ProHoster > Blog > litaba tsa inthanete > Bofokoli bo kotsi ho QEMU, Node.js, Grafana le Android

Bofokoli bo kotsi ho QEMU, Node.js, Grafana le Android

Bofokoli bo 'maloa bo sa tsoa tsejoa:

  • Ho ba tlokotsing (CVE-2020-13765) ho QEMU, e leng se ka 'nang sa etsa hore khoutu e sebelisoe ka litokelo tsa ts'ebetso ea QEMU lehlakoreng la moamoheli ha setšoantšo sa kernel se kentsoeng ho moeti. Bothata bo bakoa ke ho phalla ha buffer ho khoutu ea kopi ea ROM nakong ea boot system 'me ho etsahala ha litaba tsa setšoantšo sa 32-bit kernel li kenngoa mohopolong. Tokiso hajoale e fumaneha feela ka foromo patch.
  • Mefokolo e mene ho Node.js. Bofokoli felisitsoe ka litokollo 14.4.0, 10.21.0 le 12.18.0.
    • CVE-2020-8172 - E lumella netefatso ea setifikeiti sa moamoheli hore e fete ha o sebelisa seshene ea TLS hape.
    • CVE-2020-8174 - E kanna ea lumella ts'ebetso ea khoutu ho sistimi ka lebaka la ts'ebetso ea buffer ho napi_get_value_string_*() mesebetsi e etsahalang nakong ea mehala e itseng ho N-API (C API bakeng sa ho ngola litlatsetso tsa matsoalloa).
    • CVE-2020-10531 ke palo e felletseng e khaphatsehang ho ICU (Likarolo tsa Machaba tsa Unicode) bakeng sa C/C++ e ka lebisang ho koaleha ha buffer ha ho sebelisoa UnicodeString::doAppend() tšebetso.
    • CVE-2020-11080 - e lumella ho haneloa ha ts'ebeletso (100% CPU load) ka phetiso ea liforeimi tse kholo tsa "SETTINGS" ha o hokela ka HTTP/2.
  • Ho ba tlokotsing sethaleng sa Grafana se sebetsanang le metriki, se sebelisetsoang ho aha li-graph tsa tlhahlobo tse thehiloeng mehloling e fapaneng ea data. Phoso ea khoutu ea ho sebetsa le li-avatars e u lumella ho qala ho romela kopo ea HTTP ho tloha Grafana ho URL leha e le efe ntle le ho fetisa bopaki le ho bona sephetho sa kopo ena. Karolo ena e ka sebelisoa, mohlala, ho ithuta marang-rang a ka hare a lik'hamphani tse sebelisang Grafana. Bothata felisitsoe litabeng
    Grafana 6.7.4 le 7.0.2. Joalo ka ts'ebetso ea ts'ireletso, ho khothaletsoa ho thibela phihlello ea URL "/ avatar/*" ho seva e sebelisang Grafana.

  • e hatisitsoeng Litokiso tsa ts'ireletso tsa Phuptjane bakeng sa Android, tse lokisang bofokoli ba 34. Litaba tse 'ne li behiloe boemo bo boima ba bohlokoa: bofokoli bo mabeli (CVE-2019-14073, CVE-2019-14080) likarolong tsa Qualcomm tse nang le thepa) le bofokoli ba bobeli tsamaisong e lumellang ho etsoa ha khoutu ha ho sebetsanoa le data e entsoeng ka ntle e khethehileng (CVE-2020). -0117 - palo e feletseng khaphatseha ka har'a stack ea Bluetooth, CVE-2020-8597 - EAP e khaphatseha ho pppd).

Source: opennet.ru

Eketsa ka tlhaloso