On Sat, Feb 28, 2015 at 03:37:53 +0100, Vincent Lefevre wrote: > Package: xterm > Version: 312-1 > Severity: important > Tags: security > > $ xterm -S/dev/pts/20 > *** buffer overflow detected ***: /usr/bin/xterm terminated > ======= Backtrace: ========= > /lib/x86_64-linux-gnu/libc.so.6(+0x731ff)[0x7f4de0b1b1ff] > /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f4de0b9e4c7] > /lib/x86_64-linux-gnu/libc.so.6(+0xf46e0)[0x7f4de0b9c6e0] > /lib/x86_64-linux-gnu/libc.so.6(__stpncpy_chk+0x0)[0x7f4de0b9bb40] > /usr/bin/xterm[0x408eb0] > /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7f4de0ac9b45] > /usr/bin/xterm[0x408f9c] > ======= Memory map: ======== > [...] > > Not sure whether this is a security issue, but a buffer overflow > looks really wrong... > I don't think bad handling of a command line option qualifies, there's no trust boundary to breach there afaict? Cheers, Julien
Attachment:
signature.asc
Description: Digital signature