I-Red Hat yafumanisa ukuba semngciphekweni kathathu kwi-Linux kernel

Darkcrizt

Imizuzu ye4

Ukuphahlazeka kukaTux !!! Iglasi eyaphukileyo emele ukuba semngciphekweni kweLinux

I-Red Hat ixele izolo ukuba ichonge ubuthathaka obukhulu kwi-Linux Kernel. Iimpazamo ezintathu ezinxulumene nazo, I-CVE-2019-11477, i-CVE-2019-11478 kunye ne-CVE-2019-11479, ziye zafunyanwa kulawulo lwenethiwekhi ye-TCP yiLinux Kernel.

Eyona nto imbi kakhulu kwezi meko zintathu inokuvumela umhlaseli okude ukuba abangele ukusilela kernel kwiinkqubo ezisebenzisa iphakheji echaphazelekayo kwaye ke zichaphazele uzinzo lwenkqubo.

I-Red Hat ichaze izolo ukuba kufunyenwe iimpazamo ezintathu ezinxulumene nokusingathwa kweLinux Kernel ye-SACK (TCP ekhethiweyo yokuvuma) iipakethi ezinobungakanani obuphantsi beMSS.

Ubungakanani bempembelelo kucingelwa ukuba bunokulinganiselwa kwinkonzo okwangoku. Okwangoku akukho kuphakanyiswa kwelungelo okanye ukuvuza kolwazi okukrokrelwayo ngenxa yokuba sesichengeni.

Malunga nokuba semngciphekweni

Inkampani ikhankanye ubuthathaka abathathu, i-CVE-2019-11477, i-CVE-2019-11478, kunye ne-CVE-2019-11479. I-CVE-2019-11477 ethathelwa ingqalelo ubukhali obubalulekileyo, ngelixa i-CVE-2019-11478 kunye ne-CVE-2019-11479 zithathwa njengobukhali obuphakathi.

Ubuthathaka bokuqala obubini bunxulumene nePakethi yokuKhetha yokuKhetha (SACK) idityaniswe nobungakanani beqondo eliphezulu lesahlulo (iMSS) kwaye esesithathu sinxulumene kuphela nobukhulu becandelo (MSS).

Ukubanjwa ngesandla kwe-TCP okukhethiweyo (SACK) yindlela apho umamkeli wedatha anokwazisa umthumeli wawo onke amacandelo amkelekileyo.

Oku kuvumela umthumeli ukuba aphinde ahambise iziqendu zomjelo ezingekhoyo kwiseti "yeemveliso ezaziwayo." Xa i-TCP SACK ikhubazekile, iseti enkulu yokuhanjiswa kwakhona iyafuneka ukuze iphinde ithumele lonke ulandelelwano.

Obona bukhulu becandelo (MSS) yiparameter echazwe kwintloko yeTCP yepakethi echaza inani elipheleleyo ledatha equlunqwe icandelo leTCP.

Kuba iipakethi zinokwahlulwa ngexesha lokuhambisa kwiindlela ezahlukeneyo, Umamkeli kufuneka ayichaze iMSS ngokulingana nobukhulu obukhulu Umrhumo wokuhlawulwa kwedatha ye-IP enokubanjwa ngumphathi.

Ubungakanani obukhulu kakhulu beMSS bunokuthetha ukuba umsinga wepakethi uphela uqhekeka njengoko isiya kwindawo ekuyiwa kuyo, ngelixa iipakethi ezincinci zinokuqinisekisa ukwahlulwa okuncinci kodwa zikhokelele kwintloko engasetyenziswanga.

Los Iinkqubo zokusebenza kunye neentlobo zothutho zinokusebenzisa ubungakanani beMSS ezichaziweyo ngokungagqibekanga

Los abahlaseli abanelungelo lokufikelela banokwenza iiphakeji eziluhlaza ngeendlela zeMSS ezilungiselelwe olu hlaselo.

Icandelo ngalinye le-TCP linenombolo yokulandelelana (i-SEQ) kunye nenombolo yokufumana (ACK). La manani e-SEQ kunye nee-ACK asetyenziselwa ukumisela ukuba ngawaphi amacandelo afunyenwe ngempumelelo ngumamkeli. Inombolo ye-ACK ibonisa icandelo elilandelayo elilindelwe ngumamkeli. I-Red Hat inike umzekelo wokuqonda oku.

Ulwabiwo oluchaphazelekayo

I-Red Hat inoluhlu olude lweemveliso ezichaphazelekayo kwezi zinto zintathu zisengozini. Uluhlu lweemveliso ezichaphazelekayo ikakhulu zezi zilandelayo:

  • I-Red Hat Enterprise Linux 8
  • I-Red Hat Enterprise Linux 7
  • I-Red Hat Enterprise Linux 6
  • I-Red Hat Enterprise Linux 5
  • Umkhosi obomvu weAtomic Host
  • Ishishini elibomvu Hat MRG 2
  • Iplatifomu yesiqulatho seRed Hat OpenShift 4 (RHEL CoreOS)
  • I-Red Hat OpenShift kwi-Intanethi
  • I-Red Hat OpenShift ezinikezelweyo (kunye neenkonzo ezixhomekekileyo)
  • I-OpenShift kwiAzure (ARO)
  • Iplatifomu ebomvu yeRed Hat OpenStack (Ukuhambisa umfanekiso weKernel)
  • Ukusebenza koBomvu weHat Hat (RHV-H)

Iimveliso ezichaphazelekayo zesekondari:

  • UkuSebenza koBomvu weRed Hat (RHV)
  • Iplatifomu yeRed Hat OpenStack
  • Iplatifomu yesiqulatho seRed Hat OpenShift 3

Ngokwenkampani, nangona ubungozi be-kernel bungachaphazeli ngokuthe ngqo izikhongozeli zeRed Hat Linux, ukhuseleko lwabo lusekwe kwindalo yommandla we kernel.

I-Red Hat icebisa ukuba usebenzise iinguqulelo zamva nje zemifanekiso yakho yesikhongozeli. I-Container Health Index, eyinxalenye yeKhathalogu yeRed Hat Container, isenokusetyenziselwa ukumisela imeko yezokhuseleko yezikhongozeli zeRed Hat.

Ukukhusela imfihlo yezikhongozeli ezisetyenzisiweyo, kuya kufuneka uqiniseke ukuba umphathi wesikhongozeli (njengeRed Hat Enterprise Linux, iCoreOS, okanye iAtomic host) ihlaziyiwe kolu hlaselo.

Kwi Linux kernel, Imiba ilungiswe kwiinguqulelo 4.4.182, 4.9.182, 4.14.127, 4.19.52 kunye no-5.1.11


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.