Ulwazi ludizwe malunga nokuba semngciphekweni kwe-CVE-2023-6200) kwi-stack yenethiwekhi ye-Linux kernel, ethi, phantsi kweemeko ezithile, ivumela umhlaseli ovela kwinethiwekhi yendawo ukuba afezekise ukuphunyezwa kwekhowudi yakhe ngokuthumela ipakethe ye-ICMPv6 eyenzelwe ngokukodwa. umyalezo we-RA (Isibhengezo se-Router) ojoliswe ekupapasheni ulwazi malunga nomzila.
Ubuthathaka bunokusetyenziswa kuphela kumsebenzi womnatha wobulali kwaye buvela kwiisistim ezinenkxaso ye-IPv6 eyenziwe yasebenza kunye neparamitha ye-sysctl “net.ipv6.conf.<network_interface_name>.accept_ra” esebenzayo (inokutshekishwa ngomyalelo “sysctl net.ipv6.conf | grep accept_ra”) , ekhubaziwe ngokungagqibekanga kwi-RHEL kunye noBuntu kujongano lwenethiwekhi yangaphandle, kodwa yenzelwe i-loopback interface, evumela uhlaselo olusuka kwinkqubo efanayo.
Ubuthathaka bubangelwa yimeko yogqatso xa umqokeleli wenkunkuma esenza iirekhodi ze-fib6_info ezidala, ezingakhokelela ekufikeleleni kwindawo yememori esele ikhululiwe (ukusetyenziswa-emva kokukhululeka). Xa ufumana ipakethe ye-ICMPv6 kunye nomyalezo wentengiso ye-router (i-RA, iNtengiso ye-Router), i-stack yenethiwekhi ibiza i-ndisc_router_discovery () umsebenzi, othi, ukuba umyalezo we-RA uqulethe ulwazi malunga nendlela yokuphila, ubiza i-fib6_set_expires () umsebenzi kwaye ugcwalise i-gc_link. isakhiwo. Ukucoca amangeniso aphelelwe lixesha, sebenzisa i-fib6_clean_expires () umsebenzi, obamba ungeniso kwi-gc_link kwaye icoca imemori esetyenziswe yi-fib6_info isakhiwo. Kule meko, kukho umzuzu othile xa imemori ye-fib6_info isakhiwo sele ikhululiwe, kodwa ikhonkco kuyo iyaqhubeka ibe kwi-gc_link isakhiwo.
Ukuba sesichengeni kubonakale ukuqala kwisebe le-6.6 kwaye kwalungiswa kwiinguqulelo ze-6.6.9 kunye ne-6.7. Ubume bokulungisa ubuthathaka kunikezelo lunokuvavanywa kula maphepha: Debian, Ubuntu, SUSE, RHEL, Fedora, Arch Linux, Gentoo, Slackware. Phakathi konikezelo oluthunyelwa ngenqanawa nge-6.6 kernel, sinokuqaphela iArch Linux, iGentoo, iFedora, iSlackware, i-OpenMandriva kunye neManjaro; kolunye unikezelo, kunokwenzeka ukuba utshintsho olunempazamo lubuyiselwe kwiipakethi ezinamagatsha amadala e-kernel (for umzekelo, kwi-Debian kukhankanyiwe ukuba iphakheji ene-kernel 6.5.13 isengozini, ngelixa utshintsho oluyingxaki lubonakala kwisebe le-6.6). Njengomsebenzi wokhuseleko, ungayekisa i-IPv6 okanye usete i-“net.ipv0.conf.*.accept_ra” iiparamitha ku-6.
umthombo: opennet.ru