blob: a3c4e01b01157a57849c17bbfbec70834a6e217a [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200902-04">
<title>xterm: User-assisted arbitrary commands execution</title>
An error in the processing of special sequences in xterm may lead to
arbitrary commands execution.
<product type="ebuild">xterm</product>
<announced>February 12, 2009</announced>
<revised>February 12, 2009: 01</revised>
<package name="x11-terms/xterm" auto="yes" arch="*">
<unaffected range="ge">239</unaffected>
<vulnerable range="lt">239</vulnerable>
xterm is a terminal emulator for the X Window system.
Paul Szabo reported an insufficient input sanitization when processing
Device Control Request Status String (DECRQSS) sequences.
<impact type="normal">
A remote attacker could entice a user to display a file containing
specially crafted DECRQSS sequences, possibly resulting in the remote
execution of arbitrary commands with the privileges of the user viewing
the file.
There is no known workaround at this time.
All xterm users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=x11-terms/xterm-239&quot;</code>
<uri link="">CVE-2008-2383</uri>
<metadata tag="requester" timestamp="Wed, 28 Jan 2009 00:33:40 +0000">
<metadata tag="submitter" timestamp="Tue, 10 Feb 2009 10:22:45 +0000">
<metadata tag="bugReady" timestamp="Tue, 10 Feb 2009 10:22:57 +0000">