Chiwopsezo (CVE-2022-45063) chadziwika mu xterm terminal emulator, yomwe imalola kuti malamulo a chipolopolo atsatidwe pamene njira zina zopulumukira zikukonzedwa mu terminal. Pachiwopsezo chosavuta, ndikwanira kuwonetsa zomwe zili mu fayilo yopangidwa mwapadera, mwachitsanzo, kugwiritsa ntchito mphaka, kapena kumata mzere kuchokera pa clipboard. printf "\e]50;i\$(kukhudza /tmp/hack-like-its-1999)\a\e]50;?\a" > cve-2022-45063 mphaka cve-2022-45063
Vutoli limayamba chifukwa cha zolakwika pakuwongolera katsatidwe ka code 50 komwe kumagwiritsidwa ntchito kukhazikitsa kapena kubweza zosankha zamafonti. Ngati font yomwe yafunsidwayo palibe, ntchitoyi imabwezeretsanso dzina la font lomwe latchulidwa mu pempholo. Simungathe kuyika zilembo zowongolera m'dzinalo, koma chingwe chobwezeredwacho chingathe kuthetsedwa ndi "^G", yomwe mu zsh, pamene mawonekedwe akusintha mzere wa vi-style akugwira ntchito, amachititsa kuti mndandanda wowonjezera uchitike, womwe ungathe. kugwiritsidwa ntchito kuyendetsa malamulo popanda kukanikiza mwatsatanetsatane batani la Enter.
Kuti agwiritse ntchito bwino chiwopsezocho, wogwiritsa ntchitoyo ayenera kugwiritsa ntchito chipolopolo cha Zsh chokhala ndi mzere wowongolera (vi-cmd-mode) wokhazikitsidwa kukhala "vi", womwe nthawi zambiri sugwiritsidwa ntchito mwachisawawa pogawa. Vuto silimawonekeranso pomwe zosintha za xterm allowWindowOps=false or allowFontOps=zabodza zakhazikitsidwa. Mwachitsanzo, allowFontOps=zabodza zimayikidwa mu OpenBSD, Debian ndi RHEL, koma sizimayikidwa mwachisawawa mu Arch Linux.
Tikayang'ana mndandanda wa zosintha ndi mawu a wofufuza yemwe adazindikira vutoli, chiwopsezocho chidakhazikika pakutulutsidwa kwa xterm 375, koma malinga ndi magwero ena, chiwopsezocho chikupitilira kuwonekera mu xterm 375 kuchokera ku Arch Linux. Mutha kuyang'anira kusindikizidwa kwa zosintha pogawira masamba awa: Debian, RHEL, Fedora, SUSE, Ubuntu, Arch Linux, OpenBSD, FreeBSD, NetBSD.
Source: opennet.ru