Mva nje Ukukhutshwa kwenguqulelo entsha ye-Glibc 2.34 kwabhengezwa eza emva kweenyanga ezintandathu zophuhliso kwaye kuye kwenziwa utshintsho oluninzi olubaluleke kakhulu, phakathi apho ukufakwa kwe-libpthread, libdl, libutil kunye ne-libanl kumathala eencwadi agqamile, kunye nokulungiswa kweebug ezahlukeneyo apho enye yazo yabangela ukuvaleka.
Kulabo abangaqhelekanga ngeGlibc, kufuneka bayazi ukuba yintoni Ithala leencwadi leGNU C, eyaziwa ngokuba yi-glibc yithala leencwadi lexesha lokubaleka le-GNU C. Kwiinkqubo apho zisetyenziswa khona, le C ilayibrari leyo ibonelela kwaye ichaze iifowuni zenkqubo kunye neminye imisebenzi esisiseko, isetyenziswa phantse zonke iinkqubo.
Iimpawu ezintsha zeGlibc 2.34
Kolu guqulelo lutsha lwe-Glibc 2.34 oluvezwayo i-libpthread, i-libdl, i-libutil kunye ne-libanl ziye zadityaniswa kwithala leencwadi eliphambili, ukusebenzisa usebenziso lwayo kwizicelo akusafuni ukuba kudityaniswe ne -lpthread, -ldl, -lutil, kunye -lanl iflegi.
Ngapha koko, kuyakhankanywa ukuba Amalungiselelo enziwe ukudibanisa i-libresolv kwi-libc, ngayo indibaniselwano iyakuvumela inkqubo yophuculo egudileyo ye-glibc kwaye iya kwenza lula ukuphunyezwa kwexesha lokusebenza kwaye iilayibrari ze-stub nazo zinikezelwe ukuhambelana nezicelo ezakhiwe ngeenguqulelo ezindala ze-glibc.
Ngokumalunga notshintsho olugxile kwiLinux kwi-Glibc 2.34 i amandla ongeziweyo okusebenzisa i-64-bit time_t chwetheza kuqwalaselo eyayisebenzisa ngokwesiko uhlobo lwexesha_t 32 bit. Olu phawu lufumaneka kuphela kwiinkqubo ezine-5.1 kernel nangaphezulu.
Olunye utshintsho oluthile lweLinux yi fezekisa ukuphunyezwa komsebenzi, que ivumela ukuqhuba ifayile ephunyeziweyo kwifayile evulekileyo yenkcazo. Umsebenzi omtsha ukwasetyenziswa ekuphunyezweni kwefowuni yefexecve, engadingi i/proc pseudo-filesystem ukuba inyuswe ekuqaleni.
Umsebenzi wongezwa kwakhona close_range() ekhoyo kwiinguqulelo zeLinux 5.9 kwaye iphezulu kwaye ingaba yintoni isetyenziselwa ukuvumela inkqubo ukuvala uluhlu olupheleleyo lweenkcazelo zefayile vula ngexesha elifanayo, iparameter ye-glibc.pthread.stack_cache_size nayo iphunyeziwe, enokusetyenziswa ukulungisa ubungakanani be-pthread stack cache.
Ngakolunye uhlangothi, _Umsebenzi wefolokhwe wongeziwe, indawo yokutshintsha Umsebenzi Ifom ehlangabezana neemfuno "ze-async-signal-safe", oku kuthetha ukuba inokubizwa ngokukhuselekileyo kubaphathi beempawu. Ngexesha lokubulawa kwe-Fork, indawo encinci iye yenziwa, eyaneleyo ukubiza imisebenzi kwiimpawu zokuphatha ezifana nokuphakamisa kunye nokuphumeza, ngaphandle kokubiza iimpawu ezinokutshintsha izitshixo okanye isimo sangaphakathi.
Ngokumalunga nobuthathaka obusonjululwe kwi-Glibc 2.34, oku kulandelayo kukhankanyiwe:
I-CVE-2021-27645: Inkqubo ye-nscd (igama lomncedisi we-caching daemon) iyantlitheka ngenxa yokufowuna kabini kumsebenzi wasimahla ngelixa iqhubekisa izicelo zeqela lomsebenzi womnatha eziyilwe ngokukodwa.
I-CVE-2021-33574: ukufikelela kusetyenziso-emva-kwendawo yenkumbulo esimahla kumsebenzi we-mq_notify xa usebenzisa uhlobo lwesaziso lwe-SIGEV_THREAD kunye nophawu loyelelwano lomsonto apho enye i-CPU ebophelelayo imaski iseti. Ingxaki inokubangela ukuphahlazeka, kodwa ezinye iinketho zohlaselo azibandakanywanga.
I-CVE-2021-35942: Ukuphuphuma kwesayizi yeparameter kumsebenzi wewordexp kungangqubana nesicelo.
Olunye utshintsho ezibalaseleyo:
- Yongeza umsebenzi we-timespec_getres, ochazwe kwidrafti ye-ISO C2X esemgangathweni, kwaye yandisa umsebenzi we-timespec_fumana ngezakhono ezifanayo kwi-POSIX clock_getres umsebenzi.
- Kwifayile ye-gconv-modules, kuphela iseti encinci yeemodyuli ze-gconv ezingundoqo eziseleyo, kwaye ezinye zihanjiswe kwifayile eyongezelelweyo ye-gconv-modules-extra.conf ebekwe kuluhlu lwe-gconv-modules.d.
- Kususwe ukusetyenziswa kwamakhonkco omfuziselo ukudibanisa izinto ezinokufakelwa ekwabelwana ngazo kwinguqulelo ye-Glibc. Ezi zinto ngoku zihlohlwe njengoko-zinjalo (umzekelo, libc.so.6 ngoku yifayile endaweni yekhonkco kwi libc-2.34.so).
- Kwi-Linux, imisebenzi efana ne-shm_open kunye ne-sem_open ngoku ifuna inkqubo yefayile yememori ekwabelwana ngayo inyuswe kwindawo yokunyuka /dev/shm.
Gqibela ukuba unomdla wokwazi okungakumbi ngayo yale nguqulo intsha, ungajonga ifayile ye- iinkcukacha kwikhonkco elilandelayo.