aru Posted April 3, 2003 Report Share Posted April 3, 2003 MandrakeSoft Security Advisory MDKSA-2003:034-1 : rxvt April 3rd, 2003 Updated rxvt packages fix escape sequence insecurities Digital Defense Inc. released a paper detailing insecurities in various terminal emulators, including rxvt. Many of the features supported by these programs can be abused when untrusted data is displayed on the screen. This abuse can be anything from garbage data being displayed to the screen or a system compromise. Update: The packages for Mandrake Linux 9.1/PPC were not GPG-signed. This has been fixed and as a result the md5sums have changed. Thanks to Mark Lyda for pointing this out. The released versions of Mandrake GNU/Linux affected are: Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:034-1 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0022 http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0023 http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0066 http://marc.theaimsgroup.com/?l=bugtraq&m=...12710031920&w=2 Posted automatically by aru (mdksec2mub v0.0.5) Link to comment Share on other sites More sharing options...
Recommended Posts