CESA-2009:0018 -- centos 3 x86_64 xtermID: oval:org.secpod.oval:def:200325 | Date: (C)2012-01-31 (M)2023-11-13 |
Class: PATCH | Family: unix |
The xterm program is a terminal emulator for the X Window System. A flaw was found in the xterm handling of Device Control Request Status String escape sequences. An attacker could create a malicious text file that could run arbitrary commands if read by a victim inside an xterm window. All xterm users are advised to upgrade to the updated package, which contains a backported patch to resolve this issue. All running instances of xterm must be restarted for the update to take effect.