isaziso sokuphepha se-libinput

Kutholakale ubuthakathaka obuningana kulabhulali ye-libinput:

  1. I-CVE-2026-35093: Ubungozi bokuhamba kwe-Sandbox kuma-plugin. Iphutha ku-plugin loader livumele ukulayishwa kwe-bytecode ehlanganiswe kusengaphambili, edlula ukuqinisekiswa kwesikhathi sokusebenza futhi ngaleyo ndlela ayifakwanga i-sandbox. Lokhu kudala indawo yokuhlasela engavumela i-plugin enonya ukuthi ithole ukufinyelela okungenamkhawulo ohlelweni, kuye ngamalungelo omsebenzisi.

  2. I-CVE-2026-35094: Ubungozi bokusetshenziswa ngaphandle kokusebenzisa okuholela ekuphuzeni ulwazi olubucayi. I-plugin ebiza umsebenzi we-Lua __gc() iyashiya "ukulenga" Isikhombisi egameni ledivayisi esingafakwa. Kuye ngenani elikuseli yememori, lokhu kungaholela ekudalulweni kolwazi olubucayi.

Ubuthakathaka buthinta konke ukusatshalaliswa ngenguqulo ye-libinput 1.30.0 kanye neyakamuva. Kodwa-ke, ukusebenzisa ama-plugin e-Lua kungenzeka kuphela uma umqambi ewalayisha. Okwamanje, Lokhu kusebenza ekuthungeni kwe-GNOME 50., I-KWin (git) ΠΈ I-Niri (git).
izimpande, ukushukuma, kanye nomfula akukwazi ukuhlaselwa kalula.

Ukusatshalaliswa kwe-Fedora 43 kanye ne-44 kusebenzisa inketho ethi -Dautoload-plugins, okubangela ukuthi ama-plugin alayishwe kungakhathaliseki ukuthi umqambi usekela ini. I-Arch, i-OpenSuSE, Ubuntu, Debian futhi i-NixOS ayinayo le nketho futhi/noma isebenzisa izinguqulo ezindala ze-libinput.

Izinguqulo ezithintekile: i-libinput 1.31.0, 1.30.[0-2]
Izinguqulo ezilungisiwe: i-libinput 1.31.1, 1.30.3

Source: linux.org.ru

Thenga ukusingathwa okuthembekile kwamasayithi anokuvikelwa kwe-DDoS, amaseva e-VPS VDS πŸ”₯ Thenga ukusingathwa kwewebhusayithi okuthembekile ngokuvikelwa kwe-DDoS, amaseva e-VPS VDS | ProHoster