Описание
rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| rxvt | removed | package | ||
| rxvt-unicode | fixed | 9.22-11 | package | |
| rxvt-unicode | fixed | 9.22-6+deb10u1 | buster | package |
| mrxvt | removed | package | ||
| eterm | fixed | 0.9.6-6.1 | package | |
| eterm | fixed | 0.9.6-5+deb10u1 | buster | package |
Примечания
https://www.openwall.com/lists/oss-security/2021/05/17/1
Mentioned first in: https://www.openwall.com/lists/oss-security/2017/05/01/20
Fixed by: http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583
Disabled problematic code in: http://cvs.schmorp.de/rxvt-unicode/src/command.C?view=log#rev1.585
Связанные уязвимости
rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline.
rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline.
rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline.
Уязвимость программного обеспечения Eterm, Mrxyt, Rxyt, Rxyt-unicode, связанная с функцией SSL-Proxy, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
