Kugadziridza zvigadziriso kune kit yezvishandiso zviripo kuti ugadzire wega-ine Flatpak mapakeji 1.14.4, 1.12.8, 1.10.8 uye 1.15.4, iyo inogadzirisa kusagadzikana kuviri:
- CVE-2023-28100 - kugona kukopa uye kutsiva mameseji muiyo chaiyo koni yekuisa buffer kuburikidza nekunyengedza kweTIOCLINUX ioctl kana uchiisa flatpak package yakagadzirirwa neanorwisa. Semuyenzaniso, kusazvibata kwacho kunogona kushandiswa kuvhura mirairo isingaite mukoni mushure mekuita kwekumisikidza kwepakeji yebato rechitatu kwapera. Dambudziko rinongowanikwa mukirasi chaiyo yekunyaradza (/dev/tty1, /dev/tty2, nezvimwewo) uye haikanganisi zvikamu mu xterm, gnome-terminal, Konsole uye mamwe graphical terminals. Kusagadzikana hakusi kuflatpak uye kunogona kushandiswa kurwisa mamwe maapplication, semuenzaniso, kusagadzikana kwakafanana kwakabvumira kutsiviwa kwehunhu kuburikidza neTIOCSTI ioctl interface yakawanikwa mu /bin/sandbox uye snap.
- CVE-2023-28101 - Izvo zvinogoneka kushandisa kutiza kutevedzana mune runyorwa rwemvumo mupakeji metadata kuviga terminal yekubuda ruzivo nezve yakakumbirwa mvumo yakawedzerwa panguva yekuisa kana kugadzirisa pasuru kuburikidza neyekuraira mutsara interface. Vanorwisa vanogona kushandisa kusazvibata uku kutsausa vashandisi nezvehunhu hunoshandiswa mupakeji. MaGUI ekuisa maFlatpak mapakeji, akadai seGNOME Software uye KDE Plasma Discover, haana kukanganiswa nenyaya iyi.
Source: opennet.ru