ProHoster > Π‘Π»ΠΎΠ³ > wararka internetka > Nuglaanta LibreCAD, Ruby, TensorFlow, Boostada iyo Vim

Nuglaanta LibreCAD, Ruby, TensorFlow, Boostada iyo Vim

Dhawr baylah ah oo dhawaan la aqoonsaday:

  • Saddex dayacan oo ku jira nidaamka naqshadaynta kumbuyuutarka ee bilaashka ah ee LibreCAD iyo maktabadda libdxfrw oo kuu oggolaanaysa inaad kiciso qulqulka xad-dhaafka ah ee la xakameeyey oo suurtogal ah inaad gaadho fulinta kood marka la furayo faylasha DWG iyo DXF si gaar ah u habaysan. Dhibaatooyinka ilaa hadda waxaa lagu hagaajiyay qaab balastar ah (CVE-2021-21898, CVE-2021-21899, CVE-2021-21900).
  • Nuglaanta (CVE-2021-41817) ee habka Date.parse ee lagu bixiyo maktabadda heerka Ruby. Cilladaha ku jira tibaaxaha caadiga ah ee loo isticmaalo in lagu kala saaro taariikhaha habka Date.parse waxaa loo isticmaali karaa in lagu fuliyo weerarrada DoS, taasoo keentay isticmaalka kheyraadka CPU ee muhiimka ah iyo isticmaalka xusuusta marka la farsameynayo xogta gaarka ah.
  • Nuglaanta mashiinka barashada mashiinka TensorFlow (CVE-2021-41228), kaas oo u oggolaanaya koodhka in la fuliyo marka badbaadada_model_cli utility ay socodsiiso xogta weeraryahannada ee loo maro halbeegga "-input_emples". Dhibaatadu waxay ka timid isticmaalka xogta dibadda marka la wacayo koodka leh shaqada "eval". Arrintu waxay ku go'an tahay siidaynta TensorFlow 2.7.0, TensorFlow 2.6.1, TensorFlow 2.5.2, iyo TensorFlow 2.4.4.
  • Nuglaanta (CVE-2021-43331) ee nidaamka maamulka boostada ee GNU Mailman oo ay sababtay maaraynta khaldan ee noocyada URL-yada qaarkood. Dhibaatadu waxay kuu ogolaaneysaa inaad abaabusho fulinta koodka JavaScript adoo qeexaya URL si gaar ah loogu talagalay bogga dejinta. Arrin kale ayaa sidoo kale lagu aqoonsaday Mailman (CVE-2021-43332), kaas oo u oggolaanaya isticmaalaha leh xuquuqda dhexdhexaadiyaha inuu qiyaaso erayga sirta ah ee maamulka. Arrimihii waxaa lagu xalliyay Boostada 2.1.36 siideynta.
  • Nuglaanta taxana ah ee tifaftiraha qoraalka Vim oo u horseedi kara qulqulka xad dhaafka ah iyo suurtagalnimada fulinta koodka weerarka marka la furayo faylal si gaar ah loo farsameeyay iyada oo la adeegsanayo ikhtiyaarka "-S" (CVE-2021-3903, CVE-2021-3872, CVE-2021) -3927, CVE -2021-3928, sixid - 1, 2, 3, 4).

Source: opennet.ru

Add a comment