Kusagadzikana kwaonekwa mu xterm terminal emulator (CVE-2022-45063) inobvumira mirairo yegomba kuti iitwe kana mamwe mateedzero ekupukunyuka agadziriswa muterminal. Nekurwiswa mune yakareruka kesi, zvakakwana kuratidza zviri mukati meyakanyatsogadzirwa faira pachiratidziri, semuenzaniso, kushandisa katsi utility, kana kunamira mutsara kubva pa clipboard. printf "\e]50;i\$(kubata /tmp/hack-like-its-1999)\a\e]50;?\a" > cve-2022-45063 katsi cve-2022-45063
Dambudziko rinokonzerwa nebug mukugadziriswa kwekodhi kodhi 50 inoshandiswa kuseta kana kuwana mafonti sarudzo. Kana iyo yakakumbirwa font isipo, oparesheni inodzosa zita refonti rataurwa muchikumbiro. Kudzora mavara haagone kuiswa zvakananga muzita, asi tambo yakadzoserwa inogona kugumiswa ne "^G" kutevedzana, iyo mu zsh, kana vi-style mutsara editing mode ichishanda, inoita kuti rondedzero yekuwedzera mashandiro aitwe, ayo inogona kushandiswa kumhanyisa mirairo pasina kunyatsodzvanya Enter kiyi.
Kuti ubudirire kusazvibata, mushandisi anofanirwa kushandisa Zsh command shell ine command line edhita (vi-cmd-mode) inochinjirwa ku "vi" modhi, iyo isingawanzo shandiswa nekusarudzika mukugovera. Dambudziko zvakare hariratidzike kana xterm yaiswa kuti ibvumireWindowOps=false kana allowFontOps=false. Semuyenzaniso, marongero anobvumiraFontOps=manyepo akaiswa paOpenBSD, Debian, uye RHEL, asi haashandiswe nekusarudzika paArch Linux.
Zvichienderana neshanduko uye chirevo chemuongorori akaziva dambudziko, kusagadzikana kwakagadziriswa mukuburitswa kwexterm 375, asi zvinoenderana nemamwe masosi, kusazvibata kunoramba kuchizviratidza mu xterm 375 kubva kuArch Linux. Unogona kutarisa kuburitswa kwezvigadziriso nekugovera pamapeji aya: Debian, RHEL, Fedora, SUSE, Ubuntu, Arch Linux, OpenBSD, FreeBSD, NetBSD.
Source: opennet.ru