Uninzi lweziphene ezisanda kuchongwa:
-
Ukuba sesichengeni (I-CVE-2020-13765 ) kwi-QEMU, enokubangela ukuba ikhowudi isetyenziswe ngamalungelo enkqubo ye-QEMU kwicala lenginginya xa umfanekiso wekernel yesiko ulayishwe kundwendwe. Ingxaki ibangelwa kukuphuphuma kwebuffer kwikhowudi yekopi yeROM ngexesha lokuqalisa inkqubo kwaye kwenzeka xa imixholo yomfanekiso we-32-bit kernel ilayishwe kwinkumbulo. Ulungiso okwangoku lufumaneka kuphela kwifomisiqwenga . -
Ubuthathaka obune kwi-Node.js. Ubuthathakaisusiwe ekukhutshweni 14.4.0, 10.21.0 kunye 12.18.0.- I-CVE-2020-8172 - Ivumela ukuqinisekiswa kwesatifikethi somninimzi ukuba kugqithwe xa usebenzisa kwakhona iseshoni ye-TLS.
- CVE-2020-8174 - Ivumela ukuphunyezwa kwekhowudi kwinkqubo ngenxa yokuphuphuma kwebuffer kwi napi_get_value_string_*() imisebenzi eyenzekayo ngexesha lokufowuna okuthile
I-N-API (C API yokubhala izongezo zomthonyama). - I-CVE-2020-10531 yimbumbulu ephuphumayo kwi-ICU (iMicimbi yaMazwe ngaMazwe ye-Unicode) ye-C/C++ enokukhokelela ekuphuphumeni kwebuffer xa usebenzisa i-UnicodeString::doAppend () umsebenzi.
- I-CVE-2020-11080 - ivumela ukukhanyela kwenkonzo (umthwalo we-100% we-CPU) ngokusasazwa kwezakhelo ezinkulu ze-"SETTINGS" xa udibanisa nge-HTTP/2.
-
Ukuba sesichengeni kwiplatifti ye-interactive metrics visualization yaseGrafana, esetyenziselwa ukwakha iigrafu zokubeka iliso ezibonwayo ngokusekelwe kwimithombo eyahlukeneyo yedatha. Impazamo kwikhowudi yokusebenza kunye ne-avatars ikuvumela ukuba uqalise ukuthumela isicelo se-HTTP ukusuka kwi-Grafana kuyo nayiphi na i-URL ngaphandle kokugqithisa ukuqinisekiswa kwaye ubone umphumo wesi sicelo. Eli nqaku linokusetyenziswa, umzekelo, ukufunda uthungelwano lwangaphakathi lweenkampani ezisebenzisa iGrafana. Ingxakiisusiwe kwimiba
Grafana 6.7.4 kunye 7.0.2. Njengomsebenzi wokhuseleko, kuyacetyiswa ukuba uthintele ufikelelo kwi-URL "/i-avatar/*" kumncedisi oqhuba iGrafana. -
ipapashiwe Iseti kaJuni yolungiso lokhuseleko lwe-Android, olulungisa ubuthathaka obungama-34. Imiba emine inikwe inqanaba lobunzima obubalulekileyo: ubuthathaka obubini (CVE-2019-14073, CVE-2019-14080) kumacandelo e-Qualcomm yobunini) kunye nobuthathaka obubini kwinkqubo evumela ukuphunyezwa kwekhowudi xa kusetyenzwa idatha yangaphandle eyilwe ngokukodwa (CVE-2020) -0117 - inani elipheleleyophuphuma kwisitaki seBluetooth,I-CVE-2020-8597 - Ukuphuphuma kwe-EAP kwipppd ).
umthombo: opennet.ru