ProHoster > Blog > litaba tsa inthanete > Bofokoli bo boholo ho Netatalk bo lebisang ts'ebetsong ea khoutu e hole

Bofokoli bo boholo ho Netatalk bo lebisang ts'ebetsong ea khoutu e hole

Ho Netatalk, ho na le seva e sebelisang AppleTalk le Apple Filing Protocol (AFP) marang-rang a marang-rang, ho na le mefokolo e tšeletseng e ka sebelisoang hole e u lumellang ho hlophisa ts'ebetso ea khoutu ea hau ka litokelo tsa metso ka ho romella lipakete tse etselitsoeng ka ho khetheha. Netatalk e sebelisoa ke bahlahisi ba bangata ba lisebelisoa tsa polokelo (NAS) ho fana ka ho arolelana lifaele le ho fihlella ho bahatisi ba lik'homphieutha tsa Apple, ka mohlala, e ne e sebelisoa lisebelisoa tsa Western Digital (bothata bo ile ba rarolloa ka ho tlosa Netatalk ho WD firmware). Netatalk e boetse e kenyelelitsoe liphaellong tse ngata, ho kenyeletsoa OpenWRT (e tlositsoeng ho tloha OpenWrt 22.03), Debian, Ubuntu, SUSE, Fedora le FreeBSD, empa ha e sebelisoe ka ho sa feleng. Litaba li rarollotsoe tokollong ea Netatalk 3.1.13.

Mathata a khetholloang:

  • CVE-2022-0194 - Ts'ebetso ea ad_addcomment() ha e hlahlobe hantle boholo ba data ea kantle pele e e kopitsa ho buffer e tsitsitseng. Ho ba kotsing ho lumella mohlaseli ea sa netefatsoang hore a sebelise khoutu ea hae ka litokelo tsa motso.
  • CVE-2022-23121 - Ho sebetsana le phoso e fosahetseng ho parse_entries() ts'ebetso e etsahalang ha ho fetisoa likenyelletso tsa AppleDouble. Ho ba kotsing ho lumella mohlaseli ea sa netefatsoang hore a sebelise khoutu ea hae ka litokelo tsa motso.
  • CVE-2022-23122 - Ts'ebetso ea setfilparams () ha e hlahlobe ka nepo boholo ba data ea kantle pele e e kopitsa ho buffer e tsitsitseng. Ho ba kotsing ho lumella mohlaseli ea sa netefatsoang hore a sebelise khoutu ea hae ka litokelo tsa motso.
  • CVE-2022-23124 Khaello ea netefatso e nepahetseng ka mokhoa oa get_finderinfo(), e bakang ho baloa ho tsoa sebakeng se kantle ho buffer e fanoeng. Bofokoli bo lumella mohlaseli ea sa netefatsoang ho tsoa tlhahisoleseling ho tsoa mohopolong oa tšebetso. Ha e kopantsoe le bofokoli bo bong, bofokoli bo ka boela ba sebelisoa ho phethahatsa khoutu e nang le litokelo tsa metso.
  • CVE-2022-23125 Ho na le cheke ea boholo bo haellang ha u hlophisa "len" element ho copyapplfile() ts'ebetso pele u kopitsa data ho buffer e tsitsitseng. Ho ba kotsing ho lumella mohlaseli ea sa netefatsoang hore a sebelise khoutu ea hae ka litokelo tsa motso.
  • CVE-2022-23123 - Khaello ea netefatso e tsoang kantle ka mokhoa oa getdirparams(), e bakang ho baloa ho tsoa sebakeng se kantle ho buffer e fanoeng. Bofokoli bo lumella mohlaseli ea sa netefatsoang ho tsoa tlhahisoleseling ho tsoa mohopolong oa tšebetso.

Source: opennet.ru

Eketsa ka tlhaloso