Red Hat Product Errata RHSA-2009:0018 - Security Advisory
Issued:
2009-01-07
Updated:
2009-01-07

RHSA-2009:0018 - Security Advisory

Synopsis

Important: xterm security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated xterm package to correct a security issue is now available for
Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The xterm program is a terminal emulator for the X Window System.

A flaw was found in the xterm handling of Device Control Request Status
String (DECRQSS) escape sequences. An attacker could create a malicious
text file (or log entry, if unfiltered) that could run arbitrary commands
if read by a victim inside an xterm window. (CVE-2008-2383)

All xterm users are advised to upgrade to the updated package, which
contains a backported patch to resolve this issue. All running instances of
xterm must be restarted for the update to take effect.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server 3 x86_64
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Workstation 3 x86_64
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux Desktop 3 x86_64
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems 3 s390x
  • Red Hat Enterprise Linux for IBM z Systems 3 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.2 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian 3 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.2 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 478888 - CVE-2008-2383 xterm: arbitrary command injection

Red Hat Enterprise Linux Server 5

SRPM
xterm-215-5.el5_2.2.src.rpm SHA-256: b9694691ba19cf0d5d34418e90f66ceebb8e1a7603aceda2ec76b2c837c50997
x86_64
xterm-215-5.el5_2.2.x86_64.rpm SHA-256: 2626ad5c88dfae441fc1ad4a959a2762eb3df49e7171ce8c3ca50e7eb6201c2d
ia64
xterm-215-5.el5_2.2.ia64.rpm SHA-256: 9de7c3d19c7b39af93458d74ccbdbdbd6a0e48a8ad1ca8659b5d37a5d57ab0d3
i386
xterm-215-5.el5_2.2.i386.rpm SHA-256: d341be92e45a700c808cb82c899cf9eb2cc4898a55b81ea02c1acb1c2d26b62b

Red Hat Enterprise Linux Server 4

SRPM
xterm-192-8.el4_7.2.src.rpm SHA-256: 0e39144623083fcc803aa1984892a3c5278321a23f8b894d71d9ebf2a7d22315
x86_64
xterm-192-8.el4_7.2.x86_64.rpm SHA-256: 2428d3d6cfadb3f0f1d8e3b000909d8b77ec4779b1311c4e89a4849fb833412a
xterm-192-8.el4_7.2.x86_64.rpm SHA-256: 2428d3d6cfadb3f0f1d8e3b000909d8b77ec4779b1311c4e89a4849fb833412a
ia64
xterm-192-8.el4_7.2.ia64.rpm SHA-256: 0bbe6ee0e9864ca36c1748fc2fac8b8e6387ec471ba73a77a7391e3c51fc8aac
xterm-192-8.el4_7.2.ia64.rpm SHA-256: 0bbe6ee0e9864ca36c1748fc2fac8b8e6387ec471ba73a77a7391e3c51fc8aac
i386
xterm-192-8.el4_7.2.i386.rpm SHA-256: 15a5deb18abc10cd254940253903973dc9a1548bbfc22e9eec23106bea473b74
xterm-192-8.el4_7.2.i386.rpm SHA-256: 15a5deb18abc10cd254940253903973dc9a1548bbfc22e9eec23106bea473b74

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7

SRPM
xterm-192-8.el4_7.2.src.rpm SHA-256: 0e39144623083fcc803aa1984892a3c5278321a23f8b894d71d9ebf2a7d22315
x86_64
xterm-192-8.el4_7.2.x86_64.rpm SHA-256: 2428d3d6cfadb3f0f1d8e3b000909d8b77ec4779b1311c4e89a4849fb833412a
xterm-192-8.el4_7.2.x86_64.rpm SHA-256: 2428d3d6cfadb3f0f1d8e3b000909d8b77ec4779b1311c4e89a4849fb833412a
ia64
xterm-192-8.el4_7.2.ia64.rpm SHA-256: 0bbe6ee0e9864ca36c1748fc2fac8b8e6387ec471ba73a77a7391e3c51fc8aac
xterm-192-8.el4_7.2.ia64.rpm SHA-256: 0bbe6ee0e9864ca36c1748fc2fac8b8e6387ec471ba73a77a7391e3c51fc8aac
i386
xterm-192-8.el4_7.2.i386.rpm SHA-256: 15a5deb18abc10cd254940253903973dc9a1548bbfc22e9eec23106bea473b74
xterm-192-8.el4_7.2.i386.rpm SHA-256: 15a5deb18abc10cd254940253903973dc9a1548bbfc22e9eec23106bea473b74

Red Hat Enterprise Linux Workstation 5

SRPM
xterm-215-5.el5_2.2.src.rpm SHA-256: b9694691ba19cf0d5d34418e90f66ceebb8e1a7603aceda2ec76b2c837c50997
x86_64
xterm-215-5.el5_2.2.x86_64.rpm SHA-256: 2626ad5c88dfae441fc1ad4a959a2762eb3df49e7171ce8c3ca50e7eb6201c2d
i386
xterm-215-5.el5_2.2.i386.rpm SHA-256: d341be92e45a700c808cb82c899cf9eb2cc4898a55b81ea02c1acb1c2d26b62b

