Mmelite mmezi na ngwa ngwa dị maka imepụta ngwugwu Flatpak nwere onwe ya 1.14.4, 1.12.8, 1.10.8 na 1.15.4, nke na-edozi adịghị ike abụọ:
- CVE-2023-28100 - ikike idetuo na dochie ederede n'ime ihe ntinye ihe njikwa ihe njikwa site na ijikwa TIOCLINUX ioctl mgbe ị na-etinye ngwugwu flatpak nke onye mwakpo kwadebere. Dịka ọmụmaatụ, enwere ike iji adịghị ike ahụ wepụta iwu aka ike na njikwa mgbe emechara usoro nwụnye nke ngwugwu ndị ọzọ. Nsogbu a na-apụta naanị na kọmpụta mebere nke ọma (/dev/tty1, /dev/tty2, wdg) na anaghị emetụta nnọkọ na xterm, gnome-terminal, Konsole na ọdụ eserese ndị ọzọ. Ọdịmma ahụ abụghị kpọmkwem maka flatpak ma enwere ike iji ya wakpo ngwa ndị ọzọ, dịka ọmụmaatụ, adịghị ike yiri nke ahụ na mbụ nke kwere ka edochi agwa site na interface TIOCSTI ioctl dị na / bin/sandbox na snap.
- CVE-2023-28101 - Ọ ga-ekwe omume iji usoro mgbapụ na ndepụta ikike dị na ngwugwu metadata iji zoo ozi mmepụta njedebe gbasara ikike agbatịkwuru arịrịọ n'oge ntinye ma ọ bụ melite ngwugwu site na interface ahịrị iwu. Ndị mwakpo nwere ike iji adịghị ike a duhie ndị ọrụ gbasara nzere ejiri na ngwugwu ahụ. GUI maka ịwụnye ngwugwu Flatpak, dị ka GNOME Software na KDE Plasma Discover, anaghị emetụta okwu a.
isi: opennet.ru