The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of xterm: denial of service via UTF-8 Character Sequence

Synthesis of the vulnerability 

An attacker can trigger a fatal error via UTF-8 Character Sequence of xterm, in order to trigger a denial of service.
Impacted software: Debian, Fedora, RHEL, Slackware, Ubuntu.
Severity of this computer vulnerability: 2/4.
Creation date: 15/02/2021.
Références of this announce: CVE-2021-27135, DLA-2558-1, FEDORA-2021-e7a8e79fa8, RHSA-2021:0611-01, RHSA-2021:0617-01, RHSA-2021:0650-01, RHSA-2021:0651-01, SSA:2021-086-01, USN-4746-1, VIGILANCE-VUL-34576.

Description of the vulnerability 

An attacker can trigger a fatal error via UTF-8 Character Sequence of xterm, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security bulletin impacts software or systems such as Debian, Fedora, RHEL, Slackware, Ubuntu.

Our Vigil@nce team determined that the severity of this cybersecurity announce is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this vulnerability alert.

Solutions for this threat 

Debian 9: new xterm packages.
New packages are available:
  Debian 9: xterm 327-2+deb9u2

Fedora 33: new xterm packages.
New packages are available:
  Fedora 33: xterm 366-1.fc33

RHEL 7.9: new xterm packages.
New packages are available:
  RHEL 7.9: xterm 295-3.el7_9.1

RHEL 8.1-8.2: new xterm packages.
New packages are available:
  RHEL 8.1: xterm 331-1.el8_1.1
  RHEL 8.2: xterm 331-1.el8_2.1

RHEL 8.3: new xterm packages.
New packages are available:
  RHEL 8.3: xterm 331-1.el8_3.2

Slackware: new xterm packages.
New packages are available:
  Slackware 14.0: xterm 367-*-1_slack14.0
  Slackware 14.1: xterm 367-*-1_slack14.1
  Slackware 14.2: xterm 367-*-1_slack14.2

Ubuntu: new xterm packages.
New packages are available:
  Ubuntu 20.10: xterm 353-1ubuntu1.20.10.2
  Ubuntu 20.04 LTS: xterm 353-1ubuntu1.20.04.2
  Ubuntu 18.04 LTS: xterm 330-1ubuntu2.2
  Ubuntu 16.04 LTS: xterm 322-1ubuntu1.2
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides computer security analysis. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.