X.Org 21.1.11 ya zo tare da ƙayyadaddun lahani 6

x.org

Tambarin X.org

Kwanan nan aka sanar saki sabon sigar gyara na X.Org Server 21.1.11 kuma tare da wanda aka saki sigar xwayland 23.2.4, wanda ke tabbatar da ƙaddamar da X.Org Server don tsara aiwatar da aikace-aikacen X11 a cikin wuraren da ke tushen Wayland.

An ambata cewa babban dalili na fitowar wannan sabon sigar X.Org 21.1.11, don aiwatar da facin da ake buƙata don gyara ɓarna 6, wasu daga cikinsu za a iya amfani da su don haɓaka gata akan tsarin da uwar garken X ke gudana azaman tushen, da kuma don aiwatar da lambar nesa a cikin saiti waɗanda ke amfani da jujjuyawar zaman X11 akan SSH don samun dama.

Bayanan raunin rauni

CVE-2023-6816: Buffer ambaliya a cikin DeviceFocusEvent da ProcXIQueryPointer

Wannan batun tsaro, wanda aka bayyana da CVE-2023-6816, batun ya bayyana tun lokacin da aka saki xorg-server-1.13 (0). Matsakaicin buffer yana faruwa lokacin da aka wuce ma'anar tsararru mara inganci zuwa DeviceFocusEvent ko ProcXIQueryPointer. Lalacewar na iya haifar da ambaliya saboda rashin isasshen sarari ga maɓallan na'urar.

CVE-2024-0229: Ƙwararren damar damar ƙwaƙwalwar ajiya lokacin da ake sake haɗawa zuwa na'ura mai mahimmanci daban-daban

Ularfafawa CVE-2024-0229, ya kasance yana bayyana tun lokacin da aka saki xorg-server-1.1.1 (2006) y yana faruwa saboda rubutaccen buffer na waje ta hanyar haɗawa da wata na'ura mai mahimmanci a cikin tsari inda na'urar ke da maɓalli da maɓalli da abubuwan shigar da ajin, kuma an saita adadin maɓalli (parameter numButtons) zuwa 0.

CVE-2024-21885: Buffer ya cika a cikin XISendDeviceHierarchyEvent

Ularfafawa CVE-2024-21885, ya kasance yana bayyana tun daga sakin xorg-server-1.10.0 (2010) y na iya haifar da cikar buffer saboda rashin isasshen sarari kasafi akan XISendNa'uraHierarchyEv lokacin da aka cire na'urar da aka ba da ID kuma an ƙara na'urar mai ID iri ɗaya a cikin buƙatun iri ɗaya.

An ambaci raunin da ya faru saboda gaskiyar cewa yayin aiki sau biyu don ganowa, an rubuta misalai biyu na tsarin. xXIHierarchyInfo a lokaci guda, yayin aikin XISendNa'uraHierarchyEv yana ba da ƙwaƙwalwar ajiya ga misali.

CVE-2024-21886: Buffer ya mamaye Na'urar Disable

Ularfafawa CVE-2024-21886, ya kasance yana bayyana tun lokacin da aka saki xorg-server-1.13.0 (2012) y yana ba da damar buffer ambaliya a cikin aikin DisableDevice wanda ke faruwa a lokacin da babbar na'ura ta nakasa yayin da na'urorin bayi suka riga sun lalace. Rashin lahani shine saboda lissafin da ba daidai ba na girman tsarin don adana jerin na'urori.

CVE-2024-0409: SELinux mahallin cin hanci da rashawa

Ularfafawa CVE-2024-0409, wanda aka gano a xorg-server-1.16.0, yana haifar da cin hanci da rashawa na mahallin SELinux saboda rashin amfani da tsarin "masu zaman kansu" don adana ƙarin bayanai.

Xserver yana amfani da tsarin a cikin abubuwansa, kowane mai zaman kansa yana da "nau'i" da ke hade da shi. Kowane "mai zaman kansa" an keɓe shi don daidaitaccen girman ƙwaƙwalwar ajiya wanda aka ayyana a lokacin halitta. Tsarin siginan kwamfuta a cikin Xserver har ma yana da maɓallai biyu, ɗaya don siginan kwamfuta da kansa kuma wani don raƙuman da ke siginar siginar. XSELINUX kuma yana amfani da maɓallai masu zaman kansu, amma ɗan ƙaramin lamari ne na musamman saboda yana amfani da maɓallai iri ɗaya don duk abubuwa daban-daban.

Abin da ke faruwa a nan shi ne cewa lambar siginar a duka Xephyr da Xwayland suna amfani da nau'in "mai zaman kansa" mara kyau akan halitta, yana amfani da siginan kwamfuta bittype tare da siginan kwamfuta na sirri, kuma lokacin fara siginan kwamfuta, ya sake rubuta mahallin XSELINUX.

CVE-2024-0408: SELinux GLX PBuffer mara amfani

Ularfafawa CVE-2024-0408, yanzu a xorg-uwar garken-1.10.0 (2010), yana ba da damar albarkatun X su ci gaba da kasancewa ba su da alama, wanda zai iya haifar da haɓaka gata na gida. Lambar XSELINUX akan uwar garken X suna alamar albarkatun X bisa hanyar haɗi.

Abin da ke faruwa a nan shi ne lambar GLX PBuffer ba ta kiran ƙugiya XACE lokacin da ya ƙirƙiri buffer, don haka ya kasance ba tare da alama ba, kuma lokacin da abokin ciniki ya ba da wata bukata don samun damar wannan albarkatun ko ma lokacin da ya ƙirƙiri wani hanya yana buƙatar samun dama ga wannan buffer. , Lambar XSELINUX za ta yi ƙoƙarin yin amfani da wani abu wanda ba a taɓa yin alama ba kuma ya kasa saboda SID NULL.

Yana da daraja ambaton cewa wannan sabon gyara version yana samuwa a cikin mafi yawan ma'ajiya na babban rarraba Linux sabili da haka ana ba da shawarar sabunta zuwa sabon sigar da wuri-wuri.

a karshe idan kun kasance sha'awar ƙarin sani game da shi, zaku iya bincika cikakkun bayanai a cikin bin hanyar haɗi.


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.