IGlibc 2.34 ifika nokulungiswa kokungcupheka, imisebenzi emisha yeLinux nokuningi

Muva nje kukhishwe inguqulo entsha yeGlibc 2.34 okuza ngemuva kwezinyanga eziyisithupha zentuthuko futhi lapho kwenziwe khona izinguquko ezibaluleke impela, phakathi kwazo ukufakwa kwemitapo yolwazi ye-libpthread, libdl, libutil kanye ne-libanl, kanye nokulungiswa kwamaphutha okuhlukahlukene lapho omunye wabo ubangele ukuvinjelwa.

Kulabo abangayazi iGlibc, kufanele bazi ukuthi kuyini umtapo wezincwadi we-GNU C, eyaziwa ngokuthi i-glibc ilabhulali ejwayelekile yesikhathi sokusebenza se-GNU C. Kuzinhlelo lapho isetshenziswa khona, le C library ukuthi inikeza futhi ichaze izingcingo zesistimu neminye imisebenzi eyisisekelo, isetshenziswa cishe zonke izinhlelo. 

Izici ezintsha eziyinhloko zeGlibc 2.34

Kule nguqulo entsha yeGlibc 2.34 eyethulwayo i-libpthread, i-libdl, i-libutil ne-libanl ihlanganiswe kulabhulali enkulu, ukusebenzisa ukusebenza kwaso ezinhlelweni zokusebenza akusadingi ukubabopha ngamafulegi -lpthread, -ldl, -lutil, ne -lanl.

Ngaphezu kwalokho, kushiwo lokho kwenziwe amalungiselelo okuhlanganisa i-libreolv kwi-libc, lapho ukuhlanganiswa kuzovumela inqubo ebushelelezi yokuvuselela i-glibc futhi izokwenza lula ukusetshenziswa kwesikhathi sokusebenza kanye nemitapo yolwazi ye-stub nayo inikezwe ukuhambisana nezinhlelo zokusebenza ezakhiwe ngezinguqulo zangaphambili ze-glibc.

Engxenyeni yezinguquko igxile ku-Linux IGlibc 2.34 igqamisa ama kungezwe amandla wokusebenzisa uhlobo lwama-bit bit_t angama-64 kuma-configs eyayisebenzisa ngokwesiko uhlobo lwe-time_t 32 kancane. Lesi sici sitholakala kuphela kumasistimu ane-kernel 5.1 nangaphezulu.

Olunye ushintsho oluthile lweLinux yi ukuqaliswa komsebenzi we-execveat, ukuthi ivumela ukusebenzisa ifayili elisebenzisekayo kusuka kusichasisi sefayela esivulekile. Umsebenzi omusha ubuye usetshenziswe ekufezeni ikholi ye-fexecve, engadingi ukuthi / procsese-fileystem ukuthi ifakwe ekuqaleni.

Umsebenzi nawo ungeziwe close_range () etholakala ngezinguqulo ze-Linux 5.9 futhi ephakeme futhi okungaba isetshenziselwe ukuvumela inqubo ukuvala uhla oluphelele lwezincazelo zefayela open ngasikhathi sinye, ibuye isebenzise ipharamitha ye-glibc.pthread.stack_cache_size, engasetshenziswa ukulungisa usayizi we-pthread stack cache.

Ngakolunye uhlangothi, ungeze umsebenzi we-_Fork, ukufaka esikhundleni ngomsebenzi ifom ehlangabezana nezidingo ze- "async-signal-safe", okusho ukuthi ingabizwa ngokuphepha kubaphathi besiginali. Ngesikhathi sokwenziwa kwe- _Fork, kwakhiwa imvelo encane, eyanele ukubiza imisebenzi kubaphathi besiginali njengokuphakamisa nokwenza, ngaphandle kokufaka izici ezingashintsha izingidi noma isimo sangaphakathi.

Ngokwengxenye yobuthakathaka obulungiswe ku-Glibc 2.34, okulandelayo kuyashiwo:

I-CVE-2021-27645: Inqubo ye-nscd (igama le-server caching daemon) yehlulekile ngenxa yokushaya kabili komsebenzi wamahhala ngenkathi kusetshenzwa izicelo zeqembu lenethiwekhi elakhiwe ngokukhethekile.

I-CVE-2021-33574: ukufinyelela endaweni yememori esivele ikhululiwe (ukusetshenziswa-ngemuva-kwamahhala) ku-mq_notify function lapho usebenzisa uhlobo lwesaziso se-SIGEV_THREAD ngesici sentambo lapho kusethwe khona enye imaski yokubopha ye-CPU. Inkinga ingadala ukuphahlazeka, kepha ezinye izinketho zokuhlasela azikhishiwe.

I-CVE-2021-35942: Usayizi wepharamitha ochichima emsebenzini we-Wordexp ungahle ushaye uhlelo lokusebenza.

Kwezinye izinguquko okugqamile:

  • Umsebenzi we-timespec_getres, ochazwe kumbhalo osalungiswa we-ISO C2X, ungeziwe futhi umsebenzi we-timespec_get ukhulisiwe ngamakhono afana nomsebenzi we-POSIX clock_getres.
  • Kufayela le-gconv-modules, kwasala isethi encane kakhulu yamamojula amakhulu we-gconv, amanye asuswa ayiswa kufayela elengeziwe le-gconv-modules-extra.conf elisenkombeni ye-gconv-modules.d.
  • Ukusetshenziswa kwezixhumanisi ezingokomfanekiso ukuxhumanisa izinto ezabelwe ukufakwa kunguqulo ye-Glibc kususiwe. Lezi zinto manje sezifakiwe njengoba zinjalo (isb. Libc.so.6 manje sekuyifayela kunesixhumanisi se-libc-2.34.so).
  • KuLinux, imisebenzi efana ne-shm_open ne-sem_open manje idinga isistimu yefayela yememori eyabiwe efakwe endaweni yokubeka / ye-dev / shm.

Okokugcina uma unentshisekelo yokwazi kabanzi ngakho yale nguqulo entsha, ungabheka ifayela le- imininingwane kusixhumanisi esilandelayo.


Okuqukethwe yi-athikili kunamathela ezimisweni zethu ze izimiso zokuhlelela. Ukubika iphutha chofoza lapha.

Yiba ngowokuqala ukuphawula

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.