|
|
| Problem Description |
A vulnerability in rxvt allowed it to open a terminal on :0 if the
environment variable was not set, which could be used by a local user
to hijack X11 connections (CVE-2008-1142).
The updated packages have been patched to correct this issue.
| Updated Packages |
Corporate Server 3.0
cb6ac4354c0d8318a601763eb1bfdbfa corporate/3.0/i586/rxvt-2.7.10-9.1.C30mdk.i586.rpm eebcd4d9b19b4d0656212c6e4d0541da corporate/3.0/i586/rxvt-CJK-2.7.10-9.1.C30mdk.i586.rpm ded480e4d648c4639d90de1ac2de935d corporate/3.0/SRPMS/rxvt-2.7.10-9.1.C30mdk.src.rpm
Corporate Server 3.0/X86_64
149aef5a3dab942e78e2fb96d7bde221 corporate/3.0/x86_64/rxvt-2.7.10-9.1.C30mdk.x86_64.rpm 5665b6aca60cb592bccd67cb99cafec2 corporate/3.0/x86_64/rxvt-CJK-2.7.10-9.1.C30mdk.x86_64.rpm ded480e4d648c4639d90de1ac2de935d corporate/3.0/SRPMS/rxvt-2.7.10-9.1.C30mdk.src.rpm
Corporate Server 4.0
500e79ac86c14861a69c2bf8c72f0325 corporate/4.0/i586/rxvt-2.7.10-13.1.20060mlcs4.i586.rpm e4d09a0e068739291785382d215ef80d corporate/4.0/i586/rxvt-CJK-2.7.10-13.1.20060mlcs4.i586.rpm 889447e164e762ea80a1b64de69e5a15 corporate/4.0/SRPMS/rxvt-2.7.10-13.1.20060mlcs4.src.rpm
Corporate Server 4.0/X86_64
186d8735347752199a6da2f369bf7f93 corporate/4.0/x86_64/rxvt-2.7.10-13.1.20060mlcs4.x86_64.rpm fab3e425e1d0d39a298c0000203a7ebb corporate/4.0/x86_64/rxvt-CJK-2.7.10-13.1.20060mlcs4.x86_64.rpm 889447e164e762ea80a1b64de69e5a15 corporate/4.0/SRPMS/rxvt-2.7.10-13.1.20060mlcs4.src.rpm
Mandriva Linux 2007.1
57b033071ca6cf454e53679cfc946215 2007.1/i586/rxvt-2.7.10-16.1mdv2007.1.i586.rpm 987dfd1fc331f8047320a567205f2b0e 2007.1/i586/rxvt-CJK-2.7.10-16.1mdv2007.1.i586.rpm 22d14c838873f3a5a12953ddc80b379f 2007.1/SRPMS/rxvt-2.7.10-16.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64
1aa9086c284832ff0d8bea0df49b2dc0 2007.1/x86_64/rxvt-2.7.10-16.1mdv2007.1.x86_64.rpm 526300e80d46b885b4c0c2a7f89e5713 2007.1/x86_64/rxvt-CJK-2.7.10-16.1mdv2007.1.x86_64.rpm 22d14c838873f3a5a12953ddc80b379f 2007.1/SRPMS/rxvt-2.7.10-16.1mdv2007.1.src.rpm
Mandriva Linux 2008.0
1ffd0f19c9b1f4e3aaf754ecf93add8e 2008.0/i586/rxvt-2.7.10-16.1mdv2008.0.i586.rpm 4b5fb452195f84baeb32cb5a34621a65 2008.0/i586/rxvt-CJK-2.7.10-16.1mdv2008.0.i586.rpm 8cb62791b100d1d29139755da8395385 2008.0/SRPMS/rxvt-2.7.10-16.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64
4cfc1a35513ec7132f824451c7c8acf2 2008.0/x86_64/rxvt-2.7.10-16.1mdv2008.0.x86_64.rpm d2ecb0199b0077ade4c0547288b94517 2008.0/x86_64/rxvt-CJK-2.7.10-16.1mdv2008.0.x86_64.rpm 8cb62791b100d1d29139755da8395385 2008.0/SRPMS/rxvt-2.7.10-16.1mdv2008.0.src.rpm
Mandriva Linux 2008.1
71568160ba7e7b8a0491d519c7831681 2008.1/i586/rxvt-2.7.10-17.1mdv2008.1.i586.rpm 49d36222b49e6259a119aa60d94f6ef6 2008.1/i586/rxvt-CJK-2.7.10-17.1mdv2008.1.i586.rpm ba19748c3c818b097c5f67d00ae43134 2008.1/SRPMS/rxvt-2.7.10-17.1mdv2008.0.src.rpm
Mandriva Linux 2008.1/X86_64
35b3cfabfb394776cae6c0b1a10ab964 2008.1/x86_64/rxvt-2.7.10-17.1mdv2008.1.x86_64.rpm a3da3ba50a830441972b2543ed67827a 2008.1/x86_64/rxvt-CJK-2.7.10-17.1mdv2008.1.x86_64.rpm ba19748c3c818b097c5f67d00ae43134 2008.1/SRPMS/rxvt-2.7.10-17.1mdv2008.0.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1142
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.