Izibuyekezo zamathuluzi okulungisa ziyatholakala ukuze udale amaphakheji e-Flatpak azimele 1.14.4, 1.12.8, 1.10.8 kanye no-1.15.4, alungisa ubungozi obubili:
- I-CVE-2023-28100 β ikhono lokukopisha nokunamathisela umbhalo kubhafa yokokufaka yekhonsoli ebonakalayo ngokukhohlisa i-TIOCLINUX ioctl lapho ufaka iphakheji ye-flatpak elungiselelwe umhlaseli. Isibonelo, ukuba sengozini kungase kusetshenziselwe ukuqalisa imiyalo engafanele kukhonsoli ngemva kokuqedwa kwenqubo yokufaka iphakheji yenkampani yangaphandle. Inkinga ivela kuphela kukhonsoli ebonakalayo yakudala (/dev/tty1, /dev/tty2, njll.) futhi ayithinti izikhathi ku-xterm, gnome-terminal, Konsole namanye amatheminali ezithombe. Ukuba sengozini akuqondile ku-flatpak futhi kungasetshenziswa ukuhlasela ezinye izinhlelo zokusebenza, isibonelo, ubungozi obufanayo ngaphambili obuvumele ukuguqulwa kohlamvu ngohlelo olubonakalayo lwe-TIOCSTI ioctl lutholwe ku-/bin/sandbox kanye ne-snap.
- I-CVE-2023-28101 - Kungenzeka ukusebenzisa ukulandelana kokuphunyuka ohlwini lwezimvume kumethadatha yephakeji ukufihla ulwazi oluphumayo lwetheminali mayelana nezimvume ezingeziwe eziceliwe ngesikhathi sokufakwa noma ukubuyekezwa kwephakheji ngesixhumi esibonakalayo somugqa womyalo. Abahlaseli bangasebenzisa lobu bungozi ukuze badukise abasebenzisi mayelana nemininingwane esetshenziswe kuphakheji. Ama-GUI okufaka amaphakheji e-Flatpak, njenge-GNOME Software kanye ne-KDE Plasma Discover, awathintwa yile nkinga.
Source: opennet.ru