Mandriva Linux Security Advisory 2011-076 - xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a XDMCP message.
98c29e489c7a3034e37fef43ea71869d0f15c136da08b86e735d49fce054a15a
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:076
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xrdb
Date : April 21, 2011
Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in xrdb:
xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote
attackers to execute arbitrary commands via shell metacharacters in a
hostname obtained from a (1) DHCP or (2) XDMCP message (CVE-2011-0465).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0465
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
60ecd2dcd071e0bf9b3afe883089c1e8 2009.0/i586/xrdb-1.0.5-2.1mdv2009.0.i586.rpm
c54552dc2be1d209306d10485c51a58f 2009.0/SRPMS/xrdb-1.0.5-2.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
f30e9837ea55b7e8ca3b07df10f6d3da 2009.0/x86_64/xrdb-1.0.5-2.1mdv2009.0.x86_64.rpm
c54552dc2be1d209306d10485c51a58f 2009.0/SRPMS/xrdb-1.0.5-2.1mdv2009.0.src.rpm
Mandriva Linux 2010.0:
427c231f890f19d1795ebbdfdf1666bd 2010.0/i586/xrdb-1.0.5-3.1mdv2010.0.i586.rpm
9343722a33c12c0dbc2737fd594fa187 2010.0/SRPMS/xrdb-1.0.5-3.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
9fa3abb96735f0ca635cb291e50bb752 2010.0/x86_64/xrdb-1.0.5-3.1mdv2010.0.x86_64.rpm
9343722a33c12c0dbc2737fd594fa187 2010.0/SRPMS/xrdb-1.0.5-3.1mdv2010.0.src.rpm
Mandriva Linux 2010.1:
0985cb845115c17162f54c0ed817eb29 2010.1/i586/xrdb-1.0.6-1.1mdv2010.2.i586.rpm
bddf6ad2c3f0962a7a5cacd9dd4e16d5 2010.1/SRPMS/xrdb-1.0.6-1.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
f2bdd265ca0750ff8e056d47fcccd395 2010.1/x86_64/xrdb-1.0.6-1.1mdv2010.2.x86_64.rpm
bddf6ad2c3f0962a7a5cacd9dd4e16d5 2010.1/SRPMS/xrdb-1.0.6-1.1mdv2010.2.src.rpm
Corporate 4.0:
5225e55fb24c725fc8f460354fd7caf7 corporate/4.0/i586/libxorg-x11-6.9.0-5.19.20060mlcs4.i586.rpm
b6bfd335354d16f7e0c09999ce2f3f81 corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.19.20060mlcs4.i586.rpm
fc5b84b8ce7857ed2c2029db2e4d564d corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.19.20060mlcs4.i586.rpm
54532ced01faa7ce715991ff371611f7 corporate/4.0/i586/X11R6-contrib-6.9.0-5.19.20060mlcs4.i586.rpm
8e3fb2bd5b943c12cd63da5e17b50436 corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.19.20060mlcs4.i586.rpm
80029cb36d7a9fa098cd6866998b3156 corporate/4.0/i586/xorg-x11-6.9.0-5.19.20060mlcs4.i586.rpm
22ef9b6ab80d926a434e9d3d9fb27028 corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.19.20060mlcs4.i586.rpm
9988917b19a5a0eadc44c763e2d66db8 corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.19.20060mlcs4.i586.rpm
5d6cf097cd197521bed55207151a8262 corporate/4.0/i586/xorg-x11-doc-6.9.0-5.19.20060mlcs4.i586.rpm
a91cad9347cd3d0579a6be84d8267d6a corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.19.20060mlcs4.i586.rpm
321500342b29f25beaa5e27f26837fb2 corporate/4.0/i586/xorg-x11-server-6.9.0-5.19.20060mlcs4.i586.rpm
0abec00155e0a5fe9a392f136b1bfb7b corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.19.20060mlcs4.i586.rpm
d4bfbd64a6b68bb64fd2c795610fbf6d corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.19.20060mlcs4.i586.rpm
9651e47d4a3644c001843bb10cc4edb7 corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.19.20060mlcs4.i586.rpm
723cb1007017996b97e633981865c806 corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.19.20060mlcs4.i586.rpm
03c42c17b7cc519640b0a055928a9cb5 corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.19.20060mlcs4.i586.rpm
ea4dcdd36bc60ce19338790610c04af1 corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.19.20060mlcs4.i586.rpm
6b2b79934268dfbaa76700ba6d737247 corporate/4.0/SRPMS/xorg-x11-6.9.0-5.19.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
107e45d41b6158e309254f7f0375f4be corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.19.20060mlcs4.x86_64.rpm
08609d94b50950755e27b3df08c4bd07 corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.19.20060mlcs4.x86_64.rpm
e7b6b41d67065c7de38adec514edbe94 corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.19.20060mlcs4.x86_64.rpm
1120443bea193b407062834d65047977 corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.19.20060mlcs4.x86_64.rpm
df714fcee04af6889907be7ba91c3dd9 corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.19.20060mlcs4.x86_64.rpm
76e13eace2a5859b2e04d20d5b303835 corporate/4.0/x86_64/xorg-x11-6.9.0-5.19.20060mlcs4.x86_64.rpm
b790aea2730d014ce9605818b4f16ae9 corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.19.20060mlcs4.x86_64.rpm
edb96b1bd7d6606565fccd16f36526db corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.19.20060mlcs4.x86_64.rpm
ea46c3d077a291bbf6f858c32ef81975 corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.19.20060mlcs4.x86_64.rpm
3cd6a0062ba54222aadb6035655ea015 corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.19.20060mlcs4.x86_64.rpm
9bf18b5203c3c9932ab041a2772eba7f corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.19.20060mlcs4.x86_64.rpm
61887ebe914f98d873b7bf958db70dba corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.19.20060mlcs4.x86_64.rpm
c61265b4bb19e133688a093238d699c5 corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.19.20060mlcs4.x86_64.rpm
66bedef6b606dcf6ac337e86b8e0c7a1 corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.19.20060mlcs4.x86_64.rpm
fb2b9bda00c1b90e341b5e59409f8a8a corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.19.20060mlcs4.x86_64.rpm
5008a8450fa211b14d7fa8c779b9ecac corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.19.20060mlcs4.x86_64.rpm
f983f06870856e2005f54d42d7689285 corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.19.20060mlcs4.x86_64.rpm
6b2b79934268dfbaa76700ba6d737247 corporate/4.0/SRPMS/xorg-x11-6.9.0-5.19.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
177da11f1c81a977b82b7959ab52feee mes5/i586/xrdb-1.0.5-2.1mdvmes5.2.i586.rpm
8092d340dad307ec0bba8f2944ab1cd9 mes5/SRPMS/xrdb-1.0.5-2.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
62130274606d98bf1a47e3d0117bbe34 mes5/x86_64/xrdb-1.0.5-2.1mdvmes5.2.x86_64.rpm
8092d340dad307ec0bba8f2944ab1cd9 mes5/SRPMS/xrdb-1.0.5-2.1mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNsB8omqjQ0CJFipgRAnvnAKCE0gWGkUELc62dOa9WlADcuyzzHwCg84vd
2hKoj4onH9OWCRgEar4H72o=
=LBGQ
-----END PGP SIGNATURE-----