ProHoster > Blog > internet nhau > Kusagadzikana muLinux kernel, Glibc, GStreamer, Ghostscript, BIND uye CUPS

Kusagadzikana muLinux kernel, Glibc, GStreamer, Ghostscript, BIND uye CUPS

Zvizhinji zvichangobva kuonekwa kusasimba:

  • CVE-2023-39191 ndeyekusagadzikana mune eBPF subsystem iyo inobvumira mushandisi wenzvimbo kuti akwidzire maropafadzo avo uye kuita kodhi paLinux kernel level. Kusagadzikana kunokonzerwa nekusimbisa zvisirizvo kwezvirongwa zveBPF zvakaunzwa nemushandisi kuti aurayiwe. Kuti aite kurwisa, mushandisi anofanira kukwanisa kurodha chirongwa chake cheBPF (kana kernel.unprivileged_bpf_disabled parameter yakaiswa ku0, semuenzaniso, semuUbuntu 20.04). Ruzivo rwekusagadzikana rwakaendeswa kune vanogadzira kernel kumashure muna Zvita gore rapfuura, uye kugadzirisa kwakaunzwa chinyararire muna Ndira.
  • CVE-2023-42753 Nyaya ine array indexes mune ipset kuitiswa mune netfilter kernel subsystem, iyo inogona kushandiswa kuwedzera / kudzikisira anonongedzera uye kugadzira mamiriro ekunyora kana kuverenga kunzvimbo yekuyeuka kunze kweiyo buffer yakagoverwa. Kuti utarise kuvepo kwekusagadzikana, prototype yekubiridzira yakagadzirirwa iyo inokonzeresa kumisa kusiri kujairika (zvimwe zvine njodzi zvekushandisa hazvigone kubviswa). Iyo inogadziriswa inosanganisirwa mune kernel kuburitswa 5.4.257, 6.5.3, 6.4.16, 6.1.53, 5.10.195, 5.15.132.
  • CVE-2023-39192, CVE-2023-39193, CVE-2023-39193 - kusagadzikana kwakati wandei muLinux kernel inotungamira mukudonha kweiyo kernel memory zvirimo nekuda kwekugona kuverenga kubva kunzvimbo dziri kunze kweiyo yakagoverwa buffer mumutambo_flags uye u32_match_it. yeNetfilter subsystem, pamwe neiyo state filter processing code. Kusagadzikana kwakagadziriswa muna Nyamavhuvhu (1, 2) naChikumi.
  • CVE-2023-42755 kusagadzikana kunobvumira mushandisi wemuno asina rusarura kuti akonzerese kuparara kwekernel nekuda kwekukanganisa kana uchishanda nemanongedzo mune rsvp traffic classifier. Dambudziko rinoonekwa muLTS kernels 6.1, 5.15, 5.10, 5.4, 4.19 uye 4.14. An exploit prototype yakagadzirwa. Iyo gadziriso haisati yagamuchirwa mu kernel uye inowanikwa sechigamba.
  • CVE-2023-42756 inzvimbo yemujaho muNetFilter kernel subsystem inogona kushandiswa kuita kuti mushandisi wepanzvimbo akonzerese Panic mamiriro. An exploit prototype iripo inoshanda kanenge mukernels 6.5.rc7, 6.1 uye 5.10. Iyo gadziriso haisati yagamuchirwa mu kernel uye inowanikwa sechigamba.
  • CVE-2023-4527 Kufashukira muGlibc raibhurari kunoitika mugetaddrininfo basa kana uchigadzira DNS mhinduro yakakura kupfuura 2048 bytes. Kusagadzikana kunogona kutungamira mukudonha kwedata kana kukanganisa. Kusagadzikana kunongoonekwa mushanduro dzeGlibc nyowani pane 2.36 kana uchishandisa "no-aaaa" sarudzo mukati /etc/resolv.conf.
  • CVE-2023-40474, CVE-2023-40475 kusagadzikana muGStreamer multimedia chimiro chakakonzerwa nekuwanda kufashukira muMXF vhidhiyo faira vanobata. Iko kusadzivirirwa kunogona kutungamira kune anorwisa kodhi kuuraya kana uchigadzira zvakagadzirirwa MXF mafaera mune application inoshandisa GStreamer. Dambudziko rakagadziriswa mune gst-plugins-yakaipa 1.22.6 package.
  • CVE-2023-40476 - Buffer inofashukira muH.265 video processor inopiwa muGStreamer, iyo inobvumira kushandiswa kwekodhi paunenge uchigadzira vhidhiyo yakanyatsogadzirwa. Kusagadzikana kwakagadziriswa mugst-plugins-bad 1.22.6 package.
  • Ongororo - kuongororwa kwekushandisa kunoshandisa iyo CVE-2023-36664 kusagadzikana muGhostscript package kuti iite kodhi yayo paunenge uchivhura zvakanyatsogadzirwa zvinyorwa zvePostScript. Dambudziko rinokonzerwa nekusagadziriswa kwemazita emafaira kutanga ne "|" hunhu. kana chivakashure % pipe%. Kusagadzikana kwakagadziriswa mukuburitswa kweGhostscript 10.01.2.
  • CVE-2023-3341, CVE-2023-4236 - kusasimba muBIND 9 DNS server iyo inotungamira mukupunzika kweiyo yakadomwa maitiro paunenge uchigadzirisa zvakagadzirirwa kudzora mameseji (kusvika kune TCP chiteshi kuburikidza neicho zita rinotarisirwa rakakwana (rakavhurika chete. by default). ye loopback interface), ruzivo rweRNDC kiyi haidiwe) kana kugadzira imwe yakakwira mutoro muDNS-pamusoro-TLS modhi. Kusagadzikana kwakagadziriswa muBIND yakaburitswa 9.16.44, 9.18.19, uye 9.19.17.
  • CVE-2023-4504 injodzi muCUPS inodhinda server uye libppd raibhurari inotungamira kune buffer kufashukira kana uchidhirowa zvakanyatsorongeka Postscript zvinyorwa. Zvinogoneka kuti kusazvibata kunogona kushandiswa kuronga kuitiswa kwekodhi yemunhu muhurongwa. Nyaya inogadziriswa mukuburitswa kweCUPS 2.4.7 (chigamba) uye libppd 2.0.0 (chigamba).

Source: opennet.ru

Voeg