Kutshanje kubhengezwe ukukhutshwa koguqulelo olutsha lolungiso lwe-X.Org Server 21.1.11 kunye nalapho kwakhutshwa uguqulelo lwe-xwayland 23.2.4, oluqinisekisa ukusungulwa kwe-X.Org Server ukuququzelela ukuphunyezwa kwezicelo ze-X11 kwiindawo ezise-Wayland.
Kuyakhankanywa ukuba esona sizathu yokukhutshwa kolu guqulelo lutsha lwe-X.Org 21.1.11, yeyokuba ukuphunyezwa kwamabala ayimfuneko ukulungisa ubuthathaka obu-6, ezinye zazo zinokusetyenziselwa ukunyuswa kwamalungelo kwiinkqubo apho umncedisi we X asebenza njengengcambu, ngokunjalo nokuphunyezwa kwekhowudi ekude kucwangciso elisebenzisa iseshoni ye-X11 yolwalathiso lolawulo ngokutsha phezu kwe-SSH yofikelelo.
Iinkcukacha zobuthathaka
I-CVE-2023-6816: Ukuphuphuma kwe-Buffer kwi-DeviceFocusEvent kunye ne-ProcXIQueryPointer
Lo mbandela wokhuseleko, ochongwe njenge-CVE-2023-6816, umba uye wabonakala ukususela ekukhululweni kwe-xorg-server-1.13 (0). Ukuphuphuma kwesithinteli kwenzeka xa kugqithiselwa uluhlu olungasebenziyo lwesalathiso ukuya DeviceFocusEvent okanye ProcXIQueryPointer. Ukuba sesichengeni kunokubangela ukuphuphuma ngenxa yokungonelanga kolwabiwo lwendawo yamaqhosha esixhobo.
I-CVE-2024-0229: Ngaphandle kwemida ukufikelela kwimemori xa uphinda uqhagamshela kwisixhobo esinobuchule esahlukileyo.
Ukuba sesichengeni ICVE-2024-0229, ibivela ukususela ekukhutshweni kwe-xorg-server-1.1.1 (2006) kunye kwenzeka ngenxa yokubhalwa kwesikhuseli esingaphandle kwemida ngokunxulumanisa nesinye isixhobo esiyintloko kuqwalaselo apho isixhobo sineqhosha kunye nezinto ezingundoqo zegalelo leklasi, kunye nenani lamaqhosha (numButtons parameter) imiselwe ku-0.
I-CVE-2024-21885: Ukuphuphuma kwe-Buffer kwi-XISendDeviceHierarchyEvent
Ukuba sesichengeni ICVE-2024-21885, ibi evelayo ukusukela ku-xorg-server-1.10.0 ukukhutshwa (2010) kunye kunokubangela ukuphuphuma kwesithinteli ngenxa yokungonelanga kolwabiwo lwendawo XISendDeviceHierarchyEvent xa isixhobo esine-ID enikiweyo sisusiwe kwaye isixhobo esine-ID efanayo yongezwa kwisicelo esifanayo.
Ukuba semngciphekweni kukhankanywa ukuba kungenxa yokuba ngexesha lokusebenza kabini kwisazisi, iimeko ezimbini zesakhiwo zibhaliwe. xXIHierarchyInfo ngaxeshanye, ngelixa umsebenzi XISendDeviceHierarchyEvent yabela inkumbulo ngokomzekelo.
I-CVE-2024-21886: Ukuphuphuma kwe-Buffer kwi-DisableDevice
Ukuba sesichengeni ICVE-2024-21886, ibivela ukususela ekukhutshweni kwe-xorg-server-1.13.0 (2012) kunye ivumela ukuphuphuma kwebuffer kumsebenzi weDisableDevice okwenzekayo xa isixhobo esiyintloko sivaliwe ngelixa izixhobo zamakhoboka sele zivaliwe. Ukuba sesichengeni kungenxa yobalo olungachanekanga lobungakanani besakhiwo ukugcina uluhlu lwezixhobo.
I-CVE-2024-0409: Urhwaphilizo lomxholo we-SELinux
Ukuba sesichengeni I-CVE-2024-0409, efunyenwe kwi-xorg-server-1.16.0, iziphumo kurhwaphilizo kumxholo we-SELinux ngenxa yokusetyenziswa ngendlela engafanelekanga "yabucala" indlela yokugcina idatha eyongezelelweyo.
I-Xserver isebenzisa indlela kwizinto zayo, imfihlo nganye ino "uhlobo" olunxulumene nayo. Nganye "yabucala" yabelwe ubungakanani obufanelekileyo bememori obubhengezwa ngexesha lokudala. Ulwakhiwo lwekhesa kwi-Xserver lude lube nezitshixo ezibini, esinye sesakhesa ngokwaso kunye nesinye sezasuntswana ezibumba ikhesa. I-XSELINUX ikwasebenzisa izitshixo zabucala, kodwa yinto encinci yemeko ekhethekileyo kuba isebenzisa izitshixo ezifanayo kuzo zonke izinto ezahlukeneyo.
Kwenzeka ntoni apha kukuba ikhowudi yekhesa kuzo zombini i-Xephyr kunye ne-Xwayland isebenzisa uhlobo olungalunganga lwe "yabucala" ekudaleni, isebenzisa i-bittype yekhesa kunye nekhesa yabucala, kwaye ekuqaliseni ikhesa, ibhala ngaphezulu umxholo we-XSELINUX.
I-CVE-2024-0408: I-SELinux GLX PBuffer engabhalwanga
Ukuba sesichengeni I-CVE-2024-0408, ekhoyo kwi-xorg-server-1.10.0 (2010), ivumela oovimba X ukuba bahlale bengaphawulwanga, nto leyo enokukhokelela ekunyukeni kwamalungelo asekuhlaleni. Ikhowudi ye-XSELINUX kumncedisi we-X iithegi ze-X izixhobo ezisekwe kwikhonkco.
Kwenzeka ntoni apha kukuba ikhowudi ye-GLX PBuffer ayibizi ihuku ye-XACE xa isenza isithinteli, ngoko ihlala ingabhalwanga, kwaye xa umxhasi ekhupha esinye isicelo sokufikelela kweso sixhobo okanye naxa esenza omnye uvimba kufuneka afikelele kweso sithintelo. , ikhowudi ye-XSELINUX iza kuzama ukusebenzisa into engazange imakwe kwaye ayiphumeleli kuba i-SID AYI-NULL.
Kufanelekile ukukhankanya ukuba le nguqulo entsha yokulungisa sele ikhona kuninzi lweendawo zokugcina ezingundoqo zonikezelo lweLinux kwaye ke isincomo senziwe ukuhlaziya uguqulelo olutsha ngokukhawuleza.
ekugqibeleni ukuba ukhona unomdla wokwazi ngakumbi ngayo, ungazijonga iinkcukacha kwi ukulandela ikhonkco.