lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1KRCRq-0005yw-I5@titan.mandriva.com>
Date: Thu, 07 Aug 2008 14:51:00 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:161 ] rxvt


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:161
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : rxvt
 Date    : August 7, 2008
 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability in rxvt allowed it to open a terminal on :0 if the
 environment variable was not set, which could be used by a local user
 to hijack X11 connections (CVE-2008-1142).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1142
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2007.1:
 57b033071ca6cf454e53679cfc946215  2007.1/i586/rxvt-2.7.10-16.1mdv2007.1.i586.rpm
 987dfd1fc331f8047320a567205f2b0e  2007.1/i586/rxvt-CJK-2.7.10-16.1mdv2007.1.i586.rpm 
 22d14c838873f3a5a12953ddc80b379f  2007.1/SRPMS/rxvt-2.7.10-16.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 1aa9086c284832ff0d8bea0df49b2dc0  2007.1/x86_64/rxvt-2.7.10-16.1mdv2007.1.x86_64.rpm
 526300e80d46b885b4c0c2a7f89e5713  2007.1/x86_64/rxvt-CJK-2.7.10-16.1mdv2007.1.x86_64.rpm 
 22d14c838873f3a5a12953ddc80b379f  2007.1/SRPMS/rxvt-2.7.10-16.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 1ffd0f19c9b1f4e3aaf754ecf93add8e  2008.0/i586/rxvt-2.7.10-16.1mdv2008.0.i586.rpm
 4b5fb452195f84baeb32cb5a34621a65  2008.0/i586/rxvt-CJK-2.7.10-16.1mdv2008.0.i586.rpm 
 8cb62791b100d1d29139755da8395385  2008.0/SRPMS/rxvt-2.7.10-16.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 4cfc1a35513ec7132f824451c7c8acf2  2008.0/x86_64/rxvt-2.7.10-16.1mdv2008.0.x86_64.rpm
 d2ecb0199b0077ade4c0547288b94517  2008.0/x86_64/rxvt-CJK-2.7.10-16.1mdv2008.0.x86_64.rpm 
 8cb62791b100d1d29139755da8395385  2008.0/SRPMS/rxvt-2.7.10-16.1mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 71568160ba7e7b8a0491d519c7831681  2008.1/i586/rxvt-2.7.10-17.1mdv2008.1.i586.rpm
 49d36222b49e6259a119aa60d94f6ef6  2008.1/i586/rxvt-CJK-2.7.10-17.1mdv2008.1.i586.rpm 
 ba19748c3c818b097c5f67d00ae43134  2008.1/SRPMS/rxvt-2.7.10-17.1mdv2008.0.src.rpm

 Mandriva Linux 2008.1/X86_64:
 35b3cfabfb394776cae6c0b1a10ab964  2008.1/x86_64/rxvt-2.7.10-17.1mdv2008.1.x86_64.rpm
 a3da3ba50a830441972b2543ed67827a  2008.1/x86_64/rxvt-CJK-2.7.10-17.1mdv2008.1.x86_64.rpm 
 ba19748c3c818b097c5f67d00ae43134  2008.1/SRPMS/rxvt-2.7.10-17.1mdv2008.0.src.rpm

 Corporate 3.0:
 cb6ac4354c0d8318a601763eb1bfdbfa  corporate/3.0/i586/rxvt-2.7.10-9.1.C30mdk.i586.rpm
 eebcd4d9b19b4d0656212c6e4d0541da  corporate/3.0/i586/rxvt-CJK-2.7.10-9.1.C30mdk.i586.rpm 
 ded480e4d648c4639d90de1ac2de935d  corporate/3.0/SRPMS/rxvt-2.7.10-9.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 149aef5a3dab942e78e2fb96d7bde221  corporate/3.0/x86_64/rxvt-2.7.10-9.1.C30mdk.x86_64.rpm
 5665b6aca60cb592bccd67cb99cafec2  corporate/3.0/x86_64/rxvt-CJK-2.7.10-9.1.C30mdk.x86_64.rpm 
 ded480e4d648c4639d90de1ac2de935d  corporate/3.0/SRPMS/rxvt-2.7.10-9.1.C30mdk.src.rpm

 Corporate 4.0:
 500e79ac86c14861a69c2bf8c72f0325  corporate/4.0/i586/rxvt-2.7.10-13.1.20060mlcs4.i586.rpm
 e4d09a0e068739291785382d215ef80d  corporate/4.0/i586/rxvt-CJK-2.7.10-13.1.20060mlcs4.i586.rpm 
 889447e164e762ea80a1b64de69e5a15  corporate/4.0/SRPMS/rxvt-2.7.10-13.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 186d8735347752199a6da2f369bf7f93  corporate/4.0/x86_64/rxvt-2.7.10-13.1.20060mlcs4.x86_64.rpm
 fab3e425e1d0d39a298c0000203a7ebb  corporate/4.0/x86_64/rxvt-CJK-2.7.10-13.1.20060mlcs4.x86_64.rpm 
 889447e164e762ea80a1b64de69e5a15  corporate/4.0/SRPMS/rxvt-2.7.10-13.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIm0bNmqjQ0CJFipgRAszKAKCJJ52NXN7/hfGfe5NLC6BKlI6POACdFkBh
a7gln4nBgMCPOGNn6TRE1U8=
=zzJU
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