I-Rocky Linux ikhuphe indawo yokugcina kunye nokhuseleko kunye neepakethe zezixhobo zokukhusela 

Darkcrizt

Imizuzu ye4

ilinux enamatye

I-Rocky Linux lusasazo olunjongo yalo ikukudala udibaniso lwasimahla lwe-RHEL olungathatha indawo ye-CentOS yakudala.

Kutshanje i abaphuhlisi bosasazo lwe "Rocky Linux", ibhengezwe Ngeposi blog, babhengeza ukwenza iqela elitsha leGIS (Iqela leNzala ekhethekileyo) Ukhuseleko, ngenjongo yokugcina iiphakheji ezinxulumene nokubonelelwa kokhuseleko oluphezulu kunye nokunikezelwa kwezixhobo ezongezelelweyo zokhuseleko.

Kwabo bangaziyo malunga neRocky Linux, kuya kufuneka wazi ukuba le "lunikezelo lweLinux entsha" (ngokunxulumene) oluphuhliswe yiRocky Enterprise Software Foundation kwaye injongo yayo kukudala inguqulelo yasimahla yeRHEL ekwaziyo ukuthatha indawo yeCentOS yakudala, ukuya ibe lunikezelo " ezantsi ", lukhutshwe ngokupheleleyo kwikhowudi yenkxaso yokubini usebenzisa ikhowudi yomthombo we-Red Hat Enterprise Linux.

Indawo entsha yeGIS kwiRocky Linux

Ngokumalunga nogcino olutsha olwenziwe kwiRocky Linux, kukhankanyiwe ukuba kujongwe ukuba kwi «Security Special Interest Group» kwakhona Iinguqulelo ezizezinye zeepakethe ziya kupapashwa esele ikhona ekhoyo eyilelwe ukuquka iindlela ezahlukeneyo zokuphucula ukhuseleko okanye ukulungisa ubuthathaka ezingekabotshwa kwi-RHEL nakwi-CentOS Stream.

Ngaloo ndlela, indawo yokugcina ayiyi kuba yodwa ekuhanjisweni, kodwa zonke izinto eziqhubekayo ziya kupapashwa kwindawo yokugcina ezimeleyo, enokuthi isetyenziswe kwezinye izabelo ezihambelana neRed Hat Enterprise Linux.

Kwiposti yebhlog, abaphuhlisi beRocky Linux khankanya ukuba uthumo lwe-SIG yoKhuseleko ngulo:

  • Phuhlisa kwaye ugcine iipakethe ezahlukeneyo ezinxulumene nokhuseleko ezingafumanekiyo kwi-EL (Enterprise Linux) phezulu.
  • Ukuchonga, ukuphuhlisa nokugcina utshintsho olunzima lokhuseleko olunxulumene neepakethi ze-EL ezinyukayo.
  • Bandakanya/zifakele izilungiso ezongezelelweyo zokhuseleko ezingekho kwiipakethe ze-ELupstream.
  • Ukuba negalelo kwizigaba zokuqala ezifanelekileyo xa kusenzeka.

Kwicala le umxholo wogcino, kukhankanyiwe ukuba ezi phakheji zilandelayo zinikezelwa ngoku kwindawo yokugcina, iphakheji ye-OpenSSH equka i-sshd enamathala eencwadi ambalwa kwabelwana, malunga nale phakheji, ikhankanyiwe ukuba iqulunqelwe kuphela i-RHEL 9 yesebe, kunye neepakethe ezinxulumeneyo: pam_ssh_agent_auth, libnsl, nscd, nss_db, nss_hesiod.

Ukongeza koku, ikwabonelela imodyuli yekernel yeLKRG (I-Linux Kernel Runtime Guard) eyenzelwe ukubona kunye nokuthintela zombini ukuhlaselwa kunye nokuphulwa kwemfezeko yezakhiwo ze-kernel (umzekelo, imodyuli inokukhusela utshintsho olungagunyaziswanga kwi-kernel esebenzayo kunye nokuzama ukutshintsha iimvume zeenkqubo zomsebenzisi, le phakheji, iqulunqelwe amasebe e-RHEL 8 kunye ne-RHEL 9.

Enye yeepakethe ezibandakanyiweyo kwindawo yokugcina ithi «passwdqc» esetyenziswa ukujonga ukuntsokotha kwamagama agqithisiweyo kunye namabinzana okugqithisa, ukuquka im_passwdqc imodyuli, i pwqcheck, pwqfilter, kunye neenkqubo ze pwqgen, kunye nelayibrari ye libpasswdqc. Iphakheji yakhelwe amasebe e-RHEL 8 kunye ne-RHEL 9.

Kwakhona kwindawo yokugcina kukho, I-Glibc ibandakanya ukuphuculwa kokhuseleko oluphuhliswe yiprojekthi ye-Owl kwaye isetyenziswe kwi-ALT Linux. Iphakheji ikwabandakanya ukulungiswa ukuvala ubuthathaka obubini: ubuthathaka kwi-ld.so (CVE-2023-4911), evumela umsebenzisi wasekhaya ukuba aphakamise amalungelo abo kwinkqubo ngokucacisa idatha efomathiweyo ngokukodwa kwi-GLIBC_TUNABLES ukuguquguquka kwemekobume, kunye nokuxhatshazwa. (CVE-2023-4527) kumsebenzi we-getaddrininfo, onokukhokelela ekuvuzeni kwe-stack okanye ukuphazamiseka. Iphakheji yakhelwe isebe le-RHEL 9.

Umxhasi we-SIG woKhuseleko uMyili weSola ukhankanye oku kulandelayo ku-X (owayefudula eyi-Twitter):

Kutshanje ndijoyine iprojekthi yeRocky Linux kwaye saphehlelela indawo yokugcina ukhuseleko, okwangoku ibonelela ngeepakethi ezongezelelweyo kunye nezongezelelweyo (kungekudala), kubandakanya i-glibc enokhuseleko olulukhuni lonikezelo lwe-EL9 (kungekudala i-EL8) ngokunciphisa okusebenzayo ngokuchasene ne-CVE-2023 -4911

Ngokuphathelele abo banomdla wokukwazi ukongeza indawo yokugcina kwiRocky Linux okanye kwi-RHEL-ehambelanayo yosasazo, bangakwenza oko ngokuvula i-terminal kwaye bachwetheze umyalelo kuyo.

dnf install rocky-release-security

ekugqibeleni ukuba ukhona unomdla wokwazi ngakumbi ngayo, ungajonga iinkcukacha Kule khonkco ilandelayo.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.