Bug 1180298 - (CVE-2020-35605) VUL-0: CVE-2020-35605: kitty: RCE because of filename containing special characters
(CVE-2020-35605)
VUL-0: CVE-2020-35605: kitty: RCE because of filename containing special char...
Status: IN_PROGRESS
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Basesystem
Leap 15.2
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/273856/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-12-22 15:08 UTC by Alexander Bergmann
Modified: 2021-01-07 20:17 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2020-12-22 15:08:23 UTC
rh#1910073

The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.

Reference:
https://github.com/kovidgoyal/kitty/issues/3128

Upstream patch:
https://github.com/kovidgoyal/kitty/commit/82c137878c2b99100a3cdc1c0f0efea069313901

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1910073
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35605
https://github.com/kovidgoyal/kitty/commit/82c137878c2b99100a3cdc1c0f0efea069313901
https://github.com/kovidgoyal/kitty/issues/3128
Comment 1 Michael Vetter 2021-01-04 12:39:54 UTC
SR#860182 to Leap 15.2

For Tumbleweed this was fixed one week ago with SR#859010
Comment 2 OBSbugzilla Bot 2021-01-04 13:10:06 UTC
This is an autogenerated message for OBS integration:
This bug (1180298) was mentioned in
https://build.opensuse.org/request/show/860182 15.2 / kitty
Comment 3 Swamp Workflow Management 2021-01-07 20:17:15 UTC
openSUSE-SU-2021:0025-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1180298
CVE References: CVE-2020-35605
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    kitty-0.16.0-lp152.2.3.1