| Summary: | <app-misc/screen-4.8.0: out of bounds access when setting w_xtermosc after OSC 49 (CVE-2020-9366) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | hlein, m68k, nobrowser, shell-tools, swegener |
| Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: | https://github.com/gentoo/gentoo/pull/14592 | ||
| Whiteboard: | B3 [glsa+ cve] | ||
| Package list: |
app-misc/screen-4.8.0
|
Runtime testing required: | --- |
(In reply to Jeroen Roovers from comment #0) > As last fix, fixes potential memory overwrite of quite big size (~768 > bytes), and even though I'm not sure about potential exploitability of > that issue, I highly recommend everyone to upgrade as soon as possible. As seen on oss-security@ this is regarded as a security bug fix release. CVE-2020-9366 has been assigned to this vulnerability. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c7652c1f375a096d86e4d13b17ae97327e7d3af6 commit c7652c1f375a096d86e4d13b17ae97327e7d3af6 Author: Hank Leininger <hlein@korelogic.com> AuthorDate: 2020-02-08 03:43:38 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-02-27 08:59:35 +0000 app-misc/screen: version bump (security fix); GLEP 81 Upstream released a fix for a memory overwrite; no CVE, but see referenced bug and https://lists.gnu.org/archive/html/screen-devel/2020-02/msg00007.html Also updated for GLEP 81. Changed ${EROOT%/} to ${EROOT}, because CI complained. Signed-off-by: Hank Leininger <hlein@korelogic.com> Bug: https://bugs.gentoo.org/708460 Package-Manager: Portage-2.3.84, Repoman-2.3.20 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> app-misc/screen/Manifest | 1 + app-misc/screen/screen-4.8.0.ebuild | 156 ++++++++++++++++++++++++++++++++++++ 2 files changed, 157 insertions(+) CVE: CVE-2020-9366 (In reply to sam_c - Security Padawan from comment #4) > CVE: CVE-2020-9366 Oops, didn't see it was already posted. Sorry. CVE-2020-9366 (https://nvd.nist.gov/vuln/detail/CVE-2020-9366): A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact. amd64 stable Note that in the weeks since the 4.8 bump, the screen developers have made another related fix: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=b14e76eb5d6be889d58e37e420384e59a74eddd6 They have not yet made a 4.8.1 release that includes that fix. sparc stable x86 stable s390 stable ppc64 stable ppc stable ia64 stable arm stable arm64 stable hppa stable GLSA Vote: No Please finish up your stabilization so we can cleanup SuperH port disbanded. Removing m64k from stabilization (~m68k in Keywords) GLSA Vote: Yes Maintainer(s), please drop the vulnerable version(s). The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=592e938b9fc207bb0e4cc44a9ef4e1c451dc316d commit 592e938b9fc207bb0e4cc44a9ef4e1c451dc316d Author: Patrice Clement <monsieurp@gentoo.org> AuthorDate: 2020-03-30 08:34:54 +0000 Commit: Patrice Clement <monsieurp@gentoo.org> CommitDate: 2020-03-30 08:35:23 +0000 app-misc/screen: remove vulnerable versions. Bug: https://bugs.gentoo.org/708460 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Patrice Clement <monsieurp@gentoo.org> app-misc/screen/Manifest | 3 - app-misc/screen/screen-4.6.1.ebuild | 161 --------------------------------- app-misc/screen/screen-4.6.2-r1.ebuild | 160 -------------------------------- app-misc/screen/screen-4.7.0.ebuild | 160 -------------------------------- 4 files changed, 484 deletions(-) Thanks all. This issue was resolved and addressed in GLSA 202003-62 at https://security.gentoo.org/glsa/202003-62 by GLSA coordinator Thomas Deutschmann (whissi). |
" This release * Improves startup time by only polling for already open files to close * Fixes: - Fix for segfault if termcap doesn't have Km entry - Make screen exit code be 0 when checking --version - Fix potential memory corruption when using OSC 49 As last fix, fixes potential memory overwrite of quite big size (~768 bytes), and even though I'm not sure about potential exploitability of that issue, I highly recommend everyone to upgrade as soon as possible. This issue is present at least since v.4.2.0 (haven't checked earlier). Thanks to pippin who brought this to my attention. For full list of changes see https://git.savannah.gnu.org/cgit/screen.git/log/?h=v.4.8.0 "