[bluewhite64-security] xterm (BW64SA:20090311-03)
Hash: SHA1
[bluewhite64-security] xterm (BW64SA:20090311-03)
New xterm packages are available for Bluewhite64 12.0, 12.1, 12.2
to fix a security issue.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2383
Here are the details from the Bluewhite64 12.2 ChangeLog:
+--------------------------+
PATCHES/packages/xterm-241-x86_64-1.tgz: Upgraded to xterm-241.
This fixes a vulnerability where displaying a file containing
DECRQSS (Device Control Request Status String) sequences could
cause arbitrary commands to be executed as the user running xterm.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2383
[*** Security fix ***]
+--------------------------+
Where to find the new packages:
+-----------------------------+
See the "Get Bluewhite64" section on http://www.bluewhite64.com for additional
mirror sites near you.
Updated package for Bluewhite64 12.0:
http://data.bluewhite64.com/bluewhite64-12.0/patches/packages/xterm-241-x86_64-1.tgz
Updated package for Bluewhite64 12.1:
http://data.bluewhite64.com/bluewhite64-12.1/patches/packages/xterm-241-x86_64-1.tgz
Updated package for Bluewhite64 12.2:
http://data.bluewhite64.com/bluewhite64-12.2/patches/packages/xterm-241-x86_64-1.tgz
MD5 signatures:
+-------------+
Bluewhite64 12.0 package:
8847d8665b38bfa46297f43fb623c931 xterm-241-x86_64-1.tgz
Bluewhite64 12.1 package:
81ae1f2c7c883b8a67f2ebeffc39cffa xterm-241-x86_64-1.tgz
Bluewhite64 12.2 package:
391f20d265df652d03814e31785763a7 xterm-241-x86_64-1.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg xterm-241-x86_64-1.tgz
+-----+
Bluewhite64 Linux Security Team
http://bluewhite64.com/gpg-key
security©bluewhite64.com
+-------------------------------------------------------+
| To leave the bluewhite64-security mailing list:
+-------------------------------------------------------+
| Send a blank email to
|
| bluewhite64-security-unsubscribe©bluewhite64.com
|
| You will get a confirmation message back containing
| instructions to complete the process.
|
| Please do not reply to this email address.
+-------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkm3b6MACgkQpTOsxuDdlY7TPQCbBq2+MD/Nn9I3KIE346vBMOTi
e5AAoIG6SCgeI+2xfacfdY1vo2RDsH+W
=GYDc
-----END PGP SIGNATURE-----