Detections
Analytics
Debian DLA-2558-2 : xterm regression update
critical Nessus Plugin ID 146521
Language:
Synopsis
The remote Debian host is missing a security update.Description
DLA 2558-2 backported a part of the upstream patch which fails to deal with the realloc failures in Debian stretch. This update reverts that part of the patch since it's not really needed and just focuses on fixing CVE-2021-27135.For Debian 9 stretch, this problem has been fixed in version 327-2+deb9u2.
We recommend that you upgrade your xterm packages.
For the detailed security status of xterm please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xterm
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Upgrade the affected xterm package.See Also
https://lists.debian.org/debian-lts-announce/2021/03/msg00026.html
https://packages.debian.org/source/stretch/xterm
https://security-tracker.debian.org/tracker/source-package/xterm
Plugin Details
Severity: Critical
ID: 146521
File Name: debian_DLA-2558.nasl
Version: 1.4
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 2/16/2021
Updated: 3/22/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:xterm, cpe:/o:debian:debian_linux:9.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 3/21/2021
Vulnerability Publication Date: 3/21/2021