Lub tsev qiv ntawv libinput 1.20.1, uas muab cov khoom sib koom ua ke uas tso cai rau koj siv tib txoj kev ua cov txheej xwm los ntawm cov khoom siv nkag hauv ib puag ncig raws li Wayland thiab X.Org, tau tshem tawm qhov tsis zoo (CVE-2022-1215), uas tso cai rau koj los npaj qhov kev ua tiav ntawm koj cov cai thaum txuas ib qho tshwj xeeb hloov kho / emulated input ntaus ntawv mus rau qhov system. Qhov teeb meem tshwm sim nws tus kheej hauv ib puag ncig raws li X.Org thiab Wayland, thiab tuaj yeem siv tau ob qho tib si thaum txuas cov khoom siv hauv zos thiab thaum tswj cov khoom siv nrog Bluetooth interface. Yog tias X server tab tom khiav raws li hauv paus, qhov tsis muaj peev xwm tso cai rau kev ua tiav nrog cov cai tsim nyog.
Qhov teeb meem yog tshwm sim los ntawm ib tug kab formatting yuam kev nyob rau hauv lub code lub luag hauj lwm rau outputting ntaus ntawv kev twb kev txuas cov ntaub ntawv rau lub cav. Hauv particular, evdev_log_msg muaj nuj nqi, siv kev hu rau snprintf, hloov cov thawj hom hlua ntawm lub cav nkag, uas lub npe ntaus ntawv tau ntxiv ua ntej. Tom ntej no, cov hlua hloov kho tau dhau mus rau log_msg_va muaj nuj nqi, uas nyob rau hauv lem siv lub printf muaj nuj nqi. Yog li, thawj qhov kev sib cav rau printf, rau qhov twg hom cim kev txheeb xyuas tau siv, muaj cov ntaub ntawv tsis raug sab nraud, thiab tus neeg tawm tsam tuaj yeem pib pawg kev noj nyiaj txiag los ntawm kev ua rau lub cuab yeej xa rov qab lub npe uas muaj cov cim hom (piv txwv li, "Evil %s") .
Tau qhov twg los: opennet.ru