CERT* VB-98.04: Vulnerabilities in xterm and Xaw
Hi
Are we aware of (concerned by)
ftp://ftp.cert.org/pub/cert_bulletins/VB-98.04.xterm.Xaw
?
it says that
> Vulnerabilities exist in the terminal emulator xterm(1), and the Xaw
> library distributed in various MIT X Consortium; X Consortium, Inc.;
> and The Open Group X Project Team releases. These vulnerabilities may
> be exploited by an intruder to gain root access.
the only solutions seems to
chmod 0755 `which xterm`
thanks and bye
a.m.
ps: I have a proposal: why not do this:
1) create a debian mailing list
(lets call it "debian-warning" just to make the point),
for very sensitive informations,
like the presence of a security bug in a package,
or of a flaw that may damage data or similair.
2) advertise it on debian-*
3) tweack the smail and sendmail packages so that
on the installation they will ask to the root
(and strongly suggest) that he/she joins
"debian-warning" , (and then do it automatically)
This would create a channel that we now lack:
"debian-warning" should be a list of very low traffic,
so that people would really read it
An example: some time ago someone by mistake
uploaded a version of grep that was broken;
I installed it, and lost functionality of some
things I needed, and the lost a lot of time
trying to understand what had gone wrong;
had I received a message from debian-warning
I would have not installed it.
Another example is of course the above message.
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: