Kotsi (CVE-2021-3997) e khethiloe ts'ebetsong ea systemd-tmpfiles e lumellang ho khutla ho sa laoleheng ho etsahala. Bothata bo ka sebelisoa ho baka ho haneloa ha ts'ebeletso nakong ea boot system ka ho theha palo e kholo ea li-subdirectories ho /tmp directory. Tokiso e fumaneha hajoale ka foromo ea patch. Lintlafatso tsa liphutheloana ho lokisa bothata li fanoa ho Ubuntu le SUSE, empa ha li so fumanehe ho Debian, RHEL le Fedora (litokiso li ntse li lekoa).
Ha u theha li-subdirectories tse likete, ho etsa ts'ebetso ea "systemd-tmpfiles --remove" ho senyeha ka lebaka la ho felloa ke matla. Ka tloaelo, sesebelisoa sa systemd-tmpfiles se etsa ts'ebetso ea ho hlakola le ho theha li-directory ka mohala o le mong ("systemd-tmpfiles -create -remove -boot -exclude-prefix=/dev"), ka ho hlakola ho etsoang pele ebe ho theha, ke hore. Ho hloleha ha mohato oa ho hlakolwa ho tla etsa hore difaele tse mahlonoko tse boletsweng ho /usr/lib/tmpfiles.d/*.conf di se ke tsa thehwa.
Boemo ba tlhaselo e kotsi le ho feta ho Ubuntu 21.04 bo boetse bo boleloa: kaha ho oa ha systemd-tmpfiles ha ho thehe file ea /run/lock/subsys, mme /run/lock directory e ngoloa ke basebelisi bohle, mohlaseli a ka etsa / run/lock/directory subsys tlas'a sekhetho sa eona, 'me, ka ho theha lihokelo tsa tšoantšetso tse kopanang le lifaele tsa senotlolo ho tsoa lits'ebetsong tsa sistimi, ho hlophisa ho ngoloa ha lifaele tsa sistimi.
Ntle le moo, re ka ela hloko phatlalatso ea likhatiso tse ncha tsa merero ea Flatpak, Samba, FreeRDP, Clamav le Node.js, moo bofokoli bo lokisoang:
- Litokisong tse lokisoang tsa lisebelisoa tsa ho aha liphutheloana tsa Flatpak tse ikemetseng tsa 1.10.6 le 1.12.3, ho lokisitsoe mefokolo e 'meli: Kotsi ea pele (CVE-2021-43860) e lumella, ha u khoasolla sephutheloana sebakeng se sa tšepahaleng, ka metadata manipulation, ho pata ponts'o ea litumello tse itseng tse tsoetseng pele nakong ea ts'ebetso ea ho kenya. Kotsi ea bobeli (ntle le CVE) e lumella taelo "flatpak-builder -mirror-screenshots-url" ho theha li-directory sebakeng sa sistimi ea faele kantle ho buka ea kaho nakong ea kopano ea sephutheloana.
- Ntlafatso ea Samba 4.13.16 e felisa ho ba kotsing (CVE-2021-43566) e lumellang moreki ho etsa bukana ho seva kantle ho sebaka sa FS se romelloang kantle ho naha ka ho sebelisa lihokelo tsa tšoantšetso ho li-partitions tsa SMB1 kapa NFS (bothata bo bakoa ke maemo a morabe. 'me ho thata ho e sebelisa ka ts'ebetso, empa ho ea ka khopolo ho khoneha). Liphetolelo tsa pele ho 4.13.16 li angoa ke bothata.
Tlaleho e boetse e hatisitsoe mabapi le ts'oaetso e 'ngoe e ts'oanang (CVE-2021-20316), e lumellang moreki ea netefalitsoeng ho bala kapa ho fetola litaba tsa faele kapa metadata ea metadata sebakeng sa seva sa FS kantle ho karolo e romelloang kantle ho naha ka ho qhekella lihokelo tsa tšoantšetso. Bothata bo lokisitsoe ho lokolloa 4.15.0, empa hape bo ama makala a fetileng. Leha ho le joalo, litokiso tsa makala a khale li ke ke tsa hatisoa, kaha mohaho oa khale oa Samba VFS ha o lumelle ho lokisa bothata ka lebaka la ho tlamaha ha metadata ho etsa litsela tsa ho kenya lifaele (ho Samba 4.15 VFS lera le ile la tsosolosoa ka ho feletseng). Se etsang hore bothata bo se be kotsi haholo ke hore ho thata haholo ho sebetsa mme litokelo tsa phihlello tsa mosebelisi li tlameha ho lumella ho bala kapa ho ngola faeleng eo u batlang ho e ngola kapa bukana.
- Ho lokolloa ha projeke ea FreeRDP 2.5, e fanang ka ts'ebetsong ea mahala ea Remote Desktop Protocol (RDP), e lokisa litaba tse tharo tsa ts'ireletso (li-identifiers tsa CVE ha li abeloe) tse ka lebisang ho phallo ea buffer ha u sebelisa sebaka se fosahetseng, ho sebetsana le ngoliso e entsoeng ka mokhoa o ikhethileng. di-setting le ho bontsha lebitso la tlatsetso le hlophisitsoeng ka phoso. Liphetoho tsa mofuta o mocha li kenyelletsa tšehetso bakeng sa laeborari ea OpenSSL 3.0, ho kengoa ts'ebetsong ha maemo a TcpConnectTimeout, ho lumellana ho ntlafalitsoeng le LibreSSL le tharollo ea mathata a clipboard libakeng tse thehiloeng ho Wayland.
- Lits'oants'o tse ncha tsa sephutheloana sa mahala sa antivirus ClamAV 0.103.5 le 0.104.2 li felisa tlokotsi ea CVE-2022-20698, e amanang le ho bala ha pointer e fosahetseng mme e o lumella ho baka ts'ebetso e hole haeba sephutheloana se hlophisitsoe le libjson- c le khetho ea CL_SCAN_GENERAL_COLLECT_METADATA e nolofalitsoe ho litlhophiso (clamscan --gen-json).
- Sethala sa Node.js se ntlafatsa 16.13.2, 14.18.3, 17.3.1 le 12.22.9 lokisa liphoso tse 'ne: ho feta netefatso ea setifikeiti ha u netefatsa khokahano ea marang-rang ka lebaka la phetoho e fosahetseng ea SAN (Mabitso a Mang a Sehlooho) ho fomete ea likhoele (CVE- 2021 -44532); ho ts'oaroa ka mokhoa o fosahetseng oa ho baloa ha litekanyetso tse ngata molemong oa taba le mofani oa thepa, e ka sebelisoang ho qoba netefatso ea likarolo tse boletsoeng ho setifikeiti (CVE-2021-44533); lithibelo tsa bypass tse amanang le mofuta oa SAN URI litifikeiting (CVE-2021-44531); Netefatso e sa lekaneng ea ho kenya tšebetsong ea console.table(), e ka sebelisoang ho abela likhoele tse se nang letho ho linotlolo tsa dijithale (CVE-2022-21824).
Source: opennet.ru