RedHat: Low: xterm security update
Summary
Summary
The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that cannot use the window system directly. A bug was found in the way xterm packages were built that caused the pseudo-terminal device files of the xterm emulated terminals to be owned by the incorrect group. This flaw did not affect Red Hat Enterprise Linux 4 Update 4 and earlier. (CVE-2007-2797) All users of xterm are advised to upgrade to this updated package, which contains a patch to correct this issue.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
5. Bug IDs fixed (http://bugzilla.redhat.com/):
239070 - CVE-2007-2797 Wrong settings for the tty (mesg: error: tty device is not owned by group `tty')
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
1e6bd5c8d2dd4a12405bc8d3442f2c3f xterm-192-8.el4.src.rpm
i386:
589caa3f2e0984fd89d65250e377f06f xterm-192-8.el4.i386.rpm
fd15d510790d4a2252f26bc79915ea98 xterm-debuginfo-192-8.el4.i386.rpm
ia64:
bb3af76c6ba12b96192c50673329dd37 xterm-192-8.el4.ia64.rpm
b7d930d860f8762b2f52dafd701d295b xterm-debuginfo-192-8.el4.ia64.rpm
ppc:
415b26fb6c78f8416eefb10b03254d0d xterm-192-8.el4.ppc.rpm
2d3873ce815c843b934ff93812d41e4e xterm-debuginfo-192-8.el4.ppc.rpm
s390:
77d8e2b60ec35da065c7b7b65fc82b46 xterm-192-8.el4.s390.rpm
c1e25b6df0c45f0dc84b222d839030c2 xterm-debuginfo-192-8.el4.s390.rpm
s390x:
7e2261212daab8efbfe301cee7251be9 xterm-192-8.el4.s390x.rpm
84e6ee329093936d744b095d3c94ba8d xterm-debuginfo-192-8.el4.s390x.rpm
x86_64:
98850a2fe869908974bab98456e5c3a3 xterm-192-8.el4.x86_64.rpm
62a5541a4d336fa39f960dea51e31e98 xterm-debuginfo-192-8.el4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
1e6bd5c8d2dd4a12405bc8d3442f2c3f xterm-192-8.el4.src.rpm
i386:
589caa3f2e0984fd89d65250e377f06f xterm-192-8.el4.i386.rpm
fd15d510790d4a2252f26bc79915ea98 xterm-debuginfo-192-8.el4.i386.rpm
x86_64:
98850a2fe869908974bab98456e5c3a3 xterm-192-8.el4.x86_64.rpm
62a5541a4d336fa39f960dea51e31e98 xterm-debuginfo-192-8.el4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
1e6bd5c8d2dd4a12405bc8d3442f2c3f xterm-192-8.el4.src.rpm
i386:
589caa3f2e0984fd89d65250e377f06f xterm-192-8.el4.i386.rpm
fd15d510790d4a2252f26bc79915ea98 xterm-debuginfo-192-8.el4.i386.rpm
ia64:
bb3af76c6ba12b96192c50673329dd37 xterm-192-8.el4.ia64.rpm
b7d930d860f8762b2f52dafd701d295b xterm-debuginfo-192-8.el4.ia64.rpm
x86_64:
98850a2fe869908974bab98456e5c3a3 xterm-192-8.el4.x86_64.rpm
62a5541a4d336fa39f960dea51e31e98 xterm-debuginfo-192-8.el4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
1e6bd5c8d2dd4a12405bc8d3442f2c3f xterm-192-8.el4.src.rpm
i386:
589caa3f2e0984fd89d65250e377f06f xterm-192-8.el4.i386.rpm
fd15d510790d4a2252f26bc79915ea98 xterm-debuginfo-192-8.el4.i386.rpm
ia64:
bb3af76c6ba12b96192c50673329dd37 xterm-192-8.el4.ia64.rpm
b7d930d860f8762b2f52dafd701d295b xterm-debuginfo-192-8.el4.ia64.rpm
x86_64:
98850a2fe869908974bab98456e5c3a3 xterm-192-8.el4.x86_64.rpm
62a5541a4d336fa39f960dea51e31e98 xterm-debuginfo-192-8.el4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2797 http://www.redhat.com/security/updates/classification/#low
Package List
Topic
Topic
Relevant Releases Architectures
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Bugs Fixed