Red Hat Product Errata RHSA-2009:0018 - Security Advisory

Issued:: 2009-01-07
Updated:: 2009-01-07

RHSA-2009:0018 - Security Advisory

Overview
Updated Packages

Synopsis

Important: xterm security update

Type/Severity

Security Advisory: Important

Topic

An updated xterm package to correct a security issue is now available for
Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The xterm program is a terminal emulator for the X Window System.

A flaw was found in the xterm handling of Device Control Request Status
String (DECRQSS) escape sequences. An attacker could create a malicious
text file (or log entry, if unfiltered) that could run arbitrary commands
if read by a victim inside an xterm window. (CVE-2008-2383)

All xterm users are advised to upgrade to the updated package, which
contains a backported patch to resolve this issue. All running instances of
xterm must be restarted for the update to take effect.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 ia64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 i386
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7 ia64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.2 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.2 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 478888 - CVE-2008-2383 xterm: arbitrary command injection

CVEs

CVE-2008-2383

References

http://www.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
xterm-215-5.el5_2.2.src.rpm	SHA-256: b9694691ba19cf0d5d34418e90f66ceebb8e1a7603aceda2ec76b2c837c50997
x86_64
xterm-215-5.el5_2.2.x86_64.rpm	SHA-256: 2626ad5c88dfae441fc1ad4a959a2762eb3df49e7171ce8c3ca50e7eb6201c2d
ia64
xterm-215-5.el5_2.2.ia64.rpm	SHA-256: 9de7c3d19c7b39af93458d74ccbdbdbd6a0e48a8ad1ca8659b5d37a5d57ab0d3
i386
xterm-215-5.el5_2.2.i386.rpm	SHA-256: d341be92e45a700c808cb82c899cf9eb2cc4898a55b81ea02c1acb1c2d26b62b

Red Hat Enterprise Linux Server 4

SRPM
xterm-192-8.el4_7.2.src.rpm	SHA-256: 0e39144623083fcc803aa1984892a3c5278321a23f8b894d71d9ebf2a7d22315
x86_64
xterm-192-8.el4_7.2.x86_64.rpm	SHA-256: 2428d3d6cfadb3f0f1d8e3b000909d8b77ec4779b1311c4e89a4849fb833412a
xterm-192-8.el4_7.2.x86_64.rpm	SHA-256: 2428d3d6cfadb3f0f1d8e3b000909d8b77ec4779b1311c4e89a4849fb833412a
ia64
xterm-192-8.el4_7.2.ia64.rpm	SHA-256: 0bbe6ee0e9864ca36c1748fc2fac8b8e6387ec471ba73a77a7391e3c51fc8aac
xterm-192-8.el4_7.2.ia64.rpm	SHA-256: 0bbe6ee0e9864ca36c1748fc2fac8b8e6387ec471ba73a77a7391e3c51fc8aac
i386
xterm-192-8.el4_7.2.i386.rpm	SHA-256: 15a5deb18abc10cd254940253903973dc9a1548bbfc22e9eec23106bea473b74
xterm-192-8.el4_7.2.i386.rpm	SHA-256: 15a5deb18abc10cd254940253903973dc9a1548bbfc22e9eec23106bea473b74

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7

SRPM
xterm-192-8.el4_7.2.src.rpm	SHA-256: 0e39144623083fcc803aa1984892a3c5278321a23f8b894d71d9ebf2a7d22315
x86_64
xterm-192-8.el4_7.2.x86_64.rpm	SHA-256: 2428d3d6cfadb3f0f1d8e3b000909d8b77ec4779b1311c4e89a4849fb833412a
xterm-192-8.el4_7.2.x86_64.rpm	SHA-256: 2428d3d6cfadb3f0f1d8e3b000909d8b77ec4779b1311c4e89a4849fb833412a
ia64
xterm-192-8.el4_7.2.ia64.rpm	SHA-256: 0bbe6ee0e9864ca36c1748fc2fac8b8e6387ec471ba73a77a7391e3c51fc8aac
xterm-192-8.el4_7.2.ia64.rpm	SHA-256: 0bbe6ee0e9864ca36c1748fc2fac8b8e6387ec471ba73a77a7391e3c51fc8aac
i386
xterm-192-8.el4_7.2.i386.rpm	SHA-256: 15a5deb18abc10cd254940253903973dc9a1548bbfc22e9eec23106bea473b74
xterm-192-8.el4_7.2.i386.rpm	SHA-256: 15a5deb18abc10cd254940253903973dc9a1548bbfc22e9eec23106bea473b74

Red Hat Enterprise Linux Workstation 5

SRPM
xterm-215-5.el5_2.2.src.rpm	SHA-256: b9694691ba19cf0d5d34418e90f66ceebb8e1a7603aceda2ec76b2c837c50997
x86_64
xterm-215-5.el5_2.2.x86_64.rpm	SHA-256: 2626ad5c88dfae441fc1ad4a959a2762eb3df49e7171ce8c3ca50e7eb6201c2d
i386
xterm-215-5.el5_2.2.i386.rpm	SHA-256: d341be92e45a700c808cb82c899cf9eb2cc4898a55b81ea02c1acb1c2d26b62b

