A vulnerability has been found and corrected in xrdb: xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP or XDMCP message . Packages for 2009.0 are provided as of the Extended Maintenance Program