Nuglaanta (CVE-2022-45063) ayaa lagu aqoonsaday kombaytarka terminal-ka xterm, kaas oo u oggolaanaya amarrada qolofka in la fuliyo marka dhawr nooc oo baxsad ah lagu farsameeyo terminalka. Weerar kiis kii ugu fududaa, waa ku filan inaad soo bandhigto waxa ku jira faylka si gaar ah loo qaabeeyey, tusaale ahaan, adoo isticmaalaya utility bisadaha, ama ku dheji xarriiqda sanduuqa. printf "\e]50;i \$(taabo /tmp/hack-like-its-1999)\a\e]50;?\a" > cve-2022-45063 bisad cve-2022-45063
Dhibaatadu waxay ka timid qalad ku saabsan maaraynta koodka 50 ee isku xigxiga baxsadka ah ee loo isticmaalo dejinta ama soo celinta xulashooyinka farta. Haddii farta la codsaday aanu jirin, hawlgalku waxa uu soo celinayaa magaca farta ee lagu sheegay codsiga. Si toos ah uma geli kartid jilayaasha kontoroolka magaca, laakiin xadhigga la soo celiyay waxaa lagu joojin karaa isku xigxiga "^ G", kaas oo ku jira zsh, marka habka tafatirka khadka vi-style uu firfircoon yahay, wuxuu keenaa hawlgalka ballaarinta liiska in la sameeyo, kaas oo awood u leh inuu sameeyo. loo isticmaalo in lagu socodsiiyo amarrada adoon si cad u cadaadin furaha Gelida.
Si aad si guul leh uga faa'iidaysato nuglaanshaha, isticmaaluhu waa inuu isticmaalaa qolofka taliska Zsh oo leh tifaftiraha khadka taliska (vi-cmd-mode) oo loo dejiyay qaabka "vi", kaas oo inta badan aan loo isticmaalin sida caadiga ah qaybinta. Dhibaatadu sidoo kale ma soo baxdo marka goobaha xterm ay ogolaadaanWindowOps=been ama allowFontOps=been la dajiyay. Tusaale ahaan, allowFontOps=been ayaa lagu dejiyay OpenBSD, Debian iyo RHEL, laakiin si caadi ah looguma dabaqo Arch Linux.
Marka la eego liiska isbeddelada iyo bayaanka cilmi-baadhaha ee aqoonsaday dhibaatada, nuglaanta waxaa lagu go'aamiyay xterm 375 sii deynta, laakiin sida laga soo xigtay ilo kale, nuglaanshadu waxay sii socotaa inay ka muuqato xterm 375 ee Arch Linux. Waxaad ula socon kartaa daabacaadda hagaajinta iyadoo loo qaybinayo boggagan: Debian, RHEL, Fedora, SUSE, Ubuntu, Arch Linux, OpenBSD, FreeBSD, NetBSD.
Source: opennet.ru