Gentoo Linux Security Advisory GLSA 200902-04 - An error in the processing of special sequences in xterm may lead to arbitrary commands execution. Paul Szabo reported an insufficient input sanitization when processing Device Control Request Status String (DECRQSS) sequences. Versions less than 239 are affected.
0131e76876c7cebbb97deee77a4673733c286d37eb16cfe9f06ef660692c0383
Mandriva Linux Security Advisory 2009-005 - A vulnerability has been discovered in xterm, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to xterm not properly processing the DECRQSS Device Control Request Status String escape sequence. This can be exploited to inject and execute arbitrary shell commands by e.g. tricking a user into displaying a malicious text file containing a specially crafted escape sequence via the more command in xterm. The updated packages have been patched to prevent this.
2493748ea4d2a9b36180e68cee133d311ce65680b96da22fdf380057be4be1d0
Debian Security Advisory 1694-2 - The xterm update in DSA-1694-1 disabled font changing as a precaution. However, users reported that they need this feature. The update in this DSA makes font shifting through escape sequences configurable, using a new allowFontOps X resource, and unconditionally enables font changing through keyboard sequences.
bd28e9c06f2e2a1a0f5ffca0f09dbbcde34b410e66ca333d4ea91a8dccfbae12
Ubuntu Security Notice USN-703-1 - Paul Szabo discovered that the DECRQSS escape sequences were not handled correctly by xterm. Additionally, window title operations were also not safely handled. If a user were tricked into viewing a specially crafted series of characters while in xterm, a remote attacker could execute arbitrary commands with user privileges.
e7e6a06f9fe2effdb62bbdfe84ed4ba618aa063ddb21bba5c246c5989dcf40c7
Debian Security Advisory 1694-1 - Paul Szabo discovered that xterm, a terminal emulator for the X Window System, places arbitrary characters into the input buffer when displaying certain crafted escape sequences (CVE-2008-2383).
3e2b711ede10390232555c7428e3ef4ba8fa5b9efd1daa4be578455a531e921a