VENOM, inobungozi ngaphezu kwe-Heartbleed

Isaac

Imizuzu ye2

IVENOM Spiderman

I-VENOM yeyona nto isemngciphekweni ngakumbi kune-Heartbleed, Isiphene esidumileyo sokhuseleko kwi-OpenSSL ukusuka kuso sithethile kule blog. Ichaphazela iiseva ze-GNU / Linux, kwaye njengokuba unentliziyo ebabazekayo unokufumana ulwazi kwimemori yeseva ukude ngaphandle kokufumana imvume yokungena, iVENOM ikwayisoyikiso kwezokhuseleko.

I-VENOM (CVE-2015-3456) ngumba osandula ukufunyanwa onokuthi uchaphazele izigidi zeeseva kunye neekhompyuter. Eyona nto imbi kukuba ithatha thaca ngaphezu kweminyaka eli-11 kwaye ivumela umsebenzisi okude ukuba asebenzise obu bungozi ukuze afikelele ngaphandle komatshini obonakalayo. Kungoko igama layo, kuba i-VENOM sisichazi soMsebenzi oSebenzayo wokuSebenza ngokuSebenza. 

Con I-VENOM ingadlula kumda womatshini obonakalayo ebonelela ngenkonzo kwaye isebenza ngokuthe ngqo kumatshini wokwenyani ukwenza ikhowudi enobungozi kuyo, ukufikelela kwabanye oomatshini abakhoyo kwinkqubo, ukufikelela kwezinye iindawo zenethiwekhi yedatha, njl.

Unobangela wale ngxaki kuphelelwe lixesha, kodwa okwangoku, umlawuli wefloppy. Nangona iidiski ze-floppy sele ziphelelwe lixesha, isagcinwa ngenxa yezizathu zokuhambelana ngasemva. Ngapha koko, ichaphazele phantse iipesenti ezingama-95 zeenkqubo ezinje:

  • RHEL 5.x, 6.x kunye 7.x
  • I-CentOS Linux 5.x, 6.x, 7.x
  • I-OpenStack 4, 5 (RHEL 6), kunye ne-5 kunye ne-6 (RHEL 7).
  • Ubunono boShishino lweRed Hat 3.
  • I-Debian kunye nezinye i-distros esekwe kuyo. Kubandakanya Ubuntu (12.04, 14,04, 14,10 kunye 15.04).
  • I-SUSE Linux Enterprise Server 5, 6, 7, 10, 11, 12 (kuzo zonke iipakethe zayo zenkonzo)

Ukulungisa le ngxaki yeVENOM, kuya kufuneka ugcine ulwabiwo lwakho njengoluhlaziyiweyo ngokusesikweni ngeziqwengana zokhuseleko zamva nje. Kwakhona, ukuba usebenzisa i-VirtualBox, kuya kufuneka uyihlaziye kwinguqulo 4.3 okanye ngaphezulu (xa bephuma). Nangona inkqubo ayizukuphinda iqalwe, oomatshini ababonakalayo kuya kufuneka baphinde baqalise ukulungisa ingxaki.

Kwakhona ichaphazela oomatshini ababonakalayo ngeQEMU, XEN, KVM kunye neCitrix. Kodwa ayichaphazeli iinkqubo ze-VMWare, iMicrosoft Hyper-V, okanye ii-BOCHS. Ke hlala uhlaziyiwe kwaye ufumane kwimeko yakho indlela yokulungisa ingxaki. Ndiyathemba ukuba le yifowuni yokuvuselela ababhekisi phambili, ekufuneka baphicothe ikhowudi yakudala ukuze ezi zinto zingenzeki.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.