با برنامه Player FM !
Episode 196
Manage episode 364379345 series 2423058
Overview
This week we look at some recent security developments from PyPI, the Linux Security Summit North America and the pending transition of Ubuntu 18.04 to ESM, plus we cover security updates for cups-filter, the Linux kernel, Git, runC, ncurses, cloud-init and more.
This week in Ubuntu Security Updates
83 unique CVEs addressed
[USN-6083-1] cups-filters vulnerability (01:03)
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)
- Legacy BEH (Backend Error Handler) allows to create a network accessible printer - allowed to do pretty easy RCE since used
system()
to run a command which contained various values that can be controlled by the attacker - Fixed by upstream to use
fork()
andexecve()
plus some other smaller changes to perform sanitisation of the input
[USN-6084-1] Linux kernel vulnerabilities (01:45)
- 5 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
- 4.15 18.04 GCP + Oracle, 16.04 Oracle
[USN-6085-1] Linux kernel (Raspberry Pi) vulnerabilities (02:00)
- 10 CVEs addressed in Jammy (22.04 LTS)
- 5.15 Raspi kernel
- Various UAFs in different drivers and subsystems, possible speculative execution attack against AMD x86-64 processors with SMT enabled, a few type confusion bugs leading to OOB reads etc
[USN-6090-1] Linux kernel vulnerabilities (02:26)
- 10 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- Same set of vulns as above
- 5.15 22.04 GKE, GCP; 20.04 GKE, GCP, Oracle
[USN-6089-1] Linux kernel (OEM) vulnerability (02:45)
- 1 CVEs addressed in Jammy (22.04 LTS)
- 6.0 OEM
- i915 failed to flush GPU TLB in some cases -> DoS / RCE
[USN-6091-1] Linux kernel vulnerabilities (03:09)
- 25 CVEs addressed in Kinetic (22.10)
- CVE-2023-1118
- CVE-2023-32269
- CVE-2023-26544
- CVE-2023-23455
- CVE-2023-23454
- CVE-2023-2162
- CVE-2023-21106
- CVE-2023-21102
- CVE-2023-1652
- CVE-2023-1513
- CVE-2023-1078
- CVE-2023-1075
- CVE-2023-1074
- CVE-2023-1073
- CVE-2023-0459
- CVE-2023-0458
- CVE-2023-0394
- CVE-2023-0210
- CVE-2022-48424
- CVE-2022-48423
- CVE-2022-4842
- CVE-2022-4129
- CVE-2022-3707
- CVE-2022-36280
- CVE-2022-27672
- 5.19 IBM + Oracle
- Lots of the previously mentioned issues and more - same kinds of issues though (race conditions, UAFs, OOB writes etc in various drivers / subsystems)
[USN-6096-1] Linux kernel vulnerabilities (03:34)
- 25 CVEs addressed in Jammy (22.04 LTS), Kinetic (22.10)
- CVE-2023-1118
- CVE-2023-32269
- CVE-2023-26544
- CVE-2023-23455
- CVE-2023-23454
- CVE-2023-2162
- CVE-2023-21106
- CVE-2023-21102
- CVE-2023-1652
- CVE-2023-1513
- CVE-2023-1078
- CVE-2023-1075
- CVE-2023-1074
- CVE-2023-1073
- CVE-2023-0459
- CVE-2023-0458
- CVE-2023-0394
- CVE-2023-0210
- CVE-2022-48424
- CVE-2022-48423
- CVE-2022-4842
- CVE-2022-4129
- CVE-2022-3707
- CVE-2022-36280
- CVE-2022-27672
- 22.10 GCP, 22.04 HWE
- Same as above
[USN-6092-1] Linux kernel (Azure) vulnerabilities (03:45)
- 5 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
- 4.15 Azure on both 18.04, 16.04 ESM + 14.04 ESM
[USN-6093-1] Linux kernel (BlueField) vulnerabilities (03:54)
- 9 CVEs addressed in Focal (20.04 LTS)
- 5.4
- NVIDIA BlueField platform
[USN-6094-1] Linux kernel vulnerabilities (04:02)
- 8 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- 5.4 20.04 / 18.04 HWE on all generic, Azure, GKE, IBM, OEM, AWS, KVM, Low latency etc
[USN-6095-1] Linux kernel vulnerabilities (04:29)
- 5 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
- 4.15 18.04 snapdragon + raspi2; 16.04 HWE etc
[USN-6050-2] Git vulnerabilities (04:50)
- 2 CVEs addressed in Xenial ESM (16.04 ESM)
- RCE via a crafted
.gitmodules
file with submodule URLs longer than 1024 chars - could inject arbitrary config into the users git config - eg. could configure the pager or editor etc to run some arbitrary command - Local file overwrite via crafted input to
git apply --reject
[USN-6088-1] runC vulnerabilities (05:39)
- 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)
- Vuln where the cgroup hierarchy of the host may be exposed within the container and be writable - could possibly use this to privesc
