Ukhupho oluLungileyo lwe-X.Org Server 21.1.5 kunye ne-xwayland 22.1.6 zipapashiwe, icandelo le-DDX (IsiXhobo esiXhomekeke kwi-X) esenza ukuba kumiselwe i-X.Org Server ukuququzelela ukuphunyezwa kwezicelo ze-X11 kwiindawo ezise-Wayland. Iinguqulelo ezintsha zijongana nobuthathaka obu-6 obunokuthi busetyenziswe ngokunyuka kwamalungelo kwiinkqubo ezisebenzisa umncedisi we-X njengengcambu, kunye nokuphunyezwa kwekhowudi ekude kuqwalaselo osebenzisa i-X11 yolawulo ngokutsha ngeseshoni nge-SSH ukufikelela.
- I-CVE-2022-46340 -Istaki sokuphuphuma xa kusetyenzwa izicelo ze-XTestSwapFakeInput ngedatha enkulu kune-32 bytes egqithiselwe kwibala le-GenericEvents.
- I-CVE-2022-46341 Ufikelelo lwe-buffer olungaphandle kwemida lwenzeka xa kusetyenzwa izicelo ze-XIPassiveUngrab ezibizwa ngekhowudi enkulu okanye amaxabiso amaqhosha.
- I-CVE-2022-46342-ukufikelela emva kokungena kwimemori yasimahla ngokukhohlisa izicelo ze-XvdiSelectVideoNotify.
- I-CVE-2022-46343-usetyenziso-emva kokungena kwimemori yasimahla ngokukhohlisa izicelo zeScreenSaverSetAttributes.
- I-CVE-2022-46344 Ukufikelela kwidatha engaphandle kwemida xa kusetyenzwa izicelo ze-XICchangeProperty ngeeparamitha ezinkulu.
- I-CVE-2022-46283-usetyenziso-emva kokungena kwimemori yasimahla usebenzisa i-XkbGetKbdByName isicelo sokukhohlisa.
umthombo: opennet.ru