Debian Security Advisory 4819-1

Debian Security Advisory 4819-1: Posted Dec 28, 2020; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4819-1 - Stephane Chauveau discovered that the graphics protocol implementation in Kitty, a GPU-based terminal emulator, did not sanitise a filename when returning an error message, which could result in the execution of arbitrary shell commands when displaying a file with cat.; tags | advisory, arbitrary, shell, protocol; systems | linux, debian; advisories | CVE-2020-35605; SHA-256 | f6317a49d2923fe8f53b7672c8fb7c1f2edf2679a5c2d33218c92950955b63e6; Download | Favorite | View

Debian Security Advisory 4819-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4819-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
December 26, 2020                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : kitty
CVE ID         : CVE-2020-35605

Stephane Chauveau discovered that the graphics protocol implementation in
Kitty, a GPU-based terminal emulator, did not sanitise a filename when
returning an error message, which could result in the execution of
arbitrary shell commands when displaying a file with cat.

For the stable distribution (buster), this problem has been fixed in
version 0.13.3-1+deb10u1.

We recommend that you upgrade your kitty packages.

For the detailed security status of kitty please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/kitty

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl/nf+gACgkQEMKTtsN8
TjZmPhAAl3JjKumCl+EttbyMLTmhss4CrTbABRemYx5CXY3FJnbAn9DlhL7fgah9
kCfa94dzDrHf3bh2NTmGnVR/VakYrfEq3TZwqRJRUlAnld+d5pZsD8ODLjRi4UNG
+tE4mBRWMXMJGZVuVzN+2+8Obdi8M2IqMrgKvGD07DiQsbHueBicuNxa/mV1PnSR
TNWUifX8gZemId48Mkjr1aMLeZSTfJZWB6EkiaUfsSU1aTldhmnhB2xZM0DM/d8N
tjRYZyrnKBlDgKepr7btzY422w2dDDzxfYRz254dVQ0tMcedTuufe0Q0wRFuiYXA
B97DJanSJag8zNMVfY17bNyRD1oAC6cW3gftXbPyg/F0ClmHB3S6Sd1qO8PAi4IG
2A43gbpxCtbdSI7nLjwlJ1nGWrbxQxP3/ns1J5dHBMeLrjK3Nw6eiSJOo07pp4vv
ZB0ax3poY7y+PM+5O9kyLn5A0FCgz7faZODQQa9XGT9ZneHfRap5NQ8Z8Ba+O51Y
/q+KJUrB+Q83XpQjnW7HoHLrkEMDsop1+ET+AwfdBUv+KuXIPSC8m3k2Iu8EsifL
0A1H9SYkk5s+uJsCtxsh5d0NnusOKyTrtyhM930MEgQzEOFguGDdFHEbNJcxr8KS
Ng4HAT+TMymwIECt2DrxHFpGJHxIeGPuGWts6WggzTdJSAZ6hEY=
=yJ+p
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Debian Security Advisory 4819-1

Debian Security Advisory 4819-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 4819-1

Share This

Debian Security Advisory 4819-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems