Cisco Security Abacwaningi ulwazi lokuba sengozini (CVE-2019-5021) ku Ukusatshalaliswa kwe-Alpine kwesistimu yokuhlukanisa isitsha se-Docker. Ingqikithi yenkinga ekhonjiwe ukuthi iphasiwedi ezenzakalelayo yomsebenzisi oyimpande isethwe kuphasiwedi engenalutho ngaphandle kokuvimba ukungena okuqondile njengempande. Masikhumbule ukuthi i-Alpine isetshenziselwa ukukhiqiza izithombe ezisemthethweni ezivela kuphrojekthi ye-Docker (izakhiwo ezisemthethweni ngaphambilini zazisekelwe ku-Ubuntu, kodwa-ke kwakukhona. e-Alpine).
Inkinga ibilokhu ikhona selokhu kwakhiwe i-Alpine Docker 3.3 futhi idalwe ukuguqulwa kokuhlehla okwengezwe ngo-2015 (ngaphambi kwenguqulo 3.3, /etc/shadow isebenzisa umugqa "root:!::0:::::", futhi ngemuva ukwehliswa kwefulegi elithi “-d” umugqa “impande:::0:::::” kwaqala ukwengezwa. Inkinga yaqale yabonakala futhi ngoNovemba 2015, kodwa ngoDisemba ngephutha futhi emafayeleni okwakha egatsha lokuhlola, bese lidluliselwa kuzakhiwo ezizinzile.
Ulwazi lokuba sengozini luthi inkinga ivela egatsheni lakamuva le-Alpine Docker 3.9. Abathuthukisi be-Alpine ngoMashi isichibi kanye nokuba sengozini ukuqala ngokwakha u-3.9.2, 3.8.4, 3.7.3 kanye no-3.6.5, kodwa uhlala emagatsheni amadala angu-3.4.x no-3.5.x, asevele enqanyuliwe. Ngaphezu kwalokho, abathuthukisi bathi i-vector yokuhlasela ilinganiselwe kakhulu futhi idinga ukuthi umhlaseli abe nokufinyelela kungqalasizinda efanayo.
Source: opennet.ru