Red Hat Enterprise Linux Workstation 4

SRPM
xterm-192-8.el4_7.2.src.rpm	SHA-256: 0e39144623083fcc803aa1984892a3c5278321a23f8b894d71d9ebf2a7d22315
x86_64
xterm-192-8.el4_7.2.x86_64.rpm	SHA-256: 2428d3d6cfadb3f0f1d8e3b000909d8b77ec4779b1311c4e89a4849fb833412a
ia64
xterm-192-8.el4_7.2.ia64.rpm	SHA-256: 0bbe6ee0e9864ca36c1748fc2fac8b8e6387ec471ba73a77a7391e3c51fc8aac
i386
xterm-192-8.el4_7.2.i386.rpm	SHA-256: 15a5deb18abc10cd254940253903973dc9a1548bbfc22e9eec23106bea473b74

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Desktop 5

SRPM
xterm-215-5.el5_2.2.src.rpm	SHA-256: b9694691ba19cf0d5d34418e90f66ceebb8e1a7603aceda2ec76b2c837c50997
x86_64
xterm-215-5.el5_2.2.x86_64.rpm	SHA-256: 2626ad5c88dfae441fc1ad4a959a2762eb3df49e7171ce8c3ca50e7eb6201c2d
i386
xterm-215-5.el5_2.2.i386.rpm	SHA-256: d341be92e45a700c808cb82c899cf9eb2cc4898a55b81ea02c1acb1c2d26b62b

Red Hat Enterprise Linux Desktop 4

SRPM
xterm-192-8.el4_7.2.src.rpm	SHA-256: 0e39144623083fcc803aa1984892a3c5278321a23f8b894d71d9ebf2a7d22315
x86_64
xterm-192-8.el4_7.2.x86_64.rpm	SHA-256: 2428d3d6cfadb3f0f1d8e3b000909d8b77ec4779b1311c4e89a4849fb833412a
i386
xterm-192-8.el4_7.2.i386.rpm	SHA-256: 15a5deb18abc10cd254940253903973dc9a1548bbfc22e9eec23106bea473b74

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
xterm-215-5.el5_2.2.src.rpm	SHA-256: b9694691ba19cf0d5d34418e90f66ceebb8e1a7603aceda2ec76b2c837c50997
s390x
xterm-215-5.el5_2.2.s390x.rpm	SHA-256: de3b06770dfed1bfdd41a00cf01effda1b43d856c1f5b62171c6fe6c78e4378d

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
xterm-192-8.el4_7.2.src.rpm	SHA-256: 0e39144623083fcc803aa1984892a3c5278321a23f8b894d71d9ebf2a7d22315
s390x
xterm-192-8.el4_7.2.s390x.rpm	SHA-256: eb0e0eb1bc394b518360c5d925c0dc9edf85a73a60908c38ffa0f6ffcd74d21b
s390
xterm-192-8.el4_7.2.s390.rpm	SHA-256: b6c36027d4eb5d4a1378aa48db487235e1ef308b1376b08e6e398acdedee8e5e

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.2

SRPM
s390x

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7

SRPM
xterm-192-8.el4_7.2.src.rpm	SHA-256: 0e39144623083fcc803aa1984892a3c5278321a23f8b894d71d9ebf2a7d22315
s390x
xterm-192-8.el4_7.2.s390x.rpm	SHA-256: eb0e0eb1bc394b518360c5d925c0dc9edf85a73a60908c38ffa0f6ffcd74d21b
s390
xterm-192-8.el4_7.2.s390.rpm	SHA-256: b6c36027d4eb5d4a1378aa48db487235e1ef308b1376b08e6e398acdedee8e5e

Red Hat Enterprise Linux for Power, big endian 5

SRPM
xterm-215-5.el5_2.2.src.rpm	SHA-256: b9694691ba19cf0d5d34418e90f66ceebb8e1a7603aceda2ec76b2c837c50997
ppc
xterm-215-5.el5_2.2.ppc.rpm	SHA-256: bba5a1086935df7fb2f437354471baeb5af4806f78e483feb6ef837cf706602a

Red Hat Enterprise Linux for Power, big endian 4

SRPM
xterm-192-8.el4_7.2.src.rpm	SHA-256: 0e39144623083fcc803aa1984892a3c5278321a23f8b894d71d9ebf2a7d22315
ppc
xterm-192-8.el4_7.2.ppc.rpm	SHA-256: 996b72904f9928b03da6d6b02d797d3f5920d12faee201b662d23a9882170122

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.2

SRPM
ppc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7

SRPM
xterm-192-8.el4_7.2.src.rpm	SHA-256: 0e39144623083fcc803aa1984892a3c5278321a23f8b894d71d9ebf2a7d22315
ppc
xterm-192-8.el4_7.2.ppc.rpm	SHA-256: 996b72904f9928b03da6d6b02d797d3f5920d12faee201b662d23a9882170122

Red Hat Enterprise Linux Server from RHUI 5

SRPM
xterm-215-5.el5_2.2.src.rpm	SHA-256: b9694691ba19cf0d5d34418e90f66ceebb8e1a7603aceda2ec76b2c837c50997
x86_64
xterm-215-5.el5_2.2.x86_64.rpm	SHA-256: 2626ad5c88dfae441fc1ad4a959a2762eb3df49e7171ce8c3ca50e7eb6201c2d
i386
xterm-215-5.el5_2.2.i386.rpm	SHA-256: d341be92e45a700c808cb82c899cf9eb2cc4898a55b81ea02c1acb1c2d26b62b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.