Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia 8 MGASA-2021-0358 Critical: Rxvt-Unicode Remote Code Execution

mageia
Calendar Grey July 20, 2021
Dist Mageia Esm H88
The security patch MGASA-2021-0358 rectifies vulnerabilities in the rxvt-unicode, mrxvt, and eterm packages, which could lead to remote code execution.
rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q)

Summary

rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline (CVE-2021-33477).

References

- https://bugs.mageia.org/show_bug.cgi?id=28939

- https://www.openwall.com/lists/oss-security/2021/05/17/1

- https://www.openwall.com/lists/oss-security/2021/05/17/2

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6RFMU5YXXNYYVA7G2DAHRXXHO6JKVFUT/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UXAKO6N6NKTR6Z6KVAPEXSZQMRU52SGA/

- https://lists.debian.org/debian-lts-announce/2021/06/msg00010.html

- https://lists.debian.org/debian-lts-announce/2021/06/msg00011.html

- https://www.cve.org/CVERecord?id=CVE-2021-33477

Topics%20covered

Topics Covered

security advisory code execution eterm rxvt-unicode Mageia mrxvt

Resolution

SRPMS

- 8/core/rxvt-unicode-9.26-1.mga8

- 8/core/mrxvt-0.5.4-15.1.mga8

- 8/core/eterm-0.9.7-3.1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 20 Jul 2021
URL: https://advisories.mageia.org/MGASA-2021-0358.html
Type: security
CVE: CVE-2021-33477

Topics%20covered

Topics Covered

security advisory code execution eterm rxvt-unicode Mageia mrxvt

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here