[Security Announce] [ MDVSA-2008:161 ] rxvt

news · August 7, 2008

This is a multi-part message in MIME format...

------------=_1218142236-11275-7974

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:161

http://www.mandriva.com/security/

_______________________________________________________________________

Package : rxvt

Date : August 7, 2008

Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0

_______________________________________________________________________

Problem Description:

A vulnerability in rxvt allowed it to open a terminal on :0 if the

environment variable was not set, which could be used by a local user

to hijack X11 connections (CVE-2008-1142).

The updated packages have been patched to correct this issue.

_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1142

_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.1:

57b033071ca6cf454e53679cfc946215 2007.1/i586/rxvt-2.7.10-16.1mdv2007.1.i586.rpm

987dfd1fc331f8047320a567205f2b0e 2007.1/i586/rxvt-CJK-2.7.10-16.1mdv2007.1.i586.rpm

22d14c838873f3a5a12953ddc80b379f 2007.1/SRPMS/rxvt-2.7.10-16.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:

1aa9086c284832ff0d8bea0df49b2dc0 2007.1/x86_64/rxvt-2.7.10-16.1mdv2007.1.x86_64.rpm

526300e80d46b885b4c0c2a7f89e5713 2007.1/x86_64/rxvt-CJK-2.7.10-16.1mdv2007.1.x86_64.rpm

22d14c838873f3a5a12953ddc80b379f 2007.1/SRPMS/rxvt-2.7.10-16.1mdv2007.1.src.rpm

Mandriva Linux 2008.0:

1ffd0f19c9b1f4e3aaf754ecf93add8e 2008.0/i586/rxvt-2.7.10-16.1mdv2008.0.i586.rpm

4b5fb452195f84baeb32cb5a34621a65 2008.0/i586/rxvt-CJK-2.7.10-16.1mdv2008.0.i586.rpm

8cb62791b100d1d29139755da8395385 2008.0/SRPMS/rxvt-2.7.10-16.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:

4cfc1a35513ec7132f824451c7c8acf2 2008.0/x86_64/rxvt-2.7.10-16.1mdv2008.0.x86_64.rpm

d2ecb0199b0077ade4c0547288b94517 2008.0/x86_64/rxvt-CJK-2.7.10-16.1mdv2008.0.x86_64.rpm

8cb62791b100d1d29139755da8395385 2008.0/SRPMS/rxvt-2.7.10-16.1mdv2008.0.src.rpm

Mandriva Linux 2008.1:

71568160ba7e7b8a0491d519c7831681 2008.1/i586/rxvt-2.7.10-17.1mdv2008.1.i586.rpm

49d36222b49e6259a119aa60d94f6ef6 2008.1/i586/rxvt-CJK-2.7.10-17.1mdv2008.1.i586.rpm

ba19748c3c818b097c5f67d00ae43134 2008.1/SRPMS/rxvt-2.7.10-17.1mdv2008.0.src.rpm

Mandriva Linux 2008.1/X86_64:

35b3cfabfb394776cae6c0b1a10ab964 2008.1/x86_64/rxvt-2.7.10-17.1mdv2008.1.x86_64.rpm

a3da3ba50a830441972b2543ed67827a 2008.1/x86_64/rxvt-CJK-2.7.10-17.1mdv2008.1.x86_64.rpm

ba19748c3c818b097c5f67d00ae43134 2008.1/SRPMS/rxvt-2.7.10-17.1mdv2008.0.src.rpm

Corporate 3.0:

cb6ac4354c0d8318a601763eb1bfdbfa corporate/3.0/i586/rxvt-2.7.10-9.1.C30mdk.i586.rpm

eebcd4d9b19b4d0656212c6e4d0541da corporate/3.0/i586/rxvt-CJK-2.7.10-9.1.C30mdk.i586.rpm

ded480e4d648c4639d90de1ac2de935d corporate/3.0/SRPMS/rxvt-2.7.10-9.1.C30mdk.src.rpm

Corporate 3.0/X86_64:

149aef5a3dab942e78e2fb96d7bde221 corporate/3.0/x86_64/rxvt-2.7.10-9.1.C30mdk.x86_64.rpm

5665b6aca60cb592bccd67cb99cafec2 corporate/3.0/x86_64/rxvt-CJK-2.7.10-9.1.C30mdk.x86_64.rpm

ded480e4d648c4639d90de1ac2de935d corporate/3.0/SRPMS/rxvt-2.7.10-9.1.C30mdk.src.rpm

Corporate 4.0:

500e79ac86c14861a69c2bf8c72f0325 corporate/4.0/i586/rxvt-2.7.10-13.1.20060mlcs4.i586.rpm

e4d09a0e068739291785382d215ef80d corporate/4.0/i586/rxvt-CJK-2.7.10-13.1.20060mlcs4.i586.rpm

889447e164e762ea80a1b64de69e5a15 corporate/4.0/SRPMS/rxvt-2.7.10-13.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:

186d8735347752199a6da2f369bf7f93 corporate/4.0/x86_64/rxvt-2.7.10-13.1.20060mlcs4.x86_64.rpm

fab3e425e1d0d39a298c0000203a7ebb corporate/4.0/x86_64/rxvt-CJK-2.7.10-13.1.20060mlcs4.x86_64.rpm

889447e164e762ea80a1b64de69e5a15 corporate/4.0/SRPMS/rxvt-2.7.10-13.1.20060mlcs4.src.rpm

_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

_______________________________________________________________________

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIm0bNmqjQ0CJFipgRAszKAKCJJ52NXN7/hfGfe5NLC6BKlI6POACdFkBh

a7gln4nBgMCPOGNn6TRE1U8=

=zzJU

-----END PGP SIGNATURE-----

------------=_1218142236-11275-7974

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

------------=_1218142236-11275-7974--

Sign In

[Security Announce] [ MDVSA-2008:161 ] rxvt

Recommended Posts

news 28

Share this post

Link to post

Please sign in to comment

Browse

Activity