Ukuba sengozini (CVE-2021-3997) kukhonjwe kusisetshenziswa se-systemd-tmpfiles esivumela ukuphindeka okungalawuleki ukuthi kwenzeke. Inkinga ingasetshenziswa ukubangela ukwenqatshwa kwenkonzo ngesikhathi sokuqalisa uhlelo ngokudala inombolo enkulu yemibhalo engezansi kusiqondisi se/tmp. Ukulungisa okwamanje kutholakala nge-patch form. Izibuyekezo zephakheji zokulungisa inkinga zinikezwa ku-Ubuntu ne-SUSE, kodwa azikatholakali nge-Debian, RHEL ne-Fedora (izilungiso ziyahlolwa).
Lapho udala izinkulungwane zemibhalo engaphansi, yenza umsebenzi we-"systemd-tmpfiles --remove" ukuphahlazeka ngenxa yokukhathala kwesitaki. Imvamisa, insiza ye-systemd-tmpfiles yenza imisebenzi yokususa nokudala izinkomba ngocingo olulodwa ("systemd-tmpfiles -create -remove -boot -exclude-prefix=/dev"), ngokususa okwenziwa kuqala bese kulandela ukudala, i.e. Ukwehluleka esigabeni sokususa kuzophumela ekubeni amafayela abalulekile ashiwo kokuthi /usr/lib/tmpfiles.d/*.conf angadalwa.
Isimo sokuhlasela esiyingozi kakhulu ku-Ubuntu 21.04 siyashiwo futhi: njengoba ukuphahlazeka kwe-systemd-tmpfiles kungadali ifayela /run/lock/subsys, futhi umkhombandlela /run/lock ubhalwa yibo bonke abasebenzisi, umhlaseli angakha / run/lock/directory subsys ngaphansi kwesihlonzi sayo futhi, ngokwakhiwa kwezixhumanisi ezingokomfanekiso eziphambana namafayela wokukhiya ezinqubweni zohlelo, hlela ukubhalwa ngaphezulu kwamafayela esistimu.
Ngaphezu kwalokho, singaqaphela ukushicilelwa kokusha okukhishiwe kwephrojekthi ye-Flatpak, Samba, FreeRDP, Clamav kanye ne-Node.js, lapho ubungozi bulungiswa khona:
- Ekukhishweni okulungiswayo kwamathuluzi okwakha amaphakheji e-Flatpak azimele 1.10.6 kanye ne-1.12.3, ubungozi obubili bulungisiwe: Ukuba sengozini kokuqala (CVE-2021-43860) kuvumela, lapho ulanda iphakheji endaweni yokugcina engathenjwa, ngokusebenzisa ukukhohlisa imethadatha, ukufihla ukuboniswa kwezimvume ezithile ezithuthukisiwe phakathi nenqubo yokufaka. Ukuba sengozini kwesibili (ngaphandle kwe-CVE) kuvumela umyalo othi βflatpak-builder βmirror-screenshots-urlβ ukuthi udale izinkomba endaweni yesistimu yefayela ngaphandle kwenkomba yokwakha ngesikhathi sokuhlanganiswa kwephakheji.
- Isibuyekezo se-Samba 4.13.16 siqeda ukuba sengozini (CVE-2021-43566) okuvumela iklayenti ukuthi lidale uhla lwemibhalo kuseva ngaphandle kwendawo ye-FS ethunyelwe ngokukhohlisa izixhumanisi ezingokomfanekiso kuma-partitions e-SMB1 noma e-NFS (inkinga ibangelwa isimo somjaho futhi kunzima ukukusebenzisa ngokwenza, kodwa ngokwethiyori kungenzeka). Izinguqulo zangaphambi kuka-4.13.16 zithintwa inkinga.
Umbiko uphinde washicilelwa mayelana nobunye ubungozi obufanayo (CVE-2021-20316), okuvumela iklayenti eligunyaziwe ukuthi lifunde noma liguqule okuqukethwe kwefayela noma imethadatha yohla lwemibhalo endaweni yeseva ye-FS ngaphandle kwesigaba esithekelisiwe ngokukhohlisa izixhumanisi ezingokomfanekiso. Inkinga ilungisiwe ekukhululweni kwe-4.15.0, kodwa futhi ithinta amagatsha adlule. Kodwa-ke, ukulungiswa kwamagatsha amadala ngeke kushicilelwe, njengoba i-architecture endala ye-Samba VFS ayikuvumeli ukulungisa inkinga ngenxa yokubophezela kokusebenza kwemethadatha ezindleleni zamafayela (ku-Samba 4.15 ungqimba lwe-VFS lwaklanywa kabusha ngokuphelele). Okwenza inkinga ingabi yingozi kakhulu ukuthi kuyinkimbinkimbi impela ukusebenza futhi amalungelo okufinyelela omsebenzisi kufanele avumele ukufunda noma ukubhala kufayela eliqondiwe noma uhla lwemibhalo.
- Ukukhishwa kwephrojekthi ye-FreeRDP 2.5, enikeza ukuqaliswa kwamahhala kwe-Remote Desktop Protocol (RDP), kulungisa izinkinga ezintathu zokuphepha (izihlonzi ze-CVE azabelwe) ezingaholela ekuchichimeni kwebhafa uma usebenzisa indawo engalungile, ukucubungula ukubhaliswa okuklanywe ngokukhethekile. izilungiselelo kanye nokukhombisa igama lesengezo elingafomethiwe kahle. Izinguquko enguqulweni entsha zihlanganisa ukusekelwa kwelabhulali ye-OpenSSL 3.0, ukuqaliswa kokulungiselelwa kwe-TcpConnectTimeout, ukuhambisana okuthuthukisiwe ne-LibreSSL kanye nesixazululo sezinkinga zebhodi lokunamathisela ezindaweni ezisekelwe e-Wayland.
- Ukukhishwa okusha kwephakheji ye-antivirus yamahhala i-ClamAV 0.103.5 kanye ne-0.104.2 kuqeda ukuba sengozini kwe-CVE-2022-20698, okuhlotshaniswa nokufunda kwesikhombi okungalungile futhi ikuvumela ukuthi udale ukuphahlazeka kwenqubo ukude uma iphakheji ihlanganiswa ne-libjson- c kanye nenketho ye-CL_SCAN_GENERAL_COLLECT_METADATA inikwe amandla kuzilungiselelo (clamscan --gen-json).
- Iplathifomu ye-Node.js ibuyekeza okuthi 16.13.2, 14.18.3, 17.3.1 kanye no-12.22.9 ilungise ubungozi obune: ukweqa ukuqinisekiswa kwesitifiketi lapho iqinisekisa uxhumano lwenethiwekhi ngenxa yokuguqulwa okungalungile kwe-SAN (Amagama Ahlukile Wesihloko) ibe ifomethi yeyunithi yezinhlamvu (CVE- 2021 -44532); ukuphatha okungalungile kokubalwa kwamanani amaningi esihlokweni kanye nezinkambu ezikhiphayo, ezingasetshenziswa ukudlula ukuqinisekiswa kwezinkambu ezishiwo ezitifiketini (CVE-2021-44533); imikhawulo yokudlula ehlobene nohlobo lwe-SAN URI ezitifiketini (CVE-2021-44531); Ukuqinisekisa okokufaka okunganele kumsebenzi we-console.table(), ongasetshenziswa ukunikeza amayunithi ezinhlamvu angenalutho kokhiye bedijithali (CVE-2022-21824).
Source: opennet.ru