linux, säkerhet

5417802 2000-08-30  20:55  /75 rader/ Brevbäraren (som är implementerad i) Python
Mottagare: Bugtraq (import) <12448>
Ärende: Helix Code Security Advisory - X-Chat
------------------------------------------------------------
From: "Helix Code, Inc." <security@HELIXCODE.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <200008292214.SAA21153@trna.helixcode.com>

HELIX CODE, INC.                                             SECURITY ADVISORY
security@helixcode.com                                 Issue Date: 29 Aug 2000

PACKAGES AFFECTED:
X-Chat 1.4.2 and previous for all supported distributions.

SYNOPSIS: A vulnerability in the X-Chat IRC client allows a malicious
URL to possibly execute arbitrary shell commands as the user running
X-Chat.

DESCRIPTION: X-Chat has a feature that allows a user to right-click
on a URL in an IRC window and open it in a browser. X-Chat passes the
URL to /bin/sh when executing the browser command. A malicious URL
could be created to run arbitrary commands or scripts on the system
if a user opens the URL.

SOLUTION: A new version of X-Chat has been released by the
maintainers which eliminates this vulnerability.

AVAILABILITY: An essential update is available immediately from Helix
Code, Inc. via the Helix GNOME Updater and from the following URLs:

For Caldera OpenLinux eDesktop 2.4 systems:
http://spidermonkey.helixcode.com/distributions/Caldera-2.4/xchat-1.4.3-0_helix_1.i386.rpm

For Debian GNU/Linux potato (2.2) and woody systems:
http://spidermonkey.helixcode.com/distributions/Debian/dists/woody/main/binary-i386/xchat_1.4.3-helix1_i386.deb
http://spidermonkey.helixcode.com/distributions/Debian/dists/woody/main/binary-i386/xchat-common_1.4.3-helix1_all.deb
http://spidermonkey.helixcode.com/distributions/Debian/dists/woody/main/binary-i386/xchat-text_1.4.3-helix1_i386.deb
http://spidermonkey.helixcode.com/distributions/Debian/dists/woody/main/binary-i386/xchat-gnome_1.4.3-helix1_i386.deb

For LinuxPPC systems:
http://spidermonkey.helixcode.com/distributions/LinuxPPC/xchat-1.4.3-0_helix_1.ppc.rpm

For Linux Mandrake systems:
http://spidermonkey.helixcode.com/distributions/Mandrake/xchat-1.4.3-0mdk_helix_1.i586.rpm

For Red Hat Linux systems:
http://spidermonkey.helixcode.com/distributions/RedHat-6/xchat-1.4.3-0_helix_1.i386.rpm

For Solaris running on UltraSparc systems:
http://spidermonkey.helixcode.com/distributions/Solaris/xchat-1.4.3-0_helix_1.sparc64.rpm

For SuSE 6.3 systems:
http://spidermonkey.helixcode.com/distributions/SuSE/xchat-1.4.3-0_helix_1.i386.rpm

For SuSE 6.4 systems:
http://spidermonkey.helixcode.com/distributions/SuSE-6.4/xchat-1.4.3-0_helix_1.i386.rpm

For TurboLinux systems:
http://spidermonkey.helixcode.com/distributions/TurboLinux-6/xchat-1.4.3-0_helix_1.i386.rpm

VERIFICATION: 2261b9fec19b27e6dbabae406bc0fd54
Caldera-2.4/xchat-1.4.3-0_helix_1.i386.rpm
fef17cd9dcf8e92b908be61f8fff4510
Debian/dists/woody/main/binary-i386/xchat_1.4.3-helix1_i386.deb
9763bb303a2c3eb08206b44dc646dea5
Debian/dists/woody/main/binary-i386/xchat-common_1.4.3-helix1_all.deb
fbda48026bea635ca093d931aec50a8d
Debian/dists/woody/main/binary-i386/xchat-text_1.4.3-helix1_i386.deb
0fbf8726ba981de77c2dd71fb728a6d4
Debian/dists/woody/main/binary-i386/xchat-gnome_1.4.3-helix1_i386.deb
80eb40b6c7c31eb6381b320fff294527
LinuxPPC/xchat-1.4.3-0_helix_1.ppc.rpm
5eecb8d78c314c7c5124ec61413fdca3
Mandrake-7/xchat-1.4.3-0mdk_helix_1.i586.rpm
ef0294dcc2188682e4936a4d9f73208c
RedHat-6/xchat-1.4.3-0_helix_1.i386.rpm
2dcb655a39854da46e0a4281c6112dbe
Solaris/xchat-1.4.3-0_helix_1.sparc64.rpm
51273503d8b85a916ed757cc05d5c1c7  SuSE/xchat-1.4.3-0_helix_1.i386.rpm
a1c52390e0bb5b921099edb60ba86f82
SuSE-6.4/xchat-1.4.3-0_helix_1.i386.rpm
0915ca28a9fe0ba09b3636de9e28c74d
TurboLinux-6/xchat-1.4.3-0_helix_1.i386.rpm

Copyright (c) 2000 Helix Code, Inc.
(5417802) ------------------------------------------(Ombruten)