Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 769839 (CVE-2021-27135) - <x11-terms/xterm-366: Crash on crafted string (CVE-2021-27135)
Summary: <x11-terms/xterm-366: Crash on crafted string (CVE-2021-27135)
Status: RESOLVED FIXED
Alias: CVE-2021-27135
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://www.openwall.com/lists/oss-se...
Whiteboard: B3 [glsa+]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-02-10 02:36 UTC by Sam James
Modified: 2022-08-14 00:14 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-10 02:36:53 UTC
Similar to the screen bug (linked) but hits xterm too. Upstream have acknowledged and will patch tomorrow.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-11 05:49:33 UTC
Fixed in 366.

"correct a compiler-warning fix in patch #352 which allowed sign-extension of coordinate values (report by "CismonX").
correct upper-limit for selection buffer, accounting for combining characters (report/testcase by Tavis Ormandy).
with alwaysHighlight true, xterm does not properly track focus. The screen->select FOCUS flag remains always on, which prevents bellIsUrgent from working, as the urgent WM_HINT flag is only set in setXUrgency() when the window is not focused. Fix this by updating screen->select in unselectwindow() regardless of the value of always_highlight (patch by Jiri Bohac).
improve fix for interaction between SRM and ENQ (report by Grant Taylor).
build-fix for --with-Xaw3dxft, needed when --with-toolbar is omitted (report by Jimmy Olgeni, Emanuel Haupt)."
Comment 2 Larry the Git Cow gentoo-dev 2021-02-11 05:57:12 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bc66fb100f851ddfcbf963930b65d42a63e3e17f

commit bc66fb100f851ddfcbf963930b65d42a63e3e17f
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-02-11 05:56:46 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-02-11 05:56:46 +0000

    x11-terms/xterm: (security) bump to 366
    
    Bug: https://bugs.gentoo.org/769839
    Package-Manager: Portage-3.0.14, Repoman-3.0.2
    Signed-off-by: Sam James <sam@gentoo.org>

 x11-terms/xterm/Manifest         |  1 +
 x11-terms/xterm/xterm-366.ebuild | 99 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 100 insertions(+)
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-12 22:15:49 UTC
x86 done
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-13 01:30:42 UTC
sparc done
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-13 01:31:17 UTC
ppc64 done
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-13 01:32:04 UTC
amd64 done
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-14 02:12:28 UTC
ppc done
Comment 8 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-14 19:45:06 UTC
arm64 done
Comment 9 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-15 08:39:22 UTC
arm done

all arches done
Comment 10 Larry the Git Cow gentoo-dev 2021-04-25 20:07:53 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26c410b52baebe770ba3074977ffa01b4047a319

commit 26c410b52baebe770ba3074977ffa01b4047a319
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-04-25 19:49:06 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-04-25 20:07:37 +0000

    x11-terms/xterm: drop 351, 363, 365 (security cleanup)
    
    Bug: https://bugs.gentoo.org/769839
    Signed-off-by: Sam James <sam@gentoo.org>

 x11-terms/xterm/Manifest         |  3 --
 x11-terms/xterm/xterm-351.ebuild | 99 ----------------------------------------
 x11-terms/xterm/xterm-363.ebuild | 99 ----------------------------------------
 x11-terms/xterm/xterm-365.ebuild | 99 ----------------------------------------
 4 files changed, 300 deletions(-)
Comment 11 NATTkA bot gentoo-dev 2021-07-29 17:24:10 UTC Comment hidden (obsolete)
Comment 12 NATTkA bot gentoo-dev 2021-07-29 17:32:36 UTC Comment hidden (obsolete)
Comment 13 NATTkA bot gentoo-dev 2021-07-29 17:40:30 UTC Comment hidden (obsolete)
Comment 14 NATTkA bot gentoo-dev 2021-07-29 17:48:40 UTC Comment hidden (obsolete)
Comment 15 NATTkA bot gentoo-dev 2021-07-29 18:04:36 UTC Comment hidden (obsolete)
Comment 16 NATTkA bot gentoo-dev 2021-07-29 18:12:54 UTC
Package list is empty or all packages have requested keywords.
Comment 17 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-10 16:02:22 UTC
Request filed
Comment 18 Larry the Git Cow gentoo-dev 2022-08-14 00:12:03 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=60298a368732a5fdf5e926ec4c59811f482e73b5

commit 60298a368732a5fdf5e926ec4c59811f482e73b5
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-14 00:10:06 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-08-14 00:11:46 +0000

    [ GLSA 202208-22 ] xterm: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/769839
    Bug: https://bugs.gentoo.org/832409
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202208-22.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
Comment 19 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-14 00:14:45 UTC
GLSA released, all done!