ProHoster > Blog > internet nhau > X.Org Server 21.1.11 inogadziridza ine 6 kusasimba kwakagadziriswa

X.Org Server 21.1.11 inogadziridza ine 6 kusasimba kwakagadziriswa

Kururamisa kuburitswa kweX.Org Server 21.1.11 uye chikamu cheDDX (Chishandiso-Chinotsamira X) xwayland 23.2.4 zvakatsikiswa, izvo zvinovimbisa kutangwa kweX.Org Server yekuronga kuitwa kweX11 maapplication munzvimbo dzeWayland-based. Idzi shanduro itsva dzinogadzirisa kusakwana kwe6, mamwe acho anogona kushandiswa kuti awedzere ropafadzo pamasisitimu ayo X server iri kushanda semudzi, pamwe nekuita kwekodhi kodhi mumagadzirirwo anoshandisa X11 musangano redirection kuburikidza neSSH yekuwana.

Nyaya dzakaonekwa:

  • CVE-2023-6816 - Kufashukira kwebuffer kunoitika kana isiriyo rondedzero index inopfuudzwa muDeviceFocusEvent uye ProcXIQueryPointer mashandiro. Kusagadzikana kunokonzerwa nenyaya yekuti X server inogovera array memory zvichienderana nenhamba chaiyo yemabhatani, nepo chikumbiro ichibvumira kukosha kusvika 255 muhurongwa. Dambudziko rave pachena kubva pakaburitswa xorg-server-1.13.0 .2012 (XNUMX).
  • CVE-2024-0229 Bhavha yekunze-ye-mabhondi nyora kuburikidza nekubatanidza kune imwe tenzi mudziyo mukumisikidzwa uko mudziyo wacho zvese zvakashongedzerwa zvinhu zvekupinza zvekirasi "bhatani" uye "kiyi" (kiyi), uye nhamba ye mabhatani (numButtons parameter) yakagadzirirwa ku 0. Dambudziko rave richionekwa kubva pakusunungurwa kwe xorg-server-1.1.1 (2006).
  • CVE-2024-21885 - A buffer kufashukira muXISendDeviceHierarchyEvent function inoitika kana mudziyo une ID yakapihwa ukabviswa uye mudziyo une ID imwechete unowedzerwa muchikumbiro chimwe chete. Kusagadzikana kunokonzerwa nenyaya yekuti panguva yekushanda kaviri kwechiziviso chimwe, zviitiko zviviri zve xXIHierarchyInfo chimiro zvinonyorwa kamwechete, nepo XISendDeviceHierarchyEvent basa rinogovera ndangariro kwechiitiko chimwe. Dambudziko rave kuoneka kubva pakaburitswa xorg-server-1.10.0 (2010).
  • CVE-2024-21886 - Iyo buffer inofashukira muDisableDevice basa rinoitika kana tenzi mudziyo wakadzimwa nepo michina yevaranda yatovharwa. Kusagadzikana kunokonzerwa nekuverenga kusiri iko kwehukuru hwechimiro chekuchengetedza rondedzero yemidziyo. Dambudziko rave kuoneka kubva pakaburitswa xorg-server-1.13.0 (2012).
  • CVE-2024-0409, CVE-2024-0408 - SELinux huwori hwemamiriro ezvinhu paunogonesa xserver_object_manager uye kumhanya mutengi kana kugadzira GLX PBuffer.

Source: opennet.ru

Voeg