ALT-PU-2021-1407-1
Closed vulnerabilities
Published: 2021-02-10
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2021-27135
xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- 20210520 CVE-2021-31535 libX11 Insufficient Length Checks PoC and Archeology
- 20210520 CVE-2021-31535 libX11 Insufficient Length Checks PoC and Archeology
- [oss-security] 20210210 Re: Re: screen crash processing combining characters
- [oss-security] 20210210 Re: Re: screen crash processing combining characters
- https://access.redhat.com/security/cve/CVE-2021-27135
- https://access.redhat.com/security/cve/CVE-2021-27135
- https://bugzilla.redhat.com/show_bug.cgi?id=1927559
- https://bugzilla.redhat.com/show_bug.cgi?id=1927559
- https://bugzilla.suse.com/show_bug.cgi?id=1182091
- https://bugzilla.suse.com/show_bug.cgi?id=1182091
- https://github.com/ThomasDickey/xterm-snapshots/commit/82ba55b8f994ab30ff561a347b82ea340ba7075c
- https://github.com/ThomasDickey/xterm-snapshots/commit/82ba55b8f994ab30ff561a347b82ea340ba7075c
- https://invisible-island.net/xterm/xterm.log.html
- https://invisible-island.net/xterm/xterm.log.html
- [debian-lts-announce] 20210213 [SECURITY] [DLA 2558-1] xterm security update
- [debian-lts-announce] 20210213 [SECURITY] [DLA 2558-1] xterm security update
- FEDORA-2021-e7a8e79fa8
- FEDORA-2021-e7a8e79fa8
- https://news.ycombinator.com/item?id=26524650
- https://news.ycombinator.com/item?id=26524650
- GLSA-202208-22
- GLSA-202208-22
- https://www.openwall.com/lists/oss-security/2021/02/09/7
- https://www.openwall.com/lists/oss-security/2021/02/09/7
- https://www.openwall.com/lists/oss-security/2021/02/09/9
- https://www.openwall.com/lists/oss-security/2021/02/09/9
Closed bugs
Собрать версию > 365 (CVE-2021-27135)