Ilayibrari ye-libinput ye-1.20.1, enika i-input input stack evumela ukuba usebenzise iindlela ezifanayo zokucwangcisa iziganeko ezivela kwizixhobo zokufakelwa kwiindawo ezisekelwe kwi-Wayland kunye ne-X.Org, ikhuphe ubuthathaka (CVE-2022-1215), obuphelisa ubuthathaka. ikuvumela ukuba uququzelele ukuphunyezwa kwekhowudi yakho xa uqhagamshela isixhobo songeniso esilungisiweyo esilungiselelwe ngokukodwa kwisixokelelwano. Ingxaki izibonakalisa kwiimeko ezisekelwe kwi-X.Org kunye ne-Wayland, kwaye ingasetyenziselwa zombini xa udibanisa izixhobo zendawo kwaye xa uqhuba izixhobo ezine-interface yeBluetooth. Ukuba umncedisi we X usebenza njengengcambu, ubuthathaka buvumela ikhowudi ukuba iphunyezwe ngamalungelo aphezulu.
Ingxaki ibangelwa yimpazamo yokufomatha umgca kwikhowudi enoxanduva lokukhupha ulwazi loqhagamshelwano lwesixhobo kwilog. Ngokukodwa, umsebenzi we-evdev_log_msg, usebenzisa umnxeba kwi-snprintf, utshintshe umtya wefomathi yoqobo yokungena kwelogi, apho igama lesixhobo longezwa njengesiqalo. Okulandelayo, umtya olungisiweyo wagqithiselwa kwilog_msg_va umsebenzi, owathi wasebenzisa umsebenzi weprintf. Ngoko ke, impikiswano yokuqala kuprintf, apho kwasetyenziswa ulwahlulo loonobumba befomati, iqulathe idatha yangaphandle engaqinisekanga, kwaye umhlaseli angaqalisa urhwaphilizo lwemfumba ngokubangela isixhobo ukuba sibuyisele igama eliqulathe abalinganiswa abafomathayo (umzekelo, "Evil %s") .
umthombo: opennet.ru
