|
|
| Problem Description |
A vulnerability in rxvt allowed it to open a terminal on :0 if the
environment variable was not set, which could be used by a local
user to hijack X11 connections (CVE-2008-1142). This issue also
affects aterm.
The updated packages have been patched to correct this issue.
| Updated Packages |
Corporate Server 3.0
7301be6e49535426d49e64d1255028e4 corporate/3.0/i586/aterm-0.4.2-3.1.C30mdk.i586.rpm 10d8859dec5f348141b56a40e21e7da5 corporate/3.0/SRPMS/aterm-0.4.2-3.1.C30mdk.src.rpm
Corporate Server 3.0/X86_64
8dae1abce15b0ac11e1b2b1dda84998d corporate/3.0/x86_64/aterm-0.4.2-3.1.C30mdk.x86_64.rpm 10d8859dec5f348141b56a40e21e7da5 corporate/3.0/SRPMS/aterm-0.4.2-3.1.C30mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1142
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.