Ukuba sengozini (CVE-2021-30465) kukhonjwe kukhithi yamathuluzi ye-runc yokusebenzisa iziqukathi ezingazodwa ezisetshenziswa ku-Docker ne-Kubernetes, okuvumela ukufinyelela kusuka esitsheni kuya ohlelweni lwefayela oluyinhloko lwendawo yokusingatha. Ngokukhohlisa izixhumanisi ezingokomfanekiso, kuyenzeka ukulungiselela ukumiswa kwesiqukathi okubonakala kungenangozi okuzoholela ekuhlanganisweni kwesistimu yefayela yangaphandle ngaphakathi kwesiqukathi. Inkinga ilungisiwe kusibuyekezo se-runc 1.0.0-rc95.
Ukuze kusetshenziswe ubungozi, umhlaseli kufanele akwazi ukusebenzisa iziqukathi ezinamaphoyinti okukhweza engeziwe ekucushweni (isibonelo, inkinga ikhiqizwa kabusha ezindaweni ezisuselwe ku-Kubernetes lapho abasebenzisi bangasebenzisa khona iziqukathi zabo). Ngenxa yokuba khona kwewindi lesikhathi phakathi kokuhlola nokusebenzisa amaphuzu okukhweza kuma-partitions abiwe nezinye iziqukathi, umhlaseli angakwazi ukusizakala ngesimo somjaho ngesikhathi sokuqalisa isiqukathi futhi abuyisele uhla lwemibhalo olusetshenziswa lapho kukhwezwa isiqukathi ngesixhumanisi esingokomfanekiso esiya endaweni engaphandle. impande ye-FS yesiqukathi.
Source: opennet.ru
