ืคึผืจืึธื”ืึธืกื˜ืขืจ > ื‘ืœืึธื’ > ืื™ื ื˜ืขืจื ืขื˜ ื ื™ื™ึทืขืก > ื•ื•ืึทืœื ืขืจืึทื‘ื™ืœื™ื˜ื™ื– ืื™ืŸ LibreCAD, Ruby, TensorFlow, Mailman ืื•ืŸ Vim

ื•ื•ืึทืœื ืขืจืึทื‘ื™ืœื™ื˜ื™ื– ืื™ืŸ LibreCAD, Ruby, TensorFlow, Mailman ืื•ืŸ Vim

ืขื˜ืœืขื›ืข ืœืขืฆื˜ื ืก ื™ื™ื“ืขื ืึทืคื™ื™ื“ ื•ื•ืึทืœื ืขืจืึทื‘ื™ืœื™ื˜ื™ื–:

  • ื“ืจื™ื™ ื•ื•ืึทืœื ืขืจืึทื‘ื™ืœื™ื˜ื™ื– ืื™ืŸ ื“ื™ ืคืจื™ื™ LibreCAD ืงืึธืžืคึผื™ื•ื˜ืขืจ-ืึทืกื™ื™ื“ื™ื“ ืคึผืœืึทืŸ ืกื™ืกื˜ืขื ืื•ืŸ ื“ื™ libdxfrw ื‘ื™ื‘ืœื™ืึธื˜ืขืง ื•ื•ืึธืก ืœืึธื–ืŸ ืื™ืจ ืฆื• ืฆื™ื ื’ืœ ืึท ืงืึทื ื˜ืจืึธื•ืœื“ ื‘ืึทืคืขืจ ืึธื•ื•ื•ืขืจืคืœืึธื• ืื•ืŸ ืคึผืึทื˜ืขื ื˜ืฉืึทืœื™ ื“ืขืจื’ืจื™ื™ื›ืŸ ืงืึธื“ ื“ื•ืจื›ืคื™ืจื•ื ื’ ื•ื•ืขืŸ ืขืคืŸ ืกืคึผืขืฉืœื™ ืคืึธืจืžืึทื˜ื˜ืขื“ DWG ืื•ืŸ DXF ื˜ืขืงืขืก. ื“ื™ ืคึผืจืึธื‘ืœืขืžืก ื–ืขื ืขืŸ ืคืึทืจืคืขืกื˜ื™ืงื˜ ื‘ื™ื– ืื™ืฆื˜ ื‘ืœื•ื™ื– ืื™ืŸ ื“ื™ ืคืึธืจืขื ืคื•ืŸ ืคึผืึทื˜ืฉืึทื– (CVE-2021-21898, CVE-2021-21899, CVE-2021-21900).
  • ื ื•ื•ืึทืœื ืขืจืึทื‘ื™ืœื™ื˜ื™ (CVE-2021-41817) ืื™ืŸ ื“ื™ Date.parse ืื•ืคึฟืŸ ืฆื•ื’ืขืฉื˜ืขืœื˜ ืื™ืŸ ื“ื™ ืจื•ื‘ื™ ื ืึธืจืžืึทืœ ื‘ื™ื‘ืœื™ืึธื˜ืขืง. ืคืœืึธื– ืื™ืŸ ื“ื™ ืจืขื’ื•ืœืขืจ ืื•ื™ืกื“ืจื•ืงืŸ ื’ืขื ื™ืฆื˜ ืฆื• ืคึผืึทืจืกื™ืจืŸ ื“ืึทื˜ืขืก ืื™ืŸ ื“ื™ Date.parse ืื•ืคึฟืŸ ืงืขื ืขืŸ ื•ื•ืขืจืŸ ื’ืขื ื•ืฆื˜ ืฆื• ื“ื•ืจื›ืคื™ืจืŸ ื“ืึธืก ืื ืคืืœืŸ, ืจื™ื–ืึทืœื˜ื™ื ื’ ืื™ืŸ ื“ื™ ืงืึทื ืกืึทืžืฉืึทืŸ ืคื•ืŸ ื‘ืึทื˜ื™ื™ื˜ื™ืง ืงืคึผื• ืจืขืกื•ืจืกืŸ ืื•ืŸ ื–ื›ึผืจื•ืŸ ืงืึทื ืกืึทืžืฉืึทืŸ ื•ื•ืขืŸ ืคึผืจืึทืกืขืกื™ื ื’ ืกืคึผืขืฉืœื™ ืคืึธืจืžืึทื˜ื˜ืขื“ ื“ืึทื˜ืŸ.
  • ื ื•ื•ืึทืœื ืขืจืึทื‘ื™ืœื™ื˜ื™ ืื™ืŸ ื“ื™ TensorFlow ืžืึทืฉื™ืŸ ืœืขืจื ืขืŸ ืคึผืœืึทื˜ืคืึธืจืžืข (CVE-2021-41228), ื•ื•ืึธืก ืึทืœืึทื•ื– ืงืึธื“ ืฆื• ื–ื™ื™ืŸ ืขืงืกืึทืงื™ื•ื˜ืึทื“ ื•ื•ืขืŸ ื“ื™ saved_model_cli ื ื•ืฆืŸ ืคึผืจืึทืกืขืกืึทื– ืึทื˜ืึทืงืขืจ ื“ืึทื˜ืŸ ื“ื•ืจื›ื’ืขื’ืื ื’ืขืŸ ื“ื•ืจืš ื“ื™ "--input_examples" ืคึผืึทืจืึทืžืขื˜ืขืจ. ื“ื™ ืคึผืจืึธื‘ืœืขื ืื™ื– ื’ืขืคึฟื™ืจื˜ ื“ื•ืจืš ื“ื™ ื ื•ืฆืŸ ืคื•ืŸ ืคื•ื ื“ืจื•ื™ืกื ื“ื™ืง ื“ืึทื˜ืŸ ื•ื•ืขืŸ ืื™ืจ ืจื•ืคืŸ ื“ืขื ืงืึธื“ ืžื™ื˜ ื“ื™ "ืขื•ื•ืึทืœ" ืคึฟื•ื ืงืฆื™ืข. ื“ื™ ืึทืจื•ื™ืกื’ืขื‘ืŸ ืื™ื– ืกืึทืœื•ื•ื“ ืื™ืŸ ื“ื™ ืจื™ืœื™ืกื™ื– ืคื•ืŸ TensorFlow 2.7.0, TensorFlow 2.6.1, TensorFlow 2.5.2 ืื•ืŸ TensorFlow 2.4.4.
  • ื ื•ื•ืึทืœื ืขืจืึทื‘ื™ืœื™ื˜ื™ (CVE-2021-43331) ืื™ืŸ ื“ื™ GNU Mailman ืžื™ื™ืœื™ื ื’ ืคืึทืจื•ื•ืึทืœื˜ื•ื ื’ ืกื™ืกื˜ืขื ื’ืขืคึฟื™ืจื˜ ื“ื•ืจืš ืคืึทืœืฉ ื”ืึทื ื“ืœื™ื ื’ ืคื•ืŸ ื–ื™ื›ืขืจ ื˜ื™ื™ืคึผืก ืคื•ืŸ URL ืก. ื“ืขืจ ืคึผืจืึธื‘ืœืขื ืึทืœืึทื•ื– ืื™ืจ ืฆื• ืึธืจื’ืึทื ื™ื–ื™ืจืŸ ื“ื™ ื“ื•ืจื›ืคื™ืจื•ื ื’ ืคื•ืŸ ื“ื–ืฉืึทื•ื•ืึทืกืงืจื™ืคึผื˜ ืงืึธื“ ื“ื•ืจืš ืกืคึผืขืฆื™ืคื™ืฆื™ืจืŸ ืึท ืกืคึผืขืฉืœื™ ื“ื™ื–ื™ื™ื ื“ URL ืื•ื™ืฃ ื“ื™ ืกืขื˜ื˜ื™ื ื’ืก ื‘ืœืึทื˜. ืืŸ ืื ื“ืขืจ ืึทืจื•ื™ืกื’ืขื‘ืŸ ืื™ื– ืื•ื™ืš ื™ื™ื“ืขื ืึทืคื™ื™ื“ ืื™ืŸ Mailman (CVE-2021-43332), ื•ื•ืึธืก ืึทืœืึทื•ื– ืึท ื‘ืึทื ื™ืฆืขืจ ืžื™ื˜ ืžืึธื“ืขืจืึทื˜ืึธืจ ืจืขื›ื˜ ืฆื• ื˜ืจืขืคืŸ ื“ื™ ืึทื“ืžื™ื ื™ืกื˜ืจืึทื˜ืึธืจ ืคึผืึทืจืึธืœ. ื“ื™ ื™ืฉื•ื– ื–ืขื ืขืŸ ืกืึทืœื•ื•ื“ ืื™ืŸ ื“ื™ Mailman 2.1.36 ืžืขืœื“ื•ื ื’.
  • ื ืกืขืจื™ืข ืคื•ืŸ โ€‹โ€‹ื•ื•ืึทืœื ืขืจืึทื‘ื™ืœื™ื˜ื™ื– ืื™ืŸ ื“ื™ Vim ื˜ืขืงืกื˜ ืจืขื“ืึทืงื˜ืึธืจ ื•ื•ืึธืก ืงืขื ืขืŸ ืคื™ืจืŸ ืฆื• ืึท ื‘ืึทืคืขืจ ืึธื•ื•ื•ืขืจืคืœืึธื• ืื•ืŸ ืคึผืึทื˜ืขื ื˜ืฉืึทืœื™ ื“ื•ืจื›ืคื™ืจื•ื ื’ ืคื•ืŸ ืึทื˜ืึทืงืขืจ ืงืึธื“ ื•ื•ืขืŸ ืขืคืŸ ืกืคึผืขืฆื™ืขืœ ืงืจืึทืคื˜ืขื“ ื˜ืขืงืขืก ื“ื•ืจืš ื“ื™ "-S" ืึธืคึผืฆื™ืข (CVE-2021-3903, CVE-2021-3872, CVE-2021 -3927, CVE -2021-3928, ืงืขืจืขืงืฉืึทื ื– - 1, 2, 3, 4).

ืžืงื•ืจ: opennet.ru

ืœื™ื™ื’ืŸ ืึท ื‘ืึทืžืขืจืงื•ื ื’