Ubuthathaka obuninzi kwiseva ye-X.Org kunye ne-xwayland zilungisiwe 

Kwiintsuku ezininzi ezidlulileyo yabhengezwa iindaba zokukhutshwa kweenguqulelo ezintsha zolungiso lwe-X.Org Server kunye ne-xwaylan, eyasombulula iingxaki ezininzi ezibalulekileyo ezichongwe kula macandelo mabini.

Kwaye iinguqulelo ezintsha ukujongana nobuthathaka obunokuthi busetyenziswe ukunyusa amalungelo kwiindlela ezisebenzisa umncedisi we-X njengengcambu, kunye nokuphunyezwa kwekhowudi ekude kucwangciso elisebenzisa iseshoni ye-X11 yolawulo ngokutsha phezu kwe-SSH yonikezelo.

Imiba emininzi ifunyenwe kusetyenziso lweseva ye-X.Org X epapashiweyo nge-X.Org esikhulula kuyo izilungiso zokhuseleko kwi-xorg-server-21.1.9 kunye ne-xwayland-23.2.2.

Kufanelekile ukukhankanya ukuba iingxaki eziye zasonjululwa ngeenguqulelo ezintsha zokulungisa, Babekho ubuncinane iminyaka eli-11 (uthathela ingqalelo obona buthathaka bamva nje kuluhlu), ethi ibe yingxaki enkulu kwiSeva ye-X.Org, ukusukela ekuqaleni kuka-Okthobha ulwazi malunga nobuthathaka bokhuseleko olusukela ngo-1988 lwakhutshwa.

Kwinxalenye yeengxaki eziye zasonjululwa kwezi nguqulelo zilungileyo, Eyokuqala yobuthathaka yi-CVE-2023-5367 kwaye oku kulandelayo kukhankanyiwe:

• Obu bungozi ibangela ukuphuphuma kwesikhuseli kwimisebenzi XICchangeDeviceProperty kunye neRRChangeOutputProperty, enokuxhatshazwa ngokuncamathisela izinto ezongezelelweyo kwipropathi yesixhobo songeniso okanye ipropati ye-randr.
  Ukuba sesichengeni kuye kwaba ekhoyo ukususela ekukhululweni kwe-xorg-server 1.4.0 (2007) kwaye kubangelwa kukubala i-offset engachanekanga xa uncamathisela izinto ezongezelelweyo kwiipropati ezikhoyo, ezibangela ukuba izinto zongezwe kunye ne-offset engachanekanga, okukhokelela ekubhaleni kwindawo yememori ngaphandle kwe-buffer eyabelwe.
  Umzekelo, ukuba udibanisa iziqalelo ezi-3 kwiziqalelo ezi-5 ezikhoyo, inkumbulo iyakwabelwa uluhlu lwezinto ezisi-8, kodwa iziqalelo esele zikho ziyakugcinwa kuluhlu olutsha ukuqala kwisalathiso sesi-5 endaweni yesi-3, ibangela ukuba izinto ezimbini zokugqibela zibekho. ibhalwe ngaphandle kwemida.

La okwesibini kubuthathaka kwathethwa ngayo yile I-CVE-2023-5380 kwaye kukhankanywa ukuba:

• Ivumela ufikelelo kwimemori emva kwesimahla ekusebenzeni DestroyWindow. Kuyakhankanywa ukuba umba unokusetyenziswa ngokuhambisa isalathisi phakathi kwezikrini kuqwalaselo loqwalaselo oluninzi kwimo zaphod, apho iliso ngalinye lidala esalo isikrini, kwaye libiza ifestile yomxhasi ngokuvala umsebenzi.
  Ukuba sesichengeni ivele ukususela ekukhululweni kwe-xorg-server 1.7.0 (2009) kwaye ibangelwa yinto yokuba emva kokuvala ifestile kunye nokukhulula imemori ehambelana nayo, isalathisi esisebenzayo kwifestile yangaphambili sihlala kwisakhiwo esinika isikrini sokubopha. I-Xwayland ayichatshazelwa bubuthathaka obubuzwayo.

Okokugqibela kobuthathaka eyasonjululwa kwiinguqulelo ezintsha zokulungisa I-CVE-2023-5574 kwaye oku kuvumela:

• Ufikelelo lwememori emva kokukhululeka kumsebenzi weDamageDestroy. Ukuba sesichengeni kungasetyenziswa kumncedisi Xvfb ngexesha lenkqubo yokucoca isakhiwo ScreenRec ngexesha lokuvala umncedisi okanye uqhagamshelo lokugqibela lomxhasi. Njengobuthathaka obudlulileyo, Ingxaki ibonakala kuphela kwi-multi-monitor setups kwimo ye-Zaphod. Ukuba sesichengeni kuye kwabakho ukususela ekukhululweni kwe i-xorg-server-1.13.0 (2012) kwaye ihlala ingalungiswanga (ilungiswe kuphela njengesiziba).

Kwelinye icala, kukhankanyiwe ukuba ukongeza ekupheliseni ubuthathaka, xwayland 23.2.2 nayo yatshintshwa kwithala leencwadi. libbsd-ukwaleka kwi libbsd kwaye iyeke ukudibanisa ngokuzenzekelayo kwiNdawo yeRemoteDesktop yeXDG yojongano lweNdawo yokumisela isiseko esisetyenzisiweyo ukuthumela iziganeko zeXTest kumncedisi odibeneyo.

Uqhagamshelo oluzenzekelayo ludale iingxaki xa kuqhutywa i-Xwayland kwi-server edibeneyo edibeneyo, ngoko ke kuguqulelo olutsha, ukhetho "-enable-ei-portal" kufuneka lucaciswe ngokucacileyo ukudibanisa kwi-portal.

ekugqibeleni ukuba ukhona unomdla wokwazi ngakumbi ngayo, ungazijonga iinkcukacha kwi ukulandela ikhonkco.