Support / Security / Advisories / Mandriva Linux 2009.0 / MDVSA-2011:076

Package name: xrdb
Date: 2011-04-21
Advisory ID: MDVSA-2011:076
Affected versions: 2009.0 x86_64 , MES5 i586 , 2010.0 x86_64 , 2010.1 i586 , 2010.0 i586 , 2009.0 i586 , CS4.0 i586 , CS4.0 x86_64 , MES5 x86_64 , 2010.1 x86_64

Problem description

A vulnerability has been found and corrected in xrdb:

xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote
attackers to execute arbitrary commands via shell metacharacters in a
hostname obtained from a (1) DHCP or (2) XDMCP message (CVE-2011-0465).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Updated packages

2009.0 x86_64

 f30e9837ea55b7e8ca3b07df10f6d3da  2009.0/x86_64/xrdb-1.0.5-2.1mdv2009.0.x86_64.rpm 
 c54552dc2be1d209306d10485c51a58f  2009.0/SRPMS/xrdb-1.0.5-2.1mdv2009.0.src.rpm

MES5 i586

 177da11f1c81a977b82b7959ab52feee  mes5/i586/xrdb-1.0.5-2.1mdvmes5.2.i586.rpm 
 8092d340dad307ec0bba8f2944ab1cd9  mes5/SRPMS/xrdb-1.0.5-2.1mdvmes5.2.src.rpm

2010.0 x86_64

 9fa3abb96735f0ca635cb291e50bb752  2010.0/x86_64/xrdb-1.0.5-3.1mdv2010.0.x86_64.rpm 
 9343722a33c12c0dbc2737fd594fa187  2010.0/SRPMS/xrdb-1.0.5-3.1mdv2010.0.src.rpm

2010.1 i586

 0985cb845115c17162f54c0ed817eb29  2010.1/i586/xrdb-1.0.6-1.1mdv2010.2.i586.rpm 
 bddf6ad2c3f0962a7a5cacd9dd4e16d5  2010.1/SRPMS/xrdb-1.0.6-1.1mdv2010.2.src.rpm

2010.0 i586

 427c231f890f19d1795ebbdfdf1666bd  2010.0/i586/xrdb-1.0.5-3.1mdv2010.0.i586.rpm 
 9343722a33c12c0dbc2737fd594fa187  2010.0/SRPMS/xrdb-1.0.5-3.1mdv2010.0.src.rpm

2009.0 i586

 60ecd2dcd071e0bf9b3afe883089c1e8  2009.0/i586/xrdb-1.0.5-2.1mdv2009.0.i586.rpm 
 c54552dc2be1d209306d10485c51a58f  2009.0/SRPMS/xrdb-1.0.5-2.1mdv2009.0.src.rpm

CS4.0 i586

 5225e55fb24c725fc8f460354fd7caf7  corporate/4.0/i586/libxorg-x11-6.9.0-5.19.20060mlcs4.i586.rpm
 b6bfd335354d16f7e0c09999ce2f3f81  corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.19.20060mlcs4.i586.rpm
 fc5b84b8ce7857ed2c2029db2e4d564d  corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.19.20060mlcs4.i586.rpm
 54532ced01faa7ce715991ff371611f7  corporate/4.0/i586/X11R6-contrib-6.9.0-5.19.20060mlcs4.i586.rpm
 8e3fb2bd5b943c12cd63da5e17b50436  corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.19.20060mlcs4.i586.rpm
 80029cb36d7a9fa098cd6866998b3156  corporate/4.0/i586/xorg-x11-6.9.0-5.19.20060mlcs4.i586.rpm
 22ef9b6ab80d926a434e9d3d9fb27028  corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.19.20060mlcs4.i586.rpm
 9988917b19a5a0eadc44c763e2d66db8  corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.19.20060mlcs4.i586.rpm
 5d6cf097cd197521bed55207151a8262  corporate/4.0/i586/xorg-x11-doc-6.9.0-5.19.20060mlcs4.i586.rpm
 a91cad9347cd3d0579a6be84d8267d6a  corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.19.20060mlcs4.i586.rpm
 321500342b29f25beaa5e27f26837fb2  corporate/4.0/i586/xorg-x11-server-6.9.0-5.19.20060mlcs4.i586.rpm
 0abec00155e0a5fe9a392f136b1bfb7b  corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.19.20060mlcs4.i586.rpm
 d4bfbd64a6b68bb64fd2c795610fbf6d  corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.19.20060mlcs4.i586.rpm
 9651e47d4a3644c001843bb10cc4edb7  corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.19.20060mlcs4.i586.rpm
 723cb1007017996b97e633981865c806  corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.19.20060mlcs4.i586.rpm
 03c42c17b7cc519640b0a055928a9cb5  corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.19.20060mlcs4.i586.rpm
 ea4dcdd36bc60ce19338790610c04af1  corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.19.20060mlcs4.i586.rpm 
 6b2b79934268dfbaa76700ba6d737247  corporate/4.0/SRPMS/xorg-x11-6.9.0-5.19.20060mlcs4.src.rpm

