X.org chiratidzo
Yakaziviswa nguva pfupi yapfuura kuburitswa kweshanduro itsva yekugadzirisa yeX.Org Server 21.1.11 uye pamwe chete neiyo vhezheni ye xwayland 23.2.4 yakaburitswawo, izvo zvinoita kuti pave nekuparurwa kweX.Org Server kuronga kuitwa kweX11 application munzvimbo dzeWayland-based.
Izvo zvinotaurwa kuti chikonzero chikuru yekuburitswa kweiyi vhezheni itsva yeX.Org 21.1.11, ndeye kushandiswa kwezvigamba zvakakosha kugadzirisa 6 vulnerabilities, mamwe acho anogona kushandisirwa rombo rekuwedzera pane masisitimu ayo X server iri kushanda semudzi, pamwe neyekure kodhi kuuraya mumaseti anoshandisa X11 sesheni redirection pamusoro peSSH yekuwana.
Mashoko ekusagadzikana
CVE-2023-6816: Buffer kufashukira muDeviceFocusEvent uye ProcXIQueryPointer
Iyi nyaya yekuchengetedza, yakaonekwa seCVE-2023-6816, nyaya yacho yave pachena kubva pakaburitswa xorg-server-1.13 (0). Kufashukira kweBuffer kunoitika kana uchipfuudza indekisi isiriyo yearray kuenda DeviceFocusEvent kana ProcXIQueryPointer. Kusagadzikana kunogona kukonzera kufashukira nekuda kwekusakwana nzvimbo yekugovaniswa kwemabhatani emudziyo.
CVE-2024-0229: Kunze kwemiganhu yekuwana ndangariro paunenge uchibatanidza kune imwe tenzi mudziyo
Kunetseka CVE-2024-0229, yave kuoneka kubva pakaburitswa xorg-server-1.1.1 (2006) uye kunoitika nekuda kwekubuda-kwe-mabhafa kunyora nekubatanidza kune imwe tenzi mudziyo mukumisikidzwa uko mudziyo une bhatani uye kiyi yekirasi yekupinza zvinhu, uye nhamba yemabhatani (numButtons parameter) yakaiswa ku0.
CVE-2024-21885: Buffer kufashukira muXISendDeviceHierarchyEvent
Kunetseka CVE-2024-21885, zvanga zva kuoneka kubvira xorg-server-1.10.0 kuburitswa (2010) uye zvinogona kukonzera kuti buffer ifashuke nekuda kwekusakwana kwekugoverwa kwenzvimbo XISendDeviceHierarchyEvent kana mudziyo une ID yakapihwa ukabviswa uye mudziyo une ID imwechete unowedzerwa muchikumbiro chimwe chete.
Kusagadzikana kunonzi kunokonzerwa nekuti panguva yekushanda kaviri kwechiziviso, zviitiko zviviri zvechimiro zvinonyorwa. xXIHierarchyInfo panguva imwe chete, apo basa XISendDeviceHierarchyEvent inopa ndangariro semuenzaniso.
CVE-2024-21886: Buffer Kufashukira muDisableDevice
Kunetseka CVE-2024-21886, yave kuoneka kubva pakaburitswa xorg-server-1.13.0 (2012) uye inobvumira buffer kufashukira muDisableDevice basa iyo inoitika kana chigadziriso chakadzimwa nepo michina yevaranda yakatovharwa. Kusagadzikana kunokonzerwa nekuverenga kusiri iko kwehukuru hwechimiro chekuchengetedza rondedzero yemidziyo.
CVE-2024-0409: SELinux mamiriro ehuori
Kunetseka CVE-2024-0409, yakawanikwa mu xorg-server-1.16.0, inokonzeresa huwori hweSELinux mamiriro nekuda kwekushandisa zvisirizvo kweiyo "yakavanzika" nzira yekuchengetedza imwe data.
Xserver inoshandisa mashini muzvinhu zvayo, yega yega ine "mhando" yakabatana nayo. Imwe neimwe "yakavanzika" yakagoverwa kune yakakodzera saizi yekurangarira iyo inoziviswa panguva yekusika. Iyo cursor chimiro muXserver inotova nemakiyi maviri, imwe yecursor pachayo uye imwe yemabheti anoumba chitubu. XSELINUX inoshandisawo makiyi akavanzika, asi idiki yenyaya yakakosha nekuti inoshandisa makiyi akafanana kune ese akasiyana zvinhu.
Chii chinoitika pano ndechekuti iyo cursor kodhi mune zvese Xephyr uye
CVE-2024-0408: Untagged SELinux GLX PBuffer
Kunetseka CVE-2024-0408, iripo mu xorg-server-1.10.0 (2010), inobvumira zviwanikwa X kuti zvirambe zvisina kunyorwa, izvo zvinogona kukonzera rombo renzvimbo kuwedzera. Iyo XSELINUX kodhi paX server tags X zviwanikwa zvinoenderana nekubatanidza.
Chii chinoitika pano ndechekuti iyo GLX PBuffer kodhi haidaidze XACE hoko kana ichigadzira iyo buffer, saka inoramba isina kunyorwa, uye kana mutengi akapa chimwe chikumbiro chekuwana iyo sosi kana kunyangwe ichigadzira imwe sosi inoda kuwana iyo buffer. , kodhi yeXSELINUX ichaedza kushandisa chinhu chisina kumbobvira chaiswa uye chinotadza nekuti SID is NULL.
Zvakakodzera kutaura kuti iyi nyowani yekururamisa vhezheni yatowanikwa mumazhinji ezvinyorwa zvekugovera kukuru kweLinux uye nekudaro kurudziro inoitwa kuti ivandudze kushanduro itsva nekukurumidza.
pakupedzisira kana uri kufarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo mu inotevera chinongedzo.