ProHoster > Blog > internet nhau > Kusagadzikana muUnbound, Kata-Containers, BIND, PostgreSQL, HPLIP, MongoDB, Rsync, 7-zip, Yelp, qSnapper uye Suricata

Kusagadzikana muUnbound, Kata-Containers, BIND, PostgreSQL, HPLIP, MongoDB, Rsync, 7-zip, Yelp, qSnapper uye Suricata

Zvipingamupinyi zvakawanda zvine njodzi zvakawanikwa munguva pfupi yapfuura:

  • Pane matambudziko matanhatu aripo mukushandiswa kwe rsync file synchronization. Dambudziko guru (CVE-2026-29518), rinokonzerwa nemamiriro emujaho pakubata ma symbol links, rinobvumira ropafadzo yekuwedzera kana uchimhanya rsync kumashure pasina chroot isolation. Kurwiswa kunoitwa nekutsiva faira ne symbol link inonongedzera kufaira risingatarisirwi mu system, mushure mekunge cheki yaitwa asi usati watanga kunyora. Matambudziko acho anogadziriswa mu rsync 3.4.3. CVEs mukugoverwa: Debian, Ubuntu, SUSE, RHEL, Gentoo, Arch.
  • Dambudziko (CVE-2026-8631) muHPLIP, seti yemadhiraivha eprinta anovhura-source uye MFP, inobvumira kuwedzera kwekodzero uye kuita kodhi. Matambudziko aya anokonzerwa nekutsiviwa kwemirairo uye buffer overflow. Dambudziko iri rakagadziriswa muHPLIP 3.26.4. MaCVE mukugoverwa: Debian, Ubuntu, SUSE, RHEL, Gentoo, Arch.
  • Kusagadzikana kuri muD-Bus service inoshandiswa muqSnapper, iyo graphical interface yekugadzirisa Btrfs snapshots, kuripo. Kusagadzikana uku kunogona kutungamira mukuwedzera kwekodzero (CVE-2026-41046), kubuda kwemashoko nezve shanduko pakati pe snapshots (CVE-2026-41047), uye kunzvenga authentication paunenge uchipinda Polkit (CVE-2026-41045). Kusagadzikana kwakanyanya kunokonzerwa nekushaikwa kwekutarisa mavara e "../" munzira dzinopfuudzwa kubasa re snapper::Snapper() paunenge uchipinda kuburikidza neD-Bus. Izvi zvinogona kushandiswa kunyengedza faira re libsnapper configuration mu handler inomhanya nekodzero dzakakwira.
    Kugoverwa kweCVE: Debian, Ubuntu, SUSE, RHEL, Gentoo, Arch.
  • Kukuvara (CVE-2026-48095) mu 7-Zip archiver kunoita kuti buffer iwande zvakanyanya kana uchigadzirisa data re NTFS rakamanikidzwa. Kukuvara uku kunogona kukonzera kuurayiwa kwekodhi yemurwisi kana ukawana mufananidzo wefaira reNTFS wakagadzirwa zvakananga kuburikidza ne 7-Zip. Kukuvara uku kwakagadziriswa mu 7-Zip version 26.01. MaCVE ari mukugoverwa: Debian, Ubuntu, SUSE, RHEL, Gentoo, Arch.
  • Sevha yeDNS isina kusungwa 1.25.1 inogadzirisa matambudziko gumi nerimwe. Matambudziko akakomba ndeaya CVE-2026-33278 (kuitwa kwekodhi iri kure panguva yekusimbisa DNSSEC), CVE-2026-44608 (kushandisa-after-free memory muRPZ code), uye CVE-2026-42944 (heap overflow panguva yekugadzirisa nsid). MaCVE ari mukugoverwa: Debian, Ubuntu, SUSE, RHEL, Gentoo, Arch.
  • Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ (CVE-2026-3593) Π² DNS-сСрвСрС BIND, ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡŽΡ‰Π°Ρ Π²Ρ‹Π·Π²Π°Ρ‚ΡŒ ΠΎΠ±Ρ€Π°Ρ‰Π΅Π½ΠΈΠ΅ ΠΊ памяти послС Π΅Ρ‘ освобоТдСния ΠΈ ΠΏΠΎΠ²Ρ€Π΅ΠΆΠ΄Π΅Π½ΠΈΠ΅ содСрТимого памяти Ρ‡Π΅Ρ€Π΅Π· ΠΎΡ‚ΠΏΡ€Π°Π²ΠΊΡƒ ΡΠΏΠ΅Ρ†ΠΈΠ°Π»ΡŒΠ½ΠΎ ΠΎΡ„ΠΎΡ€ΠΌΠ»Π΅Π½Π½ΠΎΠ³ΠΎ запроса ΠΊ sevha DNS-over-HTTPS. ΠŸΡ€ΠΎΠ±Π»Π΅ΠΌΠ° устранСна Π² вСрсиях BIND 9.20.23 ΠΈ 9.21.22. ΠšΠΎΠ½Ρ„ΠΈΠ³ΡƒΡ€Π°Ρ†ΠΈΠΈ Π½Π΅ ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΡŽΡ‰ΠΈΠ΅ DNS-over-HTTPS уязвимости Π½Π΅ ΠΏΠΎΠ΄Π²Π΅Ρ€ΠΆΠ΅Π½Ρ‹. CVE Π² дистрибутивах: Debian, Ubuntu, SUSE, RHEL, Gentoo, Arch.
  • Kukuvara (CVE-2026-47243) muKata Containers, iyo container execution stack inoshandisa virtualization-based isolation, inobvumira root privileges mu container kugadzira symbol link pane host system. Nekugadzira symbol link mu /etc/cron.d , vashandisi vanogona kuita custom code ine root privileges munzvimbo ye host. Kukuvara uku kunokonzerwa nekukwanisa kutumira direct FUSE_SYMLINK request kune virtiofsd handler iri kushanda pa host. Dambudziko iri rinozviratidza pakushandisa runtime-rs uye rakagadziriswa mu release 3.31.0.

