Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
98
security advisoryDoS issueDoSRed Hat Enterprise Linux 8 RHSA-2021-0612-01: Severe Gnome Shell Issue
An update for xterm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: xterm security update Advisory ID: RHSA-2021:0611-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0611 Issue date: 2021-02-18 CVE Names: CVE-2021-27135 ==================================================================== 1. Summary: An update for xterm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that can't use the window system directly. Security Fix(es): * xterm: crash when processing combining characters (CVE-2021-27135) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1927559 - CVE-2021-27135 xterm: crash when processing combining characters 6. Package List: RedHat Enterprise Linux AppStream (v. 8): Source: xterm-331-1.el8_3.2.src.rpm aarch64: xterm-331-1.el8_3.2.aarch64.rpm xterm-debuginfo-331-1.el8_3.2.aarch64.rpm xterm-debugsource-331-1.el8_3.2.aarch64.rpm xterm-resize-331-1.el8_3.2.aarch64.rpm xterm-resize-debuginfo-331-1.el8_3.2.aarch64.rpm ppc64le: xterm-331-1.el8_3.2.ppc64le.rpm xterm-debuginfo-331-1.el8_3.2.ppc64le.rpm xterm-debugsource-331-1.el8_3.2.ppc64le.rpm xterm-resize-331-1.el8_3.2.ppc64le.rpm xterm-resize-debuginfo-331-1.el8_3.2.ppc64le.rpm s390x: xterm-331-1.el8_3.2.s390x.rpm xterm-debuginfo-331-1.el8_3.2.s390x.rpm xterm-debugsource-331-1.el8_3.2.s390x.rpm xterm-resize-331-1.el8_3.2.s390x.rpm xterm-resize-debuginfo-331-1.el8_3.2.s390x.rpm x86_64: xterm-331-1.el8_3.2.x86_64.rpm xterm-debuginfo-331-1.el8_3.2.x86_64.rpm xterm-debugsource-331-1.el8_3.2.x86_64.rpm xterm-resize-331-1.el8_3.2.x86_64.rpm xterm-resize-debuginfo-331-1.el8_3.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2021-27135 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYC5/1tzjgjWX9erEAQjhVg//S98jGd7ue+rb/OEQzfoKv4NZbqV4uXaz 9UOi+sTg86Qy4aTSygwh6MpdW35B1ZGos6fIgzoO5FSehLo86X42aM5n4pUsAZaD PIZHDG947BZaILrmqqswufieSeyHODmSWuiu3FhpKok22RZM9DWcOUl/YdL2SRS5 UEfevyRozn8wE493tPwCmrFZHbegENGQj2MiYZ/tyFcZJBfDmHaP+/rgtEgWMs1B BNPK1NsprkHMKHgiqtsiObxgdOf6zTl6kQl4V7vcraX5WspvaxWKbV97ftO0YfNt uw93NsrNSH0RnEmD/9qA8EEwkjKd6hzP0wFCnfMAdAHiOJohzWf9a4jecHpal4Lm 2+kEi4exiXC3cEHnyeSkw78FTPve66uc+pH/NrFPeTQXM56DPPnzt/AskU1d1qXn KlL8htirrbNjXO3Y9ctPlJ0zQBrNsXNZ1g3cUPSVuXWzGYbKXrOKt8TN1ljkhVEg uegmm8q0WiVDiqoChZpPyVy2ApuSX+aQDgrADaKvbKbkzjNYebp7DY6Zm5Ocf2aT GPChMcgn5rdlcITeKMpjjlhpt0hGn3B9m6R9hI+NSAAk1mnKVHu8xHsFviEUwoSv zA8OSlAo9kQDt93a0IzP1bYqpAaKATXfuWmyWJtz3zvFK9yXPyKPzZfS77ddm/7j 4RhxIV3+W34=9TAz -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 18, 2021
•Important
Red Hat
89
security advisoryFedoracommand executionFedora 9 Security Advisory: xterm 238-1 Moderate CRLF Injection Execution
This update fixes the following security issue: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-0059 2009-01-07 06:44:26 --------------------------------------------------------------------------------Name : xterm Product : Fedora 9 Version : 238 Release : 1.fc9 URL : Summary : Terminal emulator for the X Window System Description : The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that can't use the window system directly. --------------------------------------------------------------------------------Update Information: This update fixes the following security issue: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071. --------------------------------------------------------------------------------ChangeLog: * Tue Jan 6 2009 Miroslav Lichvar 238-1 - update to 238 (#479000, CVE-2008-2383) - set default values of allowWindowOps and allowFontOps resources to false * Wed Jul 30 2008 Miroslav Lichvar 236-1 - update to 236 - enable support for spawn-new-terminal action (#457130) * Tue Apr 22 2008 Miroslav Lichvar 235-1 - update to 235 --------------------------------------------------------------------------------References: [ 1 ] Bug #479000 - xterm executes arbitrary commands https://bugzilla.redhat.com/show_bug.cgi?id=479000 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update xterm' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list
Jan 07, 2009
Fedora
200
security advisorysecurity issuebug fixSciLinux: CVE-2007-2797 Low Severity xterm Security Update
Low: xterm security update. Date: Thu, 15 Nov 2007 14:11:13 -0600 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA for xterm on SL4.x i386/x86_64 Comments: To:
Nov 15, 2007
•Low
Scientific Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!