Bug 33277 - vte new security issue CVE-2024-37535
Summary: vte new security issue CVE-2024-37535
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2024-06-10 10:02 CEST by Nicolas Salguero
Modified: 2024-06-14 19:31 CEST (History)
3 users (show)

See Also:
Source RPM: vte-0.72.1-1.mga9.src.rpm
CVE: CVE-2024-37535
Status comment:


Attachments

Description Nicolas Salguero 2024-06-10 10:02:09 CEST
CVE-2024-37535 was announced here:
https://www.openwall.com/lists/oss-security/2024/06/09/1
https://www.openwall.com/lists/oss-security/2024/06/09/2

Mageia 9 is also affected (I tested the command "printf '\e[8;65535;65535t'" with gnome-terminal on a Mga9 Virtualbox VM and the running LXDE session was killed).
Nicolas Salguero 2024-06-10 10:03:04 CEST

Source RPM: (none) => vte-0.76.2-1.mga10.src.rpm
Whiteboard: (none) => MGA9TOO
CVE: (none) => CVE-2024-37535
Status comment: (none) => Fixed upstream in 0.76.3 and patch available from upstream

Comment 1 Lewis Smith 2024-06-10 20:22:55 CEST
I think this is the patch:
https://gitlab.gnome.org/GNOME/vte/-/commit/fd5511f24b7269195a7083f409244e9787c705dc

Our v0.76.2 in Cauldron is very recent!

Assigning globally.

Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2024-06-13 13:24:44 CEST
Suggested advisory:
========================

The updated packages fix a security vulnerability:

GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476. (CVE-2024-37535)

References:
https://www.openwall.com/lists/oss-security/2024/06/09/1
https://www.openwall.com/lists/oss-security/2024/06/09/2
========================

Updated packages in core/updates_testing:
========================
lib(64)vte-devel-0.72.1-1.1.mga9
lib(64)vte-gir2.91-0.72.1-1.1.mga9
lib(64)vte-gir3.91-0.72.1-1.1.mga9
lib(64)vte-gtk4-devel-0.72.1-1.1.mga9
lib(64)vte-gtk4_2.91_0-0.72.1-1.1.mga9
lib(64)vte2.91_0-0.72.1-1.1.mga9
vte-0.72.1-1.1.mga9
vte-glade-0.72.1-1.1.mga9
vte-gtk3-0.72.1-1.1.mga9
vte-gtk4-0.72.1-1.1.mga9
vte-profile-0.72.1-1.1.mga9

from SRPM:
vte-0.72.1-1.1.mga9.src.rpm

Assignee: pkg-bugs => qa-bugs
Status: NEW => ASSIGNED
Status comment: Fixed upstream in 0.76.3 and patch available from upstream => (none)
Version: Cauldron => 9
Whiteboard: MGA9TOO => (none)
Source RPM: vte-0.76.2-1.mga10.src.rpm => vte-0.72.1-1.mga9.src.rpm

katnatek 2024-06-13 19:51:52 CEST

Keywords: (none) => advisory

Comment 3 Len Lawrence 2024-06-14 11:57:09 CEST
mga9, x64

Installed release version of vte (60 packages+).  No man page or Read.md file.
vte is a terminal emulator associated with Gtk.

To launch a terminal use gtk-2.91.  The -help command line option shows the possible arguments.
Running emacs in a vte session to write this report.

$ vte-2.91 --allow-window-ops --background-image=/home/lcl/Pictures/TracysRock.jpg
raises a terminal with an image as background and the window may be resized to accommodate the whole picture.  Note that '~' is not interpreted as $HOME.
The background colour option accepts the X11 RGB colour names.
$ vte-2.91 --allow-window-ops --background-color=LemonChiffon

The terminal is happy to accept other character sets such as Cyrillic and Greek.
$ eom YauzaRiverШлюзнарекеЯузеIMG3353.jpg
$ cat greek
Α 	α 	Alpha 	a
Β 	β 	Beta 	b
....
The --transparent=0..100 option enables variable transparency.

That is as far as I have taken this.  There are many other technical options.
The packages updated without a problem.
There is an exploit which can be tested easily but since it usually freezes up the machine I skipped that before updating.
After the update it is innocuous:
$ printf "e[4;65535;65535t"
e[4;65535;65535tlcl@yildun:~ $
vi works fine in the terminal.
Tried some of the other facilities as before and everything seems to be working.
Giving this an OK.

Whiteboard: (none) => MGA9-64-OK
CC: (none) => tarazed25

Comment 4 Thomas Andrews 2024-06-14 14:45:22 CEST
Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Comment 5 Mageia Robot 2024-06-14 19:31:12 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0219.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.