Red Hat Enterprise Linux Workstation 4

SRPM
xterm-192-8.el4_7.2.src.rpm SHA-256: 0e39144623083fcc803aa1984892a3c5278321a23f8b894d71d9ebf2a7d22315
x86_64
xterm-192-8.el4_7.2.x86_64.rpm SHA-256: 2428d3d6cfadb3f0f1d8e3b000909d8b77ec4779b1311c4e89a4849fb833412a
ia64
xterm-192-8.el4_7.2.ia64.rpm SHA-256: 0bbe6ee0e9864ca36c1748fc2fac8b8e6387ec471ba73a77a7391e3c51fc8aac
i386
xterm-192-8.el4_7.2.i386.rpm SHA-256: 15a5deb18abc10cd254940253903973dc9a1548bbfc22e9eec23106bea473b74

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Desktop 5

SRPM
xterm-215-5.el5_2.2.src.rpm SHA-256: b9694691ba19cf0d5d34418e90f66ceebb8e1a7603aceda2ec76b2c837c50997
x86_64
xterm-215-5.el5_2.2.x86_64.rpm SHA-256: 2626ad5c88dfae441fc1ad4a959a2762eb3df49e7171ce8c3ca50e7eb6201c2d
i386
xterm-215-5.el5_2.2.i386.rpm SHA-256: d341be92e45a700c808cb82c899cf9eb2cc4898a55b81ea02c1acb1c2d26b62b

Red Hat Enterprise Linux Desktop 4

SRPM
xterm-192-8.el4_7.2.src.rpm SHA-256: 0e39144623083fcc803aa1984892a3c5278321a23f8b894d71d9ebf2a7d22315
x86_64
xterm-192-8.el4_7.2.x86_64.rpm SHA-256: 2428d3d6cfadb3f0f1d8e3b000909d8b77ec4779b1311c4e89a4849fb833412a
i386
xterm-192-8.el4_7.2.i386.rpm SHA-256: 15a5deb18abc10cd254940253903973dc9a1548bbfc22e9eec23106bea473b74

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
xterm-215-5.el5_2.2.src.rpm SHA-256: b9694691ba19cf0d5d34418e90f66ceebb8e1a7603aceda2ec76b2c837c50997
s390x
xterm-215-5.el5_2.2.s390x.rpm SHA-256: de3b06770dfed1bfdd41a00cf01effda1b43d856c1f5b62171c6fe6c78e4378d

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
xterm-192-8.el4_7.2.src.rpm SHA-256: 0e39144623083fcc803aa1984892a3c5278321a23f8b894d71d9ebf2a7d22315
s390x
xterm-192-8.el4_7.2.s390x.rpm SHA-256: eb0e0eb1bc394b518360c5d925c0dc9edf85a73a60908c38ffa0f6ffcd74d21b
s390
xterm-192-8.el4_7.2.s390.rpm SHA-256: b6c36027d4eb5d4a1378aa48db487235e1ef308b1376b08e6e398acdedee8e5e

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.2

SRPM
s390x

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7

SRPM
xterm-192-8.el4_7.2.src.rpm SHA-256: 0e39144623083fcc803aa1984892a3c5278321a23f8b894d71d9ebf2a7d22315
s390x
xterm-192-8.el4_7.2.s390x.rpm SHA-256: eb0e0eb1bc394b518360c5d925c0dc9edf85a73a60908c38ffa0f6ffcd74d21b
s390
xterm-192-8.el4_7.2.s390.rpm SHA-256: b6c36027d4eb5d4a1378aa48db487235e1ef308b1376b08e6e398acdedee8e5e

Red Hat Enterprise Linux for Power, big endian 5

SRPM
xterm-215-5.el5_2.2.src.rpm SHA-256: b9694691ba19cf0d5d34418e90f66ceebb8e1a7603aceda2ec76b2c837c50997
ppc
xterm-215-5.el5_2.2.ppc.rpm SHA-256: bba5a1086935df7fb2f437354471baeb5af4806f78e483feb6ef837cf706602a

Red Hat Enterprise Linux for Power, big endian 4

SRPM
xterm-192-8.el4_7.2.src.rpm SHA-256: 0e39144623083fcc803aa1984892a3c5278321a23f8b894d71d9ebf2a7d22315
ppc
xterm-192-8.el4_7.2.ppc.rpm SHA-256: 996b72904f9928b03da6d6b02d797d3f5920d12faee201b662d23a9882170122

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.2

SRPM
ppc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7

SRPM
xterm-192-8.el4_7.2.src.rpm SHA-256: 0e39144623083fcc803aa1984892a3c5278321a23f8b894d71d9ebf2a7d22315
ppc
xterm-192-8.el4_7.2.ppc.rpm SHA-256: 996b72904f9928b03da6d6b02d797d3f5920d12faee201b662d23a9882170122

Red Hat Enterprise Linux Server from RHUI 5

SRPM
xterm-215-5.el5_2.2.src.rpm SHA-256: b9694691ba19cf0d5d34418e90f66ceebb8e1a7603aceda2ec76b2c837c50997
x86_64
xterm-215-5.el5_2.2.x86_64.rpm SHA-256: 2626ad5c88dfae441fc1ad4a959a2762eb3df49e7171ce8c3ca50e7eb6201c2d
i386
xterm-215-5.el5_2.2.i386.rpm SHA-256: d341be92e45a700c808cb82c899cf9eb2cc4898a55b81ea02c1acb1c2d26b62b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.