CVE-2021-27135 (xterm) fix?

Support for security such as Firewalls and securing linux
Post Reply
dkaelbling
Posts: 2
Joined: 2019/10/14 13:20:46

CVE-2021-27135 (xterm) fix?

Post by dkaelbling » 2021/04/29 20:45:12

Is a fix for CVE-2021-27135 in the works? Red Hat released a patch on February 22 but it doesn't seem to have filtered down to CentOS 7 yet. Or maybe I just missed it.

- Thanks!

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2021-27135 (xterm) fix?

Post by TrevorH » 2021/04/29 23:39:58

It seems to be missing. A bug report on bugs.centos.org wouldn't go amiss.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke


chemal
Posts: 776
Joined: 2013/12/08 19:44:49

Re: CVE-2021-27135 (xterm) fix?

Post by chemal » 2021/04/30 15:44:24

They "forget" a lot of security related rebuilds for CentOS 7 these days: xorg-x11-server, ImageMagick, and libexif are recent examples. Even when there were bug reports on bugs.centos.org, it took more than another month before somebody cared. In summary, these rebuilds were delayed by 2-3 months.

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2021-27135 (xterm) fix?

Post by TrevorH » 2021/04/30 16:59:15

This one is now built and pushed and should be on the mirrors.

If there are problems like this and bugs have been raised and ignored then several of the mods here can ping the devs and make them aware. So too can the various ops on the freenode 'centos* IRC channels. Raise a bug first, assign it to hughesjr and if no response within a day or two, ping others.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply