ProHoster > Блог > xov xwm hauv internet > X.Org Server 21.1.10 hloov tshiab nrog kev kho qhov tsis muaj zog. Tshem tawm kev txhawb nqa UMS ntawm lub kernel. Linux

X.Org Server 21.1.10 hloov tshiab nrog kev kho qhov tsis muaj zog. Tshem tawm kev txhawb nqa UMS ntawm lub kernel. Linux

Cov kev tso tawm kho ntawm X.Org Server 21.1.10 thiab xwayland 23.2.3 Device-Dependent X (DDX) Cheebtsam, uas ua rau X.Org Server khiav X11 daim ntawv thov hauv Wayland-based ib puag ncig, tau raug tshaj tawm. Cov versions tshiab kho ob qhov tsis muaj zog. Qhov tsis muaj zog thawj zaug tuaj yeem siv los nce cov cai ntawm cov kab ke khiav X server ua tus hauv paus, nrog rau kev ua tiav cov lej deb hauv cov kev teeb tsa uas siv X11 kev hloov pauv ntawm SSH.

Cov teeb meem tau txheeb xyuas:

  • CVE-2023-6377 — Muaj qhov buffer overflow hauv XKB button handler tshwm sim thaum hloov cov logical input devices (piv txwv li, thaum hloov ntawm touchpad mus rau nas) vim yog kev xam cov ntaub ntawv ntawm lub cuab yeej tsis raug. Lub X server tsuas yog muab lub cim xeeb txaus rau ib lub XKB button handler xwb, tsis tau xav txog tus lej tiag tiag ntawm cov nyees khawm ntawm lub cuab yeej tshiab. Yog li ntawd, kev thov hloov XKB button handlers ua rau cov ntaub ntawv raug sau rau hauv ib qho out-of-bounds buffer. Qhov teeb meem tau muaj txij li thaum tso tawm xorg-server-1.6.0 (2009).
  • CVE-2023-6478 yog qhov tsis muaj zog integer overflow uas tshwm sim thaum xa cov kev thov tshwj xeeb RRChangeProviderProperty thiab RRChangeOutputProperty. Qhov tsis muaj zog no tuaj yeem ua rau nyeem tawm ntawm ciam teb, ua rau muaj kev xau ntawm lub cim xeeb. Qhov teeb meem no yog tshwm sim los ntawm kev siv 32-bit int hom hauv ib qho variable siv rau kev xam qhov loj me, uas tuaj yeem overflow thaum xa cov kev thov loj. Cov teeb meem no tau muaj txij li thaum tso tawm xorg-server-1.4.0 (2004) thiab xorg-server-1.13.0 (2012).

Tsis tas li ntawd xwb, peb xav sau tseg qhov kev thov kom tshem tawm cov kev hu ioctl nrog kev txhawb nqa UMS (Userspace Mode-Setting) los ntawm ceg linux-next, uas tab tom tsim kev hloov pauv rau lub kernel. Linux 6.8. Lub UMS interface yog tsim los rau kev hloov hom video ntawm tus neeg siv thiab tau siv rau hauv cov tsav tsheb qub heev uas tsis txhawb nqa lawm. Cov tsav tsheb uas muab UMS interface tau raug tshem tawm hauv xyoo 2016 thiab raug tshem tawm hauv kernel 6.3.

Tshwj xeeb, kernel 6.3 tau tshem tawm cov tsav tsheb hauv qab no: i810 (cov Intel 8xx integrated graphics cards qub), mga (Matrox GPU), r128 (ATI Rage 128 GPU, suav nrog Rage Fury, XPERT 99, thiab XPERT 128 daim npav), savage (S3 Savage GPU), sis (Crusty SiS GPU), tdfx (3dfx Voodoo), thiab via (VIA IGP). Vim tias tsis muaj kev thov kom rov qab siv cov tsav tsheb no txij li thaum lawv raug tshem tawm, kernel 6.8 yuav tshem tawm cov khoom siv UMS infrastructure siv hauv cov tsav tsheb no ntawm DRM subsystem. Cov tsav tsheb uas tseem muaj feem cuam tshuam tau ntev lawm tau hloov mus rau kev hloov hom video ntawm KMS (Kernel Mode Setting) interface.

Tau qhov twg los: opennet.ru

Yuav txhim khu kev qha hosting rau cov chaw nrog DDoS tiv thaiv, VPS VDS servers 🔥 Yuav lub vev xaib hosting txhim khu kev qha nrog kev tiv thaiv DDoS, VPS VDS servers | ProHoster