU, mashandiro anoitwa paGPU, uye system mutoro. Iyo gadziriso iripo chete sechigamba.
  • Vulnerability (CVE-2022-22942) mune vmwgfx graphics driver, inoshandiswa kuita 3D kukwidziridza munzvimbo dzeVMware. Iyo nyaya inobvumira mushandisi asina rombo rakanaka kuwana mafaera akavhurwa nemamwe maitiro pane system. Kurwiswa kwacho kunoda kuwana mudziyo /dev/dri/card0 kana /dev/dri/rendererD128, pamwe nekukwanisa kuburitsa ioctl() kufona ine mhedzisiro yefaira descriptor.
  • Kusagadzikana (CVE-2021-3996, CVE-2021-3995) muLibmount raibhurari yakapihwa mu-util-linux package inobvumira mushandisi asina rusaruro kuburitsa disk partitions pasina mvumo yekuita kudaro. Dambudziko rakaonekwa panguva yekuongororwa kweSUID-midzi zvirongwa umount uye fusermount.
  • Kusagadzikana mune yakajairwa C raibhurari Glibc inokanganisa iyo chaiyo nzira (CVE-2021-3998) uye getcwd (CVE-2021-3999) mabasa.
    • Dambudziko riri mu realpath() rinokonzereswa nekudzosa kukosha kwakashata pasi pemamwe mamiriro, iine isina kugadziriswa data rasara kubva mustack. Kune iyo SUID-mudzi fusermount chirongwa, kusazvibata kunogona kushandiswa kuwana ruzivo rwakadzama kubva kune process memory, semuenzaniso, kuwana ruzivo nezve anonongedzera.
    • Dambudziko mu getcwd() rinobvumira imwe-byte buffer kufashama. Dambudziko rinokonzerwa nebug yanga iripo kubva 1995. Kuti uite mafashama, ingofonera chdir() pane iyo "/" dhairekitori mune yakaparadzana gomo point namespace. Iko hakuna izwi rekuti kusazvibata kunogumira kugadzirisa kuparara, asi pakave nezviitiko zvekushanda zvakagadzirirwa kugadzirwa kune kusagadzikana kwakafanana munguva yakapfuura, zvisinei nekupokana kwemugadziri.
  • Kusagadzikana (CVE-2022-23220) muusbview package inobvumira vashandisi venzvimbo vanopinda kuburikidza neSSH kuti vatore kodhi semudzi nekuda kwekumisikidzwa mumitemo yePolKit (bvumira_any=hongu) yekushandisa usbview utility semudzi pasina humbowo. Kushanda kunouya pakushandisa iyo "-gtk-module" sarudzo yekuisa raibhurari yako muusbview. Dambudziko rakagadziriswa muusbview 2.2.

Source: opennet.ru

Voeg