-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:076 http://www.mandriva.com/security/ _______________________________________________________________________ Package : xrdb Date : April 21, 2011 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in xrdb: xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message (CVE-2011-0465). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0465 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: 60ecd2dcd071e0bf9b3afe883089c1e8 2009.0/i586/xrdb-1.0.5-2.1mdv2009.0.i586.rpm c54552dc2be1d209306d10485c51a58f 2009.0/SRPMS/xrdb-1.0.5-2.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: f30e9837ea55b7e8ca3b07df10f6d3da 2009.0/x86_64/xrdb-1.0.5-2.1mdv2009.0.x86_64.rpm c54552dc2be1d209306d10485c51a58f 2009.0/SRPMS/xrdb-1.0.5-2.1mdv2009.0.src.rpm Mandriva Linux 2010.0: 427c231f890f19d1795ebbdfdf1666bd 2010.0/i586/xrdb-1.0.5-3.1mdv2010.0.i586.rpm 9343722a33c12c0dbc2737fd594fa187 2010.0/SRPMS/xrdb-1.0.5-3.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 9fa3abb96735f0ca635cb291e50bb752 2010.0/x86_64/xrdb-1.0.5-3.1mdv2010.0.x86_64.rpm 9343722a33c12c0dbc2737fd594fa187 2010.0/SRPMS/xrdb-1.0.5-3.1mdv2010.0.src.rpm Mandriva Linux 2010.1: 0985cb845115c17162f54c0ed817eb29 2010.1/i586/xrdb-1.0.6-1.1mdv2010.2.i586.rpm bddf6ad2c3f0962a7a5cacd9dd4e16d5 2010.1/SRPMS/xrdb-1.0.6-1.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: f2bdd265ca0750ff8e056d47fcccd395 2010.1/x86_64/xrdb-1.0.6-1.1mdv2010.2.x86_64.rpm bddf6ad2c3f0962a7a5cacd9dd4e16d5 2010.1/SRPMS/xrdb-1.0.6-1.1mdv2010.2.src.rpm Corporate 4.0: 5225e55fb24c725fc8f460354fd7caf7 corporate/4.0/i586/libxorg-x11-6.9.0-5.19.20060mlcs4.i586.rpm b6bfd335354d16f7e0c09999ce2f3f81 corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.19.20060mlcs4.i586.rpm fc5b84b8ce7857ed2c2029db2e4d564d corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.19.20060mlcs4.i586.rpm 54532ced01faa7ce715991ff371611f7 corporate/4.0/i586/X11R6-contrib-6.9.0-5.19.20060mlcs4.i586.rpm 8e3fb2bd5b943c12cd63da5e17b50436 corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.19.20060mlcs4.i586.rpm 80029cb36d7a9fa098cd6866998b3156 corporate/4.0/i586/xorg-x11-6.9.0-5.19.20060mlcs4.i586.rpm 22ef9b6ab80d926a434e9d3d9fb27028 corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.19.20060mlcs4.i586.rpm 9988917b19a5a0eadc44c763e2d66db8 corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.19.20060mlcs4.i586.rpm 5d6cf097cd197521bed55207151a8262 corporate/4.0/i586/xorg-x11-doc-6.9.0-5.19.20060mlcs4.i586.rpm a91cad9347cd3d0579a6be84d8267d6a corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.19.20060mlcs4.i586.rpm 321500342b29f25beaa5e27f26837fb2 corporate/4.0/i586/xorg-x11-server-6.9.0-5.19.20060mlcs4.i586.rpm 0abec00155e0a5fe9a392f136b1bfb7b corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.19.20060mlcs4.i586.rpm d4bfbd64a6b68bb64fd2c795610fbf6d corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.19.20060mlcs4.i586.rpm 9651e47d4a3644c001843bb10cc4edb7 corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.19.20060mlcs4.i586.rpm 723cb1007017996b97e633981865c806 corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.19.20060mlcs4.i586.rpm 03c42c17b7cc519640b0a055928a9cb5 corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.19.20060mlcs4.i586.rpm ea4dcdd36bc60ce19338790610c04af1 corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.19.20060mlcs4.i586.rpm 6b2b79934268dfbaa76700ba6d737247 corporate/4.0/SRPMS/xorg-x11-6.9.0-5.19.20060mlcs4.src.rpm Corporate 4.0/X86_64: 107e45d41b6158e309254f7f0375f4be corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.19.20060mlcs4.x86_64.rpm 08609d94b50950755e27b3df08c4bd07 corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.19.20060mlcs4.x86_64.rpm e7b6b41d67065c7de38adec514edbe94 corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.19.20060mlcs4.x86_64.rpm 1120443bea193b407062834d65047977 corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.19.20060mlcs4.x86_64.rpm df714fcee04af6889907be7ba91c3dd9 corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.19.20060mlcs4.x86_64.rpm 76e13eace2a5859b2e04d20d5b303835 corporate/4.0/x86_64/xorg-x11-6.9.0-5.19.20060mlcs4.x86_64.rpm b790aea2730d014ce9605818b4f16ae9 corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.19.20060mlcs4.x86_64.rpm edb96b1bd7d6606565fccd16f36526db corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.19.20060mlcs4.x86_64.rpm ea46c3d077a291bbf6f858c32ef81975 corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.19.20060mlcs4.x86_64.rpm 3cd6a0062ba54222aadb6035655ea015 corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.19.20060mlcs4.x86_64.rpm 9bf18b5203c3c9932ab041a2772eba7f corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.19.20060mlcs4.x86_64.rpm 61887ebe914f98d873b7bf958db70dba corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.19.20060mlcs4.x86_64.rpm c61265b4bb19e133688a093238d699c5 corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.19.20060mlcs4.x86_64.rpm 66bedef6b606dcf6ac337e86b8e0c7a1 corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.19.20060mlcs4.x86_64.rpm fb2b9bda00c1b90e341b5e59409f8a8a corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.19.20060mlcs4.x86_64.rpm 5008a8450fa211b14d7fa8c779b9ecac corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.19.20060mlcs4.x86_64.rpm f983f06870856e2005f54d42d7689285 corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.19.20060mlcs4.x86_64.rpm 6b2b79934268dfbaa76700ba6d737247 corporate/4.0/SRPMS/xorg-x11-6.9.0-5.19.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 177da11f1c81a977b82b7959ab52feee mes5/i586/xrdb-1.0.5-2.1mdvmes5.2.i586.rpm 8092d340dad307ec0bba8f2944ab1cd9 mes5/SRPMS/xrdb-1.0.5-2.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 62130274606d98bf1a47e3d0117bbe34 mes5/x86_64/xrdb-1.0.5-2.1mdvmes5.2.x86_64.rpm 8092d340dad307ec0bba8f2944ab1cd9 mes5/SRPMS/xrdb-1.0.5-2.1mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNsB8omqjQ0CJFipgRAnvnAKCE0gWGkUELc62dOa9WlADcuyzzHwCg84vd 2hKoj4onH9OWCRgEar4H72o= =LBGQ -----END PGP SIGNATURE-----