ProHoster > Π‘Π»ΠΎΠ³ > wararka internetka > Nginx 1.21.0 iyo nginx 1.20.1 la sii daayo oo leh hagaajinta nuglaanta

Nginx 1.21.0 iyo nginx 1.20.1 la sii daayo oo leh hagaajinta nuglaanta

Siideynta ugu horreysa ee laanta cusub ee nginx 1.21.0 ayaa la soo bandhigay, taas oo horumarinta sifooyinka cusubi ay sii wadi doonto. Isla mar ahaantaana, siidaynta sixitaanka ayaa la diyaariyey iyada oo la socota laanta xasilloon ee la taageeray ee 1.20.1, taas oo kaliya soo bandhigaysa isbeddelada la xidhiidha ciribtirka khaladaadka halista ah iyo dayacanka. Sannadka soo socda, oo ku saleysan laanta ugu weyn 1.21.x, laan xasilloon 1.22 ayaa la samayn doonaa.

Noocyada cusubi waxay hagaajiyaan nuglaanta (CVE-2021-23017) ee koodhka xallinta magacyada martida loo yahay ee DNS, taas oo horseedi karta shil ama suurtagal ah fulinta koodka weerarka. Dhibaatadu waxay isu muujisaa habaynta jawaabaha server-ka DNS qaarkood taasoo keentay qulqulka hal-byte ah. Nuglaanta waxay soo baxdaa kaliya marka la awoodo goobaha xalinta DNS iyadoo la adeegsanayo dardaaranka "xalin". Si loo fuliyo weerar, weeraryahanku waa inuu awood u leeyahay inuu baakadaha UDP ka soo saaro server-ka DNS ama uu gacanta ku dhigo server-ka DNS. Nuglaanta ayaa soo muuqatay tan iyo markii la sii daayay nginx 0.6.18. balastar ayaa loo isticmaali karaa in lagu xaliyo dhibaatada ku jirta siidaynta hore.

Isbeddellada aan amniga ahayn ee nginx 1.21.0:

  • Taageero kala duwan ayaa lagu daray awaamiirta "proxy_ssl_certificate", "proxy_ssl_certificate_key", "grpc_ssl_certificate", "grpc_ssl_certificate_key", "uwsgi_ssl_certificate" iyo "uwsgi_ssl_certificate".
  • Qaabka wakiillada boostada ayaa ku daray taageerada "tubashooyinka" dirida codsiyada badan ee POP3 ama IMAP hal xiriir, sidoo kale wuxuu ku daray dardaaran cusub "max_errors", kaas oo qeexaya tirada ugu badan ee khaladaadka borotokoolka ka dib xiriirku waa la xiri doonaa.
  • Waxaa lagu daray halbeeg "dhakhso leh" moduleka qulqulka, isagoo awood u siinaya qaabka "TCP Fast Open" ee saldhigyada dhegeysiga.
  • Dhibaatooyinka ka baxsanaya jilayaasha gaarka ah inta lagu jiro jiheynta tooska ah iyadoo lagu darayo jeexan dhamaadka waa la xalliyey.
  • Dhibaatada xiritaanka isku xirka macaamiisha marka la isticmaalayo dhuumaha SMTP waa la xalliyay.

Source: opennet.ru

Add a comment