Mushure memwedzi mitanhatu yebudiriro kuburitswa kweiyo vhezheni itsva yeGlibc 2.35 yakaziviswa mariri inosanganisira zvigadziriso kubva ku66 Developers uye yekuvandudzwa kwaitwa tinogona kuwana kuti rutsigiro rwe "C.UTF-8" yenzvimbo yakawedzerwa, iyo inosanganisira kuunganidzwa kweese Unicode macode, asi inogumira pakushandisa ASCII siyana mu fnmatch, regexec uye regcomp mabasa kuchengetedza. nzvimbo.
Nzvimbo yacho ingangoita 400 KB, iyo 346 KB iri LC_CTYPE data yeUnicode, uye inofanirwa kuiswa yakaparadzana (isina kuvakwa muGlibc). Encoding data, ruzivo rwemhando yemunhu, uye matafura ekududzira akagadziridzwa kuti atsigire iyo Unicode 14.0.0 yakatarwa.
Imwe shanduko inomira pachena ndeyekuti Y shandisa mabasa uye macros anotenderedza mhedzisiro kune yakamanikana mhando, Pamusoro pekuita mabasa uye macros kuti uwane hushoma uye huwandu hweinoyangarara nhamba dzemhando dzinoyangarara, refu mbiri, _FloatN uye _FloatNx, inotsanangurwa muIEEE 754-2019 yakatarwa.
zvemabasa exp10, iwo macros anoenderana anowedzerwa kune iyo musoro faira, iyo isingabatanidzwe nemhando chaidzo, pamwe ne _PRINTF_NAN_LEN_MAX macro akawedzerwa , inokurudzirwa muchirongwa che ISO C2X chiyero.
Iyo dynamic linking system inoshandisa itsva classification algorithm DSO uchishandisa tsvakiridzo yakadzama (DFS) kugadzirisa nyaya dzekuita kana uchibata loop dependencies. Kuti usarudze algorithm yeDSO, glibc.rtld.dynamic_sort parameter inorongwa, inogona kusetwa ku "1" kuti idzokere kune yakapfuura algorithm.
Kunze kwazvo yakawedzera rutsigiro rwebasa idzva '__memcmpeq' kuABI, iyo inoshandiswa nevanounganidza kugadzirisa kushandiswa kwe'memcmp' kana kukosha kwekudzoka kwebasa iri kuchishandiswa chete kutarisa mamiriro ekupedzisa kwekushanda.
Iyo tsigiro yekunyoresa tambo otomatiki uchishandisa rseq (restartable sequences) system call yakapihwa kubva Linux kernel 4.18. Iyo rseq system kufona inobvumira kuronga kuenderera kunoitwa kweboka remirayiridzo iyo isingakanganiswe uye inoita mhedzisiro ine chirevo chekupedzisira muboka. Chaizvoizvo, inopa nzvimbo yekukurumidza kuuraya maatomu ekushanda ayo, kana akavhiringwa neimwe shinda, anocheneswa uye anoyedzwazve.
Kune rumwe rutivi, inopa default kuunganidzwa kwemafaira ese anogona kuitiswa yezvirongwa zvakavakirwa-mukati uye bvunzo suite muPIE (chinzvimbo-chakazvimiririra chinoitwa) modhi.
Kudzima maitiro aya, iyo sarudzo "-disable-default-pie" inopihwa, plus yeLinux, yakawedzera glibc.malloc.hugetlb kuseta kuti uchinje malloc kuitisa kushandisa madvise system call ine MADV_HUGEPAGE mureza we mmap uye sbrk, kana kushandisa zvakananga mapeji makuru endangariro nekudoma MAP_HUGETLB mureza mumap macall.
Muchiitiko chekutanga, kuwedzera kwekuita kunogona kuwanikwa nekushandisa pachena Mapeji Makuru mune madvise modhi, uye mune yechipiri kesi, unogona kushandisa system-yakachengetwa mapeji mahombe (Mapeji Makuru).
Izvo zvinofanirwa kucherechedzwa kuti kumwe kusagadzikana kwakagadziriswa mune iyi vhezheni itsva:
- CVE-2022-23218, CVE-2022-23219: Buffer inofashukira mu svcunix_create uye clnt_create mabasa anokonzerwa nekukopa zviri mukati mezita refaira parameter pane stack pasina kutarisa ukuru hwe data yakakopwa. Kune maapplication akavakirwa pasina kuchengetedzwa kwe stack uye kushandisa iyo "unix" protocol, kusazvibata kunogona kutungamira kune yakaipa kodhi kuuraya kana uchigadzira akareba kwazvo mafaira emazita.
- CVE-2021-3998: kusazvibata mu realpath() basa rinokonzerwa nekudzosa kukosha kusina kunaka pasi pemamwe mamiriro ane data yasara isina kuchena kubva mudura. Kune iyo SUID-mudzi fusermount chirongwa, kusazvibata kunogona kushandiswa kuwana ruzivo rwakadzama kubva kune process memory, semuenzaniso, kuwana pointer ruzivo.
- CVE-2021-3999: single byte buffer kufashukira mu getcwd() basa. Dambudziko rinokonzerwa nebug rave riripo kubva 1995. Kuti udane mafashama, mune imwe nzvimbo yegomo yezita, ingodaidza chdir () pane "/" dhairekitori.
Finalmente Kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo mu inotevera chinongedzo.