Preface: The current Linux desktop market share is between 1.74 – 2.18%, according to the usage share of operating systems. In April 2019, Linux’s desktop market share was estimated to be 1.63%. Of all Linux users, 38.2% use Ubuntu as of May 2019. 21.5% of users rely on Debian.
Background: PPA – Personal Package Archives allow you to upload Ubuntu source packages to be built and published as an apt repository by Launchpad.
Vulnerability details: Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1~esm1, printed a PPA (personal package archive) description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways.
Design limitation: A terminal escape sequence is a special sequence of characters that is printed. If the terminal understands the sequence, it won’t display the character-sequence, but will perform some action. Please refer to the attached drawings for details.
Official reference: https://nvd.nist.gov/vuln/detail/CVE-2020-15709