MDKSA-2002:051
- Package name
- xchat
- Date
- 2002-08-14
- Advisory ID
- MDKSA-2002:051
- Affected versions
- 8.1 i586 , CS1.0 i586 , 8.1 i586 , 8.0 i586 , 8.2 i586 , 8.0 i586 , 8.2 i586 , 7.1 i586 , 7.2 i586
Problem description
In versions of the xchat IRC client prior to version 1.8.9, xchat does not filter the response from an IRC server when a /dns query is executed. xchat resolves hostnames by passing the configured resolver and hostname to a shell, so an IRC server may return a malicious response formatted so that arbitrary commands are executed with the privilege of the user running xchat.
Updated packages
8.1 i586
3b153d74852081b8c2716795da8221fb ia64/8.1/RPMS/xchat-1.8.9-1.1mdk.ia64.rpm 8e90f10583d899d8fcec3add917cff9e ia64/8.1/SRPMS/xchat-1.8.9-1.1mdk.src.rpm
CS1.0 i586
d6d49335adada894c1aa3fa939d8b9f3 1.0.1/RPMS/xchat-1.8.9-1.2mdk.i586.rpm 6d05bf91dcf5e713c80733c0266707c7 1.0.1/SRPMS/xchat-1.8.9-1.2mdk.src.rpm
8.1 i586
b15fc620fccbb433f2342a5697878d46 8.1/RPMS/xchat-1.8.9-1.1mdk.i586.rpm 8e90f10583d899d8fcec3add917cff9e 8.1/SRPMS/xchat-1.8.9-1.1mdk.src.rpm
8.0 i586
9c5820900faa143354b912a3934f4238 8.0/RPMS/xchat-1.8.9-1.1mdk.i586.rpm 8e90f10583d899d8fcec3add917cff9e 8.0/SRPMS/xchat-1.8.9-1.1mdk.src.rpm
8.2 i586
07acd74eb2ba9e6e993c080f3f62d1db 8.2/RPMS/xchat-1.8.9-1.1mdk.i586.rpm 8e90f10583d899d8fcec3add917cff9e 8.2/SRPMS/xchat-1.8.9-1.1mdk.src.rpm
8.0 i586
4fbdf3b5273608a2c8f29d76c1f99b22 ppc/8.0/RPMS/xchat-1.8.9-1.1mdk.ppc.rpm 8e90f10583d899d8fcec3add917cff9e ppc/8.0/SRPMS/xchat-1.8.9-1.1mdk.src.rpm
8.2 i586
949876f355b3f0330e9d0a15a8da9c22 ppc/8.2/RPMS/xchat-1.8.9-1.1mdk.ppc.rpm 8e90f10583d899d8fcec3add917cff9e ppc/8.2/SRPMS/xchat-1.8.9-1.1mdk.src.rpm
7.1 i586
d6d49335adada894c1aa3fa939d8b9f3 7.1/RPMS/xchat-1.8.9-1.2mdk.i586.rpm 6d05bf91dcf5e713c80733c0266707c7 7.1/SRPMS/xchat-1.8.9-1.2mdk.src.rpm
7.2 i586
c95dd6649268bed1dbc11841edfcbef1 7.2/RPMS/xchat-1.8.9-1.2mdk.i586.rpm 6d05bf91dcf5e713c80733c0266707c7 7.2/SRPMS/xchat-1.8.9-1.2mdk.src.rpm