lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1QCw3w-0002cX-VQ@titan.mandriva.com>
Date: Thu, 21 Apr 2011 17:45:00 +0200
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2011:076 ] xrdb

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:076
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : xrdb
 Date    : April 21, 2011
 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in xrdb:
 
 xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote
 attackers to execute arbitrary commands via shell metacharacters in a
 hostname obtained from a (1) DHCP or (2) XDMCP message (CVE-2011-0465).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0465
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 60ecd2dcd071e0bf9b3afe883089c1e8  2009.0/i586/xrdb-1.0.5-2.1mdv2009.0.i586.rpm 
 c54552dc2be1d209306d10485c51a58f  2009.0/SRPMS/xrdb-1.0.5-2.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 f30e9837ea55b7e8ca3b07df10f6d3da  2009.0/x86_64/xrdb-1.0.5-2.1mdv2009.0.x86_64.rpm 
 c54552dc2be1d209306d10485c51a58f  2009.0/SRPMS/xrdb-1.0.5-2.1mdv2009.0.src.rpm

 Mandriva Linux 2010.0:
 427c231f890f19d1795ebbdfdf1666bd  2010.0/i586/xrdb-1.0.5-3.1mdv2010.0.i586.rpm 
 9343722a33c12c0dbc2737fd594fa187  2010.0/SRPMS/xrdb-1.0.5-3.1mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 9fa3abb96735f0ca635cb291e50bb752  2010.0/x86_64/xrdb-1.0.5-3.1mdv2010.0.x86_64.rpm 
 9343722a33c12c0dbc2737fd594fa187  2010.0/SRPMS/xrdb-1.0.5-3.1mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 0985cb845115c17162f54c0ed817eb29  2010.1/i586/xrdb-1.0.6-1.1mdv2010.2.i586.rpm 
 bddf6ad2c3f0962a7a5cacd9dd4e16d5  2010.1/SRPMS/xrdb-1.0.6-1.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 f2bdd265ca0750ff8e056d47fcccd395  2010.1/x86_64/xrdb-1.0.6-1.1mdv2010.2.x86_64.rpm 
 bddf6ad2c3f0962a7a5cacd9dd4e16d5  2010.1/SRPMS/xrdb-1.0.6-1.1mdv2010.2.src.rpm

 Corporate 4.0:
 5225e55fb24c725fc8f460354fd7caf7  corporate/4.0/i586/libxorg-x11-6.9.0-5.19.20060mlcs4.i586.rpm
 b6bfd335354d16f7e0c09999ce2f3f81  corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.19.20060mlcs4.i586.rpm
 fc5b84b8ce7857ed2c2029db2e4d564d  corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.19.20060mlcs4.i586.rpm
 54532ced01faa7ce715991ff371611f7  corporate/4.0/i586/X11R6-contrib-6.9.0-5.19.20060mlcs4.i586.rpm
 8e3fb2bd5b943c12cd63da5e17b50436  corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.19.20060mlcs4.i586.rpm
 80029cb36d7a9fa098cd6866998b3156  corporate/4.0/i586/xorg-x11-6.9.0-5.19.20060mlcs4.i586.rpm
 22ef9b6ab80d926a434e9d3d9fb27028  corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.19.20060mlcs4.i586.rpm
 9988917b19a5a0eadc44c763e2d66db8  corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.19.20060mlcs4.i586.rpm
 5d6cf097cd197521bed55207151a8262  corporate/4.0/i586/xorg-x11-doc-6.9.0-5.19.20060mlcs4.i586.rpm
 a91cad9347cd3d0579a6be84d8267d6a  corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.19.20060mlcs4.i586.rpm
 321500342b29f25beaa5e27f26837fb2  corporate/4.0/i586/xorg-x11-server-6.9.0-5.19.20060mlcs4.i586.rpm
 0abec00155e0a5fe9a392f136b1bfb7b  corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.19.20060mlcs4.i586.rpm
 d4bfbd64a6b68bb64fd2c795610fbf6d  corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.19.20060mlcs4.i586.rpm
 9651e47d4a3644c001843bb10cc4edb7  corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.19.20060mlcs4.i586.rpm
 723cb1007017996b97e633981865c806  corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.19.20060mlcs4.i586.rpm
 03c42c17b7cc519640b0a055928a9cb5  corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.19.20060mlcs4.i586.rpm
 ea4dcdd36bc60ce19338790610c04af1  corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.19.20060mlcs4.i586.rpm 
 6b2b79934268dfbaa76700ba6d737247  corporate/4.0/SRPMS/xorg-x11-6.9.0-5.19.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 107e45d41b6158e309254f7f0375f4be  corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.19.20060mlcs4.x86_64.rpm
 08609d94b50950755e27b3df08c4bd07  corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.19.20060mlcs4.x86_64.rpm
 e7b6b41d67065c7de38adec514edbe94  corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.19.20060mlcs4.x86_64.rpm
 1120443bea193b407062834d65047977  corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.19.20060mlcs4.x86_64.rpm
 df714fcee04af6889907be7ba91c3dd9  corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.19.20060mlcs4.x86_64.rpm
 76e13eace2a5859b2e04d20d5b303835  corporate/4.0/x86_64/xorg-x11-6.9.0-5.19.20060mlcs4.x86_64.rpm
 b790aea2730d014ce9605818b4f16ae9  corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.19.20060mlcs4.x86_64.rpm
 edb96b1bd7d6606565fccd16f36526db  corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.19.20060mlcs4.x86_64.rpm
 ea46c3d077a291bbf6f858c32ef81975  corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.19.20060mlcs4.x86_64.rpm
 3cd6a0062ba54222aadb6035655ea015  corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.19.20060mlcs4.x86_64.rpm
 9bf18b5203c3c9932ab041a2772eba7f  corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.19.20060mlcs4.x86_64.rpm
 61887ebe914f98d873b7bf958db70dba  corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.19.20060mlcs4.x86_64.rpm
 c61265b4bb19e133688a093238d699c5  corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.19.20060mlcs4.x86_64.rpm
 66bedef6b606dcf6ac337e86b8e0c7a1  corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.19.20060mlcs4.x86_64.rpm
 fb2b9bda00c1b90e341b5e59409f8a8a  corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.19.20060mlcs4.x86_64.rpm
 5008a8450fa211b14d7fa8c779b9ecac  corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.19.20060mlcs4.x86_64.rpm
 f983f06870856e2005f54d42d7689285  corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.19.20060mlcs4.x86_64.rpm 
 6b2b79934268dfbaa76700ba6d737247  corporate/4.0/SRPMS/xorg-x11-6.9.0-5.19.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 177da11f1c81a977b82b7959ab52feee  mes5/i586/xrdb-1.0.5-2.1mdvmes5.2.i586.rpm 
 8092d340dad307ec0bba8f2944ab1cd9  mes5/SRPMS/xrdb-1.0.5-2.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 62130274606d98bf1a47e3d0117bbe34  mes5/x86_64/xrdb-1.0.5-2.1mdvmes5.2.x86_64.rpm 
 8092d340dad307ec0bba8f2944ab1cd9  mes5/SRPMS/xrdb-1.0.5-2.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNsB8omqjQ0CJFipgRAnvnAKCE0gWGkUELc62dOa9WlADcuyzzHwCg84vd
2hKoj4onH9OWCRgEar4H72o=
=LBGQ
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