Ilabhulali ye-libinput 1.20.1, ehlinzeka ngesitaki sokufaka esihlanganisiwe esikuvumela ukuthi usebenzise izindlela ezifanayo zokucubungula imicimbi kusuka kumadivayisi okokufaka ezindaweni ezisuselwe ku-Wayland ne-X.Org, isuse ubungozi (CVE-2022-1215), obususile. ikuvumela ukuthi uhlele ukusetshenziswa kwekhodi yakho lapho uxhuma idivayisi yokufaka elungiswe ngokukhethekile/efanisiwe ohlelweni. Inkinga izibonakalisa ezindaweni ezisekelwe ku-X.Org ne-Wayland, futhi ingasetshenziswa kokubili lapho kuxhunywa amadivaysi endaweni nalapho kwenziwa amadivaysi anokuxhumana kwe-Bluetooth. Uma iseva ye-X isebenza njengempande, ukuba sengozini kuvumela ikhodi ukuthi isetshenziswe ngamalungelo aphakeme.
Inkinga ibangelwa iphutha lokufometha komugqa kukhodi enesibopho sokukhiphela ulwazi lokuxhumana kwedivayisi kulogi. Ikakhulukazi, umsebenzi we-evdev_log_msg, usebenzisa ikholi eya ku-snprintf, uguqule iyunithi yezinhlamvu yefomethi yoqobo yokungena kwelogi, lapho igama ledivayisi lengezwe khona njengesiqalo. Okulandelayo, iyunithi yezinhlamvu eguquliwe yadluliselwa kumsebenzi we-log_msg_va, owasebenzisa umsebenzi we-printf. Ngakho, ukungqubuzana kokuqala kwe-printf, okusetshenziswe kufomethi yokuhlaziya uhlamvu, kuqukethe idatha yangaphandle engaqinisekisiwe, futhi umhlaseli angaqalisa ukonakala kwesitaki ngokubangela idivayisi ukuthi ibuyisele igama eliqukethe izinhlamvu zefomethi yeyunithi yezinhlamvu (ngokwesibonelo, "Evil %s") .
Source: opennet.ru