ProHoster > Blog > litaba tsa inthanete > Ho lokolloa ha laeborari ea sistimi ea Glibc 2.39 le lisebelisoa tsa GNU Binutils 2.42

Ho lokolloa ha laeborari ea sistimi ea Glibc 2.39 le lisebelisoa tsa GNU Binutils 2.42

Ka mor'a likhoeli tse tšeletseng tsa tsoelo-pele, laebrari ea tsamaiso ea GNU C (glibc) 2.39 e lokolotsoe, e lumellanang ka botlalo le litlhoko tsa litekanyetso tsa ISO C11 le POSIX.1-2017. Phallo e ncha e kenyelletsa litokiso tse tsoang ho baetsi ba 67.

Tse ling tsa lintlafatso tse kentsoeng tšebetsong ho Glibc 2.39 li kenyelletsa:

  • Tšehetso bakeng sa moriti o hlahisitsoeng ka har'a kernel e fanoe. Linux 6.6, e thibelang mesebetsi e mengata ka ho sebelisa bokhoni ba hardware ba liprosesa tsa Intel ho sireletsa khahlanong le ho hlakola aterese ea ho khutlisa ho tsoa mosebetsing haeba ho ka ba le ho tlala ha buffer ea stack. Tšireletso ena e sebetsa ka ho boloka liaterese tsa ho khutlisa eseng feela ho stack e tloaelehileng empa hape le ho stack e arohaneng ea "moriti", e ke keng ea fetoloa ka kotloloho, kamora hore taolo e fetisetsoe mosebetsing. Pele o tsoa mosebetsing, aterese ea ho khutlisa e tsoa ho stack ea moriti 'me e bapisoa le aterese ea ho khutlisa ho tsoa ho stack e kholo. Ho se lumellane liatereseng ho hlahisa mokhelo, ho thibela maemo moo exploit e khonneng ho hlakola aterese ho stack e kholo. Khetho ea kaho ea "--enable-cet" e ekelitsoe ho nolofalletsa ts'ireletso ena.
  • E kentse file e ncha ea sehlooho , e hlalositsoe ho ISO C2X moralo oa maemo mme e na le mesebetsi stdc_leading_zeros, stdc_leading_ones, stdc_trailing_zeros, stdc_trailing_ones, stdc_first_leading_zero, stdc_first_leading_one, stdcdcling_first_first_first_first stdc_count_zeros, stdc_count_ones, stdc_has_single_bit, stdc_bit_width, stdc_bit_floor le stdc_bit_ceil ka mefuta e fapaneng le mefuta ea 'unsigned char', 'unsigned short', 'unsigned int', 'insigned int e telele', 'insigned int long'.
  • Bakeng sa sethala Linux Mesebetsi ea posix_spawnattr_getcgroup_np le posix_spawnattr_setcgroup_np, hammoho le folakha ea POSIX_SPAWN_SETCGROUP, e se e kentsoe tšebetsong. Tsena li lumella ho beha cgroupv2 ts'ebetsong e ncha ho sebelisoa mesebetsi ea posix_spawn le posix_spawnp, e leng se felisang maemo a morabe. Mesebetsi ena ke katoloso ea GNU 'me e hloka hore kernel e sebetse. Linux ka tšehetso ea mohala oa sistimi ea clone3.
  • Bakeng sa sethala Linux Mesebetsi ea pidfd_spawn le pidfd_spawp e se e kentsoe tšebetsong, e tšoanang ka mantsoe le mosebetsi oa posix_spawn, empa ha e khutlise sesupo sa ts'ebetso (PID), empa e khutlisa tlhaloso ea faele bakeng sa ts'ebeliso mesebetsing e tšehetsang mokhoa oa PIDFD, joalo ka pidfd_send_signal, poll, le waitid (PIDFD e amahanngoa le ts'ebetso e itseng 'me ha e fetohe, ha PID e ka amahanngoa le ts'ebetso e 'ngoe kamora hore ts'ebetso ea hona joale e amanang le PID ena e fele).
  • Bakeng sa sethala Linux Ho ekelitsoe mosebetsi oa pidfd_getpid ho fumana sesupo sa ts'ebetso (PID) ho latela tlhaloso ea faele ea ts'ebetso (PIDFD) e khutlisitsoeng ke mesebetsi ea pid_spawn, fork_np le pidfd_open.
  • Lelapa la lisebelisuoa tsa scanf joale le na le "wN" ea ho fetola boholo bakeng sa likhang tsa mefuta intN_t, int_leastN_t, uintN_t, le uint_leastN_t. Mohlala, ho bala boleng ba decimal ea mefuta int32_t le int_least32_t, o ka hlakisa "%w32d" le ho bala boleng ba hexadecimal, o ka hlakisa "%w32x". Ka mokhoa o ts'oanang, modifier "wfN" e kentsoe bakeng sa mefuta ea int_fastN_t le uint_fastN_t, e hlahisitsoeng ka tekanyetso ea ISO C2X.
