Emva kweenyanga ezintandathu zophuhliso ukukhutshwa kwenguqulelo entsha ye-Glibc 2.35 yabhengezwa apho ku ibandakanya ulungiso oluvela kubaphuhlisi abangama-66 kunye nophuculo oluphunyeziweyo sinokufumanisa ukuba inkxaso ye-"C.UTF-8" yendawo yongezwa, ebandakanya ukuhlanganiswa kwazo zonke iikhowudi ze-Unicode, kodwa inqunyelwe kusetyenziso lwee-ASCII kuluhlu lwe-fnmatch, i-regexec kunye ne-regcomp yokugcina. indawo.
Indawo imalunga ne-400 KB, apho i-346 KB iyidatha ye-LC_CTYPE ye-Unicode, kwaye kufuneka ifakwe ngokwahlukeneyo (ayakhiwe kwi-Glibc). Idatha ye-Encoding, ulwazi lohlobo lwabalinganiswa, kunye neetafile zokuguqulela zihlaziywe ukuxhasa i-Unicode 14.0.0 inkcazo.
Olunye utshintsho olwahlukileyo kukuba Y sebenzisa imisebenzi kunye neemacros ezirhangqa isiphumo kuhlobo olumxinwa, Ukongeza ekuphunyezweni kwemisebenzi kunye ne-macros ukufumana ubuncinci kunye nobuninzi bamanani eendawo ezidadayo zeentlobo ze-float, i-double double, _FloatN kunye ne-_FloatNx, echazwe kwinkcazo ye-IEEE 754-2019.
ukwenzela imisebenzi exp10, iimacros ezihambelanayo zongezwa kwifayile yeheader, ezingabotshwanga kwiintlobo ezithile, kunye ne _PRINTF_NAN_LEN_MAX macro yongezwe , ecetywayo kwidrafti ye-ISO C2X esemgangathweni.
Inkqubo yokudibanisa eguqukayo isebenzisa i-algorithm entsha yokuhlelwa I-DSO isebenzisa uphendlo olunzulu (DFS) ukujongana nemiba yokusebenza xa kusingathwa ukuxhomekeka kwi-loop. Ukukhetha i-algorithm yokuhlelwa kwe-DSO, iparameter ye-glibc.rtld.dynamic_sort iyacetywa, enokusetwa ku-"1" ukuwela umva kwi-algorithm yangaphambili.
Ngaphandle kwayo ukongeza inkxaso yomsebenzi omtsha '__memcmpeq' kwi-ABI, esetyenziswa ngabaqokeleli ukukhulisa usebenziso lwe `memcmp' xa ixabiso lokubuyisela lomsebenzi lisetyenziswa kuphela ukujonga ubume bokugqiba komsebenzi.
Inkqubo ye- inkxaso yobhaliso lomsonto oluzenzekelayo usebenzisa i-rseq (ulandelelwano olunokuqaliswa kwakhona) umnxeba wenkqubo onikiweyo ukusukela kwi-Linux kernel 4.18. Umnxeba wenkqubo ye-rseq ivumela ukucwangcisa ukuphunyezwa okuqhubekayo kweqela lemiyalelo engaphazanyiswa kwaye enze isiphumo kunye nengxelo yokugqibela kwiqela. Ngokusisiseko, ibonelela ngesixhobo sokusebenza ngokukhawuleza kweathom ethi, ukuba ithe yaphazanyiswa ngomnye umsonto, icocwe kwaye izanywa kwakhona.
Kwelinye icala, iyabonelela uqokelelo olungagqibekanga lwazo zonke iifayile eziphunyeziweyo yeenkqubo ezakhelwe-ngaphakathi kunye novavanyo olukwimo ye-PIE (indawo ezimeleyo ephunyezwayo).
Ukuyekisa le ndlela yokuziphatha, ukhetho "-disable-default-pie" lunikiwe, kunye ne Linux, yongeze i glibc.malloc.hugetlb isicwangciso ukutshintsha uphumezo lwe malloc ukusebenzisa indlela ye madvise umnxeba nge MADV_HUGEPAGE iflegi ye mmap kunye ne sbrk, okanye sebenzisa ngokuthe ngqo amaphepha enkumbulo amakhulu ngokukhankanya i MAP_HUGETLB iflegi kwiifowuni ze mmap.
Kwimeko yokuqala, ukunyuswa kwentsebenzo kunokufezekiswa ngokusebenzisa i-transparent Huge Pages kwimodi ye-madvise, kwaye kwimeko yesibini, ungasebenzisa amaphepha amakhulu agcinwe kwinkqubo (Amaphepha amakhulu).
Kufuneka kuqatshelwe ukuba ezinye izinto ezibuthathaka zalungiswa kule nguqulo intsha:
- CVE-2022-23218, CVE-2022-23219: Isithinteli siphuphuma kwi svcunix_create kwaye clnt_dala imisebenzi ebangelwa kukukhuphela imixholo yegama lefayile parameter kwisitaki ngaphandle kokujonga ubungakanani bedatha ekhutshelweyo. Kwizicelo ezakhiwe ngaphandle kokhuseleko lwestack kunye nokusebenzisa i "unix" iprotocol, ubuthathaka bunokukhokelela kuphunyezo lwekhowudi enobungozi xa kusetyenzwa kakhulu amagama efayile amade.
- I-CVE-2021-3998: Ukuba sesichengeni kwindlela yokwenene () umsebenzi obangelwa kukubuyisela ixabiso elingachanekanga phantsi kweemeko ezithile eziqulathe intsalela yedatha engahlambulukanga ukusuka kwisitaki. Kwinkqubo ye-SUID-root fusermount, ubuthathaka bunokusetyenziswa ukufumana ulwazi olubuthathaka kwimemori yenkqubo, umzekelo, ukufumana ulwazi lwesalathisi.
- I-CVE-2021-3999: Ibhayithi enye yebuffer iyaphuphuma kwi getcwd () umsebenzi. Ingxaki ibangelwa ligciwane ebelikho ukusukela ngo 1995. Ukufowunela ukuphuphuma, kwindawo eyahlukileyo yendawo yegama, vele ufowunele chdir() kulawulo "/".
Gqibela Ukuba unomdla wokwazi okungakumbi ngayo, ungajonga iinkcukacha kwi ukulandela ikhonkco.