Security Advisory hanterm-xf security update

Advisory: RHSA-2003:071-12
Type: Security Advisory
Severity: Moderate
Issued on: 2003-07-08
Last updated on: 2003-07-08
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: N/A
CVEs (cve.mitre.org): CVE-2003-0077
CVE-2003-0079

Details

Updated Hangul Terminal packages fix two security issues.

Hangul Terminal is a terminal emulator for the X Window System, based on Xterm.

Hangul Terminal provides an escape sequence for reporting the current
window title, which essentially takes the current title and places it
directly on the command line. An attacker can craft an escape sequence
that sets the window title of a victim using Hangul Terminal to an
arbitrary command and then report it to the command line. Since it is not
possible to embed a carriage return into the window title the attacker
would then have to convince the victim to press Enter for it to process the
title as a command, although the attacker could craft other escape
sequences that might convince the victim to do so.

It is possible to lock up Hangul Terminal before version 2.0.5 by sending
an invalid DEC UDK escape sequence.

Users are advised to upgrade to these erratum packages, which contain
Hangul Terminal version 2.0.5 which is not vulnerable to these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

Please note that this update is available via Red Hat Network. To use Red
Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
hanterm-xf-2.0.5-5.AS21.1.src.rpm     0c844a50ac26f0fcda4a226e7e1f5ae9
 
IA-32:
hanterm-xf-2.0.5-5.AS21.1.i386.rpm
File outdated by:  RHSA-2009:0019		     0085d63f9a677c24339eea40f9faab06
 
IA-64:
hanterm-xf-2.0.5-5.AS21.1.ia64.rpm
File outdated by:  RHSA-2009:0019		     5ef43cf00beb5114c890de55f0e65272
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
hanterm-xf-2.0.5-5.AS21.1.src.rpm     0c844a50ac26f0fcda4a226e7e1f5ae9
 
IA-32:
hanterm-xf-2.0.5-5.AS21.1.i386.rpm
File outdated by:  RHSA-2009:0019		     0085d63f9a677c24339eea40f9faab06
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
hanterm-xf-2.0.5-5.AS21.1.src.rpm     0c844a50ac26f0fcda4a226e7e1f5ae9
 
IA-32:
hanterm-xf-2.0.5-5.AS21.1.i386.rpm
File outdated by:  RHSA-2009:0019		     0085d63f9a677c24339eea40f9faab06
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
hanterm-xf-2.0.5-5.AS21.1.src.rpm     0c844a50ac26f0fcda4a226e7e1f5ae9
 
IA-64:
hanterm-xf-2.0.5-5.AS21.1.ia64.rpm
File outdated by:  RHSA-2009:0019		     5ef43cf00beb5114c890de55f0e65272
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

85072 - Escape sequence vulnerabilities in hanterm-xf


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0079

Keywords

hanterm-xf

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/