  • E kentse "glibc.cpu.plt_rewrite" setting, e nolofalletsang ho ngoloa bocha ha PLT (Tlhaloso ea Khokahano ea Tsamaiso) ho litsamaiso tsa x86-64, moo sehokelo se tla nka sebaka sa makala a sa tobang ho PLT ka a tobileng.
  • E kentsoe "glibc.mem.decorate_maps" ho kenyelletsa lintlha tse ling mabapi le kabo ea memori (mohlala, thread stack e entsoeng ke pthread_create kapa memori e fanoeng ka malloc).
  • Sebopeho sa "statvfs" jwale se tlatsa tshimo ya "f_type" ka tlhahisoleseding mabapi le mofuta wa sistimi ya difaele, e lekanang le dikahare tsa tshimo sebopehong sa "statfs". Pele ho moo, Linux Tšimo ea "f_type" e ne e lula e na le 0.
  • Bakeng sa sethala sa AArch64, litlatsetso li kentsoe ho libmvec le math.h ho thusa ho etsa call vectorization ha ho hlakisoa khetho ea "-ffast-math" ho GCC 9 le liphetolelo tse ncha tsa compiler. Vectorization e nolofalitsoe bakeng sa mesebetsi e latelang ea lipalo: acos, acosf, asin, asinf, atan, atanf, atan2, atan2f, cos, cosf, exp, expf, exp10, exp10f, exp2, exp2f, expm1, expm1f, log, logf, logp10f, log10 log1f, sin, sinf, tan, le tanf.
  • Laeborari ea libcrypt le faele ea hlooho e amanang le eona li tlositsoe sephuthelong. "Basebelisi ba kopo ba khothaletsoa ho fetohela ho sebelisa lilaeborari tse ling tse kang libxcrypt.
  • Sesebelisoa sa ldconfig joale se tlola lifaele ka ';' tlhaku lebitsong la faele kapa e qetellang ka ".dpkg.tmp" le ".dpkg.new", e lumellang ho se sebetse lifaele tsa nakoana tsa batsamaisi ba liphutheloana tsa rpm le dpkg.
  • Tšehetso ea meralo ea ia64 (ia64 * - * -linux-gnu) e sebelisoang ho li-processor tsa Intel Itanium e khaotsoe.
  • Bofokoli bo tsitsitse:
    • CVE-2023-6246, CVE-2023-6779, CVE-2023-6780 - bofokoli bo boholo mosebetsing oa __vsyslog_internal (), ho lumella, ka ho qhekella ka ho qala lits'ebetso tsa SUID, ho fihlela ts'ebetso ea khoutu ea bona ka litokelo tse phahameng.
    • CVE-2023-4911 - Ho ba kotsing ho Glibc ld.so e lumellang hore litokelo tsa metso li ka fumanoa tsamaisong. Kotsi e bakoa ke phoso ea khoutu ea ho arola thapo e boletsoeng ho GLIBC_TUNABLES e feto-fetohang ea tikoloho, 'me e ka lebisa ho ngola boleng bo arotsoeng ho feta buffer e fanoeng. Ho na le lisebelisoa tse sebetsang.
    • CVE-2023-4806 - Ho ba kotsing ea ho sebelisa-after-free ts'ebetsong ea getaddrninfo ho etsahala ha plugin ea NSS e sebelisa feela "_gethostbyname2_r" le "_getcanonname_r" callbacks, empa ha e tšehetse mohala oa "_gethostbyname3_r". Ho sebelisa monyetla oa ho ba kotsing, seva sa DNS se tlameha ho khutlisa palo e kholo ea liaterese tsa IPv6 le IPv4 bakeng sa moamoheli ea kopiloeng, e leng se tla lebisa ho senyeheng ha ts'ebetso e bitsitseng ts'ebetso ea getaddrninfo bakeng sa lelapa la AF_INET6 ka lifolakha tsa AI_CANONNAME, AI_ALL, le AI_V4MAPPED.
    • CVE-2023-4527 - Ho ba kotsing ha ts'ebetso ea getaddrinfo ho lumella ho bala data ho tsoa ho buffer e kantle ho meeli ha o sebetsana le karabo ea DNS e amohetsoeng ho feta TCP e kholo ho feta 2048 bytes. Ho ba kotsing ho etsahala ha u sebelisa khetho ea "no-aaaa" ho /etc/resolv.conf.

    Ho phaella moo, re ka hlokomela ho lokolloa ha lisebelisoa tsa tsamaiso ea GNU Binutils 2.42, e kenyelletsang mananeo a kang GNU linker, GNU assembler, nm, objdump, likhoele, strip.

    Phetolelong e ncha ea Binutils:

    • Kgetho ya teko "--scfi=experimental" e kentswe ho sekopanyi (gase) bakeng sa disistimi tsa x86-64 bakeng sa ho kopanya CFI (Control Flow Integrity) bakeng sa khoutu e kopanyang e ngotsoeng ka letsoho e tsamaellanang le System V AMD64 ABI.
    • Lenaneo la readelf le na le khetho ea "--extra-sym-info" ea ho hatisa lintlha tse atolositsoeng mabapi le matšoao ("--symbols"), joalo ka lebitso la karolo e boletsoeng ke st_shndx index.
    • Ts'ebeliso ea objcopy e se e ts'ehetsa boleng ba "kholo" ho khetho ea "--set-section-flags" ho seta karolo ea SHF_X86_64_LARGE bakeng sa lintho tsa ELF ho litsamaiso tsa x86-64. Khetho ea "--visualize-jumps" joale e tšehetsa s390 ea meralo.
    • Ha o qhaqha litaelo tsa s390, bokhoni ba ho hlahisa maikutlo litlhalosong tsa litaelo bo kenngoa ts'ebetsong. Ho nolofalletsa litlhaloso, o ka hlakisa "-M insndesc" parameter ho objdump, le "set disassembler-options insndesc" ho gdb.
    • Sehokelo se ntlafalitsoe ka likhetho tsa "-z mark-plt" le "-z nomark-plt" bakeng sa ho tšoaea likenyelletso tafoleng ea PLT ho sebelisoa li-tag tsa DT_X86_64_PLT, DT_X86_64_PLSZ, le DT_X86_64_PLTENT.
    • Hona joale moqapi o tšehetsa mokhoa oa ho hlopha ka morao.
    • E kentse "-warn-execstack-objects", "--error-execstack", le "--error-rxw-segments" likhetho ho fana ka litemoso kapa liphoso ha li sebelisoa linthong tsa stack tse ka sebetsoang.
    • Ts'ehetso bakeng sa ABI 2.30 ea meralo ea LoongArch e kentsoe ts'ebetsong, hammoho le ts'ehetso bakeng sa litaelo tse ncha tse hlalositsoeng ho tlhaloso ea LoongArch 1.10.
    • Ts'ehetso e ekelitsoeng bakeng sa sete ea litaelo ea KVX e sebelisoang ho li-processor tsa Kalray (mohlala, e sebelisoang ho Coolidge SoCs).
    • Bakeng sa litsamaiso tse ipapisitseng le meralo ea Intel, tšehetso ea likeketso tse latelang e kentsoe:
      • Intel APX: 32 GPRs, NDD, PUSH2/POP2, PUSHP/POPP.
      • USER_MSR.
      • AVX10.1.
      • PBNDKB.
      • SM4.
      • SM3.
      • SHA512.
      • AVX-VNNI-INT16.
    • Boema-kepe ba RISC-V bo ntlafalitsoe ho ts'ehetsa likeketso tse latelang:
      • T-Head (XTheadVector, XTheadZvlsseg le XTheadZvamo).
      • CORE-V (XCVmac, XCValu).
      • SiFive VCIX (XSfVcp).
    • Boema-kepe ba meralo ea AArch64 bo ntlafalitsoe ho ts'ehetsa likeketso tse latelang:
      • SVE2.1 (Scalable Vector Extension 2.1).
      • SME2.1 (Scalable Matrix Extension 2.1).
      • B16B16 (BFloat16 le BFloat16 bakeng sa SVE2 le SME2).
      • RASv2 (Botšepehi, Boteng le Bokhoni ba Tšebeletso v2).
      • LSE128 (128-bit Atomic).
      • GCS (Lebelo la Taolo ea Stac).
      • CHK (Sheba Boemo ba Sebopeho).
      • SPECRES2 (Thibelo e Matlafalitsoeng ea Khakanyo).
      • LRCPC3 (Mojaro-Acquire RCpc).
      • THE (Translation Hardening).
      • ITE (Tsela ea Litaelo).
      • D128 (litlhaloso tsa leqephe la memori ea 128-bit).
      • XS (Tlhabollo ea memori ea XS).
    • Tšehetso e ekelitsoeng bakeng sa li-processor tsa AArch64 Cortex-A520, Cortex-A720, Cortex-X3 le Cortex-X4.
    • BPF assembler e ntlafalitsoe ho tšehetsa karohano ea maikutlo ka "#" le "//", le tšebeliso ea ";" tlhaku ho arola mantsoe moleng (";" e ke ke ea hlola e sebelisoa bakeng sa litlhaloso), bakeng sa ho lumellana le sekopanyi sa clang/LLVM.

    Source: opennet.ru

Reka sebaka se tšepahalang sa libaka tse nang le ts'ireletso ea DDoS, li-server tsa VPS VDS 🔥 Reka sebaka se tšepahalang sa ho amohela webosaete ka tšireletso ea DDoS, li-server tsa VPS VDS | ProHoster