Muva nje kukhishwe inguqulo entsha yeGlibc 2.34 okuza ngemuva kwezinyanga eziyisithupha zentuthuko futhi lapho kwenziwe khona izinguquko ezibaluleke impela, phakathi kwazo ukufakwa kwemitapo yolwazi ye-libpthread, libdl, libutil kanye ne-libanl, kanye nokulungiswa kwamaphutha okuhlukahlukene lapho omunye wabo ubangele ukuvinjelwa.
Kulabo abangayazi iGlibc, kufanele bazi ukuthi kuyini umtapo wezincwadi we-GNU C, eyaziwa ngokuthi i-glibc ilabhulali ejwayelekile yesikhathi sokusebenza se-GNU C. Kuzinhlelo lapho isetshenziswa khona, le C library ukuthi inikeza futhi ichaze izingcingo zesistimu neminye imisebenzi eyisisekelo, isetshenziswa cishe zonke izinhlelo.
Izici ezintsha eziyinhloko zeGlibc 2.34
Kule nguqulo entsha yeGlibc 2.34 eyethulwayo i-libpthread, i-libdl, i-libutil ne-libanl ihlanganiswe kulabhulali enkulu, ukusebenzisa ukusebenza kwaso ezinhlelweni zokusebenza akusadingi ukubabopha ngamafulegi -lpthread, -ldl, -lutil, ne -lanl.
Ngaphezu kwalokho, kushiwo lokho kwenziwe amalungiselelo okuhlanganisa i-libreolv kwi-libc, lapho ukuhlanganiswa kuzovumela inqubo ebushelelezi yokuvuselela i-glibc futhi izokwenza lula ukusetshenziswa kwesikhathi sokusebenza kanye nemitapo yolwazi ye-stub nayo inikezwe ukuhambisana nezinhlelo zokusebenza ezakhiwe ngezinguqulo zangaphambili ze-glibc.
Engxenyeni yezinguquko igxile ku-Linux IGlibc 2.34 igqamisa ama kungezwe amandla wokusebenzisa uhlobo lwama-bit bit_t angama-64 kuma-configs eyayisebenzisa ngokwesiko uhlobo lwe-time_t 32 kancane. Lesi sici sitholakala kuphela kumasistimu ane-kernel 5.1 nangaphezulu.
Olunye ushintsho oluthile lweLinux yi ukuqaliswa komsebenzi we-execveat, ukuthi ivumela ukusebenzisa ifayili elisebenzisekayo kusuka kusichasisi sefayela esivulekile. Umsebenzi omusha ubuye usetshenziswe ekufezeni ikholi ye-fexecve, engadingi ukuthi / procsese-fileystem ukuthi ifakwe ekuqaleni.
Umsebenzi nawo ungeziwe close_range () etholakala ngezinguqulo ze-Linux 5.9 futhi ephakeme futhi okungaba isetshenziselwe ukuvumela inqubo ukuvala uhla oluphelele lwezincazelo zefayela open ngasikhathi sinye, ibuye isebenzise ipharamitha ye-glibc.pthread.stack_cache_size, engasetshenziswa ukulungisa usayizi we-pthread stack cache.
Ngakolunye uhlangothi, ungeze umsebenzi we-_Fork, ukufaka esikhundleni ngomsebenzi ifom ehlangabezana nezidingo ze- "async-signal-safe", okusho ukuthi ingabizwa ngokuphepha kubaphathi besiginali. Ngesikhathi sokwenziwa kwe- _Fork, kwakhiwa imvelo encane, eyanele ukubiza imisebenzi kubaphathi besiginali njengokuphakamisa nokwenza, ngaphandle kokufaka izici ezingashintsha izingidi noma isimo sangaphakathi.
Ngokwengxenye yobuthakathaka obulungiswe ku-Glibc 2.34, okulandelayo kuyashiwo:
I-CVE-2021-27645: Inqubo ye-nscd (igama le-server caching daemon) yehlulekile ngenxa yokushaya kabili komsebenzi wamahhala ngenkathi kusetshenzwa izicelo zeqembu lenethiwekhi elakhiwe ngokukhethekile.
I-CVE-2021-33574: ukufinyelela endaweni yememori esivele ikhululiwe (ukusetshenziswa-ngemuva-kwamahhala) ku-mq_notify function lapho usebenzisa uhlobo lwesaziso se-SIGEV_THREAD ngesici sentambo lapho kusethwe khona enye imaski yokubopha ye-CPU. Inkinga ingadala ukuphahlazeka, kepha ezinye izinketho zokuhlasela azikhishiwe.
I-CVE-2021-35942: Usayizi wepharamitha ochichima emsebenzini we-Wordexp ungahle ushaye uhlelo lokusebenza.
Kwezinye izinguquko okugqamile:
- Umsebenzi we-timespec_getres, ochazwe kumbhalo osalungiswa we-ISO C2X, ungeziwe futhi umsebenzi we-timespec_get ukhulisiwe ngamakhono afana nomsebenzi we-POSIX clock_getres.
- Kufayela le-gconv-modules, kwasala isethi encane kakhulu yamamojula amakhulu we-gconv, amanye asuswa ayiswa kufayela elengeziwe le-gconv-modules-extra.conf elisenkombeni ye-gconv-modules.d.
- Ukusetshenziswa kwezixhumanisi ezingokomfanekiso ukuxhumanisa izinto ezabelwe ukufakwa kunguqulo ye-Glibc kususiwe. Lezi zinto manje sezifakiwe njengoba zinjalo (isb. Libc.so.6 manje sekuyifayela kunesixhumanisi se-libc-2.34.so).
- KuLinux, imisebenzi efana ne-shm_open ne-sem_open manje idinga isistimu yefayela yememori eyabiwe efakwe endaweni yokubeka / ye-dev / shm.
Okokugcina uma unentshisekelo yokwazi kabanzi ngakho yale nguqulo entsha, ungabheka ifayela le- imininingwane kusixhumanisi esilandelayo.