bugtraq - [ MDVSA-2011:032 ] eclipse

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Pr8hl-0006cR-6e@titan.mandriva.com>
Date: Sun, 20 Feb 2011 13:48:00 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2011:032 ] eclipse

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:032
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : eclipse
 Date    : February 20, 2011
 Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in eclipse:
 
 Multiple cross-site scripting (XSS) vulnerabilities in the Help
 Contents web application (aka the Help Server) in Eclipse IDE before
 3.6.2 allow remote attackers to inject arbitrary web script or HTML via
 the query string to (1) help/index.jsp or (2) help/advanced/content.jsp
 (CVE-2010-4647).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4647
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 f23eac06e77995e1a9c3caa733196b08  2009.0/i586/eclipse-ecj-3.4.0-0.22.3.1mdv2009.0.i586.rpm
 c573647789a7e62ca529c6865b996472  2009.0/i586/eclipse-jdt-3.4.0-0.22.3.1mdv2009.0.i586.rpm
 9678c08c8f1e1a2a043f1201df8d8c9c  2009.0/i586/eclipse-pde-3.4.0-0.22.3.1mdv2009.0.i586.rpm
 ba3c1070a867ddfa09d1561dc277461f  2009.0/i586/eclipse-platform-3.4.0-0.22.3.1mdv2009.0.i586.rpm
 73daed8dff7db542c98375aab26d5639  2009.0/i586/eclipse-rcp-3.4.0-0.22.3.1mdv2009.0.i586.rpm
 860d77097f83cc488b8d200e5cf5450c  2009.0/i586/eclipse-swt-3.4.0-0.22.3.1mdv2009.0.i586.rpm 
 ec28ad60f56519d420c33bdae5b80f5f  2009.0/SRPMS/eclipse-3.4.0-0.22.3.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 4719459988c3a26bebfdac2e0842553f  2009.0/x86_64/eclipse-ecj-3.4.0-0.22.3.1mdv2009.0.x86_64.rpm
 929e861f6167ec7059edd54bed1c14ce  2009.0/x86_64/eclipse-jdt-3.4.0-0.22.3.1mdv2009.0.x86_64.rpm
 bdd017bd5ed64eca233be66ab82317b2  2009.0/x86_64/eclipse-pde-3.4.0-0.22.3.1mdv2009.0.x86_64.rpm
 1891e792345b5ba3e3ece5fccc579607  2009.0/x86_64/eclipse-platform-3.4.0-0.22.3.1mdv2009.0.x86_64.rpm
 bc0bff96d509dc86b08d8cb12bab35fc  2009.0/x86_64/eclipse-rcp-3.4.0-0.22.3.1mdv2009.0.x86_64.rpm
 a693baad1931bdf15143e17523f87db7  2009.0/x86_64/eclipse-swt-3.4.0-0.22.3.1mdv2009.0.x86_64.rpm 
 ec28ad60f56519d420c33bdae5b80f5f  2009.0/SRPMS/eclipse-3.4.0-0.22.3.1mdv2009.0.src.rpm

 Mandriva Linux 2010.0:
 ef7f0f74134db1f9da23d60a79d3c2ae  2010.0/i586/eclipse-ecj-3.4.2-0.2.3.1mdv2010.0.i586.rpm
 85ef610955b0123bb2ee0698f38e0370  2010.0/i586/eclipse-jdt-3.4.2-0.2.3.1mdv2010.0.i586.rpm
 6db56a26cbf672e3940469fdf1b3fa97  2010.0/i586/eclipse-pde-3.4.2-0.2.3.1mdv2010.0.i586.rpm
 dee812dc8095b39d02ded98505310f97  2010.0/i586/eclipse-platform-3.4.2-0.2.3.1mdv2010.0.i586.rpm
 c15519d73f277fa321c10b8676a08a51  2010.0/i586/eclipse-rcp-3.4.2-0.2.3.1mdv2010.0.i586.rpm
 d1775b88bca758d0c02ebec17dcf9b66  2010.0/i586/eclipse-swt-3.4.2-0.2.3.1mdv2010.0.i586.rpm 
 776bda7419053c29891fc46eb9334070  2010.0/SRPMS/eclipse-3.4.2-0.2.3.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 ef7d51d4030eef85c19d2c2b88b510fd  2010.0/x86_64/eclipse-ecj-3.4.2-0.2.3.1mdv2010.0.x86_64.rpm
 f1f7001813002eab80894c25e09d5ad6  2010.0/x86_64/eclipse-jdt-3.4.2-0.2.3.1mdv2010.0.x86_64.rpm
 6f6778ea8728995fab3c53d9eaaa5ae1  2010.0/x86_64/eclipse-pde-3.4.2-0.2.3.1mdv2010.0.x86_64.rpm
 e925bd43bd3e7fc0b2a6558a2216f4f2  2010.0/x86_64/eclipse-platform-3.4.2-0.2.3.1mdv2010.0.x86_64.rpm
 a925253c01fa9608b60eb67da2ce2c61  2010.0/x86_64/eclipse-rcp-3.4.2-0.2.3.1mdv2010.0.x86_64.rpm
 7fd7f5f75604249efec239ec382e5049  2010.0/x86_64/eclipse-swt-3.4.2-0.2.3.1mdv2010.0.x86_64.rpm 
 776bda7419053c29891fc46eb9334070  2010.0/SRPMS/eclipse-3.4.2-0.2.3.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 761aa1ab2aba68a0791342b8dc32a94b  2010.1/i586/eclipse-ecj-3.4.2-0.2.3.1mdv2010.2.i586.rpm
 7a73b1b2c7c5dc2d87e6baa630ff5baa  2010.1/i586/eclipse-jdt-3.4.2-0.2.3.1mdv2010.2.i586.rpm
 f4f42a48d7bba008347e4546312bf533  2010.1/i586/eclipse-pde-3.4.2-0.2.3.1mdv2010.2.i586.rpm
 1136d33a8c5cdeca908e4aa949dbc749  2010.1/i586/eclipse-platform-3.4.2-0.2.3.1mdv2010.2.i586.rpm
 22ac420305e99ae871f1bb79b2a02022  2010.1/i586/eclipse-rcp-3.4.2-0.2.3.1mdv2010.2.i586.rpm
 93c1d6dc0a33582f17b70973fcd7f7df  2010.1/i586/eclipse-swt-3.4.2-0.2.3.1mdv2010.2.i586.rpm 
 f6b9958cea21e3a5b8776ce189d0a0b4  2010.1/SRPMS/eclipse-3.4.2-0.2.3.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 d87be0097e241a8e3c2c4f593fee002f  2010.1/x86_64/eclipse-ecj-3.4.2-0.2.3.1mdv2010.2.x86_64.rpm
 80e3535c9a106f96bfba7d0f3b57f0b6  2010.1/x86_64/eclipse-jdt-3.4.2-0.2.3.1mdv2010.2.x86_64.rpm
 e02ec4012fa2cfb8b3e6b2e996506512  2010.1/x86_64/eclipse-pde-3.4.2-0.2.3.1mdv2010.2.x86_64.rpm
 ed07b491eb0d4dcdcdbb3f2156e3294a  2010.1/x86_64/eclipse-platform-3.4.2-0.2.3.1mdv2010.2.x86_64.rpm
 32f45d4a5ea553a8ddc6a4caf0ccfe1c  2010.1/x86_64/eclipse-rcp-3.4.2-0.2.3.1mdv2010.2.x86_64.rpm
 b60b25f61204af090174d03427c6d10a  2010.1/x86_64/eclipse-swt-3.4.2-0.2.3.1mdv2010.2.x86_64.rpm 
 f6b9958cea21e3a5b8776ce189d0a0b4  2010.1/SRPMS/eclipse-3.4.2-0.2.3.1mdv2010.2.src.rpm

 Mandriva Enterprise Server 5:
 1e5d740f3623b1b45027dc46c67af7bf  mes5/i586/eclipse-ecj-3.4.0-0.22.3.1mdvmes5.1.i586.rpm
 c3b94862effdd5b0cec57b045d1c9061  mes5/i586/eclipse-jdt-3.4.0-0.22.3.1mdvmes5.1.i586.rpm
 7ead1688a00a8b6b6e318b620fc775bb  mes5/i586/eclipse-pde-3.4.0-0.22.3.1mdvmes5.1.i586.rpm
 70705f6c6f6be1d2fcaea475067da632  mes5/i586/eclipse-platform-3.4.0-0.22.3.1mdvmes5.1.i586.rpm
 a1bb244ae026017aaac3efb2768d1432  mes5/i586/eclipse-rcp-3.4.0-0.22.3.1mdvmes5.1.i586.rpm
 0865063acc0cbe3f7e1ee322ed5c2866  mes5/i586/eclipse-swt-3.4.0-0.22.3.1mdvmes5.1.i586.rpm 
 25960e51fee777e9f3183eed2bab0b34  mes5/SRPMS/eclipse-3.4.0-0.22.3.1mdvmes5.1.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 b9f3c2ba2c2659caca83d2e31d4c7d52  mes5/x86_64/eclipse-ecj-3.4.0-0.22.3.1mdvmes5.1.x86_64.rpm
 9e6aa0a691e4813ee713abe585da16d9  mes5/x86_64/eclipse-jdt-3.4.0-0.22.3.1mdvmes5.1.x86_64.rpm
 d202d0193aceb18e9a54152c3fb7463d  mes5/x86_64/eclipse-pde-3.4.0-0.22.3.1mdvmes5.1.x86_64.rpm
 b4835887c721160b8d489f138bd7d1fe  mes5/x86_64/eclipse-platform-3.4.0-0.22.3.1mdvmes5.1.x86_64.rpm
 7d6f8d3cb3253f12d0c495b5cda5ef5a  mes5/x86_64/eclipse-rcp-3.4.0-0.22.3.1mdvmes5.1.x86_64.rpm
 af782a0716f49ce19c929fdc59bed8ba  mes5/x86_64/eclipse-swt-3.4.0-0.22.3.1mdvmes5.1.x86_64.rpm 
 25960e51fee777e9f3183eed2bab0b34  mes5/SRPMS/eclipse-3.4.0-0.22.3.1mdvmes5.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNYNzsmqjQ0CJFipgRAiOtAKC/7CwAxzhJW8P+3bLVGXfIFusRAQCg1d/V
oNYuICsb3tEdrozlAvy8E/E=
=l1wP
-----END PGP SIGNATURE-----