|
|
| Problem Description |
A vulnerability in Eterm allowed it to open a terminal on :0 if
the environment variable was not set or the -display option was
not specified, which could be used by a local user to hijack X11
connections (CVE-2008-1692).
The updated packages have been patched to correct this issue.
| Updated Packages |
Corporate Server 3.0
8ed444757f3fa2f97e656cbf2510c2d6 corporate/3.0/i586/Eterm-0.9.2-3.1.C30mdk.i586.rpm 9c1081978c1c6688ff4d79838ac15725 corporate/3.0/i586/Eterm-devel-0.9.2-3.1.C30mdk.i586.rpm 3fe10ca776bbd2399da6e1e88cc8d5e0 corporate/3.0/SRPMS/Eterm-0.9.2-3.1.C30mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1692
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.