Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-703-1: xterm vulnerabilities

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-703-1: xterm vulnerabilities
# 1  
Old 01-05-2009
USN-703-1: xterm vulnerabilities
Referenced CVEs:
CVE-2006-7236, CVE-2008-2383


Description:
===========================================================Ubuntu Security Notice USN-703-1 January 06, 2009xterm vulnerabilitiesCVE-2006-7236, CVE-2008-2383===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: xterm 208-3.1ubuntu3.1Ubuntu 7.10: xterm 229-1ubuntu0.1Ubuntu 8.04 LTS: xterm 229-1ubuntu1.1Ubuntu 8.10: xterm 235-1ubuntu1.1After a standard system upgrade you need to restart any running xterms toeffect the necessary changes.Details follow:Paul Szabo discovered that the DECRQSS escape sequences were not handledcorrectly by xterm. Additionally, window title operations were also notsafely handled. If a user were tricked into viewing a specially craftedseries of characters while in xterm, a remote attacker could executearbitrary commands with user privileges. (CVE-2006-7236, CVE-2008-2382)





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

lxterm

lxterm(1)						      General Commands Manual							 lxterm(1)

NAME

       lxterm - locale-sensitive wrapper for xterm

SYNOPSIS

       lxterm [ xterm-options ]

DESCRIPTION

       lxterm  is a wrapper around the xterm(1) program that invokes xterm, koi8rxterm(1), or uxterm(1) as appropriate, based on the user's locale
       setting.  All arguments to lxterm are passed to xterm without processing; the -class, -k8, and -u8 options should not be specified  because
       they are used by koi8rxterm and uxterm.	See the xterm manual page for more information on xterm-options.

       The locale(1) utility is used to determine the character set used by the current locale.  If the character set is UTF-8, uxterm is invoked;
       if the character set is KOI8-R, koi8rxtem is invoked; otherwise, 'plain' xterm is invoked.

AUTHOR

       Branden Robinson

SEE ALSO

       locale(1), koi8rxterm(1), uxterm(1), xterm(1)

Debian Project							    2004-12-19								 lxterm(1)