Kev kho qhov tso tawm ntawm libXpm 3.5.15 lub tsev qiv ntawv, tsim los ntawm X.Org qhov project thiab siv rau kev ua cov ntaub ntawv hauv XPM hom, tau luam tawm. Tus tshiab version kho peb qhov tsis zoo, ob qho (CVE-2022-46285, CVE-2022-44617) ua rau lub voj voog thaum ua cov ntaub ntawv XPM tshwj xeeb tsim. Qhov thib peb qhov tsis zoo (CVE-2022-4883) tso cai rau cov lus txib tsis raug cai thaum ua cov ntawv thov uas siv libXpm. Thaum khiav cov txheej txheem tsim nyog cuam tshuam nrog libXpm, piv txwv li, cov kev pab cuam nrog tus chij suid hauv paus, qhov muaj qhov tsis zoo ua rau nws muaj peev xwm nce qhov muaj cai.
Qhov tsis zoo yog tshwm sim los ntawm txoj kev libXpm ua haujlwm nrog cov ntaub ntawv XPM compressed - thaum ua cov ntaub ntawv XPM.Z lossis XPM.gz, lub tsev qiv ntawv tso tawm sab nraud uncompress utilities (uncompress lossis gunzip) siv execlp() hu, txoj hauv kev uas suav nrog ntawm PATH ib puag ncig hloov pauv. Qhov kev tawm tsam npau taws rau tso rau hauv cov npe nkag tau rau tus neeg siv, tam sim no hauv PATH daim ntawv teev npe, nws tus kheej uncompress lossis gunzip executable cov ntaub ntawv, uas yuav raug tua yog tias daim ntawv thov siv libXpm tau pib.
Qhov tsis zoo tau raug kho los ntawm kev hloov qhov kev hu xov tooj execlp nrog execl siv txoj hauv kev rau kev siv hluav taws xob. Tsis tas li ntawd, qhov kev xaiv los ua ke "--disable-open-zfile" tau ntxiv, uas tso cai rau koj los lov tes taw ua cov ntaub ntawv compressed thiab hu rau cov khoom siv sab nraud rau unpacking.
Tau qhov twg los: opennet.ru