Ukuba sengozini okubalulekile (CVE-2022-0811) kukhonjwe ku-CRI-O, isikhathi sokusebenza sokuphatha iziqukathi ezihlukanisiwe, ezikuvumela ukuthi udlule ukuhlukaniswa futhi usebenzise ikhodi yakho ohlangothini lwesistimu yomsingathi. Uma kusetshenziswa i-CRI-O esikhundleni sokuthi i-container ne-Docker iqhube iziqukathi ezisebenza ngaphansi kweplathifomu ye-Kubernetes, umhlaseli angathola ukulawula kwanoma iyiphi i-node kuqoqo le-Kubernetes. Ukuze wenze ukuhlasela, unamalungelo anele kuphela okusebenzisa isiqukathi sakho kuqoqo le-Kubernetes.
Ukuba sengozini kubangelwa amathuba okushintsha ipharamitha ye-kernel sysctl βkernel.core_patternβ (β/proc/sys/kernel/core_patternβ), ukufinyelela okungazange kuvinjwe, ngaphandle kweqiniso lokuthi ingekho phakathi kwemingcele ephephile ushintsho, lusebenza kuphela endaweni yamagama yesiqukathi samanje. Ngokusebenzisa le pharamitha, umsebenzisi osuka esitsheni angashintsha ukuziphatha kwe-Linux kernel ngokuphathelene nokucubungula amafayela awumongo ohlangothini lwendawo yokusingatha futhi ahlele ukwethulwa komyalo ongekho emthethweni onamalungelo ezimpande ohlangothini lomsingathi ngokucacisa isibambi esifana β|/bin/sh -c 'commands'β .
Inkinga ibikhona kusukela kukhishwe i-CRI-O 1.19.0 futhi yalungiswa kuzibuyekezo 1.19.6, 1.20.7, 1.21.6, 1.22.3, 1.23.2 kanye ne-1.24.0. Phakathi kokusabalalisa, inkinga ivela ku-Red Hat OpenShift Container Platform kanye nemikhiqizo evulekileSUSE/SUSE, enephakheji ye-cri-o kumakhosombe abo.
Source: opennet.ru