Zosintha zowongolera pagulu la zida zilipo kuti mupange mapaketi a Flatpak okha 1.14.4, 1.12.8, 1.10.8 ndi 1.15.4, omwe amakonza zovuta ziwiri:
- CVE-2023-28100 - Kutha kukopera ndikulowetsa mawu mu buffer yolowetsamo yolumikizira pogwiritsa ntchito TIOCLINUX ioctl mukakhazikitsa phukusi la flatpak lokonzedwa ndi wowukira. Mwachitsanzo, chiwopsezocho chingagwiritsidwe ntchito kukhazikitsa malamulo osamveka mu kontrakitala mukamaliza kukhazikitsa phukusi la chipani chachitatu. Vutoli limangowonekera mu classic virtual console (/dev/tty1, /dev/tty2, etc.) ndipo silikhudza magawo mu xterm, gnome-terminal, Konsole ndi ma terminals ena ojambula. Chiwopsezo sichinatchulidwe ndi flatpak ndipo chitha kugwiritsidwa ntchito kuukira mapulogalamu ena, mwachitsanzo, zovuta zomwe zidaloleza kusinthana ndi zilembo kudzera pa TIOCSTI ioctl mawonekedwe adapezeka mu /bin/sandbox ndi snap.
- CVE-2023-28101 - Ndizotheka kugwiritsa ntchito njira zopulumukira pamndandanda wa zilolezo mu metadata ya phukusi kuti mubise zidziwitso zotuluka pazilolezo zomwe zapemphedwa pakukhazikitsa kapena kusinthidwa kwa phukusi kudzera pa mzere wamalamulo. Zigawenga zitha kupezerapo mwayi pachiwopsezochi kuti asokeretse ogwiritsa ntchito za zitsimikiziro zomwe zimagwiritsidwa ntchito mu phukusi. Ma GUI oyika ma Flatpak, monga GNOME Software ndi KDE Plasma Discover, sakhudzidwa ndi nkhaniyi.
Source: opennet.ru