X Strike Force SVN commit: rev 248 - in trunk/debian: . patches
Author: branden
Date: 2003-06-26 13:01:11 -0500 (Thu, 26 Jun 2003)
New Revision: 248
Added:
trunk/debian/patches/093_SECURITY_xterm_window_title_reporting_fix.diff
trunk/debian/patches/094_SECURITY_xterm_DEC_UDK_sequence_DoS_fix.diff
Modified:
trunk/debian/changelog
Log:
add two security patches to xterm
debian/patches/093_SECURITY_xterm_window_title_reporting_fix.diff:
SECURITY: disable window title reporting to work around potentially
malicious text being spewed to terminal window
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0063>
debian/patches/094_SECURITY_xterm_DEC_UDK_sequence_DoS_fix.diff:
SECURITY: fix for xterm DoS attack; malformed DEC UDK escape sequences
can lock the terminal window
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0071>
Modified: trunk/debian/changelog
==============================================================================
--- trunk/debian/changelog 2003-06-26 15:17:12 UTC (rev 247)
+++ trunk/debian/changelog 2003-06-26 18:01:11 UTC (rev 248)
@@ -1,5 +1,7 @@
-xfree86 (4.2.1-9) unstable; urgency=low
+xfree86 (4.2.1-9) unstable; urgency=high
+ * urgency due to xterm security fixes; see below
+
* patch #001b: remove special-case logic in linux.cf that defined
"HasLinuxInput" to "NO" for Mc68020Architecture; m68k is now supported by
the Linux 2.4.20 kernel (at least in Debian), so we let this symbol be
@@ -7,6 +9,14 @@
affects the Wacom input driver and should not cause any regressions.
(thanks to James Troup for pointing out this no-longer-needed conditional)
+ * patch #093: new; SECURITY: disable window title reporting to work around
+ potentially malicious text being spewed to terminal window
+ <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0063>
+
+ * patch #094: new; SECURITY: fix for xterm DoS attack; malformed DEC UDK
+ escape sequences can lock the terminal window
+ <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0071>
+
* debian/control: move xlibs-pic from section devel to section libdevel
(syncrhonize with Debian archive override file)
* debian/rules: replace presently-useless $(DEBUGFLAGS) variable in
Added: trunk/debian/patches/093_SECURITY_xterm_window_title_reporting_fix.diff
==============================================================================
--- trunk/debian/patches/093_SECURITY_xterm_window_title_reporting_fix.diff 2003-06-26 15:17:12 UTC (rev 247)
+++ trunk/debian/patches/093_SECURITY_xterm_window_title_reporting_fix.diff 2003-06-26 18:01:11 UTC (rev 248)
@@ -0,0 +1,21 @@
+An equivalent patch is upstream in XTerm #177 (at the latest).
+
+--- xc/programs/xterm/charproc.c.xterm-can-2003-0063 2002-01-07 16:02:44.000000000 -0500
++++ xc/programs/xterm/charproc.c 2003-04-03 11:43:14.000000000 -0500
+@@ -3752,11 +3752,16 @@
+ break;
+
+ case 21: /* Report the window's title */
++/* This code block is disabled to fix a security issue reported
++ * in CAN-2003-0063
++ */
++#if 0
+ report_win_label(screen, 'l', &text,
+ XGetWMName(
+ screen->display,
+ VShellWindow,
+ &text));
++#endif
+ break;
+
+ default: /* DECSLPP (24, 25, 36, 48, 72, 144) */
Added: trunk/debian/patches/094_SECURITY_xterm_DEC_UDK_sequence_DoS_fix.diff
==============================================================================
--- trunk/debian/patches/094_SECURITY_xterm_DEC_UDK_sequence_DoS_fix.diff 2003-06-26 15:17:12 UTC (rev 247)
+++ trunk/debian/patches/094_SECURITY_xterm_DEC_UDK_sequence_DoS_fix.diff 2003-06-26 18:01:11 UTC (rev 248)
@@ -0,0 +1,21 @@
+This patch is upstream in XTerm #173 (at the latest).
+
+--- xc/programs/xterm/misc.c.xterm-DECUDK-security-fix 2001-10-23 21:21:24.000000000 -0400
++++ xc/programs/xterm/misc.c 2003-04-03 11:00:48.000000000 -0500
+@@ -1649,6 +1649,7 @@
+ reset_decudk();
+
+ while (*cp) {
++ char *base = cp;
+ char *str = (char *)malloc(strlen(cp) + 2);
+ unsigned key = 0;
+ int len = 0;
+@@ -1675,6 +1676,8 @@
+ }
+ if (*cp == ';')
+ cp++;
++ if (cp == base) /* badly-formed sequence - bail out */
++ break;
+ }
+ }
+ break;
Reply to: