Bug 15668 - xterm buffer overflow in -S option fixed upstream in 314
Summary: xterm buffer overflow in -S option fixed upstream in 314
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 4
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL: http://lwn.net/Vulnerabilities/639785/
Whiteboard: has_procedure advisory MGA4-32-OK mga...
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2015-04-09 20:06 CEST by David Walser
Modified: 2015-04-15 11:02 CEST (History)
1 user (show)

See Also:
Source RPM: xterm-300-1.mga4.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2015-04-09 20:06:10 CEST
Fedora has issued an advisory on March 5:
https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154509.html

More information about this issue is in this thread:
http://openwall.com/lists/oss-security/2015/03/03/1

It doesn't sound like it's really a security issue, just a very minor bug.

I fixed this in Cauldron a month ago by updating to 315.

Patched package uploaded for Mageia 4.

Advisory:
----------------------------------------

The xterm program could crash when called with the -S option due to a buffer
overflow.

References:
https://lists.fedoraproject.org/pipermail/package-announce/2015-April/154509.html
http://openwall.com/lists/oss-security/2015/03/03/1
----------------------------------------

Updated packages in core/updates_testing:
----------------------------------------
xterm-300-1.1.mga4

from xterm-300-1.1.mga4.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-04-09 21:19:14 CEST
Confirmed the crash and the fix for the buffer overflow.  General usage is fine.

Whiteboard: (none) => has_procedure MGA4-32-OK

Comment 2 claire robinson 2015-04-10 15:36:48 CEST
Before
------
$ xterm -S/dev/pts/20
*** buffer overflow detected ***: xterm terminated
======= Backtrace: =========
...etc

After
-----
$ xterm -S/dev/pts/20
xterm: Error 12, errno 9: Bad file descriptor
Reason: main: ioctl() failed on F_GETFL

Whiteboard: has_procedure MGA4-32-OK => has_procedure MGA4-32-OK mga4-64-ok

Comment 3 claire robinson 2015-04-10 15:41:28 CEST
Validating. Advisory uploaded.

Please push to 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: has_procedure MGA4-32-OK mga4-64-ok => has_procedure advisory MGA4-32-OK mga4-64-ok
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2015-04-15 11:02:12 CEST
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGAA-2015-0036.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.