Kugadziriswa kuburitswa kweX.Org Server 21.1.4 kunowanikwa, iyo inogadzirisa kusakwana kuviri muXkb ekuwedzera madhiri, ichikubvumidza iwe kukwidziridza maropafadzo ako pahurongwa kana X server ichishanda semudzi, kana kuita kodhi pane iri kure system. kana musangano redirection uchishandiswa kuwana X11 uchishandisa SSH. Kusagadzikana kunokonzerwa nekushaikwa kweiyo saizi yekutarisa muProcXkbSetGeometry (CVE-2022-2319) uye ProcXkbSetDeviceInfo (CVE-2022-2320) vanokumbira vanobata, izvo zvinogona kushandiswa kunyorera kunzvimbo yekuyeuka iri kunze kwemiganhu yeiyo yakagoverwa buffer. .
Panyaya yeProcXkbSetGeometry, pakanga pasina cheki yehukuru hweminda yekukumbira, iyo yaibvumira mutengi kukonzera mafashama nekutsanangura huwandu hwezvikamu mukukumbira izvo zvisingaenderane neiyo data yakatumirwa. MuProcXkbSetDeviceInfo mubato, kusazvibata kunokonzerwa nekurongeka kwakashata kwemafoni ebasa - basa rekutarisa paramita rakadaidzwa mushure mebasa rakashandiswa paramita iyi (mazita emabasa akasanganiswa uye XkbSetDeviceInfo basa raisanganisira kodhi yekutarisa. , uye XkbSetDeviceInfoCheck - yekuseta tsika).
Source: opennet.ru