Zowongolera za X.Org Server 21.1.9 ndi gawo la DDX (Device-Dependent X) xwayland 22.2.2 zasindikizidwa, zomwe zimatsimikizira kukhazikitsidwa kwa Seva ya X.Org pokonzekera kukhazikitsidwa kwa mapulogalamu a X11 m'malo ozikidwa ku Wayland. Mitundu yatsopanoyi imayankhira zovuta zomwe zitha kugwiritsidwa ntchito ngati mwayi wokwera pamakina omwe akuyendetsa seva ya X ngati mizu, komanso kukhazikitsa ma code akutali pamasinthidwe omwe amagwiritsa ntchito kuwongolera gawo la X11 kudzera pa SSH kuti mupeze.
Zazindikirika:
- CVE-2023-5367 - Kusefukira kwa Buffer mu XICangeDeviceProperty ndi RRChangeOutputProperty ntchito, zomwe zitha kugwiritsidwa ntchito pophatikizira zinthu zina pazida zolowera kapena katundu wa randr. Chiwopsezocho chakhalapo kuyambira kutulutsidwa kwa xorg-server 1.4.0 (2007) ndipo imayamba chifukwa cha kuwerengera kolakwika pakuphatikiza zinthu zina kuzinthu zomwe zilipo, zomwe zimapangitsa kuti zinthu ziwonjezedwe molakwika, zomwe zimapangitsa kulemba. kumalo okumbukira kunja kwa bafa yoperekedwa. Mwachitsanzo, ngati muwonjezera zinthu zitatu kuzinthu zisanu zomwe zilipo kale, kukumbukira kudzaperekedwa pamagulu 3, koma zinthu zomwe zidalipo kale zidzasungidwa mumndandanda watsopano kuyambira pa index 5 osati 8, kuchititsa zinthu ziwiri zomaliza. kuti zilembedwe mopanda malire.
- CVE-2023-5380 - kugwiritsa ntchito kukumbukira kwaulere mu ntchito ya DestroyWindow. Vutoli likhoza kugwiritsidwa ntchito posuntha cholozera pakati pa zowonetsera muzitsulo zowonetsera zambiri mumtundu wa zaphod, momwe polojekiti iliyonse imapanga chinsalu chake, ndikuyitana ntchito yotseka zenera la kasitomala. Chiwopsezo chawonekera kuyambira kutulutsidwa kwa xorg-server 1.7.0 (2009) ndipo chimayamba chifukwa chakuti mutatha kutseka zenera ndikumasula kukumbukira komwe kumalumikizidwa nayo, cholozera chogwira ntchito pazenera lapitacho chimakhalabe mumpangidwe womwe umapereka skrini. kumanga. Xwayland sakukhudzidwa ndi chiopsezo chomwe chikufunsidwa.
- CVE-2023-5574 - kugwiritsa ntchito kukumbukira kwaulere mu ntchito ya DamageDestroy. Kuwonongeka kutha kugwiritsidwa ntchito mu seva ya Xvfb panthawi yochotsa mawonekedwe a ScreenRec panthawi yotseka seva kapena kuchotsedwa kwa kasitomala womaliza. Monga chiwopsezo cham'mbuyomu, vutoli limangowonekera pazosintha zamawu ambiri mu Zaphod. Chiwopsezo chakhalapo kuyambira kutulutsidwa kwa xorg-server-1.13.0 (2012) ndipo sichinakhazikike (chokhazikika ngati chigamba).
Kuphatikiza pa kuchotsa zofooka, xwayland 23.2.2 inasinthanso kuchoka ku laibulale ya libbsd-overlay kupita ku libbsd ndipo inasiya kulumikiza yokha ku mawonekedwe a RemoteDesktop XDG Desktop Portal kuti adziwe socket yomwe imagwiritsidwa ntchito potumiza zochitika za XTest ku seva yamagulu. Kulumikizana kwakanthawi kunayambitsa mavuto poyendetsa Xwayland mu seva yophatikizika, kotero mu mtundu watsopano, njira ya "-enable-ei-portal" iyenera kufotokozedwa momveka bwino kuti ilumikizane ndi portal.
Source: opennet.ru