ProHoster > Ibhulogi > iindaba ze-intanethi > Ubuthathaka obunobungozi kwi-QEMU, iNode.js, iGrafana kunye ne-Android

Ubuthathaka obunobungozi kwi-QEMU, iNode.js, iGrafana kunye ne-Android

Uninzi lweziphene ezisanda kuchongwa:

  • Ukuba sesichengeni (I-CVE-2020-13765) kwi-QEMU, enokubangela ukuba ikhowudi isetyenziswe ngamalungelo enkqubo ye-QEMU kwicala lenginginya xa umfanekiso wekernel yesiko ulayishwe kundwendwe. Ingxaki ibangelwa kukuphuphuma kwebuffer kwikhowudi yekopi yeROM ngexesha lokuqalisa inkqubo kwaye kwenzeka xa imixholo yomfanekiso we-32-bit kernel ilayishwe kwinkumbulo. Ulungiso okwangoku lufumaneka kuphela kwifom isiqwenga.
  • Ubuthathaka obune kwi-Node.js. Ubuthathaka isusiwe ekukhutshweni 14.4.0, 10.21.0 kunye 12.18.0.
    • I-CVE-2020-8172 - Ivumela ukuqinisekiswa kwesatifikethi somninimzi ukuba kugqithwe xa usebenzisa kwakhona iseshoni ye-TLS.
    • CVE-2020-8174 - Ivumela ukuphunyezwa kwekhowudi kwinkqubo ngenxa yokuphuphuma kwebuffer kwi napi_get_value_string_*() imisebenzi eyenzekayo ngexesha lokufowuna okuthile I-N-API (C API yokubhala izongezo zomthonyama).
    • I-CVE-2020-10531 yimbumbulu ephuphumayo kwi-ICU (iMicimbi yaMazwe ngaMazwe ye-Unicode) ye-C/C++ enokukhokelela ekuphuphumeni kwebuffer xa usebenzisa i-UnicodeString::doAppend () umsebenzi.
    • I-CVE-2020-11080 - ivumela ukukhanyela kwenkonzo (umthwalo we-100% we-CPU) ngokusasazwa kwezakhelo ezinkulu ze-"SETTINGS" xa udibanisa nge-HTTP/2.
  • Ukuba sesichengeni kwiplatifti ye-interactive metrics visualization yaseGrafana, esetyenziselwa ukwakha iigrafu zokubeka iliso ezibonwayo ngokusekelwe kwimithombo eyahlukeneyo yedatha. Impazamo kwikhowudi yokusebenza kunye ne-avatars ikuvumela ukuba uqalise ukuthumela isicelo se-HTTP ukusuka kwi-Grafana kuyo nayiphi na i-URL ngaphandle kokugqithisa ukuqinisekiswa kwaye ubone umphumo wesi sicelo. Eli nqaku linokusetyenziswa, umzekelo, ukufunda uthungelwano lwangaphakathi lweenkampani ezisebenzisa iGrafana. Ingxaki isusiwe kwimiba
    Grafana 6.7.4 kunye 7.0.2. Njengomsebenzi wokhuseleko, kuyacetyiswa ukuba uthintele ufikelelo kwi-URL "/i-avatar/*" kumncedisi oqhuba iGrafana.

  • ipapashiwe Iseti kaJuni yolungiso lokhuseleko lwe-Android, olulungisa ubuthathaka obungama-34. Imiba emine inikwe inqanaba lobunzima obubalulekileyo: ubuthathaka obubini (CVE-2019-14073, CVE-2019-14080) kumacandelo e-Qualcomm yobunini) kunye nobuthathaka obubini kwinkqubo evumela ukuphunyezwa kwekhowudi xa kusetyenzwa idatha yangaphandle eyilwe ngokukodwa (CVE-2020) -0117 - inani elipheleleyo phuphuma kwisitaki seBluetooth, I-CVE-2020-8597 - Ukuphuphuma kwe-EAP kwipppd).

umthombo: opennet.ru

Yongeza izimvo