ื ืืืึทืื ืขืจืึทืืืืืื (CVE-2021-3997) ืืื ืืืืขื ืึทืคืืื ืืื ืื systemd-tmpfiles ื ืืฆื ืืืึธืก ืึทืืึทืื ืึทื ืงืึทื ืืจืึธืืื ืจืขืงืืจืกืืึธื. ืืขืจ ืคึผืจืึธืืืขื ืงืขื ืขื ืืืขืจื ืืขื ืืฆื ืฆื ืคืึทืจืฉืึทืคื ืึท ืึธืคึผืืืืงืขื ืื ื ืคืื ืืื ืกื ืืขืฉืึทืก ืกืืกืืขื ืฉืืืืื ืืืจื ืงืจืืืืืื ื ืึท ืืจืืืก ื ืืืขืจ ืคืื ืกืืืืืจืขืงืืึธืจืืขืก ืืื ืื / tmp ืืืขืืืืืึทืืขืจ. ืืขืจ ืคืึทืจืจืืืื ืืื ืืขืจืืืืึทื ืื ืืืฆื ืืื ืืึทืืข ืคืึธืจืขื. ืคึผืขืงื ืืขืจืืืึทื ืืืงืื ืืขื ืฆื ืคืึทืจืจืืืื ืืขื ืคึผืจืึธืืืขื ืืขื ืขื ืืขืคึฟืื ื ืืื Ubuntu ืืื SUSE, ืึธืืขืจ ืืขื ืขื ื ืึธื ื ืืฉื ืื ืืืฆื ืืื ืืขืืืึทื, RHEL ืืื ืคืขืืึธืจืึท (ืคืืงืกืื ืืขื ืขื ืืื ืืขืกืืื ื).
ืืืขื ืงืจืืืืืื ื ืืืืื ืืขืจ ืคืื ืกืืืืืจืขืงืืึธืจืืขืก, ืืืจืืคืืจื ืื "ืกืืกืืขื-ืืืคึผืคืืืขืก --ื ืขื" ืึธืคึผืขืจืึทืฆืืข ืงืจืึทืฉืื ืจืขืื ืฆื ืึธื ืืืืื ืืืืึธืกืืฉืึทื. ืืืคึผืืงืึทืืื, ืื systemd-tmpfiles ื ืืฆื ืคึผืขืจืคืึธืจืื ืื ืึทืคึผืขืจืืืฉืึทื ื ืคืื ืืืืืืื ื ืืื ืงืจืืืืืื ื ืืืืจืขืงืืขืจืื ืืื ืืืื ืจืืฃ ("systemd-tmpfiles -create -remove -boot -excluse-prefix=/dev"), ืืื ืื ืืืกืืขืงื ืขืจืฉืืขืจ ืืืจืืืขืงืึธืื ืืื ืืขืจื ืึธื ืื ืฉืึทืคืื ื, ื"ื. ื ืืืจืืคืึทื ืืื ืื ืืืืืฉืึทื ืืื ืข ืืืขื ืจืขืืืืืึทื ืืื ืื ืงืจืืืืฉ ืืขืงืขืก ืกืคึผืขืกืืคืืขื ืืื /usr/lib/tmpfiles.d/*.conf ืืขื ืขื ื ืืฉื ืืืฉืืคื.
ื ืืขืจ ืืขืคืขืจืืขื ืืึทืคืึทืื ืกืฆืขื ืึทืจ ืืืืฃ ืืืื ืื 21.04 ืืื ืืืื ืืขืจืืื ื: ืืื ื ืื ืงืจืึทื ืคืื systemd-tmpfiles ืงืขื ื ืืฉื ืืึทืื ืื /run/lock/subsys ืืขืงืข, ืืื ืื /run/lock ืืืขืืืืืึทืืขืจ ืืื ืจืืืืึทืืึทื ืืืจื ืึทืืข ืืืืขืจื, ืึท ืึทืืึทืงืขืจ ืงืขื ืขื ืืึทืื ืึท / ืืืืคื / lock/ ืืืขืืืืืึทืืขืจ ืกืืืกืืก ืืื ืืขืจ ืืืื ืืืืขื ืืืืขื ืืื, ืืืจื ืื ืฉืึทืคืื ื ืคืื ืกืืืืึธืืืฉ ืคึฟืึทืจืืื ืืื ืืขื ืื ืืขืจืกืขืงืืื ื ืืื ืฉืืึธืก ืืขืงืขืก ืคึฟืื ืกืืกืืขื ืคึผืจืึทืกืขืกืึทื, ืึธืจืืึทื ืืืืจื ืื ืึธืืืืขืจืจืืืืื ื ืคืื ืกืืกืืขื ืืขืงืขืก.
ืืื ืึทืืืฉืึทื, ืืืจ ืงืขื ืขื ืืึธื ืื ืืืกืืึทืืข ืคืื โโื ืืึทืข ืจืืืืกืื ืคืื ืื ืคืืึทืืคึผืึทืง, ืกืึทืืืึท, FreeRDP, Clamav ืืื Node.js ืคึผืจืึทืืืฉืขืงืก, ืืื ืืืึธืก ืืืึทืื ืขืจืึทืืืืืืื ืืขื ืขื ืคืึทืจืคืขืกืืืงื:
- ืืื ืื ืงืขืจืขืงืืืื ืจืืืืกืื ืคืื ืื ืืืฉืืจืื ืคึฟืึทืจ ืืืืขื ืืื-ืงืึทื ืืืื ื ืคืืึทืืคึผืึทืง ืคึผืึทืงืึทืืืฉืึทื 1.10.6 ืืื 1.12.3, ืฆืืืื ืืืึทืื ืขืจืึทืืืืืืื ืืขื ืขื ืคืึทืจืคืขืกืืืงื: ืืขืจ ืขืจืฉืืขืจ ืืืึทืื ืขืจืึทืืืืืื (CVE-2021-43860) ืึทืืึทืื, ืืืขื ืืึทืื ืืึธืืืื ื ืึท ืคึผืขืงื ืคืื ืึทื ืึทื ืืจืึทืกื ืจืืคึผืึทืืึทืืึธืจื, ืืืจื ืืึทื ืืคึผืืึทืืืืฉืึทื ืคืื ืืขืืึทืืึทืืึท, ืฆื ืืึทืืึทืืื ืื ืึทืจืืืกืืืืึทืื ืคืื ืืืืขืจ ืึทืืืึทื ืกืืจืืข ืคึผืขืจืืืฉืึทื ื ืืขืฉืึทืก ืื ืื ืกืืึทืืืจืื ื ืคึผืจืึธืฆืขืก. ืื ืฆืืืืืืข ืืืึทืื ืขืจืึทืืืืืื (ืึธื CVE) ืึทืืึทืื ืื ืืึทืคึฟืขื "flatpak-builder โmirror-screenshots-url" ืฆื ืฉืึทืคึฟื ืืืจืขืงืืขืจืื ืืื ืืขืจ ืืขืงืข ืกืืกืืขื ืืขืื ื ืึทืจืืืก ืื ืืืืขื ืืืขืืืืืึทืืขืจ ืืขืฉืึทืก ืคึผืขืงื ืคึฟืึทืจืืึทืืืื ื.
- ืื Samba 4.13.16 ืืขืจืืืึทื ืืืงื ืืืืืึทื ืืืฅ ืึท ืืืึทืื ืขืจืึทืืืืืื (CVE-2021-43566) ืืืึธืก ืึทืืึทืื ืึท ืงืืืขื ื ืฆื ืฉืึทืคึฟื ืึท ืืืขืืืืืึทืืขืจ ืืืืฃ ืื ืกืขืจืืืขืจ ืึทืจืืืก ืื ืืงืกืคึผืึธืจืืึทื FS ืืขืื ื ืืืจื ืืึทื ืืคึผืืึทืืืืืื ื ืกืืืืึธืืืฉ ืคึฟืึทืจืืื ืืื ืืขื ืืืืฃ SMB1 ืึธืืขืจ NFS ืคึผืึทืจืืืฉืึทื ื (ืื ืคึผืจืึธืืืขื ืืื ืืขืคึฟืืจื ืืืจื ืึท ืจืึทืกืข ืฆืืฉืืึทื ื ืืื ืืื ืฉืืืขืจ ืฆื ื ืืฆื ืืื ืคืืจ, ืึธืืขืจ ืืขืึธืจืขืืืฉ ืืขืืืขื). ืืืขืจืกืืขืก ืืืืืขืจ 4.13.16 ืืขื ืขื ืึทืคืขืงืืึทื ืืืจื ืืขื ืคึผืจืึธืืืขื.
ื ืืึทืจืืื ืืื ืืืื ืืจืืืก ืืืขืื ืื ืื ืืขืจ ืขื ืืขื ืืืึทืื ืขืจืึทืืืืืื (CVE-2021-20316), ืืืึธืก ืึทืืึทืื ืึทื ืึธืืขื ืืึทืงืืืืึทื ืงืืืขื ื ืฆื ืืืืขื ืขื ืึธืืขืจ ืืืืฉื ืื ืืื ืืึทืื ืคืื ืึท ืืขืงืข ืึธืืขืจ ืืืขืืืืืึทืืขืจ ืืขืืึทืืึทืืึท ืืื ืื FS ืกืขืจืืืขืจ ืืขืื ื ืึทืจืืืก ืื ืืงืกืคึผืึธืจืืึทื ืึธืคึผืืืืืื ื ืืืจื ืืึทื ืืคึผืืึทืืืืฉืึทื ืคืื ืกืืืืึธืืืฉ ืคึฟืึทืจืืื ืืื ืืขื. ืืขืจ ืคึผืจืึธืืืขื ืืื ืคืึทืจืคืขืกืืืงื ืืื ืืขืืืื ื 4.15.0, ืึธืืขืจ ืืืื ืึทืคืขืงืฅ ืคืจืืึทืขืจืืืง ืฆืืืืืื. ืึธืืขืจ, ืคืืงืกืื ืคึฟืึทืจ ืึทืื ืฆืืืืืื ืืืขื ื ืืฉื ืืืื ืืจืืืก, ืืืืึทื ืื ืึทืื Samba VFS ืึทืจืงืึทืืขืงืืฉืขืจ ืงืขื ื ืืฉื ืคืึทืจืจืืืื ืืขื ืคึผืจืึธืืืขื ืจืขืื ืฆื ืืขืจ ืืืื ืืื ื ืคืื ืืขืืึทืืึทืืึท ืึทืคึผืขืจืืืฉืึทื ื ืฆื ืืขืงืข ืคึผืึทืืก (ืืื Samba 4.15 ืื VFS ืฉืืืืข ืืื ืืึธืจ ืจืืืืืืื ื). ืืืึธืก ืืืื ืื ืคึผืจืึธืืืขื ืืืืื ืืงืขืจ ืืขืคืขืจืืขื ืืื ืึทื ืขืก ืืื ืืึทื ืฅ ืงืึธืืคึผืืืฆืืจื ืฆื ืึทืจืืขืื ืืื ืืขืจ ืืึทื ืืฆืขืจ ืก ืึทืงืกืขืก ืจืขืื ืืืื ืืึธืื ืืืืขื ืขื ืึธืืขืจ ืฉืจืืืื ืฆื ืื ืฆืื ืืขืงืข ืึธืืขืจ ืืืขืืืืืึทืืขืจ.
- ืื ืืขืืืื ื ืคืื ืื FreeRDP 2.5 ืคึผืจืืืขืงื, ืืืึธืก ืึธืคืคืขืจืก ืึท ืคืจืื ืืืคึผืืึทืืขื ืืืืฉืึทื ืคืื ืื ืจืืืึธืื ืืขืกืงืืึธืคึผ ืคึผืจืึธืืึธืงืึธื (RDP), ืคืืงืกืื ืืจืื ืืืืขืจืืืื ืืฉืื (CVE ืืืขื ืืืคืืขืจืก ืืขื ืขื ื ืืฉื ืึทืกืืื ื) ืืืึธืก ืงืขื ืคืืจื ืฆื ืึท ืืึทืคืขืจ ืึธืืืืขืจืคืืึธื ืืืขื ื ืืฆื ืึท ืคืึทืืฉ ืืึธืงืึทื, ืคึผืจืึทืกืขืกืื ื ืกืคึผืขืฉืึทืื ืืืืืื ื ืจืขืืืกืืจื. ืกืขืืืื ืืก ืืื ืื ืืึทืงืืืืื ื ืึท ืคืึทืืฉ ืคืึธืจืืึทืืืขื ืึทืืืฉืึทื ื ืึธืืขื. ืขื ืืขืจืื ืืขื ืืื ืื ื ืืึทืข ืืืขืจืกืืข ืึทืจืืึทื ื ืขืืขื ืฉืืืฆื ืคึฟืึทืจ ืื OpenSSL 3.0 ืืืืืืึธืืขืง, ืื ืืืคึผืืึทืืขื ืืืืฉืึทื ืคืื ืื TcpConnectTimeout ืืึทืฉืืขืืืงื, ืืืคึผืจืืืื ืงืึทืืคึผืึทืืึทืืืืึทืื ืืื LibreSSL ืืื ืึท ืืืืืื ื ืฆื ืคึผืจืึธืืืขืืก ืืื ืื ืงืืืคึผืืึธืจื ืืื Wayland-ืืืืืจื ืื ืืืืืจืึทื ืืึทื ืฅ.
- ืื ื ืืึทืข ืจืืืืกืื ืคืื ืื ืคืจืื ืึทื ืืืืืืจืืก ืคึผืขืงื ClamAV 0.103.5 ืืื 0.104.2 ืขืืืืื ืืจื ืื ืืืึทืื ืขืจืึทืืืืืื CVE-2022-20698, ืืืึธืก ืืื ืคืืจืืื ืื ืืื ืคืึทืืฉ ืืืึทืื ืืืืขื ืขื ืืื ืึทืืึทืื ืืืจ ืฆื ืจืืืึธืืืื ืคืึทืจืฉืึทืคื ืึท ืคึผืจืึธืฆืขืก ืงืจืึทื ืืืื ืื ืคึผืขืงื ืืื ืงืึทืืคึผืืืื ืืื ืื ืืืืืืฉืกืึธื- c ืืืืืืึธืืขืง ืืื ืื CL_SCAN_GENERAL_COLLECT_METADATA ืึธืคึผืฆืืข ืืื ืขื ืืืืึทืื ืืื ืื ืกืขืืืื ืืก (clamscan --gen-json).
- ืื Node.js ืคึผืืึทืืคืึธืจืืข ืืขืจืืืึทื ืืืงืื ืืขื 16.13.2, 14.18.3, 17.3.1 ืืื 12.22.9 ืคืึทืจืจืืืื ืคืืจ ืืืึทืื ืขืจืึทืืืืืืื: ืืืืคึผืึทืกืื ื ืืึทืืืืึทืื ืืืขืจืึทืคืึทืงืืืฉืึทื ืืืขื ืืืขืจืึทืคืืืื ื ืึท ื ืขืฅ ืงืฉืจ ืจืขืื ืฆื ืคืึทืืฉ ืงืึทื ืืืขืจืืฉืึทื ืคืื SAN (Subject Alternative Names) ืฆื ืฉืืจืืงื ืคึฟืึธืจืืึทื (CVE- 2021 -44532); ืคืึทืืฉ ืืึทื ืืืื ื ืคืื ืื ืืืขืจืืืฉืึทื ืคืื ืงืืืคื ืืืึทืืืขืก ืืื ืื ืืขืืข ืืื ืืฉืืขืจ ืคืขืืืขืจ, ืืืึธืก ืงืขื ืขื ืืืขืจื ืืขื ืืฆื ืฆื ืืืืคึผืึทืก ืืืขืจืึทืคืึทืงืืืฉืึทื ืคืื ืื ืืขืจืืื ื ืคืขืืืขืจ ืืื ืกืขืจืืืคืืงืึทืฅ (CVE-2021-44533); ืืืืคึผืึทืก ืจืืกืืจืืงืฉืึทื ื ืฉืืึทืืืช ืฆื SAN URI ืืืคึผ ืกืขืจืืืคืืงืึทืฅ (CVE-2021-44531); ื ืื ืืขื ืืืืง ืึทืจืืึทื ืฉืจืืึทื ืืืึทืืึทืืืืฉืึทื ืืื ืื console.table () ืคึฟืื ืงืฆืืข, ืืืึธืก ืงืขื ืืืื ืืขืืืืื ื ืฆื ืืึทืฉืืืืขื ืืืืืืง ืกืืจืื ืืก ืฆื ืืืืืืึทื ืฉืืืกืืขื (CVE-2022-21824).
ืืงืืจ: opennet.ru