Cisco Security Abaphandi ulwazi lokuba sesichengeni (CVE-2019-5021) ngaphakathi Usasazo lweAlpine lwenkqubo yokwahlula isikhongozeli seDocker. Undoqo wengxaki echongiweyo kukuba igama eligqithisiweyo elingagqibekanga lomsebenzisi wengcambu limiselwe kwigama lokugqitha elingenanto ngaphandle kokuthintela ukungena okuthe ngqo njengengcambu. Masikhumbule ukuba iAlpine isetyenziselwa ukuvelisa imifanekiso esemthethweni evela kwiprojekthi yeDocker (ngaphambili ulwakhiwo olusemthethweni lwalusekwe kuBuntu, kodwa ke bekukho. kwiAlpine).
Ingxaki ikhona ukususela ekubeni i-Alpine Docker 3.3 yakha kwaye yabangelwa ukuguqulwa kwenguqu eyongeziweyo kwi-2015 (ngaphambi kwenguqulo 3.3 /etc/shadow isebenzisa umgca "ingcambu:!::0:::::", kwaye emva ukuthotywa kweflegi “-d” umgca “ingcambu:::0:::::” yaqalisa ukudityaniswa. Ingxaki yaqatshelwa kwaye ngoNovemba 2015, kodwa ngoDisemba ngempazamo kwakhona kwiifayile zokwakha zesebe lovavanyo, kwaye emva koko yatshintshelwa kwizakhiwo ezizinzileyo.
Ulwazi lokuba sesichengeni luchaza ukuba ingxaki ikwavela kwisebe lamva nje leAlpine Docker 3.9. Abaphuhlisi beAlpine ngoMatshi isiziba kunye nokuba sesichengeni ukuqala ngokwakha 3.9.2, 3.8.4, 3.7.3 kunye 3.6.5, kodwa uhlala kumasebe amadala 3.4.x kunye 3.5.x, esele iyekile. Ukongeza, abaphuhlisi bathi i-vector yohlaselo incinci kakhulu kwaye ifuna ukuba umhlaseli afikelele kwisiseko esifanayo.
umthombo: opennet.ru