Ruzivo rwakaburitswa runosvika kusakwana kushanu mu libX11 uye libXpm maraibhurari akagadzirwa neiyo X.Org chirongwa. Nyaya dzakagadziriswa mu libXpm 3.5.17 uye libX11 1.8.7 kuburitswa. Kusagadzikana kutatu kwakaonekwa muraibhurari ye libx11, iyo inopa mabasa nemutengi kuita kweiyo X11 protocol:
- CVE-2023-43785 - Bhafa inofashukira mu libX11 kodhi inoitika kana ichigadzirisa mhinduro kubva kune X server ine akati wandei mavara asingaenderane nechikumbiro chakambotumirwa XkbGetMap. Kusagadzikana uku kunokonzerwa nebug mu X11R6.1 yanga iripo kubva 1996. Kusagadzikana kunogona kushandiswa kana chishandiso chinoshandisa libx11 chabatana neakaipa X server kana anorwisa-anodzorwa epakati proxy.
- CVE-2023-43786 - Stack kuneta nekuda kwekusingaperi kudzokororwa muPutSubImage () basa mu libX11, rinoitika kana uchigadzira data rakanyatso kurongeka mu XPM fomati. Kusagadzikana kwave kuripo kubva pakaburitswa X11R2 muna Kukadzi 1988.
- CVE-2023-43787 Kufashukira kwakazara muXCreateImage() basa mu libX11 rinotungamira kune murwi wekufashukira nekuda kwekukanganisa pakuverenga saizi isingaenderane nehukuru chaihwo hwedata. Iro dambudziko XCreateImage () basa rinodaidzwa kubva kuXpmReadFileToPixmap () basa, iro rinobvumira kushandiswa kwekusagadzikana paunenge uchigadzira faira rakagadzirirwa mune XPM fomati. Kusagadzikana kwave kuripo kubvira X11R2 (1988).
Pamusoro pezvo, kusasimba kuviri kwakaburitswa muraibhurari yeLibXpm (CVE-2023-43788 uye CVE-2023-43789), zvichikonzerwa nekugona kuverenga kubva kunzvimbo dziri kunze kwemiganhu yendangariro yakagoverwa. Matambudziko anoitika kana uchirodha mhinduro kubva kubhafa mundangariro uye kugadzirisa XPM faira ine mepu isiriyo yemuvara. Kusagadzikana kwese kuri kubva ku1998 uye kwakawanikwa kuburikidza nekushandiswa kwekurangarira kukanganisa kukanganisa uye maturusi ekuyedza maturusi AddressSanitizer uye libFuzzer.
X.org ine nhoroondo yekuchengetedza matambudziko, semakore gumi apfuura, pamakumi matatu Chaos Communication Congress (CCC), mharidzo yakaitwa nemuongorori wezvekuchengetedza Ilja van Sprundel yakapa hafu yemharidzo kumatambudziko muX.Org server, uye imwe hafu. hafu yekuchengetedza kwemaraibhurari evatengi eX30. Chirevo chaIlya, icho muna 11 chakaratidza kusakwana makumi matatu kunokanganisa maraibhurari akasiyana eX2013 evatengi, pamwe neMesa's DRI zvikamu, zvaisanganisira kutaura kwemanzwiro senge "GLX inotyisa demotivator! 30 mitsetse yekutyisa chaiko! uye βNdakawana zvikanganiso 11 mairi mumwedzi mishoma yapfuura, uye handisati ndapedza kuiongorora.β
Source: opennet.ru