Fedora has issued an advisory on March 5: https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154509.html More information about this issue is in this thread: http://openwall.com/lists/oss-security/2015/03/03/1 It doesn't sound like it's really a security issue, just a very minor bug. I fixed this in Cauldron a month ago by updating to 315. Patched package uploaded for Mageia 4. Advisory: ---------------------------------------- The xterm program could crash when called with the -S option due to a buffer overflow. References: https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154509.html http://openwall.com/lists/oss-security/2015/03/03/1 ---------------------------------------- Updated packages in core/updates_testing: ---------------------------------------- xterm-300-1.1.mga4 from xterm-300-1.1.mga4.src.rpm Reproducible: Steps to Reproduce:
Confirmed the crash and the fix for the buffer overflow. General usage is fine.
Whiteboard: (none) => has_procedure MGA4-32-OK
Before ------ $ xterm -S/dev/pts/20 *** buffer overflow detected ***: xterm terminated ======= Backtrace: ========= ...etc After ----- $ xterm -S/dev/pts/20 xterm: Error 12, errno 9: Bad file descriptor Reason: main: ioctl() failed on F_GETFL
Whiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK mga4-64-ok
Validating. Advisory uploaded. Please push to 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA4-32-OK mga4-64-ok => has_procedure advisory MGA4-32-OK mga4-64-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGAA-2015-0036.html
Status: NEW => RESOLVEDResolution: (none) => FIXED