Ka mor'a likhoeli tse tšeletseng tsa tsoelo-pele ho lokolloa ha laebrari ea tsamaiso (glibc) , e lumellanang ka botlalo le litlhoko tsa ISO C11 le POSIX.1-2017. Phallo e ncha e kenyelletsa litokiso tse tsoang ho baetsi ba 67.
E kentsoe ho Glibc 2.32 o ka hlokomela:
- Tšehetso e ekelitsoeng bakeng sa li-processor tsa Synopsys ARC HS (ARCv2 ISA). Boema-kepe bo hloka bonyane li-binutils 2.32, gcc 8.3 le Linux kernel 5.1 ho sebetsa. Mefuta e meraro ea ABI e tšehetsoa: arc-linux-gnu, arc-linux-gnuhf le arceb-linux-gnu (big-endian);
- Ho kenya li-module tsa tlhahlobo tse boletsoeng likarolong tsa DT_AUDIT le
DT_DEPAUDIT ea faele e sebetsang. - Bakeng sa meralo ea powerpc64le, ts'ehetso ea mofuta o molelele o habeli oa IEEE128 o kengoa ts'ebetsong, o nolofalitsoeng ha o aha ka khetho ea "-mabi=ieeelongdouble".
- Li-API tse ling li hlalositsoe ka tšobotsi ea 'phihlello' ea GCC, e lumellang litemoso tse betere hore li hlahisoe ha li bokelloa ho GCC 10 ho bona hore na ho ka etsahala hore ebe buffer overflows le maemo a mang a kantle ho meeli.
- Bakeng sa litsamaiso tsa Linux, mesebetsi pthread_attr_setsigmask_np le
pthread_attr_getsigmask_np, e fanang ka ts'ebeliso bokhoni ba ho hlakisa mask a lets'oao bakeng sa likhoele tse entsoeng ka pthread_create. - Lintlha tsa khouto, tlhahisoleseding ea mofuta oa litlhaku, le litafole tsa phetolelo li nchafalitsoe ho tšehetsa tlhaloso ea Unicode 13.0.0;
- E kentse file e ncha ea sehlooho , e hlalosang __libc_single_threaded variable, e ka sebelisoang lits'ebetsong bakeng sa ntlafatso ea khoele e le 'ngoe.
- Mesebetsi e ekelitsoeng sigabbrev_np le sigdescr_np e khutlisetsang lebitso le khutsufalitsoeng le tlhaloso ea lets'oao (mohlala, "HUP" le "Hangup" bakeng sa SIGHUP).
- Mesebetsi e kentsoeng strerrorname_np le strerrordesc_np e khutlisetsang lebitso le tlhaloso ea phoso (mohlala, "EINVAL" le "khang e fosahetseng" bakeng sa EINVAL).
- Bakeng sa sethala sa ARM64, ho kentsoe folakha ea "-enable-standard-standard-branch-protection" (kapa -mbranch-protection=standard in GCC), e nolofalletsang mokhoa oa ARMv8.5-BTI (Branch Target Indicator) ho sireletsa phethahatso ya disete tsa ditaelo tse sa tlamehang ho phethwa. Ho thibela liphetoho ho likarolo tse hanyetsanang tsa khoutu ho kenngoa ts'ebetsong ho thibela ho thehoa ha lisebelisoa ka mekhoa e sebelisoang ke mekhoa ea ho khutlela morao (ROP - Return-Oriented Programming; mohlaseli ha a leke ho beha khoutu ea hae mohopolong, empa o sebetsa likarolong tse seng li ntse li le teng. ea litaelo tsa mochini tse qetellang ka taelo ea taolo ea ho khutla, eo ho eona ho hahoang ketane ea mehala ho fumana tšebetso e batloang).
- Ho se ho entsoe tlhoekiso e kholo ea likarolo tsa khale, ho kenyelletsa ho tlosoa ha likhetho tsa "-enable-obsolete-rpc" le "-enable-obsolete-nsl", faele ea hlooho. . Mesebetsi ea sstk, siginterrupt, sigpause, sighold, sigrelse, sigignore and sigset, the arrays sys_siglist, _sys_siglist le sys_sigabbrev, matšoao sys_errlist, _sys_errlist, sys_nerner le_SS module e hlalositsoe, le Nsys_SS e hlalositsoe.
- ldconfig e tsamaisitsoe ka mokhoa oa kamehla ho sebelisa sebopeho se secha sa ld.so.cache, se 'nileng sa tšehetsoa ke glibc ka lilemo tse ka bang 20.
- Bofokoli bo tsitsitse:
- CVE-2016-10228 - Loop ho iconv utility e etsahala ha e tsamaisoa ka khetho ea "-c" ha o sebetsana le data e fosahetseng ea li-multi-byte.
- CVE-2020-10029 Bobolu ba Stack ha o bitsa mesebetsi ea trigonometric ka khang ea pseudo-null.
- CVE-2020-1752 - Phihlello ea memori e sa sebelisoeng ka morao ho ts'ebetso ea lefats'e ha o holisa tšupiso ea bukana ea lapeng ("~ mosebelisi") litseleng.
- CVE-2020-6096 - Ho sebetsana ka nepo sethaleng sa ARMv7 sa boleng bo fosahetseng ba paramente ho memcpy () le memmove (), e khethollang boholo ba sebaka se kopilitsoeng. hlophisa ts'ebetso ea khoutu ha u sebetsana le data e hlophisitsoeng ka tsela e itseng memcpy () le memmove () mesebetsi. Ho bohlokoa hore bothata e sa lokisoe hoo e ka bang likhoeli tse peli ho tloha ha tlhahisoleseling e senoloa phatlalatsa le likhoeli tse hlano ho tloha ha baetsi ba Glibc ba tsebisoa.
Source: opennet.ru