Kuburitswa kwekutanga kwebazi idzva renginx 1.21.0 kwave kuratidzwa, mukati umo kuvandudzwa kwezvinhu zvitsva kuchaenderera mberi. Panguva imwecheteyo, kusunungurwa kwekugadzirisa kwakagadzirirwa pamwe chete nebazi rinotsigirwa rakagadzikana 1.20.1, iro rinongounza shanduko dzine chokuita nekubviswa kwezvikanganiso zvakakomba uye kukanganisa. Gore rinotevera, zvichibva pabazi guru 1.21.x, bazi rakagadzikana 1.22 richaumbwa.
Idzi shanduro itsva dzinogadzirisa kusagadzikana (CVE-2021-23017) mune kodhi yekugadzirisa mazita evatambi muDNS, izvo zvinogona kukonzeresa kuparara kana kutadza kuuraya kodhi yeanorwisa. Dambudziko rinozviratidza mukugadziriswa kwedzimwe DNS server mhinduro zvichikonzera imwe-byte buffer kufashukira. Kusagadzikana kunongoonekwa kana kwakagoneswa muDNS solver marongero uchishandisa iyo "resolver" dhairekitori. Kuti aite kurwisa, munhu anorwisa anofanira kukwanisa kukanganisa UDP mapaketi kubva kuDNS server kana kuwana kutonga kweDNS server. Kusagadzikana kwakaonekwa kubva pakaburitswa nginx 0.6.18. Chigamba chinogona kushandiswa kugadzirisa dambudziko mukuburitswa kwekare.
Asina-kuchengetedza shanduko munginx 1.21.0:
- Rutsigiro rwakasiyana rwakawedzerwa kumirairo "proxy_ssl_certificate", "proxy_ssl_certificate_key", "grpc_ssl_certificate", "grpc_ssl_certificate_key", "uwsgi_ssl_certificate" uye "uwsgi_sssl_certificate".
- Iyo mail proxy module yakawedzera tsigiro ye "pipelining" yekutumira akawanda POP3 kana IMAP zvikumbiro mune imwe chete, uye yakawedzera dhairekitori nyowani "max_errors", iyo inotsanangura huwandu hwepamusoro hwezvikanganiso zveprotocol mushure mekuti kubatana kuchavharwa.
- Yakawedzera "fastopen" parameter kune yerukova module, ichigonesa "TCP Fast Open" modhi yekuteerera masokisi.
- Matambudziko ekutiza mavara akakosha panguva yekudzokororwa otomatiki nekuwedzera slash kumagumo agadziriswa.
- Dambudziko rekuvhara kubatanidza kune vatengi kana uchishandisa SMTP pipelining rakagadziriswa.
Source: opennet.ru