Ubuthathaka (CVE-2021-38604) ichongiwe kwi-Glibc, eyenza kube lula ukuqalisa ukuphazamiseka kweenkqubo kwinkqubo ngokuthumela umyalezo oyilwe ngokukodwa nge-POSIX yemigca yomyalezo we-API. Ingxaki ayikaveli ekuhanjisweni, kuba ikhona kuphela ekukhululweni kwe-2.34, epapashwe kwiiveki ezimbini ezidlulileyo.
Ingxaki ibangelwa kukuphathwa ngendlela engeyiyo kwedatha ye-NOTIFY_REMOVED kwikhowudi ye-mq_notify.c, ekhokelela kwisalathisi se-NULL kunye nokungqubana kwenkqubo. Okubangela umdla kukuba, ingxaki sisiphumo sesiphene ekulungiseni obunye ubungozi (CVE-2021-33574), elungiswe kukhupho lwe-Glibc 2.34. Ngaphezu koko, ukuba sesichengeni sokuqala kwakunzima kakhulu ukuxhaphaza kwaye kufuna indibaniselwano yeemeko ezithile, ngoko kulula kakhulu ukwenza uhlaselo usebenzisa ingxaki yesibini.
umthombo: opennet.ru