O se faʻasaʻoga faʻasaʻo o le faletusi libXpm 3.5.15, na atiaʻe e le poloketi X.Org ma faʻaaogaina mo faila faila i le XPM format, ua faʻasalalau. O le lomiga fou e faʻaleleia ai faʻafitauli e tolu, e lua (CVE-2022-46285, CVE-2022-44617) e taʻitaʻia ai se matasele pe a faʻaogaina faila XPM faʻapitoa. O le fa'aletonu lona tolu (CVE-2022-4883) e mafai ai ona fa'atinoina tulafono fa'atonu pe a fa'atino talosaga e fa'aoga ai le libXpm. A fa'agasolo faiga fa'apitoa e feso'ota'i ma le libXpm, mo se fa'ata'ita'iga, polokalame fa'atasi ma le fu'a a'a suid, o le fa'aletonu e mafai ai ona fa'ateleina avanoa o se tasi.
O le faʻafitauli e mafua mai i le auala e galue ai le libXpm ma faila XPM faʻapipiʻi - pe a faʻaogaina faila XPM.Z poʻo XPM.gz, e faʻalauiloa e le faletusi mea faigaluega fafo (uncompress or gunzip) e faʻaaoga ai le execlp() valaau, o le ala lea e fuafua e faʻavae. i luga ole suiga ole siosiomaga PATH. O le osofaʻiga e faʻapipiʻi i lalo i le tuʻuina i totonu o se lisi e mafai ona maua e le tagata faʻaoga, o loʻo iai i le lisi o le PATH, o ana lava faila uncompress poʻo gunzip faila, lea o le a faʻatinoina pe a faʻalauiloa se talosaga e faʻaaoga ai le libXpm.
O le faʻafitauli na faʻamautuina e ala i le suia o le execlp call i le execl faʻaaoga auala atoatoa i mea aoga. E le gata i lea, o le filifiliga faʻapotopotoga "--disable-open-zfile" ua faʻaopoopoina, lea e faʻatagaina ai oe e faʻamalo le gaioiga o faila faʻapipiʻi ma valaʻau faʻaoga fafo mo le tatalaina.
puna: opennet.ru