Kururamisa kuburitswa kweX.Org Server 21.1.9 uye chikamu cheDDX (Chishandiso-Chinotsamira X) xwayland 22.2.2 zvakatsikiswa, izvo zvinoita kuti pave neX.Org Server yekuronga kuitwa kweX11 maapplication munzvimbo dzeWayland-based. Idzi shanduro itsva dzinogadzirisa kusagadzikana kunogona kushandiswa kuwedzera ropafadzo pamasisitimu anomhanyisa X sevha semudzi, pamwe nekuita kodhi kure muzvirongwa zvinoshandisa X11 sesheni redirection kuburikidza neSSH yekuwana.
Nyaya dzakaonekwa:
- CVE-2023-5367 - Buffer kufashukira muXICangeDeviceProperty uye RRChangeOutputProperty mabasa, ayo anogona kushandiswa nekubatanidza zvimwe zvinhu kune yekuisa mudziyo mudziyo kana iyo randr pfuma. Kusagadzikana kwave kuripo kubva pakaburitswa xorg-server 1.4.0 (2007) uye kunokonzerwa nekuverengwa kweiyo isiriyo offset kana uchibatanidza zvimwe zvinhu kune zviripo, izvo zvinoita kuti zvinhu zviwedzerwe pane zvisiri izvo, zvichikonzera kunyora. kunzvimbo yekuyeuka iri kunze kwebhafa yakagoverwa. Semuenzaniso, kana ukawedzera zvinhu zvitatu kuzvinhu zvishanu zviripo, chiyeuchidzo chichagoverwa kune mutsara wezvikamu zvisere, asi izvo zvakambovapo zvichachengetwa mumutsara mutsva kutanga pa index 3 pane 5, zvichiita kuti zvinhu zviviri zvekupedzisira. kunyorwa kunze kwemiganhu.
- CVE-2023-5380 - shandisa-mushure-yemahara ndangariro kupinda muDestroyWindow basa. Dambudziko rinogona kushandiswa nekufambisa chinongedzo pakati pemasikirini mune akawanda-yekutarisa masisitimu mune zaphod modhi, umo imwe neimwe yekutarisa inogadzira yayo skrini, uye kudaidza mutengi hwindo rekuvhara basa. Kusagadzikana kwakaonekwa kubva pakaburitswa xorg-server 1.7.0 (2009) uye inokonzerwa nekuti mushure mekuvhara hwindo uye nekusunungura ndangariro yakabatana nayo, chinongedzo chinoshanda kuhwindo rekare chinoramba chiri muchimiro chinopa skrini. kusunga. Xwayland haina kukanganiswa nekusagadzikana kuri mubvunzo.
- CVE-2023-5574 - shandisa-mushure-yemahara ndangariro kupinda muDamageDestroy basa. Kusagadzikana kunogona kushandiswa muXvfb server panguva yekuchenesa iyo ScreenRec chimiro panguva yekuvharwa kweseva kana kubviswa kwemutengi wekupedzisira. Kufanana nekusagadzikana kwekare, dambudziko rinongoonekwa mune akawanda-yekutarisa masisitimu muZaphod modhi. Kusagadzikana kwave kuripo kubva pakaburitswa xorg-server-1.13.0 (2012) uye inoramba isina kugadziriswa (yakagadziriswa chete muchimiro chechigamba).
Pamusoro pekubvisa kusakuvara, xwayland 23.2.2 yakachinjawo kubva pa libbsd-overlay raibhurari kuenda ku libbsd uye yakamira kuzvibatanidza neRemoteDesktop XDG Desktop Portal interface kuti ione socket inoshandiswa kutumira zviitiko zveXTest kune inoumbwa sevha. Kubatanidza otomatiki kwakagadzira matambudziko paunenge uchimhanyisa Xwayland mune yakavakirwa composite server, saka mushanduro nyowani, iyo "-enable-ei-portal" sarudzo inofanirwa kujekeswa kuti ibatanidze kune portal.
Source: opennet.ru