Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
USN-703-1: xterm vulnerability
Posted by Bob on: 01/06/2009 02:30 AM [ Print | 0 comment(s) ]
A new xterm vulnerability update is available for Ubuntu Linux. Here the announcement:
Ubuntu Security Notice USN-703-1 January 06, 2009
xterm vulnerability
CVE-2006-7236, CVE-2008-2383
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
xterm 208-3.1ubuntu3.1
Ubuntu 7.10:
xterm 229-1ubuntu0.1
Ubuntu 8.04 LTS:
xterm 229-1ubuntu1.1
Ubuntu 8.10:
xterm 235-1ubuntu1.1
After a standard system upgrade you need to restart any running xterms to
effect the necessary changes.
Details follow:
Paul Szabo discovered that the DECRQSS escape sequences were not handled
correctly by xterm. Additionally, window title operations were also not
safely handled. If a user were tricked into viewing a specially crafted
series of characters while in xterm, a remote attacker could execute
arbitrary commands with user privileges. (CVE-2006-7236, CVE-2008-2382)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1.diff.gz
Size/MD5: 62958 2178b13411ef6c0c84c455e7848c3b5a
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1.dsc
Size/MD5: 800 6ff1855e882930be579eceb46223db59
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208.orig.tar.gz
Size/MD5: 749755 a062d0b398918015d07c31ecdcc5111a
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1_amd64.deb
Size/MD5: 416612 21f755ffe914eb143fb35f6be7d02ff7
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1_i386.deb
Size/MD5: 396128 55b3a16962774230c48fb98ab90b6977
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1_powerpc.deb
Size/MD5: 408068 f7dab234c7df117de7e401cd966017a0
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1_sparc.deb
Size/MD5: 403704 33cf8ee56acd8dd86540e72c26a5d54a
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1.diff.gz
Size/MD5: 64026 93836a39864144c4f590202c85fb57c7
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1.dsc
Size/MD5: 953 9b24ce999d1ca82a60f437f4c00ec847
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229.orig.tar.gz
Size/MD5: 841542 f7b04a66dc401dc22f5ddb7f345be229
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1_amd64.deb
Size/MD5: 471288 599f1bfda25b6f178a37f94f775f155c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1_i386.deb
Size/MD5: 454306 6898963b2f11ecd8e950b68afe1d3c20
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/x/xterm/xterm_229-1ubuntu0.1_lpia.deb
Size/MD5: 454086 5bddec1c5e539884545e735fee6543f1
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1_powerpc.deb
Size/MD5: 470124 9c002fb71ddfd4d603b3789d234a1ae3
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1_sparc.deb
Size/MD5: 465888 2df2203939f22f1ea2cfe8aef5f17f3c
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu1.1.diff.gz
Size/MD5: 64381 4b78020812d35038e91ab80718d76be4
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu1.1.dsc
Size/MD5: 953 46cf3fcc74956b9fe99ba89faab5ec7c
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229.orig.tar.gz
Size/MD5: 841542 f7b04a66dc401dc22f5ddb7f345be229
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu1.1_amd64.deb
Size/MD5: 469724 70acad02e39d60d79eb8fd80a55da27a
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu1.1_i386.deb
Size/MD5: 453344 2a5d12cc01fa456f4bd205da497a1589
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/x/xterm/xterm_229-1ubuntu1.1_lpia.deb
Size/MD5: 454232 8db8034c6e77acaa900675e948b28a52
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/x/xterm/xterm_229-1ubuntu1.1_powerpc.deb
Size/MD5: 467854 9cde83be48898ed57edd5222300b82c7
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/x/xterm/xterm_229-1ubuntu1.1_sparc.deb
Size/MD5: 463836 af8e50a43f685499861d80a269db29f0
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_235-1ubuntu1.1.diff.gz
Size/MD5: 64123 4ded8fda6ea425540c351325ea456ee7
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_235-1ubuntu1.1.dsc
Size/MD5: 1502 3119b97098961157134b965cd67e72df
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_235.orig.tar.gz
Size/MD5: 857714 5060cab9cef0ea09a24928f3c7fbde2b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_235-1ubuntu1.1_amd64.deb
Size/MD5: 486760 8fccb232d9da5308a6439eff39d01b23
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_235-1ubuntu1.1_i386.deb
Size/MD5: 470726 39fbdb1ec355002760cfe3348b53eec9
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/x/xterm/xterm_235-1ubuntu1.1_lpia.deb
Size/MD5: 471960 47e2adb407b0d99c6dc6fea4af228cf7
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/x/xterm/xterm_235-1ubuntu1.1_powerpc.deb
Size/MD5: 484530 a6d968aa8aa52625d0b8cdb30fbc94ea
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/x/xterm/xterm_235-1ubuntu1.1_sparc.deb
Size/MD5: 481590 9121f8d82c0e7a334d796c1dff96aa74
--BXVAT5kNtrzKuDFl
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Kees Cook lt;kees@outflux.netgt;
iEYEARECAAYFAklisnwACgkQH/9LqRcGPm1sKACeMS/gOqdq24S6/keR2l8hOLiM
gNoAnAlACnQTgn+yB+8QySyVWwHtY3z2
=qIZd
-----END PGP SIGNATURE-----
xterm vulnerability
CVE-2006-7236, CVE-2008-2383
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
xterm 208-3.1ubuntu3.1
Ubuntu 7.10:
xterm 229-1ubuntu0.1
Ubuntu 8.04 LTS:
xterm 229-1ubuntu1.1
Ubuntu 8.10:
xterm 235-1ubuntu1.1
After a standard system upgrade you need to restart any running xterms to
effect the necessary changes.
