[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2913-1] xterm security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2913-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
February 07, 2022                           https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : xterm
Version        : 327-2+deb9u2
CVE ID         : CVE-2022-24130
Debian Bug     : 1004689

xterm, an X terminal emulator, when Sixel support is enabled, allows
attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c
via crafted text.

For Debian 9 stretch, this problem has been fixed in version
327-2+deb9u2.

We recommend that you upgrade your xterm packages.

For the detailed security status of xterm please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xterm

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmIBY68ACgkQgj6WdgbD
S5Y2CQ//WrBB+RvSy/W8YPAd9HGehSDwDVv0H+HccFvNQa/aqOOXa4hpUqN8nqmG
s8FTQxX3S7ncGdtVqXLV4Z1AdkHNyqMKzjHsRxn7ef4Jamcb7zQlzoFzNTapSXOc
hnHOBVaVzGLhdBJfEGgMRpr7WQnMbjCev3NYRdN5D5+Pdjh6eLD0zqRv+/C/G9kG
S92MXuKFesBk64Cdl8DpeTA4GdLdboQvshq6rBbBTjLfbgn/336E028Dw3c6WD1t
wFIMtPgLqXplGpqXhRDXfRbDkZJO9e0d8oT/SG8RSiBVyf7GBnQMWrw+pOKYqiaK
KDsuadCCEOQddHgxn+sAVpl+3NCE6MBdZdmV33F5a5J5Ls2G5jm76BoKaKSFAUch
/M5A4xRHofl9ODW/73XvnIX5OlnJ74x7D1hssuxNAVqyPIkHH2Y3VMLZ6SKMLyg/
W4Fp7ZYknkmfaXiv5g9+cOScdwtI1skGv0s/OblnkvrCThL7hanc0mDgeKMnz/gO
MApnwbRZGlDJsFeLiocTPXf2xg/kDVBg2LgiXfocLNLJxg5SOpplhoijarGO+sAc
ahQDbV7GV+87iJstOvtQjB4V263XLbe4RzSZtfMCR4KCzWv2HBGKoewFKtoEkg8f
6t4gGxDfevz+/9AQAPrqbeTmGAem5FU0uUvAQxnGxscsPIrgevw=
=ANG/
-----END PGP SIGNATURE-----


Reply to: