Fedora Core 10 FEDORA-2009-0091 (xterm)

Summary
The remote host is missing an update to xterm announced via advisory FEDORA-2009-0091.
Solution
Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update xterm' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-0091
Insight
Update Information: This update fixes the following security issue: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071. ChangeLog: * Tue Jan 6 2009 Miroslav Lichvar 238-1 - update to 238 (#479000, CVE-2008-2383) - set default values of allowWindowOps and allowFontOps resources to false
References