xorg logo
Shanduro itsva ye X.Org Server 21.1.10 yakaburitswa mazuva mashoma apfuura uye kusunungurwa uku kwakanyorwa sekusunungurwa kwekugadzirisa pamwe chete ne xwayland 23.2.3 chikamu, kunyange zvazvo kushandiswa kwakatotanga kutamiswa neWayland, zvigadziriso zvinoramba zvichibudiswa nekuda kwekuchengetedzwa kwenguva refu mukati me X codebase. inotaurwa izvozvo Kusagadzikana kuviri kunotanga muna 2007 na2009.
Ikozvino kusachengeteka kwekuchengetedza muX.Org fzvakaonekwa neTrend Micro Zero Day chirongwa, iyo yakaita basa guru mukuwanikwa kwezvinhu zvakasiyana-siyana zvekuchengetedza muX.Org codebase nekufamba kwenguva.
Kusagadzikana kwekutanga kunogona kushandisirwa mukana wekuwedzera pane masisitimu uko X sevha iri kushanda semudzi, pamwe neyekure kodhi kuuraya mumaseti anoshandisa X11 musangano redirection pamusoro peSSH yekuwana.
Hunhu hutsva hutsva hweX.Org 21.1.10
Sezvambotaurwa pakutanga, kuburitswa uku ishanduro yekururamisa, saka shanduko chete dzakaitwa yaive yekuitwa kwemhinduro kumatambudziko anotevera:
- CVE-2023-6377 Buffer kufashukira muXKB bhatani rinobata:
Iyo buffer mafashama inoitika mune imwe chete XKB bhatani controller, pasina kufunga iyo chaiyo nhamba yemabhatani pachigadzirwa chitsva. Zviito zvebhatani zvinokonzeresa kunze-kwe-kumiganhu ndangariro kuverenga nekunyora. Izvi zvinogona kutungamira kune rombo renzvimbo kukwira kana sevha ichimhanya semudzi kana kure kure kodhi kuuraya (semuenzaniso x11 pamusoro ssh).
Kusagadzikana uku kunobvumira munhu anorwisa kuti aite zvisina tsarukano kodhi uye kuti aishandise, anorwisa anofanira kunyengedza sisitimu kuti ishandure zvinonzwisisika zvekushandisa zvisizvo, izvi zvinogona kuitwa semuenzaniso nekutumira chikumbiro chisina kurongeka kune X server. Nyaya iyi yave iripo kubva kuburitswa kwe xorg-server-1.6.0 muna 2009. - CVE-2023-6478 Integer kufashukira muRRChangeProviderProperty uye RRChangeOutputProperty:
Integer overflow inoitika mukodeti inogadzirisa zvikumbiro izvi uye nyaya yacho inokonzerwa nekushandiswa kwe32-bit integer muhukuru hwekuverenga shanduko, iyo inowanzofashukira pakugadzirisa zvikumbiro zvakakura.
Kusagadzikana uku kunobvumira munhu anorwisa kuti averenge data kubva kune imwe nzvimbo iri kunze kwebuffer kana kuburitsa ruzivo kubva mundangariro dzekugadzirisa. Kuti ishandise iyo, anorwisa anofanira kutumira zvakagadzirirwa RRChangeProviderProperty kana RRChangeOutputProperty zvikumbiro. Zvinonzi matambudziko ane hukama akaonekwa kubva pakaburitswa xorg-server-1.4.0 muna 2004 uye xorg-server-1.13.0 muna 2012.
Uyezve, tZvakakoshawo kutaura kuvandudzwa kwakaitwa muXwayland 23.2.3 paunenge uchimhanya mune yakazara skrini uye mhinduro yeRandR inobuda zita kubata.
- Yakawedzera xwl_output kumhando dzeXwayland
- Yakawedzera mubatsiri basa kuzorodza iyo yakazara skrini
- Yakagadziridzwa yakazara skrini hwindo kana uchichinja kubuda
- Ikozvino hapana kudzoreredza kana uchimhanya mune yakazara skrini
- Pakuunganidza ikozvino inobvumira tsika server kumisikidza dhairekitori
- Zita rekuburitsa Length inovandudzwa
- Zita chairo nehurefu zvave kushandiswa nekusingaperi
- randr: dzivirira truncation yakazara muProcRRChange * Chimiro chekutarisa kureba
- Xi: Govera zvakakwana maXkbActions emabhatani edu
Pakupedzisira, Kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo mu chinotevera chinongedzo. Pamusoro pezvo, vashandisi ve masisitimu anotambura vanokurudzirwa kuisa zvigadziriso zvekuchengetedza nekukurumidza sezvinobvira. Aya anogadziridza anogadzirisa kusasimba uye anoita kuti masisitimu ave akachengeteka.
Iwo anogadziridza atovepo mune yekugovera repositori, saka zvese zvaunofanirwa kuita kumhanyisa mirairo yako yekuvandudza mune terminal kuti uwane iyo vhezheni itsva. Kana vari avo vanounganidza zvakananga kubva kune kodhi kodhi, unogona kuwana iyo nyowanishanduro mune iyi link.