Security update for xterm SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:2013-1 Final 1 1 2021-06-18T07:15:56Z current 2021-06-18T07:15:56Z 2021-06-18T07:15:56Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xterm This update for xterm fixes the following issues: - CVE-2021-27135: Fixed buffer-overflow when clicking on selected utf8 text. (bsc#1182091) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-2013,SUSE-SLE-Product-HPC-15-2021-2013,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-2013,SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-2013,SUSE-SLE-Product-SLES-15-2021-2013,SUSE-SLE-Product-SLES-15-SP1-BCL-2021-2013,SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-2013,SUSE-SLE-Product-SLES_SAP-15-2021-2013,SUSE-SLE-Product-SLES_SAP-15-SP1-2021-2013,SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-2013,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-2013,SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-2013,SUSE-Storage-6-2021-2013 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20212013-1/ Link for SUSE-SU-2021:2013-1 https://lists.suse.com/pipermail/sle-security-updates/2021-June/009040.html E-Mail link for SUSE-SU-2021:2013-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1169444 SUSE Bug 1169444 https://bugzilla.suse.com/1182091 SUSE Bug 1182091 https://www.suse.com/security/cve/CVE-2021-27135/ SUSE CVE CVE-2021-27135 page SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15 SP1-BCL SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 xterm-330-4.3.1 xterm-bin-330-4.3.1 xterm-330-4.3.1 as a component of SUSE Enterprise Storage 6 xterm-bin-330-4.3.1 as a component of SUSE Enterprise Storage 6 xterm-330-4.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS xterm-bin-330-4.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS xterm-330-4.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS xterm-bin-330-4.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS xterm-330-4.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS xterm-bin-330-4.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15-ESPOS xterm-330-4.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS xterm-bin-330-4.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15-LTSS xterm-330-4.3.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL xterm-bin-330-4.3.1 as a component of SUSE Linux Enterprise Server 15 SP1-BCL xterm-330-4.3.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS xterm-bin-330-4.3.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS xterm-330-4.3.1 as a component of SUSE Linux Enterprise Server 15-LTSS xterm-bin-330-4.3.1 as a component of SUSE Linux Enterprise Server 15-LTSS xterm-330-4.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 xterm-bin-330-4.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 xterm-330-4.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 xterm-bin-330-4.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 xterm-330-4.3.1 as a component of SUSE Manager Proxy 4.0 xterm-bin-330-4.3.1 as a component of SUSE Manager Proxy 4.0 xterm-330-4.3.1 as a component of SUSE Manager Retail Branch Server 4.0 xterm-bin-330-4.3.1 as a component of SUSE Manager Retail Branch Server 4.0 xterm-330-4.3.1 as a component of SUSE Manager Server 4.0 xterm-bin-330-4.3.1 as a component of SUSE Manager Server 4.0 xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence. CVE-2021-27135 SUSE Enterprise Storage 6:xterm-330-4.3.1 SUSE Enterprise Storage 6:xterm-bin-330-4.3.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xterm-330-4.3.1 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:xterm-bin-330-4.3.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xterm-330-4.3.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:xterm-bin-330-4.3.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:xterm-330-4.3.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS:xterm-bin-330-4.3.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:xterm-330-4.3.1 SUSE Linux Enterprise High Performance Computing 15-LTSS:xterm-bin-330-4.3.1 SUSE Linux Enterprise Server 15 SP1-BCL:xterm-330-4.3.1 SUSE Linux Enterprise Server 15 SP1-BCL:xterm-bin-330-4.3.1 SUSE Linux Enterprise Server 15 SP1-LTSS:xterm-330-4.3.1 SUSE Linux Enterprise Server 15 SP1-LTSS:xterm-bin-330-4.3.1 SUSE Linux Enterprise Server 15-LTSS:xterm-330-4.3.1 SUSE Linux Enterprise Server 15-LTSS:xterm-bin-330-4.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:xterm-330-4.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:xterm-bin-330-4.3.1 SUSE Linux Enterprise Server for SAP Applications 15:xterm-330-4.3.1 SUSE Linux Enterprise Server for SAP Applications 15:xterm-bin-330-4.3.1 SUSE Manager Proxy 4.0:xterm-330-4.3.1 SUSE Manager Proxy 4.0:xterm-bin-330-4.3.1 SUSE Manager Retail Branch Server 4.0:xterm-330-4.3.1 SUSE Manager Retail Branch Server 4.0:xterm-bin-330-4.3.1 SUSE Manager Server 4.0:xterm-330-4.3.1 SUSE Manager Server 4.0:xterm-bin-330-4.3.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20212013-1/ https://www.suse.com/security/cve/CVE-2021-27135.html CVE-2021-27135 https://bugzilla.suse.com/1182091 SUSE Bug 1182091 https://bugzilla.suse.com/1189857 SUSE Bug 1189857 https://bugzilla.suse.com/1190262 SUSE Bug 1190262 https://bugzilla.suse.com/1225632 SUSE Bug 1225632