xterm: User-assisted arbitrary commands execution
Gentoo Linux Security Advisory
||GLSA 200902-04 / xterm
||February 12, 2009
||February 12, 2009: 01
All supported architectures
An error in the processing of special sequences in xterm may lead to
arbitrary commands execution.
xterm is a terminal emulator for the X Window system.
Paul Szabo reported an insufficient input sanitization when processing
Device Control Request Status String (DECRQSS) sequences.
A remote attacker could entice a user to display a file containing
specially crafted DECRQSS sequences, possibly resulting in the remote
execution of arbitrary commands with the privileges of the user viewing
There is no known workaround at this time.
All xterm users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/xterm-239"