Ukukhishwa okulungile kwe-X.Org Server 21.1.9 kanye nengxenye ye-DDX (Device-Dependent X) xwayland 22.2.2 kushicilelwe, okuqinisekisa ukwethulwa Kweseva ye-X.Org yokuhlela ukusetshenziswa kwezinhlelo zokusebenza ze-X11 ezindaweni ezisekelwe e-Wayland. Izinguqulo ezintsha zikhuluma ngobungozi obungase busetshenziswe ngokuphakama kwelungelo kumasistimu asebenzisa iseva ye-X njengempande, kanye nokwenziwa kwekhodi yesilawuli kude ekulungiselelweni okusebenzisa ukuqondisa kabusha kweseshini ye-X11 nge-SSH ukuze kufinyelelwe.
Izinkinga ezikhonjiwe:
- I-CVE-2023-5367 - Ukuchichima kwebhafa kumisebenzi ye-XICangeDeviceProperty kanye ne-RRChangeOutputProperty, engaxhashazwa ngokunamathisela izinto ezengeziwe endaweni yedivayisi yokufaka noma impahla ye-randr. Ubungozi bulokhu bukhona kusukela kwakhululwa i-xorg-server 1.4.0 (2007) futhi kubangelwa ukubalwa kwe-offset engalungile lapho kunamathiselwa izici ezengeziwe kuzakhiwo ezikhona, okubangela ukuthi izici zengezwe ngendlela engalungile, okuholela ekubhalweni. endaweni yenkumbulo ngaphandle kwebhafa eyabelwe. Isibonelo, uma wenezela ama-elementi angu-3 kuma-elementi angu-5 akhona, inkumbulo izokwabelwa uhlu lwama-elementi angu-8, kodwa izici ezikhona ngaphambilini zizogcinwa kuhlelo olusha oluqala kunkomba 5 kuno-3, okubangela izici ezimbili zokugcina. ukubhalwa ngaphandle kwemingcele.
- I-CVE-2023-5380 - ukufinyelela kwememori yokusebenzisa ngemva kwamahhala kumsebenzi we-DestroyWindow. Inkinga ingasetshenziswa ngokuhambisa i-pointer phakathi kwezikrini ekucushweni kwe-multi-monitor kumodi ye-zaphod, lapho umqaphi ngamunye enza isikrini sakhe, futhi abize umsebenzi wokuvala iwindi leklayenti. Ukuba sengozini kuvele kusukela kwakhululwa i-xorg-server 1.7.0 (2009) futhi kubangelwa ukuthi ngemva kokuvala iwindi nokukhulula inkumbulo ehlobene nalo, isikhombisi esisebenzayo efasiteleni langaphambili sihlala esakhiweni esihlinzeka ngesikrini. ukubopha. I-Xwayland ayithinteki ukuba sengozini okukhulunywa ngakho.
- I-CVE-2023-5574 - ukufinyelela kwememori yokusebenzisa ngemva kwamahhala kumsebenzi we-DamageDestroy. Ukuba sengozini kungase kusetshenziswe kuseva ye-Xvfb phakathi nenqubo yokusula isakhiwo se-ScreenRec phakathi nokuvalwa kweseva noma ukunqanyulwa kweklayenti lokugcina. Njengokuba sengcupheni kwangaphambilini, inkinga ibonakala kuphela ekucushweni kokuqapha okuningi kumodi ye-Zaphod. Ukuba sengozini bekukhona kusukela kwakhululwa i-xorg-server-1.13.0 (2012) futhi kuhlala kungalungisiwe (kulungiswe kuphela ngendlela yesichibi).
Ngaphezu kokuqeda ubungozi, i-xwayland 23.2.2 iphinde yashintsha isuka kulabhulali ye-libbsd-imbondela yaya ku-libbsd futhi yayeka ukuxhuma ngokuzenzakalelayo kusixhumi esibonakalayo Sephothali Yedeskithophu ye-RemoteDesktop XDG ukuze kunqunywe isokhethi elisetshenziselwa ukuthumela imicimbi ye-XTest kuseva eyinhlanganisela. Uxhumano oluzenzakalelayo ludale izinkinga lapho kusetshenziswa i-Xwayland kuseva eyinhlanganisela esidleke, ngakho enguqulweni entsha, inketho ethi β-vula-ei-portalβ kufanele icaciswe ngokucacile ukuze uxhume kuphothali.
Source: opennet.ru