- Regression from a previous vuln fix in CVE-2019-19921 (see [USN-4297-1] runC vulnerabilities in Episode 66)
- Possible to bypass AppArmor (or SELinux) restrictions on runc if a container
[USN-6088-2] runC vulnerabilities (06:26)
- 6 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-6086-1] minimatch vulnerability (06:31)
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- ReDoS against nodejs package
[USN-6087-1] Ruby vulnerabilities (06:39)
- 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
- Speaking of ReDoS - two in ruby - mentioned previously in [USN-6055-2] Ruby regression Episode 194 - has been fixed properly now without introducing the previous regression
[USN-5900-2] tar vulnerability (07:03)
- 1 CVEs addressed in Lunar (23.04)
- [USN-5900-1] tar vulnerability from Episode 189
[USN-5996-2] Libloius vulnerabilities (07:17)
- 3 CVEs addressed in Lunar (23.04)
- Braille translation library
- 3 different buffer overflows
[USN-6099-1] ncurses vulnerabilities (07:27)
- 5 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)
- Most interesting vuln here was possible memory corruption via malformed terminfo database which can be set via
TERMINFO
of though~/.terminfo
- will get used by asetuid
binary as well - turns out though that ncurses has a build-time configuration option to disable the use of custom terminfo/termcap when running - fixed this by enabling that
[USN-6073-6, USN-6073-7, USN-6073-8, USN-6073-9] Cinder, Glance store, Nova, os-brick regressions (08:34)
- Affecting Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)
- [USN-6073-1, USN-6073-2, USN-6073-3, USN-6073-4] Cinder, Glance Store, Nova, os-brick vulnerability from Episode 195
[USN-5725-2] Go vulnerability (08:50)
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-6042-2] Cloud-init regression (08:55)
- Affecting Focal (20.04 LTS)
- Published an update to cloud-init a few weeks ago - this was due to a vuln where credentials may get accidentally logged to the cloud-init log file - this was a newer version of cloud-init and it relied on a feature in the netplan package that was not published to the security pocket - easy fix would be to publish this version of netplan to -security but this is not in the spirit of the pocket - so instead cloud-init was updated to include a fallback to ensure routes were appropriately retained
[USN-6098-1] Jhead vulnerabilities (09:48)
- 8 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
- EXIF JPEG header manipulation tool written in C
- Heap buffer overflows, NULL ptr derefs, OOB reads etc
[USN-6102-1] xmldom vulnerabilities (10:12)
- 3 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
- NodeJS javascript DOMParser and XMLSerializer
- Logic error where failed to preserve identifiers or namespaces when parsing malicious documents
- Prototype pollution
- Parses documents with multiple top-level elements and combines all their elements
[USN-6101-1] GNU binutils vulnerabilities (10:50)
- 6 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)
- Assembler, linker and other utils for handling binary files
- Generally not expected to be fed untrusted input, but notheless
- various buffer overflows (read and write) - DoS / RCE
[USN-6074-3] Firefox regressions (11:38)
- 11 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- 113.0.2
[USN-6103-1] JSON Schema vulnerability (11:50)
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- NodeJS package for JSON document manipulation - prototype pollution vuln
Goings on in Ubuntu Security Community
Security related announcements from PyPI (12:21)
-
- will no longer support new PGP signatures for PyPI packages in response to a recent public blog post detailing an audit of the PGP ecosystem with PyPI
- most devs not uploading PGP signatures and of those that were, 30% were not available on major public keyservers and of those that were nearly half were not able to be meaningfully verified - some had expired, others had no binding signature to be able to verify them
- will no longer support new PGP signatures for PyPI packages in response to a recent public blog post detailing an audit of the PGP ecosystem with PyPI
-
