Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Security Announce] [ MDVSA-2009:005 ] xterm

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1231730712-14940-7308

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2009:005

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : xterm

Date : January 11, 2009

Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0

_______________________________________________________________________

 

Problem Description:

 

A vulnerability has been discovered in xterm, which can be exploited

by malicious people to compromise a user's system. The vulnerability

is caused due to xterm not properly processing the DECRQSS Device

Control Request Status String escape sequence. This can be exploited

to inject and execute arbitrary shell commands by e.g. tricking a

user into displaying a malicious text file containing a specially

crafted escape sequence via the more command in xterm (CVE-2008-2383).

 

The updated packages have been patched to prevent this.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2383

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2008.0:

0afcdb50028ef42a65de6d144aa132e0 2008.0/i586/xterm-229-2.1mdv2008.0.i586.rpm

4ab46d69ae67182b660d9d876b2d7d4a 2008.0/SRPMS/xterm-229-2.1mdv2008.0.src.rpm

 

Mandriva Linux 2008.0/X86_64:

0edc195a66de717de16ce187bdb52605 2008.0/x86_64/xterm-229-2.1mdv2008.0.x86_64.rpm

4ab46d69ae67182b660d9d876b2d7d4a 2008.0/SRPMS/xterm-229-2.1mdv2008.0.src.rpm

 

Mandriva Linux 2008.1:

42985a0486e1bea3196576216dc29fff 2008.1/i586/xterm-232-1.1mdv2008.1.i586.rpm

7ae405602b65a1fc1e53ce7b9619ea4c 2008.1/SRPMS/xterm-232-1.1mdv2008.1.src.rpm

 

Mandriva Linux 2008.1/X86_64:

8b3dc6fb6c25034b47094c2895244f52 2008.1/x86_64/xterm-232-1.1mdv2008.1.x86_64.rpm

7ae405602b65a1fc1e53ce7b9619ea4c 2008.1/SRPMS/xterm-232-1.1mdv2008.1.src.rpm

 

Mandriva Linux 2009.0:

eb3c38a51326b1eafb5d0ad6f4e73ddb 2009.0/i586/xterm-236-1.1mdv2009.0.i586.rpm

0852446a157588e61c85ce589d140b7f 2009.0/SRPMS/xterm-236-1.1mdv2009.0.src.rpm

 

Mandriva Linux 2009.0/X86_64:

33aa6e252961cfa84aa243f4654bd0b7 2009.0/x86_64/xterm-236-1.1mdv2009.0.x86_64.rpm

0852446a157588e61c85ce589d140b7f 2009.0/SRPMS/xterm-236-1.1mdv2009.0.src.rpm

 

Corporate 3.0:

60f0250c17212cf80c5e81e0ba4f5b82 corporate/3.0/i586/xterm-184-1.1.C30mdk.i586.rpm

8674b5ce234d367814905944cbbb48a6 corporate/3.0/SRPMS/xterm-184-1.1.C30mdk.src.rpm

 

Corporate 3.0/X86_64:

05b5a40265d8a5a9f6da03af5920252a corporate/3.0/x86_64/xterm-184-1.1.C30mdk.x86_64.rpm

8674b5ce234d367814905944cbbb48a6 corporate/3.0/SRPMS/xterm-184-1.1.C30mdk.src.rpm

 

Corporate 4.0:

3f8bb08944785f50ab189fdc9af829e1 corporate/4.0/i586/xterm-203-1.1.20060mlcs4.i586.rpm

dff8e15cc4fd01732ca2097b2bc4731d corporate/4.0/SRPMS/xterm-203-1.1.20060mlcs4.src.rpm

 

Corporate 4.0/X86_64:

7da181fbf15239e44b4f887e1bbbcc03 corporate/4.0/x86_64/xterm-203-1.1.20060mlcs4.x86_64.rpm

dff8e15cc4fd01732ca2097b2bc4731d corporate/4.0/SRPMS/xterm-203-1.1.20060mlcs4.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFJaolWmqjQ0CJFipgRAukIAKDpdq6oMsL8hv/l7f3E0LMz1KdGMACePjzG

mu4NY4xULs9opis9QPwh9lM=

=Mg0S

-----END PGP SIGNATURE-----

 

 

------------=_1231730712-14940-7308

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1231730712-14940-7308--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×