Mandriva Linux Security Advisory 2011-032 - Multiple cross-site scripting vulnerabilities in the Help Contents web application in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to help/advanced/content.jsp.
8dc057b57d9b2a5ebdab8a0f9109e29794b18eca7d194f2bce07e2a5a4c983e0-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:032
http://www.mandriva.com/security/
_______________________________________________________________________
Package : eclipse
Date : February 20, 2011
Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in eclipse:
Multiple cross-site scripting (XSS) vulnerabilities in the Help
Contents web application (aka the Help Server) in Eclipse IDE before
3.6.2 allow remote attackers to inject arbitrary web script or HTML via
the query string to (1) help/index.jsp or (2) help/advanced/content.jsp
(CVE-2010-4647).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4647
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
f23eac06e77995e1a9c3caa733196b08 2009.0/i586/eclipse-ecj-3.4.0-0.22.3.1mdv2009.0.i586.rpm
c573647789a7e62ca529c6865b996472 2009.0/i586/eclipse-jdt-3.4.0-0.22.3.1mdv2009.0.i586.rpm
9678c08c8f1e1a2a043f1201df8d8c9c 2009.0/i586/eclipse-pde-3.4.0-0.22.3.1mdv2009.0.i586.rpm
ba3c1070a867ddfa09d1561dc277461f 2009.0/i586/eclipse-platform-3.4.0-0.22.3.1mdv2009.0.i586.rpm
73daed8dff7db542c98375aab26d5639 2009.0/i586/eclipse-rcp-3.4.0-0.22.3.1mdv2009.0.i586.rpm
860d77097f83cc488b8d200e5cf5450c 2009.0/i586/eclipse-swt-3.4.0-0.22.3.1mdv2009.0.i586.rpm
ec28ad60f56519d420c33bdae5b80f5f 2009.0/SRPMS/eclipse-3.4.0-0.22.3.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
4719459988c3a26bebfdac2e0842553f 2009.0/x86_64/eclipse-ecj-3.4.0-0.22.3.1mdv2009.0.x86_64.rpm
929e861f6167ec7059edd54bed1c14ce 2009.0/x86_64/eclipse-jdt-3.4.0-0.22.3.1mdv2009.0.x86_64.rpm
bdd017bd5ed64eca233be66ab82317b2 2009.0/x86_64/eclipse-pde-3.4.0-0.22.3.1mdv2009.0.x86_64.rpm
1891e792345b5ba3e3ece5fccc579607 2009.0/x86_64/eclipse-platform-3.4.0-0.22.3.1mdv2009.0.x86_64.rpm
bc0bff96d509dc86b08d8cb12bab35fc 2009.0/x86_64/eclipse-rcp-3.4.0-0.22.3.1mdv2009.0.x86_64.rpm
a693baad1931bdf15143e17523f87db7 2009.0/x86_64/eclipse-swt-3.4.0-0.22.3.1mdv2009.0.x86_64.rpm
ec28ad60f56519d420c33bdae5b80f5f 2009.0/SRPMS/eclipse-3.4.0-0.22.3.1mdv2009.0.src.rpm
Mandriva Linux 2010.0:
ef7f0f74134db1f9da23d60a79d3c2ae 2010.0/i586/eclipse-ecj-3.4.2-0.2.3.1mdv2010.0.i586.rpm
85ef610955b0123bb2ee0698f38e0370 2010.0/i586/eclipse-jdt-3.4.2-0.2.3.1mdv2010.0.i586.rpm
6db56a26cbf672e3940469fdf1b3fa97 2010.0/i586/eclipse-pde-3.4.2-0.2.3.1mdv2010.0.i586.rpm
dee812dc8095b39d02ded98505310f97 2010.0/i586/eclipse-platform-3.4.2-0.2.3.1mdv2010.0.i586.rpm
c15519d73f277fa321c10b8676a08a51 2010.0/i586/eclipse-rcp-3.4.2-0.2.3.1mdv2010.0.i586.rpm
d1775b88bca758d0c02ebec17dcf9b66 2010.0/i586/eclipse-swt-3.4.2-0.2.3.1mdv2010.0.i586.rpm
776bda7419053c29891fc46eb9334070 2010.0/SRPMS/eclipse-3.4.2-0.2.3.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
ef7d51d4030eef85c19d2c2b88b510fd 2010.0/x86_64/eclipse-ecj-3.4.2-0.2.3.1mdv2010.0.x86_64.rpm
f1f7001813002eab80894c25e09d5ad6 2010.0/x86_64/eclipse-jdt-3.4.2-0.2.3.1mdv2010.0.x86_64.rpm
6f6778ea8728995fab3c53d9eaaa5ae1 2010.0/x86_64/eclipse-pde-3.4.2-0.2.3.1mdv2010.0.x86_64.rpm
e925bd43bd3e7fc0b2a6558a2216f4f2 2010.0/x86_64/eclipse-platform-3.4.2-0.2.3.1mdv2010.0.x86_64.rpm
a925253c01fa9608b60eb67da2ce2c61 2010.0/x86_64/eclipse-rcp-3.4.2-0.2.3.1mdv2010.0.x86_64.rpm
7fd7f5f75604249efec239ec382e5049 2010.0/x86_64/eclipse-swt-3.4.2-0.2.3.1mdv2010.0.x86_64.rpm
776bda7419053c29891fc46eb9334070 2010.0/SRPMS/eclipse-3.4.2-0.2.3.1mdv2010.0.src.rpm
Mandriva Linux 2010.1:
761aa1ab2aba68a0791342b8dc32a94b 2010.1/i586/eclipse-ecj-3.4.2-0.2.3.1mdv2010.2.i586.rpm
7a73b1b2c7c5dc2d87e6baa630ff5baa 2010.1/i586/eclipse-jdt-3.4.2-0.2.3.1mdv2010.2.i586.rpm
f4f42a48d7bba008347e4546312bf533 2010.1/i586/eclipse-pde-3.4.2-0.2.3.1mdv2010.2.i586.rpm
1136d33a8c5cdeca908e4aa949dbc749 2010.1/i586/eclipse-platform-3.4.2-0.2.3.1mdv2010.2.i586.rpm
22ac420305e99ae871f1bb79b2a02022 2010.1/i586/eclipse-rcp-3.4.2-0.2.3.1mdv2010.2.i586.rpm
93c1d6dc0a33582f17b70973fcd7f7df 2010.1/i586/eclipse-swt-3.4.2-0.2.3.1mdv2010.2.i586.rpm
f6b9958cea21e3a5b8776ce189d0a0b4 2010.1/SRPMS/eclipse-3.4.2-0.2.3.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
d87be0097e241a8e3c2c4f593fee002f 2010.1/x86_64/eclipse-ecj-3.4.2-0.2.3.1mdv2010.2.x86_64.rpm
80e3535c9a106f96bfba7d0f3b57f0b6 2010.1/x86_64/eclipse-jdt-3.4.2-0.2.3.1mdv2010.2.x86_64.rpm
e02ec4012fa2cfb8b3e6b2e996506512 2010.1/x86_64/eclipse-pde-3.4.2-0.2.3.1mdv2010.2.x86_64.rpm
ed07b491eb0d4dcdcdbb3f2156e3294a 2010.1/x86_64/eclipse-platform-3.4.2-0.2.3.1mdv2010.2.x86_64.rpm
32f45d4a5ea553a8ddc6a4caf0ccfe1c 2010.1/x86_64/eclipse-rcp-3.4.2-0.2.3.1mdv2010.2.x86_64.rpm
b60b25f61204af090174d03427c6d10a 2010.1/x86_64/eclipse-swt-3.4.2-0.2.3.1mdv2010.2.x86_64.rpm
f6b9958cea21e3a5b8776ce189d0a0b4 2010.1/SRPMS/eclipse-3.4.2-0.2.3.1mdv2010.2.src.rpm
Mandriva Enterprise Server 5:
1e5d740f3623b1b45027dc46c67af7bf mes5/i586/eclipse-ecj-3.4.0-0.22.3.1mdvmes5.1.i586.rpm
c3b94862effdd5b0cec57b045d1c9061 mes5/i586/eclipse-jdt-3.4.0-0.22.3.1mdvmes5.1.i586.rpm
7ead1688a00a8b6b6e318b620fc775bb mes5/i586/eclipse-pde-3.4.0-0.22.3.1mdvmes5.1.i586.rpm
70705f6c6f6be1d2fcaea475067da632 mes5/i586/eclipse-platform-3.4.0-0.22.3.1mdvmes5.1.i586.rpm
a1bb244ae026017aaac3efb2768d1432 mes5/i586/eclipse-rcp-3.4.0-0.22.3.1mdvmes5.1.i586.rpm
0865063acc0cbe3f7e1ee322ed5c2866 mes5/i586/eclipse-swt-3.4.0-0.22.3.1mdvmes5.1.i586.rpm
25960e51fee777e9f3183eed2bab0b34 mes5/SRPMS/eclipse-3.4.0-0.22.3.1mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
b9f3c2ba2c2659caca83d2e31d4c7d52 mes5/x86_64/eclipse-ecj-3.4.0-0.22.3.1mdvmes5.1.x86_64.rpm
9e6aa0a691e4813ee713abe585da16d9 mes5/x86_64/eclipse-jdt-3.4.0-0.22.3.1mdvmes5.1.x86_64.rpm
d202d0193aceb18e9a54152c3fb7463d mes5/x86_64/eclipse-pde-3.4.0-0.22.3.1mdvmes5.1.x86_64.rpm
b4835887c721160b8d489f138bd7d1fe mes5/x86_64/eclipse-platform-3.4.0-0.22.3.1mdvmes5.1.x86_64.rpm
7d6f8d3cb3253f12d0c495b5cda5ef5a mes5/x86_64/eclipse-rcp-3.4.0-0.22.3.1mdvmes5.1.x86_64.rpm
af782a0716f49ce19c929fdc59bed8ba mes5/x86_64/eclipse-swt-3.4.0-0.22.3.1mdvmes5.1.x86_64.rpm
25960e51fee777e9f3183eed2bab0b34 mes5/SRPMS/eclipse-3.4.0-0.22.3.1mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNYNzsmqjQ0CJFipgRAiOtAKC/7CwAxzhJW8P+3bLVGXfIFusRAQCg1d/V
oNYuICsb3tEdrozlAvy8E/E=
=l1wP
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed