Bug#916630: terminology: Remote execution via special escape codes that handle unknown media types
Ross Vandegrift
ross at kallisti.us
Sun Dec 16 18:20:31 GMT 2018
Package: terminology
Version: 1.3.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
Owner: ross at kallisti.us
Forwarded: https://phab.enlightenment.org/T7504
Terminology 1.3.1 has been released to fix a remote code execution
vulnerability in special escape handling. This can be mitigated by unchecking
Settings -> Enable special Terminology escape codes. I'm preparing a release.
Details from upstream bug report:
The \e}pn sequence allows a user to display media like an image or open a
web page. However, all unknown media types are handled with the
media_unknown_handle function which executes xdg-open against the file type.
This creates a large attack surface that allows a remotely introduced
executable file to be executed when that file's MIME type is registered for
xdg-open.
See the linked bug for full info.
Ross
More information about the Pkg-e-devel
mailing list