[v2.7] rxvt-unicode: remote arbitrary code execution (CVE-2014-3121)
rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands.
•MLIST:[oss-security] 20140430 CVE request: rxvt-unicode user-assisted
arbitrary commands execution
•URL: http://seclists.org/oss-sec/2014/q2/204
•CONFIRM: http://dist.schmorp.de/rxvt-unicode/Changes
•DEBIAN:DSA-2925
•URL: http://www.debian.org/security/2014/dsa-2925
•FEDORA:FEDORA-2014-5938
•URL:
https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133166.html
•FEDORA:FEDORA-2014-5939
•URL:
https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133195.html
•BID:67155
•URL: http://www.securityfocus.com/bid/67155
(from redmine: issue id 2922, created on 2014-05-21, closed on 2014-05-23)
- Relations:
- parent #2920 (closed)
- Changesets:
- Revision a260163e by Natanael Copa on 2014-05-22T13:19:21Z:
main/rxvt-unicode: security upgrade to 9.20 (CVE-2014-3121)
fixes #2922