Ukuba sengozini (CVE-2021-38604) kukhonjwe ku-Glibc, okwenza kube nokwenzeka ukuqalisa ukuphahlazeka kwezinqubo ohlelweni ngokuthumela umlayezo oklanywe ngokukhethekile nge-POSIX yemigqa yemilayezo ye-API. Inkinga ayikaveli ekusatshalalisweni, njengoba ikhona kuphela ekukhululweni kwe-2.34, eshicilelwe emasontweni amabili edlule.
Inkinga ibangelwa ukuphathwa okungalungile kwedatha ye-NOTIFY_REMOVED kukhodi ye-mq_notify.c, okuholela ekususweni kwesikhombi esingu-NULL kanye nokuphahlazeka kwenqubo. Kuyathakazelisa ukuthi inkinga iwumphumela wephutha ekulungiseni obunye ubungozi (CVE-2021-33574), obulungiswe ekukhishweni kwe-Glibc 2.34. Ngaphezu kwalokho, uma ukuba sengozini kokuqala kwakunzima kakhulu ukukusebenzisa futhi kudinga inhlanganisela yezimo ezithile, khona-ke kulula kakhulu ukuhlasela usebenzisa inkinga yesibili.
Source: opennet.ru