Ukukhishwa okulungisayo kwe-X.Org Server 21.1.4 kuyatholakala, okulungisa ubungozi obubili kuzibambi zesandiso se-Xkb, okukuvumela ukuthi uphakamise amalungelo akho kusistimu uma iseva ye-X isebenza njengempande, noma ukusebenzisa ikhodi kusistimu yesilawuli kude. uma ukuqondisa kabusha kweseshini kusetshenziselwa ukufinyelela i-X11 kusetshenziswa i-SSH. Ubungozi bubangelwa ukushoda kokuhlolwa kosayizi olungile ku-ProcXkbSetGeometry (CVE-2022-2319) kanye ne-ProcXkbSetDeviceInfo (CVE-2022-2320) izibambi zesicelo, ezingase zisetshenziswe ukuze kubhalelwe endaweni yenkumbulo ngaphandle kwemingcele yebhafa eyabiwe. .
Endabeni ye-ProcXkbSetGeometry, belingekho isheke losayizi wezinkambu zesicelo, elivumele iklayenti ukuthi libangele ukuchichima ngokucacisa inani lezigaba esicelweni ezingahambisani nedatha ethunyelwe ngempela. Kusibambi se-ProcXkbSetDeviceInfo, ukuba sengozini kubangelwa ukuhleleka okungalungile kwezingcingo zokusebenza - umsebenzi wokuhlola amapharamitha wabizwa ngemva komsebenzi lapho la mapharamitha asetshenziswe khona (amagama emisebenzi axutshwe futhi umsebenzi we-XkbSetDeviceInfo wawuhlanganisa nekhodi yokuhlola. , kanye ne-XkbSetDeviceInfoCheck - yokusetha amanani).
Source: opennet.ru