    Kugoverwa kweCVE: Debian, Ubuntu, SUSE, RHEL, Gentoo, Arch.

  • Dambudziko (CVE-2026-46529) riri muAtril document viewer rinobvumira kodhi yemurwisi kuti ishandiswe kana uchidzvanya link iri mukati mePDF file yakagadzirwa zvakanaka inosanganisa PDF document neELF library. Pane exploit iripo. Dambudziko rakafanana riripo muEvince neXreader PDF viewers. Dambudziko iri rinokonzerwa nekushaikwa kwekubuda kwe shell quoting special characters mu ev_spawn() function. Dambudziko iri rakagadziriswa muEvince 48.2, Atril 1.28.4/1.26.3, uye Xreader 4.6.4/3.6.7. CVEs mukugoverwa: Debian, Ubuntu, SUSE, RHEL, Gentoo, Arch.
  • Dambudziko (CVE isina kugoverwa) muYelp help viewer (GNOME Help) rinobvumira kupinda mumafaira ehurongwa hwehost nekupfuura Flatpak package sandbox nekuvhura faira rerubatsiro rakagadzirwa nehunyanzvi. Dambudziko iri rakafanana neregore rapfuura uye rinosiyana nekuti rinoshandisa masitayera eCSS akaiswa muSVG file pakugadzira. Dambudziko iri rakagadziriswa muYelp 49.1.
  • Dambudziko (CVE-2026-41054) riri mu haveged, maitiro ekumashure anogadzira entropy ye pseudo-random number generator, inobvumira ropafadzo yekuwedzera kumushandisi weroot nekutumira murairo wakagadzirwa zvakananga pamusoro peUnix control socket. Dambudziko racho rakagadziriswa mu haveged 1.9.21. CVEs mukugoverwa: Debian, Ubuntu, SUSE, RHEL, Gentoo, Arch.
  • 11 уязвимостСй Π² Π‘Π£Π‘Π” PostgreSQL, Π½Π°ΠΈΠ±ΠΎΠ»Π΅Π΅ опасная ΠΈΠ· ΠΊΠΎΡ‚ΠΎΡ€Ρ‹Ρ… (CVE-2026-6637) ΠΌΠΎΠΆΠ΅Ρ‚ привСсти ΠΊ Π²Ρ‹ΠΏΠΎΠ»Π½Π΅Π½ΠΈΡŽ ΠΊΠΎΠ΄Π° Π½Π° ΡƒΡ€ΠΎΠ²Π½Π΅ ΠΎΠΏΠ΅Ρ€Π°Ρ†ΠΈΠΎΠ½Π½ΠΎΠΉ систСмы с ΠΏΡ€Π°Π²Π°ΠΌΠΈ сСрвСрного процСсса PostgreSQL ΠΏΡ€ΠΈ Π²Ρ‹ΠΏΠΎΠ»Π½Π΅Π½ΠΈΠΈ ΡΠΏΠ΅Ρ†ΠΈΠ°Π»ΡŒΠ½ΠΎ ΠΎΡ„ΠΎΡ€ΠΌΠ»Π΅Π½Π½Ρ‹Ρ… SQL-запросов (Π°Ρ‚Π°ΠΊΡƒΡŽΡ‰ΠΈΠΉ Π΄ΠΎΠ»ΠΆΠ΅Π½ ΠΈΠΌΠ΅Ρ‚ΡŒ Π½Π΅ΠΏΡ€ΠΈΠ²ΠΈΠ»Π΅Π³ΠΈΡ€ΠΎΠ²Π°Π½Π½Ρ‹ΠΉ доступ ΠΊ Π‘Π£Π‘Π”). Другая опасная ΡƒΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ (CVE-2026-6475) позволяСт ΠΏΠ΅Ρ€Π΅Π·Π°ΠΏΠΈΡΠ°Ρ‚ΡŒ Ρ„Π°ΠΉΠ»Ρ‹ Π½Π° server (Π½Π°ΠΏΡ€ΠΈΠΌΠ΅Ρ€, /var/lib/postgres/.bashrc) Ρ‡Π΅Ρ€Π΅Π· манипуляции с символичСскими ссылками ΠΏΡ€ΠΈ Π²Ρ‹ΠΏΠΎΠ»Π½Π΅Π½ΠΈΠΈ ΠΎΠΏΠ΅Ρ€Π°Ρ†ΠΈΠΉ с pg_basebackup ΠΈ pg_rewind. ΠŸΡ€ΠΎΠ±Π»Π΅ΠΌΡ‹ устранСны Π² выпусках PostgreSQL 18.4, 17.10, 16.14, 15.18 ΠΈ 14.23. Π’Π°ΠΊΠΆΠ΅ ΠΌΠΎΠΆΠ½ΠΎ ΠΎΡ‚ΠΌΠ΅Ρ‚ΠΈΡ‚ΡŒ ΠΏΡƒΠ±Π»ΠΈΠΊΠ°Ρ†ΠΈΡŽ Ρ€Π°Π±ΠΎΡ‡Π΅Π³ΠΎ эксплоита для Ρ€Π°Π½Π΅Π΅ выявлСнной уязвимости (CVE-2026-2005) Π² Ρ€Π°ΡΡˆΠΈΡ€Π΅Π½ΠΈΠΈ pgcrypto.

    Kugoverwa kweCVE: Debian, Ubuntu, SUSE, RHEL, Gentoo, Arch.

  • Zvine njodzi gumi nematanhatu zvakawanikwa muSuricata network intrusion detection and prevention system, zvina zvacho zvakaongororwa kuti zvakakosha. Ruzivo rwezvine njodzi harusati rwaburitswa pachena, asi tichitarisa huwandu hwazvo hwekuoma, zvinobvumira kushandiswa kwekodhi paserver kana uchitarisa traffic yakagadzirwa zvakanaka. Zvine njodzi zvakagadziriswa muSuricata 8.0.5 na7.0.16.
  • Kukuvadzwa (CVE-2026-8053) muMongoDB Server kunobvumira mushandisi ane mukana wekunyora kudhatabhesi kuti atange kubuda kwebuffer uye aite kodhi isina kurongeka paseva ine kodzero dzemaitiro emongod. Kukuvadzwa kwacho kwakagadziriswa muMongoDB 5.0.33, 6.0.28, 7.0.34, 8.0.23, 8.2.9, uye 8.3.2. MaCVE mukugoverwa: Debian, Ubuntu, SUSE, RHEL, Gentoo, Arch.
  • Matambudziko gumi (CVE haina kupihwa) muMemcached in-memory data caching system akawanikwa, akakomba zvikuru ayo aikonzera buffer overflows pakutumira zvikumbiro zvakagadzirwa zvakananga uye zvinogona kushandiswa kuita kodhi paserver. Matambudziko acho akagadziridzwa muMemcached 1.6.42.

Source: opennet.ru

Tenga inovimbika yekutambira kwemasaiti ane DDoS dziviriro, VPS VDS maseva πŸ”₯ Tenga webhusaiti yakavimbika ine dziviriro yeDDoS, maseva eVPS VDS | ProHoster