CVE-2021-27135 has been assigned for a security issue discussed in this thread: https://www.openwall.com/lists/oss-security/2021/02/10/7 The issue has been fixed upstream in 366: https://invisible-island.net/xterm/xterm.log.html#xterm_366 Mageia 7 and Mageia 8 are also affected.
See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=28390Whiteboard: (none) => MGA8TOO, MGA7TOOStatus comment: (none) => Fixed upstream in 366
RedHat has issued an advisory for this on February 18: https://access.redhat.com/errata/RHSA-2021:0611
Severity: normal => critical
Assigning to you Shlomi because you did several new versions recently. Bounce it if you are not happy about this.
Assignee: bugsquad => shlomif
Sorry, Rindolf is no longer a Mageia's packager. Assigning to all packagers.
CC: (none) => ouaurelienAssignee: shlomif => pkg-bugs
Debian-LTS has issued an advisory for this on February 13: https://www.debian.org/lts/security/2021/dla-2558
Ubuntu has issued an advisory for this on February 24: https://ubuntu.com/security/notices/USN-4746-1
Fedora has issued an advisory for this on February 26: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/35LK2ZXEIJUOGOA7FV2TJL3L6LFJ4X5S/
fixed in mga7/8 src: - xterm-344-1.1.mga7 - xterm-363-1.1.mga8
Assignee: pkg-bugs => qa-bugsStatus comment: Fixed upstream in 366 => (none)CC: (none) => mageia
Version: Cauldron => 8Whiteboard: MGA8TOO, MGA7TOO => MGA7TOO
mga8, no issue
Whiteboard: MGA7TOO => MGA7TOO MGA8-64-OK
mga7, x64 Before update tried typing special characters generated by combining AltGrey-Control and AltGrey-Shift with a number/letter key and found no problem. Also tried cut-and-paste from a special character table. Updated xterm and repeated the tests. No regressions.
Whiteboard: MGA7TOO MGA8-64-OK => MGA7-64-OK MGA8-64-OKCC: (none) => tarazed25
We must leave MGA7TOO untouched in whiteboard to have http://madb.mageia.org/tools/updates/application/ displaying correctly updates for Mageia 7 and Mageia 8.
Whiteboard: MGA7-64-OK MGA8-64-OK => MGA7TOO MGA7-64-OK MGA8-64-OK
Thanks for the correction Aurelien.
Thank you, Gentlemen. Validating. I don't see any advisory information other than the links from other distros.
CC: (none) => andrewsfarm
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisory: ======================== Updated xterm package fixes security vulnerability: xterm through Patch #365 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted UTF-8 character sequence. (CVE-2021-27135). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27135 https://ubuntu.com/security/notices/USN-4746-1 https://www.debian.org/lts/security/2021/dla-2558 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/35LK2ZXEIJUOGOA7FV2TJL3L6LFJ4X5S/ ======================== Updated packages in core/updates_testing: ======================== xterm-344-1.1.mga7 from SRMP .src.rpm And: xterm-363-1.1.mga8 from SRPM xterm-363-1.1.mga8.src.rpm
URL: (none) => https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27135Keywords: (none) => advisoryCVE: (none) => CVE-2021-27135
Fixing a typo. Advisory: ======================== Updated xterm package fixes security vulnerability: xterm through Patch #365 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted UTF-8 character sequence. (CVE-2021-27135). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27135 https://ubuntu.com/security/notices/USN-4746-1 https://www.debian.org/lts/security/2021/dla-2558 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/35LK2ZXEIJUOGOA7FV2TJL3L6LFJ4X5S/ ======================== Updated packages in core/updates_testing: ======================== xterm-344-1.1.mga7 from SRMP xterm-344-1.1.mga7.src.rpm And: xterm-363-1.1.mga8 from SRPM xterm-363-1.1.mga8.src.rpm
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0094.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED