Package name
Advisory ID
Affected versions
7.1 i586

Problem description

XChat 1.3.9 and later allow users to right-click on a URL appearing in an IRC discussion and select the "Open in Browser" option. To open the URL in a browser, XChat passes the command to /bin/sh. This allows a malicious URL the ability to execute arbitrary shell commands as the user that is running XChat. This update changes the functionality of XChat to bypass the shell and execute the browser directly. Thanks go to Red Hat for providing the patch.

Updated packages

7.1 i586

 ebf0d4a0d236453f63a797ea20f0758b  7.1/RPMS/xchat-1.4.1-4mdk.i586.rpm
d695396fb97a55c6c7e2cdbb22079c00  7.1/SRPMS/xchat-1.4.1-4mdk.src.rpm