ProHoster > Блог > labaran intanet > Sabunta X.Org Server 21.1.9 da xwayland 23.2.2 tare da ƙayyadaddun lahani

Sabunta X.Org Server 21.1.9 da xwayland 23.2.2 tare da ƙayyadaddun lahani

An buga gyaran gyare-gyare na X.Org Server 21.1.9 da DDX bangaren (Na'ura-Dependent X) xwayland 22.2.2, wanda ke tabbatar da ƙaddamar da X.Org Server don shirya aiwatar da aikace-aikacen X11 a cikin wuraren da ke cikin Wayland. Sabbin nau'ikan suna magance raunin da za a iya amfani da su don haɓaka gata akan tsarin da ke tafiyar da uwar garken X azaman tushen, haka kuma don aiwatar da lambar nesa a cikin saitunan da ke amfani da jujjuyawar zaman X11 ta hanyar SSH don samun dama.

Abubuwan da aka gano:

  • CVE-2023-5367 - Buffer ambaliya a cikin XIChangeDeviceProperty da RRChangeOutputProperty ayyuka, waɗanda za a iya amfani da su ta haɗa ƙarin abubuwa zuwa kayan shigar da kayan aikin ko kayan randr. Rashin lahani ya kasance tun lokacin da aka saki xorg-server 1.4.0 (2007) kuma ana haifar da shi ta hanyar ƙididdige rashin daidaituwa lokacin da aka haɗa ƙarin abubuwa zuwa kaddarorin da ke akwai, wanda ke haifar da ƙara abubuwa a cikin kuskuren kuskure, wanda ya haifar da rubutawa. zuwa wurin žwažwalwar ajiya a wajen da aka keɓe. Misali, idan ka sanya abubuwa 3 zuwa abubuwan da ke akwai 5, za a kebe memori don tsararrun abubuwa guda 8, amma abubuwan da suke da su a baya za a adana su a cikin sabon tsarin da zai fara daga index 5 maimakon 3, yana haifar da abubuwa biyu na ƙarshe. da za a rubuta daga cikin iyaka.
  • CVE-2023-5380 – amfani-bayan-free damar ƙwaƙwalwar ajiya a cikin aikin DestroyWindow. Ana iya amfani da matsalar ta hanyar matsar da mai nuna alama tsakanin allo a cikin saitunan saka idanu da yawa a cikin yanayin zaphod, wanda kowane mai saka idanu ke ƙirƙirar nasa allo, da kiran taga abokin ciniki kusa da aiki. Rashin lahani ya bayyana tun lokacin da aka saki xorg-server 1.7.0 (2009) kuma yana haifar da gaskiyar cewa bayan rufe taga da kuma yantar da ƙwaƙwalwar da ke hade da shi, mai nuna alama mai aiki zuwa taga da ta gabata ya kasance a cikin tsarin da ke samar da allon. ɗaure. Rashin lahani da ake tambaya bai shafe Xwayland ba.
  • CVE-2023-5574 - Rauni bayan amfani ba tare da amfani ba a cikin aikin DamageDestroy. Ana iya amfani da wannan raunin a cikin uwar garke Xvfb yayin tsaftace tsarin ScreenRec yayin kashe sabar ko kuma cire haɗin abokin ciniki na ƙarshe. Kamar raunin da ya gabata, wannan matsalar tana bayyana kanta ne kawai a cikin saitunan masu saka idanu da yawa a cikin yanayin Zaphod. Rashin raunin ya kasance tun lokacin fitowar xorg-server-1.13.0 (2012) kuma har yanzu ba a gyara shi ba (gyaran kawai shine faci).

Baya ga gyara raunin da ke tattare da shi, xwayland 23.2.2 ya kuma ƙaura daga ɗakin karatu na libbsd-overlay zuwa libbsd kuma ya daina haɗawa ta atomatik zuwa hanyar haɗin RemoteDesktop XDG Desktop Portal don tantance soket ɗin da ake amfani da shi don aika composite. uwar garken Abubuwan da suka faru na XTest. Haɗi ta atomatik ya haifar da matsaloli lokacin gudanar da Xwayland a cikin sabar haɗin da aka haɗa, don haka a cikin sabuwar sigar, dole ne a ƙayyade zaɓin "-enable-ei-portal" a sarari don haɗawa da tashar.

source: budenet.ru

Sayi amintaccen masauki don shafuka tare da kariyar DDoS, sabar VPS VDS 🔥 Sayi ingantaccen masaukin yanar gizo tare da kariyar DDoS, sabar VPS VDS | ProHoster