[PLDSA 47-1] New rxvt packages fix various vulnerabilites

Krzysiek Taraszka dzimi at pld.org.pl
Sat May 3 15:45:18 CEST 2003 

- --------------------------------------------------------------------------
PLD Security Advisory PLDSA 47-1                       security at pld.org.pl
http://www.pld.org.pl/security/                          PLD Security Team
29 March 2003				http://www.pld.org.pl/security/faq
- --------------------------------------------------------------------------

Package        : prior to rxvt-2.7.8-6
Vulnerability  : dangerous interception of escape sequences
Problem-Type   : remote
PLD-specific   : no
CVE references : CAN-2003-0022, CAN-2003-0023, CAN-2003-0066

Digital Defense Inc. released a paper detailing insecurities in various
terminal emulators, including rxvt.  Many of the features supported by
these programs can be abused when untrusted data is displayed on the
screen.  This abuse can be anything from garbage data being displayed
to the screen or a system compromise.

The above problems have been fixed in version 2.7.10-1 for the
current stable distribution (ra).

We recommend that you upgrade your rxvt packages.

wget -c url
	will fetch the file for you
rpm -Uhv file(s)*.rpm
        will upgrade the referenced file.

If you are using "poldek" - the package manager, use the line as given below
for upgrade packages

poldek --update
        will update the internal database
poldek --upgrade 'rxvt*'
        will install corrected packages

If you are using "apt" - the package manager, use the line as given below
for upgrade packages

apt-get update
        will update the internal database
apt-get upgrade 'rxvt*'
        will install corrected packages

PLD Linux 1.0 alias ra
- --------------------

  Source archives:

ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/rxvt-2.7.10-1.src.rpm
       MD5 checksum: 1f761983e4e4808d830baeb7f48ea977

  I386 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/rxvt-2.7.10-1.i386.rpm
       MD5 checksum: 6cb2b11e3612571bf78c9a22f92a2df0


  I586 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/rxvt-2.7.10-1.i586.rpm
       MD5 checksum: b84a3a9bb90ff60a0aa3040333be4c52


  I686 Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/rxvt-2.7.10-1.i686.rpm
       MD5 checksum: a4229fb5ca589dcc960a83f98d4bb596


  PowerPC Architecture components:

ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/rxvt-2.7.10-1.ppc.rpm
       MD5 checksum: 79cc64fe8c711ebebccde6411d1a7fa8


-
--------------------------------------------------------------------------------
-
If you are using poldek add this line to poldek.conf.
If you are using apt-get add this line to sources.list.

For i386 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i386 base updates-security
For i586 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i586 base updates-security
For i686 architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/i686 base updates-security
For ppc architecture
poldek:         source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/
apt-get:        rpm ftp://ftp.pld.org.pl/dists ra/apt/ppc base updates-security

More information about the pld-security-announce mailing list