ืคึผืจืึธื”ืึธืกื˜ืขืจ > ื‘ืœืึธื’ > ืื™ื ื˜ืขืจื ืขื˜ ื ื™ื™ึทืขืก > Nginx 1.22.1 ืื•ืŸ 1.23.2 ื“ืขืจื”ื™ื™ึทื ื˜ื™ืงืŸ ืžื™ื˜ ื•ื•ืึทืœื ืขืจืึทื‘ื™ืœื™ื˜ื™ื– ืคืึทืจืคืขืกื˜ื™ืงื˜

Nginx 1.22.1 ืื•ืŸ 1.23.2 ื“ืขืจื”ื™ื™ึทื ื˜ื™ืงืŸ ืžื™ื˜ ื•ื•ืึทืœื ืขืจืึทื‘ื™ืœื™ื˜ื™ื– ืคืึทืจืคืขืกื˜ื™ืงื˜

ื“ื™ ื”ื•ื™ืคึผื˜ ืฆื•ื•ื™ื™ึทื’ ืคื•ืŸ nginx 1.23.2 ืื™ื– ื‘ืืคืจื™ื™ื˜, ืื™ืŸ ื•ื•ืึธืก ื“ื™ ืึทื ื˜ื•ื•ื™ืงืœื•ื ื’ ืคื•ืŸ ื ื™ื™ึท ืคึฟืขื™ึดืงื™ื™ื˜ืŸ ื”ืืœื˜, ื•ื•ื™ ื’ืขื–ื•ื ื˜ ื•ื•ื™ ื“ื™ ืžืขืœื“ื•ื ื’ ืคื•ืŸ ื“ื™ ืคึผืึทืจืึทืœืขืœ ื’ืขืฉื˜ื™ืฆื˜ ืกื˜ืึทื‘ื™ืœ ืฆื•ื•ื™ื™ึทื’ ืคื•ืŸ nginx 1.22.1, ื•ื•ืึธืก ื‘ืœื•ื™ื– ื™ื ืงืœื•ื“ื– ืขื ื“ืขืจื•ื ื’ืขืŸ ืฉื™ื™ึทื›ื•ืช ืฆื• ื“ื™ ื™ืœื™ืžืึทื ื™ื™ืฉืึทืŸ ืคื•ืŸ ืขืจื ืกื˜ ืขืจืจืึธืจืก ืื•ืŸ ื•ื•ืึทืœื ืขืจืึทื‘ื™ืœื™ื˜ื™ื–.

ื“ื™ ื ื™ื™ึทืข ื•ื•ืขืจืกื™ืขืก ืขืœื™ืžื™ื ื™ืจืŸ ืฆื•ื•ื™ื™ ื•ื•ืึทืœื ืขืจืึทื‘ื™ืœื™ื˜ื™ื– (CVE-2022-41741, CVE-2022-41742) ืื™ืŸ ื“ื™ ngx_http_mp4_module ืžืึธื“ื•ืœืข, ื’ืขื ื™ืฆื˜ ืฆื• ืึธืจื’ืึทื ื™ื–ื™ืจืŸ ืกื˜ืจื™ืžื™ื ื’ ืคื•ืŸ ื˜ืขืงืขืก ืื™ืŸ ื“ื™ H.264/AAC ืคึฟืึธืจืžืึทื˜. ื“ื™ ื•ื•ืึทืœื ืขืจืึทื‘ื™ืœื™ื˜ื™ื– ืงืขืŸ ืคื™ืจืŸ ืฆื• ื–ื™ืงืึธืจืŸ ืงืึธืจื•ืคึผืฆื™ืข ืึธื“ืขืจ ื–ื›ึผืจื•ืŸ ืจื™ื ืขืŸ ื•ื•ืขืŸ ืคึผืจืึทืกืขืกื™ื ื’ ืึท ืกืคึผืขืฉืœื™ ืงืจืึทืคื˜ืขื“ mp4 ื˜ืขืงืข. ืึท ื ื•ื™ื˜ืคืึทืœ ื˜ืขืจืžืึทื ื™ื™ืฉืึทืŸ ืคื•ืŸ ืึท ืึทืจื‘ืขื˜ ืคึผืจืึธืฆืขืก ืื™ื– ื“ืขืจืžืื ื˜ ื•ื•ื™ ืึท ืงืึทื ืกืึทืงื•ื•ืึทื ืก, ืึธื‘ืขืจ ืื ื“ืขืจืข ืžืึทื ืึทืคืขืกื˜ื™ื™ืฉืึทื ื– ื–ืขื ืขืŸ ื ื™ืฉื˜ ื™ืงืกืงืœื•ื“ื™ื“, ืึทื–ืึท ื•ื•ื™ ื“ื™ ืึธืจื’ืึทื ื™ื–ืึทืฆื™ืข ืคื•ืŸ โ€‹โ€‹ืงืึธื“ ื“ื•ืจื›ืคื™ืจื•ื ื’ ืื•ื™ืฃ ื“ื™ ืกืขืจื•ื•ืขืจ.

ืขืก ืื™ื– ื ืึธื•ื˜ื•ื•ืขืจื“ื™ ืึทื– ืึท ืขื ืœืขืš ื•ื•ืึทืœื ืขืจืึทื‘ื™ืœื™ื˜ื™ ืื™ื– ืฉื•ื™ืŸ ืคืึทืจืคืขืกื˜ื™ืงื˜ ืื™ืŸ ื“ื™ ngx_http_mp4_module ืžืึธื“ื•ืœืข ืื™ืŸ 2012. ืื™ืŸ ืึทื“ื™ืฉืึทืŸ, F5 ื’ืขืžืืœื“ืŸ ืึท ืขื ืœืขืš ื•ื•ืึทืœื ืขืจืึทื‘ื™ืœื™ื˜ื™ (CVE-2022-41743) ืื™ืŸ ื“ื™ NGINX Plus ืคึผืจืึธื“ื•ืงื˜, ื•ื•ืึธืก ืึทืคืขืงืฅ ื“ื™ ngx_http_hls_module ืžืึธื“ื•ืœืข, ื•ื•ืึธืก ื’ื™ื˜ ืฉื˜ื™ืฆืŸ ืคึฟืึทืจ ื“ื™ HLS (Apple HTTP Live Streaming) ืคึผืจืึธื˜ืึธืงืึธืœ.

ืื™ืŸ ืึทื“ื™ืฉืึทืŸ ืฆื• ื™ืœื™ืžืึทื ื™ื™ื˜ื™ื ื’ ื•ื•ืึทืœื ืขืจืึทื‘ื™ืœื™ื˜ื™ื–, ื“ื™ ืคืืœื’ืขื ื“ืข ืขื ื“ืขืจื•ื ื’ืขืŸ ื–ืขื ืขืŸ ืคืืจื’ืขืœื™ื™ื’ื˜ ืื™ืŸ nginx 1.23.2:

