Debian Security Advisory DSA 1694-1 (xterm) Network Vulnerability

Summary

The remote host is missing an update to xterm announced via advisory DSA 1694-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201694-1

Insight

Paul Szabo discovered that xterm, a terminal emulator for the X Window System, places arbitrary characters into the input buffer when displaying certain crafted escape sequences (CVE-2008-2383). As an additional precaution, this security update also disables font changing, user-defined keys, and X property changes through escape sequences. For the stable distribution (etch), this problem has been fixed in version 222-1etch3. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your xterm package.

Severity

Classification

CVE CVE-2008-2383

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 054-1 (cron)
Debian Security Advisory DSA 017-1 (jazip)
Debian Security Advisory DSA 1021-1 (netpbm-free)
Debian Security Advisory DSA 1070-1 (kernel-source-2.4.19,kernel-image-sparc-2.4,kernel-patch-2.4.19-mips)
Debian Security Advisory DSA 002-1 (fsh)

Take action and discover your vulnerabilities