|
|
>> Mandriva Security Update Fixes Xterm Command Execution Vulnerability
|
Title : Mandriva Security Update Fixes Xterm Command Execution Vulnerability
VUPEN ID : VUPEN/ADV-2009-0080
CVE ID : CVE-2008-2383
Rated as : Low Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2009-01-12
|
A vulnerability has been identified in Mandriva, which could be exploited by attackers to execute arbitrary code. This issue is caused by an error in Xterm. For additional information, see : VUPEN/ADV-2009-0002
Affected Products
Mandriva Linux 2008.0
Mandriva Linux 2008.1
Mandriva Linux 2009.0
Mandriva Corporate 3.0
Mandriva Corporate 4.0
Solution
Upgrade the affected packages :
Mandriva Linux 2008.0:
0afcdb50028ef42a65de6d144aa132e0 2008.0/i586/xterm-229-2.1mdv2008.0.i586.rpm
4ab46d69ae67182b660d9d876b2d7d4a 2008.0/SRPMS/xterm-229-2.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
0edc195a66de717de16ce187bdb52605 2008.0/x86_64/xterm-229-2.1mdv2008.0.x86_64.rpm
4ab46d69ae67182b660d9d876b2d7d4a 2008.0/SRPMS/xterm-229-2.1mdv2008.0.src.rpm
Mandriva Linux 2008.1:
42985a0486e1bea3196576216dc29fff 2008.1/i586/xterm-232-1.1mdv2008.1.i586.rpm
7ae405602b65a1fc1e53ce7b9619ea4c 2008.1/SRPMS/xterm-232-1.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
8b3dc6fb6c25034b47094c2895244f52 2008.1/x86_64/xterm-232-1.1mdv2008.1.x86_64.rpm
7ae405602b65a1fc1e53ce7b9619ea4c 2008.1/SRPMS/xterm-232-1.1mdv2008.1.src.rpm
Mandriva Linux 2009.0:
eb3c38a51326b1eafb5d0ad6f4e73ddb 2009.0/i586/xterm-236-1.1mdv2009.0.i586.rpm
0852446a157588e61c85ce589d140b7f 2009.0/SRPMS/xterm-236-1.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
33aa6e252961cfa84aa243f4654bd0b7 2009.0/x86_64/xterm-236-1.1mdv2009.0.x86_64.rpm
0852446a157588e61c85ce589d140b7f 2009.0/SRPMS/xterm-236-1.1mdv2009.0.src.rpm
Corporate 3.0:
60f0250c17212cf80c5e81e0ba4f5b82 corporate/3.0/i586/xterm-184-1.1.C30mdk.i586.rpm
8674b5ce234d367814905944cbbb48a6 corporate/3.0/SRPMS/xterm-184-1.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
05b5a40265d8a5a9f6da03af5920252a corporate/3.0/x86_64/xterm-184-1.1.C30mdk.x86_64.rpm
8674b5ce234d367814905944cbbb48a6 corporate/3.0/SRPMS/xterm-184-1.1.C30mdk.src.rpm
Corporate 4.0:
3f8bb08944785f50ab189fdc9af829e1 corporate/4.0/i586/xterm-203-1.1.20060mlcs4.i586.rpm
dff8e15cc4fd01732ca2097b2bc4731d corporate/4.0/SRPMS/xterm-203-1.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
7da181fbf15239e44b4f887e1bbbcc03 corporate/4.0/x86_64/xterm-203-1.1.20060mlcs4.x86_64.rpm
dff8e15cc4fd01732ca2097b2bc4731d corporate/4.0/SRPMS/xterm-203-1.1.20060mlcs4.src.rpm
References
http://www.vupen.com/english/advisories/2009/0080
http://lists.mandriva.com/security-announce/2009-01/msg00014.php
ChangeLog
2009-01-12 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
