MandrivaUsers.org > Security Advisory (MDKSA-2003:034-1): rxvt

Full Version: Security Advisory (MDKSA-2003:034-1): rxvt

MandrivaUsers.org > Announcements > Mandriva Security Advisories

aru

Apr 3 2003, 04:21 PM

MandrakeSoft Security Advisory MDKSA-2003:034-1 : rxvt

April 3rd, 2003
Updated rxvt packages fix escape sequence insecurities

Digital Defense Inc. released a paper detailing insecurities in various terminal emulators, including rxvt. Many of the features supported by these programs can be abused when untrusted data is displayed on the screen. This abuse can be anything from garbage data being displayed to the screen or a system compromise.

Update:

The packages for Mandrake Linux 9.1/PPC were not GPG-signed. This has been fixed and as a result the md5sums have changed. Thanks to Mark Lyda for pointing this out.

The released versions of Mandrake GNU/Linux affected are:[list]
Full information about this advisory, including the updated packages, is available at:
www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:034-1

Other references:
http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0022
http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0023
http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0066
http://marc.theaimsgroup.com/?l=bugtraq&m=...12710031920&w=2

[size=9]Posted automatically by aru (mdksec2mub v0.0.5)

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.