Kutholakale ubungozi obuthathu ku-systemd-journald

Darkcrizt

Imizuzu ye-4

Ukuba sengozini kwesistimu

Kukhonjwe ubuthakathaka obuthathu obuvumela umhlaseli ongenalungelo lokuphakamisela amalungelo abo ohlelweni bese usebenzisa ikhodi njengezimpande ku-systemd-journald ebhekele ukungena ku-systemd.

Ukuba sengozini bonisa kukho konke ukusabalalisa okusebenzisa i-systemd, Ngaphandle kwe-SUSE Linux Enterprise 15, openSUSE Leap 15.0, neFedora 28/29, lapho izingxenye zesistimu zihlanganiswe khona nokufakwa kwe- "-fstack-clash-protection".

Yini ubuthakathaka?

Ukuba sengozini isivele ibhalisiwe ku- I-CVE-2018-16864 y I-CVE-2018-16865 ikuvumela ukuthi udale izimo zokubhala idatha ngaphandle kwemikhawulo ye-memory block eyabelwe, ngenkathi kusengozini I-CVE-2018-16866 ikuvumela ukuthi ufunde okuqukethwe yizindawo zememori zangaphandle.

Abaphenyi balungiselele uhlobo olusebenzayo lokuxhashazwa okuthi, kusetshenziswa ubuthakathaka be-CVE-2018-16865 ne-CVE-2018-16866.

Kulokho okuningiliziwe ngalezi zingcuphe abacwaningi Basitshela ukuthi lokhu kukuvumela ukuthi uthole amalungelo ezimpande ngemuva kwemizuzu engaba yishumi yokuhlaselwa kohlelo lwe-i10 kanye nemizuzu engama-386 ezinhlelweni ze-amd70.

Lokhu kuxhashazwa kuhlolwe ku-Debian 9.5.

Babuye bachaze ukuthi:

Lapho ukuxhashazwa kubhalwa, Kusetshenziswa inqubo ye-Stack Сlash, ingqikithi yayo ukudala izimo lapho okuqukethwe yinqwaba echichimayo kusendaweni yesitaki noma, ngakolunye uhlangothi, isitaki singabhala kabusha indawo yenqwaba.

Okuzibonakalisa ezimeni lapho isitaki nenqwaba zibekwa eduze komunye nomunye (indawo yesitaki ilandela ngokushesha imemori eyabelwe inqwaba).

Ukuxhashazwa okuhlongozwayo kuqinisekisa ukucabanga ukuthi ukuvikelwa ekuhlaselweni kwesigaba seStack Сlash ezingeni le-Linux kernel akwanele.

Ngasikhathi sinye, ukuhlaselwa kuvinjelwe ngempumelelo ngokwakha kabusha i-GCC ngenketho ye- "-fstack-clash-protection" evunyelwe.

Mayelana nokuba sengozini

Ukuba sengozini I-CVE-2018-16864 itholwe ngemuva kokuhlaziya isimo lapho kudluliswa khona izinhlelo zokusebenza ezigcina idatha ku-log ngocingo oluya ku-syslog (), inombolo enkulu yezimpikiswano zomugqa womyalo (ama-megabytes amaningana) iholela ekuphahlazekeni kwenqubo ye-systemd-journald.

Ukuhlaziywa kubonise ukuthi ngokukhohlisa intambo enezimpikiswano zomugqa womyalo, umugqa wesitaki olawulwayo ungabekwa ekuqaleni kwesitaki.

Kepha ngokuhlaselwa okuphumelelayo, kuyadingeka ukuthi kudlule inqubo yokuvikela yekhasi lokuvikela isitaki elisetshenziswe ku-kernel., ingqikithi yayo ekushintshweni kwamakhasi ezinkumbulo yemikhawulo. ukuphakamisa okuhlukile (iphutha lekhasi).

Ukudlula lokhu kuvikelwa ngokufana kwe-systemd-journald kuqala “esimweni somjaho”, Ukuvumela isikhathi sokubamba inqubo yokulawula ukuwa ngenxa yokufakwa kwememori yekhasi, okufundwayo kuphela.

Ngenqubo yokutadisha ukuba sengozini kokuqala, kwavela ezinye izinkinga ezimbili.

Ukuba sengozini kwesibili I-CVE-2018-16865 ikuvumela ukuthi udale izimo zokumbondelana ze-Stack Сlash ngokufana ngokubhala umyalezo omkhulu kakhulu kufayela run / systemd / journal / socket.

Ukuba sengozini kwesithathu I-CVE-2018-16866 ibonakala uma uthumela umlayezo we-syslog nohlamvu lokugcina ":".

Ngenxa yephutha ekuhlukaniseni intambo, intambo yokunqamula i - '\ 0' ngemuva kokuthi izolahlwa futhi irekhodi lizoqukatha ingxenye yebhafa ngaphandle kwe - '\ 0', ekuvumela ukuthi uthole amakheli esitaki kanye ne-mmap.

  • Ukuba sengozini kwe-CVE-2018-16864 kuye kwabonakala kusukela ngo-Ephreli 2013 (kwavela ku-systemd 203), kepha kufanelekile ukusebenza kuphela ngemuva koshintsho lwe-systemd 230 ngoFebhuwari 2016.
  • Ukuba sengozini kwe-CVE-2018-16865 kubonakale kusukela ngoDisemba 2011 (systemd 38) futhi kuyatholakala ukuthi kusetshenziswe kusukela ngo-Ephreli 2013 (systemd 201).
  • Izinkinga ze-CVE-2018-16864 ne-CVE-2018-16865 zalungiswa emahoreni ambalwa adlule egatsheni eliyinhloko le-systemd.

Ukuba sengozini kwe-CVE-2018-16866 kuvele ngoJuni 2015 (systemd 221) futhi kwalungiswa ngo-Agasti 2018 (kungakhonjiswa ku-systemd 240).

Ukukhishwa kokuxhaphaza okusebenzayo kuhlehlisiwe kuze kube yilapho sekukhishwa ama-patches ngokusatshalaliswa.

Njengamanje, ukusatshalaliswa kokukhubazeka akukakalinganiselwa kuyizinto ezaziwa kakhulu njengeDebian, Ubuntu, RHEL, Fedora, SUSE, kanye nokutholakala kwazo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   luix kusho
    kwenza iminyaka 5

    amasistimu ancela!

    Phendula ku-luix
  2.   mthoko kusho
    kwenza iminyaka 5

    Init inkululeko… yebo !!!!

    Phendula ku-martiyo