Summary: | <x11-terms/rxvt-unicode-9.20: user-assisted arbitrary commands execution (CVE-2014-3121) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | jer, wired |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2014/04/30/6 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-04-30 12:59:10 UTC
Arch teams, please test and mark stable: =x11-terms/rxvt-unicode-9.20 Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Stable for HPPA. arm stable amd64 stable ppc stable ppc64 stable ia64 stable sparc stable alpha stable x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. CVE-2014-3121 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3121): rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands. Arches and Maintainer(s), Thank you for your work. Added to new GLSA Request This issue was resolved and addressed in GLSA 201406-18 at http://security.gentoo.org/glsa/glsa-201406-18.xml by GLSA coordinator Chris Reffett (creffett). |