I-ProHoster > Π‘Π»ΠΎΠ³ > izindaba ze-inthanethi > Ukuba sengozini okuyingozi ku-QEMU, Node.js, Grafana ne-Android

Ukuba sengozini okuyingozi ku-QEMU, Node.js, Grafana ne-Android

Okuningana okuhlonziwe kamuva nje:

  • Ukuba sengozini (I-CVE-2020-13765) ku-QEMU, okungase kubangele ukuthi ikhodi isetshenziswe ngamalungelo enqubo ye-QEMU ohlangothini lomsingathi lapho isithombe se-kernel yangokwezifiso silayishwa kusivakashi. Inkinga ibangelwa ukuchichima kwebhafa kukhodi yekhophi ye-ROM ngesikhathi sokuqalisa kwesistimu futhi kwenzeka lapho okuqukethwe kwesithombe se-32-bit kernel kulayishwa kumemori. Ukulungisa okwamanje kutholakala kuphela ngefomu isichibi.
  • Ubuthakathaka obune ku-Node.js. Ukuba sengozini kuqedwe ekukhishweni okungu-14.4.0, 10.21.0 kanye no-12.18.0.
    • I-CVE-2020-8172 - Ivumela ukuqinisekiswa kwesitifiketi sosokhaya ukuthi kudliwe lapho kusetshenziswa kabusha iseshini ye-TLS.
    • I-CVE-2020-8174 - Ngokunokwenzeka ivumela ukusetshenziswa kwekhodi kusistimu ngenxa yokuchichima kwebhafa emisebenzini ye-napi_get_value_string_*() eyenzeka phakathi nezingcingo ezithile I-N-API (I-C API yokubhala izengezo zomdabu).
    • I-CVE-2020-10531 iyinani elichichimayo ku-ICU (Izingxenye Zamazwe Ngamazwe Ze-Unicode) ye-C/C++ engaholela ekuchichimeni kwebhafa lapho usebenzisa umsebenzi we-UnicodeString::doAppend().
    • I-CVE-2020-11080 - ivumela ukwenqatshwa kwesevisi (umthwalo we-CPU ongu-100%) ngokudluliswa kwamafreyimu amakhulu "ama-SETTINGS" lapho uxhuma nge-HTTP/2.
  • Ukuba sengozini kuplathifomu ye-Grafana interactive metrics visualization, esetshenziselwa ukwakha amagrafu okuqapha asuselwe emithonjeni ehlukahlukene yedatha. Iphutha kukhodi yokusebenza ngama-avatar likuvumela ukuthi uqalise ukuthumela isicelo se-HTTP ukusuka e-Grafana kunoma iyiphi i-URL ngaphandle kokudlulisa ubuqiniso futhi ubone umphumela walesi sicelo. Lesi sici singasetshenziswa, isibonelo, ukufunda inethiwekhi yangaphakathi yezinkampani ezisebenzisa i-Grafana. Inkinga kuqedwe ezindabeni
    Grafana 6.7.4 kanye 7.0.2. Njengendlela yokuphepha, kunconywa ukuthi ubeke umkhawulo wokufinyelela ku-URL β€œ/i-avatar/*” kuseva esebenzisa i-Grafana.

  • eshicilelwe Isethi kaJuni yokulungiswa kokuvikeleka kwe-Android, elungisa ubungozi obungu-34. Izinkinga ezine zinikezwe izinga lokuqina elibalulekile: ubungozi obubili (CVE-2019-14073, CVE-2019-14080) ezingxenyeni eziphathelene ne-Qualcomm) kanye nokuba sengozini okubili ohlelweni okuvumela ukusetshenziswa kwekhodi lapho kusetshenzwa idatha yangaphandle eklanywe ngokukhethekile (CVE-2020 -0117 - inombolo ephelele kuchichima kusitaki se-Bluetooth, I-CVE-2020-8597 - Ukuchichima kwe-EAP ku-pppd).

Source: opennet.ru

Engeza amazwana