Details follow:
Paul Szabo discovered that the DECRQSS escape sequences were not handled
correctly by xterm. Additionally, window title operations were also not
safely handled. If a user were tricked into viewing a specially crafted
series of characters while in xterm, a remote attacker could execute
arbitrary commands with user privileges. (CVE-2006-7236, CVE-2008-2382)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1.diff.gz
Size/MD5: 62958 2178b13411ef6c0c84c455e7848c3b5a
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1.dsc
Size/MD5: 800 6ff1855e882930be579eceb46223db59
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208.orig.tar.gz
Size/MD5: 749755 a062d0b398918015d07c31ecdcc5111a
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1_amd64.deb
Size/MD5: 416612 21f755ffe914eb143fb35f6be7d02ff7
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1_i386.deb
Size/MD5: 396128 55b3a16962774230c48fb98ab90b6977
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1_powerpc.deb
Size/MD5: 408068 f7dab234c7df117de7e401cd966017a0
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_208-3.1ubuntu3.1_sparc.deb
Size/MD5: 403704 33cf8ee56acd8dd86540e72c26a5d54a
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1.diff.gz
Size/MD5: 64026 93836a39864144c4f590202c85fb57c7
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1.dsc
Size/MD5: 953 9b24ce999d1ca82a60f437f4c00ec847
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229.orig.tar.gz
Size/MD5: 841542 f7b04a66dc401dc22f5ddb7f345be229
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1_amd64.deb
Size/MD5: 471288 599f1bfda25b6f178a37f94f775f155c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1_i386.deb
Size/MD5: 454306 6898963b2f11ecd8e950b68afe1d3c20
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/x/xterm/xterm_229-1ubuntu0.1_lpia.deb
Size/MD5: 454086 5bddec1c5e539884545e735fee6543f1
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1_powerpc.deb
Size/MD5: 470124 9c002fb71ddfd4d603b3789d234a1ae3
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu0.1_sparc.deb
Size/MD5: 465888 2df2203939f22f1ea2cfe8aef5f17f3c
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu1.1.diff.gz
Size/MD5: 64381 4b78020812d35038e91ab80718d76be4
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu1.1.dsc
Size/MD5: 953 46cf3fcc74956b9fe99ba89faab5ec7c
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229.orig.tar.gz
Size/MD5: 841542 f7b04a66dc401dc22f5ddb7f345be229
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu1.1_amd64.deb
Size/MD5: 469724 70acad02e39d60d79eb8fd80a55da27a
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_229-1ubuntu1.1_i386.deb
Size/MD5: 453344 2a5d12cc01fa456f4bd205da497a1589
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/x/xterm/xterm_229-1ubuntu1.1_lpia.deb
Size/MD5: 454232 8db8034c6e77acaa900675e948b28a52
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/x/xterm/xterm_229-1ubuntu1.1_powerpc.deb
Size/MD5: 467854 9cde83be48898ed57edd5222300b82c7
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/x/xterm/xterm_229-1ubuntu1.1_sparc.deb
Size/MD5: 463836 af8e50a43f685499861d80a269db29f0
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_235-1ubuntu1.1.diff.gz
Size/MD5: 64123 4ded8fda6ea425540c351325ea456ee7
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_235-1ubuntu1.1.dsc
Size/MD5: 1502 3119b97098961157134b965cd67e72df
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_235.orig.tar.gz
Size/MD5: 857714 5060cab9cef0ea09a24928f3c7fbde2b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_235-1ubuntu1.1_amd64.deb
Size/MD5: 486760 8fccb232d9da5308a6439eff39d01b23
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/x/xterm/xterm_235-1ubuntu1.1_i386.deb
Size/MD5: 470726 39fbdb1ec355002760cfe3348b53eec9
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/x/xterm/xterm_235-1ubuntu1.1_lpia.deb
Size/MD5: 471960 47e2adb407b0d99c6dc6fea4af228cf7
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/x/xterm/xterm_235-1ubuntu1.1_powerpc.deb
Size/MD5: 484530 a6d968aa8aa52625d0b8cdb30fbc94ea
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/x/xterm/xterm_235-1ubuntu1.1_sparc.deb
Size/MD5: 481590 9121f8d82c0e7a334d796c1dff96aa74
--BXVAT5kNtrzKuDFl
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Kees Cook lt;kees@outflux.netgt;
iEYEARECAAYFAklisnwACgkQH/9LqRcGPm1sKACeMS/gOqdq24S6/keR2l8hOLiM
gNoAnAlACnQTgn+yB+8QySyVWwHtY3z2
=qIZd
-----END PGP SIGNATURE-----
