Uhlaziyo oluchanekileyo kwi-toolkit luyafumaneka ukwenza iiphakheji ze-Flatpak ezizimeleyo 1.14.4, 1.12.8, 1.10.8 kunye ne-1.15.4, ezilungisa ubuthathaka obubini:
- I-CVE-2023-28100 - ukukwazi ukukopa kunye nokufaka endaweni yombhalo kwi-virtual console input buffer ngokusebenzisa i-TIOCLINUX ioctl xa ufaka iphakheji ye-flatpak elungiselelwe ngumhlaseli. Umzekelo, ukuba sesichengeni kunokusetyenziselwa ukumisela imiyalelo engafanelekanga kwikhonsoli emva kokuba inkqubo yofakelo lwephakheji yomntu wesithathu igqityiwe. Ingxaki ibonakala kuphela kwi-classic virtual console (/dev/tty1, /dev/tty2, njl.) kwaye ayichaphazeli iiseshini kwi-xterm, gnome-terminal, Konsole kunye nezinye iitheminali zegraphical. Ubuthathaka abungqalanga kwiflatpak kwaye bunokusetyenziselwa ukuhlasela ezinye izicelo, umzekelo, ubuthathaka obufanayo ngaphambili obuvumele ukutshintshwa kweempawu ngojongano lweTIOCSTI ioctl lufunyenwe kwi/bin/sandbox kunye nesnap.
- I-CVE-2023-28101 -Kuyenzeka ukuba usebenzise ulandelelwano lokubaleka kuluhlu lweemvume kwimetadata yephakheji ukufihla ulwazi lwesiphumo sesiphelo malunga neemvume eziceliweyo ngexesha lofakelo okanye uhlaziyo lwephakheji ngojongano lomgca womyalelo. Abahlaseli banokusebenzisa obu buthathaka ukulahlekisa abasebenzisi malunga neziqinisekiso ezisetyenziswe kwiphakheji. Ii-GUIs zokufakela iipakethe zeFlatpak, ezifana ne-GNOME Software kunye ne-KDE Plasma Discover, azichatshazelwa ngulo mba.
umthombo: opennet.ru