Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Red Hat Linux RHSA-2003:054-00 Critical: Rxvt Escape Sequence Threat

red hat
Calendar Grey March 17, 2003
Dist Redhat Esm H88
A security notice concerning recent rxvt updates rectifying various escape sequence vulnerabilities in Red Hat Linux.
Updated rxvt packages are available which fix a number of vulnerabilities in the handling of escape sequences.

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.

Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. RPMs required:

Red Hat Linux 6.2:

SRPMS:


i386:


Red Hat Linux 7.0:

SRPMS:


i386:


Red Hat Linux 7.1:

SRPMS:


i386:


Red Hat Linux 7.2:

SRPMS:


i386:


ia64:


Red Hat Linux 7.3:

SRPMS:


i386:




6. Verification:

MD5 sum Package Name 356e4148537e1e522cdcbedfb735ef80 6.2/en/os/SRPMS/rxvt-2.7.8-3.6.2.1.src.rpm 8ce644f8e66b473ef91ea5baa70066ea 6.2/en/os/i386/rxvt-2.7.8-3.6.2.1.i386.rpm 08bc3ef32e1bc77836dc266af8ef2fa1 7.0/en/os/SRPMS/rxvt-2.7.8-3.7.0.1.src.rpm b93bc19a8403c72943b33779b44b28fe 7.0/en/os/i386/rxvt-2.7.8-3.7.0.1.i386.rpm cf99378c595e06eed1ff0c2a493d0472 7.1/en/os/SRPMS/rxvt-2.7.8-3.7.1.1.src.rpm f973a30d1f45f561a1e15d4c58615526 7.1/en/os/i386/rxvt-2.7.8-3.7.1.1.i386.rpm f5b4712eeb3c941b9b5f2cf3ab6d6dc4 7.2/en/os/SRPMS/rxvt-2.7.8-4.src.rpm 94a3cbbf0dbd8739e9b1b2cc716a326e 7.2/en/os/i386/rxvt-2.7.8-4.i386.rpm 781b84624dda1114d74d09814438c54a 7.2/en/os/ia64/rxvt-2.7.8-4.ia64.rpm f5b4712eeb3c941b9b5f2cf3ab6d6dc4 7.3/en/os/SRPMS/rxvt-2.7.8-4.src.rpm 94a3cbbf0dbd8739e9b1b2cc716a326e 7.3/en/os/i386/rxvt-2.7.8-4.i386.rpm


These packages are GPG signed by Red Hat, Inc. for security. Our key is available at About

You can verify each package with the following command:

rpm --checksig -v

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:

md5sum


Summary

References

http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920 CVE -CVE-2003-0022 CVE -CVE-2003-0023 CVE -CVE-2003-0066

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2003:054-00
Issue date: 2003-03-17
Updated on: 2003-03-17
Product: Red Hat Linux
Keywords: trojan escape reporting
Cross references:
Obsoletes:

Topic

Relevant Releases Architectures

Red Hat Linux 6.2 - i386

Red Hat Linux 7.0 - i386

Red Hat Linux 7.1 - i386

Red Hat Linux 7.2 - i386, ia64

Red Hat Linux 7.3 - i386

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.