Bug 234103 - x11/terminology: Update to 1.3.1 (Fixes CVE-2018-20167: Incorrect escaping of crafted files results in code execution)
Summary: x11/terminology: Update to 1.3.1 (Fixes CVE-2018-20167: Incorrect escaping of...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: freebsd-enlightenment (Nobody)
URL: https://www.enlightenment.org/news/20...
Keywords: needs-patch, security
Depends on:
Reported: 2018-12-17 18:37 UTC by Conrad Meyer
Modified: 2018-12-21 22:37 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (enlightenment)
koobs: merge-quarterly?


Note You need to log in before you can comment on or make changes to this bug.
Description Conrad Meyer freebsd_committer 2018-12-17 18:37:51 UTC
(Copied from Redhat bugzilla.)

Terminology before 1.3.1 allows Remote Code Execution because popmedia is
mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is
used. A popmedia control sequence can allow the malicious execution of
executable file formats registered in the X desktop share MIME types
(/usr/share/applications). The control sequence defers unknown file types to
the handle_unknown_media() function, which executes xdg-open against the
filename specified in the sequence. The use of xdg-open for all unknown file
types allows executable file formats with a registered shared MIME type to be
executed. An attacker can achieve remote code execution by introducing an
executable file and a plain text file containing the control sequence through a
fake software project (e.g., in Git or a tarball). When the control sequence is
rendered (such as with cat), the executable file will be run.

Comment 1 Grzegorz Blach freebsd_committer 2018-12-21 22:36:07 UTC
Updated to 1.3.2. Thanks for report.
Comment 2 commit-hook freebsd_committer 2018-12-21 22:36:07 UTC
A commit references this bug:

Author: gblach
Date: Fri Dec 21 22:35:12 UTC 2018
New revision: 488028
URL: https://svnweb.freebsd.org/changeset/ports/488028

  Update to 1.3.2

  Fixes CVE-2018-20167: Incorrect escaping of crafted files results
  in code execution.

  PR:		234103
  Submitted by:	cem

Comment 3 Conrad Meyer freebsd_committer 2018-12-21 22:37:51 UTC
Thanks for the quick fix!