CS4.0 x86_64

 107e45d41b6158e309254f7f0375f4be  corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.19.20060mlcs4.x86_64.rpm
 08609d94b50950755e27b3df08c4bd07  corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.19.20060mlcs4.x86_64.rpm
 e7b6b41d67065c7de38adec514edbe94  corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.19.20060mlcs4.x86_64.rpm
 1120443bea193b407062834d65047977  corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.19.20060mlcs4.x86_64.rpm
 df714fcee04af6889907be7ba91c3dd9  corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.19.20060mlcs4.x86_64.rpm
 76e13eace2a5859b2e04d20d5b303835  corporate/4.0/x86_64/xorg-x11-6.9.0-5.19.20060mlcs4.x86_64.rpm
 b790aea2730d014ce9605818b4f16ae9  corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.19.20060mlcs4.x86_64.rpm
 edb96b1bd7d6606565fccd16f36526db  corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.19.20060mlcs4.x86_64.rpm
 ea46c3d077a291bbf6f858c32ef81975  corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.19.20060mlcs4.x86_64.rpm
 3cd6a0062ba54222aadb6035655ea015  corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.19.20060mlcs4.x86_64.rpm
 9bf18b5203c3c9932ab041a2772eba7f  corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.19.20060mlcs4.x86_64.rpm
 61887ebe914f98d873b7bf958db70dba  corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.19.20060mlcs4.x86_64.rpm
 c61265b4bb19e133688a093238d699c5  corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.19.20060mlcs4.x86_64.rpm
 66bedef6b606dcf6ac337e86b8e0c7a1  corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.19.20060mlcs4.x86_64.rpm
 fb2b9bda00c1b90e341b5e59409f8a8a  corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.19.20060mlcs4.x86_64.rpm
 5008a8450fa211b14d7fa8c779b9ecac  corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.19.20060mlcs4.x86_64.rpm
 f983f06870856e2005f54d42d7689285  corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.19.20060mlcs4.x86_64.rpm 
 6b2b79934268dfbaa76700ba6d737247  corporate/4.0/SRPMS/xorg-x11-6.9.0-5.19.20060mlcs4.src.rpm

MES5 x86_64

 62130274606d98bf1a47e3d0117bbe34  mes5/x86_64/xrdb-1.0.5-2.1mdvmes5.2.x86_64.rpm 
 8092d340dad307ec0bba8f2944ab1cd9  mes5/SRPMS/xrdb-1.0.5-2.1mdvmes5.2.src.rpm

2010.1 x86_64

 f2bdd265ca0750ff8e056d47fcccd395  2010.1/x86_64/xrdb-1.0.6-1.1mdv2010.2.x86_64.rpm 
 bddf6ad2c3f0962a7a5cacd9dd4e16d5  2010.1/SRPMS/xrdb-1.0.6-1.1mdv2010.2.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0465