OESA-2024-2238
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2238
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2024-2238.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2024-2238
- Upstream
- Published
- 2024-10-12T11:09:20Z
- Modified
- 2025-09-03T06:18:35.600707Z
- Summary
- xterm security update
- Details
-
The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals.
Security Fix(es):
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.(CVE-2022-45063)
- Database specific
{ "severity": "Critical" }- References
Affected packages
openEuler:22.03-LTS-SP4 / xterm
Package
- Name
- xterm
- Purl
- pkg:rpm/openEuler/xterm&distro=openEuler-22.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed363-6.oe2203sp4
Ecosystem specific
{
"x86_64": [
"xterm-363-6.oe2203sp4.x86_64.rpm",
"xterm-debuginfo-363-6.oe2203sp4.x86_64.rpm",
"xterm-debugsource-363-6.oe2203sp4.x86_64.rpm",
"xterm-help-363-6.oe2203sp4.x86_64.rpm"
],
"aarch64": [
"xterm-363-6.oe2203sp4.aarch64.rpm",
"xterm-debuginfo-363-6.oe2203sp4.aarch64.rpm",
"xterm-debugsource-363-6.oe2203sp4.aarch64.rpm",
"xterm-help-363-6.oe2203sp4.aarch64.rpm"
],
"src": [
"xterm-363-6.oe2203sp4.src.rpm"
]
}