Ubuthathaka (CVE-2021-3997) ichongiwe kwi-systemd-tmpfiles utility evumela ukuphindaphinda okungalawulwayo ukuba kwenzeke. Ingxaki ingasetyenziswa ukwenza ukwaliwa kwenkonzo ngexesha lenkqubo yokuqalisa ngokudala inani elikhulu labalawuli abasezantsi kwi/tmp ulawulo. Ulungiso lufumaneka ngoku kwifomu yepetshi. Uhlaziyo lwePakeji yokulungisa ingxaki lunikezelwa kwi-Ubuntu kunye ne-SUSE, kodwa ayikafumaneki kwi-Debian, i-RHEL kunye ne-Fedora (izilungiso zivavanywa).
Xa usenza amawaka amacandelo angaphantsi, ukwenza "i-systemd-tmpfiles --remove" umsebenzi wokuphazamiseka ngenxa yokudinwa kwestaki. Ngokuqhelekileyo, i-systemd-tmpfiles utility yenza imisebenzi yokucima nokudala abalawuli kwifowuni enye ("systemd-tmpfiles -create -remove -boot -exclude-prefix=/dev"), kunye nokucima okwenziwa kuqala kunye nokudala, okt. Ukusilela kwinqanaba lokucima kuya kubangela ukuba iifayile ezibalulekileyo ezichazwe kwi /usr/lib/tmpfiles.d/*.conf zingadalwa.
Imeko yokuhlasela eyingozi ngakumbi ku-Ubuntu 21.04 ikwakhankanyiwe: kuba ukuphahlazeka kwe-systemd-tmpfiles ayenzi ifayile ye-/run/lock/subsys, kwaye/i-run/lock directory ibhalwa ngabo bonke abasebenzisi, umhlaseli angenza i/ sebenzisa/tshixa/ uvimba weefayili isubsys phantsi komchongi wayo kwaye, ngokwenza amakhonkco omfuziselo anqumlana neefayile zokutshixa kwiinkqubo zesixokelelwano, cwangcisa ukubhala ngaphezulu kweefayile zesixokelelwano.
Ukongeza, sinokuqaphela ukupapashwa kokukhutshwa okutsha kweeprojekthi zeFlatpak, Samba, FreeRDP, Clamav kunye neNode.js, apho ubuthathaka bulungiswa khona:
- Ukukhutshwa kokulungiswa kwe-toolkit yokwakha iiphakheji ze-Flatpak ezizimeleyo ze-1.10.6 kunye ne-1.12.3, ubuthathaka obubini bulungisiwe: Umngcipheko wokuqala (i-CVE-2021-43860) ivumela, xa ukhuphela iphakheji kwi-repository engathembekanga, ngokusebenzisa ukukhohlisa imetadata, ukufihla umboniso weemvume ezithile eziphambili ngexesha lenkqubo yokuhlohla. Umngcipheko wesibini (ngaphandle kwe-CVE) uvumela umyalelo othi "flatpak-builder -mirror-screenshots-url" ukwenza abalawuli kwindawo yefayile yefayile ngaphandle kwendawo yokwakha ngexesha lokuhlanganisa iphakheji.
- Uhlaziyo lwe-Samba 4.13.16 lususa ubuthathaka (CVE-2021-43566) evumela umxhasi ukuba asebenzise amakhonkco omfuziselo kwi-SMB1 okanye izahlulo ze-NFS ukwenza isilawuli kumncedisi ngaphandle kwendawo yeFS ethunyelwa ngaphandle (ingxaki ibangelwa yimeko yogqatso. kwaye kunzima ukuyisebenzisela ukwenza, kodwa ngokwethiyori inokwenzeka). Iinguqulelo ezingaphambi kwe-4.13.16 zichatshazelwa yingxaki.
Ingxelo iye yapapashwa malunga nobunye ubuthathaka obufanayo (i-CVE-2021-20316), evumela umxhasi oqinisekisiweyo ukuba afunde okanye atshintshe imixholo yefayile okanye i-metadata yolawulo kwindawo yeseva ye-FS ngaphandle kwecandelo elithunyelwa ngaphandle ngokusetyenziswa kweekhonkco ezingokomfanekiso. Ingxaki ilungiswe ekukhululweni kwe-4.15.0, kodwa ichaphazela namasebe angaphambili. Nangona kunjalo, ukulungiswa kwamasebe amadala akuyi kupapashwa, ekubeni i-architecture endala ye-Samba VFS ayivumeli ukulungisa ingxaki ngenxa yokubophelela kwemisebenzi yemethadatha kwiindlela zefayile (kwi-Samba 4.15 i-VFS layer yahlaziywa ngokupheleleyo). Yintoni eyenza ingxaki ingabi yingozi kakhulu kukuba kunzima kakhulu ukusebenza kwaye amalungelo okufikelela komsebenzisi kufuneka avumele ukufunda okanye ukubhala kwifayile ekujoliswe kuyo okanye ulawulo.
- Ukukhutshwa kweprojekthi ye-FreeRDP 2.5, ebonelela ngokuphunyezwa simahla kweProtocol yeRemote Desktop (RDP), ilungisa imiba emithathu yokhuseleko (izazisi ze-CVE azibelwanga) ezinokukhokelela ekuphuphumeni kwe-buffer xa usebenzisa indawo engalunganga, kusetyenzwa ngobhaliso oluyilwe ngokukodwa. useto kunye nokubonisa igama elongezo elingalungiswanga ngendlela. Utshintsho kwinguqu entsha lubandakanya inkxaso yelayibrari ye-OpenSSL 3.0, ukuphunyezwa kwe-TcpConnectTimeout setting, ukuhambelana okuphuculweyo kunye ne-LibreSSL kunye nesisombululo kwiingxaki ze-clipboard kwiindawo ezisekelwe kwi-Wayland.
- Ukukhutshwa okutsha kwephakheji ye-antivirus yamahhala i-ClamAV 0.103.5 kunye ne-0.104.2 isusa ubuthathaka be-CVE-2022-20698, ehambelana nokufundwa kwesalathisi esingalunganga kwaye ikuvumela ukuba ukude ubangele ukuwohloka kwenkqubo ukuba iphakheji ihlanganiswe ne-libjson- c ilayibrari kunye CL_SCAN_GENERAL_COLLECT_METADATA ukhetho lwenziwe kwiseto (clamscan --gen-json).
- Iqonga leNode.js lihlaziywa 16.13.2, 14.18.3, 17.3.1 kunye 12.22.9 lungisa ubuthathaka obune: ukudlula ukuqinisekiswa kwesatifikethi xa uqinisekisa uqhagamshelwano lwenethiwekhi ngenxa yoguqulo olungachanekanga lwe-SAN (Isihloko NgamaGama aManye) kwifomathi yomtya (CVE- 2021 -44532); ukuphathwa ngendlela engafanelekanga yokubalwa kwamaxabiso amaninzi kwisifundo kunye nemimandla ekhuphayo, enokusetyenziswa ukudlula ukuqinisekiswa kweenkalo ezikhankanyiweyo kwizatifikethi (CVE-2021-44533); izithintelo zokudlula ezihambelana nohlobo lwe-SAN URI kwiziqinisekiso (CVE-2021-44531); Ukuqinisekiswa kwegalelo okunganelanga kwi-console.table () umsebenzi, enokusetyenziswa ukwabela imitya engenanto kwizitshixo zedijithali (CVE-2022-21824).
umthombo: opennet.ru