Iyo libinput 1.20.1 raibhurari, iyo inopa yakabatana yekuisa stack iyo inokutendera iwe kushandisa nzira imwechete yekugadzirisa zviitiko kubva mumidziyo yekupinza munzvimbo dzakabva paWayland neX.Org, yakabvisa kusagadzikana (CVE-2022-1215), iyo inokutendera kuti uronge maitirwo ekodhi yako paunenge uchibatanidza yakanyatsogadziridzwa / yakateedzerwa yekuisa mudziyo kune sisitimu. Dambudziko rinozviratidza munzvimbo dzakavakirwa paX.Org uye Wayland, uye rinogona kushandiswa zvese kana uchibatanidza midziyo munharaunda uye pakugadzirisa zvishandiso zvine Bluetooth interface. Kana sevha yeX iri kushanda semudzi, kusagadzikana kunobvumira kodhi kuti iitwe neropafadzo dzakakwirira.
Dambudziko rinokonzerwa nekukanganisa kwekufometa kwemutsara mune kodhi ine chekuita nekuburitsa ruzivo rwekubatanidza mudziyo kune irogi. Kunyanya, iyo evdev_log_msg basa, uchishandisa kudana kune snprintf, yakashandura yepakutanga fomati tambo yekupinda kwelogi, iyo iyo zita rekushandisa rakawedzerwa se prefix. Zvadaro, tambo yakagadziridzwa yakapfuudzwa kune log_msg_va basa, iro rakashandisawo printf basa. Saka, nharo yekutanga kuprintf, iyo maitiro ekuparura mavara akashandiswa, ine data yekunze isina kutenderwa, uye munhu anorwisa anogona kutanga huwori hwemurwi nekuita kuti mudziyo udzose zita rine mavara emhando yetambo (semuenzaniso, "Evil %s") .
Source: opennet.ru