[ MDVSA-2008:161 ] rxvt

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [ MDVSA-2008:161 ] rxvt
From: security@xxxxxxxxxxxx
Date: Thu, 07 Aug 2008 14:51:00 -0600
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: <xsecurity@xxxxxxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2008:161
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : rxvt
 Date    : August 7, 2008
 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability in rxvt allowed it to open a terminal on :0 if the
 environment variable was not set, which could be used by a local user
 to hijack X11 connections (CVE-2008-1142).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1142
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2007.1:
 57b033071ca6cf454e53679cfc946215  
2007.1/i586/rxvt-2.7.10-16.1mdv2007.1.i586.rpm
 987dfd1fc331f8047320a567205f2b0e  
2007.1/i586/rxvt-CJK-2.7.10-16.1mdv2007.1.i586.rpm 
 22d14c838873f3a5a12953ddc80b379f  
2007.1/SRPMS/rxvt-2.7.10-16.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 1aa9086c284832ff0d8bea0df49b2dc0  
2007.1/x86_64/rxvt-2.7.10-16.1mdv2007.1.x86_64.rpm
 526300e80d46b885b4c0c2a7f89e5713  
2007.1/x86_64/rxvt-CJK-2.7.10-16.1mdv2007.1.x86_64.rpm 
 22d14c838873f3a5a12953ddc80b379f  
2007.1/SRPMS/rxvt-2.7.10-16.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 1ffd0f19c9b1f4e3aaf754ecf93add8e  
2008.0/i586/rxvt-2.7.10-16.1mdv2008.0.i586.rpm
 4b5fb452195f84baeb32cb5a34621a65  
2008.0/i586/rxvt-CJK-2.7.10-16.1mdv2008.0.i586.rpm 
 8cb62791b100d1d29139755da8395385  
2008.0/SRPMS/rxvt-2.7.10-16.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 4cfc1a35513ec7132f824451c7c8acf2  
2008.0/x86_64/rxvt-2.7.10-16.1mdv2008.0.x86_64.rpm
 d2ecb0199b0077ade4c0547288b94517  
2008.0/x86_64/rxvt-CJK-2.7.10-16.1mdv2008.0.x86_64.rpm 
 8cb62791b100d1d29139755da8395385  
2008.0/SRPMS/rxvt-2.7.10-16.1mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 71568160ba7e7b8a0491d519c7831681  
2008.1/i586/rxvt-2.7.10-17.1mdv2008.1.i586.rpm
 49d36222b49e6259a119aa60d94f6ef6  
2008.1/i586/rxvt-CJK-2.7.10-17.1mdv2008.1.i586.rpm 
 ba19748c3c818b097c5f67d00ae43134  
2008.1/SRPMS/rxvt-2.7.10-17.1mdv2008.0.src.rpm

 Mandriva Linux 2008.1/X86_64:
 35b3cfabfb394776cae6c0b1a10ab964  
2008.1/x86_64/rxvt-2.7.10-17.1mdv2008.1.x86_64.rpm
 a3da3ba50a830441972b2543ed67827a  
2008.1/x86_64/rxvt-CJK-2.7.10-17.1mdv2008.1.x86_64.rpm 
 ba19748c3c818b097c5f67d00ae43134  
2008.1/SRPMS/rxvt-2.7.10-17.1mdv2008.0.src.rpm

 Corporate 3.0:
 cb6ac4354c0d8318a601763eb1bfdbfa  
corporate/3.0/i586/rxvt-2.7.10-9.1.C30mdk.i586.rpm
 eebcd4d9b19b4d0656212c6e4d0541da  
corporate/3.0/i586/rxvt-CJK-2.7.10-9.1.C30mdk.i586.rpm 
 ded480e4d648c4639d90de1ac2de935d  
corporate/3.0/SRPMS/rxvt-2.7.10-9.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 149aef5a3dab942e78e2fb96d7bde221  
corporate/3.0/x86_64/rxvt-2.7.10-9.1.C30mdk.x86_64.rpm
 5665b6aca60cb592bccd67cb99cafec2  
corporate/3.0/x86_64/rxvt-CJK-2.7.10-9.1.C30mdk.x86_64.rpm 
 ded480e4d648c4639d90de1ac2de935d  
corporate/3.0/SRPMS/rxvt-2.7.10-9.1.C30mdk.src.rpm

 Corporate 4.0:
 500e79ac86c14861a69c2bf8c72f0325  
corporate/4.0/i586/rxvt-2.7.10-13.1.20060mlcs4.i586.rpm
 e4d09a0e068739291785382d215ef80d  
corporate/4.0/i586/rxvt-CJK-2.7.10-13.1.20060mlcs4.i586.rpm 
 889447e164e762ea80a1b64de69e5a15  
corporate/4.0/SRPMS/rxvt-2.7.10-13.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 186d8735347752199a6da2f369bf7f93  
corporate/4.0/x86_64/rxvt-2.7.10-13.1.20060mlcs4.x86_64.rpm
 fab3e425e1d0d39a298c0000203a7ebb  
corporate/4.0/x86_64/rxvt-CJK-2.7.10-13.1.20060mlcs4.x86_64.rpm 
 889447e164e762ea80a1b64de69e5a15  
corporate/4.0/SRPMS/rxvt-2.7.10-13.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIm0bNmqjQ0CJFipgRAszKAKCJJ52NXN7/hfGfe5NLC6BKlI6POACdFkBh
a7gln4nBgMCPOGNn6TRE1U8=
=zzJU
-----END PGP SIGNATURE-----

Prev by Date: Re: [SE-2008-01] J2ME Security Vulnerabilities 2008
Next by Date: Re: OpenVMS fingerd remote stack overflow
Previous by thread: e107 <= 0.7.11 Arbitrary Variable Overwriting
Next by thread: [ MDVSA-2008:163 ] python
Index(es):
- Date
- Thread