- Ordered by DOJ to provide details on 5 PyPI usernames, including names, addresses, connection records, payment details, which packages and IP logs etc
- Provided these details after consulting with their lawyers
- Includes the specific attributes which were provided including the database queries used to lookup those records
- likely in response to recent security issues like typosquatting of popular packages with credential stealers and other malware embedded - over the past weekend, account sign-up and package uploads were blocked due to an overwhelming large number of malicious users and projects being created which the admins could not keep up with
Securing PyPI accounts via Two-Factor Authentication
- Every account that maintains a project / organisation will be required to enable 2FA by the end of this year
- supports both TOTP and WebAuthN
- Already announced this for most critical projects last year where they gave away Google Titan security keys to those projects and mandated them to use 2FA
- Every account that maintains a project / organisation will be required to enable 2FA by the end of this year
LSS NA 2023 (16:11)
- Attended by John Johansen and Mark Esler from the Ubuntu Security Team
- John presented in the LSM Maintainers Panel with Mickaël Salaün, Casey Schaufler, Mimi Zohar & moderated by Paul Moore
- All presentations now online: https://www.youtube.com/playlist?list=PLbzoR-pLrL6q4vmwFP7-ZZ1LJc5mA3Hqu
- Lots of interesting bits like:
- systemd and TPM2
- Verifiable End to End Secure OCI Native Machines
- Progress on Bounds Checking in C and the Linux Kernel
- for more great content with Kees check out Seth and John talk Linux Kernel Security with Kees Cook from Episode 145
- Building the Largest Working Set of Apparmor Profiles
- Controlling Script Execution
Announcement of 18.04 LTS going into ESM on 31 May 2023 (18:55)
- https://lists.ubuntu.com/archives/ubuntu-security-announce/2023-May/007371.html
- 18.04 LTS released on 26 April 2018
- https://canonical.com/blog/18-04-end-of-standard-support
Get in contact
248 قسمت
Manage episode 364379345 series 2423058
Overview
This week we look at some recent security developments from PyPI, the Linux Security Summit North America and the pending transition of Ubuntu 18.04 to ESM, plus we cover security updates for cups-filter, the Linux kernel, Git, runC, ncurses, cloud-init and more.
This week in Ubuntu Security Updates
83 unique CVEs addressed
[USN-6083-1] cups-filters vulnerability (01:03)
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)
- Legacy BEH (Backend Error Handler) allows to create a network accessible printer - allowed to do pretty easy RCE since used
system()
to run a command which contained various values that can be controlled by the attacker - Fixed by upstream to use
fork()
andexecve()
plus some other smaller changes to perform sanitisation of the input
[USN-6084-1] Linux kernel vulnerabilities (01:45)
- 5 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
- 4.15 18.04 GCP + Oracle, 16.04 Oracle
[USN-6085-1] Linux kernel (Raspberry Pi) vulnerabilities (02:00)
- 10 CVEs addressed in Jammy (22.04 LTS)
- 5.15 Raspi kernel
- Various UAFs in different drivers and subsystems, possible speculative execution attack against AMD x86-64 processors with SMT enabled, a few type confusion bugs leading to OOB reads etc
[USN-6090-1] Linux kernel vulnerabilities (02:26)
- 10 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- Same set of vulns as above
- 5.15 22.04 GKE, GCP; 20.04 GKE, GCP, Oracle
[USN-6089-1] Linux kernel (OEM) vulnerability (02:45)
- 1 CVEs addressed in Jammy (22.04 LTS)
- 6.0 OEM
- i915 failed to flush GPU TLB in some cases -> DoS / RCE
[USN-6091-1] Linux kernel vulnerabilities (03:09)
- 25 CVEs addressed in Kinetic (22.10)
- CVE-2023-1118
- CVE-2023-32269
- CVE-2023-26544
- CVE-2023-23455
- CVE-2023-23454
- CVE-2023-2162
- CVE-2023-21106
- CVE-2023-21102
- CVE-2023-1652
- CVE-2023-1513
- CVE-2023-1078
- CVE-2023-1075
- CVE-2023-1074
- CVE-2023-1073
- CVE-2023-0459
- CVE-2023-0458
- CVE-2023-0394
- CVE-2023-0210
- CVE-2022-48424
- CVE-2022-48423
- CVE-2022-4842
- CVE-2022-4129
- CVE-2022-3707
- CVE-2022-36280
- CVE-2022-27672
- 5.19 IBM + Oracle
- Lots of the previously mentioned issues and more - same kinds of issues though (race conditions, UAFs, OOB writes etc in various drivers / subsystems)
[USN-6096-1] Linux kernel vulnerabilities (03:34)
- 25 CVEs addressed in Jammy (22.04 LTS), Kinetic (22.10)
- CVE-2023-1118
- CVE-2023-32269
- CVE-2023-26544
- CVE-2023-23455
- CVE-2023-23454
- CVE-2023-2162
- CVE-2023-21106
- CVE-2023-21102
- CVE-2023-1652
- CVE-2023-1513
- CVE-2023-1078
- CVE-2023-1075
- CVE-2023-1074
- CVE-2023-1073
- CVE-2023-0459
- CVE-2023-0458
- CVE-2023-0394
- CVE-2023-0210
- CVE-2022-48424
- CVE-2022-48423
- CVE-2022-4842
- CVE-2022-4129
- CVE-2022-3707
- CVE-2022-36280
- CVE-2022-27672
- 22.10 GCP, 22.04 HWE
- Same as above
[USN-6092-1] Linux kernel (Azure) vulnerabilities (03:45)
- 5 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
- 4.15 Azure on both 18.04, 16.04 ESM + 14.04 ESM
[USN-6093-1] Linux kernel (BlueField) vulnerabilities (03:54)
- 9 CVEs addressed in Focal (20.04 LTS)
- 5.4
- NVIDIA BlueField platform
[USN-6094-1] Linux kernel vulnerabilities (04:02)
- 8 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- 5.4 20.04 / 18.04 HWE on all generic, Azure, GKE, IBM, OEM, AWS, KVM, Low latency etc
[USN-6095-1] Linux kernel vulnerabilities (04:29)
- 5 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS)
- 4.15 18.04 snapdragon + raspi2; 16.04 HWE etc
[USN-6050-2] Git vulnerabilities (04:50)
- 2 CVEs addressed in Xenial ESM (16.04 ESM)
- RCE via a crafted
.gitmodules
file with submodule URLs longer than 1024 chars - could inject arbitrary config into the users git config - eg. could configure the pager or editor etc to run some arbitrary command - Local file overwrite via crafted input to
git apply --reject
[USN-6088-1] runC vulnerabilities (05:39)
- 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)
- Vuln where the cgroup hierarchy of the host may be exposed within the container and be writable - could possibly use this to privesc
- Regression from a previous vuln fix in CVE-2019-19921 (see [USN-4297-1] runC vulnerabilities in Episode 66)
- Possible to bypass AppArmor (or SELinux) restrictions on runc if a container
[USN-6088-2] runC vulnerabilities (06:26)
- 6 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-6086-1] minimatch vulnerability (06:31)
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- ReDoS against nodejs package
[USN-6087-1] Ruby vulnerabilities (06:39)
- 2 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
- Speaking of ReDoS - two in ruby - mentioned previously in [USN-6055-2] Ruby regression Episode 194 - has been fixed properly now without introducing the previous regression
[USN-5900-2] tar vulnerability (07:03)
- 1 CVEs addressed in Lunar (23.04)
- [USN-5900-1] tar vulnerability from Episode 189
[USN-5996-2] Libloius vulnerabilities (07:17)
- 3 CVEs addressed in Lunar (23.04)
- Braille translation library
- 3 different buffer overflows
[USN-6099-1] ncurses vulnerabilities (07:27)
- 5 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)
- Most interesting vuln here was possible memory corruption via malformed terminfo database which can be set via
TERMINFO
of though~/.terminfo
- will get used by asetuid
binary as well - turns out though that ncurses has a build-time configuration option to disable the use of custom terminfo/termcap when running - fixed this by enabling that
[USN-6073-6, USN-6073-7, USN-6073-8, USN-6073-9] Cinder, Glance store, Nova, os-brick regressions (08:34)
- Affecting Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)
- [USN-6073-1, USN-6073-2, USN-6073-3, USN-6073-4] Cinder, Glance Store, Nova, os-brick vulnerability from Episode 195
[USN-5725-2] Go vulnerability (08:50)
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
[USN-6042-2] Cloud-init regression (08:55)
- Affecting Focal (20.04 LTS)
- Published an update to cloud-init a few weeks ago - this was due to a vuln where credentials may get accidentally logged to the cloud-init log file - this was a newer version of cloud-init and it relied on a feature in the netplan package that was not published to the security pocket - easy fix would be to publish this version of netplan to -security but this is not in the spirit of the pocket - so instead cloud-init was updated to include a fallback to ensure routes were appropriately retained
[USN-6098-1] Jhead vulnerabilities (09:48)
- 8 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)
- EXIF JPEG header manipulation tool written in C
- Heap buffer overflows, NULL ptr derefs, OOB reads etc
[USN-6102-1] xmldom vulnerabilities (10:12)
- 3 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10)
- NodeJS javascript DOMParser and XMLSerializer
- Logic error where failed to preserve identifiers or namespaces when parsing malicious documents
- Prototype pollution
- Parses documents with multiple top-level elements and combines all their elements
[USN-6101-1] GNU binutils vulnerabilities (10:50)
- 6 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS), Kinetic (22.10), Lunar (23.04)
- Assembler, linker and other utils for handling binary files
- Generally not expected to be fed untrusted input, but notheless
- various buffer overflows (read and write) - DoS / RCE
[USN-6074-3] Firefox regressions (11:38)
- 11 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- 113.0.2
[USN-6103-1] JSON Schema vulnerability (11:50)
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
- NodeJS package for JSON document manipulation - prototype pollution vuln
Goings on in Ubuntu Security Community
Security related announcements from PyPI (12:21)
-
- will no longer support new PGP signatures for PyPI packages in response to a recent public blog post detailing an audit of the PGP ecosystem with PyPI
- most devs not uploading PGP signatures and of those that were, 30% were not available on major public keyservers and of those that were nearly half were not able to be meaningfully verified - some had expired, others had no binding signature to be able to verify them
- will no longer support new PGP signatures for PyPI packages in response to a recent public blog post detailing an audit of the PGP ecosystem with PyPI
-
- Ordered by DOJ to provide details on 5 PyPI usernames, including names, addresses, connection records, payment details, which packages and IP logs etc
- Provided these details after consulting with their lawyers
- Includes the specific attributes which were provided including the database queries used to lookup those records
- likely in response to recent security issues like typosquatting of popular packages with credential stealers and other malware embedded - over the past weekend, account sign-up and package uploads were blocked due to an overwhelming large number of malicious users and projects being created which the admins could not keep up with
Securing PyPI accounts via Two-Factor Authentication
- Every account that maintains a project / organisation will be required to enable 2FA by the end of this year
- supports both TOTP and WebAuthN
- Already announced this for most critical projects last year where they gave away Google Titan security keys to those projects and mandated them to use 2FA
- Every account that maintains a project / organisation will be required to enable 2FA by the end of this year
LSS NA 2023 (16:11)
- Attended by John Johansen and Mark Esler from the Ubuntu Security Team
- John presented in the LSM Maintainers Panel with Mickaël Salaün, Casey Schaufler, Mimi Zohar & moderated by Paul Moore
- All presentations now online: https://www.youtube.com/playlist?list=PLbzoR-pLrL6q4vmwFP7-ZZ1LJc5mA3Hqu
- Lots of interesting bits like:
- systemd and TPM2
- Verifiable End to End Secure OCI Native Machines
- Progress on Bounds Checking in C and the Linux Kernel
- for more great content with Kees check out Seth and John talk Linux Kernel Security with Kees Cook from Episode 145
- Building the Largest Working Set of Apparmor Profiles
- Controlling Script Execution
Announcement of 18.04 LTS going into ESM on 31 May 2023 (18:55)
- https://lists.ubuntu.com/archives/ubuntu-security-announce/2023-May/007371.html
- 18.04 LTS released on 26 April 2018
- https://canonical.com/blog/18-04-end-of-standard-support
Get in contact
248 قسمت
همه قسمت ها
×به Player FM خوش آمدید!
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.