I-ProHoster > Блог > izindaba ze-inthanethi > Ubungozi ku-Linux kernel, Glibc, GStreamer, Ghostscript, BIND kanye ne-CUPS

Ubungozi ku-Linux kernel, Glibc, GStreamer, Ghostscript, BIND kanye ne-CUPS

Okuningana okuhlonziwe kamuva nje:

  • I-CVE-2023-39191 iwubungozi kusistimu engaphansi ye-eBPF evumela umsebenzisi wasendaweni ukuthi akhulise amalungelo akhe futhi akhiphe ikhodi ezingeni le-Linux kernel. Ukuba sengozini kubangelwa ukuqinisekiswa okungalungile kwezinhlelo ze-eBPF ezihanjiswe umsebenzisi ukuze zisetshenziswe. Ukuze enze ukuhlasela, umsebenzisi kufanele akwazi ukulayisha eyakhe uhlelo lwe-BPF (uma ipharamitha ye-kernel.unprivileged_bpf_disabled isethelwe ku-0, isibonelo, njengaku-Ubuntu 20.04). Ulwazi mayelana nokuba sengozini ludluliselwe kubathuthukisi be-kernel emuva ngoDisemba wonyaka odlule, futhi ukulungiswa kwethulwa buthule ngoJanuwari.
  • I-CVE-2023-42753 Inkinga enezinkomba zamalungu afanayo ekusetshenzisweni kwe-ipset kusistimu engaphansi ye-netfilter kernel, engasetshenziswa ukukhulisa/ukwehlisa izikhombi nokudala izimo zokubhala noma zokufundela indawo yenkumbulo ngaphandle kwebhafa eyabelwe. Ukuhlola ukuba sengozini, i-prototype yokuxhaphaza isilungisiwe ebangela ukuqedwa okungavamile (izimo zokuxhashazwa eziyingozi kakhulu azikwazi ukukhishwa). Ukulungiswa kufakwe ekukhishweni kwe-kernel 5.4.257, 6.5.3, 6.4.16, 6.1.53, 5.10.195, 5.15.132.
  • I-CVE-2023-39192, CVE-2023-39193, CVE-2023-39193 - ubungozi obuningana ku-Linux kernel eholela ekuvuzeni kokuqukethwe kwenkumbulo ye-kernel ngenxa yekhono lokufunda ezindaweni ezingaphandle kwebhafa eyabelwe ku-match_flags kanye nemisebenzi ye-u32_match_it ye-Netfilter subsystem, kanye nekhodi yokucubungula isihlungi sombuso. Ukuba sengozini kwalungiswa ngo-Agasti (1, 2) kanye noJuni.
  • I-CVE-2023-42755 iwukuba sengcupheni okuvumela umsebenzisi wasendaweni ongavikelekile ukuthi abangele ukuphahlazeka kwe-kernel ngenxa yephutha lapho esebenza nezikhombi kusihlukanisi sethrafikhi se-rsvp. Inkinga ivela kuma-LTS kernels 6.1, 5.15, 5.10, 5.4, 4.19 kanye no-4.14. I-prototype yokuxhaphaza isilungisiwe. Ukulungiswa akukakamukelwa ku-kernel futhi kuyatholakala njengepheshi.
  • I-CVE-2023-42756 yisimo somjaho ku-NetFilter kernel subsystem engasetshenziswa ukuze kubangele umsebenzisi wendawo ukuthi acuphe isimo Sokwethuka. I-exploit prototype iyatholakala esebenza okungenani kuma-kernels 6.5.rc7, 6.1 kanye no-5.10. Ukulungiswa akukakamukelwa ku-kernel futhi kuyatholakala njengepheshi.
  • I-CVE-2023-4527 Ukuchichima kwesitaki kulabhulali ye-Glibc kwenzeka kumsebenzi we-getaddrininfo lapho kucutshungulwa impendulo ye-DNS enkulu kunamabhayithi angu-2048. Ukuba sengozini kungase kubangele ukuvuza kwedatha yesitaki noma ukuphahlazeka. Ukuba sengozini kuvela kuphela kuzinguqulo ze-Glibc ezintsha kuno-2.36 uma usebenzisa inketho ethi “no-aaaa” kokuthi /etc/resolv.conf.
  • I-CVE-2023-40474, i-CVE-2023-40475 isengozini yohlaka lwe-GStreamer multimedia oludalwe ukuchichima okuphelele kuzibambi zefayela levidiyo le-MXF. Ubungozi bungaholela ekusebenziseni ikhodi yomhlaseli lapho kucutshungulwa amafayela e-MXF aklanywe ngokukhethekile ohlelweni olusebenzisa i-GStreamer. Inkinga ilungisiwe kuphakheji ye-gst-plugins-bad 1.22.6.
  • CVE-2023-40476 - Ukuchichima kwebhafa kusicubunguli sevidiyo se-H.265 esinikezwa nge-GStreamer, esivumela ukusetshenziswa kwekhodi lapho kucutshungulwa ividiyo efomethwe ngokukhethekile. Ukuba sengozini kulungisiwe kuphakheji ye-gst-plugins-bad 1.22.6.
  • Ukuhlaziywa - ukuhlaziywa kokuxhaphaza okusebenzisa ukuba sengozini kwe-CVE-2023-36664 kuphakheji ye-Ghostscript ukuze isebenzise ikhodi yayo lapho ivula amadokhumenti e-PostScript aklanywe ngokukhethekile. Inkinga ibangelwa ukucutshungulwa okungalungile kwamagama wamafayela aqala ngohlamvu oluthi “|”. noma isiqalo %pipe%. Ukuba sengozini kulungisiwe ekukhishweni kwe-Ghostscript 10.01.2.
  • I-CVE-2023-3341, CVE-2023-4236 - ubungozi kuseva ye-BIND 9 DNS obuholela ekuphahlazekeni kwenqubo eqanjiwe lapho kucutshungulwa imilayezo yokulawula eklanywe ngokukhethekile (ukufinyelela embobeni ye-TCP okuphathwa ngayo igama kwanele (kuvuleka kuphela ngokuzenzakalelayo). okwesixhumi esibonakalayo se-loopback), ulwazi lokhiye we-RNDC aludingeki) noma ukudala umthwalo othile ophezulu kumodi ye-DNS-over-TLS. Ubungozi buxazululwe ekukhishweni kwe-BIND okungu-9.16.44, 9.18.19, kanye no-9.19.17.
  • I-CVE-2023-4504 iwubungozi kuseva yokuphrinta ye-CUPS kanye nelabhulali ye-libppd eholela ekuchichimeni kwebhafa lapho kudluliswa amadokhumenti e-Postscript afomethwe ngokukhethekile. Kungenzeka ukuthi ubungozi bungase busetshenziswe ukuze kuhlelwe ukwenziwa kwekhodi yomuntu ohlelweni. Inkinga ixazululiwe ekukhishweni kwe-CUPS 2.4.7 (ipheshi) kanye ne-libppd 2.0.0 (isiqephu).

Source: opennet.ru

Engeza amazwana