--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2009-0091
2009-01-07 06:45:03
--------------------------------------------------------------------------------Name        : xterm
Product     : Fedora 10
Version     : 238
Release     : 1.fc10
URL         : Summary     : Terminal emulator for the X Window System
Description :
The xterm program is a terminal emulator for the X Window System. It
provides DEC VT102 and Tektronix 4014 compatible terminals for
programs that can't use the window system directly.

--------------------------------------------------------------------------------Update Information:

This update fixes the following security issue:    CRLF injection vulnerability
in xterm allows user-assisted attackers to execute arbitrary commands via LF
(aka \n) characters surrounding a command name within a Device Control Request
Status String (DECRQSS) escape sequence in a text file, a related issue to
CVE-2003-0063 and CVE-2003-0071.
--------------------------------------------------------------------------------ChangeLog:

* Tue Jan  6 2009 Miroslav Lichvar  238-1
- update to 238 (#479000, CVE-2008-2383)
- set default values of allowWindowOps and allowFontOps resources to false
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #479000 - xterm executes arbitrary commands
        https://bugzilla.redhat.com/show_bug.cgi?id=479000
--------------------------------------------------------------------------------This update can be installed with the "yum" update program.  Use 
su -c 'yum update xterm' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce

Fedora 10 Update: xterm-238-1.fc10

January 7, 2009
This update fixes the following security issue: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters s...

Summary

The xterm program is a terminal emulator for the X Window System. It

provides DEC VT102 and Tektronix 4014 compatible terminals for

programs that can't use the window system directly.

This update fixes the following security issue: CRLF injection vulnerability

in xterm allows user-assisted attackers to execute arbitrary commands via LF

(aka \n) characters surrounding a command name within a Device Control Request

Status String (DECRQSS) escape sequence in a text file, a related issue to

CVE-2003-0063 and CVE-2003-0071.

* Tue Jan 6 2009 Miroslav Lichvar 238-1

- update to 238 (#479000, CVE-2008-2383)

- set default values of allowWindowOps and allowFontOps resources to false

[ 1 ] Bug #479000 - xterm executes arbitrary commands

https://bugzilla.redhat.com/show_bug.cgi?id=479000

su -c 'yum update xterm' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-package-announce

FEDORA-2009-0091 2009-01-07 06:45:03 Product : Fedora 10 Version : 238 Release : 1.fc10 URL : Summary : Terminal emulator for the X Window System Description : The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that can't use the window system directly. This update fixes the following security issue: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071. * Tue Jan 6 2009 Miroslav Lichvar 238-1 - update to 238 (#479000, CVE-2008-2383) - set default values of allowWindowOps and allowFontOps resources to false [ 1 ] Bug #479000 - xterm executes arbitrary commands https://bugzilla.redhat.com/show_bug.cgi?id=479000 su -c 'yum update xterm' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce

Change Log

References

Update Instructions

Severity
Product : Fedora 10
Version : 238
Release : 1.fc10
URL : Summary : Terminal emulator for the X Window System

Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved