-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:032 http://www.mandriva.com/security/ _______________________________________________________________________ Package : eclipse Date : February 20, 2011 Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in eclipse: Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp (CVE-2010-4647). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4647 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: f23eac06e77995e1a9c3caa733196b08 2009.0/i586/eclipse-ecj-3.4.0-0.22.3.1mdv2009.0.i586.rpm c573647789a7e62ca529c6865b996472 2009.0/i586/eclipse-jdt-3.4.0-0.22.3.1mdv2009.0.i586.rpm 9678c08c8f1e1a2a043f1201df8d8c9c 2009.0/i586/eclipse-pde-3.4.0-0.22.3.1mdv2009.0.i586.rpm ba3c1070a867ddfa09d1561dc277461f 2009.0/i586/eclipse-platform-3.4.0-0.22.3.1mdv2009.0.i586.rpm 73daed8dff7db542c98375aab26d5639 2009.0/i586/eclipse-rcp-3.4.0-0.22.3.1mdv2009.0.i586.rpm 860d77097f83cc488b8d200e5cf5450c 2009.0/i586/eclipse-swt-3.4.0-0.22.3.1mdv2009.0.i586.rpm ec28ad60f56519d420c33bdae5b80f5f 2009.0/SRPMS/eclipse-3.4.0-0.22.3.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 4719459988c3a26bebfdac2e0842553f 2009.0/x86_64/eclipse-ecj-3.4.0-0.22.3.1mdv2009.0.x86_64.rpm 929e861f6167ec7059edd54bed1c14ce 2009.0/x86_64/eclipse-jdt-3.4.0-0.22.3.1mdv2009.0.x86_64.rpm bdd017bd5ed64eca233be66ab82317b2 2009.0/x86_64/eclipse-pde-3.4.0-0.22.3.1mdv2009.0.x86_64.rpm 1891e792345b5ba3e3ece5fccc579607 2009.0/x86_64/eclipse-platform-3.4.0-0.22.3.1mdv2009.0.x86_64.rpm bc0bff96d509dc86b08d8cb12bab35fc 2009.0/x86_64/eclipse-rcp-3.4.0-0.22.3.1mdv2009.0.x86_64.rpm a693baad1931bdf15143e17523f87db7 2009.0/x86_64/eclipse-swt-3.4.0-0.22.3.1mdv2009.0.x86_64.rpm ec28ad60f56519d420c33bdae5b80f5f 2009.0/SRPMS/eclipse-3.4.0-0.22.3.1mdv2009.0.src.rpm Mandriva Linux 2010.0: ef7f0f74134db1f9da23d60a79d3c2ae 2010.0/i586/eclipse-ecj-3.4.2-0.2.3.1mdv2010.0.i586.rpm 85ef610955b0123bb2ee0698f38e0370 2010.0/i586/eclipse-jdt-3.4.2-0.2.3.1mdv2010.0.i586.rpm 6db56a26cbf672e3940469fdf1b3fa97 2010.0/i586/eclipse-pde-3.4.2-0.2.3.1mdv2010.0.i586.rpm dee812dc8095b39d02ded98505310f97 2010.0/i586/eclipse-platform-3.4.2-0.2.3.1mdv2010.0.i586.rpm c15519d73f277fa321c10b8676a08a51 2010.0/i586/eclipse-rcp-3.4.2-0.2.3.1mdv2010.0.i586.rpm d1775b88bca758d0c02ebec17dcf9b66 2010.0/i586/eclipse-swt-3.4.2-0.2.3.1mdv2010.0.i586.rpm 776bda7419053c29891fc46eb9334070 2010.0/SRPMS/eclipse-3.4.2-0.2.3.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: ef7d51d4030eef85c19d2c2b88b510fd 2010.0/x86_64/eclipse-ecj-3.4.2-0.2.3.1mdv2010.0.x86_64.rpm f1f7001813002eab80894c25e09d5ad6 2010.0/x86_64/eclipse-jdt-3.4.2-0.2.3.1mdv2010.0.x86_64.rpm 6f6778ea8728995fab3c53d9eaaa5ae1 2010.0/x86_64/eclipse-pde-3.4.2-0.2.3.1mdv2010.0.x86_64.rpm e925bd43bd3e7fc0b2a6558a2216f4f2 2010.0/x86_64/eclipse-platform-3.4.2-0.2.3.1mdv2010.0.x86_64.rpm a925253c01fa9608b60eb67da2ce2c61 2010.0/x86_64/eclipse-rcp-3.4.2-0.2.3.1mdv2010.0.x86_64.rpm 7fd7f5f75604249efec239ec382e5049 2010.0/x86_64/eclipse-swt-3.4.2-0.2.3.1mdv2010.0.x86_64.rpm 776bda7419053c29891fc46eb9334070 2010.0/SRPMS/eclipse-3.4.2-0.2.3.1mdv2010.0.src.rpm Mandriva Linux 2010.1: 761aa1ab2aba68a0791342b8dc32a94b 2010.1/i586/eclipse-ecj-3.4.2-0.2.3.1mdv2010.2.i586.rpm 7a73b1b2c7c5dc2d87e6baa630ff5baa 2010.1/i586/eclipse-jdt-3.4.2-0.2.3.1mdv2010.2.i586.rpm f4f42a48d7bba008347e4546312bf533 2010.1/i586/eclipse-pde-3.4.2-0.2.3.1mdv2010.2.i586.rpm 1136d33a8c5cdeca908e4aa949dbc749 2010.1/i586/eclipse-platform-3.4.2-0.2.3.1mdv2010.2.i586.rpm 22ac420305e99ae871f1bb79b2a02022 2010.1/i586/eclipse-rcp-3.4.2-0.2.3.1mdv2010.2.i586.rpm 93c1d6dc0a33582f17b70973fcd7f7df 2010.1/i586/eclipse-swt-3.4.2-0.2.3.1mdv2010.2.i586.rpm f6b9958cea21e3a5b8776ce189d0a0b4 2010.1/SRPMS/eclipse-3.4.2-0.2.3.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: d87be0097e241a8e3c2c4f593fee002f 2010.1/x86_64/eclipse-ecj-3.4.2-0.2.3.1mdv2010.2.x86_64.rpm 80e3535c9a106f96bfba7d0f3b57f0b6 2010.1/x86_64/eclipse-jdt-3.4.2-0.2.3.1mdv2010.2.x86_64.rpm e02ec4012fa2cfb8b3e6b2e996506512 2010.1/x86_64/eclipse-pde-3.4.2-0.2.3.1mdv2010.2.x86_64.rpm ed07b491eb0d4dcdcdbb3f2156e3294a 2010.1/x86_64/eclipse-platform-3.4.2-0.2.3.1mdv2010.2.x86_64.rpm 32f45d4a5ea553a8ddc6a4caf0ccfe1c 2010.1/x86_64/eclipse-rcp-3.4.2-0.2.3.1mdv2010.2.x86_64.rpm b60b25f61204af090174d03427c6d10a 2010.1/x86_64/eclipse-swt-3.4.2-0.2.3.1mdv2010.2.x86_64.rpm f6b9958cea21e3a5b8776ce189d0a0b4 2010.1/SRPMS/eclipse-3.4.2-0.2.3.1mdv2010.2.src.rpm Mandriva Enterprise Server 5: 1e5d740f3623b1b45027dc46c67af7bf mes5/i586/eclipse-ecj-3.4.0-0.22.3.1mdvmes5.1.i586.rpm c3b94862effdd5b0cec57b045d1c9061 mes5/i586/eclipse-jdt-3.4.0-0.22.3.1mdvmes5.1.i586.rpm 7ead1688a00a8b6b6e318b620fc775bb mes5/i586/eclipse-pde-3.4.0-0.22.3.1mdvmes5.1.i586.rpm 70705f6c6f6be1d2fcaea475067da632 mes5/i586/eclipse-platform-3.4.0-0.22.3.1mdvmes5.1.i586.rpm a1bb244ae026017aaac3efb2768d1432 mes5/i586/eclipse-rcp-3.4.0-0.22.3.1mdvmes5.1.i586.rpm 0865063acc0cbe3f7e1ee322ed5c2866 mes5/i586/eclipse-swt-3.4.0-0.22.3.1mdvmes5.1.i586.rpm 25960e51fee777e9f3183eed2bab0b34 mes5/SRPMS/eclipse-3.4.0-0.22.3.1mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: b9f3c2ba2c2659caca83d2e31d4c7d52 mes5/x86_64/eclipse-ecj-3.4.0-0.22.3.1mdvmes5.1.x86_64.rpm 9e6aa0a691e4813ee713abe585da16d9 mes5/x86_64/eclipse-jdt-3.4.0-0.22.3.1mdvmes5.1.x86_64.rpm d202d0193aceb18e9a54152c3fb7463d mes5/x86_64/eclipse-pde-3.4.0-0.22.3.1mdvmes5.1.x86_64.rpm b4835887c721160b8d489f138bd7d1fe mes5/x86_64/eclipse-platform-3.4.0-0.22.3.1mdvmes5.1.x86_64.rpm 7d6f8d3cb3253f12d0c495b5cda5ef5a mes5/x86_64/eclipse-rcp-3.4.0-0.22.3.1mdvmes5.1.x86_64.rpm af782a0716f49ce19c929fdc59bed8ba mes5/x86_64/eclipse-swt-3.4.0-0.22.3.1mdvmes5.1.x86_64.rpm 25960e51fee777e9f3183eed2bab0b34 mes5/SRPMS/eclipse-3.4.0-0.22.3.1mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNYNzsmqjQ0CJFipgRAiOtAKC/7CwAxzhJW8P+3bLVGXfIFusRAQCg1d/V oNYuICsb3tEdrozlAvy8E/E= =l1wP -----END PGP SIGNATURE-----