X-Chat Command Execution Via URLs Vulnerability

Solution:
The new version of X-Chat (1.4.3) is available as a source tarball.

Debian has provided updated deb packages.

RedHat has provided patched RPMs.

Conectiva has provided patched RPMs of 1.4.2:
(copied from the Conectiva advisory)
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/xchat-1.4.2-4cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/xchat-1.4.2-4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/xchat-1.4.2-4cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/xchat-1.4.2-4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/xchat-1.4.2-4cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/xchat-1.4.2-4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/xchat-1.4.2-4cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/xchat-1.4.2-4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/xchat-1.4.2-4cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/xchat-1.4.2-4cl.i386.rpm

Users of Slackware 7.0, 7.1, and -current are urged to upgraded to the
xchat.tgz package available in the Slackware -current branch.

TurboLinux has released updated packages:
ftp://ftp.turbolinux.com/pub/updates/6.0/xchat-1.4.3-1.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/SRPMS/xchat-1.4.3-1.src.rpm

The new xchat.tgz package is available from:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/gtk/xchat.tgz


X-Chat X-Chat 1.2.1

X-Chat X-Chat 1.3.10

X-Chat X-Chat 1.3.11

X-Chat X-Chat 1.3.12

X-Chat X-Chat 1.3.13

X-Chat X-Chat 1.3.9

X-Chat X-Chat 1.4

X-Chat X-Chat 1.4.1

X-Chat X-Chat 1.4.2


 

Privacy Statement
Copyright 2010, SecurityFocus