Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2024-37535

Published: 9 June 2024

GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.

Notes

AuthorNote
alexmurray 
PoC in oss-security reply

Priority

Medium

Status

Package Release Status
vte2.91
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal
Released (0.60.3-0ubuntu1~20.5)
jammy
Released (0.68.0-1ubuntu0.1)
mantic
Released (0.74.0-2ubuntu0.1)
noble
Released (0.76.0-1ubuntu0.1)
upstream Needs triage

xenial Needs triage

Patches:
upstream: https://gitlab.gnome.org/GNOME/vte/-/commit/1803ba866053a3d7840892b9d31fe2944a183eda
upstream: https://gitlab.gnome.org/GNOME/vte/-/commit/fd5511f24b7269195a7083f409244e9787c705dc
upstream: https://gitlab.gnome.org/GNOME/vte/-/commit/036bc3ddcbb56f05c6ca76712a53b89dee1369e2
upstream: https://gitlab.gnome.org/GNOME/vte/-/commit/c313849c2e5133802e21b13fa0b141b360171d39

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading