Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2014.0694
rxvt-unicode security update
9 May 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: rxvt-unicode
Publisher: Debian
Operating System: Debian GNU/Linux 7
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2014-3121
Original Bulletin:
http://www.debian.org/security/2014/dsa-2925
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running rxvt-unicode check for an updated version of the software
for their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-2925-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 08, 2014 http://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : rxvt-unicode
CVE ID : CVE-2014-3121
Debian Bug : 746593
Phillip Hallam-Baker discovered that window property values could be
queried in rxvt-unicode, resulting in the potential execution of
arbitrary commands.
For the oldstable distribution (squeeze), this problem has been fixed in
version 9.07-2+deb6u1.
For the stable distribution (wheezy), this problem has been fixed in
version 9.15-2+deb7u1.
For the testing distribution (jessie), this problem has been fixed in
version 9.20-1.
For the unstable distribution (sid), this problem has been fixed in
version 9.20-1.
We recommend that you upgrade your rxvt-unicode packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJTa61rAAoJEBDCk7bDfE42hOUP/iWY1LMt6pANiprUpAmSfqJ0
xkqfyW3UbDhu3BqGE4TNj/7UFulhCfCL1uHhqS85D22bWX0ncGVr+Mgd4whP42k+
kxFnXkScpMw/SFCI4q8MKUJiPJSwkaURu+vjJb6uFTsDftn1ml3BoIxH3C9pxj/A
zL9R0BQDdB8Uf0wKbb4Uw88bY6W4iPcMKLughBrfl3ESBPysYyXL5Lh8+QLiWZ6c
onmuAo9S5jIV3RLT+n1pDr9kUtbUBIFSbhfGq/fA2v764lC6UFDYTqVK2llfX/WL
2bNGVwcyqo/cK84NNTvPqV7K9DWGUTEYNGk0hLqwcMR419iaR0SQdmMo2z3uiuCb
f/MbOS68O05n0r+xmBq+AKCkWpngSGGPI67RXnhtiAyemhXs7D8bqjdK9iQHTYBs
5P1+FsN7BWfU3qCu19eebU4z/YaR0UiOcll7222eR5DPo1kJPs+8V0t/ckOOsrM2
ayBw+chMRBss6dFQctZJTA2jW0IFhsahhFiAkYX0kVO5GgojS9aqJNErNkx9Eiga
cNozpprt3VjcxMJkyAeodVxDabQcoLk8jNRZM58RlkHlCfpqhEvNcEkNb0c7hbFm
jlAV1rwyYMzU9vk4O+7Kho5YSj8yEAf8eoLj8LYbyACPuqzIpAo1miSZbdomg63W
lkK80q+BaQjU+vROKxCf
=SBUQ
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBU2w0KhLndAQH1ShLAQL0HA/+KcLO+Phv+0bS9PwmGZre0XydUa0ZdQk2
64iI8UBwkT/dmgVlCqT0twBWeKhUpwwB2g8VlXkcrsWJ/yexjYUd660TGV44kp1s
FJfrM0OHjfCiNZ3+MTHijqJ7aSjXzgrD2893CjXsrZhWDF4m6sU9gAnlGArxZ4DK
Ha0vG9nJmCCpV+svpPm0FT29yciPBmQBkM94+Ku1JraeSnNNo9z6gt3vKKeKbKDw
SNh2AohQnvBlH/3bfK6eqIXAOmmNPwo1EWh1r7gcnR+BD6JgkJrfG++6cBEicbql
IsplWoBrSb+9Fd5wCvWeauBb/BqB0ZLcth3x7X+ef0gcT2/Jp70P1tGKSw6Pu58E
siF0aPn2RS8B0xrLICzPHQYYJZaUTOMdPl+wdlibBxJUV9G4bgfyCc5s5LXAOuoX
ksagC7WA6l7P+sepZ1dhFd9YuAteTMdCr3cdX/upnTBsdjwcHf+vyE2tvByg1aTy
kfbjnwP5aXGVT7YqGRgLUbAekupm6UdiXkk68rwRDJgSEgEt/b/9lHPtUXrrFKtA
iFmRw+aSJK1exOf2EN7HfzpwRxsCkI4h1Awa8R5qMoaDRIfs67N0R1cnqWO+7FHb
ZYNcwzAyxKcIcknEfsNS1dbDEXP6mCeGmQutUB8Dtf1yo51Nb+3Gnl/2Xf3IS35n
xNhy92rUieQ=
=SpdL
-----END PGP SIGNATURE-----