Ubuthathaka obubalulekileyo (i-CVE-2022-0811) ichongiwe kwi-CRI-O, ixesha lokusebenza lokulawula izikhongozeli ezizimeleyo, ezikuvumela ukuba udlule ukubekwa wedwa kwaye wenze ikhowudi yakho kwicala lenkqubo yokusingatha. Ukuba i-CRI-O isetyenzisiwe endaweni ye-container kunye ne-Docker ukuqhuba izitya ezisebenza phantsi kweqonga le-Kubernetes, umhlaseli unokufumana ulawulo lwalo naliphi na i-node kwiqela le-Kubernetes. Ukwenza uhlaselo, unamalungelo aneleyo kuphela okuqhuba isikhongozeli sakho kwiqela leKubernetes.
Ukuba sesichengeni kubangelwa kukuba nokwenzeka kokutshintsha iparamitha ye-kernel sysctl βkernel.core_patternβ (β/proc/sys/kernel/core_patternβ), ufikelelo apho bekungavalwanga, nangona ingekho phakathi kweparameters ekhuselekileyo utshintsho, lusebenza kuphela kwisithuba segama lesikhongozeli sangoku. Usebenzisa le parameter, umsebenzisi osuka kwisikhongozeli unokutshintsha imo ye Linux kernel ngokubhekisele ekuqhubeni iifayile ezingundoqo kwicala lendawo yenginginya kwaye aququzelele ukusungulwa komyalelo ongekho mthethweni onamalungelo eengcambu kwicala longinginya ngokukhankanya umphathi njengo. "|/bin/sh -c 'imiyalelo'" .
Ingxaki ikhona ukususela ekukhululweni kwe-CRI-O 1.19.0 kwaye yalungiswa kuhlaziyo 1.19.6, 1.20.7, 1.21.6, 1.22.3, 1.23.2 kunye ne-1.24.0. Phakathi kosasazo, ingxaki ibonakala kwi-Red Hat OpenShift Container Platform kunye ne-openSUSE / SUSE iimveliso, ezinephakheji ye-cri-o kwiindawo zabo zokugcina.
umthombo: opennet.ru