Bafuputsi ba Cisco Security lintlha tsa ts'oaetso (CVE-2019-5021) ho Kabo ea Alpine bakeng sa sistimi ea ho itšehla thajana ea Docker. Moko oa bothata bo boletsoeng ke hore senotlolo sa kamehla sa mosebelisi se behiloe ho password e se nang letho ntle le ho thibela ho kena ka kotloloho joalo ka motso. Ha re hopole hore Alpine e sebelisoa ho hlahisa litšoantšo tsa semmuso ho tsoa morerong oa Docker (mehaho ea pele ea semmuso e ne e thehiloe ho Ubuntu, empa joale ho ne ho e-na le sebakeng sa Alpine).
Bothata bo bile teng ho tloha ha Alpine Docker 3.3 e hahuoa mme e bakiloe ke phetoho ea khatello e kentsoeng ka 2015 (pele mofuta oa 3.3, /etc/shadow o sebelisitse mohala "root:!::0:::::", le kamora ho theoloa ha folakha “-d” mola “root:::0:::::” ho qalile ho kengoa. Bothata bo ile ba tsejoa qalong le ka November 2015, empa ka December ka phoso hape lifaeleng tsa mohaho oa lekala la liteko, ebe li fetisetsoa ho lihahi tse tsitsitseng.
Lintlha tsa ts'oaetso li bolela hore bothata bo boetse bo hlaha lekaleng la morao-rao la Alpine Docker 3.9. Baetsi ba Alpine ka Hlakubele patch le tlokotsi ho qala ka ho haha 3.9.2, 3.8.4, 3.7.3 le 3.6.5, empa e sala makaleng a khale a 3.4.x le 3.5.x, a seng a khaotsoe. Ho phaella moo, bahlahisi ba bolela hore vector ea tlhaselo e fokotsehile haholo 'me e hloka hore mohlaseli a be le phihlelo ea lisebelisoa tse tšoanang.
Source: opennet.ru