Ana samun sakin gyaran gyare-gyare na X.Org Server 21.1.4, wanda ke gyara lahani biyu a cikin masu sarrafa tsawo na Xkb, yana ba ku damar haɓaka haƙƙin ku akan tsarin idan uwar garken X yana gudana azaman tushen, ko don aiwatar da lamba akan tsarin nesa. idan aka yi amfani da juyar da zaman don samun damar X11 ta amfani da SSH. Matsalolin sun samo asali ne saboda rashin daidaiton girman dubawa a cikin ProcXkbSetGeometry (CVE-2022-2319) da ProcXkbSetDeviceInfo (CVE-2022-2320) masu buƙatun buƙatun, waɗanda za a iya amfani da su don rubuta zuwa wurin ƙwaƙwalwar ajiya a waje da iyakokin duk abin da aka keɓe. .
A cikin yanayin ProcXkbSetGeometry, babu rajista don girman filayen buƙatun, wanda ya ba abokin ciniki damar haifar da ambaliya ta hanyar ƙididdige sassa da yawa a cikin buƙatar da ba ta dace da ainihin bayanan da aka aiko ba. A cikin mai kula da ProcXkbSetDeviceInfo, raunin yana faruwa ne ta hanyar tsarin kiran aiki mara daidai - ana kiran aikin duba sigogi bayan aikin da aka yi amfani da waɗannan sigogi (sunayen ayyukan sun haɗu kuma aikin XkbSetDeviceInfo ya haɗa da lambar don dubawa). , da XkbSetDeviceInfoCheck - don saita dabi'u).
source: budenet.ru