New xterm packages fix remote code execution

Paul Szabo discovered that xterm, a terminal emulator for the X Window System, places arbitrary characters into the input buffer when displaying certain crafted escape sequences (CVE-2008-2383).

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1694-1 Florian Weimer
January 02, 2009
- ------------------------------------------------------------------------

Package : xterm
Vulnerability : design flaw
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-2383
Debian Bug : 510030

As an additional precaution, this security update also disables font
changing, user-defined keys, and X property changes through escape

For the stable distribution (etch), this problem has been fixed in
version 222-1etch3.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your xterm package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.
Posted on: 22/11/2009

If you want to leave a comment please Login or Register