Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-703-1: xterm vulnerabilities

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-703-1: xterm vulnerabilities
# 1  
Old 01-05-2009
USN-703-1: xterm vulnerabilities
Referenced CVEs:
CVE-2006-7236, CVE-2008-2383


Description:
===========================================================Ubuntu Security Notice USN-703-1 January 06, 2009xterm vulnerabilitiesCVE-2006-7236, CVE-2008-2383===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: xterm 208-3.1ubuntu3.1Ubuntu 7.10: xterm 229-1ubuntu0.1Ubuntu 8.04 LTS: xterm 229-1ubuntu1.1Ubuntu 8.10: xterm 235-1ubuntu1.1After a standard system upgrade you need to restart any running xterms toeffect the necessary changes.Details follow:Paul Szabo discovered that the DECRQSS escape sequences were not handledcorrectly by xterm. Additionally, window title operations were also notsafely handled. If a user were tricked into viewing a specially craftedseries of characters while in xterm, a remote attacker could executearbitrary commands with user privileges. (CVE-2006-7236, CVE-2008-2382)





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT PHP

uxterm

uxterm(1)						      General Commands Manual							 uxterm(1)

NAME

       uxterm - X terminal emulator for Unicode (UTF-8) environments

SYNOPSIS

       uxterm [ xterm-options ]

DESCRIPTION

       uxterm  is  a wrapper around the xterm(1) program that invokes the latter program with the 'UXTerm' X resource class set.  All arguments to
       uxterm are passed to xterm without processing; the -class and -u8 options should not be specified because they are  used  by  the  wrapper.
       See the xterm manual page for more information on xterm-options.

       The  environment's  locale  settings (see "ENVIRONMENT" below) are used to discern the locale's character set.  If no current locale can be
       determined, the locale 'en_US' (the English language as used in the territory of the United States) is assumed.	The locale(1)  utility	is
       used to determine whether the system supports the selected locale.  If it does not, uxterm will exit with an error and report the output of
       locale.

       Note: uxterm may produce unexpected results if the current locale is set to one in which the UTF-8 character encoding is not supported,	or
       if  fonts  using  the ISO 10646-1 character set are not available.  In the Debian system, the 'xfonts-base' package provides the fonts that
       uxterm uses by default.	To change the fonts uxterm uses, edit the /etc/X11/app-defaults/UXTerm file.

       A similar wrapper, koi8rxterm(1), is available for KOI8-R environments.

ENVIRONMENT

       LC_ALL, LC_CTYPE, LANG
	      The values of these variables are checked, in order, to determine the character set used by the current locale.

AUTHOR

       Thomas Dickey

SEE ALSO

       locale(1), locale(7), koi8rxterm(1), xterm(1)

Debian Project							    2004-12-19								 uxterm(1)