Kugadzirisa kuburitswa kwe libXpm 3.5.15 raibhurari yakagadzirwa neiyo X.Org purojekiti uye inoshandiswa kugadzirisa mafaera mumhando ye XPM yaburitswa. Iyo vhezheni nyowani inogadzirisa kusakwana kutatu, maviri acho (CVE-2022-46285, CVE-2022-44617) anotungamira kune loop kana uchigadzira akagadzirwa akagadzirwa XPM mafaera. Kusagadzikana kwechitatu (CVE-2022-4883) inobvumira mirairo yekupokana kuti iitwe paunenge uchiita maapplication anoshandisa libXpm. Paunenge uchimhanyisa maitiro ane rombo akabatana ne libXpm, senge zvirongwa zvine suid mudzi mureza, kusagadzikana kunoita kuti zvikwanise kuwedzera ropafadzo dzavo.
Kusagadzikana uku kunokonzerwa nechinhu chebasa re libXpm ine akadzvanywa XPM mafaera - kana uchigadzira XPM.Z kana XPM.gz mafaera, raibhurari, ichishandisa execlp() kufona, inotangisa ekunze kuburitsa zvishandiso (uncompress kana gunzip), nzira iyo inoverengerwa zvichienderana nePATH nharaunda inoshanduka. Kurwiswa kwacho kunosvika pakuisa mushandisi-inosvikika dhairekitori iripo mune PATH runyorwa, yako uncompress kana gunzip inoteeka mafaera, ayo anozoitwa kana application inoshandisa libXpm yatangwa.
Kusagadzikana kwakagadziriswa nekutsiva iyo execlp call ne execl uchishandisa nzira dzakakwana dzezvishandiso. Pamusoro pezvo, iyo sarudzo yekuvaka "-disable-open-zfile" yawedzerwa, iyo inobvumidza iwe kudzima kugadziridzwa kwemafaira akadzvanywa uye kudaidza zvekunze zvinoshandiswa kuti zviburitse.
Source: opennet.ru