Paul Szabo discovered that xterm, a terminal emulator for the X Window System, places arbitrary characters into the input buffer when displaying certain crafted escape sequences (CVE-2008-2383).
Debian Security Advisory DSA-1694-1 firstname.lastname@example.org
http://www.debian.org/security/ Florian Weimer
January 02, 2009 http://www.debian.org/security/faq
Package : xterm
Vulnerability : design flaw
Problem type : local (remote)
CVE Id(s) : CVE-2008-2383
Debian Bug : 510030
As an additional precaution, this security update also disables font changing, user-defined keys, and X property changes through escape sequences. For the stable distribution (etch), this problem has been fixed in version 222-1etch3. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your xterm package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration.