Ukukhishwa kwesiqephu se-libXpm 3.5.15, umtapo wolwazi othuthukiswe iphrojekthi ye-X.Org futhi esetshenziselwa ukucubungula amafayela e-XPM, kushicilelwe. Inguqulo entsha ilungisa ubungozi obuthathu, okubili kwakho (i-CVE-2022-46285 kanye ne-CVE-2022-44617) kuholela ku-deadlock lapho kusetshenzwa amafayela e-XPM aklanywe ngokukhethekile. Ukuba sengozini kwesithathu (CVE-2022-4883) kuvumela imiyalo engafanele ukuthi isetshenziswe lapho kusetshenziswa izinhlelo zokusebenza kusetshenziswa i-libXpm. Uma usebenzisa izinqubo ezinelungelo elihlobene ne-libXpm, njengezinhlelo ezinefulegi lempande ye-suid, ukuba sengozini kuvumela ukukhuphuka kwelungelo.
Ukuba sengozini kubangelwa indlela ethile i-libXpm ephatha ngayo amafayela e-XPM acindezelwe. Lapho kucutshungulwa amafayela e-XPM.Z noma e-XPM.gz, umtapo wolwazi usebenzisa i-execlp() ukuze uqalise izinsiza zangaphandle ze-uncompress (uncompress noma gunzip), indlela ebalwa ngokusekelwe kokuhluka kwemvelo kwe-PATH. Ukuhlasela kuhlanganisa ukubeka okusebenzisekayo kwe-uncompress noma i-gunzip kuhla lwemibhalo olufinyeleleka umsebenzisi olusohlwini lwe-PATH. Lokhu okusebenzisekayo kuzokwenziwa uma uhlelo lokusebenza olusebenzisa i-libXpm lwethulwa.
Ukuba sengozini kwalungiswa ngokushintsha ikholi ye-execlp kwafakwa i-execl, kusetshenziswa izindlela eziphelele eziya kuzinsiza. Ukwengeza, inketho yokwakha ethi "--disable-open-zfile" yengezwe ukukhubaza ukucutshungulwa kwamafayela acindezelwe kanye nocingo oluya ezinsizeni zokuvula zangaphandle.
Source: opennet.ru
