Sicherheit: Ausführen beliebiger Kommandos in xrdb

Lesezeichen hinzufügen

This is a multi-part message in MIME format...

------------=_1303400892-2221-403

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2011:076
http://www.mandriva.com/security/
_______________________________________________________________________

Package : xrdb
Date : April 21, 2011
Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in xrdb:

xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote
attackers to execute arbitrary commands via shell metacharacters in a
hostname obtained from a (1) DHCP or (2) XDMCP message (CVE-2011-0465).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0465
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.0:
60ecd2dcd071e0bf9b3afe883089c1e8 2009.0/i586/xrdb-1.0.5-2.1mdv2009.0.i586.rpm

c54552dc2be1d209306d10485c51a58f 2009.0/SRPMS/xrdb-1.0.5-2.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
f30e9837ea55b7e8ca3b07df10f6d3da
2009.0/x86_64/xrdb-1.0.5-2.1mdv2009.0.x86_64.rpm
c54552dc2be1d209306d10485c51a58f 2009.0/SRPMS/xrdb-1.0.5-2.1mdv2009.0.src.rpm

Mandriva Linux 2010.0:
427c231f890f19d1795ebbdfdf1666bd 2010.0/i586/xrdb-1.0.5-3.1mdv2010.0.i586.rpm

9343722a33c12c0dbc2737fd594fa187 2010.0/SRPMS/xrdb-1.0.5-3.1mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
9fa3abb96735f0ca635cb291e50bb752
2010.0/x86_64/xrdb-1.0.5-3.1mdv2010.0.x86_64.rpm
9343722a33c12c0dbc2737fd594fa187 2010.0/SRPMS/xrdb-1.0.5-3.1mdv2010.0.src.rpm

Mandriva Linux 2010.1:
0985cb845115c17162f54c0ed817eb29 2010.1/i586/xrdb-1.0.6-1.1mdv2010.2.i586.rpm

bddf6ad2c3f0962a7a5cacd9dd4e16d5 2010.1/SRPMS/xrdb-1.0.6-1.1mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
f2bdd265ca0750ff8e056d47fcccd395
2010.1/x86_64/xrdb-1.0.6-1.1mdv2010.2.x86_64.rpm
bddf6ad2c3f0962a7a5cacd9dd4e16d5 2010.1/SRPMS/xrdb-1.0.6-1.1mdv2010.2.src.rpm

Corporate 4.0:
5225e55fb24c725fc8f460354fd7caf7
corporate/4.0/i586/libxorg-x11-6.9.0-5.19.20060mlcs4.i586.rpm
b6bfd335354d16f7e0c09999ce2f3f81
corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.19.20060mlcs4.i586.rpm
fc5b84b8ce7857ed2c2029db2e4d564d
corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.19.20060mlcs4.i586.rpm
54532ced01faa7ce715991ff371611f7
corporate/4.0/i586/X11R6-contrib-6.9.0-5.19.20060mlcs4.i586.rpm
8e3fb2bd5b943c12cd63da5e17b50436
corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.19.20060mlcs4.i586.rpm
80029cb36d7a9fa098cd6866998b3156
corporate/4.0/i586/xorg-x11-6.9.0-5.19.20060mlcs4.i586.rpm
22ef9b6ab80d926a434e9d3d9fb27028
corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.19.20060mlcs4.i586.rpm
9988917b19a5a0eadc44c763e2d66db8
corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.19.20060mlcs4.i586.rpm
5d6cf097cd197521bed55207151a8262
corporate/4.0/i586/xorg-x11-doc-6.9.0-5.19.20060mlcs4.i586.rpm
a91cad9347cd3d0579a6be84d8267d6a
corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.19.20060mlcs4.i586.rpm
321500342b29f25beaa5e27f26837fb2
corporate/4.0/i586/xorg-x11-server-6.9.0-5.19.20060mlcs4.i586.rpm
0abec00155e0a5fe9a392f136b1bfb7b
corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.19.20060mlcs4.i586.rpm
d4bfbd64a6b68bb64fd2c795610fbf6d
corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.19.20060mlcs4.i586.rpm
9651e47d4a3644c001843bb10cc4edb7
corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.19.20060mlcs4.i586.rpm
723cb1007017996b97e633981865c806
corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.19.20060mlcs4.i586.rpm
03c42c17b7cc519640b0a055928a9cb5
corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.19.20060mlcs4.i586.rpm
ea4dcdd36bc60ce19338790610c04af1
corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.19.20060mlcs4.i586.rpm
6b2b79934268dfbaa76700ba6d737247
corporate/4.0/SRPMS/xorg-x11-6.9.0-5.19.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
107e45d41b6158e309254f7f0375f4be
corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.19.20060mlcs4.x86_64.rpm
08609d94b50950755e27b3df08c4bd07
corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.19.20060mlcs4.x86_64.rpm
e7b6b41d67065c7de38adec514edbe94
corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.19.20060mlcs4.x86_64.rpm
1120443bea193b407062834d65047977
corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.19.20060mlcs4.x86_64.rpm
df714fcee04af6889907be7ba91c3dd9
corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.19.20060mlcs4.x86_64.rpm
76e13eace2a5859b2e04d20d5b303835
corporate/4.0/x86_64/xorg-x11-6.9.0-5.19.20060mlcs4.x86_64.rpm
b790aea2730d014ce9605818b4f16ae9
corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.19.20060mlcs4.x86_64.rpm
edb96b1bd7d6606565fccd16f36526db
corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.19.20060mlcs4.x86_64.rpm
ea46c3d077a291bbf6f858c32ef81975
corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.19.20060mlcs4.x86_64.rpm
3cd6a0062ba54222aadb6035655ea015
corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.19.20060mlcs4.x86_64.rpm
9bf18b5203c3c9932ab041a2772eba7f
corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.19.20060mlcs4.x86_64.rpm
61887ebe914f98d873b7bf958db70dba
corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.19.20060mlcs4.x86_64.rpm
c61265b4bb19e133688a093238d699c5
corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.19.20060mlcs4.x86_64.rpm
66bedef6b606dcf6ac337e86b8e0c7a1
corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.19.20060mlcs4.x86_64.rpm
fb2b9bda00c1b90e341b5e59409f8a8a
corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.19.20060mlcs4.x86_64.rpm
5008a8450fa211b14d7fa8c779b9ecac
corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.19.20060mlcs4.x86_64.rpm
f983f06870856e2005f54d42d7689285
corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.19.20060mlcs4.x86_64.rpm
6b2b79934268dfbaa76700ba6d737247
corporate/4.0/SRPMS/xorg-x11-6.9.0-5.19.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:
177da11f1c81a977b82b7959ab52feee mes5/i586/xrdb-1.0.5-2.1mdvmes5.2.i586.rpm
8092d340dad307ec0bba8f2944ab1cd9 mes5/SRPMS/xrdb-1.0.5-2.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
62130274606d98bf1a47e3d0117bbe34
mes5/x86_64/xrdb-1.0.5-2.1mdvmes5.2.x86_64.rpm
8092d340dad307ec0bba8f2944ab1cd9 mes5/SRPMS/xrdb-1.0.5-2.1mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNsB8omqjQ0CJFipgRAnvnAKCE0gWGkUELc62dOa9WlADcuyzzHwCg84vd
2hKoj4onH9OWCRgEar4H72o=
=LBGQ
-----END PGP SIGNATURE-----

------------=_1303400892-2221-403
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1303400892-2221-403--