ProHoster > Blog > litaba tsa inthanete > Bofokoli ho Netfilter le io_uring tse u lumellang ho phahamisa litokelo tsa hau tsamaisong.

Bofokoli ho Netfilter le io_uring tse u lumellang ho phahamisa litokelo tsa hau tsamaisong.

Bofokoli bo bontšitsoe ho Linux kernel subsystems Netfilter le io_uring e lumellang mosebelisi oa lehae ho eketsa litokelo tsa bona ho sistimi:

  • Kotsi (CVE-2023-32233) ka har'a Netfilter subsystem e bakiloeng ke phihlello ea memori e sa sebelisoeng kamora 'mojule ea nf_tables, e fanang ka sefahla sa pakete ea nftables. Ho ba kotsing ho ka sebelisoa hampe ka ho romella likopo tse entsoeng ka mokhoa o ikhethileng oa ho nchafatsa tlhophiso ea li-nftables. Ho etsa tlhaselo, ho hlokahala phihlello ea li-nftables, e ka fumanoang sebakeng se arohaneng sa mabitso sa marang-rang haeba u na le CLONE_NEWUSER, CLONE_NEWNS kapa CLONE_NEWNET litokelo (mohlala, haeba u ka tsamaisa sets'oants'o se ka thoko).

    Ho fa basebelisi nako ea ho kenya liapdeite, mofuputsi ea khethileng bothata o tšepisitse ho chechisa beke (ho fihlela la 15 Mots'eanong) ho phatlalatsoa ha tlhaiso-leseling e qaqileng le mohlala oa ts'ebetso e sebetsang e fanang ka khetla ea motso. Kotsi e ile ea lokisoa ho ntlafatso ea 6.4-rc1. O ka latela tokiso ea ts'oaetso ea ho ajoa maqepheng: Debian, Ubuntu, Gentoo, RHEL, Fedora, SUSE/openSUSE, Arch.

  • Ho ba kotsing (CVE ha e so abeloe) ts'ebetsong ea io_uring asynchronous input/output interface, e kenyellelitsoeng ho Linux kernel ho tloha ha e lokolloa 5.1. Bothata bo bakoa ke bothata bo itseng mosebetsing oa io_sqe_buffer_register, o lumellang phihlello ea mohopolo oa 'mele ka nqane ho moeli oa buffer e fanoeng ka lipalo. Bothata bo hlaha feela lekaleng la 6.3 mme bo tla lokisoa ntlafatsong e tlang ea 6.3.2. Mohlala o sebetsang oa ts'ebetso o se o ntse o le teng bakeng sa tlhahlobo, o o lumella ho etsa khoutu ka litokelo tsa kernel.

Eketsa ka tlhaloso