Kana dzikashandiswa, zvikanganiso izvi zvinogona kubvumira vanorwisa kuti vawane mukana usina mvumo kune ruzivo rwakadzama kana kuti kazhinji kukonzera matambudziko.
Mazuva anoverengeka apfuura zvakaziviswa nhau dzekuburitswa kweshanduro nyowani dzeX.Org Server uye xwaylan, iyo yakagadzirisa matambudziko akati wandei akaonekwa muzvikamu zviviri izvi.
Uye shanduro itsva kugadzirisa kusasimba kunogona kushandiswa kuwedzera kodzero pane masisitimu anomhanyisa X server semudzi, pamwe neyekure kodhi kuuraya pane setups anoshandisa X11 musangano redirection pamusoro peSSH yekuwana.
Nyaya dzakawanda dzakawanikwa mune yakaburitswa X.Org X server kuita neX.Org yatiri kusunungura zvigadziriso zvekuchengetedza mu xorg-server-21.1.9 uye xwayland-23.2.2.
Zvakakodzera kutaura kuti matambudziko akagadziriswa neshanduro itsva dzekugadzirisa, Vakanga varipo kweanenge makore gumi nerimwe (tichifunga nezvekusagadzikana kwazvino parunyorwa), rinova dambudziko rakakomba kuX.Org Server, kubvira pakutanga kwaGumiguru ruzivo rwezvekusagadzikana kwekuchengetedza kubva ku1988 rwakaburitswa.
Kune chikamu chematambudziko akagadziriswa mune idzi shanduro dzekugadzirisa, Yekutanga yekusagadzikana ndeye CVE-2023-5367 uye izvo zvinotevera zvakataurwa:
- Uku kunetseka inokonzeresa buffer kufashukira mumabasa XIChangeDeviceProperty uye RRChangeOutputProperty, iyo inogona kushandiswa nekubatanidza zvimwe zvinhu kune yekuisa mudziyo mudziyo kana iyo randr pfuma.
Kusagadzikana kwave kuri iripo kubva pakaburitswa xorg-server 1.4.0 (2007) uye zvinokonzereswa nekuverenga zvisizvo kumisa kana uchibatanidza zvimwe zvinhu kune zviripo, izvo zvinoita kuti zvinhu zviwedzerwe neiyo isiriyo offset, zvichikonzera kunyorera kunzvimbo yendangariro kunze kwebhafa yakagoverwa.
Semuyenzaniso, kana ukawedzera zvinhu zvitatu kuzvinhu zvishanu zviripo, chiyeuchidzo chichagoverwa nokuda kwezvikamu zvisere, asi zvinhu zvakambovapo zvichachengetwa mumutsara mutsva kutanga pa index 3 pachinzvimbo che 5, zvichiita kuti zvinhu zviviri zvekupedzisira zvive. yakanyorwa kunze kwemiganhu.
La chechipiri cheutera iyo yakataurwa ndeye CVE-2023-5380 uye izvo zvinonzi:
- Inobvumira kupinda mundangariro mushure memahara mukushanda DestroyWindow. Izvo zvinotaurwa kuti iyo nyaya inogona kushandiswa nekufambisa chinongedzo pakati pemasikirini mune akawanda-monitor zvigadziriso mumodhi zaphod, umo imwe neimwe yekutarisa inogadzira yayo skrini, uye kudaidza mutengi hwindo rekuvhara basa.
Kunetseka yakaonekwa kubva pakaburitswa xorg-server 1.7.0 (2009) uye inokonzerwa nekuti mushure mekuvhara hwindo uye kusunungura chiyeuchidzo chakabatana nacho, chinongedzo chinoshanda kuhwindo rekare chinoramba chiri muchimiro chinopa chinosunga chidzitiro. Xwayland haina kukanganiswa nekusagadzikana kuri mubvunzo.
Yekupedzisira yekusagadzikana iyo yakagadziriswa mushanduro itsva dzekugadzirisa ndizvo CVE-2023-5574 uye izvi zvinobvumira:
- Shandisa-mushure-yemahara ndangariro kupinda muDamageDestroy basa. Kusagadzikana kunogona kushandiswa pane server Xvfb panguva yekuchenesa maitiro ScreenRec panguva yekuvharwa kweseva kana kubviswa kwevatengi kwekupedzisira. Kufanana nekusagadzikana kwekare, Dambudziko rinongoonekwa mune akawanda-monitor setups muZaphod modhi. Kusagadzikana kwave kuripo kubva pakaburitswa xorg-server-1.13.0 (2012) uye inoramba isina kugadziriswa (inongogadziriswa sechigamba).
Nekune rimwe divi, zvinotaurwa kuti pamusoro pekubvisa kusakuvara, xwayland 23.2.2 yakashandurwa zvakare kubva muraibhurari. libbsd-overlay kune libbsd uye yakamira kubatanidza otomatiki kune RemoteDesktop XDG Desktop Portal interface kuona socket inoshandiswa kutumira XTest zviitiko kune inoumbwa sevha.
Kubatanidza otomatiki kwakagadzira matambudziko paunenge uchimhanyisa Xwayland pane yakavakirwa composite server, saka mushanduro nyowani, iyo "-enable-ei-portal" sarudzo inofanirwa kujekeswa kuti ibatanidze kune portal.
pakupedzisira kana uri kufarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo mu inotevera chinongedzo.