Novom inačicom programskog paketa Eclipse ispravljen je jedan sigurnosni nedostatak koji se može iskoristiti za XSS (eng. cross-site scripting) napad. Eclipse je programsko okruženje za razvoj računalnih programa pisanih u Javi. Nedostatak je otkriven u komponenti Help Contents, točnije skriptama "help/index.jsp" i "help/advanced/content.jsp". Spomenuti nedostatak udaljeni napadač može iskoristiti za umetanje proizvoljnog HTML i skriptnog koda. Svim korisnicima se preporuča korištenje dostupne nadogradnje kako bi otklonili opisani nedostatak.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:032
http://www.mandriva.com/security/
_______________________________________________________________________
Package : eclipse
Date : February 20, 2011
Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in eclipse:
Multiple cross-site scripting (XSS) vulnerabilities in the Help
Contents web application (aka the Help Server) in Eclipse IDE before
3.6.2 allow remote attackers to inject arbitrary web script or HTML via
the query string to (1) help/index.jsp or (2) help/advanced/content.jsp
(CVE-2010-4647).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4647
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
f23eac06e77995e1a9c3caa733196b08
2009.0/i586/eclipse-ecj-3.4.0-0.22.3.1mdv2009.0.i586.rpm
c573647789a7e62ca529c6865b996472
2009.0/i586/eclipse-jdt-3.4.0-0.22.3.1mdv2009.0.i586.rpm
9678c08c8f1e1a2a043f1201df8d8c9c
2009.0/i586/eclipse-pde-3.4.0-0.22.3.1mdv2009.0.i586.rpm
ba3c1070a867ddfa09d1561dc277461f
2009.0/i586/eclipse-platform-3.4.0-0.22.3.1mdv2009.0.i586.rpm
73daed8dff7db542c98375aab26d5639
2009.0/i586/eclipse-rcp-3.4.0-0.22.3.1mdv2009.0.i586.rpm
860d77097f83cc488b8d200e5cf5450c
2009.0/i586/eclipse-swt-3.4.0-0.22.3.1mdv2009.0.i586.rpm
ec28ad60f56519d420c33bdae5b80f5f
2009.0/SRPMS/eclipse-3.4.0-0.22.3.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
4719459988c3a26bebfdac2e0842553f
2009.0/x86_64/eclipse-ecj-3.4.0-0.22.3.1mdv2009.0.x86_64.rpm
929e861f6167ec7059edd54bed1c14ce
2009.0/x86_64/eclipse-jdt-3.4.0-0.22.3.1mdv2009.0.x86_64.rpm
bdd017bd5ed64eca233be66ab82317b2
2009.0/x86_64/eclipse-pde-3.4.0-0.22.3.1mdv2009.0.x86_64.rpm
1891e792345b5ba3e3ece5fccc579607
2009.0/x86_64/eclipse-platform-3.4.0-0.22.3.1mdv2009.0.x86_64.rpm
bc0bff96d509dc86b08d8cb12bab35fc
2009.0/x86_64/eclipse-rcp-3.4.0-0.22.3.1mdv2009.0.x86_64.rpm
a693baad1931bdf15143e17523f87db7
2009.0/x86_64/eclipse-swt-3.4.0-0.22.3.1mdv2009.0.x86_64.rpm
ec28ad60f56519d420c33bdae5b80f5f
2009.0/SRPMS/eclipse-3.4.0-0.22.3.1mdv2009.0.src.rpm
Mandriva Linux 2010.0:
ef7f0f74134db1f9da23d60a79d3c2ae
2010.0/i586/eclipse-ecj-3.4.2-0.2.3.1mdv2010.0.i586.rpm
85ef610955b0123bb2ee0698f38e0370
2010.0/i586/eclipse-jdt-3.4.2-0.2.3.1mdv2010.0.i586.rpm
6db56a26cbf672e3940469fdf1b3fa97
2010.0/i586/eclipse-pde-3.4.2-0.2.3.1mdv2010.0.i586.rpm
dee812dc8095b39d02ded98505310f97
2010.0/i586/eclipse-platform-3.4.2-0.2.3.1mdv2010.0.i586.rpm
c15519d73f277fa321c10b8676a08a51
2010.0/i586/eclipse-rcp-3.4.2-0.2.3.1mdv2010.0.i586.rpm
d1775b88bca758d0c02ebec17dcf9b66
2010.0/i586/eclipse-swt-3.4.2-0.2.3.1mdv2010.0.i586.rpm
776bda7419053c29891fc46eb9334070
2010.0/SRPMS/eclipse-3.4.2-0.2.3.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
ef7d51d4030eef85c19d2c2b88b510fd
2010.0/x86_64/eclipse-ecj-3.4.2-0.2.3.1mdv2010.0.x86_64.rpm
f1f7001813002eab80894c25e09d5ad6
2010.0/x86_64/eclipse-jdt-3.4.2-0.2.3.1mdv2010.0.x86_64.rpm
6f6778ea8728995fab3c53d9eaaa5ae1
2010.0/x86_64/eclipse-pde-3.4.2-0.2.3.1mdv2010.0.x86_64.rpm
e925bd43bd3e7fc0b2a6558a2216f4f2
2010.0/x86_64/eclipse-platform-3.4.2-0.2.3.1mdv2010.0.x86_64.rpm
a925253c01fa9608b60eb67da2ce2c61
2010.0/x86_64/eclipse-rcp-3.4.2-0.2.3.1mdv2010.0.x86_64.rpm
7fd7f5f75604249efec239ec382e5049
2010.0/x86_64/eclipse-swt-3.4.2-0.2.3.1mdv2010.0.x86_64.rpm
776bda7419053c29891fc46eb9334070
2010.0/SRPMS/eclipse-3.4.2-0.2.3.1mdv2010.0.src.rpm
Mandriva Linux 2010.1:
761aa1ab2aba68a0791342b8dc32a94b
2010.1/i586/eclipse-ecj-3.4.2-0.2.3.1mdv2010.2.i586.rpm
7a73b1b2c7c5dc2d87e6baa630ff5baa
2010.1/i586/eclipse-jdt-3.4.2-0.2.3.1mdv2010.2.i586.rpm
f4f42a48d7bba008347e4546312bf533
2010.1/i586/eclipse-pde-3.4.2-0.2.3.1mdv2010.2.i586.rpm
1136d33a8c5cdeca908e4aa949dbc749
2010.1/i586/eclipse-platform-3.4.2-0.2.3.1mdv2010.2.i586.rpm
22ac420305e99ae871f1bb79b2a02022
2010.1/i586/eclipse-rcp-3.4.2-0.2.3.1mdv2010.2.i586.rpm
93c1d6dc0a33582f17b70973fcd7f7df
2010.1/i586/eclipse-swt-3.4.2-0.2.3.1mdv2010.2.i586.rpm
f6b9958cea21e3a5b8776ce189d0a0b4
2010.1/SRPMS/eclipse-3.4.2-0.2.3.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
d87be0097e241a8e3c2c4f593fee002f
2010.1/x86_64/eclipse-ecj-3.4.2-0.2.3.1mdv2010.2.x86_64.rpm
80e3535c9a106f96bfba7d0f3b57f0b6
2010.1/x86_64/eclipse-jdt-3.4.2-0.2.3.1mdv2010.2.x86_64.rpm
e02ec4012fa2cfb8b3e6b2e996506512
2010.1/x86_64/eclipse-pde-3.4.2-0.2.3.1mdv2010.2.x86_64.rpm
ed07b491eb0d4dcdcdbb3f2156e3294a
2010.1/x86_64/eclipse-platform-3.4.2-0.2.3.1mdv2010.2.x86_64.rpm
32f45d4a5ea553a8ddc6a4caf0ccfe1c
2010.1/x86_64/eclipse-rcp-3.4.2-0.2.3.1mdv2010.2.x86_64.rpm
b60b25f61204af090174d03427c6d10a
2010.1/x86_64/eclipse-swt-3.4.2-0.2.3.1mdv2010.2.x86_64.rpm
f6b9958cea21e3a5b8776ce189d0a0b4
2010.1/SRPMS/eclipse-3.4.2-0.2.3.1mdv2010.2.src.rpm
Mandriva Enterprise Server 5:
1e5d740f3623b1b45027dc46c67af7bf
mes5/i586/eclipse-ecj-3.4.0-0.22.3.1mdvmes5.1.i586.rpm
c3b94862effdd5b0cec57b045d1c9061
mes5/i586/eclipse-jdt-3.4.0-0.22.3.1mdvmes5.1.i586.rpm
7ead1688a00a8b6b6e318b620fc775bb
mes5/i586/eclipse-pde-3.4.0-0.22.3.1mdvmes5.1.i586.rpm
70705f6c6f6be1d2fcaea475067da632
mes5/i586/eclipse-platform-3.4.0-0.22.3.1mdvmes5.1.i586.rpm
a1bb244ae026017aaac3efb2768d1432
mes5/i586/eclipse-rcp-3.4.0-0.22.3.1mdvmes5.1.i586.rpm
0865063acc0cbe3f7e1ee322ed5c2866
mes5/i586/eclipse-swt-3.4.0-0.22.3.1mdvmes5.1.i586.rpm
25960e51fee777e9f3183eed2bab0b34
mes5/SRPMS/eclipse-3.4.0-0.22.3.1mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
b9f3c2ba2c2659caca83d2e31d4c7d52
mes5/x86_64/eclipse-ecj-3.4.0-0.22.3.1mdvmes5.1.x86_64.rpm
9e6aa0a691e4813ee713abe585da16d9
mes5/x86_64/eclipse-jdt-3.4.0-0.22.3.1mdvmes5.1.x86_64.rpm
d202d0193aceb18e9a54152c3fb7463d
mes5/x86_64/eclipse-pde-3.4.0-0.22.3.1mdvmes5.1.x86_64.rpm
b4835887c721160b8d489f138bd7d1fe
mes5/x86_64/eclipse-platform-3.4.0-0.22.3.1mdvmes5.1.x86_64.rpm
7d6f8d3cb3253f12d0c495b5cda5ef5a
mes5/x86_64/eclipse-rcp-3.4.0-0.22.3.1mdvmes5.1.x86_64.rpm
af782a0716f49ce19c929fdc59bed8ba
mes5/x86_64/eclipse-swt-3.4.0-0.22.3.1mdvmes5.1.x86_64.rpm
25960e51fee777e9f3183eed2bab0b34
mes5/SRPMS/eclipse-3.4.0-0.22.3.1mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNYNzsmqjQ0CJFipgRAiOtAKC/7CwAxzhJW8P+3bLVGXfIFusRAQCg1d/V
oNYuICsb3tEdrozlAvy8E/E=
=l1wP
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke