Uninzi lweziphene ezisanda kuchongwa:
- Ubuthathaka obuthathu kwinkqubo yoyilo encediswa yikhompyuter ye-LibreCAD kunye nethala leencwadi le-libdxfrw elikuvumela ukuba uqalise ukuphuphuma kwebuffer elawulwayo kwaye ubenakho ukufezekisa ukuphunyezwa kwekhowudi xa uvula iifayile ezifomathiweyo zeDWG kunye neDXF. Iingxaki ziye zalungiswa ukuza kuthi ga ngoku kuphela kwifom yeepatches (CVE-2021-21898, CVE-2021-21899, CVE-2021-21900).
- Ukuba semngciphekweni (CVE-2021-41817) kwi-Date.parse method enikwe kwilayibrari eqhelekileyo yeRuby. Iziphene kwiintetho eziqhelekileyo ezisetyenziselwa ukwahlula imihla kwindlela ye-Date.parse ingasetyenziselwa ukwenza uhlaselo lwe-DoS, okukhokelela ekusetyenzisweni kwezixhobo ezibalulekileyo ze-CPU kunye nokusetyenziswa kwememori xa kusetyenzwa idatha efomathiweyo ngokukodwa.
- Ukuba semngciphekweni kwiqonga lokufunda lomatshini leTensorFlow (CVE-2021-41228), evumela ukuba ikhowudi iqhutywe xa i-saved_model_cli isetyenziselwa inkqubo yomhlaseli idatha idlule kwiparameter "--input_examples". Ingxaki ibangelwa ukusetyenziswa kwedatha yangaphandle xa ubiza ikhowudi kunye nomsebenzi we "eval". Umba ulungisiwe kukhupho lweTensorFlow 2.7.0, TensorFlow 2.6.1, TensorFlow 2.5.2, kunye neTensorFlow 2.4.4.
- Ukuba semngciphekweni (CVE-2021-43331) kwinkqubo yolawulo lokuposa ye-GNU ebangelwa kukuphathwa ngendlela engalunganga kweentlobo ezithile zee-URL. Ingxaki ikuvumela ukuba uququzelele ukuphunyezwa kwekhowudi yeJavaScript ngokucacisa i-URL eyenziwe ngokukodwa kwiphepha lezicwangciso. Omnye umba uye wachongwa kwi-Mailman (CVE-2021-43332), evumela umsebenzisi onamalungelo omodareyitha ukuqikelela igama eliyimfihlo lomlawuli. Imiba iye yasonjululwa kukukhutshwa kwe-Mailman 2.1.36.
- Uthotho lobuthathaka kumhleli wombhalo weVim onokuthi ukhokelele ekuphuphumeni kwebuffer kunye nokuphunyezwa kwekhowudi yomhlaseli xa uvula iifayile ezenziwe ngokukodwa ngokhetho lwe- "-S" (CVE-2021-3903, CVE-2021-3872, CVE-2021) -3927, CVE -2021-3928, izilungiso - 1, 2, 3, 4).
umthombo: opennet.ru