  • ืฆื•ื’ืขื’ืขื‘ืŸ ืฉื˜ื™ืฆืŸ ืคึฟืึทืจ ื“ื™ "$proxy_protocol_tlv_*" ื•ื•ืขืจื™ืึทื‘ืึทืœื–, ื•ื•ืึธืก ืึทื ื˜ื”ืึทืœื˜ืŸ ื“ื™ ื•ื•ืึทืœื•ืขืก ืคื•ืŸ ื“ื™ TLV (Type-Length-Value) ืคืขืœื“ืขืจ ื•ื•ืึธืก ื“ืขืจืฉื™ื™ึทื ืขืŸ ืื™ืŸ ื“ื™ Type-Length-Value PROXY v2 ืคึผืจืึธื˜ืึธืงืึธืœ.
  • ืฆื•ื’ืขืฉื˜ืขืœื˜ ืึธื˜ืึทืžืึทื˜ื™ืง ืจืึธื•ื˜ื™ื™ืฉืึทืŸ ืคื•ืŸ ืขื ืงืจื™ืคึผืฉืึทืŸ ืฉืœื™ืกืœืขืŸ ืคึฟืึทืจ TLS ืกืขืกื™ืข ื˜ื™ืงืึทืฅ, ื’ืขื ื™ืฆื˜ ื•ื•ืขืŸ ื ื™ืฆืŸ ืฉืขืจื“ ื–ื›ึผืจื•ืŸ ืื™ืŸ ื“ื™ ssl_session_cache ื“ื™ืจืขืงื˜ื™ื•ื•.
  • ื“ื™ ืœืึธื’ื™ื ื’ ืžื“ืจื’ื” ืคึฟืึทืจ ืขืจืจืึธืจืก ืฉื™ื™ึทื›ื•ืช ืฆื• ืคืึทืœืฉ ืกืกืœ ืจืขืงืึธืจื“ ื˜ื™ื™ืคึผืก ืื™ื– ืœืึธื•ืขืจื“ ืคื•ืŸ ืงืจื™ื˜ื™ืฉ ืฆื• ื™ื ืคืึธืจืžืึทื˜ื™ื•ื• ืžื“ืจื’ื”.
  • ื“ื™ ืœืึธื’ื™ื ื’ ืžื“ืจื’ื” ืคึฟืึทืจ ืึทืจื˜ื™ืงืœืขืŸ ื•ื•ืขื’ืŸ ื“ื™ ื™ื ืึทื‘ื™ืœื™ื˜ื™ ืฆื• ืึทืœืึทืงื™ื™ื˜ ื–ื™ืงืึธืจืŸ ืคึฟืึทืจ ืึท ื ื™ื™ึทืข ืกืขืกื™ืข ืื™ื– ื˜ืฉื™ื™ื ื“ื–ืฉื“ ืคื•ืŸ ืคืœื™ื ืง ืฆื• ื•ื•ืึธืจืขื ืขืŸ ืื•ืŸ ืื™ื– ืœื™ืžื™ื˜ืขื“ ืฆื• ืึทืจื•ื™ืกืคื™ืจืŸ ืื™ื™ืŸ ืคึผืึธื–ื™ืฆื™ืข ืคึผืขืจ ืกืขืงื•ื ื“ืข.
  • ืื•ื™ืฃ ื“ื™ Windows ืคึผืœืึทื˜ืคืึธืจืžืข, ืคึฟืึทืจื–ืึทืžืœื•ื ื’ ืžื™ื˜ OpenSSL 3.0 ืื™ื– ื’ืขื’ืจื™ื ื“ืขื˜.
  • ื™ืžืคึผืจื•ื•ื•ื“ ืึธืคึผืฉืคึผื™ื’ืœื•ื ื’ ืคื•ืŸ PROXY ืคึผืจืึธื˜ืึธืงืึธืœ ืขืจืจืึธืจืก ืื™ืŸ ื“ื™ ืงืœืึธืฅ.
  • ืคืึทืจืคืขืกื˜ื™ืงื˜ ืึทืŸ ืึทืจื•ื™ืกื’ืขื‘ืŸ ื•ื•ื• ื“ื™ ื˜ื™ื™ืžืึทื•ื˜ ืกืคึผืขืกื™ืคื™ืขื“ ืื™ืŸ ื“ื™ "ssl_session_timeout" ื“ื™ืจืขืงื˜ื™ื•ื• ื”ืื˜ ื ื™ืฉื˜ ืึทืจื‘ืขื˜ืŸ ื•ื•ืขืŸ ื ื™ืฆืŸ TLSv1.3 ื‘ืื–ื™ืจื˜ ืื•ื™ืฃ OpenSSL ืึธื“ืขืจ BoringSSL.

ืžืงื•ืจ: opennet.ru

ืœื™ื™ื’ืŸ ืึท ื‘ืึทืžืขืจืงื•ื ื’