SB2024072244 - openEuler 22.03 LTS SP1 update for vte291

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Resource exhaustion (CVE-ID: CVE-2024-37535)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when handling window resize escape sequence. A local user can consume all available memory resources and perform a denial of service (DoS) attack.

2) Input validation error (CVE-ID: CVE-2000-0476)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim to insert certain characters that force the window to be resized and crash the terminal.

3) Denial of service (CVE-ID: CVE-2016-6439)

The vulnerability allows a remote anauthenticated user to cause DoS conditions on the target system.
The weakness is due to resource management error. By sending a specially crafted data, attackers can trigger the Snort process restart and bypass Snort detection.
Successful exploitation results in denial of service that may lead to further attacks on the vulnerable system.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1829