[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1KRCRq-0005yw-I5@titan.mandriva.com>
Date: Thu, 07 Aug 2008 14:51:00 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:161 ] rxvt
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:161
http://www.mandriva.com/security/
_______________________________________________________________________
Package : rxvt
Date : August 7, 2008
Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A vulnerability in rxvt allowed it to open a terminal on :0 if the
environment variable was not set, which could be used by a local user
to hijack X11 connections (CVE-2008-1142).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1142
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.1:
57b033071ca6cf454e53679cfc946215 2007.1/i586/rxvt-2.7.10-16.1mdv2007.1.i586.rpm
987dfd1fc331f8047320a567205f2b0e 2007.1/i586/rxvt-CJK-2.7.10-16.1mdv2007.1.i586.rpm
22d14c838873f3a5a12953ddc80b379f 2007.1/SRPMS/rxvt-2.7.10-16.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
1aa9086c284832ff0d8bea0df49b2dc0 2007.1/x86_64/rxvt-2.7.10-16.1mdv2007.1.x86_64.rpm
526300e80d46b885b4c0c2a7f89e5713 2007.1/x86_64/rxvt-CJK-2.7.10-16.1mdv2007.1.x86_64.rpm
22d14c838873f3a5a12953ddc80b379f 2007.1/SRPMS/rxvt-2.7.10-16.1mdv2007.1.src.rpm
Mandriva Linux 2008.0:
1ffd0f19c9b1f4e3aaf754ecf93add8e 2008.0/i586/rxvt-2.7.10-16.1mdv2008.0.i586.rpm
4b5fb452195f84baeb32cb5a34621a65 2008.0/i586/rxvt-CJK-2.7.10-16.1mdv2008.0.i586.rpm
8cb62791b100d1d29139755da8395385 2008.0/SRPMS/rxvt-2.7.10-16.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
4cfc1a35513ec7132f824451c7c8acf2 2008.0/x86_64/rxvt-2.7.10-16.1mdv2008.0.x86_64.rpm
d2ecb0199b0077ade4c0547288b94517 2008.0/x86_64/rxvt-CJK-2.7.10-16.1mdv2008.0.x86_64.rpm
8cb62791b100d1d29139755da8395385 2008.0/SRPMS/rxvt-2.7.10-16.1mdv2008.0.src.rpm
Mandriva Linux 2008.1:
71568160ba7e7b8a0491d519c7831681 2008.1/i586/rxvt-2.7.10-17.1mdv2008.1.i586.rpm
49d36222b49e6259a119aa60d94f6ef6 2008.1/i586/rxvt-CJK-2.7.10-17.1mdv2008.1.i586.rpm
ba19748c3c818b097c5f67d00ae43134 2008.1/SRPMS/rxvt-2.7.10-17.1mdv2008.0.src.rpm
Mandriva Linux 2008.1/X86_64:
35b3cfabfb394776cae6c0b1a10ab964 2008.1/x86_64/rxvt-2.7.10-17.1mdv2008.1.x86_64.rpm
a3da3ba50a830441972b2543ed67827a 2008.1/x86_64/rxvt-CJK-2.7.10-17.1mdv2008.1.x86_64.rpm
ba19748c3c818b097c5f67d00ae43134 2008.1/SRPMS/rxvt-2.7.10-17.1mdv2008.0.src.rpm
Corporate 3.0:
cb6ac4354c0d8318a601763eb1bfdbfa corporate/3.0/i586/rxvt-2.7.10-9.1.C30mdk.i586.rpm
eebcd4d9b19b4d0656212c6e4d0541da corporate/3.0/i586/rxvt-CJK-2.7.10-9.1.C30mdk.i586.rpm
ded480e4d648c4639d90de1ac2de935d corporate/3.0/SRPMS/rxvt-2.7.10-9.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
149aef5a3dab942e78e2fb96d7bde221 corporate/3.0/x86_64/rxvt-2.7.10-9.1.C30mdk.x86_64.rpm
5665b6aca60cb592bccd67cb99cafec2 corporate/3.0/x86_64/rxvt-CJK-2.7.10-9.1.C30mdk.x86_64.rpm
ded480e4d648c4639d90de1ac2de935d corporate/3.0/SRPMS/rxvt-2.7.10-9.1.C30mdk.src.rpm
Corporate 4.0:
500e79ac86c14861a69c2bf8c72f0325 corporate/4.0/i586/rxvt-2.7.10-13.1.20060mlcs4.i586.rpm
e4d09a0e068739291785382d215ef80d corporate/4.0/i586/rxvt-CJK-2.7.10-13.1.20060mlcs4.i586.rpm
889447e164e762ea80a1b64de69e5a15 corporate/4.0/SRPMS/rxvt-2.7.10-13.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
186d8735347752199a6da2f369bf7f93 corporate/4.0/x86_64/rxvt-2.7.10-13.1.20060mlcs4.x86_64.rpm
fab3e425e1d0d39a298c0000203a7ebb corporate/4.0/x86_64/rxvt-CJK-2.7.10-13.1.20060mlcs4.x86_64.rpm
889447e164e762ea80a1b64de69e5a15 corporate/4.0/SRPMS/rxvt-2.7.10-13.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIm0bNmqjQ0CJFipgRAszKAKCJJ52NXN7/hfGfe5NLC6BKlI6POACdFkBh
a7gln4nBgMCPOGNn6TRE1U8=
=zzJU
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists