VARIoT IoT vulnerabilities database

Directory traversal vulnerability in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to read arbitrary files via unspecified vectors. Proofpoint Protection Server Has multiple vulnerabilities. Proofpoint Protection Server Includes authentication bypass, command injection, SQL Multiple vulnerabilities exist, including injection and directory traversal. Clear Skies Security's advisory of TECHNICAL DETAILS Describes each vulnerability as follows: "Enduser Authentication Bypass User-level access to the Proofpoint mail filter web interface can be obtained as any available user without providing the user’s login credentials. Proofpoint SQL Injection A publicly accessible function in the Proofpoint interface is vulnerable to SQL Injection. Proofpoint Command Injection A function in the Proofpoint web interface can be manipulated into executing any command on the server. Proofpoint Forced Browsing / Insufficient Page Authorization Some administrative modules are accessible without authenticating with the application."A remote attacker could execute arbitrary commands or download arbitrary files. An authentication-bypass vulnerability 2. A command-injection vulnerability 3. An SQL-injection vulnerability 4. A security-bypass vulnerability 5. A directory-traversal vulnerability Attackers may exploit these issues to retrieve arbitrary files from the affected application, compromise the application, obtain sensitive information, access or modify data, exploit latent vulnerabilities in the underlying database, and gain administrative access to the affected application. ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Proofpoint Enterprise Protection Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44457 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44457/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44457 RELEASE DATE: 2011-05-04 DISCUSS ADVISORY: http://secunia.com/advisories/44457/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44457/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44457 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Proofpoint Enterprise Protection, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, bypass certain security restrictions, disclose sensitive information, and compromise a vulnerable system. 1) Input passed via the "displayprogress" parameter to enduser/process.cgi is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Note: This vulnerability only affects version 5.5.5. 3) Certain unspecified input is not properly verified before being used to access files. 4) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 5) An error in the application allows access to certain administrative modules without checking for authentication. 6) Certain unspecified input is not properly sanitised before being used and can be exploited to inject and execute arbitrary commands. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) Karan Khosla, Sense of Security Labs. 2 - 6) Scott Miles, Clear Skies Security via US-CERT. ORIGINAL ADVISORY: Proofpoint: https://support.proofpoint.com/article.cgi?article_id=338413 Sense of Security Labs: http://www.senseofsecurity.com.au/advisories/SOS-11-005 US-CERT VU#790980: http://www.kb.cert.org/vuls/id/790980 Clear Skies Security: http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Stack-based buffer overflow in the Open Database Connectivity (ODBC) service (Odbcixv9se.exe) in 7-Technologies Interactive Graphical SCADA System (IGSS) 9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to TCP port 22202. Igss is prone to a denial-of-service vulnerability. ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: 7-Technologies Interactive Graphical SCADA System ODBC Server Buffer Overflow SECUNIA ADVISORY ID: SA44345 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44345/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44345 RELEASE DATE: 2011-04-30 DISCUSS ADVISORY: http://secunia.com/advisories/44345/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44345/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44345 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Insomnia Security has reported a vulnerability in 7-Technologies Interactive Graphical SCADA System, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the ODBC server (Odbcixv9se.exe) when processing certain packets. Successful exploitation may allow execution of arbitrary code. SOLUTION: Fixed in the latest version. Contact the vendor for more information. PROVIDED AND/OR DISCOVERED BY: James Burton, Insomnia Security ORIGINAL ADVISORY: Insomnia Security: http://www.insomniasec.com/advisories/ISVA-110427.1.htm OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

There is an information disclosure vulnerability in the Aotian Motion Wireless Network Controller, and the system configuration file of the controller can be obtained.

Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 allow local users to gain privileges via unspecified vectors, aka Bug ID CSCtn65815. The problem is Bug ID CSCtn65815 It is a problem.Authority may be obtained by local users. The Cisco Wireless LAN Controller is used to manage Cisco Aironet access point applications using the Lightweight Access Point Protocol (LWAPP). The Cisco Wireless LAN Controller has a denial of service vulnerability that allows unauthenticated attackers to send a series of ICMP messages to overload the device. This vulnerability can be exploited by wireless and wired segments. These three vulnerabilities are classified as two privilege escalation vulnerabilities and one signature bypass vulnerability. There are no workarounds available to mitigate these vulnerabilities. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20110601-phone.shtml. The following sections provide the details of each vulnerability addressed in this security advisory. These vulnerabilities are documented in Cisco bug IDs CSCtf07426 and CSCtn65815 and have been assigned Common Vulnerabilities and Exposures (CVE) identifiers CVE-2011-1602 and CVE-2011-1603 respectively. Vulnerability Scoring Details +---------------------------- Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCtf07426 - Privilege Escalation with "su" utility CVSS Base Score - 6.6 Access Vector - Local Access Complexity - Medium Authentication - Single Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 5.5 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtn65815 - Privilege Escalation in IP Phones CVSS Base Score - 6.6 Access Vector - Local Access Complexity - Medium Authentication - Single Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 5.5 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtn65962 - Phones Permits the Installation of Unsigned Code CVSS Base Score - 1.5 Access Vector - Local Access Complexity - Medium Authentication - Single Confidentiality Impact - Partial Integrity Impact - None Availability Impact - None CVSS Temporal Score - 1.2 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the two privilege escalation vulnerabilities could allow an authenticated attacker to change phone configuration and obtain system information. Successful exploitation of the signature verification bypass vulnerability that could allow an authenticated attacker to load and execute a software image without verification of its signature. Software Versions and Fixes =========================== When considering software upgrades, also consult: http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. +---------------------------------------+ | | First | | Vulnerability | Fixed | | | Release | |----------------------------+----------| | CSCtf07426 - Privilege | | | Escalation with "su" | 9.0.3 | | utility | | |----------------------------+----------| | CSCtn65815 - Privilege | 9.2.1 | | Escalation in IP Phones | | |----------------------------+----------| | CSCtn65962 - Phones | | | Permits the Installation | 9.2.1 | | of Unsigned Code | | +---------------------------------------+ Workarounds =========== There are no workarounds available to mitigate any of these vulnerabilities. Note: All of these vulnerabilities require the attacker to be authenticated. Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. These vulnerabilities were discovered and reported to Cisco by Matt Duggan of Qualcomm. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110601-phone.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2011-June-01 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iFcDBQFN5k0FQXnnBKKRMNARCCF9AP0ar3AfiP9uA0nW3t6SFYx6XIdGytUG2S/K 1SMd+3y7wgEAhzzCUzc85QKeV/jicP5lXboEspr5eU7MftNMqM1oUNw= =ZBzs -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/ ---------------------------------------------------------------------- TITLE: Cisco Unified IP Phone Privilege Escalation and Security Bypass SECUNIA ADVISORY ID: SA44814 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44814/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44814 RELEASE DATE: 2011-06-03 DISCUSS ADVISORY: http://secunia.com/advisories/44814/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44814/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44814 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some security issues have been reported in Cisco Unified IP Phone models, which can be exploited by malicious, local users to bypass certain security restrictions and perform certain actions with escalated privileges. 3) An error in the device does not properly verify the signature of the software image before loading the image and can be exploited to upload an arbitrary software image. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110601-phone.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in the Java Embedding Plugin (JEP) in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, on Mac OS X allows remote attackers to bypass intended access restrictions via unknown vectors. Mozilla Firefox and SeaMonkey are prone to a privilege-escalation vulnerability. An attacker can exploit this issue by enticing an unsuspecting user into viewing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code with elevated privileges. Failed exploit attempts will likely result in denial-of-service conditions. This issue is fixed in: Firefox 3.6.17 Firefox 3.5.19 SeaMonkey 2.0.14 NOTE: This issue was previously discussed in BID 47635 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2011-12 through -18 Multiple Vulnerabilities) but has been moved to its own record to better document it. Firefox is a very popular open source web browser. SeaMonkey is an open source web browser, mail and newsgroup client, IRC session client, and HTML editor. Remote attackers can use unknown vectors to bypass preset access restrictions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:079 http://www.mandriva.com/security/ _______________________________________________________________________ Package : firefox Date : April 30, 2011 Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Chris Evans of the Chrome Security Team reported that the XSLT generate-id() function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while exploiting a different memory corruption but, in order to make an exploit more reliable or work around mitigation features in the browser or operating system (CVE-2011-1202). Security researcher Soroush Dalili reported that the resource: protocol could be exploited to allow directory traversal on Windows and the potential loading of resources from non-permitted locations. The impact would depend on whether interesting files existed in predictable locations in a useful format. For example, the existence or non-existence of particular images might indicate whether certain software was installed (CVE-2011-0071). Security researcher Paul Stone reported that a Java applet could be used to mimic interaction with form autocomplete controls and steal entries from the form history (CVE-2011-0067). Security researcher regenrecht reported several dangling pointer vulnerabilities via TippingPoint&#039;s Zero Day Initiative (CVE-2011-0065, CVE-2011-0066, CVE-2011-0073). Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2011-0081, CVE-2011-0069, CVE-2011-0070, CVE-2011-0080, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0072). Additionally the sqlite3 packages were upgraded to the 3.7.6.2 version. A new package that provides /usr/bin/lemon was added. The lemon software was previousely provided with sqlite3 and is used in some cases when building php. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490 Additionally, some packages which require so, have been rebuilt and are being provided as updates. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0071 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0067 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0065 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0066 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0073 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0081 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0069 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0070 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0080 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0074 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0075 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0078 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0072 http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.17 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: 2973de477d7455b08bbe09f5a570f6aa 2009.0/i586/beagle-0.3.8-13.36mdv2009.0.i586.rpm 7e198710e98eed5835de55a07bcc645d 2009.0/i586/beagle-crawl-system-0.3.8-13.36mdv2009.0.i586.rpm a9955422fa8f5e70cee6df6a3b9fae7c 2009.0/i586/beagle-doc-0.3.8-13.36mdv2009.0.i586.rpm 23513c8d7d383f3b0d20902b30d11790 2009.0/i586/beagle-epiphany-0.3.8-13.36mdv2009.0.i586.rpm 391f72db4d9b334fed1b3d33306ee55f 2009.0/i586/beagle-evolution-0.3.8-13.36mdv2009.0.i586.rpm 7311810525b3483b8754ecc4390033e6 2009.0/i586/beagle-gui-0.3.8-13.36mdv2009.0.i586.rpm 935fdbace81371b2eea685f037caff00 2009.0/i586/beagle-gui-qt-0.3.8-13.36mdv2009.0.i586.rpm 8ca9aa9f40e44a872cf0befa74789302 2009.0/i586/beagle-libs-0.3.8-13.36mdv2009.0.i586.rpm cabf1109de711d8b8b144501263d6d9a 2009.0/i586/devhelp-0.21-3.25mdv2009.0.i586.rpm 5d49d110ca039207523256b93ca0aefb 2009.0/i586/devhelp-plugins-0.21-3.25mdv2009.0.i586.rpm 9da6dcff3078fda7f7b78843400051b7 2009.0/i586/epiphany-2.24.3-0.14mdv2009.0.i586.rpm 0ac6148e0be68f6c9ae8263c1399769e 2009.0/i586/epiphany-devel-2.24.3-0.14mdv2009.0.i586.rpm 0f1ff7a4bfc2067c89b66fd98e62e8f9 2009.0/i586/firefox-3.6.17-0.1mdv2009.0.i586.rpm 68c6d5e2860f7c24f4af09bc313f5164 2009.0/i586/firefox-af-3.6.17-0.1mdv2009.0.i586.rpm 2a63cbcbd840c1ba22ac317e44c36f80 2009.0/i586/firefox-ar-3.6.17-0.1mdv2009.0.i586.rpm 00bca75faebfbd49825d0b03580f5123 2009.0/i586/firefox-be-3.6.17-0.1mdv2009.0.i586.rpm db03eca0613b52f2f077279d6883a0d5 2009.0/i586/firefox-bg-3.6.17-0.1mdv2009.0.i586.rpm 4a552121865938a8912a68de5dab9be6 2009.0/i586/firefox-bn-3.6.17-0.1mdv2009.0.i586.rpm 8f7d1c3f2f79f1d25d14a3cd8d6401e3 2009.0/i586/firefox-ca-3.6.17-0.1mdv2009.0.i586.rpm 228db324dd6cdd307fcf4642c63b48bb 2009.0/i586/firefox-cs-3.6.17-0.1mdv2009.0.i586.rpm 948c6ebab830b48a173c471a1b8526a8 2009.0/i586/firefox-cy-3.6.17-0.1mdv2009.0.i586.rpm 7472f143a13da640d052c40977a027df 2009.0/i586/firefox-da-3.6.17-0.1mdv2009.0.i586.rpm a40f6c2977f79caa31e87d09169d1a0e 2009.0/i586/firefox-de-3.6.17-0.1mdv2009.0.i586.rpm 3861628556d0d7b4a3c8200cbd0dc8d3 2009.0/i586/firefox-devel-3.6.17-0.1mdv2009.0.i586.rpm 3571fa7c7e0cc159ec27d13bbcd18afb 2009.0/i586/firefox-el-3.6.17-0.1mdv2009.0.i586.rpm 71ed13d932446cd071f57370f1c67993 2009.0/i586/firefox-en_GB-3.6.17-0.1mdv2009.0.i586.rpm 7204644845d2f0516c8231604e51be06 2009.0/i586/firefox-eo-3.6.17-0.1mdv2009.0.i586.rpm a304223e23e5ae9d862606aa64eb0473 2009.0/i586/firefox-es_AR-3.6.17-0.1mdv2009.0.i586.rpm e10040850cae86538b035f5795147359 2009.0/i586/firefox-es_ES-3.6.17-0.1mdv2009.0.i586.rpm 0da9a35d0287fe8537e50aad67864861 2009.0/i586/firefox-et-3.6.17-0.1mdv2009.0.i586.rpm e433dcf9f297d3468d02e34c1cdec2f7 2009.0/i586/firefox-eu-3.6.17-0.1mdv2009.0.i586.rpm b8c6a66f15cda3f88e41d251e492b766 2009.0/i586/firefox-ext-beagle-0.3.8-13.36mdv2009.0.i586.rpm 298ffb6cb4907c8fed7013bc1cd8b7cd 2009.0/i586/firefox-ext-blogrovr-1.1.804-0.13mdv2009.0.i586.rpm 346f393bb67e5b07d7f5da620f0a7cfd 2009.0/i586/firefox-ext-mozvoikko-1.0-0.13mdv2009.0.i586.rpm c5549d686d3cf1af3f1af6e76d53710d 2009.0/i586/firefox-ext-scribefire-3.5.1-0.13mdv2009.0.i586.rpm b0bb514e6bc44941c257ab9e9a4886ce 2009.0/i586/firefox-ext-xmarks-3.5.10-0.13mdv2009.0.i586.rpm 45513fb325474a1ab238f0603e277f53 2009.0/i586/firefox-fi-3.6.17-0.1mdv2009.0.i586.rpm f779393326b33faac80b0464423de6b2 2009.0/i586/firefox-fr-3.6.17-0.1mdv2009.0.i586.rpm 53410f5a375a58acf74911b4455408a2 2009.0/i586/firefox-fy-3.6.17-0.1mdv2009.0.i586.rpm b3839dd9b19d38c42ea35a44d618a9c6 2009.0/i586/firefox-ga_IE-3.6.17-0.1mdv2009.0.i586.rpm e05ece41e912c28410ce8c4d5e7aac09 2009.0/i586/firefox-gl-3.6.17-0.1mdv2009.0.i586.rpm 586386851fbe0a16b578cd9cb6268440 2009.0/i586/firefox-gu_IN-3.6.17-0.1mdv2009.0.i586.rpm 854c678ffd13330aec33447c9b197769 2009.0/i586/firefox-he-3.6.17-0.1mdv2009.0.i586.rpm 017389c95a4b6c2d073d318180d5e384 2009.0/i586/firefox-hi-3.6.17-0.1mdv2009.0.i586.rpm 155b3dd9f3d4df8d171c66a304d2fd85 2009.0/i586/firefox-hu-3.6.17-0.1mdv2009.0.i586.rpm 7ba221d915d86a7ff40021d37cbfe985 2009.0/i586/firefox-id-3.6.17-0.1mdv2009.0.i586.rpm 39130b124a73caef8f2b4f9aa6b0e61a 2009.0/i586/firefox-is-3.6.17-0.1mdv2009.0.i586.rpm b71974aed5edda2cc0e65000df3a1011 2009.0/i586/firefox-it-3.6.17-0.1mdv2009.0.i586.rpm 07a88fe9d9beb8ba7b5ee9936f347dc5 2009.0/i586/firefox-ja-3.6.17-0.1mdv2009.0.i586.rpm fe09ec733d5edede980b81e3bb1a9809 2009.0/i586/firefox-ka-3.6.17-0.1mdv2009.0.i586.rpm 1f54c7528e5b7ce3b9b85cfa8e875640 2009.0/i586/firefox-kn-3.6.17-0.1mdv2009.0.i586.rpm a217105802753a4f9d7ed341a1192f63 2009.0/i586/firefox-ko-3.6.17-0.1mdv2009.0.i586.rpm c42801fa51cdf12a07d3afd8f65be5ff 2009.0/i586/firefox-ku-3.6.17-0.1mdv2009.0.i586.rpm fdb5ff5c53e6290f5e543cbbc80f0782 2009.0/i586/firefox-lt-3.6.17-0.1mdv2009.0.i586.rpm a42d147c886a87428e1433081f8fab98 2009.0/i586/firefox-lv-3.6.17-0.1mdv2009.0.i586.rpm 3c9a81ffc3597e21448f5f5a9485b399 2009.0/i586/firefox-mk-3.6.17-0.1mdv2009.0.i586.rpm 799700985d71360d86de7372d0cf0364 2009.0/i586/firefox-mr-3.6.17-0.1mdv2009.0.i586.rpm 8540e2fd37d7e577fa9c770af9360b60 2009.0/i586/firefox-nb_NO-3.6.17-0.1mdv2009.0.i586.rpm 26dbb0a70d552a636dfb22d7725859c2 2009.0/i586/firefox-nl-3.6.17-0.1mdv2009.0.i586.rpm c76027df052ae1cc125e798b07fb9a83 2009.0/i586/firefox-nn_NO-3.6.17-0.1mdv2009.0.i586.rpm 60a2f1bd57c903e7c66c5905e8e192a9 2009.0/i586/firefox-oc-3.6.17-0.1mdv2009.0.i586.rpm a0ce0cff62e5217e50ced505dc22261a 2009.0/i586/firefox-pa_IN-3.6.17-0.1mdv2009.0.i586.rpm 67346320e8159a7c1a351482ae832fdd 2009.0/i586/firefox-pl-3.6.17-0.1mdv2009.0.i586.rpm fc448d8eec4340436fa55350a91a4f24 2009.0/i586/firefox-pt_BR-3.6.17-0.1mdv2009.0.i586.rpm cf72d6ad8a417fd724e52210bf509b74 2009.0/i586/firefox-pt_PT-3.6.17-0.1mdv2009.0.i586.rpm 34ea987f1a28427acd00f07b97038890 2009.0/i586/firefox-ro-3.6.17-0.1mdv2009.0.i586.rpm 305033f355f87f0b4b567d6b7563354e 2009.0/i586/firefox-ru-3.6.17-0.1mdv2009.0.i586.rpm 3c40b9a2484cdabd87784fe09661ecb8 2009.0/i586/firefox-si-3.6.17-0.1mdv2009.0.i586.rpm 7aa26e6bb6d954a5ad008c1e3d909cbc 2009.0/i586/firefox-sk-3.6.17-0.1mdv2009.0.i586.rpm 3f23f9c83f414de0059cb60eebf8d850 2009.0/i586/firefox-sl-3.6.17-0.1mdv2009.0.i586.rpm f5e77819022ca51867af2a8d34f2a066 2009.0/i586/firefox-sq-3.6.17-0.1mdv2009.0.i586.rpm ab6de80851e9b39524a1a9e50508f4b6 2009.0/i586/firefox-sr-3.6.17-0.1mdv2009.0.i586.rpm e3e2d2e7c58ea80d9e518f50f75e11bb 2009.0/i586/firefox-sv_SE-3.6.17-0.1mdv2009.0.i586.rpm 7889dfad70b01797357808b0efd4181a 2009.0/i586/firefox-te-3.6.17-0.1mdv2009.0.i586.rpm 8eb35b7fb3d9717269d656ab0af66d85 2009.0/i586/firefox-th-3.6.17-0.1mdv2009.0.i586.rpm db344c8f85860dc0939ae13cfc0a73ef 2009.0/i586/firefox-theme-kfirefox-0.16-0.13mdv2009.0.i586.rpm b7cbe47a64595ec5c8e323727885eb8c 2009.0/i586/firefox-tr-3.6.17-0.1mdv2009.0.i586.rpm 63c912c7c72a2683fd2749f5a643709e 2009.0/i586/firefox-uk-3.6.17-0.1mdv2009.0.i586.rpm 445eec8f6167567b32046e16d1e4a8ac 2009.0/i586/firefox-zh_CN-3.6.17-0.1mdv2009.0.i586.rpm 36de2012d0dc81e1636912aebe714cd7 2009.0/i586/firefox-zh_TW-3.6.17-0.1mdv2009.0.i586.rpm fea435facb5a727a1769b95ffdd6b7d1 2009.0/i586/gnome-python-extras-2.19.1-20.27mdv2009.0.i586.rpm 44d5541c188e831160c627682823285d 2009.0/i586/gnome-python-gda-2.19.1-20.27mdv2009.0.i586.rpm 09de2acc67f26df4996b244fb720a865 2009.0/i586/gnome-python-gda-devel-2.19.1-20.27mdv2009.0.i586.rpm d78dbc547deafba5525ddef72093099b 2009.0/i586/gnome-python-gdl-2.19.1-20.27mdv2009.0.i586.rpm aaefe570ba5819e6afa4fd49425fdf57 2009.0/i586/gnome-python-gtkhtml2-2.19.1-20.27mdv2009.0.i586.rpm 5868123938a14c88ce61b2604c7ea252 2009.0/i586/gnome-python-gtkmozembed-2.19.1-20.27mdv2009.0.i586.rpm f7e7eb05f7b7fc09db698dc47c187bb5 2009.0/i586/gnome-python-gtkspell-2.19.1-20.27mdv2009.0.i586.rpm 79225cceef1a08a2d7297d088e7b97b4 2009.0/i586/lemon-3.7.4-0.1mdv2009.0.i586.rpm 2c2f28010934dde726a22971771369b9 2009.0/i586/libdevhelp-1_0-0.21-3.25mdv2009.0.i586.rpm 7b6cb5ee62261c8f871c1ad99ca5b635 2009.0/i586/libdevhelp-1-devel-0.21-3.25mdv2009.0.i586.rpm 497c932d9820cc1699102646d2ef218b 2009.0/i586/libsqlite3_0-3.7.6.2-0.1mdv2009.0.i586.rpm fba77facd31656c25a044fedb3ffe3b5 2009.0/i586/libsqlite3-devel-3.7.6.2-0.1mdv2009.0.i586.rpm 530c270b9dd5e1a8c9e678bafedc6d53 2009.0/i586/libsqlite3-static-devel-3.7.6.2-0.1mdv2009.0.i586.rpm 9dd3cb1007979e629daa0d27f78be530 2009.0/i586/libxulrunner1.9.2.17-1.9.2.17-0.1mdv2009.0.i586.rpm 46b0fbc1b5e027120083a1ffd58605a8 2009.0/i586/libxulrunner-devel-1.9.2.17-0.1mdv2009.0.i586.rpm ad5e3d1ffd7382f012a9d57c4fa702e8 2009.0/i586/mozilla-thunderbird-beagle-0.3.8-13.36mdv2009.0.i586.rpm adad587299352a74e675cface6154638 2009.0/i586/sqlite3-tools-3.7.6.2-0.1mdv2009.0.i586.rpm aeb059de62194445a32c7de36faa9e2e 2009.0/i586/xulrunner-1.9.2.17-0.1mdv2009.0.i586.rpm a5caae640a02076364fdd8c189794478 2009.0/i586/yelp-2.24.0-3.28mdv2009.0.i586.rpm 0972d520d57df45393b0aef2da4b12ee 2009.0/SRPMS/beagle-0.3.8-13.36mdv2009.0.src.rpm 3f8b8f723797f0fbbb5e0264bac2bfbf 2009.0/SRPMS/devhelp-0.21-3.25mdv2009.0.src.rpm ebbdbeb5e3ccb2fe3f424a327eb475ef 2009.0/SRPMS/epiphany-2.24.3-0.14mdv2009.0.src.rpm 3350215ced82f1bcf19a8e8188bf0a61 2009.0/SRPMS/firefox-3.6.17-0.1mdv2009.0.src.rpm f11029532df82e7923c4b096af98d3f0 2009.0/SRPMS/firefox-ext-blogrovr-1.1.804-0.13mdv2009.0.src.rpm 5aca99c0285a4412ecf02cf6bf946801 2009.0/SRPMS/firefox-ext-mozvoikko-1.0-0.13mdv2009.0.src.rpm dbb411ce9ba2dc5416b53aea4c6641ae 2009.0/SRPMS/firefox-ext-scribefire-3.5.1-0.13mdv2009.0.src.rpm 96e289aef5dd3795e776125a93b9a11e 2009.0/SRPMS/firefox-ext-xmarks-3.5.10-0.13mdv2009.0.src.rpm 8681188142a3360b17eae804219d934e 2009.0/SRPMS/firefox-l10n-3.6.17-0.1mdv2009.0.src.rpm 0b632cc0d32c20cb4c7458c7c20b0bcf 2009.0/SRPMS/firefox-theme-kfirefox-0.16-0.13mdv2009.0.src.rpm 82b1d9b926a7a183edd6ee0b39ee9fd8 2009.0/SRPMS/gnome-python-extras-2.19.1-20.27mdv2009.0.src.rpm 5bffe9ac14aabf83ea8b5c79f0e8e33f 2009.0/SRPMS/lemon-3.7.4-0.1mdv2009.0.src.rpm aa8e2dcac3269d9836f3dade77086e7f 2009.0/SRPMS/sqlite3-3.7.6.2-0.1mdv2009.0.src.rpm fba6a9ca071ee5648b373d678d67e352 2009.0/SRPMS/xulrunner-1.9.2.17-0.1mdv2009.0.src.rpm 4dc1a3719ef51d45d3af0be61950aef7 2009.0/SRPMS/yelp-2.24.0-3.28mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: b032aed8693b94bf0b5f457b0e7c3eb7 2009.0/x86_64/beagle-0.3.8-13.36mdv2009.0.x86_64.rpm 2fac29c992cd8be8892a4fb91d380336 2009.0/x86_64/beagle-crawl-system-0.3.8-13.36mdv2009.0.x86_64.rpm 055ef55bb8a468a5ec17e87a93a58b0d 2009.0/x86_64/beagle-doc-0.3.8-13.36mdv2009.0.x86_64.rpm 3fcee0a627224a9387b748a4abc461d5 2009.0/x86_64/beagle-epiphany-0.3.8-13.36mdv2009.0.x86_64.rpm 51976fc9309a41ca1ea61541110240b2 2009.0/x86_64/beagle-evolution-0.3.8-13.36mdv2009.0.x86_64.rpm a61243e5f9c5e0758dbfc4bc07b4dc84 2009.0/x86_64/beagle-gui-0.3.8-13.36mdv2009.0.x86_64.rpm 0a61952ef1924995be127129a149fbdf 2009.0/x86_64/beagle-gui-qt-0.3.8-13.36mdv2009.0.x86_64.rpm 734beb1bd9073dd56e5c2088213b7967 2009.0/x86_64/beagle-libs-0.3.8-13.36mdv2009.0.x86_64.rpm 595c25f3843781372230c07b5b33a442 2009.0/x86_64/devhelp-0.21-3.25mdv2009.0.x86_64.rpm 475b50ca8b0fbfeb52b09be5b92ed7ae 2009.0/x86_64/devhelp-plugins-0.21-3.25mdv2009.0.x86_64.rpm 8ddc7628fe244b65a69d4f40cc2f6c53 2009.0/x86_64/epiphany-2.24.3-0.14mdv2009.0.x86_64.rpm e7ae117ed437ad50e8d723818bc05ff9 2009.0/x86_64/epiphany-devel-2.24.3-0.14mdv2009.0.x86_64.rpm 04e2c0401ba7286141e292d0f4be0c6a 2009.0/x86_64/firefox-3.6.17-0.1mdv2009.0.x86_64.rpm e77f3b52a818b35b3b06f6a441221022 2009.0/x86_64/firefox-af-3.6.17-0.1mdv2009.0.x86_64.rpm ca49e550e4970bd20ec5e13d455b7657 2009.0/x86_64/firefox-ar-3.6.17-0.1mdv2009.0.x86_64.rpm 85ab3b431c7de6d7346f2af80724a1e3 2009.0/x86_64/firefox-be-3.6.17-0.1mdv2009.0.x86_64.rpm 9ac78224cc072b8a865eb57ccb44424d 2009.0/x86_64/firefox-bg-3.6.17-0.1mdv2009.0.x86_64.rpm 730388eccf9f9828f64af196ee86c5a6 2009.0/x86_64/firefox-bn-3.6.17-0.1mdv2009.0.x86_64.rpm 58a3decd3e3a3886a19dc40fb820941b 2009.0/x86_64/firefox-ca-3.6.17-0.1mdv2009.0.x86_64.rpm 5a90624d3518ba36ec55eb2a6420204b 2009.0/x86_64/firefox-cs-3.6.17-0.1mdv2009.0.x86_64.rpm db24b27132cb8dca3ea45ebcb6071712 2009.0/x86_64/firefox-cy-3.6.17-0.1mdv2009.0.x86_64.rpm a022a90fe3a6cca94340efcecb5001fe 2009.0/x86_64/firefox-da-3.6.17-0.1mdv2009.0.x86_64.rpm 4d59bf79a75d8213efc9a8f42357c4fe 2009.0/x86_64/firefox-de-3.6.17-0.1mdv2009.0.x86_64.rpm b20662cb8b1635f251d57a0833f9093e 2009.0/x86_64/firefox-devel-3.6.17-0.1mdv2009.0.x86_64.rpm 4c4cff9e136d5174633caf87334cd9cb 2009.0/x86_64/firefox-el-3.6.17-0.1mdv2009.0.x86_64.rpm 93bf8ba5a8e93c7006811d353d4c4f3d 2009.0/x86_64/firefox-en_GB-3.6.17-0.1mdv2009.0.x86_64.rpm a8b2021a6a9677c75f8ed5af7ccf9093 2009.0/x86_64/firefox-eo-3.6.17-0.1mdv2009.0.x86_64.rpm 60ae56632071590bb7b0d1f0f6a7671a 2009.0/x86_64/firefox-es_AR-3.6.17-0.1mdv2009.0.x86_64.rpm 601891ab9929ccf4ddea627b466642b5 2009.0/x86_64/firefox-es_ES-3.6.17-0.1mdv2009.0.x86_64.rpm b23dc67128474e77c02569ed3cf3d03c 2009.0/x86_64/firefox-et-3.6.17-0.1mdv2009.0.x86_64.rpm d6a6ade1469d07ea53dc0a80cd1e3ca6 2009.0/x86_64/firefox-eu-3.6.17-0.1mdv2009.0.x86_64.rpm 5b00c95f5af2960e0ae8885f81b14453 2009.0/x86_64/firefox-ext-beagle-0.3.8-13.36mdv2009.0.x86_64.rpm aa8b9f39a32280974cb7d37ef0f3365b 2009.0/x86_64/firefox-ext-blogrovr-1.1.804-0.13mdv2009.0.x86_64.rpm 90af6af5192a0523b7ca543d9b4f4d48 2009.0/x86_64/firefox-ext-mozvoikko-1.0-0.13mdv2009.0.x86_64.rpm 2ef1da56893a9ee8808c8e8a40f2855b 2009.0/x86_64/firefox-ext-scribefire-3.5.1-0.13mdv2009.0.x86_64.rpm ece9cf46ad4b8968b4804f58b9eede04 2009.0/x86_64/firefox-ext-xmarks-3.5.10-0.13mdv2009.0.x86_64.rpm c3be652781ea8fc04dd51009765a2018 2009.0/x86_64/firefox-fi-3.6.17-0.1mdv2009.0.x86_64.rpm 73b6dfa12df8d2f6d904a429a45aac6a 2009.0/x86_64/firefox-fr-3.6.17-0.1mdv2009.0.x86_64.rpm 88836378097f79cef65b842a71cc4e69 2009.0/x86_64/firefox-fy-3.6.17-0.1mdv2009.0.x86_64.rpm daa588318b69ee3223f472545e4a150c 2009.0/x86_64/firefox-ga_IE-3.6.17-0.1mdv2009.0.x86_64.rpm 1c0759836da6bd094788eef5120db5b1 2009.0/x86_64/firefox-gl-3.6.17-0.1mdv2009.0.x86_64.rpm fe4b9531eeb1fcbb37de47c73464abea 2009.0/x86_64/firefox-gu_IN-3.6.17-0.1mdv2009.0.x86_64.rpm a5981a499f181f788316c4580589ef2e 2009.0/x86_64/firefox-he-3.6.17-0.1mdv2009.0.x86_64.rpm 2550f09a264ffd4f60152fb310be2900 2009.0/x86_64/firefox-hi-3.6.17-0.1mdv2009.0.x86_64.rpm d1fbfc46c8f06b45959c5838e28a23aa 2009.0/x86_64/firefox-hu-3.6.17-0.1mdv2009.0.x86_64.rpm aaadb1c087eefe50e4bc877477abac4c 2009.0/x86_64/firefox-id-3.6.17-0.1mdv2009.0.x86_64.rpm 3314496029094186ee870f310ecab2f7 2009.0/x86_64/firefox-is-3.6.17-0.1mdv2009.0.x86_64.rpm 76dbab7b062c0bd4907c91c322c9a183 2009.0/x86_64/firefox-it-3.6.17-0.1mdv2009.0.x86_64.rpm c711dc2be8d7dc6b47680894e01da605 2009.0/x86_64/firefox-ja-3.6.17-0.1mdv2009.0.x86_64.rpm 527f62d56b9bb634de9c84317f570591 2009.0/x86_64/firefox-ka-3.6.17-0.1mdv2009.0.x86_64.rpm 6c51c819e5abc19f5d8f02efce3ba226 2009.0/x86_64/firefox-kn-3.6.17-0.1mdv2009.0.x86_64.rpm a3ab45d4da1be8b26dcbd457a3e9d3f9 2009.0/x86_64/firefox-ko-3.6.17-0.1mdv2009.0.x86_64.rpm 2e176ce5348d910c8057bc5563faf41c 2009.0/x86_64/firefox-ku-3.6.17-0.1mdv2009.0.x86_64.rpm dab82375106ffe486f47be236f8cb969 2009.0/x86_64/firefox-lt-3.6.17-0.1mdv2009.0.x86_64.rpm 48432620c19fe9808f84c5d1d38d21fe 2009.0/x86_64/firefox-lv-3.6.17-0.1mdv2009.0.x86_64.rpm 79182359d527104abc378941ccf75fad 2009.0/x86_64/firefox-mk-3.6.17-0.1mdv2009.0.x86_64.rpm cd492f6fc1b5f36bb4826f728434c6af 2009.0/x86_64/firefox-mr-3.6.17-0.1mdv2009.0.x86_64.rpm 01d8a87704b226b740c723f08ecc2d65 2009.0/x86_64/firefox-nb_NO-3.6.17-0.1mdv2009.0.x86_64.rpm d7312e9a8d543937d317c1d59b3a34a1 2009.0/x86_64/firefox-nl-3.6.17-0.1mdv2009.0.x86_64.rpm 85d01cb0516ecb676564b1054fda683d 2009.0/x86_64/firefox-nn_NO-3.6.17-0.1mdv2009.0.x86_64.rpm bb0810bd066ae8e63a58764a87e4d820 2009.0/x86_64/firefox-oc-3.6.17-0.1mdv2009.0.x86_64.rpm ddd12841f0c0f4601a4e06d2ceb2f677 2009.0/x86_64/firefox-pa_IN-3.6.17-0.1mdv2009.0.x86_64.rpm 12ac4b4f1e269138d250ca3644a1b36a 2009.0/x86_64/firefox-pl-3.6.17-0.1mdv2009.0.x86_64.rpm ae0839d18977a11b8f9dcafab4d37ad9 2009.0/x86_64/firefox-pt_BR-3.6.17-0.1mdv2009.0.x86_64.rpm 30f7df0cf5761ecbcd9c741e4766680e 2009.0/x86_64/firefox-pt_PT-3.6.17-0.1mdv2009.0.x86_64.rpm 9cc05af0f3a3f2d3d36cc7d2bb74660a 2009.0/x86_64/firefox-ro-3.6.17-0.1mdv2009.0.x86_64.rpm f1044bb9e20f353e4fc648bf0501524d 2009.0/x86_64/firefox-ru-3.6.17-0.1mdv2009.0.x86_64.rpm 84fd90488b116a7dd26787d5416b6b12 2009.0/x86_64/firefox-si-3.6.17-0.1mdv2009.0.x86_64.rpm ac187a0b46b8c1c9dc57d3ce86382dfb 2009.0/x86_64/firefox-sk-3.6.17-0.1mdv2009.0.x86_64.rpm 19102a390fef503416f6f38f53bece23 2009.0/x86_64/firefox-sl-3.6.17-0.1mdv2009.0.x86_64.rpm cc1d2bdfb6f76c667aeb1394560c9f08 2009.0/x86_64/firefox-sq-3.6.17-0.1mdv2009.0.x86_64.rpm 29900dc6cc095ac318cc64e72edd4d8b 2009.0/x86_64/firefox-sr-3.6.17-0.1mdv2009.0.x86_64.rpm b76ad7b6ddf7684a939bcea888d4a432 2009.0/x86_64/firefox-sv_SE-3.6.17-0.1mdv2009.0.x86_64.rpm 1a8c696020c195c83f64aca80bf731eb 2009.0/x86_64/firefox-te-3.6.17-0.1mdv2009.0.x86_64.rpm 239684a41f202c5edbcbf6217909e818 2009.0/x86_64/firefox-th-3.6.17-0.1mdv2009.0.x86_64.rpm 3c289ecc5ac769c4b18a381f6c8e363e 2009.0/x86_64/firefox-theme-kfirefox-0.16-0.13mdv2009.0.x86_64.rpm 3770e9c29be81d282b766d776a392a4f 2009.0/x86_64/firefox-tr-3.6.17-0.1mdv2009.0.x86_64.rpm e1c6942f3f842ae7551c96283c26e72d 2009.0/x86_64/firefox-uk-3.6.17-0.1mdv2009.0.x86_64.rpm aa519f7229db7d3dfdc217d613ebdea0 2009.0/x86_64/firefox-zh_CN-3.6.17-0.1mdv2009.0.x86_64.rpm 2e01ab4446c233d7a4e89ed1c4859274 2009.0/x86_64/firefox-zh_TW-3.6.17-0.1mdv2009.0.x86_64.rpm 39cf269b29e518aa8db16a99a43c18d7 2009.0/x86_64/gnome-python-extras-2.19.1-20.27mdv2009.0.x86_64.rpm b0ba6358ad186d93f5cf23984acdd288 2009.0/x86_64/gnome-python-gda-2.19.1-20.27mdv2009.0.x86_64.rpm c5b9d792230aea0602d696a650cf76ff 2009.0/x86_64/gnome-python-gda-devel-2.19.1-20.27mdv2009.0.x86_64.rpm b882a6e641aad7bc507beda9af730d9d 2009.0/x86_64/gnome-python-gdl-2.19.1-20.27mdv2009.0.x86_64.rpm 7fa08a97cbe98f8ad9707cb401ceef7d 2009.0/x86_64/gnome-python-gtkhtml2-2.19.1-20.27mdv2009.0.x86_64.rpm c577a096e7c627e2910d3d476a94ec95 2009.0/x86_64/gnome-python-gtkmozembed-2.19.1-20.27mdv2009.0.x86_64.rpm aefafa2fbaa7fdfb1ae7e7d484feb84b 2009.0/x86_64/gnome-python-gtkspell-2.19.1-20.27mdv2009.0.x86_64.rpm 6a4dae7f9c6b44e6c11718dce617ba4e 2009.0/x86_64/lemon-3.7.4-0.1mdv2009.0.x86_64.rpm 4befda2bfc13c141078f3b6f157ef014 2009.0/x86_64/lib64devhelp-1_0-0.21-3.25mdv2009.0.x86_64.rpm 91e5fc566a17eadf4c587ce1a7bc014b 2009.0/x86_64/lib64devhelp-1-devel-0.21-3.25mdv2009.0.x86_64.rpm 4b9faa7ba8fb0ef518ee214debf823ea 2009.0/x86_64/lib64sqlite3_0-3.7.6.2-0.1mdv2009.0.x86_64.rpm 26e89fde1f2ddfa51157f246a7a8148a 2009.0/x86_64/lib64sqlite3-devel-3.7.6.2-0.1mdv2009.0.x86_64.rpm 588a88e71749159790ab8f66f1a4b4e8 2009.0/x86_64/lib64sqlite3-static-devel-3.7.6.2-0.1mdv2009.0.x86_64.rpm abe638f2b42c8dff52fd47344d5202c5 2009.0/x86_64/lib64xulrunner1.9.2.17-1.9.2.17-0.1mdv2009.0.x86_64.rpm 368987069ca85079fbd58ec5a3fe503a 2009.0/x86_64/lib64xulrunner-devel-1.9.2.17-0.1mdv2009.0.x86_64.rpm ac35d16e378e015d39049265a1064ca6 2009.0/x86_64/mozilla-thunderbird-beagle-0.3.8-13.36mdv2009.0.x86_64.rpm 12295dfafb906d07b16e21d0773bd24a 2009.0/x86_64/sqlite3-tools-3.7.6.2-0.1mdv2009.0.x86_64.rpm cea2bac5a44774587ec4605f1cb97cbf 2009.0/x86_64/xulrunner-1.9.2.17-0.1mdv2009.0.x86_64.rpm 47f4aca2ef52ab69ac4bb90585e244f3 2009.0/x86_64/yelp-2.24.0-3.28mdv2009.0.x86_64.rpm 0972d520d57df45393b0aef2da4b12ee 2009.0/SRPMS/beagle-0.3.8-13.36mdv2009.0.src.rpm 3f8b8f723797f0fbbb5e0264bac2bfbf 2009.0/SRPMS/devhelp-0.21-3.25mdv2009.0.src.rpm ebbdbeb5e3ccb2fe3f424a327eb475ef 2009.0/SRPMS/epiphany-2.24.3-0.14mdv2009.0.src.rpm 3350215ced82f1bcf19a8e8188bf0a61 2009.0/SRPMS/firefox-3.6.17-0.1mdv2009.0.src.rpm f11029532df82e7923c4b096af98d3f0 2009.0/SRPMS/firefox-ext-blogrovr-1.1.804-0.13mdv2009.0.src.rpm 5aca99c0285a4412ecf02cf6bf946801 2009.0/SRPMS/firefox-ext-mozvoikko-1.0-0.13mdv2009.0.src.rpm dbb411ce9ba2dc5416b53aea4c6641ae 2009.0/SRPMS/firefox-ext-scribefire-3.5.1-0.13mdv2009.0.src.rpm 96e289aef5dd3795e776125a93b9a11e 2009.0/SRPMS/firefox-ext-xmarks-3.5.10-0.13mdv2009.0.src.rpm 8681188142a3360b17eae804219d934e 2009.0/SRPMS/firefox-l10n-3.6.17-0.1mdv2009.0.src.rpm 0b632cc0d32c20cb4c7458c7c20b0bcf 2009.0/SRPMS/firefox-theme-kfirefox-0.16-0.13mdv2009.0.src.rpm 82b1d9b926a7a183edd6ee0b39ee9fd8 2009.0/SRPMS/gnome-python-extras-2.19.1-20.27mdv2009.0.src.rpm 5bffe9ac14aabf83ea8b5c79f0e8e33f 2009.0/SRPMS/lemon-3.7.4-0.1mdv2009.0.src.rpm aa8e2dcac3269d9836f3dade77086e7f 2009.0/SRPMS/sqlite3-3.7.6.2-0.1mdv2009.0.src.rpm fba6a9ca071ee5648b373d678d67e352 2009.0/SRPMS/xulrunner-1.9.2.17-0.1mdv2009.0.src.rpm 4dc1a3719ef51d45d3af0be61950aef7 2009.0/SRPMS/yelp-2.24.0-3.28mdv2009.0.src.rpm Mandriva Linux 2010.0: b6a1e9e5b9e25830e9b7078924d2696e 2010.0/i586/beagle-0.3.9-20.24mdv2010.0.i586.rpm c157386b79eec41001dcae8b9133af69 2010.0/i586/beagle-crawl-system-0.3.9-20.24mdv2010.0.i586.rpm 4aef4afd0e9651ddad72b188b9351a42 2010.0/i586/beagle-doc-0.3.9-20.24mdv2010.0.i586.rpm 8832c1286824ae275dd9aa35e3ac4f1d 2010.0/i586/beagle-evolution-0.3.9-20.24mdv2010.0.i586.rpm 0e39eb8c59a596efa9315606059a1760 2010.0/i586/beagle-gui-0.3.9-20.24mdv2010.0.i586.rpm b6151aa5af9cd0a36ec8b164a0c90df4 2010.0/i586/beagle-gui-qt-0.3.9-20.24mdv2010.0.i586.rpm e21eb5e62627f34b63ef80efa85adce2 2010.0/i586/beagle-libs-0.3.9-20.24mdv2010.0.i586.rpm ce2e2fb2ac7223bdd59994a3ac2dc718 2010.0/i586/firefox-3.6.17-0.1mdv2010.0.i586.rpm c5d163ba6817bc2b58baa0c6aaade18f 2010.0/i586/firefox-af-3.6.17-0.1mdv2010.0.i586.rpm 309d34256461d7ced6f0f25e48a56ef4 2010.0/i586/firefox-ar-3.6.17-0.1mdv2010.0.i586.rpm 58abfbf8f8050c0b0964922770d41aa3 2010.0/i586/firefox-be-3.6.17-0.1mdv2010.0.i586.rpm ec582b11ef9394620eaed6132d84d839 2010.0/i586/firefox-bg-3.6.17-0.1mdv2010.0.i586.rpm 8093a30d51889561b62eed0f6a4d4e52 2010.0/i586/firefox-bn-3.6.17-0.1mdv2010.0.i586.rpm f104f48ecae85588e16845d7765cce61 2010.0/i586/firefox-ca-3.6.17-0.1mdv2010.0.i586.rpm 6a01b14ba6add339b15a1703508c491f 2010.0/i586/firefox-cs-3.6.17-0.1mdv2010.0.i586.rpm d2b01ad5090cb85cb1ee0c7ddae02e9c 2010.0/i586/firefox-cy-3.6.17-0.1mdv2010.0.i586.rpm d78c752aee982cadd936955e84a37129 2010.0/i586/firefox-da-3.6.17-0.1mdv2010.0.i586.rpm 8009736a3b595f259ed36676cfc1adcf 2010.0/i586/firefox-de-3.6.17-0.1mdv2010.0.i586.rpm cc2f5a0e41a84919685a390e50869193 2010.0/i586/firefox-devel-3.6.17-0.1mdv2010.0.i586.rpm 1f38c9f900932be64993471dd7cfa87d 2010.0/i586/firefox-el-3.6.17-0.1mdv2010.0.i586.rpm 620c598a6201f155fb66b8e8d71253bf 2010.0/i586/firefox-en_GB-3.6.17-0.1mdv2010.0.i586.rpm 44fdf2af3b0ac2497a2dccd3fe4fa6d1 2010.0/i586/firefox-eo-3.6.17-0.1mdv2010.0.i586.rpm 9bf9966d1fa20ca0a3b320e9eb67b3fb 2010.0/i586/firefox-es_AR-3.6.17-0.1mdv2010.0.i586.rpm c1afe2347d18c52e07322b4fc8cd625e 2010.0/i586/firefox-es_ES-3.6.17-0.1mdv2010.0.i586.rpm d3ddf4f0650d7faf3398c58e6f4abb9e 2010.0/i586/firefox-et-3.6.17-0.1mdv2010.0.i586.rpm 41c4ffc76147f9b79952a7372b22bfa4 2010.0/i586/firefox-eu-3.6.17-0.1mdv2010.0.i586.rpm ad261fd5e248f592a1d84ecd3f99c8f8 2010.0/i586/firefox-ext-beagle-0.3.9-20.24mdv2010.0.i586.rpm a7934e327f7c6b0faa8dd81e74b0bbba 2010.0/i586/firefox-ext-blogrovr-1.1.804-6.19mdv2010.0.i586.rpm b0a87ee3ea58549813ce53682528e344 2010.0/i586/firefox-ext-mozvoikko-1.0-6.19mdv2010.0.i586.rpm d5d1ca07987bd14a6d28b89323ac7f6d 2010.0/i586/firefox-ext-plasmanotify-0.3.1-0.14mdv2010.0.i586.rpm 458d326026b0ceb126e1881aede8c066 2010.0/i586/firefox-ext-r-kiosk-0.7.2-9.19mdv2010.0.i586.rpm c7d22e1864faceeb962dd67fbdf21335 2010.0/i586/firefox-ext-scribefire-3.5.1-0.13mdv2010.0.i586.rpm ad519aa8884647ff54ac422549d7b16e 2010.0/i586/firefox-fi-3.6.17-0.1mdv2010.0.i586.rpm b49e76476d75bad4b27770a57a04df23 2010.0/i586/firefox-fr-3.6.17-0.1mdv2010.0.i586.rpm 2fe7eb8092c120755c032e56748aa9b7 2010.0/i586/firefox-fy-3.6.17-0.1mdv2010.0.i586.rpm ce5815c669402fd42bc07d44d93c66d3 2010.0/i586/firefox-ga_IE-3.6.17-0.1mdv2010.0.i586.rpm bba69242827e981627211b2b5eb68931 2010.0/i586/firefox-gl-3.6.17-0.1mdv2010.0.i586.rpm ed338554b350057694e2a6c2d224b387 2010.0/i586/firefox-gu_IN-3.6.17-0.1mdv2010.0.i586.rpm 1b7dc5cab758801b82ac1c242da6d59c 2010.0/i586/firefox-he-3.6.17-0.1mdv2010.0.i586.rpm 007af7a298d36f8895fba605aac15803 2010.0/i586/firefox-hi-3.6.17-0.1mdv2010.0.i586.rpm 476f6ac627f82fc7f7c5543f56482796 2010.0/i586/firefox-hu-3.6.17-0.1mdv2010.0.i586.rpm 88f193ba3b7d0bef97eaac7857293a8f 2010.0/i586/firefox-id-3.6.17-0.1mdv2010.0.i586.rpm d0330a0dd7dcbd3daca42525454994ec 2010.0/i586/firefox-is-3.6.17-0.1mdv2010.0.i586.rpm b261438d53f2f8434efe2b95f7e8d954 2010.0/i586/firefox-it-3.6.17-0.1mdv2010.0.i586.rpm 3d5900d3faefb015dcb0a4d62ef16ebe 2010.0/i586/firefox-ja-3.6.17-0.1mdv2010.0.i586.rpm 292b801681eb21ecbf5778abcff89188 2010.0/i586/firefox-ka-3.6.17-0.1mdv2010.0.i586.rpm 8f540c760b340206cc3bd17698ee88df 2010.0/i586/firefox-kn-3.6.17-0.1mdv2010.0.i586.rpm c8854d6714259850dc92f7fbe6dd17dd 2010.0/i586/firefox-ko-3.6.17-0.1mdv2010.0.i586.rpm 2772412e7edd00b8174f9638cec5db4f 2010.0/i586/firefox-ku-3.6.17-0.1mdv2010.0.i586.rpm 44ad30a9e5c3b2bd10371fba4ed4d2b9 2010.0/i586/firefox-lt-3.6.17-0.1mdv2010.0.i586.rpm ed093c9f9630d13a227371a1f62495a1 2010.0/i586/firefox-lv-3.6.17-0.1mdv2010.0.i586.rpm 00712ffbbdbe194ed03bef8a891e4e57 2010.0/i586/firefox-mk-3.6.17-0.1mdv2010.0.i586.rpm 8c8a612931c31d49fc3f4ae351cd26e3 2010.0/i586/firefox-mr-3.6.17-0.1mdv2010.0.i586.rpm 91ad5facd01c4c4bd31790ca40a640ca 2010.0/i586/firefox-nb_NO-3.6.17-0.1mdv2010.0.i586.rpm b00a5e35e6ac55f895b8f6916f79bde7 2010.0/i586/firefox-nl-3.6.17-0.1mdv2010.0.i586.rpm 0ee6b29ecb2a12136b11c0608360a0a8 2010.0/i586/firefox-nn_NO-3.6.17-0.1mdv2010.0.i586.rpm e79fa37b9006461f4d0ba003b4da69b9 2010.0/i586/firefox-oc-3.6.17-0.1mdv2010.0.i586.rpm af2a2946979a450cf150eff6f2aeca15 2010.0/i586/firefox-pa_IN-3.6.17-0.1mdv2010.0.i586.rpm e2a5272606e7048adadee10f39fbe98f 2010.0/i586/firefox-pl-3.6.17-0.1mdv2010.0.i586.rpm 735f3400c0570124a70792715503ff69 2010.0/i586/firefox-pt_BR-3.6.17-0.1mdv2010.0.i586.rpm 56d8fe829854b44f4a9d7a3dad7f08e8 2010.0/i586/firefox-pt_PT-3.6.17-0.1mdv2010.0.i586.rpm db9d45c53a5ea7311dab8b6dd3136f5b 2010.0/i586/firefox-ro-3.6.17-0.1mdv2010.0.i586.rpm 16cd0acaf4cc9de46f7df27668f804c7 2010.0/i586/firefox-ru-3.6.17-0.1mdv2010.0.i586.rpm 9c79daeb7907e1050f55c77a78e68cc1 2010.0/i586/firefox-si-3.6.17-0.1mdv2010.0.i586.rpm b6d4b76f9ff21b0800839c049df430a6 2010.0/i586/firefox-sk-3.6.17-0.1mdv2010.0.i586.rpm 3826c8dea2da5b4114f440427b95e8b4 2010.0/i586/firefox-sl-3.6.17-0.1mdv2010.0.i586.rpm db491650aba41efba6874835f093f4db 2010.0/i586/firefox-sq-3.6.17-0.1mdv2010.0.i586.rpm d87fc741560c434ebf78d91df37d69c6 2010.0/i586/firefox-sr-3.6.17-0.1mdv2010.0.i586.rpm 4c2c8bf680e06a814ba26c9cf03f513c 2010.0/i586/firefox-sv_SE-3.6.17-0.1mdv2010.0.i586.rpm 2a2b280eb345b0c3f477916b9b739fe6 2010.0/i586/firefox-te-3.6.17-0.1mdv2010.0.i586.rpm 3d472d3c27158912b8aa5dfada66e6cd 2010.0/i586/firefox-th-3.6.17-0.1mdv2010.0.i586.rpm 593aabf00e5d3904c10a970adf428888 2010.0/i586/firefox-theme-kfirefox-0.16-7.18mdv2010.0.i586.rpm 59701c68cba8f4e64e7f522a3416b963 2010.0/i586/firefox-tr-3.6.17-0.1mdv2010.0.i586.rpm c8a8962b397b0bd4cf92b294d8f213ea 2010.0/i586/firefox-uk-3.6.17-0.1mdv2010.0.i586.rpm c802454f74a74d2fd062d356a10cd9fe 2010.0/i586/firefox-zh_CN-3.6.17-0.1mdv2010.0.i586.rpm 54ffb1d848372e37673ee5f0916d87a9 2010.0/i586/firefox-zh_TW-3.6.17-0.1mdv2010.0.i586.rpm e6bb0b44e75dc31a1398d8f1be3b9c05 2010.0/i586/gnome-python-extras-2.25.3-10.19mdv2010.0.i586.rpm cb3a68a90b06a8a3b1b7c4225e6a2434 2010.0/i586/gnome-python-gda-2.25.3-10.19mdv2010.0.i586.rpm 04800b57661c14843f9cb30a0bc492e8 2010.0/i586/gnome-python-gda-devel-2.25.3-10.19mdv2010.0.i586.rpm 6425c25026893e92066095be60cc4c68 2010.0/i586/gnome-python-gdl-2.25.3-10.19mdv2010.0.i586.rpm b399a0ddd65dd348f3d28bacd9c10969 2010.0/i586/gnome-python-gtkhtml2-2.25.3-10.19mdv2010.0.i586.rpm 316d34952b6a1ae3f6fc688684008621 2010.0/i586/gnome-python-gtkmozembed-2.25.3-10.19mdv2010.0.i586.rpm f291f9d540696b985058fed2bcb43f3b 2010.0/i586/gnome-python-gtkspell-2.25.3-10.19mdv2010.0.i586.rpm 03ad25d77e26d447e2eeb2172c983b70 2010.0/i586/google-gadgets-common-0.11.2-0.14mdv2010.0.i586.rpm 2668802eab633e4985ee7d5cae705998 2010.0/i586/google-gadgets-gtk-0.11.2-0.14mdv2010.0.i586.rpm 8934c0ddb3f6fadac35b13daf5d385b9 2010.0/i586/google-gadgets-qt-0.11.2-0.14mdv2010.0.i586.rpm cd109c50db0909b76bca45f7733b5d6e 2010.0/i586/lemon-3.7.4-0.1mdv2010.0.i586.rpm 591d040f58de2df829386de1f7e46afd 2010.0/i586/libggadget1.0_0-0.11.2-0.14mdv2010.0.i586.rpm 0ed830c0e017bf6daebe06e0a4fc130f 2010.0/i586/libggadget-dbus1.0_0-0.11.2-0.14mdv2010.0.i586.rpm eb51fb7f24b1af033488d8123dd63355 2010.0/i586/libggadget-gtk1.0_0-0.11.2-0.14mdv2010.0.i586.rpm e092bd005bf25082a3cd965658c44882 2010.0/i586/libggadget-js1.0_0-0.11.2-0.14mdv2010.0.i586.rpm b22e2ac3a4dc918fae6afb4c38f83be7 2010.0/i586/libggadget-npapi1.0_0-0.11.2-0.14mdv2010.0.i586.rpm e130ea57c3a32005f202924643467014 2010.0/i586/libggadget-qt1.0_0-0.11.2-0.14mdv2010.0.i586.rpm a28b0faef4a1c9f10126abf5e2e263a8 2010.0/i586/libggadget-webkitjs0-0.11.2-0.14mdv2010.0.i586.rpm 1954487379222ae6d2900f049d9c5d8e 2010.0/i586/libggadget-xdg1.0_0-0.11.2-0.14mdv2010.0.i586.rpm a142592d9ad77cbd49cdaaccbaf18ab2 2010.0/i586/libgoogle-gadgets-devel-0.11.2-0.14mdv2010.0.i586.rpm 7439c4f59d7c3e3c0c4053c8497c686d 2010.0/i586/libopensc2-0.11.9-1.19mdv2010.0.i586.rpm 000a04f5477c2191dd18aee1028658c0 2010.0/i586/libopensc-devel-0.11.9-1.19mdv2010.0.i586.rpm d108f2a27ec1602a8e3abfe85a6dd9c4 2010.0/i586/libsqlite3_0-3.7.6.2-0.1mdv2010.0.i586.rpm 25ec3dae2efdd5df8f02daf19aade1b6 2010.0/i586/libsqlite3-devel-3.7.6.2-0.1mdv2010.0.i586.rpm 98115a0368c0fff061a7c6b03ff970a6 2010.0/i586/libsqlite3-static-devel-3.7.6.2-0.1mdv2010.0.i586.rpm 306b910536bbcf02d9388bbac370cc14 2010.0/i586/libxulrunner1.9.2.17-1.9.2.17-0.1mdv2010.0.i586.rpm 3a0ab7f87d735b2788978ca7bbe21655 2010.0/i586/libxulrunner-devel-1.9.2.17-0.1mdv2010.0.i586.rpm 5d733fb6ef9990d58bc260520c2a952c 2010.0/i586/mozilla-plugin-opensc-0.11.9-1.19mdv2010.0.i586.rpm b5e5a4ff8c718c494776e9fcf387d846 2010.0/i586/mozilla-thunderbird-beagle-0.3.9-20.24mdv2010.0.i586.rpm d40e17498c9b2969d53b636f1512a981 2010.0/i586/opensc-0.11.9-1.19mdv2010.0.i586.rpm f59e41d761d46dd8ae5f0848c1268aba 2010.0/i586/sqlite3-tools-3.7.6.2-0.1mdv2010.0.i586.rpm dc8db442ddcdefb7aa85e8b7a2bd1bc1 2010.0/i586/xulrunner-1.9.2.17-0.1mdv2010.0.i586.rpm aa33ff3f1ad317179dfa58784edc5b84 2010.0/i586/yelp-2.28.0-1.21mdv2010.0.i586.rpm 872f3f5473c99556ba3676a2087618ac 2010.0/SRPMS/beagle-0.3.9-20.24mdv2010.0.src.rpm eb7c8b9b8b19f6cf7dab54a0128a7c3b 2010.0/SRPMS/firefox-3.6.17-0.1mdv2010.0.src.rpm b8a28536c5f5b90e1e56fcbccc0f7828 2010.0/SRPMS/firefox-ext-blogrovr-1.1.804-6.19mdv2010.0.src.rpm 0203c855fea4ad16b8bf3490c28a522a 2010.0/SRPMS/firefox-ext-mozvoikko-1.0-6.19mdv2010.0.src.rpm b01922e0aef070ea95b6fa98945fb685 2010.0/SRPMS/firefox-ext-plasmanotify-0.3.1-0.14mdv2010.0.src.rpm 16b3eb2d5945df96a9768051a3093b04 2010.0/SRPMS/firefox-ext-r-kiosk-0.7.2-9.19mdv2010.0.src.rpm 4e57990dc20e6089157a02b0dd7bad97 2010.0/SRPMS/firefox-ext-scribefire-3.5.1-0.13mdv2010.0.src.rpm 1e3f69cadbe70bffd1c7f7220f11792c 2010.0/SRPMS/firefox-l10n-3.6.17-0.1mdv2010.0.src.rpm 13d4fc5888b6dc2c2b7347de5ffe6282 2010.0/SRPMS/firefox-theme-kfirefox-0.16-7.18mdv2010.0.src.rpm 43f53231379e4b1ef09b31f24d329448 2010.0/SRPMS/gnome-python-extras-2.25.3-10.19mdv2010.0.src.rpm 15ead6d66f9b662b9a02a970717a5063 2010.0/SRPMS/google-gadgets-0.11.2-0.14mdv2010.0.src.rpm 24971ad45f4df34e024b071415dfe672 2010.0/SRPMS/lemon-3.7.4-0.1mdv2010.0.src.rpm 23959d528a982971b2f7e9016c3789b4 2010.0/SRPMS/opensc-0.11.9-1.19mdv2010.0.src.rpm 9de0929e70ecda34752e0ab536491e15 2010.0/SRPMS/sqlite3-3.7.6.2-0.1mdv2010.0.src.rpm 5983d5c4fe3694a9875e836334d73d98 2010.0/SRPMS/xulrunner-1.9.2.17-0.1mdv2010.0.src.rpm 4a673f357f57178cc398edbe72b749a9 2010.0/SRPMS/yelp-2.28.0-1.21mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 3858b66b72089446d943bcef027f17e1 2010.0/x86_64/beagle-0.3.9-20.24mdv2010.0.x86_64.rpm 2f64fc068b962ed27dffbd3166e3f13d 2010.0/x86_64/beagle-crawl-system-0.3.9-20.24mdv2010.0.x86_64.rpm a5d8e8855f04448778a942dc69e4e9ee 2010.0/x86_64/beagle-doc-0.3.9-20.24mdv2010.0.x86_64.rpm 60865274682f6fe2425b49bef9d7e125 2010.0/x86_64/beagle-evolution-0.3.9-20.24mdv2010.0.x86_64.rpm b19d9d4b3a1e4b49e70f02da179f8bcf 2010.0/x86_64/beagle-gui-0.3.9-20.24mdv2010.0.x86_64.rpm 53990e7b90d7feaa22a992ed3c69197f 2010.0/x86_64/beagle-gui-qt-0.3.9-20.24mdv2010.0.x86_64.rpm f0b3683737da726c0aed135fea2bf4ce 2010.0/x86_64/beagle-libs-0.3.9-20.24mdv2010.0.x86_64.rpm 093d44feb8368dd263d0877bcbde1555 2010.0/x86_64/firefox-3.6.17-0.1mdv2010.0.x86_64.rpm 7e3799f4a5ca1eceb6d1fd4eca83afd0 2010.0/x86_64/firefox-af-3.6.17-0.1mdv2010.0.x86_64.rpm f4b0c8b86490fdf9a9c25974a92689ca 2010.0/x86_64/firefox-ar-3.6.17-0.1mdv2010.0.x86_64.rpm 57ffe1be3cdd0af944259ed114231810 2010.0/x86_64/firefox-be-3.6.17-0.1mdv2010.0.x86_64.rpm 8aeadd5d3e3e47715d51ea3a82843128 2010.0/x86_64/firefox-bg-3.6.17-0.1mdv2010.0.x86_64.rpm ff79968fce36b922b8d98e0eb9b816c8 2010.0/x86_64/firefox-bn-3.6.17-0.1mdv2010.0.x86_64.rpm d09d62f420535517de8bf4541b3a8fec 2010.0/x86_64/firefox-ca-3.6.17-0.1mdv2010.0.x86_64.rpm af07bb511e838122ffc241b2209e580e 2010.0/x86_64/firefox-cs-3.6.17-0.1mdv2010.0.x86_64.rpm d2e567af634fb4000251ae2c28bfbd60 2010.0/x86_64/firefox-cy-3.6.17-0.1mdv2010.0.x86_64.rpm 0d86423290f5f10c717e7535e80a3617 2010.0/x86_64/firefox-da-3.6.17-0.1mdv2010.0.x86_64.rpm 6771eac9d9f1b5d3b93dea3fa1eddb43 2010.0/x86_64/firefox-de-3.6.17-0.1mdv2010.0.x86_64.rpm 149d869189abd70972ff431b3fa8c30d 2010.0/x86_64/firefox-devel-3.6.17-0.1mdv2010.0.x86_64.rpm 238759b4136c3b9265bbcb9e0be9bb5f 2010.0/x86_64/firefox-el-3.6.17-0.1mdv2010.0.x86_64.rpm 5b3990e5fd90c56b711a836669d201a3 2010.0/x86_64/firefox-en_GB-3.6.17-0.1mdv2010.0.x86_64.rpm b672e3ff071c07ab7f177c20328db06f 2010.0/x86_64/firefox-eo-3.6.17-0.1mdv2010.0.x86_64.rpm 4b9a27c7bdcb609968c82eaf20b5aee7 2010.0/x86_64/firefox-es_AR-3.6.17-0.1mdv2010.0.x86_64.rpm 9ac337f09f15f9b3a1322630167d4ac6 2010.0/x86_64/firefox-es_ES-3.6.17-0.1mdv2010.0.x86_64.rpm c880f83263f5fa4a1c52dcdaf2c5e861 2010.0/x86_64/firefox-et-3.6.17-0.1mdv2010.0.x86_64.rpm 1ddd1520b4f8b9218650aa613918a33c 2010.0/x86_64/firefox-eu-3.6.17-0.1mdv2010.0.x86_64.rpm 8214d724c4ae2a82b3698dc8d657fe10 2010.0/x86_64/firefox-ext-beagle-0.3.9-20.24mdv2010.0.x86_64.rpm fe0be0de58803f286786cd0e9c889ee6 2010.0/x86_64/firefox-ext-blogrovr-1.1.804-6.19mdv2010.0.x86_64.rpm 304a74743e71b80d8bd13ce2a394985d 2010.0/x86_64/firefox-ext-mozvoikko-1.0-6.19mdv2010.0.x86_64.rpm 9d4f9089e453c405327804fe295009a8 2010.0/x86_64/firefox-ext-plasmanotify-0.3.1-0.14mdv2010.0.x86_64.rpm b803bbf7342e3af31538727458c9f90e 2010.0/x86_64/firefox-ext-r-kiosk-0.7.2-9.19mdv2010.0.x86_64.rpm 9cf49c740dd4865a1564b33b7a41d585 2010.0/x86_64/firefox-ext-scribefire-3.5.1-0.13mdv2010.0.x86_64.rpm 24e754bed0908dc1f951803e707ce567 2010.0/x86_64/firefox-fi-3.6.17-0.1mdv2010.0.x86_64.rpm 79d473fe7d47dabac82fad423557513c 2010.0/x86_64/firefox-fr-3.6.17-0.1mdv2010.0.x86_64.rpm 902c5eac74afbdb862c1b2cfb0c21ef0 2010.0/x86_64/firefox-fy-3.6.17-0.1mdv2010.0.x86_64.rpm 5b064f04e0c27f27ae69a6e8e4cdbf7f 2010.0/x86_64/firefox-ga_IE-3.6.17-0.1mdv2010.0.x86_64.rpm fffe860a112c49980994d476b793eb53 2010.0/x86_64/firefox-gl-3.6.17-0.1mdv2010.0.x86_64.rpm a52c856435cb5c50b8ae2155928b5244 2010.0/x86_64/firefox-gu_IN-3.6.17-0.1mdv2010.0.x86_64.rpm 05ea1476c038511a2b4a46034c6ab290 2010.0/x86_64/firefox-he-3.6.17-0.1mdv2010.0.x86_64.rpm 9273f6a64382ba0dc683fa32e61f1bb2 2010.0/x86_64/firefox-hi-3.6.17-0.1mdv2010.0.x86_64.rpm 4ef3c6fccb7d7bf5b4c0f11abceaf0f5 2010.0/x86_64/firefox-hu-3.6.17-0.1mdv2010.0.x86_64.rpm 0346f17a58b3a444c02fd35fba01458a 2010.0/x86_64/firefox-id-3.6.17-0.1mdv2010.0.x86_64.rpm 2318d466a80d30bf6f2e985647010faa 2010.0/x86_64/firefox-is-3.6.17-0.1mdv2010.0.x86_64.rpm 9a6d1f0e13346155bd81fc3340f89890 2010.0/x86_64/firefox-it-3.6.17-0.1mdv2010.0.x86_64.rpm 63cebbb431c2915c86c4d5c22c5f154a 2010.0/x86_64/firefox-ja-3.6.17-0.1mdv2010.0.x86_64.rpm c384ffcffcd6e3ad4536183ccf5bcd9f 2010.0/x86_64/firefox-ka-3.6.17-0.1mdv2010.0.x86_64.rpm b6ee1fefececab34c485fff2bb2e0340 2010.0/x86_64/firefox-kn-3.6.17-0.1mdv2010.0.x86_64.rpm b0ae37fdeff27404b04b97e4f25b3286 2010.0/x86_64/firefox-ko-3.6.17-0.1mdv2010.0.x86_64.rpm 18bd8f78a8172bbca00432df5d8ab6a2 2010.0/x86_64/firefox-ku-3.6.17-0.1mdv2010.0.x86_64.rpm 06432e71e5f7721c08dc958d3da8db23 2010.0/x86_64/firefox-lt-3.6.17-0.1mdv2010.0.x86_64.rpm 73d6ca4e1e5b5ccb8b2699f985eb46e4 2010.0/x86_64/firefox-lv-3.6.17-0.1mdv2010.0.x86_64.rpm 4d367666ed89679260e7d8c2f747c1cf 2010.0/x86_64/firefox-mk-3.6.17-0.1mdv2010.0.x86_64.rpm ee7c636c3f90c90448117eac31aa87d3 2010.0/x86_64/firefox-mr-3.6.17-0.1mdv2010.0.x86_64.rpm c23330441a1939016356bc7366a683e5 2010.0/x86_64/firefox-nb_NO-3.6.17-0.1mdv2010.0.x86_64.rpm ce40b26758f7aa07d0a778a8c8c9a869 2010.0/x86_64/firefox-nl-3.6.17-0.1mdv2010.0.x86_64.rpm 0951798322644efd44f6c2aff2ca282a 2010.0/x86_64/firefox-nn_NO-3.6.17-0.1mdv2010.0.x86_64.rpm 4e5d2f92e75e0d89ea4360d8fff8046c 2010.0/x86_64/firefox-oc-3.6.17-0.1mdv2010.0.x86_64.rpm 8f4ac7bf6a4d8a013f356ed84c52a5e9 2010.0/x86_64/firefox-pa_IN-3.6.17-0.1mdv2010.0.x86_64.rpm 3a731045099cd9ed850f9a321c0c84e3 2010.0/x86_64/firefox-pl-3.6.17-0.1mdv2010.0.x86_64.rpm 8a53363afc83d26a624f443105237a7e 2010.0/x86_64/firefox-pt_BR-3.6.17-0.1mdv2010.0.x86_64.rpm f59973b7a3072bef189f9a3767cb24ab 2010.0/x86_64/firefox-pt_PT-3.6.17-0.1mdv2010.0.x86_64.rpm 5501412ba991954e58e917fc526ddf60 2010.0/x86_64/firefox-ro-3.6.17-0.1mdv2010.0.x86_64.rpm acb0a6140acb5a4535d837963397a236 2010.0/x86_64/firefox-ru-3.6.17-0.1mdv2010.0.x86_64.rpm dc7d2a7df0902ab3dc633fb74eb9adbd 2010.0/x86_64/firefox-si-3.6.17-0.1mdv2010.0.x86_64.rpm 5067af9af1aabd868b536f310d031900 2010.0/x86_64/firefox-sk-3.6.17-0.1mdv2010.0.x86_64.rpm 0907f9829d35681cf8a6791cef140e54 2010.0/x86_64/firefox-sl-3.6.17-0.1mdv2010.0.x86_64.rpm 57187489089f47923ce21c9ecb51ec4e 2010.0/x86_64/firefox-sq-3.6.17-0.1mdv2010.0.x86_64.rpm 4d70e7d9ebf0bfe9b10a2747c102da70 2010.0/x86_64/firefox-sr-3.6.17-0.1mdv2010.0.x86_64.rpm 6acf58ff03814bb7fd18d8615715a7c1 2010.0/x86_64/firefox-sv_SE-3.6.17-0.1mdv2010.0.x86_64.rpm 267943c59c737740d5bc9755d942d218 2010.0/x86_64/firefox-te-3.6.17-0.1mdv2010.0.x86_64.rpm 6cce1edffc8c33b54a918ce261ed018e 2010.0/x86_64/firefox-th-3.6.17-0.1mdv2010.0.x86_64.rpm e055a883cdd6ca3c32c2cc730bfff8a7 2010.0/x86_64/firefox-theme-kfirefox-0.16-7.18mdv2010.0.x86_64.rpm 8ae0f6456b5cc9df16a92b2fc0bc2b0c 2010.0/x86_64/firefox-tr-3.6.17-0.1mdv2010.0.x86_64.rpm cfa6c76ff6518cf642c052bdc551a18a 2010.0/x86_64/firefox-uk-3.6.17-0.1mdv2010.0.x86_64.rpm 55017d39c0a0087d3bac20ec4ba4eb85 2010.0/x86_64/firefox-zh_CN-3.6.17-0.1mdv2010.0.x86_64.rpm 63dc4f884a0f1297e23fa5dc5e7c3cf5 2010.0/x86_64/firefox-zh_TW-3.6.17-0.1mdv2010.0.x86_64.rpm ee0c18920080702d3595cb7adae275f4 2010.0/x86_64/gnome-python-extras-2.25.3-10.19mdv2010.0.x86_64.rpm 5919c717c5a7f305c57d7c8df48b11a9 2010.0/x86_64/gnome-python-gda-2.25.3-10.19mdv2010.0.x86_64.rpm 562bd44a9be0630f52ce76aad2cefe0a 2010.0/x86_64/gnome-python-gda-devel-2.25.3-10.19mdv2010.0.x86_64.rpm 8cb0d40770f948e918f8c82942fcc761 2010.0/x86_64/gnome-python-gdl-2.25.3-10.19mdv2010.0.x86_64.rpm 4c2f19fef0720a1b23a23b96230df928 2010.0/x86_64/gnome-python-gtkhtml2-2.25.3-10.19mdv2010.0.x86_64.rpm 5e159bd5b05ac4765cac691315ebb389 2010.0/x86_64/gnome-python-gtkmozembed-2.25.3-10.19mdv2010.0.x86_64.rpm 887bebf0c67dd6ee749c05044c5b8ebb 2010.0/x86_64/gnome-python-gtkspell-2.25.3-10.19mdv2010.0.x86_64.rpm 3a1e5f6ee829cc818f287a7efd4d529d 2010.0/x86_64/google-gadgets-common-0.11.2-0.14mdv2010.0.x86_64.rpm a524c9ce952ce767b01b626e3cb816d2 2010.0/x86_64/google-gadgets-gtk-0.11.2-0.14mdv2010.0.x86_64.rpm 46b9c5ddc279d9f1fdf9b743ed651416 2010.0/x86_64/google-gadgets-qt-0.11.2-0.14mdv2010.0.x86_64.rpm bae5a5dd90cd5313f77c2a7ae009069e 2010.0/x86_64/lemon-3.7.4-0.1mdv2010.0.x86_64.rpm fc2b8cfae8a71b058d75c1474f44d1fc 2010.0/x86_64/lib64ggadget1.0_0-0.11.2-0.14mdv2010.0.x86_64.rpm 72a1707675b38a97f6dd8b1e3af79077 2010.0/x86_64/lib64ggadget-dbus1.0_0-0.11.2-0.14mdv2010.0.x86_64.rpm 286b4299556830c2bb109c507e226c15 2010.0/x86_64/lib64ggadget-gtk1.0_0-0.11.2-0.14mdv2010.0.x86_64.rpm 5941285845cdaf816e947e1075cb5262 2010.0/x86_64/lib64ggadget-js1.0_0-0.11.2-0.14mdv2010.0.x86_64.rpm 0cf1545c0ee9e59d85b417653e4fe73b 2010.0/x86_64/lib64ggadget-npapi1.0_0-0.11.2-0.14mdv2010.0.x86_64.rpm 25d8d06e4057f91f3ec5f7aeeeaa88fb 2010.0/x86_64/lib64ggadget-qt1.0_0-0.11.2-0.14mdv2010.0.x86_64.rpm 8372ebd0bb8b13ef269c5e6262683fa5 2010.0/x86_64/lib64ggadget-webkitjs0-0.11.2-0.14mdv2010.0.x86_64.rpm 6b7548e88e5d630c380c8948dd3badf5 2010.0/x86_64/lib64ggadget-xdg1.0_0-0.11.2-0.14mdv2010.0.x86_64.rpm b77e42d31574efb78e25701c50f55ea6 2010.0/x86_64/lib64google-gadgets-devel-0.11.2-0.14mdv2010.0.x86_64.rpm d9d6b24145b1d34e0438b46bb30c37da 2010.0/x86_64/lib64opensc2-0.11.9-1.19mdv2010.0.x86_64.rpm e93eece7e774e29e7890e1d1487d3e1f 2010.0/x86_64/lib64opensc-devel-0.11.9-1.19mdv2010.0.x86_64.rpm a87a4cbec8ff5a04b86817e186139b78 2010.0/x86_64/lib64sqlite3_0-3.7.6.2-0.1mdv2010.0.x86_64.rpm a6df85f41686791ba19d706ea85ef4ce 2010.0/x86_64/lib64sqlite3-devel-3.7.6.2-0.1mdv2010.0.x86_64.rpm 40de3fdcbc3fb1324e0b3240227c447f 2010.0/x86_64/lib64sqlite3-static-devel-3.7.6.2-0.1mdv2010.0.x86_64.rpm 0113d0dc5addcc762b452a01f249c4dc 2010.0/x86_64/lib64xulrunner1.9.2.17-1.9.2.17-0.1mdv2010.0.x86_64.rpm 92b6e05534a1c3eceaca1cdb79112d99 2010.0/x86_64/lib64xulrunner-devel-1.9.2.17-0.1mdv2010.0.x86_64.rpm 9823b87815015254cb08ef4948509249 2010.0/x86_64/mozilla-plugin-opensc-0.11.9-1.19mdv2010.0.x86_64.rpm a95dcd7863f187f9926cc202e14ef578 2010.0/x86_64/mozilla-thunderbird-beagle-0.3.9-20.24mdv2010.0.x86_64.rpm f93d3ed66cde233df336291a66460ecc 2010.0/x86_64/opensc-0.11.9-1.19mdv2010.0.x86_64.rpm e920dc086da22a991f91a53665fedef8 2010.0/x86_64/sqlite3-tools-3.7.6.2-0.1mdv2010.0.x86_64.rpm 1c6c0d52e529171edb60a638c43b8809 2010.0/x86_64/xulrunner-1.9.2.17-0.1mdv2010.0.x86_64.rpm ae9a9a91c9e9ce6f70c29f2aad7fc8f1 2010.0/x86_64/yelp-2.28.0-1.21mdv2010.0.x86_64.rpm 872f3f5473c99556ba3676a2087618ac 2010.0/SRPMS/beagle-0.3.9-20.24mdv2010.0.src.rpm eb7c8b9b8b19f6cf7dab54a0128a7c3b 2010.0/SRPMS/firefox-3.6.17-0.1mdv2010.0.src.rpm b8a28536c5f5b90e1e56fcbccc0f7828 2010.0/SRPMS/firefox-ext-blogrovr-1.1.804-6.19mdv2010.0.src.rpm 0203c855fea4ad16b8bf3490c28a522a 2010.0/SRPMS/firefox-ext-mozvoikko-1.0-6.19mdv2010.0.src.rpm b01922e0aef070ea95b6fa98945fb685 2010.0/SRPMS/firefox-ext-plasmanotify-0.3.1-0.14mdv2010.0.src.rpm 16b3eb2d5945df96a9768051a3093b04 2010.0/SRPMS/firefox-ext-r-kiosk-0.7.2-9.19mdv2010.0.src.rpm 4e57990dc20e6089157a02b0dd7bad97 2010.0/SRPMS/firefox-ext-scribefire-3.5.1-0.13mdv2010.0.src.rpm 1e3f69cadbe70bffd1c7f7220f11792c 2010.0/SRPMS/firefox-l10n-3.6.17-0.1mdv2010.0.src.rpm 13d4fc5888b6dc2c2b7347de5ffe6282 2010.0/SRPMS/firefox-theme-kfirefox-0.16-7.18mdv2010.0.src.rpm 43f53231379e4b1ef09b31f24d329448 2010.0/SRPMS/gnome-python-extras-2.25.3-10.19mdv2010.0.src.rpm 15ead6d66f9b662b9a02a970717a5063 2010.0/SRPMS/google-gadgets-0.11.2-0.14mdv2010.0.src.rpm 24971ad45f4df34e024b071415dfe672 2010.0/SRPMS/lemon-3.7.4-0.1mdv2010.0.src.rpm 23959d528a982971b2f7e9016c3789b4 2010.0/SRPMS/opensc-0.11.9-1.19mdv2010.0.src.rpm 9de0929e70ecda34752e0ab536491e15 2010.0/SRPMS/sqlite3-3.7.6.2-0.1mdv2010.0.src.rpm 5983d5c4fe3694a9875e836334d73d98 2010.0/SRPMS/xulrunner-1.9.2.17-0.1mdv2010.0.src.rpm 4a673f357f57178cc398edbe72b749a9 2010.0/SRPMS/yelp-2.28.0-1.21mdv2010.0.src.rpm Mandriva Linux 2010.1: b8d77a5d048b82e38083d71ec55acf5b 2010.1/i586/beagle-0.3.9-40.14mdv2010.2.i586.rpm e3d539ad1fb243f6ddcf842a743d49cf 2010.1/i586/beagle-crawl-system-0.3.9-40.14mdv2010.2.i586.rpm d9e4d663700c0f54e19702cf2c53bde5 2010.1/i586/beagle-doc-0.3.9-40.14mdv2010.2.i586.rpm 72f328f300a35d37ed72ca7271049562 2010.1/i586/beagle-evolution-0.3.9-40.14mdv2010.2.i586.rpm 414eed08be2161f5c548f733cdbb29e1 2010.1/i586/beagle-gui-0.3.9-40.14mdv2010.2.i586.rpm e19385deaa5fb16118db1957762d6c23 2010.1/i586/beagle-gui-qt-0.3.9-40.14mdv2010.2.i586.rpm badd30997d1be55d54f9f84ed95c1cad 2010.1/i586/beagle-libs-0.3.9-40.14mdv2010.2.i586.rpm e3b3ae5312158ba23cf391bfdad5f414 2010.1/i586/firefox-3.6.17-0.1mdv2010.2.i586.rpm f92af2f4925734bb1d646486c763f61f 2010.1/i586/firefox-af-3.6.17-0.1mdv2010.2.i586.rpm 1bca461e767ede98a0a75027a7c90dd2 2010.1/i586/firefox-ar-3.6.17-0.1mdv2010.2.i586.rpm bd2e765f5f089c9737a3931dbe725449 2010.1/i586/firefox-be-3.6.17-0.1mdv2010.2.i586.rpm d626a973b6602a5333a6c6daf0fc408c 2010.1/i586/firefox-bg-3.6.17-0.1mdv2010.2.i586.rpm e97feb110482d0875e12e88dc15f307b 2010.1/i586/firefox-bn-3.6.17-0.1mdv2010.2.i586.rpm 71001a353742c8147820cdf9ac5b6800 2010.1/i586/firefox-ca-3.6.17-0.1mdv2010.2.i586.rpm 21627432dd2f58253114486374d61d59 2010.1/i586/firefox-cs-3.6.17-0.1mdv2010.2.i586.rpm 3c99e580e4d0b46870c2e14442b677da 2010.1/i586/firefox-cy-3.6.17-0.1mdv2010.2.i586.rpm 3f86c960410b6c2a5e7f1df15c044aba 2010.1/i586/firefox-da-3.6.17-0.1mdv2010.2.i586.rpm 1fedae2cb5b853bc05d59aaefa6c4e80 2010.1/i586/firefox-de-3.6.17-0.1mdv2010.2.i586.rpm 1b2125c2d7f7a3d1d7911624d57f3066 2010.1/i586/firefox-devel-3.6.17-0.1mdv2010.2.i586.rpm cc8ac2c81fbd8837c669186037aee17a 2010.1/i586/firefox-el-3.6.17-0.1mdv2010.2.i586.rpm 5998d4b9a23ba66596cd63337914102d 2010.1/i586/firefox-en_GB-3.6.17-0.1mdv2010.2.i586.rpm e1e28915674887756aab59c8162010b6 2010.1/i586/firefox-eo-3.6.17-0.1mdv2010.2.i586.rpm a4f356bf8f7658e57e92b37e132dfa2f 2010.1/i586/firefox-es_AR-3.6.17-0.1mdv2010.2.i586.rpm 2813ea1d4c713de227a59b2cd29524f5 2010.1/i586/firefox-es_ES-3.6.17-0.1mdv2010.2.i586.rpm afd3b8604a600cec91b0a4b7895c1f1c 2010.1/i586/firefox-et-3.6.17-0.1mdv2010.2.i586.rpm 00b5358da1d1a00658ebf357047e65ac 2010.1/i586/firefox-eu-3.6.17-0.1mdv2010.2.i586.rpm 567807249360485d9a322456e2e336e3 2010.1/i586/firefox-ext-beagle-0.3.9-40.14mdv2010.2.i586.rpm 1de6adc44baf182a7671f0eeb5eda1a9 2010.1/i586/firefox-ext-blogrovr-1.1.804-13.11mdv2010.2.i586.rpm 0ebcd27f5621c1d9158c142e043ebc3d 2010.1/i586/firefox-ext-mozvoikko-1.0.1-2.11mdv2010.2.i586.rpm 768c0d55de91eea79bd0d40fbaecb1fc 2010.1/i586/firefox-ext-r-kiosk-0.8.1-2.11mdv2010.2.i586.rpm e5d9d4d59a39804c168c94b0d90cec4d 2010.1/i586/firefox-ext-scribefire-3.5.2-2.11mdv2010.2.i586.rpm 4c1d4945db1eba350d96a3590165b376 2010.1/i586/firefox-ext-weave-sync-1.1-5.11mdv2010.2.i586.rpm adb3d90cdf0b58b5f25c51eca963033e 2010.1/i586/firefox-ext-xmarks-3.6.14-2.11mdv2010.2.i586.rpm 0646724c19d31f3a1b6335671b9fb05a 2010.1/i586/firefox-fi-3.6.17-0.1mdv2010.2.i586.rpm 4f604a22b3cd3f3bf60417b02285fc1b 2010.1/i586/firefox-fr-3.6.17-0.1mdv2010.2.i586.rpm a3b1a56c2bbde166e78a9ec485fbcf1f 2010.1/i586/firefox-fy-3.6.17-0.1mdv2010.2.i586.rpm 22ee1bf09632b4d95bfb91a704dfd601 2010.1/i586/firefox-ga_IE-3.6.17-0.1mdv2010.2.i586.rpm 3dd543adec09ff4b13d26eb47f1fb20f 2010.1/i586/firefox-gl-3.6.17-0.1mdv2010.2.i586.rpm cef28501b0781bed9d585632fba33e3e 2010.1/i586/firefox-gu_IN-3.6.17-0.1mdv2010.2.i586.rpm f4ab5aaca98491c489fed8d3a2235f2a 2010.1/i586/firefox-he-3.6.17-0.1mdv2010.2.i586.rpm e3c5485fd9db1ad9add1335457fb6c1e 2010.1/i586/firefox-hi-3.6.17-0.1mdv2010.2.i586.rpm c96b6c27fda6a085f746e37061b9b4a5 2010.1/i586/firefox-hu-3.6.17-0.1mdv2010.2.i586.rpm 1f3f0fe5cbfb262b8ec3b984ef85e70f 2010.1/i586/firefox-id-3.6.17-0.1mdv2010.2.i586.rpm 3dba18e4535dbaf221b0e7a1afe8fa33 2010.1/i586/firefox-is-3.6.17-0.1mdv2010.2.i586.rpm 1dbef08d68ebd0abfd9ee6b28c2de9c6 2010.1/i586/firefox-it-3.6.17-0.1mdv2010.2.i586.rpm 031319b736ca3835b1c76e0fb6b96138 2010.1/i586/firefox-ja-3.6.17-0.1mdv2010.2.i586.rpm c87c40a558b0790324235aa8f53e4c4c 2010.1/i586/firefox-ka-3.6.17-0.1mdv2010.2.i586.rpm 6cfad1e915715810a1a369177b2f5d61 2010.1/i586/firefox-kn-3.6.17-0.1mdv2010.2.i586.rpm 143d89c96b3ba277372b282ddc0dc8a5 2010.1/i586/firefox-ko-3.6.17-0.1mdv2010.2.i586.rpm 4875194da66fc7a25de2a3fea4a79e3c 2010.1/i586/firefox-ku-3.6.17-0.1mdv2010.2.i586.rpm 8e725f3963a96823755dd3867bf28602 2010.1/i586/firefox-lt-3.6.17-0.1mdv2010.2.i586.rpm 66b313862cb22ce6ca3c6968ee26921e 2010.1/i586/firefox-lv-3.6.17-0.1mdv2010.2.i586.rpm 12ee2c6feaa8cf8376fd8fca9f1bb722 2010.1/i586/firefox-mk-3.6.17-0.1mdv2010.2.i586.rpm c170010bfd5482745e1174c003c9d0a8 2010.1/i586/firefox-mr-3.6.17-0.1mdv2010.2.i586.rpm e0bb402c10e5c6b35dc76899edaa6a43 2010.1/i586/firefox-nb_NO-3.6.17-0.1mdv2010.2.i586.rpm 590f7c9ec9227931b504c40e3cfe4c98 2010.1/i586/firefox-nl-3.6.17-0.1mdv2010.2.i586.rpm a1f62132e8eff956ca229b175547bc8a 2010.1/i586/firefox-nn_NO-3.6.17-0.1mdv2010.2.i586.rpm 5d991dbc83349fbb8bb2499d6fe8a095 2010.1/i586/firefox-oc-3.6.17-0.1mdv2010.2.i586.rpm 759972b97f09651b51ba92309f31e2de 2010.1/i586/firefox-pa_IN-3.6.17-0.1mdv2010.2.i586.rpm 6e6b7219d1ecd591e41caa4123f63b76 2010.1/i586/firefox-pl-3.6.17-0.1mdv2010.2.i586.rpm bb83d279fae5a52f76ed0ae3d4a7db5a 2010.1/i586/firefox-pt_BR-3.6.17-0.1mdv2010.2.i586.rpm 187b4443ca26b0e68129ac504e6c5235 2010.1/i586/firefox-pt_PT-3.6.17-0.1mdv2010.2.i586.rpm d22c10d077178fff996622dfde792eae 2010.1/i586/firefox-ro-3.6.17-0.1mdv2010.2.i586.rpm aa705c1d5618f6f6e71326d2a32dd255 2010.1/i586/firefox-ru-3.6.17-0.1mdv2010.2.i586.rpm 5e125511f9e105f55cbd96f317ba803f 2010.1/i586/firefox-si-3.6.17-0.1mdv2010.2.i586.rpm 976971a940193cb0bf70f97b717498a8 2010.1/i586/firefox-sk-3.6.17-0.1mdv2010.2.i586.rpm 1cddfc6bef317349b436a912b003a7f5 2010.1/i586/firefox-sl-3.6.17-0.1mdv2010.2.i586.rpm 879b1deb0aaffaecd078ae7ba7618710 2010.1/i586/firefox-sq-3.6.17-0.1mdv2010.2.i586.rpm 7e6b068856ac8500bcd6aaa9c01e5e14 2010.1/i586/firefox-sr-3.6.17-0.1mdv2010.2.i586.rpm 05ca1b47948e9c5c86c7b17f94d3b2a1 2010.1/i586/firefox-sv_SE-3.6.17-0.1mdv2010.2.i586.rpm 6668f6102d4e613b1ffea6edc6f494e1 2010.1/i586/firefox-te-3.6.17-0.1mdv2010.2.i586.rpm 3931eb722acd12b3b1e8552001260e13 2010.1/i586/firefox-th-3.6.17-0.1mdv2010.2.i586.rpm fe40bc33f98e01c7e6f7245903d248ba 2010.1/i586/firefox-tr-3.6.17-0.1mdv2010.2.i586.rpm 06afc549b7a34202e01401ee90a57f51 2010.1/i586/firefox-uk-3.6.17-0.1mdv2010.2.i586.rpm daf5388854c9c080691f8ad6f2f4c571 2010.1/i586/firefox-zh_CN-3.6.17-0.1mdv2010.2.i586.rpm 2e5dac4baae18fdebeb079b87f0e2764 2010.1/i586/firefox-zh_TW-3.6.17-0.1mdv2010.2.i586.rpm c8ec76b45dd053157d27f447c5f68b38 2010.1/i586/gjs-0.6-4.11mdv2010.2.i586.rpm a6d96cbc1797a5ef4f3adc12890d041a 2010.1/i586/gnome-python-extras-2.25.3-18.11mdv2010.2.i586.rpm 864766bd22a9198507f8815e63164b64 2010.1/i586/gnome-python-gda-2.25.3-18.11mdv2010.2.i586.rpm d17affd30ae42d69c2cdedf964689a22 2010.1/i586/gnome-python-gda-devel-2.25.3-18.11mdv2010.2.i586.rpm be6778f5af28259cdb5863b8f8072c94 2010.1/i586/gnome-python-gdl-2.25.3-18.11mdv2010.2.i586.rpm 4ec3f5f41ab9795f615c4e703b42a0b0 2010.1/i586/gnome-python-gtkhtml2-2.25.3-18.11mdv2010.2.i586.rpm fcd4adc34b35af74db4fbc356f1cd968 2010.1/i586/gnome-python-gtkmozembed-2.25.3-18.11mdv2010.2.i586.rpm 9b48fdb112d3e76c72b98ed90b7b0ea5 2010.1/i586/gnome-python-gtkspell-2.25.3-18.11mdv2010.2.i586.rpm 8e546c115f1f1324554283e50e5c0717 2010.1/i586/lemon-3.7.4-0.1mdv2010.2.i586.rpm ef932e3117540da38e4ccc10cfa496ca 2010.1/i586/libgjs0-0.6-4.11mdv2010.2.i586.rpm 39fac8356ae39f2385561dc05df7c9bc 2010.1/i586/libgjs-devel-0.6-4.11mdv2010.2.i586.rpm 2135e4941c28926152d58b059fef2844 2010.1/i586/libsqlite3_0-3.7.6.2-0.1mdv2010.2.i586.rpm 47078c5879b0b16b3b9e1395401e7fcb 2010.1/i586/libsqlite3-devel-3.7.6.2-0.1mdv2010.2.i586.rpm 3972e1f7e649f3a7c851abcd50d713d2 2010.1/i586/libsqlite3-static-devel-3.7.6.2-0.1mdv2010.2.i586.rpm 2c4c36f08cfbd36d28682810a861ce43 2010.1/i586/libxulrunner1.9.2.17-1.9.2.17-0.1mdv2010.2.i586.rpm b13d7970d7a5ba930a8c514ba220701d 2010.1/i586/libxulrunner-devel-1.9.2.17-0.1mdv2010.2.i586.rpm 47acad2f47c9ba18d718f3abd69e93c2 2010.1/i586/mozilla-thunderbird-beagle-0.3.9-40.14mdv2010.2.i586.rpm c759ba0d2acb577d927a140904e55d1d 2010.1/i586/sqlite3-tools-3.7.6.2-0.1mdv2010.2.i586.rpm 06478b05f0815d4c27f510cbeb41931b 2010.1/i586/xulrunner-1.9.2.17-0.1mdv2010.2.i586.rpm 264d3c3677e06ad021b1cd3d877b3542 2010.1/i586/yelp-2.30.1-4.11mdv2010.2.i586.rpm f03639972840639a315ace5577a3f7d7 2010.1/SRPMS/beagle-0.3.9-40.14mdv2010.2.src.rpm 1b407792bc53910f470fef2aa107c4db 2010.1/SRPMS/firefox-3.6.17-0.1mdv2010.2.src.rpm cffc7531253d821db2a606e56993d5e1 2010.1/SRPMS/firefox-ext-blogrovr-1.1.804-13.11mdv2010.2.src.rpm 84480ce74b027244dc64794cbae17d07 2010.1/SRPMS/firefox-ext-mozvoikko-1.0.1-2.11mdv2010.2.src.rpm ec8e51d467efb46c6fad4d9a5e64af51 2010.1/SRPMS/firefox-ext-r-kiosk-0.8.1-2.11mdv2010.2.src.rpm 9626186349beb04c41ac48c21bf268b1 2010.1/SRPMS/firefox-ext-scribefire-3.5.2-2.11mdv2010.2.src.rpm e65da7beca8fa7edffd5a70da28161ec 2010.1/SRPMS/firefox-ext-weave-sync-1.1-5.11mdv2010.2.src.rpm c4ce7eec413e557445f66f2b167899a7 2010.1/SRPMS/firefox-ext-xmarks-3.6.14-2.11mdv2010.2.src.rpm 55bd4776f283283a5c8ab1906658b9c9 2010.1/SRPMS/firefox-l10n-3.6.17-0.1mdv2010.2.src.rpm e0bcbb8764bd02ec459e7252aec2d042 2010.1/SRPMS/gjs-0.6-4.11mdv2010.2.src.rpm 66f6688cea914918243d9afeefc443b2 2010.1/SRPMS/gnome-python-extras-2.25.3-18.11mdv2010.2.src.rpm f8304df757bbcc2d16d3198e3fda3d23 2010.1/SRPMS/lemon-3.7.4-0.1mdv2010.2.src.rpm 8b4cc9318b6004ece98b4d1057cea92d 2010.1/SRPMS/sqlite3-3.7.6.2-0.1mdv2010.2.src.rpm 6a7d4ed599fbf868d4a02a9e8d2933c8 2010.1/SRPMS/xulrunner-1.9.2.17-0.1mdv2010.2.src.rpm 8f9d8865473f416ec554aa017d0dccb1 2010.1/SRPMS/yelp-2.30.1-4.11mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 53032f4cd5d44f7b37aeb5cc171e0d1a 2010.1/x86_64/beagle-0.3.9-40.14mdv2010.2.x86_64.rpm de51591c9764ec279edf913edf302217 2010.1/x86_64/beagle-crawl-system-0.3.9-40.14mdv2010.2.x86_64.rpm bf4657dfed2ce3e1578f44930843fafc 2010.1/x86_64/beagle-doc-0.3.9-40.14mdv2010.2.x86_64.rpm a8dadcc375eb256aafeb35fe4526b5ce 2010.1/x86_64/beagle-evolution-0.3.9-40.14mdv2010.2.x86_64.rpm 85b3826eeb31a9aa076d812e0b033fe2 2010.1/x86_64/beagle-gui-0.3.9-40.14mdv2010.2.x86_64.rpm 9bf2efc37288ab863deae5a824dbe50a 2010.1/x86_64/beagle-gui-qt-0.3.9-40.14mdv2010.2.x86_64.rpm 494b0ceba524ee3d54e718173a134c2a 2010.1/x86_64/beagle-libs-0.3.9-40.14mdv2010.2.x86_64.rpm e46b7ca18a34233df87a9d936ad4bb84 2010.1/x86_64/firefox-3.6.17-0.1mdv2010.2.x86_64.rpm 22a39de7d1d7bdada1e59a88b0aa15b7 2010.1/x86_64/firefox-af-3.6.17-0.1mdv2010.2.x86_64.rpm 82fbe86619de87a67c82aa637d66eff9 2010.1/x86_64/firefox-ar-3.6.17-0.1mdv2010.2.x86_64.rpm 667ff12e314e1077d53f857239efcc0e 2010.1/x86_64/firefox-be-3.6.17-0.1mdv2010.2.x86_64.rpm fc89c99c3848b35835a52f7cc0b32472 2010.1/x86_64/firefox-bg-3.6.17-0.1mdv2010.2.x86_64.rpm e0c03dd7a31141fabbad70ad068d5d34 2010.1/x86_64/firefox-bn-3.6.17-0.1mdv2010.2.x86_64.rpm 93a8115d530b7fc9174e1a75c314dfdf 2010.1/x86_64/firefox-ca-3.6.17-0.1mdv2010.2.x86_64.rpm 9388cb5df3bc5d5411d48bc1914edbbc 2010.1/x86_64/firefox-cs-3.6.17-0.1mdv2010.2.x86_64.rpm eafa8fd9f5275d3d5e379341d8ce0c68 2010.1/x86_64/firefox-cy-3.6.17-0.1mdv2010.2.x86_64.rpm b996034e9f08a25be24f1a89277585cd 2010.1/x86_64/firefox-da-3.6.17-0.1mdv2010.2.x86_64.rpm 028096333315b17aae3e5f0dc962e24a 2010.1/x86_64/firefox-de-3.6.17-0.1mdv2010.2.x86_64.rpm d7baf446d20b9786cc28c44d5d0202b5 2010.1/x86_64/firefox-devel-3.6.17-0.1mdv2010.2.x86_64.rpm 3b852a87c33cd0e75d103e097e7d320a 2010.1/x86_64/firefox-el-3.6.17-0.1mdv2010.2.x86_64.rpm 1a19015cab0401d728fe04814c3835a5 2010.1/x86_64/firefox-en_GB-3.6.17-0.1mdv2010.2.x86_64.rpm 26de6d4b2135970f0020b67981dac233 2010.1/x86_64/firefox-eo-3.6.17-0.1mdv2010.2.x86_64.rpm df2fc9e8d2db93ae0812401cb19b231d 2010.1/x86_64/firefox-es_AR-3.6.17-0.1mdv2010.2.x86_64.rpm 8a3b33018ff6f84a9c014df086c5963d 2010.1/x86_64/firefox-es_ES-3.6.17-0.1mdv2010.2.x86_64.rpm b070fca7be42864ee1f7406fc89ac3e2 2010.1/x86_64/firefox-et-3.6.17-0.1mdv2010.2.x86_64.rpm fad4b35f38578d2c72bf750779908db3 2010.1/x86_64/firefox-eu-3.6.17-0.1mdv2010.2.x86_64.rpm c98e6a802a3fdc802558fda32e38fbf4 2010.1/x86_64/firefox-ext-beagle-0.3.9-40.14mdv2010.2.x86_64.rpm 83ad811c61d33c3f1d3efff51f650e49 2010.1/x86_64/firefox-ext-blogrovr-1.1.804-13.11mdv2010.2.x86_64.rpm dd27de519ed45b4911a5854c2aebba01 2010.1/x86_64/firefox-ext-mozvoikko-1.0.1-2.11mdv2010.2.x86_64.rpm d8f0a5553ecae1ea98badfeafd5bb495 2010.1/x86_64/firefox-ext-r-kiosk-0.8.1-2.11mdv2010.2.x86_64.rpm da8529bf5c54bb7089aac5fa34e08fa2 2010.1/x86_64/firefox-ext-scribefire-3.5.2-2.11mdv2010.2.x86_64.rpm 74be4a3dd584ac9614204ec0eee5a76c 2010.1/x86_64/firefox-ext-weave-sync-1.1-5.11mdv2010.2.x86_64.rpm e15889b13af1fca608a2207defcf395f 2010.1/x86_64/firefox-ext-xmarks-3.6.14-2.11mdv2010.2.x86_64.rpm 2fb1491b1038a0fbf4d4b77e77de5d2d 2010.1/x86_64/firefox-fi-3.6.17-0.1mdv2010.2.x86_64.rpm 87aff9990ee27579705647b5f677d1a0 2010.1/x86_64/firefox-fr-3.6.17-0.1mdv2010.2.x86_64.rpm f5fa6b37709ebfc386e8f3186c9bf3e5 2010.1/x86_64/firefox-fy-3.6.17-0.1mdv2010.2.x86_64.rpm f0e79b94e45222e0e811e557be2bc0ad 2010.1/x86_64/firefox-ga_IE-3.6.17-0.1mdv2010.2.x86_64.rpm 58ef7cb55ebd74749501aa199ded7ae3 2010.1/x86_64/firefox-gl-3.6.17-0.1mdv2010.2.x86_64.rpm 384a1b23643a1651465968c608691e07 2010.1/x86_64/firefox-gu_IN-3.6.17-0.1mdv2010.2.x86_64.rpm 7757a222e9272b89a437885e6ce5b31f 2010.1/x86_64/firefox-he-3.6.17-0.1mdv2010.2.x86_64.rpm 8dded891812eab92931d01af412a3ebf 2010.1/x86_64/firefox-hi-3.6.17-0.1mdv2010.2.x86_64.rpm 3a1f1a4d2e0504dfffebeedac06fd757 2010.1/x86_64/firefox-hu-3.6.17-0.1mdv2010.2.x86_64.rpm e342a02179f742297e55beca9a6b8ca6 2010.1/x86_64/firefox-id-3.6.17-0.1mdv2010.2.x86_64.rpm 036b31e88314428055f6e4a2e66fa493 2010.1/x86_64/firefox-is-3.6.17-0.1mdv2010.2.x86_64.rpm bec6bbcfcfdbaf95cdfcd7080feafc33 2010.1/x86_64/firefox-it-3.6.17-0.1mdv2010.2.x86_64.rpm 590f80b0284b1d97100c84b0c0d1635e 2010.1/x86_64/firefox-ja-3.6.17-0.1mdv2010.2.x86_64.rpm b7f833b9c8b8c0c730ff79e2376925ed 2010.1/x86_64/firefox-ka-3.6.17-0.1mdv2010.2.x86_64.rpm 72ac06e97023f95de8bf03493178b68f 2010.1/x86_64/firefox-kn-3.6.17-0.1mdv2010.2.x86_64.rpm d6280f4d487fb74bb58134b86d3b02e0 2010.1/x86_64/firefox-ko-3.6.17-0.1mdv2010.2.x86_64.rpm 2902d4911e52992ff1965776fa55773b 2010.1/x86_64/firefox-ku-3.6.17-0.1mdv2010.2.x86_64.rpm 6749cc63b9ed02c76638143da1a69567 2010.1/x86_64/firefox-lt-3.6.17-0.1mdv2010.2.x86_64.rpm 7fdeafa0a786ffe52ceafc32171b0008 2010.1/x86_64/firefox-lv-3.6.17-0.1mdv2010.2.x86_64.rpm 8a5611333bc64fef5d911ffebed01b71 2010.1/x86_64/firefox-mk-3.6.17-0.1mdv2010.2.x86_64.rpm f26f30c2518c55c4db7ea283cdd980cb 2010.1/x86_64/firefox-mr-3.6.17-0.1mdv2010.2.x86_64.rpm ab55f04a3ca359de4160f36b157dcfdb 2010.1/x86_64/firefox-nb_NO-3.6.17-0.1mdv2010.2.x86_64.rpm 037558db1519c9ebf7fc964ddaf9101d 2010.1/x86_64/firefox-nl-3.6.17-0.1mdv2010.2.x86_64.rpm 3645335e57393ac183a626016de84c4f 2010.1/x86_64/firefox-nn_NO-3.6.17-0.1mdv2010.2.x86_64.rpm 39c1c6d029a0ddaee7f167684622ba47 2010.1/x86_64/firefox-oc-3.6.17-0.1mdv2010.2.x86_64.rpm f24638c4c92fb8c06d7a6f7ffb83ef57 2010.1/x86_64/firefox-pa_IN-3.6.17-0.1mdv2010.2.x86_64.rpm 6501493cba87fdc0380a8f8d9998ed1a 2010.1/x86_64/firefox-pl-3.6.17-0.1mdv2010.2.x86_64.rpm 99ac520214b2fc84dc5ad26a407d5473 2010.1/x86_64/firefox-pt_BR-3.6.17-0.1mdv2010.2.x86_64.rpm 03e2274cd6b99e00822fca70318d6baa 2010.1/x86_64/firefox-pt_PT-3.6.17-0.1mdv2010.2.x86_64.rpm fe066759fb775dfcafe76fc54fdf61c6 2010.1/x86_64/firefox-ro-3.6.17-0.1mdv2010.2.x86_64.rpm 30700e22cea9e182e020adeafb4d0507 2010.1/x86_64/firefox-ru-3.6.17-0.1mdv2010.2.x86_64.rpm ec4f873d8e05b8ab45a19bab482b4949 2010.1/x86_64/firefox-si-3.6.17-0.1mdv2010.2.x86_64.rpm 4835225ee74f3d8f62c0541823582f2c 2010.1/x86_64/firefox-sk-3.6.17-0.1mdv2010.2.x86_64.rpm 2054bedb2c948d9a46c2ec0dae110c38 2010.1/x86_64/firefox-sl-3.6.17-0.1mdv2010.2.x86_64.rpm 61df79a4f54f3bf36eb133465de48cd4 2010.1/x86_64/firefox-sq-3.6.17-0.1mdv2010.2.x86_64.rpm 4e9afd7cd78caed3fdd00ed795f5b597 2010.1/x86_64/firefox-sr-3.6.17-0.1mdv2010.2.x86_64.rpm 8b3ccf29a6280da169e1ed82c065f6e0 2010.1/x86_64/firefox-sv_SE-3.6.17-0.1mdv2010.2.x86_64.rpm 179197adbd3ba25592cbd581108ce5ea 2010.1/x86_64/firefox-te-3.6.17-0.1mdv2010.2.x86_64.rpm d737d709fd550410ebfefdd338758d6e 2010.1/x86_64/firefox-th-3.6.17-0.1mdv2010.2.x86_64.rpm e5936f4c07fb77132172ac02e94ca477 2010.1/x86_64/firefox-tr-3.6.17-0.1mdv2010.2.x86_64.rpm 8192f4a4f31a5b16bd5db044485261d6 2010.1/x86_64/firefox-uk-3.6.17-0.1mdv2010.2.x86_64.rpm 29e39d3eeea7fc56548d8453fe9d562d 2010.1/x86_64/firefox-zh_CN-3.6.17-0.1mdv2010.2.x86_64.rpm f938602338d91d92eda1a0b3bdb1fce7 2010.1/x86_64/firefox-zh_TW-3.6.17-0.1mdv2010.2.x86_64.rpm 2cc9893d0e15e8d6a387dc1858f49095 2010.1/x86_64/gjs-0.6-4.11mdv2010.2.x86_64.rpm a4bd11a7f67b3e932916effa4528c6a7 2010.1/x86_64/gnome-python-extras-2.25.3-18.11mdv2010.2.x86_64.rpm 95cee5d067e61a517fb1a5d117171ec0 2010.1/x86_64/gnome-python-gda-2.25.3-18.11mdv2010.2.x86_64.rpm 91d3209a56123c6d6a0aa694347e872c 2010.1/x86_64/gnome-python-gda-devel-2.25.3-18.11mdv2010.2.x86_64.rpm 34df1edf5e0be2a08528ce1662de63be 2010.1/x86_64/gnome-python-gdl-2.25.3-18.11mdv2010.2.x86_64.rpm d137508cb856c9076d4dc31f5dd7f306 2010.1/x86_64/gnome-python-gtkhtml2-2.25.3-18.11mdv2010.2.x86_64.rpm 21bb6b0f05bca7b9a6940e8e45dd3a96 2010.1/x86_64/gnome-python-gtkmozembed-2.25.3-18.11mdv2010.2.x86_64.rpm 6e524a6d0f00d4c3959c578766e98049 2010.1/x86_64/gnome-python-gtkspell-2.25.3-18.11mdv2010.2.x86_64.rpm e2073b5a80d38b4a04d8ff834d75efdd 2010.1/x86_64/lemon-3.7.4-0.1mdv2010.2.x86_64.rpm 92f6e1c3916ea0eaf167422cb7664879 2010.1/x86_64/lib64gjs0-0.6-4.11mdv2010.2.x86_64.rpm 000331cedd3b7c59b6f31b9299e2db51 2010.1/x86_64/lib64gjs-devel-0.6-4.11mdv2010.2.x86_64.rpm de19237a71b5ac9dd2197557eca1dac8 2010.1/x86_64/lib64sqlite3_0-3.7.6.2-0.1mdv2010.2.x86_64.rpm 81e39244f2d0ca52dad100b3084f4eae 2010.1/x86_64/lib64sqlite3-devel-3.7.6.2-0.1mdv2010.2.x86_64.rpm e7d7123b05e43b447830713352e58799 2010.1/x86_64/lib64sqlite3-static-devel-3.7.6.2-0.1mdv2010.2.x86_64.rpm 141b29ac9c15a48b64f28d26ce97046a 2010.1/x86_64/lib64xulrunner1.9.2.17-1.9.2.17-0.1mdv2010.2.x86_64.rpm 676a62b038fe6e012ae7b868ee472268 2010.1/x86_64/lib64xulrunner-devel-1.9.2.17-0.1mdv2010.2.x86_64.rpm 83fb7cc91a80a62ed919b74401feb855 2010.1/x86_64/mozilla-thunderbird-beagle-0.3.9-40.14mdv2010.2.x86_64.rpm 52cec62fcccfe088c54a215eb3e7cd39 2010.1/x86_64/sqlite3-tools-3.7.6.2-0.1mdv2010.2.x86_64.rpm 1951e652f207a2344b3460d0c06a1c17 2010.1/x86_64/xulrunner-1.9.2.17-0.1mdv2010.2.x86_64.rpm 58f9aa8aa5f6ec8558166674e1224998 2010.1/x86_64/yelp-2.30.1-4.11mdv2010.2.x86_64.rpm f03639972840639a315ace5577a3f7d7 2010.1/SRPMS/beagle-0.3.9-40.14mdv2010.2.src.rpm 1b407792bc53910f470fef2aa107c4db 2010.1/SRPMS/firefox-3.6.17-0.1mdv2010.2.src.rpm cffc7531253d821db2a606e56993d5e1 2010.1/SRPMS/firefox-ext-blogrovr-1.1.804-13.11mdv2010.2.src.rpm 84480ce74b027244dc64794cbae17d07 2010.1/SRPMS/firefox-ext-mozvoikko-1.0.1-2.11mdv2010.2.src.rpm ec8e51d467efb46c6fad4d9a5e64af51 2010.1/SRPMS/firefox-ext-r-kiosk-0.8.1-2.11mdv2010.2.src.rpm 9626186349beb04c41ac48c21bf268b1 2010.1/SRPMS/firefox-ext-scribefire-3.5.2-2.11mdv2010.2.src.rpm e65da7beca8fa7edffd5a70da28161ec 2010.1/SRPMS/firefox-ext-weave-sync-1.1-5.11mdv2010.2.src.rpm c4ce7eec413e557445f66f2b167899a7 2010.1/SRPMS/firefox-ext-xmarks-3.6.14-2.11mdv2010.2.src.rpm 55bd4776f283283a5c8ab1906658b9c9 2010.1/SRPMS/firefox-l10n-3.6.17-0.1mdv2010.2.src.rpm e0bcbb8764bd02ec459e7252aec2d042 2010.1/SRPMS/gjs-0.6-4.11mdv2010.2.src.rpm 66f6688cea914918243d9afeefc443b2 2010.1/SRPMS/gnome-python-extras-2.25.3-18.11mdv2010.2.src.rpm f8304df757bbcc2d16d3198e3fda3d23 2010.1/SRPMS/lemon-3.7.4-0.1mdv2010.2.src.rpm 8b4cc9318b6004ece98b4d1057cea92d 2010.1/SRPMS/sqlite3-3.7.6.2-0.1mdv2010.2.src.rpm 6a7d4ed599fbf868d4a02a9e8d2933c8 2010.1/SRPMS/xulrunner-1.9.2.17-0.1mdv2010.2.src.rpm 8f9d8865473f416ec554aa017d0dccb1 2010.1/SRPMS/yelp-2.30.1-4.11mdv2010.2.src.rpm Mandriva Enterprise Server 5: cd1e9a42a006aa5adda100679d0cbc93 mes5/i586/firefox-3.6.17-0.1mdvmes5.2.i586.rpm 71d37ac9f0293811bd4520e03dc54157 mes5/i586/firefox-af-3.6.17-0.1mdvmes5.2.i586.rpm 7f0e73e51c41f69de839fc2755d88853 mes5/i586/firefox-ar-3.6.17-0.1mdvmes5.2.i586.rpm 0d3d203788e1c81779a5f9ca31ddb022 mes5/i586/firefox-be-3.6.17-0.1mdvmes5.2.i586.rpm b40754b7ecfd225d8b8192055d275635 mes5/i586/firefox-bg-3.6.17-0.1mdvmes5.2.i586.rpm 28c6bc31a2e4332cc3c0f3b815cf9550 mes5/i586/firefox-bn-3.6.17-0.1mdvmes5.2.i586.rpm 6fd253979012ac8302baa07b257bfa4c mes5/i586/firefox-ca-3.6.17-0.1mdvmes5.2.i586.rpm 28354e9b7daf2993f1f4e550045a20e3 mes5/i586/firefox-cs-3.6.17-0.1mdvmes5.2.i586.rpm 4f4b94dc2cfd87ddaec38d5fb5eb0400 mes5/i586/firefox-cy-3.6.17-0.1mdvmes5.2.i586.rpm 9ebfff1af214cbee62fa37079e2bd7e6 mes5/i586/firefox-da-3.6.17-0.1mdvmes5.2.i586.rpm f549fe10cf71e4ffacfb60882521b2df mes5/i586/firefox-de-3.6.17-0.1mdvmes5.2.i586.rpm 93305ea82f3f0db7a8818cba8a6de264 mes5/i586/firefox-devel-3.6.17-0.1mdvmes5.2.i586.rpm 27dd2d2ecc56883660cd01c1c05c0a64 mes5/i586/firefox-el-3.6.17-0.1mdvmes5.2.i586.rpm eb242443939e1ec934e1a03e927dfcc7 mes5/i586/firefox-en_GB-3.6.17-0.1mdvmes5.2.i586.rpm 70a5b46a1a85af189111d5c903c04e6f mes5/i586/firefox-eo-3.6.17-0.1mdvmes5.2.i586.rpm 045d6b80f006d42b49404862b01228e2 mes5/i586/firefox-es_AR-3.6.17-0.1mdvmes5.2.i586.rpm 4303d5138af4a2ebe3cf3d2ca6a1917d mes5/i586/firefox-es_ES-3.6.17-0.1mdvmes5.2.i586.rpm e75f75febb938386c4900bc1af8af042 mes5/i586/firefox-et-3.6.17-0.1mdvmes5.2.i586.rpm 452955a2a43a62918d190e022c075442 mes5/i586/firefox-eu-3.6.17-0.1mdvmes5.2.i586.rpm 9a248c3c9431b97f65e105824c9361ec mes5/i586/firefox-fi-3.6.17-0.1mdvmes5.2.i586.rpm e404680e82e06af73a581a5c4b508156 mes5/i586/firefox-fr-3.6.17-0.1mdvmes5.2.i586.rpm 13cc1a0d0c0841dae79534feb33e3df3 mes5/i586/firefox-fy-3.6.17-0.1mdvmes5.2.i586.rpm 6e1e56d7854c9f78a1c9813ff929eacc mes5/i586/firefox-ga_IE-3.6.17-0.1mdvmes5.2.i586.rpm a40d04e4b23e315d5138669edcac7f46 mes5/i586/firefox-gl-3.6.17-0.1mdvmes5.2.i586.rpm 003ab3759ad09849c7c75b100cb0493b mes5/i586/firefox-gu_IN-3.6.17-0.1mdvmes5.2.i586.rpm 2c0793b1f9650e6f2fee84cce9614d8c mes5/i586/firefox-he-3.6.17-0.1mdvmes5.2.i586.rpm 15074456de86609bd2f8200e5d9242d4 mes5/i586/firefox-hi-3.6.17-0.1mdvmes5.2.i586.rpm dd2f72897646c7b30dc12775dd82a2d4 mes5/i586/firefox-hu-3.6.17-0.1mdvmes5.2.i586.rpm 29c5aa93bdca6f566cbdcabe4a8e3b9b mes5/i586/firefox-id-3.6.17-0.1mdvmes5.2.i586.rpm 163d2fa3c63d7863ccf7f7bbaf4d0e11 mes5/i586/firefox-is-3.6.17-0.1mdvmes5.2.i586.rpm 47069560437e511140ba5ff1b63291d8 mes5/i586/firefox-it-3.6.17-0.1mdvmes5.2.i586.rpm 6cc9d026a8569b790ba2fcbd8e24a862 mes5/i586/firefox-ja-3.6.17-0.1mdvmes5.2.i586.rpm c2a4b813bfed1a0771505aba9a64b67a mes5/i586/firefox-ka-3.6.17-0.1mdvmes5.2.i586.rpm ae479a045c885c2c887e38f43220a831 mes5/i586/firefox-kn-3.6.17-0.1mdvmes5.2.i586.rpm adbb4ae02ac0592bb6c3164da559fcdd mes5/i586/firefox-ko-3.6.17-0.1mdvmes5.2.i586.rpm 4dade34dbe0124df10e7bc9b944223ad mes5/i586/firefox-ku-3.6.17-0.1mdvmes5.2.i586.rpm 24eb9a94cce3d8ff6108aab01814eddf mes5/i586/firefox-lt-3.6.17-0.1mdvmes5.2.i586.rpm d26f9486102084657ce92ece26daa619 mes5/i586/firefox-lv-3.6.17-0.1mdvmes5.2.i586.rpm 36d6e7bded0d41872f598a3ee7ed3ce3 mes5/i586/firefox-mk-3.6.17-0.1mdvmes5.2.i586.rpm 26fe1eac37c64f4449e5640e2b4fd623 mes5/i586/firefox-mr-3.6.17-0.1mdvmes5.2.i586.rpm 593c15394af9f6269820bef95f5044d2 mes5/i586/firefox-nb_NO-3.6.17-0.1mdvmes5.2.i586.rpm d20476061cc8797e78728e36f26a0e1f mes5/i586/firefox-nl-3.6.17-0.1mdvmes5.2.i586.rpm 7367469b54aba0e799ea78f8e6c57623 mes5/i586/firefox-nn_NO-3.6.17-0.1mdvmes5.2.i586.rpm f57fa32c9d04b1efa5f0bc610aed9310 mes5/i586/firefox-oc-3.6.17-0.1mdvmes5.2.i586.rpm 1373e0a9b280d0955af3cdac49287e3c mes5/i586/firefox-pa_IN-3.6.17-0.1mdvmes5.2.i586.rpm 4db37cc34f95f2050549b2b94ec67e85 mes5/i586/firefox-pl-3.6.17-0.1mdvmes5.2.i586.rpm cf755af35925c6c0039ee29f9c0029d0 mes5/i586/firefox-pt_BR-3.6.17-0.1mdvmes5.2.i586.rpm a2f110045a0ddfff974990f60c4fe64b mes5/i586/firefox-pt_PT-3.6.17-0.1mdvmes5.2.i586.rpm fbe53c4ec1d600b4c42ab3dfa377f15f mes5/i586/firefox-ro-3.6.17-0.1mdvmes5.2.i586.rpm f656ab01daaea25add74112516d57f89 mes5/i586/firefox-ru-3.6.17-0.1mdvmes5.2.i586.rpm 2903d0b3ce028351f70f416088b119ec mes5/i586/firefox-si-3.6.17-0.1mdvmes5.2.i586.rpm 11e1d9a1c1ea08e9ca6edf1c4dead3b7 mes5/i586/firefox-sk-3.6.17-0.1mdvmes5.2.i586.rpm 7a926b7da38eb87ec265a2e8630b405c mes5/i586/firefox-sl-3.6.17-0.1mdvmes5.2.i586.rpm 23d443bb392eebe34cc23645390e5db3 mes5/i586/firefox-sq-3.6.17-0.1mdvmes5.2.i586.rpm 1c863cc5d1ff0ca73463e3fadb49826d mes5/i586/firefox-sr-3.6.17-0.1mdvmes5.2.i586.rpm eefc88ca28558a2aa84916ab68c8784b mes5/i586/firefox-sv_SE-3.6.17-0.1mdvmes5.2.i586.rpm a370f38efa21a805eb7ffcaa3b0ff4e6 mes5/i586/firefox-te-3.6.17-0.1mdvmes5.2.i586.rpm 1938a177263949976d41d331ad88a6fd mes5/i586/firefox-th-3.6.17-0.1mdvmes5.2.i586.rpm 411b0440df40c11a6b6afd2678f88194 mes5/i586/firefox-tr-3.6.17-0.1mdvmes5.2.i586.rpm 19a879814fca5ab264c360a3c2a7bc94 mes5/i586/firefox-uk-3.6.17-0.1mdvmes5.2.i586.rpm 21fb65bdb7b2d072cd856b89f82b5110 mes5/i586/firefox-zh_CN-3.6.17-0.1mdvmes5.2.i586.rpm 48aeb095031ec9bb857d43eaa787c3f3 mes5/i586/firefox-zh_TW-3.6.17-0.1mdvmes5.2.i586.rpm ab0bdd9c6e0ac64cece89ab65dc561c5 mes5/i586/gnome-python-extras-2.19.1-20.27mdvmes5.2.i586.rpm c8d2cbcd8b1aaa8a2a51bcdbb0b2b910 mes5/i586/gnome-python-gda-2.19.1-20.27mdvmes5.2.i586.rpm ec5227d35f1449aaf7efe40f7fbb318f mes5/i586/gnome-python-gda-devel-2.19.1-20.27mdvmes5.2.i586.rpm 7b452ca6f2d66637d394660ea03d9d2a mes5/i586/gnome-python-gdl-2.19.1-20.27mdvmes5.2.i586.rpm fb3c82427b3e7431ad8a258fc9eff104 mes5/i586/gnome-python-gtkhtml2-2.19.1-20.27mdvmes5.2.i586.rpm ab2354cebdc0b8e2aa173ead5532b4ac mes5/i586/gnome-python-gtkmozembed-2.19.1-20.27mdvmes5.2.i586.rpm b534f20edd5f3757349a8c4a50d0a0e6 mes5/i586/gnome-python-gtkspell-2.19.1-20.27mdvmes5.2.i586.rpm 61a1d120a4e4570fb72dad35226769b4 mes5/i586/lemon-3.7.4-0.1mdvmes5.2.i586.rpm 69e75f2466743e6d1400e6fe780040fd mes5/i586/libsqlite3_0-3.7.6.2-0.1mdvmes5.2.i586.rpm a3d24e02c7564b24ba0e1c84e47c1199 mes5/i586/libsqlite3-devel-3.7.6.2-0.1mdvmes5.2.i586.rpm 92f31472aa1598fa93e62e343e58c451 mes5/i586/libsqlite3-static-devel-3.7.6.2-0.1mdvmes5.2.i586.rpm dc34aa3a20ded6207c29571b1442dc61 mes5/i586/libxulrunner1.9.2.17-1.9.2.17-0.1mdvmes5.2.i586.rpm b403f1b78eca1fa166eed7314589d6c3 mes5/i586/libxulrunner-devel-1.9.2.17-0.1mdvmes5.2.i586.rpm 266697bb330b9b48b1c10a5e9f728d63 mes5/i586/sqlite3-tools-3.7.6.2-0.1mdvmes5.2.i586.rpm 076f2a699a8ef53d6c276be266a9af9f mes5/i586/xulrunner-1.9.2.17-0.1mdvmes5.2.i586.rpm f07e55998cada837f50c314833682dbc mes5/i586/yelp-2.24.0-3.28mdvmes5.2.i586.rpm 08e3395dcf5d79aad887b04fccbeca1a mes5/SRPMS/firefox-3.6.17-0.1mdvmes5.2.src.rpm ace71a7037acfef2e442c0f1d472a558 mes5/SRPMS/firefox-l10n-3.6.17-0.1mdvmes5.2.src.rpm f625973d73bdc2c483e16d69d86ed015 mes5/SRPMS/gnome-python-extras-2.19.1-20.27mdvmes5.2.src.rpm 5e72aa3d556fbaadb3feba514417c97f mes5/SRPMS/lemon-3.7.4-0.1mdvmes5.2.src.rpm 42a930801375eab6b2532bbe97f2938d mes5/SRPMS/sqlite3-3.7.6.2-0.1mdvmes5.2.src.rpm 6e2762193b3083bdc03e89d638c1ca59 mes5/SRPMS/xulrunner-1.9.2.17-0.1mdvmes5.2.src.rpm a0115bd0847187c4a21ded2734c2567a mes5/SRPMS/yelp-2.24.0-3.28mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: bcbc626f149907e7db0aa880b0986682 mes5/x86_64/firefox-3.6.17-0.1mdvmes5.2.x86_64.rpm 56ce0c4dc89e1f2626b26b61ba0eb1f9 mes5/x86_64/firefox-af-3.6.17-0.1mdvmes5.2.x86_64.rpm 2d8db2677a37b8a1ae081c2a30807bdf mes5/x86_64/firefox-ar-3.6.17-0.1mdvmes5.2.x86_64.rpm 8f13b9c5f31e3baf114d8ff1c4662a0f mes5/x86_64/firefox-be-3.6.17-0.1mdvmes5.2.x86_64.rpm 9b1498c677c64c9a4b5e003f614b66de mes5/x86_64/firefox-bg-3.6.17-0.1mdvmes5.2.x86_64.rpm 17c1cf44b4a4f6acb460bb4745f608bb mes5/x86_64/firefox-bn-3.6.17-0.1mdvmes5.2.x86_64.rpm d24d45ec96e39a93d22a9304e7cf67ac mes5/x86_64/firefox-ca-3.6.17-0.1mdvmes5.2.x86_64.rpm 2c9635ebd5eb01ee812abe1e60fc1a90 mes5/x86_64/firefox-cs-3.6.17-0.1mdvmes5.2.x86_64.rpm 9d6e1fb46850b1ed7e541739e283ac2f mes5/x86_64/firefox-cy-3.6.17-0.1mdvmes5.2.x86_64.rpm 8f7cd04bb995712880ad9f552b08bcea mes5/x86_64/firefox-da-3.6.17-0.1mdvmes5.2.x86_64.rpm 3dc2f1215bd97c95e307bea6d857502b mes5/x86_64/firefox-de-3.6.17-0.1mdvmes5.2.x86_64.rpm c238ee61325ec66dc6b25e617890c2c7 mes5/x86_64/firefox-devel-3.6.17-0.1mdvmes5.2.x86_64.rpm 15fc79ff42e1c5040ff074762ecf9a08 mes5/x86_64/firefox-el-3.6.17-0.1mdvmes5.2.x86_64.rpm f8739033ea7805998e813121b932974d mes5/x86_64/firefox-en_GB-3.6.17-0.1mdvmes5.2.x86_64.rpm 37d15a0e10ea45f53052cb975480ec9c mes5/x86_64/firefox-eo-3.6.17-0.1mdvmes5.2.x86_64.rpm 1080d11107b386d5847a3900bd7f82ec mes5/x86_64/firefox-es_AR-3.6.17-0.1mdvmes5.2.x86_64.rpm eb471420d0ec8c797fed7d9737eb7cd1 mes5/x86_64/firefox-es_ES-3.6.17-0.1mdvmes5.2.x86_64.rpm 466a7b12b2720ba3a2a097a042334d19 mes5/x86_64/firefox-et-3.6.17-0.1mdvmes5.2.x86_64.rpm 62f7faefd2691977ac089b1230777fd1 mes5/x86_64/firefox-eu-3.6.17-0.1mdvmes5.2.x86_64.rpm 43e52f4084a1edb8fc3a98842cccf94f mes5/x86_64/firefox-fi-3.6.17-0.1mdvmes5.2.x86_64.rpm 2e02f68eaea320129bf14462b3f3c1e3 mes5/x86_64/firefox-fr-3.6.17-0.1mdvmes5.2.x86_64.rpm 8b906e8ddb2fc609d706262f892066cb mes5/x86_64/firefox-fy-3.6.17-0.1mdvmes5.2.x86_64.rpm 6c66cdeb261ccf59226e4940325e3ed9 mes5/x86_64/firefox-ga_IE-3.6.17-0.1mdvmes5.2.x86_64.rpm 61d5f0c94ba1fc1d9075d27e6575450d mes5/x86_64/firefox-gl-3.6.17-0.1mdvmes5.2.x86_64.rpm 7879ff61a4cb6c2f5b9b501f7d76ccce mes5/x86_64/firefox-gu_IN-3.6.17-0.1mdvmes5.2.x86_64.rpm 2e95af25ff50975161d817274c70a435 mes5/x86_64/firefox-he-3.6.17-0.1mdvmes5.2.x86_64.rpm e0de5a247cca79950b88b367d7c03eb6 mes5/x86_64/firefox-hi-3.6.17-0.1mdvmes5.2.x86_64.rpm a109e4717ed021a0bf05af9c8364af9b mes5/x86_64/firefox-hu-3.6.17-0.1mdvmes5.2.x86_64.rpm c6750aaa0a1e2b68757ef92bdc9b8820 mes5/x86_64/firefox-id-3.6.17-0.1mdvmes5.2.x86_64.rpm e78ecd366539d9e8826de2d9b9d53475 mes5/x86_64/firefox-is-3.6.17-0.1mdvmes5.2.x86_64.rpm 46d2e1106df05c0a23eb51774e8f3b94 mes5/x86_64/firefox-it-3.6.17-0.1mdvmes5.2.x86_64.rpm daf9972befd078246c1b894da7113bf4 mes5/x86_64/firefox-ja-3.6.17-0.1mdvmes5.2.x86_64.rpm 6b80fa3bb62ddeddd402730ac426fa4c mes5/x86_64/firefox-ka-3.6.17-0.1mdvmes5.2.x86_64.rpm d03328157f05d2d17c4bca57b67a80dd mes5/x86_64/firefox-kn-3.6.17-0.1mdvmes5.2.x86_64.rpm cb0715cd4a81594dcfb2c12ded2f0da9 mes5/x86_64/firefox-ko-3.6.17-0.1mdvmes5.2.x86_64.rpm 915e0f528feef5d0c9977e1226ff054b mes5/x86_64/firefox-ku-3.6.17-0.1mdvmes5.2.x86_64.rpm 5999f9b990455d35c6b7309ce24a5521 mes5/x86_64/firefox-lt-3.6.17-0.1mdvmes5.2.x86_64.rpm ec301658c5d0735dbd4d5bb73b49719f mes5/x86_64/firefox-lv-3.6.17-0.1mdvmes5.2.x86_64.rpm 69cbe297fd4885895dfffc2f82c97613 mes5/x86_64/firefox-mk-3.6.17-0.1mdvmes5.2.x86_64.rpm cc375fff57a189f0eed8b0127b5bac0f mes5/x86_64/firefox-mr-3.6.17-0.1mdvmes5.2.x86_64.rpm 1dea9c1581fb71783f921b44c467f894 mes5/x86_64/firefox-nb_NO-3.6.17-0.1mdvmes5.2.x86_64.rpm 2efeef9a98c5ec444083ee6c0ec28a9e mes5/x86_64/firefox-nl-3.6.17-0.1mdvmes5.2.x86_64.rpm b2a0f77c3a5f144fd9b13e6e18b5668d mes5/x86_64/firefox-nn_NO-3.6.17-0.1mdvmes5.2.x86_64.rpm 459caa344929122196f40a0b03aaa77f mes5/x86_64/firefox-oc-3.6.17-0.1mdvmes5.2.x86_64.rpm 7acc021757df45d4c9a3f0adf5058f4e mes5/x86_64/firefox-pa_IN-3.6.17-0.1mdvmes5.2.x86_64.rpm 4c415b9549be3c5b901a18a751e72e7e mes5/x86_64/firefox-pl-3.6.17-0.1mdvmes5.2.x86_64.rpm b7410e6f949e2e167b6a5ffa13f1d5a4 mes5/x86_64/firefox-pt_BR-3.6.17-0.1mdvmes5.2.x86_64.rpm 43cc010a9f8b133adac9a4eb5fd111f7 mes5/x86_64/firefox-pt_PT-3.6.17-0.1mdvmes5.2.x86_64.rpm 04ed29a15e51451cfa4122eb7c4ada8e mes5/x86_64/firefox-ro-3.6.17-0.1mdvmes5.2.x86_64.rpm c5f071ad5734fc69ed6187ae9f92e72d mes5/x86_64/firefox-ru-3.6.17-0.1mdvmes5.2.x86_64.rpm 7bb7fd81e876495f4ae7ab30da0f9ae4 mes5/x86_64/firefox-si-3.6.17-0.1mdvmes5.2.x86_64.rpm 975dcd619280dbcf17b55d538f01e93e mes5/x86_64/firefox-sk-3.6.17-0.1mdvmes5.2.x86_64.rpm d8e4dfe5ffb9bfc49709b60e7fbf2c92 mes5/x86_64/firefox-sl-3.6.17-0.1mdvmes5.2.x86_64.rpm 1b33061a688a563053bcd50bc4449db1 mes5/x86_64/firefox-sq-3.6.17-0.1mdvmes5.2.x86_64.rpm 5fef483a4f5e020021c2cd4e34749ab7 mes5/x86_64/firefox-sr-3.6.17-0.1mdvmes5.2.x86_64.rpm 6e21f7add5864e8ee26dc8a744fdc30b mes5/x86_64/firefox-sv_SE-3.6.17-0.1mdvmes5.2.x86_64.rpm e86770d480ecd52ed6ee2eeae6f6d24b mes5/x86_64/firefox-te-3.6.17-0.1mdvmes5.2.x86_64.rpm 24a6cd92245b7c16404059228dee56a1 mes5/x86_64/firefox-th-3.6.17-0.1mdvmes5.2.x86_64.rpm fc97ff214f1fd47aa3d270a20c238913 mes5/x86_64/firefox-tr-3.6.17-0.1mdvmes5.2.x86_64.rpm 6d665853c2345607b932f836eeb9ab8a mes5/x86_64/firefox-uk-3.6.17-0.1mdvmes5.2.x86_64.rpm afa7c5c1bc9aec01733382e300770e61 mes5/x86_64/firefox-zh_CN-3.6.17-0.1mdvmes5.2.x86_64.rpm 8bb13a84c1efabc7baf94143e3a78364 mes5/x86_64/firefox-zh_TW-3.6.17-0.1mdvmes5.2.x86_64.rpm b7a1511c5b7ff2d910fb8fa306a9fb50 mes5/x86_64/gnome-python-extras-2.19.1-20.27mdvmes5.2.x86_64.rpm e2df82f36fb325df0797b18847dbb1a5 mes5/x86_64/gnome-python-gda-2.19.1-20.27mdvmes5.2.x86_64.rpm 8253a637a23efef6c15c552b9b0a3459 mes5/x86_64/gnome-python-gda-devel-2.19.1-20.27mdvmes5.2.x86_64.rpm 2a6a42257bc206b8c373315808f89a11 mes5/x86_64/gnome-python-gdl-2.19.1-20.27mdvmes5.2.x86_64.rpm 407ab79e0a50b3c361c528ad0381dc0a mes5/x86_64/gnome-python-gtkhtml2-2.19.1-20.27mdvmes5.2.x86_64.rpm 214a324b266e552e2393e31be905fec0 mes5/x86_64/gnome-python-gtkmozembed-2.19.1-20.27mdvmes5.2.x86_64.rpm f00814fd166c6173473923145f7edb09 mes5/x86_64/gnome-python-gtkspell-2.19.1-20.27mdvmes5.2.x86_64.rpm fb5f99420187bd9d38fca89a3c296779 mes5/x86_64/lemon-3.7.4-0.1mdvmes5.2.x86_64.rpm 5b84fb55152b544c80660e96a1ec63c8 mes5/x86_64/lib64sqlite3_0-3.7.6.2-0.1mdvmes5.2.x86_64.rpm 1e399ecae3c9de83bc4d4f2a91a74dfb mes5/x86_64/lib64sqlite3-devel-3.7.6.2-0.1mdvmes5.2.x86_64.rpm aea22ba2c95d994dd25bd9433aa93bd1 mes5/x86_64/lib64sqlite3-static-devel-3.7.6.2-0.1mdvmes5.2.x86_64.rpm 13bce11c19e821c3d7c2f4cdc1ab402f mes5/x86_64/lib64xulrunner1.9.2.17-1.9.2.17-0.1mdvmes5.2.x86_64.rpm 8a3ca64ce81aadbdd2ecb3a398570762 mes5/x86_64/lib64xulrunner-devel-1.9.2.17-0.1mdvmes5.2.x86_64.rpm 437b579498eb505c806cee54a61abca7 mes5/x86_64/sqlite3-tools-3.7.6.2-0.1mdvmes5.2.x86_64.rpm e29899f953d34097cb5c8679dd7775df mes5/x86_64/xulrunner-1.9.2.17-0.1mdvmes5.2.x86_64.rpm 93bd94819b0b98ead5f8eb7b00bf8703 mes5/x86_64/yelp-2.24.0-3.28mdvmes5.2.x86_64.rpm 08e3395dcf5d79aad887b04fccbeca1a mes5/SRPMS/firefox-3.6.17-0.1mdvmes5.2.src.rpm ace71a7037acfef2e442c0f1d472a558 mes5/SRPMS/firefox-l10n-3.6.17-0.1mdvmes5.2.src.rpm f625973d73bdc2c483e16d69d86ed015 mes5/SRPMS/gnome-python-extras-2.19.1-20.27mdvmes5.2.src.rpm 5e72aa3d556fbaadb3feba514417c97f mes5/SRPMS/lemon-3.7.4-0.1mdvmes5.2.src.rpm 42a930801375eab6b2532bbe97f2938d mes5/SRPMS/sqlite3-3.7.6.2-0.1mdvmes5.2.src.rpm 6e2762193b3083bdc03e89d638c1ca59 mes5/SRPMS/xulrunner-1.9.2.17-0.1mdvmes5.2.src.rpm a0115bd0847187c4a21ded2734c2567a mes5/SRPMS/yelp-2.24.0-3.28mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNu9bfmqjQ0CJFipgRAjj2AJ4iav3EMP5XoLEC8nisesrJPy7FSgCeJ9JX uo5K88YBkyVTJhsEYpwVsxA= =nlH5 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . For more information: SA44357 SOLUTION: Apply updated packages via the yum utility ("yum update firefox" and "yum update xulrunner"). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201301-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Mozilla Products: Multiple vulnerabilities Date: January 08, 2013 Bugs: #180159, #181361, #207261, #238535, #246602, #251322, #255221, #255234, #255687, #257577, #260062, #261386, #262704, #267234, #273918, #277752, #280226, #280234, #280393, #282549, #284439, #286721, #290892, #292034, #297532, #305689, #307045, #311021, #312361, #312645, #312651, #312675, #312679, #312763, #313003, #324735, #326341, #329279, #336396, #341821, #342847, #348316, #357057, #360055, #360315, #365323, #373595, #379549, #381245, #388045, #390771, #395431, #401701, #403183, #404437, #408161, #413657, #419917, #427224, #433383, #437780, #439586, #439960, #444318 ID: 201301-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation. Background ========== Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the 'Mozilla Application Suite'. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications such as Firefox and Thunderbird. NSS is Mozilla's Network Security Services library that implements PKI support. IceCat is the GNU version of Firefox. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/firefox < 10.0.11 >= 10.0.11 2 www-client/firefox-bin < 10.0.11 >= 10.0.11 3 mail-client/thunderbird < 10.0.11 >= 10.0.11 4 mail-client/thunderbird-bin < 10.0.11 >= 10.0.11 5 www-client/seamonkey < 2.14-r1 >= 2.14-r1 6 www-client/seamonkey-bin < 2.14 >= 2.14 7 dev-libs/nss < 3.14 >= 3.14 8 www-client/mozilla-firefox <= 3.6.8 Vulnerable! 9 www-client/mozilla-firefox-bin <= 3.5.6 Vulnerable! 10 mail-client/mozilla-thunderbird <= 3.0.4-r1 Vulnerable! 11 mail-client/mozilla-thunderbird-bin <= 3.0 Vulnerable! 12 www-client/icecat <= 10.0-r1 Vulnerable! 13 net-libs/xulrunner <= 2.0-r1 Vulnerable! 14 net-libs/xulrunner-bin <= 1.8.1.19 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 14 affected packages Description =========== Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, bypass restrictions and protection mechanisms, force file downloads, conduct XML injection attacks, conduct XSS attacks, bypass the Same Origin Policy, spoof URL's for phishing attacks, trigger a vertical scroll, spoof the location bar, spoof an SSL indicator, modify the browser's font, conduct clickjacking attacks, or have other unspecified impact. A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround ========== There is no known workaround at this time. Resolution ========== All Mozilla Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11" All users of the Mozilla Firefox binary package should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"= All Mozilla Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11" All users of the Mozilla Thunderbird binary package should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11" All Mozilla SeaMonkey users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-2.14-r1" All users of the Mozilla SeaMonkey binary package should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-2.14" All NSS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.14" The "www-client/mozilla-firefox" package has been merged into the "www-client/firefox" package. To upgrade, please unmerge "www-client/mozilla-firefox" and then emerge the latest "www-client/firefox" package: # emerge --sync # emerge --unmerge "www-client/mozilla-firefox" # emerge --ask --oneshot --verbose ">=www-client/firefox-10.0.11" The "www-client/mozilla-firefox-bin" package has been merged into the "www-client/firefox-bin" package. To upgrade, please unmerge "www-client/mozilla-firefox-bin" and then emerge the latest "www-client/firefox-bin" package: # emerge --sync # emerge --unmerge "www-client/mozilla-firefox-bin" # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-10.0.11"= The "mail-client/mozilla-thunderbird" package has been merged into the "mail-client/thunderbird" package. To upgrade, please unmerge "mail-client/mozilla-thunderbird" and then emerge the latest "mail-client/thunderbird" package: # emerge --sync # emerge --unmerge "mail-client/mozilla-thunderbird" # emerge --ask --oneshot -v ">=mail-client/thunderbird-10.0.11" The "mail-client/mozilla-thunderbird-bin" package has been merged into the "mail-client/thunderbird-bin" package. To upgrade, please unmerge "mail-client/mozilla-thunderbird-bin" and then emerge the latest "mail-client/thunderbird-bin" package: # emerge --sync # emerge --unmerge "mail-client/mozilla-thunderbird-bin" # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-10.0.11" Gentoo discontinued support for GNU IceCat. We recommend that users unmerge GNU IceCat: # emerge --unmerge "www-client/icecat" Gentoo discontinued support for XULRunner. We recommend that users unmerge XULRunner: # emerge --unmerge "net-libs/xulrunner" Gentoo discontinued support for the XULRunner binary package. We recommend that users unmerge XULRunner: # emerge --unmerge "net-libs/xulrunner-bin" References ========== [ 1 ] CVE-2011-3101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3101 [ 2 ] CVE-2007-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2436 [ 3 ] CVE-2007-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2437 [ 4 ] CVE-2007-2671 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2671 [ 5 ] CVE-2007-3073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3073 [ 6 ] CVE-2008-0016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0016 [ 7 ] CVE-2008-0017 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0017 [ 8 ] CVE-2008-0367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0367 [ 9 ] CVE-2008-3835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3835 [ 10 ] CVE-2008-3836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3836 [ 11 ] CVE-2008-3837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3837 [ 12 ] CVE-2008-4058 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4058 [ 13 ] CVE-2008-4059 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4059 [ 14 ] CVE-2008-4060 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4060 [ 15 ] CVE-2008-4061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4061 [ 16 ] CVE-2008-4062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4062 [ 17 ] CVE-2008-4063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4063 [ 18 ] CVE-2008-4064 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4064 [ 19 ] CVE-2008-4065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4065 [ 20 ] CVE-2008-4066 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4066 [ 21 ] CVE-2008-4067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4067 [ 22 ] CVE-2008-4068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4068 [ 23 ] CVE-2008-4069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4069 [ 24 ] CVE-2008-4070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4070 [ 25 ] CVE-2008-4582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4582 [ 26 ] CVE-2008-5012 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5012 [ 27 ] CVE-2008-5013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5013 [ 28 ] CVE-2008-5014 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5014 [ 29 ] CVE-2008-5015 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5015 [ 30 ] CVE-2008-5016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5016 [ 31 ] CVE-2008-5017 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5017 [ 32 ] CVE-2008-5018 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5018 [ 33 ] CVE-2008-5019 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5019 [ 34 ] CVE-2008-5021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5021 [ 35 ] CVE-2008-5022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5022 [ 36 ] CVE-2008-5023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5023 [ 37 ] CVE-2008-5024 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5024 [ 38 ] CVE-2008-5052 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5052 [ 39 ] CVE-2008-5500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5500 [ 40 ] CVE-2008-5501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5501 [ 41 ] CVE-2008-5502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5502 [ 42 ] CVE-2008-5503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5503 [ 43 ] CVE-2008-5504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5504 [ 44 ] CVE-2008-5505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5505 [ 45 ] CVE-2008-5506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5506 [ 46 ] CVE-2008-5507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5507 [ 47 ] CVE-2008-5508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5508 [ 48 ] CVE-2008-5510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5510 [ 49 ] CVE-2008-5511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5511 [ 50 ] CVE-2008-5512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5512 [ 51 ] CVE-2008-5513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5513 [ 52 ] CVE-2008-5822 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5822 [ 53 ] CVE-2008-5913 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5913 [ 54 ] CVE-2008-6961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6961 [ 55 ] CVE-2009-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071 [ 56 ] CVE-2009-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0071 [ 57 ] CVE-2009-0352 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0352 [ 58 ] CVE-2009-0353 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0353 [ 59 ] CVE-2009-0354 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0354 [ 60 ] CVE-2009-0355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0355 [ 61 ] CVE-2009-0356 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0356 [ 62 ] CVE-2009-0357 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0357 [ 63 ] CVE-2009-0358 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0358 [ 64 ] CVE-2009-0652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0652 [ 65 ] CVE-2009-0771 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0771 [ 66 ] CVE-2009-0772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0772 [ 67 ] CVE-2009-0773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0773 [ 68 ] CVE-2009-0774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0774 [ 69 ] CVE-2009-0775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0775 [ 70 ] CVE-2009-0776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0776 [ 71 ] CVE-2009-0777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0777 [ 72 ] CVE-2009-1044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1044 [ 73 ] CVE-2009-1169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1169 [ 74 ] CVE-2009-1302 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1302 [ 75 ] CVE-2009-1303 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1303 [ 76 ] CVE-2009-1304 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1304 [ 77 ] CVE-2009-1305 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1305 [ 78 ] CVE-2009-1306 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1306 [ 79 ] CVE-2009-1307 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1307 [ 80 ] CVE-2009-1308 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1308 [ 81 ] CVE-2009-1309 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1309 [ 82 ] CVE-2009-1310 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1310 [ 83 ] CVE-2009-1311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1311 [ 84 ] CVE-2009-1312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1312 [ 85 ] CVE-2009-1313 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1313 [ 86 ] CVE-2009-1392 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1392 [ 87 ] CVE-2009-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1563 [ 88 ] CVE-2009-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1571 [ 89 ] CVE-2009-1828 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1828 [ 90 ] CVE-2009-1832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1832 [ 91 ] CVE-2009-1833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1833 [ 92 ] CVE-2009-1834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1834 [ 93 ] CVE-2009-1835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1835 [ 94 ] CVE-2009-1836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1836 [ 95 ] CVE-2009-1837 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1837 [ 96 ] CVE-2009-1838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1838 [ 97 ] CVE-2009-1839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1839 [ 98 ] CVE-2009-1840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1840 [ 99 ] CVE-2009-1841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1841 [ 100 ] CVE-2009-2043 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2043 [ 101 ] CVE-2009-2044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2044 [ 102 ] CVE-2009-2061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2061 [ 103 ] CVE-2009-2065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2065 [ 104 ] CVE-2009-2210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2210 [ 105 ] CVE-2009-2404 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2404 [ 106 ] CVE-2009-2408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2408 [ 107 ] CVE-2009-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2462 [ 108 ] CVE-2009-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2463 [ 109 ] CVE-2009-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2464 [ 110 ] CVE-2009-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2465 [ 111 ] CVE-2009-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2466 [ 112 ] CVE-2009-2467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2467 [ 113 ] CVE-2009-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2469 [ 114 ] CVE-2009-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2470 [ 115 ] CVE-2009-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2471 [ 116 ] CVE-2009-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2472 [ 117 ] CVE-2009-2477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2477 [ 118 ] CVE-2009-2478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2478 [ 119 ] CVE-2009-2479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2479 [ 120 ] CVE-2009-2535 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2535 [ 121 ] CVE-2009-2654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2654 [ 122 ] CVE-2009-2662 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2662 [ 123 ] CVE-2009-2664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2664 [ 124 ] CVE-2009-2665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2665 [ 125 ] CVE-2009-3069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3069 [ 126 ] CVE-2009-3070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3070 [ 127 ] CVE-2009-3071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3071 [ 128 ] CVE-2009-3072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3072 [ 129 ] CVE-2009-3074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3074 [ 130 ] CVE-2009-3075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3075 [ 131 ] CVE-2009-3076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3076 [ 132 ] CVE-2009-3077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3077 [ 133 ] CVE-2009-3078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3078 [ 134 ] CVE-2009-3079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3079 [ 135 ] CVE-2009-3274 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3274 [ 136 ] CVE-2009-3371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3371 [ 137 ] CVE-2009-3372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3372 [ 138 ] CVE-2009-3373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3373 [ 139 ] CVE-2009-3374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3374 [ 140 ] CVE-2009-3375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3375 [ 141 ] CVE-2009-3376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3376 [ 142 ] CVE-2009-3377 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3377 [ 143 ] CVE-2009-3378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3378 [ 144 ] CVE-2009-3379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3379 [ 145 ] CVE-2009-3380 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3380 [ 146 ] CVE-2009-3381 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3381 [ 147 ] CVE-2009-3382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3382 [ 148 ] CVE-2009-3383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3383 [ 149 ] CVE-2009-3388 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3388 [ 150 ] CVE-2009-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3389 [ 151 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 152 ] CVE-2009-3978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3978 [ 153 ] CVE-2009-3979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3979 [ 154 ] CVE-2009-3980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3980 [ 155 ] CVE-2009-3981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3981 [ 156 ] CVE-2009-3982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3982 [ 157 ] CVE-2009-3983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3983 [ 158 ] CVE-2009-3984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3984 [ 159 ] CVE-2009-3985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3985 [ 160 ] CVE-2009-3986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3986 [ 161 ] CVE-2009-3987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3987 [ 162 ] CVE-2009-3988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3988 [ 163 ] CVE-2010-0159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0159 [ 164 ] CVE-2010-0160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0160 [ 165 ] CVE-2010-0162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0162 [ 166 ] CVE-2010-0163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0163 [ 167 ] CVE-2010-0164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0164 [ 168 ] CVE-2010-0165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0165 [ 169 ] CVE-2010-0166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0166 [ 170 ] CVE-2010-0167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167 [ 171 ] CVE-2010-0167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0167 [ 172 ] CVE-2010-0168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0168 [ 173 ] CVE-2010-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169 [ 174 ] CVE-2010-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0169 [ 175 ] CVE-2010-0170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0170 [ 176 ] CVE-2010-0171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171 [ 177 ] CVE-2010-0171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0171 [ 178 ] CVE-2010-0172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0172 [ 179 ] CVE-2010-0173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0173 [ 180 ] CVE-2010-0174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174 [ 181 ] CVE-2010-0174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0174 [ 182 ] CVE-2010-0175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175 [ 183 ] CVE-2010-0175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0175 [ 184 ] CVE-2010-0176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176 [ 185 ] CVE-2010-0176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0176 [ 186 ] CVE-2010-0177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0177 [ 187 ] CVE-2010-0178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0178 [ 188 ] CVE-2010-0179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0179 [ 189 ] CVE-2010-0181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0181 [ 190 ] CVE-2010-0182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0182 [ 191 ] CVE-2010-0183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0183 [ 192 ] CVE-2010-0220 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0220 [ 193 ] CVE-2010-0648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0648 [ 194 ] CVE-2010-0654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0654 [ 195 ] CVE-2010-1028 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1028 [ 196 ] CVE-2010-1121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1121 [ 197 ] CVE-2010-1125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1125 [ 198 ] CVE-2010-1196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1196 [ 199 ] CVE-2010-1197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1197 [ 200 ] CVE-2010-1198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1198 [ 201 ] CVE-2010-1199 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1199 [ 202 ] CVE-2010-1200 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1200 [ 203 ] CVE-2010-1201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1201 [ 204 ] CVE-2010-1202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1202 [ 205 ] CVE-2010-1203 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1203 [ 206 ] CVE-2010-1205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205 [ 207 ] CVE-2010-1206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1206 [ 208 ] CVE-2010-1207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1207 [ 209 ] CVE-2010-1208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1208 [ 210 ] CVE-2010-1209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1209 [ 211 ] CVE-2010-1210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1210 [ 212 ] CVE-2010-1211 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1211 [ 213 ] CVE-2010-1212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1212 [ 214 ] CVE-2010-1213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1213 [ 215 ] CVE-2010-1214 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1214 [ 216 ] CVE-2010-1215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1215 [ 217 ] CVE-2010-1585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1585 [ 218 ] CVE-2010-2751 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2751 [ 219 ] CVE-2010-2752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2752 [ 220 ] CVE-2010-2753 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2753 [ 221 ] CVE-2010-2754 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2754 [ 222 ] CVE-2010-2755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2755 [ 223 ] CVE-2010-2760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2760 [ 224 ] CVE-2010-2762 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2762 [ 225 ] CVE-2010-2763 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2763 [ 226 ] CVE-2010-2764 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2764 [ 227 ] CVE-2010-2765 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2765 [ 228 ] CVE-2010-2766 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2766 [ 229 ] CVE-2010-2767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2767 [ 230 ] CVE-2010-2768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2768 [ 231 ] CVE-2010-2769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2769 [ 232 ] CVE-2010-2770 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2770 [ 233 ] CVE-2010-3131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3131 [ 234 ] CVE-2010-3166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3166 [ 235 ] CVE-2010-3167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3167 [ 236 ] CVE-2010-3168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3168 [ 237 ] CVE-2010-3169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3169 [ 238 ] CVE-2010-3170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3170 [ 239 ] CVE-2010-3171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3171 [ 240 ] CVE-2010-3173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3173 [ 241 ] CVE-2010-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3174 [ 242 ] CVE-2010-3175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3175 [ 243 ] CVE-2010-3176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3176 [ 244 ] CVE-2010-3177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3177 [ 245 ] CVE-2010-3178 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3178 [ 246 ] CVE-2010-3179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3179 [ 247 ] CVE-2010-3180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3180 [ 248 ] CVE-2010-3182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3182 [ 249 ] CVE-2010-3183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3183 [ 250 ] CVE-2010-3399 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3399 [ 251 ] CVE-2010-3400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3400 [ 252 ] CVE-2010-3765 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3765 [ 253 ] CVE-2010-3766 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3766 [ 254 ] CVE-2010-3767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3767 [ 255 ] CVE-2010-3768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3768 [ 256 ] CVE-2010-3769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3769 [ 257 ] CVE-2010-3770 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3770 [ 258 ] CVE-2010-3771 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3771 [ 259 ] CVE-2010-3772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3772 [ 260 ] CVE-2010-3773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3773 [ 261 ] CVE-2010-3774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3774 [ 262 ] CVE-2010-3775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3775 [ 263 ] CVE-2010-3776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3776 [ 264 ] CVE-2010-3777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3777 [ 265 ] CVE-2010-3778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3778 [ 266 ] CVE-2010-4508 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4508 [ 267 ] CVE-2010-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5074 [ 268 ] CVE-2011-0051 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0051 [ 269 ] CVE-2011-0053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0053 [ 270 ] CVE-2011-0054 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0054 [ 271 ] CVE-2011-0055 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0055 [ 272 ] CVE-2011-0056 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0056 [ 273 ] CVE-2011-0057 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0057 [ 274 ] CVE-2011-0058 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0058 [ 275 ] CVE-2011-0059 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0059 [ 276 ] CVE-2011-0061 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0061 [ 277 ] CVE-2011-0062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0062 [ 278 ] CVE-2011-0065 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0065 [ 279 ] CVE-2011-0066 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0066 [ 280 ] CVE-2011-0067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0067 [ 281 ] CVE-2011-0068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0068 [ 282 ] CVE-2011-0069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0069 [ 283 ] CVE-2011-0070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0070 [ 284 ] CVE-2011-0071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0071 [ 285 ] CVE-2011-0072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0072 [ 286 ] CVE-2011-0073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0073 [ 287 ] CVE-2011-0074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0074 [ 288 ] CVE-2011-0075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0075 [ 289 ] CVE-2011-0076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0076 [ 290 ] CVE-2011-0077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0077 [ 291 ] CVE-2011-0078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0078 [ 292 ] CVE-2011-0079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0079 [ 293 ] CVE-2011-0080 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0080 [ 294 ] CVE-2011-0081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0081 [ 295 ] CVE-2011-0082 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0082 [ 296 ] CVE-2011-0083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0083 [ 297 ] CVE-2011-0084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0084 [ 298 ] CVE-2011-0085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0085 [ 299 ] CVE-2011-1187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1187 [ 300 ] CVE-2011-1202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1202 [ 301 ] CVE-2011-1712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1712 [ 302 ] CVE-2011-2362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2362 [ 303 ] CVE-2011-2363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2363 [ 304 ] CVE-2011-2364 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2364 [ 305 ] CVE-2011-2365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2365 [ 306 ] CVE-2011-2369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2369 [ 307 ] CVE-2011-2370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2370 [ 308 ] CVE-2011-2371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2371 [ 309 ] CVE-2011-2372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2372 [ 310 ] CVE-2011-2373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2373 [ 311 ] CVE-2011-2374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2374 [ 312 ] CVE-2011-2375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2375 [ 313 ] CVE-2011-2376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2376 [ 314 ] CVE-2011-2377 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2377 [ 315 ] CVE-2011-2378 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2378 [ 316 ] CVE-2011-2605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2605 [ 317 ] CVE-2011-2980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2980 [ 318 ] CVE-2011-2981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2981 [ 319 ] CVE-2011-2982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2982 [ 320 ] CVE-2011-2983 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2983 [ 321 ] CVE-2011-2984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2984 [ 322 ] CVE-2011-2985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2985 [ 323 ] CVE-2011-2986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2986 [ 324 ] CVE-2011-2987 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2987 [ 325 ] CVE-2011-2988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2988 [ 326 ] CVE-2011-2989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2989 [ 327 ] CVE-2011-2990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2990 [ 328 ] CVE-2011-2991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2991 [ 329 ] CVE-2011-2993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2993 [ 330 ] CVE-2011-2995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2995 [ 331 ] CVE-2011-2996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2996 [ 332 ] CVE-2011-2997 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2997 [ 333 ] CVE-2011-2998 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2998 [ 334 ] CVE-2011-2999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2999 [ 335 ] CVE-2011-3000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3000 [ 336 ] CVE-2011-3001 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3001 [ 337 ] CVE-2011-3002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3002 [ 338 ] CVE-2011-3003 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3003 [ 339 ] CVE-2011-3004 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3004 [ 340 ] CVE-2011-3005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3005 [ 341 ] CVE-2011-3026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026 [ 342 ] CVE-2011-3062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3062 [ 343 ] CVE-2011-3232 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3232 [ 344 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 345 ] CVE-2011-3640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3640 [ 346 ] CVE-2011-3647 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3647 [ 347 ] CVE-2011-3648 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3648 [ 348 ] CVE-2011-3649 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3649 [ 349 ] CVE-2011-3650 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3650 [ 350 ] CVE-2011-3651 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3651 [ 351 ] CVE-2011-3652 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3652 [ 352 ] CVE-2011-3653 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3653 [ 353 ] CVE-2011-3654 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3654 [ 354 ] CVE-2011-3655 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3655 [ 355 ] CVE-2011-3658 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3658 [ 356 ] CVE-2011-3659 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3659 [ 357 ] CVE-2011-3660 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3660 [ 358 ] CVE-2011-3661 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3661 [ 359 ] CVE-2011-3663 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3663 [ 360 ] CVE-2011-3665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3665 [ 361 ] CVE-2011-3670 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3670 [ 362 ] CVE-2011-3866 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3866 [ 363 ] CVE-2011-4688 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4688 [ 364 ] CVE-2012-0441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0441 [ 365 ] CVE-2012-0442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0442 [ 366 ] CVE-2012-0443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0443 [ 367 ] CVE-2012-0444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0444 [ 368 ] CVE-2012-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0445 [ 369 ] CVE-2012-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0446 [ 370 ] CVE-2012-0447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0447 [ 371 ] CVE-2012-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0449 [ 372 ] CVE-2012-0450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0450 [ 373 ] CVE-2012-0451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0451 [ 374 ] CVE-2012-0452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0452 [ 375 ] CVE-2012-0455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0455 [ 376 ] CVE-2012-0456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0456 [ 377 ] CVE-2012-0457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0457 [ 378 ] CVE-2012-0458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0458 [ 379 ] CVE-2012-0459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0459 [ 380 ] CVE-2012-0460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0460 [ 381 ] CVE-2012-0461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0461 [ 382 ] CVE-2012-0462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0462 [ 383 ] CVE-2012-0463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0463 [ 384 ] CVE-2012-0464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0464 [ 385 ] CVE-2012-0467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0467 [ 386 ] CVE-2012-0468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0468 [ 387 ] CVE-2012-0469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0469 [ 388 ] CVE-2012-0470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0470 [ 389 ] CVE-2012-0471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0471 [ 390 ] CVE-2012-0473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0473 [ 391 ] CVE-2012-0474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0474 [ 392 ] CVE-2012-0475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0475 [ 393 ] CVE-2012-0477 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0477 [ 394 ] CVE-2012-0478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0478 [ 395 ] CVE-2012-0479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0479 [ 396 ] CVE-2012-1937 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1937 [ 397 ] CVE-2012-1938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1938 [ 398 ] CVE-2012-1939 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1939 [ 399 ] CVE-2012-1940 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1940 [ 400 ] CVE-2012-1941 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1941 [ 401 ] CVE-2012-1945 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1945 [ 402 ] CVE-2012-1946 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1946 [ 403 ] CVE-2012-1947 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1947 [ 404 ] CVE-2012-1948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1948 [ 405 ] CVE-2012-1949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1949 [ 406 ] CVE-2012-1950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1950 [ 407 ] CVE-2012-1951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1951 [ 408 ] CVE-2012-1952 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1952 [ 409 ] CVE-2012-1953 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1953 [ 410 ] CVE-2012-1954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1954 [ 411 ] CVE-2012-1955 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1955 [ 412 ] CVE-2012-1956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1956 [ 413 ] CVE-2012-1957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1957 [ 414 ] CVE-2012-1958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1958 [ 415 ] CVE-2012-1959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1959 [ 416 ] CVE-2012-1960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1960 [ 417 ] CVE-2012-1961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1961 [ 418 ] CVE-2012-1962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1962 [ 419 ] CVE-2012-1963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1963 [ 420 ] CVE-2012-1964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1964 [ 421 ] CVE-2012-1965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1965 [ 422 ] CVE-2012-1966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1966 [ 423 ] CVE-2012-1967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1967 [ 424 ] CVE-2012-1970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1970 [ 425 ] CVE-2012-1971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1971 [ 426 ] CVE-2012-1972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1972 [ 427 ] CVE-2012-1973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1973 [ 428 ] CVE-2012-1974 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1974 [ 429 ] CVE-2012-1975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1975 [ 430 ] CVE-2012-1976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1976 [ 431 ] CVE-2012-1994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1994 [ 432 ] CVE-2012-3956 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3956 [ 433 ] CVE-2012-3957 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3957 [ 434 ] CVE-2012-3958 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3958 [ 435 ] CVE-2012-3959 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3959 [ 436 ] CVE-2012-3960 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3960 [ 437 ] CVE-2012-3961 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3961 [ 438 ] CVE-2012-3962 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3962 [ 439 ] CVE-2012-3963 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3963 [ 440 ] CVE-2012-3964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3964 [ 441 ] CVE-2012-3965 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3965 [ 442 ] CVE-2012-3966 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3966 [ 443 ] CVE-2012-3967 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3967 [ 444 ] CVE-2012-3968 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3968 [ 445 ] CVE-2012-3969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3969 [ 446 ] CVE-2012-3970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3970 [ 447 ] CVE-2012-3971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3971 [ 448 ] CVE-2012-3972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3972 [ 449 ] CVE-2012-3973 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3973 [ 450 ] CVE-2012-3975 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3975 [ 451 ] CVE-2012-3976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3976 [ 452 ] CVE-2012-3977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3977 [ 453 ] CVE-2012-3978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3978 [ 454 ] CVE-2012-3980 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3980 [ 455 ] CVE-2012-3982 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3982 [ 456 ] CVE-2012-3984 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3984 [ 457 ] CVE-2012-3985 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3985 [ 458 ] CVE-2012-3986 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3986 [ 459 ] CVE-2012-3988 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3988 [ 460 ] CVE-2012-3989 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3989 [ 461 ] CVE-2012-3990 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3990 [ 462 ] CVE-2012-3991 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3991 [ 463 ] CVE-2012-3992 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3992 [ 464 ] CVE-2012-3993 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3993 [ 465 ] CVE-2012-3994 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3994 [ 466 ] CVE-2012-3995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3995 [ 467 ] CVE-2012-4179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4179 [ 468 ] CVE-2012-4180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4180 [ 469 ] CVE-2012-4181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4181 [ 470 ] CVE-2012-4182 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4182 [ 471 ] CVE-2012-4183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4183 [ 472 ] CVE-2012-4184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4184 [ 473 ] CVE-2012-4185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4185 [ 474 ] CVE-2012-4186 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4186 [ 475 ] CVE-2012-4187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4187 [ 476 ] CVE-2012-4188 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4188 [ 477 ] CVE-2012-4190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4190 [ 478 ] CVE-2012-4191 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4191 [ 479 ] CVE-2012-4192 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4192 [ 480 ] CVE-2012-4193 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4193 [ 481 ] CVE-2012-4194 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4194 [ 482 ] CVE-2012-4195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4195 [ 483 ] CVE-2012-4196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4196 [ 484 ] CVE-2012-4201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4201 [ 485 ] CVE-2012-4202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4202 [ 486 ] CVE-2012-4204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4204 [ 487 ] CVE-2012-4205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4205 [ 488 ] CVE-2012-4206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4206 [ 489 ] CVE-2012-4207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4207 [ 490 ] CVE-2012-4208 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4208 [ 491 ] CVE-2012-4209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4209 [ 492 ] CVE-2012-4210 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4210 [ 493 ] CVE-2012-4212 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4212 [ 494 ] CVE-2012-4215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4215 [ 495 ] CVE-2012-4216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4216 [ 496 ] CVE-2012-5354 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5354 [ 497 ] CVE-2012-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5829 [ 498 ] CVE-2012-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5830 [ 499 ] CVE-2012-5833 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5833 [ 500 ] CVE-2012-5835 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5835 [ 501 ] CVE-2012-5836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5836 [ 502 ] CVE-2012-5838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5838 [ 503 ] CVE-2012-5839 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5839 [ 504 ] CVE-2012-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5840 [ 505 ] CVE-2012-5841 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5841 [ 506 ] CVE-2012-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5842 [ 507 ] CVE-2012-5843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5843 [ 508 ] Firefox Blocking Fraudulent Certificates http://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-c= ertificates/ [ 509 ] Mozilla Foundation Security Advisory 2011-11 http://www.mozilla.org/security/announce/2011/mfsa2011-11.html [ 510 ] Mozilla Foundation Security Advisory 2011-34 http://www.mozilla.org/security/announce/2011/mfsa2011-34.html Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201301-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Secunia is hiring! http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Mozilla Firefox / SeaMonkey Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44357 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44357/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44357 RELEASE DATE: 2011-04-30 DISCUSS ADVISORY: http://secunia.com/advisories/44357/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44357/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44357 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Mozilla Firefox and Mozilla SeaMonkey, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose sensitive information and compromise a user's system. 4) An error within the Java Embedding Plugin (JEP) can be exploited to gain escalated privileges. This vulnerability only affects the Mac OS X versions. This vulnerability only affects the Windows versions. NOTE: A weakness in libxslt, which could lead to disclosure of heap addresses has also been reported. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Scoobidiver, Alcidion, Ian Beer, Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren and Jesse Ruderman, Aki Helin, and Martin Barbella. 2) regenrecht via ZDI. 3) Paul Stone. 4) David Remahl, Apple Product Security. 5) Soroush Dalili ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2011/mfsa2011-12.html http://www.mozilla.org/security/announce/2011/mfsa2011-13.html http://www.mozilla.org/security/announce/2011/mfsa2011-14.html http://www.mozilla.org/security/announce/2011/mfsa2011-15.html http://www.mozilla.org/security/announce/2011/mfsa2011-16.html http://www.mozilla.org/security/announce/2011/mfsa2011-18.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 6.0 before 6.0.200.0, 7.0 before 7.0.98.216, and 7.0.1xx before 7.0.112.0 allows remote attackers to cause a denial of service (device reload) via a sequence of ICMP packets, aka Bug ID CSCth74426. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. This issue is tracked by Cisco Bug ID CSCth74426. http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&amp;bugId=CSCsq24002. Cisco has released free software updates that address this vulnerability. There are no available workarounds to mitigate this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110427-wlc.shtml. Affected Products ================= Vulnerable Products +------------------ This vulnerability affects Cisco WLC software versions 6.0 and later. The following products are affected by the vulnerability described in this Security Advisory: * Cisco 2100 Series Wireless LAN Controllers * Cisco WLC526 Mobility Express Controller (AIR-WLC526-K9) * Cisco NME-AIR-WLC Modules for Integrated Services Routers (ISRs) * Cisco NM-AIR-WLC Modules for Integrated Services Routers (ISRs) Note: The Cisco NM-AIR-WLC have reached End-of-Life and End-of-Software Maintenance. Please refer to the following document for more information: http://www.cisco.com/en/US/prod/collateral/modules/ps2797/prod_end-of-life_notice0900aecd806aeb34.html Determination of Software Versions +--------------------------------- Administrators can use these instructions to determine the software version that is running on a Cisco WLC using the web or command-line interface or on a Cisco WiSM (using commands on a Cisco Catalyst 6500 Series Switch and Cisco 7600 Series Router). Cisco Wireless Controllers +------------------------- To determine the WLC version that is running in a given environment, use one of the following methods: * In the web interface, choose the "Monitor" tab, click "Summary" in the left pane, and note the "Software Version" field. Note: Customers who use a Cisco WLC Module in an ISR will need to issue the "service-module wlan-controller <slot/port>" session command prior to performing the next step on the command line. Customers who use a Cisco Catalyst 3750G Switch with an integrated WLC Module will need to issue the "session <Stack-Member-Number> processor 1 session" command prior to performing the next step on the command line. * From the command-line interface, type "show sysinfo" and note the "Product Version" field, as shown in this example: (Cisco Controller)> show sysinfo Manufacturer's Name.. Cisco Systems Inc. Product Name......... Cisco Controller Product Version...... 5.1.151.0 RTOS Version......... Linux-2.6.10_mvl401 Bootloader Version... 4.0.207.0 Build Type........... DATA + WPS <output suppressed> Cisco WiSMs +---------- Use the "show wism module <module number> controller 1 status" command on Cisco Catalyst 6500 Series Switch and Cisco 7600 Series Routers that have a WiSM installed. Note the software version as demonstrated in this example, which shows version 5.1.151.0: Router# show wism module 3 controller 1 status WiSM Controller 1 in Slot 3 Operational Status of the Controller : Oper-Up Service VLAN : 192 Service Port : 10 Service Port Mac Address : 0011.92ff.8742 Service IP Address : 192.168.10.1 Management IP Address : 192.168.1.123 Software Version : 5.1.151.0 Port Channel Number : 288 Allowed vlan list : 30,40 Native VLAN ID : 40 WCP Keep Alive Missed : 0 Products Confirmed Not Vulnerable +-------------------------------- The following Cisco Wireless LAN Controllers are not affected by this vulnerability: * Cisco 2000 Series WLCs * Cisco 2500 Series WLCs * Cisco 4100 Series WLCs * Cisco 4400 Series WLCs * Cisco Catalyst 3750G Integrated WLCs * Cisco 5500 Series WLCs * Cisco Wireless Services Modules (WiSMs, both WiSM and WiSM2) * Cisco Wireless Services Ready Engine (SRE) Modules * Cisco Flex 7500 Series Cloud Controllers No other Cisco products are currently known to be affected by this vulnerability. Details ======= Cisco WLCs and Cisco WiSMs are responsible for system-wide wireless LAN functions, such as security policies, intrusion prevention, RF management, quality of service (QoS), and mobility. These devices communicate with controller-based access points over any Layer 2 (Ethernet) or Layer 3 (IP) infrastructure using the Lightweight Access Point Protocol (LWAPP) and the Control and Provisioning of Wireless Access Points (CAPWAP) protocol. This vulnerability can be exploited from both wired and wireless segments. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCth74426 ("Certain ICMP traffic could cause WLC to crash") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of this vulnerability could cause an affected device to reload. Repeated exploitation could result in a sustained DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. +------------------------------------------------------------+ | Affected Release | First Fixed Release | |------------------------+-----------------------------------| | 4.0 | Not Vulnerable | |------------------------+-----------------------------------| | 4.1 | Not Vulnerable | |------------------------+-----------------------------------| | 4.1 M | Not Vulnerable | |------------------------+-----------------------------------| | 4.2 | Not Vulnerable | |------------------------+-----------------------------------| | 4.2M | Not Vulnerable | |------------------------+-----------------------------------| | 5.0 | Not Vulnerable | |------------------------+-----------------------------------| | 5.1 | Not Vulnerable | |------------------------+-----------------------------------| | 5.2 | Not Vulnerable | |------------------------+-----------------------------------| | 6.0 | 6.0.200.0 | |------------------------+-----------------------------------| | 7.0 | 7.0.98.216 and 7.0.112.0 | +------------------------------------------------------------+ Workarounds =========== There are no available workarounds to mitigate this vulnerability. Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was found during internal testing. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110427-wlc.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-April-27 | Initial public release. | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- Updated: Apr 27, 2011 Document ID: 112916 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iF4EAREIAAYFAk24NE8ACgkQQXnnBKKRMNA3AgD/Ritp5wJIc3B4+GSD22Ki4ZvI +qaHRaFYQ+KWAD4T0H0A/1xZGm6w93gius/B+vXt2FeLsMpWs00BuCw247xsD2w8 =SJxE -----END PGP SIGNATURE----- . PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110427-wlc.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor

Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064. The problem is Bug ID CSCtj42064 It is a problem.By a third party (1) f , (2) l Or (3) n Any via parameter SQL The command may be executed. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Call Manager component. The system exposes an Apache webserver which contains a JSP script vulnerable to SQL injection. A remote attacker can abuse this to inject SQL statements to be evaluated by the underlying database. Exploiting this issue could allow an authenticated attacker to compromise the affected device, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID CSCtj42064. A workaround exists only for the SIP DoS vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml. Customers who are using Cisco Unified Communications Manager 5.x versions should contact your Cisco support team for assistance in upgrading to a supported version of Cisco Unified Communications Manager. No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= Cisco Unified Communications Manager is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, VoIP gateways, and multimedia applications. Each vulnerability is triggered by a malformed SIP message that could cause a critical process to fail, resulting in the disruption of voice services. All SIP ports (TCP ports 5060 and 5061 and UDP ports 5060 and 5061) are affected. The first SIP DoS vulnerability is documented in Cisco Bug ID CSCti42904 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2011-1604. An authenticated, remote attacker with the ability to intercept a packet to the affected device could specify a different location or filename, which may result in the upload of a malicious file. * The second vulnerability could allow an unauthenticated, remote attacker to modify system configuration; create, modify, and delete users; or modify the configuration of Cisco Unified Communications Manager. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCth39586 ("Core dump when processing certain SIP packets") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtg62855 ("Core dump when processing certain SIP packets") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCti42904 ("Memory leak may be experienced when processing certain SIP packets") CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCti81603 ("Cisco Unified Reporting fails to prohibit uploading of files") CVSS Base Score - 6.5 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Partial Integrity Impact - Partial Availability Impact - Partial CVSS Temporal Score - 5.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtg85647 ("Database Security Issue") CVSS Base Score - 8.5 Access Vector - Network Access Complexity - Medium Authentication - Single Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 7.0 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtj42064 ("Potential SQL Injection") CVSS Base Score - 6.4 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Partial Integrity Impact - Partial Availability Impact - None CVSS Temporal Score - 5.3 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerabilities that are described in this advisory could result in the interruption of voice services, privilege escalation and possible data modification. In the case of DoS attacks, the affect Cisco Unified Communications Manager processes will restart, but repeated attacks may result in a sustained DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. +------------------------------------------------------------+ | Cisco Unified Communications Manager | Recommended | | Version | Releases | |----------------------------------------+-------------------| | 6.x | 6.1(5)SU3 | |----------------------------------------+-------------------| | 7.x | 7.1(5b)SU4 | |----------------------------------------+-------------------| | 8.0 | 8.0(3a)SU2 | |----------------------------------------+-------------------| | 8.5 | 8.5(1)SU1 | +------------------------------------------------------------+ Note: The 7.1(5b)SU4 release of Cisco Unified Communications Manager is expected to be available by the end of April 2011. Workarounds =========== A workaround exists only for the SIP DoS vulnerabilities. Cisco Unified Communications Manager versions 6.1(4), 7.1(2), and 8.0(1) introduced the ability to disable SIP processing. SIP processing is enabled by default. Customers who do not use SIP processing can use the following instructions to disable SIP processing: * Step 1: Log into the Cisco Unified Communications Manager Administration web interface. * Step 3: Change the "SIP Interoperability Enabled" parameter to False, and click "Save". Note: For a SIP processing change to take effect, the Cisco CallManager Service must be restarted. For information on how to restart the service, refer to the "Restarting the Cisco CallManager Service" section of the document at the following location: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/7_1_2/ccmcfg/b03dpi.html#wp1075124 It is possible to mitigate these vulnerabilities by implementing filtering on screening devices and permitting access to TCP ports 5060 and 5061 and UDP ports 5060 and 5061 only from networks that require SIP access to Cisco Unified Communications Manager servers. Additional mitigations that can be deployed on Cisco devices in the network are available in the companion document "Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Unified Communications Manager" which is available at the following location: http://www.cisco.com/warp/public/707/cisco-amb-20110427-cucm.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. The SQL injection vulnerabilities were reported to Cisco by TippingPoint's Zero Day Initiative and Cigital. They were discovered by Alberto Revelli of Cigital, Timothy Morgan of vSecurity, and Sven Taute. The remainder of the vulnerabilities were found during internal testing and during the troubleshooting of customer service requests. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-April-27 | Initial public release. | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- Updated: Apr 27, 2011 Document ID: 112878 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iF4EAREIAAYFAk24OWUACgkQQXnnBKKRMNBV2AD/X+8W04f750Jhcwml1At/ocik C0czE8m8SzjeVsB+jp8A/RxvIh9LqCzAndRTHfz+TBWQ9eIubVSK8656pZdVTOvU =rS2X -----END PGP SIGNATURE----- . 4) An error in Cisco Unified Reporting when uploading files can be exploited to upload malicious files to an arbitrary location via directory traversal sequences in the filename. 5) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited by authenticated users to manipulate SQL queries by injecting arbitrary SQL code. 6) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Please see the vendor's advisory for details on affected versions. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1 - 4) Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. More details can be found at: http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml -- Disclosure Timeline: 2010-11-05 - Vulnerability reported to vendor 2011-04-28 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Sven Taute -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi

The 7T Interactive Graphical SCADA System is an automated monitoring and control system. The IGSS ODBC service component listens to the TCP 20222 port by default. The application layer protocol runs on TCP and reads the initialization message that specifies the subsequent follow-up data volume. The second time the location and data copied to the variable length buffer are read, and the next data parsing can trigger a buffer overflow. An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions

Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603. Cisco Unified Communications Manager Contains a directory traversal vulnerability. Exploiting this issue will allow an attacker to write arbitrary files to locations outside of the application's current directory. This could help the attacker launch further attacks. This issue is tracked by Cisco BugID CSCti81603. A workaround exists only for the SIP DoS vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml. No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= Cisco Unified Communications Manager is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, VoIP gateways, and multimedia applications. Each vulnerability is triggered by a malformed SIP message that could cause a critical process to fail, resulting in the disruption of voice services. All SIP ports (TCP ports 5060 and 5061 and UDP ports 5060 and 5061) are affected. The first SIP DoS vulnerability is documented in Cisco Bug ID CSCti42904 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2011-1604. The second SIP DoS vulnerability is documented in Cisco Bug ID CSCth39586 and has been assigned CVE identifier CVE-2011-1605. The third SIP DoS vulnerability is documented in Cisco Bug ID CSCtg62855 and has been assigned CVE identifier CVE-2011-1606. An authenticated, remote attacker with the ability to intercept a packet to the affected device could specify a different location or filename, which may result in the upload of a malicious file. This vulnerability is documented in Cisco Bug ID CSCti81603 and has been assigned CVE identifier CVE-2011-1607. This vulnerability is documented in Cisco Bug ID CSCtg85647 and has been assigned CVE identifier CVE-2011-1609. * The second vulnerability could allow an unauthenticated, remote attacker to modify system configuration; create, modify, and delete users; or modify the configuration of Cisco Unified Communications Manager. This vulnerability is documented in Cisco Bug ID CSCtj42064 and has been assigned CVE identifier CVE-2011-1610. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCth39586 ("Core dump when processing certain SIP packets") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtg62855 ("Core dump when processing certain SIP packets") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCti42904 ("Memory leak may be experienced when processing certain SIP packets") CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCti81603 ("Cisco Unified Reporting fails to prohibit uploading of files") CVSS Base Score - 6.5 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Partial Integrity Impact - Partial Availability Impact - Partial CVSS Temporal Score - 5.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtg85647 ("Database Security Issue") CVSS Base Score - 8.5 Access Vector - Network Access Complexity - Medium Authentication - Single Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 7.0 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtj42064 ("Potential SQL Injection") CVSS Base Score - 6.4 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Partial Integrity Impact - Partial Availability Impact - None CVSS Temporal Score - 5.3 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerabilities that are described in this advisory could result in the interruption of voice services, privilege escalation and possible data modification. In the case of DoS attacks, the affect Cisco Unified Communications Manager processes will restart, but repeated attacks may result in a sustained DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. Workarounds =========== A workaround exists only for the SIP DoS vulnerabilities. SIP processing is enabled by default. Customers who do not use SIP processing can use the following instructions to disable SIP processing: * Step 1: Log into the Cisco Unified Communications Manager Administration web interface. * Step 3: Change the "SIP Interoperability Enabled" parameter to False, and click "Save". Note: For a SIP processing change to take effect, the Cisco CallManager Service must be restarted. For information on how to restart the service, refer to the "Restarting the Cisco CallManager Service" section of the document at the following location: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/7_1_2/ccmcfg/b03dpi.html#wp1075124 It is possible to mitigate these vulnerabilities by implementing filtering on screening devices and permitting access to TCP ports 5060 and 5061 and UDP ports 5060 and 5061 only from networks that require SIP access to Cisco Unified Communications Manager servers. Additional mitigations that can be deployed on Cisco devices in the network are available in the companion document "Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Unified Communications Manager" which is available at the following location: http://www.cisco.com/warp/public/707/cisco-amb-20110427-cucm.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. The SQL injection vulnerabilities were reported to Cisco by TippingPoint's Zero Day Initiative and Cigital. They were discovered by Alberto Revelli of Cigital, Timothy Morgan of vSecurity, and Sven Taute. The remainder of the vulnerabilities were found during internal testing and during the troubleshooting of customer service requests. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-April-27 | Initial public release. | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. All rights reserved. +-------------------------------------------------------------------- Updated: Apr 27, 2011 Document ID: 112878 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iF4EAREIAAYFAk24OWUACgkQQXnnBKKRMNBV2AD/X+8W04f750Jhcwml1At/ocik C0czE8m8SzjeVsB+jp8A/RxvIh9LqCzAndRTHfz+TBWQ9eIubVSK8656pZdVTOvU =rS2X -----END PGP SIGNATURE----- . 5) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited by authenticated users to manipulate SQL queries by injecting arbitrary SQL code. 6) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Please see the vendor's advisory for details on affected versions. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1 - 4) Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor

Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption and process failure) via a malformed SIP message, aka Bug ID CSCti42904. Cisco Unified Communications Manager Contains a memory leak vulnerability. An attacker can exploit this issue to cause an interruption in voice services, denying service to legitimate users. This issue is documented by Cisco Bug ID CSCti42904. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Manager Document ID: 112878 Advisory ID: cisco-sa-20110427-cucm Revision 1.0 For Public Release 2011 April 27 1600 UTC (GMT) +--------------------------------------------------------------------- Summary ======= Cisco Unified Communications Manager (previously known as Cisco CallManager) contains the following vulnerabilities: * Three (3) denial of service (DoS) vulnerabilities that affect Session Initiation Protocol (SIP) services * Directory transversal vulnerability * Two (2) SQL injection vulnerabilities Cisco has released free software updates for affected Cisco Unified Communications Manager versions to address the vulnerabilities. A workaround exists only for the SIP DoS vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml. No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= Cisco Unified Communications Manager is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, VoIP gateways, and multimedia applications. All SIP ports (TCP ports 5060 and 5061 and UDP ports 5060 and 5061) are affected. An authenticated, remote attacker with the ability to intercept a packet to the affected device could specify a different location or filename, which may result in the upload of a malicious file. * The second vulnerability could allow an unauthenticated, remote attacker to modify system configuration; create, modify, and delete users; or modify the configuration of Cisco Unified Communications Manager. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCth39586 ("Core dump when processing certain SIP packets") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtg62855 ("Core dump when processing certain SIP packets") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCti42904 ("Memory leak may be experienced when processing certain SIP packets") CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCti81603 ("Cisco Unified Reporting fails to prohibit uploading of files") CVSS Base Score - 6.5 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Partial Integrity Impact - Partial Availability Impact - Partial CVSS Temporal Score - 5.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtg85647 ("Database Security Issue") CVSS Base Score - 8.5 Access Vector - Network Access Complexity - Medium Authentication - Single Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 7.0 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtj42064 ("Potential SQL Injection") CVSS Base Score - 6.4 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Partial Integrity Impact - Partial Availability Impact - None CVSS Temporal Score - 5.3 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerabilities that are described in this advisory could result in the interruption of voice services, privilege escalation and possible data modification. In the case of DoS attacks, the affect Cisco Unified Communications Manager processes will restart, but repeated attacks may result in a sustained DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. Workarounds =========== A workaround exists only for the SIP DoS vulnerabilities. SIP processing is enabled by default. Customers who do not use SIP processing can use the following instructions to disable SIP processing: * Step 1: Log into the Cisco Unified Communications Manager Administration web interface. * Step 3: Change the "SIP Interoperability Enabled" parameter to False, and click "Save". Note: For a SIP processing change to take effect, the Cisco CallManager Service must be restarted. For information on how to restart the service, refer to the "Restarting the Cisco CallManager Service" section of the document at the following location: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/7_1_2/ccmcfg/b03dpi.html#wp1075124 It is possible to mitigate these vulnerabilities by implementing filtering on screening devices and permitting access to TCP ports 5060 and 5061 and UDP ports 5060 and 5061 only from networks that require SIP access to Cisco Unified Communications Manager servers. Additional mitigations that can be deployed on Cisco devices in the network are available in the companion document "Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Unified Communications Manager" which is available at the following location: http://www.cisco.com/warp/public/707/cisco-amb-20110427-cucm.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. The SQL injection vulnerabilities were reported to Cisco by TippingPoint's Zero Day Initiative and Cigital. They were discovered by Alberto Revelli of Cigital, Timothy Morgan of vSecurity, and Sven Taute. The remainder of the vulnerabilities were found during internal testing and during the troubleshooting of customer service requests. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-April-27 | Initial public release. | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- Updated: Apr 27, 2011 Document ID: 112878 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iF4EAREIAAYFAk24OWUACgkQQXnnBKKRMNBV2AD/X+8W04f750Jhcwml1At/ocik C0czE8m8SzjeVsB+jp8A/RxvIh9LqCzAndRTHfz+TBWQ9eIubVSK8656pZdVTOvU =rS2X -----END PGP SIGNATURE----- . 4) An error in Cisco Unified Reporting when uploading files can be exploited to upload malicious files to an arbitrary location via directory traversal sequences in the filename. 5) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited by authenticated users to manipulate SQL queries by injecting arbitrary SQL code. 6) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Please see the vendor's advisory for details on affected versions. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1 - 4) Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor

Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su2, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCth39586. The problem is Bug ID CSCth39586 It is a problem.Unauthorized by a third party SIP Service disruption via message ( Process failure ) There is a possibility of being put into a state. An attacker can exploit this issue to cause an interruption in voice services, denying service to legitimate users. This issue is documented by Cisco Bug ID CSCth39586. A workaround exists only for the SIP DoS vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml. No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= Cisco Unified Communications Manager is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, VoIP gateways, and multimedia applications. All SIP ports (TCP ports 5060 and 5061 and UDP ports 5060 and 5061) are affected. An authenticated, remote attacker with the ability to intercept a packet to the affected device could specify a different location or filename, which may result in the upload of a malicious file. * The second vulnerability could allow an unauthenticated, remote attacker to modify system configuration; create, modify, and delete users; or modify the configuration of Cisco Unified Communications Manager. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCth39586 ("Core dump when processing certain SIP packets") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtg62855 ("Core dump when processing certain SIP packets") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCti42904 ("Memory leak may be experienced when processing certain SIP packets") CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCti81603 ("Cisco Unified Reporting fails to prohibit uploading of files") CVSS Base Score - 6.5 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Partial Integrity Impact - Partial Availability Impact - Partial CVSS Temporal Score - 5.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtg85647 ("Database Security Issue") CVSS Base Score - 8.5 Access Vector - Network Access Complexity - Medium Authentication - Single Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 7.0 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtj42064 ("Potential SQL Injection") CVSS Base Score - 6.4 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Partial Integrity Impact - Partial Availability Impact - None CVSS Temporal Score - 5.3 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerabilities that are described in this advisory could result in the interruption of voice services, privilege escalation and possible data modification. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. Workarounds =========== A workaround exists only for the SIP DoS vulnerabilities. SIP processing is enabled by default. Customers who do not use SIP processing can use the following instructions to disable SIP processing: * Step 1: Log into the Cisco Unified Communications Manager Administration web interface. * Step 3: Change the "SIP Interoperability Enabled" parameter to False, and click "Save". Note: For a SIP processing change to take effect, the Cisco CallManager Service must be restarted. For information on how to restart the service, refer to the "Restarting the Cisco CallManager Service" section of the document at the following location: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/7_1_2/ccmcfg/b03dpi.html#wp1075124 It is possible to mitigate these vulnerabilities by implementing filtering on screening devices and permitting access to TCP ports 5060 and 5061 and UDP ports 5060 and 5061 only from networks that require SIP access to Cisco Unified Communications Manager servers. Additional mitigations that can be deployed on Cisco devices in the network are available in the companion document "Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Unified Communications Manager" which is available at the following location: http://www.cisco.com/warp/public/707/cisco-amb-20110427-cucm.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. The SQL injection vulnerabilities were reported to Cisco by TippingPoint's Zero Day Initiative and Cigital. They were discovered by Alberto Revelli of Cigital, Timothy Morgan of vSecurity, and Sven Taute. The remainder of the vulnerabilities were found during internal testing and during the troubleshooting of customer service requests. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-April-27 | Initial public release. | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- Updated: Apr 27, 2011 Document ID: 112878 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iF4EAREIAAYFAk24OWUACgkQQXnnBKKRMNBV2AD/X+8W04f750Jhcwml1At/ocik C0czE8m8SzjeVsB+jp8A/RxvIh9LqCzAndRTHfz+TBWQ9eIubVSK8656pZdVTOvU =rS2X -----END PGP SIGNATURE----- . 4) An error in Cisco Unified Reporting when uploading files can be exploited to upload malicious files to an arbitrary location via directory traversal sequences in the filename. 5) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited by authenticated users to manipulate SQL queries by injecting arbitrary SQL code. 6) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Please see the vendor's advisory for details on affected versions. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1 - 4) Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor

Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtg62855. The problem is Bug ID CSCtg62855 It is a problem.Unauthorized by a third party SIP Service disruption via message ( Process failure ) There is a possibility of being put into a state. An attacker can exploit this issue to cause an interruption in voice services, denying service to legitimate users. This issue is documented by Cisco Bug ID CSCtg62855. A workaround exists only for the SIP DoS vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml. No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= Cisco Unified Communications Manager is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, VoIP gateways, and multimedia applications. All SIP ports (TCP ports 5060 and 5061 and UDP ports 5060 and 5061) are affected. An authenticated, remote attacker with the ability to intercept a packet to the affected device could specify a different location or filename, which may result in the upload of a malicious file. * The second vulnerability could allow an unauthenticated, remote attacker to modify system configuration; create, modify, and delete users; or modify the configuration of Cisco Unified Communications Manager. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCth39586 ("Core dump when processing certain SIP packets") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtg62855 ("Core dump when processing certain SIP packets") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCti42904 ("Memory leak may be experienced when processing certain SIP packets") CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCti81603 ("Cisco Unified Reporting fails to prohibit uploading of files") CVSS Base Score - 6.5 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Partial Integrity Impact - Partial Availability Impact - Partial CVSS Temporal Score - 5.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtg85647 ("Database Security Issue") CVSS Base Score - 8.5 Access Vector - Network Access Complexity - Medium Authentication - Single Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 7.0 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtj42064 ("Potential SQL Injection") CVSS Base Score - 6.4 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Partial Integrity Impact - Partial Availability Impact - None CVSS Temporal Score - 5.3 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerabilities that are described in this advisory could result in the interruption of voice services, privilege escalation and possible data modification. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. Workarounds =========== A workaround exists only for the SIP DoS vulnerabilities. SIP processing is enabled by default. Customers who do not use SIP processing can use the following instructions to disable SIP processing: * Step 1: Log into the Cisco Unified Communications Manager Administration web interface. * Step 3: Change the "SIP Interoperability Enabled" parameter to False, and click "Save". Note: For a SIP processing change to take effect, the Cisco CallManager Service must be restarted. For information on how to restart the service, refer to the "Restarting the Cisco CallManager Service" section of the document at the following location: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/7_1_2/ccmcfg/b03dpi.html#wp1075124 It is possible to mitigate these vulnerabilities by implementing filtering on screening devices and permitting access to TCP ports 5060 and 5061 and UDP ports 5060 and 5061 only from networks that require SIP access to Cisco Unified Communications Manager servers. Additional mitigations that can be deployed on Cisco devices in the network are available in the companion document "Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Unified Communications Manager" which is available at the following location: http://www.cisco.com/warp/public/707/cisco-amb-20110427-cucm.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. The SQL injection vulnerabilities were reported to Cisco by TippingPoint's Zero Day Initiative and Cigital. They were discovered by Alberto Revelli of Cigital, Timothy Morgan of vSecurity, and Sven Taute. The remainder of the vulnerabilities were found during internal testing and during the troubleshooting of customer service requests. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-April-27 | Initial public release. | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- Updated: Apr 27, 2011 Document ID: 112878 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iF4EAREIAAYFAk24OWUACgkQQXnnBKKRMNBV2AD/X+8W04f750Jhcwml1At/ocik C0czE8m8SzjeVsB+jp8A/RxvIh9LqCzAndRTHfz+TBWQ9eIubVSK8656pZdVTOvU =rS2X -----END PGP SIGNATURE----- . 4) An error in Cisco Unified Reporting when uploading files can be exploited to upload malicious files to an arbitrary location via directory traversal sequences in the filename. 5) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited by authenticated users to manipulate SQL queries by injecting arbitrary SQL code. 6) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Please see the vendor's advisory for details on affected versions. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1 - 4) Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor

SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647. The problem is Bug ID CSCtg85647 It is a problem.Any user by remote authenticated user SQL The command may be executed. Exploiting this issue could allow an authenticated attacker to compromise the affected device, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID CSCtg85647. A workaround exists only for the SIP DoS vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml. No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= Cisco Unified Communications Manager is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, VoIP gateways, and multimedia applications. Each vulnerability is triggered by a malformed SIP message that could cause a critical process to fail, resulting in the disruption of voice services. All SIP ports (TCP ports 5060 and 5061 and UDP ports 5060 and 5061) are affected. The first SIP DoS vulnerability is documented in Cisco Bug ID CSCti42904 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2011-1604. An authenticated, remote attacker with the ability to intercept a packet to the affected device could specify a different location or filename, which may result in the upload of a malicious file. * The second vulnerability could allow an unauthenticated, remote attacker to modify system configuration; create, modify, and delete users; or modify the configuration of Cisco Unified Communications Manager. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCth39586 ("Core dump when processing certain SIP packets") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtg62855 ("Core dump when processing certain SIP packets") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCti42904 ("Memory leak may be experienced when processing certain SIP packets") CVSS Base Score - 7.1 Access Vector - Network Access Complexity - Medium Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 5.9 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCti81603 ("Cisco Unified Reporting fails to prohibit uploading of files") CVSS Base Score - 6.5 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Partial Integrity Impact - Partial Availability Impact - Partial CVSS Temporal Score - 5.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtg85647 ("Database Security Issue") CVSS Base Score - 8.5 Access Vector - Network Access Complexity - Medium Authentication - Single Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 7.0 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed * CSCtj42064 ("Potential SQL Injection") CVSS Base Score - 6.4 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Partial Integrity Impact - Partial Availability Impact - None CVSS Temporal Score - 5.3 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerabilities that are described in this advisory could result in the interruption of voice services, privilege escalation and possible data modification. In the case of DoS attacks, the affect Cisco Unified Communications Manager processes will restart, but repeated attacks may result in a sustained DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. Workarounds =========== A workaround exists only for the SIP DoS vulnerabilities. SIP processing is enabled by default. Customers who do not use SIP processing can use the following instructions to disable SIP processing: * Step 1: Log into the Cisco Unified Communications Manager Administration web interface. * Step 3: Change the "SIP Interoperability Enabled" parameter to False, and click "Save". Note: For a SIP processing change to take effect, the Cisco CallManager Service must be restarted. For information on how to restart the service, refer to the "Restarting the Cisco CallManager Service" section of the document at the following location: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/7_1_2/ccmcfg/b03dpi.html#wp1075124 It is possible to mitigate these vulnerabilities by implementing filtering on screening devices and permitting access to TCP ports 5060 and 5061 and UDP ports 5060 and 5061 only from networks that require SIP access to Cisco Unified Communications Manager servers. Additional mitigations that can be deployed on Cisco devices in the network are available in the companion document "Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Unified Communications Manager" which is available at the following location: http://www.cisco.com/warp/public/707/cisco-amb-20110427-cucm.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. They were discovered by Alberto Revelli of Cigital, Timothy Morgan of vSecurity, and Sven Taute. The remainder of the vulnerabilities were found during internal testing and during the troubleshooting of customer service requests. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2011-April-27 | Initial public release. | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. +-------------------------------------------------------------------- Copyright 2010-2011 Cisco Systems, Inc. All rights reserved. +-------------------------------------------------------------------- Updated: Apr 27, 2011 Document ID: 112878 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iF4EAREIAAYFAk24OWUACgkQQXnnBKKRMNBV2AD/X+8W04f750Jhcwml1At/ocik C0czE8m8SzjeVsB+jp8A/RxvIh9LqCzAndRTHfz+TBWQ9eIubVSK8656pZdVTOvU =rS2X -----END PGP SIGNATURE----- . 4) An error in Cisco Unified Reporting when uploading files can be exploited to upload malicious files to an arbitrary location via directory traversal sequences in the filename. 5) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited by authenticated users to manipulate SQL queries by injecting arbitrary SQL code. 6) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Please see the vendor's advisory for details on affected versions. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1 - 4) Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor

Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method. Overly long to method bstrFileName argument. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within ISSymbol.ocx ActiveX component. When an overly large string is passed as the 'InternationalOrder' parameter, a heap overflow occurs. This vulnerability can be leveraged to execute code under the context of the user running the browser. InduSoft Web Studio is a powerful and complete graphics control software that includes the various functional modules required to develop Human Machine Interface (HMI), Management Control, Data Acquisition System (SCADA) and embedded control. The Advantech Studio ISSymbol ActiveX control handles boundary errors in the \"InternationalSeparator\" property. The Advantech Studio ISSymbol ActiveX control is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Failed exploit attempts will likely result in denial-of-service conditions. Advantech Studio 6.1 SP6 Build 61.6.01.05 is vulnerable; other versions may also be affected. There are multiple buffer overflow vulnerabilities in InduSoft ISSymbol ActiveX control 6.1 SP6 Build 61.6.01.05 (ISSymbol.ocx 61.6.0.0) and other versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-155 : InduSoft Thin Client ISSymbol InternationalOrder Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-155 August 22, 2012 - -- CVE ID: CVE-2011-0340 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Indusoft - -- Affected Products: Indusoft WebStudio - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12505. - -- Vendor Response: Indusoft has issued an update to correct this vulnerability. More details can be found at: http://www.indusoft.com/hotfixes/hotfixes.php - -- Disclosure Timeline: 2011-10-28 - Vulnerability reported to vendor 2012-08-22 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Alexander Gavrun - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBUDUFHFVtgMGTo1scAQJ1Twf8C0MRiovFv7JVpAgg+lOYT3HW7MYdUKAx /I+4hvkGyeKKCCkvIOkx0y7eSdwp4paxVZAd0WYTfsG0K1h+bBngt6m+3Nicx0Iq YuqyOluJTW4ymXUSwvX8MZ39709DQXEl5yp9JvIX+Dc4WY7TKauGYKIfbb/VRMQq VYgQPhnlv8laGORlVREpu+yrOPdYLbQSucewpaLXd4b8uw1+Kmurjepiil5vxqPD G3fD23i1jGrbg6aX0AlvECo1M12alERft7wjtI21D7VP7G3uBYwiAJ8jxutavMQY Yf5K6rzdbx+96MuFco7aYB49GBQDpMYvWeWur3YEv1GqR7bSotpO1Q== =Yxrq -----END PGP SIGNATURE-----

Race condition in Google Chrome before 11.0.696.57 on Linux and Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to linked lists and a database. (DoS) There are vulnerabilities that can be in a state or are otherwise unaffected.Service disruption by a third party (DoS) You may be put into a state or affected by other details. Google Chrome is prone to multiple vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser, cause denial-of-service conditions, perform spoofing attacks, and bypass the same-origin policy; other attacks may also be possible. Versions prior to Chrome 11.0.696.57 are vulnerable. Google Chrome is a web browser developed by Google (Google)

Google Chrome before 11.0.696.57 does not properly handle DOM id maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers.". Google Chrome is prone to multiple vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser, cause denial-of-service conditions, perform spoofing attacks, and bypass the same-origin policy; other attacks may also be possible. Versions prior to Chrome 11.0.696.57 are vulnerable. Google Chrome is a web browser developed by Google (Google). Versions prior to Google Chrome 11.0.696.57 do not handle DOM id maps correctly. ---------------------------------------------------------------------- The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. Read more and request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45325 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45325/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45325 RELEASE DATE: 2011-07-22 DISCUSS ADVISORY: http://secunia.com/advisories/45325/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45325/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45325 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system. 1) An error within CFNetwork when handling the "text/plain" content type can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An error within CFNetwork when using the NTLM authentication protocol can be exploited to execute arbitrary code by tricking a user into visiting a specially crafted web page. 3) An error exists within CFNetwork when handling SSL certificates, which does not properly verify disabled root certificates. This can lead to certificates signed by the disabled root certificates being validated. 4) An integer overflow error exists within the ColorSync component. For more information see vulnerability #5 in: SA45054 5) An off-by-one error exists within the CoreFoundation framework. For more information see vulnerability #6 in: SA45054 6) An integer overflow error exists in CoreGraphics. For more information see vulnerability #7 in: SA45054 7) An error exists within ICU (International Components for Unicode). For more information see vulnerability #11 in: SA45054 8) An error exists in ImageIO within the handling of TIFF files when handling certain uppercase strings. For more information see vulnerability #9 in: SA45054 9) An error in ImageIO within the handling of CCITT Group 4 encoded TIFF image files can be exploited to cause a heap-based buffer overflow. 10) A use-after-free error within WebKit when handling TIFF images can result in an invalid pointer being dereferenced when a user views a specially crafted web page. 11) An error within libxslt can be exploited to disclose certain addresses from the heap. For more information see vulnerability #2 in: SA43832 12) An off-by-one error within libxml when handling certain XML data can be exploited to cause a heap-based buffer overflow. 13) An error in the "AutoFill web forms" feature can be exploited to disclose certain information from the user's Address Book by tricking a user into visiting a specially crafted web page. 14) A cross-origin error when handling certain fonts in Java Applets can lead to certain text being displayed on other sites. 15) Multiple unspecified errors in the WebKit component can be exploited to corrupt memory. 16) An error within WebKit when handling libxslt configurations can be exploited to create arbitrary files. 17) A cross-origin error when handling Web Workers can lead to certain information being disclosed. 18) A cross-origin error when handling certain URLs containing a username can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. 19) A cross-origin error when handling DOM nodes can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. 20) An error within the handling of DOM history objects can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar. 21) An error within the handling of RSS feeds may lead to arbitrary files from a user's system being sent to a remote server. 22) A weakness in WebKit can lead to remote DNS prefetching For more information see vulnerability #6 in: SA42312 23) A use-after-free error within WebKit when processing MathML markup tags can result in an invalid pointer being dereferenced when a user views a specially crafted web page. 24) An error within WebKit when parsing a frameset element can be exploited to cause a heap-based buffer overflow. 25) A use-after-free error within WebKit when handling XHTML tags can result in an invalid tag pointer being dereferenced when a user views a specially crafted web page. 26) A use-after-free error within WebKit when handling SVG tags can result in an invalid pointer being dereferenced when a user views a specially crafted web page. SOLUTION: Update to version 5.1 or 5.0.6. PROVIDED AND/OR DISCOVERED BY: 10) Juan Pablo Lopez Yacubian via iDefense 4) binaryproof via ZDI 8) Dominic Chell, NGS Secure 23, 25, 26) wushi, team509 via iDefense 24) Jose A. Vazquez via iDefense The vendor credits: 1) Hidetake Jo via Microsoft Vulnerability Research (MSVR) and Neal Poole, Matasano Security 2) Takehiro Takahashi, IBM X-Force Research 3) An anonymous reporter 5) Harry Sintonen 6) Cristian Draghici, Modulo Consulting and Felix Grobert, Google Security Team 7) David Bienvenu, Mozilla 9) Cyril CATTIAUX, Tessi Technologies 11) Chris Evans, Google Chrome Security Team 12) Billy Rios, Google Security Team 13) Florian Rienhardt of BSI, Alex Lambert, and Jeremiah Grossman 14) Joshua Smith, Kaon Interactive 16) Nicolas Gregoire, Agarri 17) Daniel Divricean, divricean.ro 18) Jobert Abma, Online24 19) Sergey Glazunov 20) Jordi Chancel 21) Jason Hullinger 22) Mike Cardwell, Cardwell IT The vendor provides a bundled list of credits for vulnerabilities in #15: * David Weston, Microsoft and Microsoft Vulnerability Research (MSVR) * Yong Li, Research In Motion * SkyLined, Google Chrome Security Team * Abhishek Arya (Inferno), Google Chrome Security Team * Nikita Tarakanov and Alex Bazhanyuk, CISS Research Team * J23 via ZDI * Rob King via ZDI * wushi, team509 via ZDI * wushi of team509 * Adam Barth, Google Chrome Security Team * Richard Keen * An anonymous researcher via ZDI * Rik Cabanier, Adobe Systems * Martin Barbella * Sergey Glazunov * miaubiz * Andreas Kling, Nokia * Marek Majkowski via iDefense * John Knottenbelt, Google ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4808 iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=930 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=931 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=932 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=933 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=934 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-228/ NGS Secure: http://archives.neohapsis.com/archives/bugtraq/2011-07/0034.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences. Google Chrome is prone to multiple vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser, cause denial-of-service conditions, perform spoofing attacks, and bypass the same-origin policy; other attacks may also be possible. Versions prior to Chrome 11.0.696.57 are vulnerable. Google Chrome is a web browser developed by Google (Google). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2245-1 security@debian.org http://www.debian.org/security/ Giuseppe Iuculano May 29, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser Vulnerability : several vulnerabilities Problem type : remote Debian-specific: no CVE ID : CVE-2011-1292 CVE-2011-1293 CVE-2011-1440 CVE-2011-1444 CVE-2011-1797 CVE-2011-1799 Several vulnerabilities were discovered in the Chromium browser. For the stable distribution (squeeze), these problems have been fixed in version 6.0.472.63~r59945-5+squeeze5. For the testing distribution (wheezy), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 11.0.696.68~r84545-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk3iJO4ACgkQNxpp46476apuDACfQjllLVOT84OjL86pa8+JhD5j GWgAmwc7Ei0TYhYaWQZbDmzalYq81pn4 =0RTf -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-12-4 Safari 5.1.1 Safari 5.1.1 is now available and addresses the following: Safari Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista, XP SP2 or later Impact: Visiting a malicious website may cause the execution of arbitrary Javascript in the context of installed Safari Extensions Description: A directory traversal issue existed in the handling of safari-extension:// URLs. Visiting a malicious website may cause execution of arbitrary Javascript in the context of installed Safari Extensions, which may have context-dependent ramifications including files from the user's system being sent to a remote server. CVE-ID CVE-2011-3229 : Aaron Sigel of vtty.com Safari Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.2, OS X Lion Server v10.7.2 Impact: Visiting a malicious website may lead to arbitrary code execution Description: A policy issue existed in the handling of file:// URLs. This issue does not affect Windows systems. CVE-ID CVE-2011-3230 : Aaron Sigel of vtty.com Safari Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Visiting a malicious website may lead to arbitrary code execution Description: An uninitialized memory access issue existed in the handling of SSL certificates. This issue does not affect OS X Lion systems or Windows systems. CVE-ID CVE-2011-3231 : Jason Broccardo of Fermi National Accelerator Laboratory WebKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. CVE-ID CVE-2011-1440 : Jose A. Vazquez of spa-s3c.blogspot.com CVE-2011-2338 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2339 : Cris Neckar of the Google Chrome Security Team CVE-2011-2341 : Apple CVE-2011-2351 : miaubiz CVE-2011-2352 : Apple CVE-2011-2354 : Apple CVE-2011-2356 : Adam Barth and Abhishek Arya of Google Chrome Security Team using AddressSanitizer CVE-2011-2359 : miaubiz CVE-2011-2788 : Mikolaj Malecki of Samsung CVE-2011-2790 : miaubiz CVE-2011-2792 : miaubiz CVE-2011-2797 : miaubiz CVE-2011-2799 : miaubiz CVE-2011-2809 : Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-2811 : Apple CVE-2011-2813 : Cris Neckar of Google Chrome Security Team using AddressSanitizer CVE-2011-2814 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2815 : SkyLined of Google Chrome Security Team CVE-2011-2816 : Apple CVE-2011-2817 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-2818 : Martin Barbella CVE-2011-2820 : Raman Tenneti and Philip Rogers of Google CVE-2011-2823 : SkyLined of Google Chrome Security Team CVE-2011-2827 : miaubiz CVE-2011-2831 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-3232 : Aki Helin of OUSPG CVE-2011-3233 : Sadrul Habib Chowdhury of the Chromium development community, Cris Neckar and Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-3234 : miaubiz CVE-2011-3235 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the Chromium development community, and Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-3236 : Abhishek Arya (Inferno) of Google Chrome Security Team using AddressSanitizer CVE-2011-3237 : Dimitri Glazkov, Kent Tamura, Dominic Cooney of the Chromium development community, and Abhishek Arya (Inferno) of Google Chrome Security Team CVE-2011-3238 : Martin Barbella CVE-2011-3239 : Slawomir Blazek CVE-2011-3241 : Apple WebKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista, XP SP2 or later Impact: A maliciously crafted website may be able to track the URLs that a user visits within a frame Description: A cross-origin issue existed in the handling of the beforeload event. CVE-ID CVE-2011-2800 : Juho Nurminen WebKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of the window.open method. CVE-ID CVE-2011-2805 : Sergey Glazunov WebKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of the document.documentURI property. CVE-ID CVE-2011-2819 : Sergey Glazunov WebKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-origin issue existed in the handling of inactive DOM windows. CVE-ID CVE-2011-3243 : Sergey Glazunov WebKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.2, OS X Lion Server v10.7.2 Impact: In Private Browsing mode, cookies may be set even if "Block cookies" is set to "Always" Description: A logic issue existed in the handling of cookies in Private Browsing mode. This issue does not affect Windows systems. CVE-ID CVE-2011-3242 : John Adamczyk Safari 5.1.1 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/ Safari for OS X Lion v10.7.2 The download file is named: Safari5.1.1Lion.dmg Its SHA-1 digest is: 368113397d35475a0a4d0b0dbf3b31f543cfb4c5 Safari for Mac OS X v10.6.8 The download file is named: Safari5.1.1SnowLeopard.dmg Its SHA-1 digest is: 4c588d86032ab24984b721354748f028b559fb37 Safari for Windows 7, Vista or XP The download file is named: SafariSetup.exe Its SHA-1 digest is: 5a2d3e0c0e601938f1d64d517e6a8199cd563d10 Safari for Windows 7, Vista or XP from the Microsoft Choice Screen The download file is named: Safari_Setup.exe Its SHA-1 digest is: f0094f19b7a6b0a96a4fe6407b0037223ae44b15 Safari+QuickTime for Windows 7, Vista or XP The file is named: SafariQuickTimeSetup.exe Its SHA-1 digest is: 3dbfe52e5be6409d0ad1fcb22e747963e10db218 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJOlLv6AAoJEGnF2JsdZQeeqOUH/RWDBq5xXEegxI+N92+9lB42 J6ZBcO8rrigAhYz59ZJG0NF8VGZI0DSFI+dxC8XeoKfiamvkaZo1lYGLdqWiTkxz 6ODprWbfGVcwFd9rNeCbIc9E5FV0SRbS1xCv+JnrwR2i2raqgAEWc4CpAcH5mgqT 5G2cWhwS8EMUNXZz/C0IjkfNBAjQ2c9BHVHj0Wid5vyXutju3WOcBXwqcbTpNANI NiVHf5ucaRep6110riIYazuCdFLCcwZDaySw2n2ZhelliTz1tpCa7uVoJfZjyeyw xwY/QjLDBTSpUYDTPC//XG7ZswptKHFjrX4KtxD9XTltq5wNGJavJzKf2qa4jrM= =ZXdu -----END PGP SIGNATURE-----

Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Google Chrome is prone to multiple vulnerabilities. Versions prior to Chrome 11.0.696.57 are vulnerable. WebKit is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage. Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition. NOTE: This issue was previously discussed in 48808 (Apple Safari Prior to 5.1 and 5.0.6 Multiple Security Vulnerabilities) but has been given its own record to better document it. Google Chrome is a web browser developed by Google (Google). ---------------------------------------------------------------------- The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. Read more and request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45325 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45325/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45325 RELEASE DATE: 2011-07-22 DISCUSS ADVISORY: http://secunia.com/advisories/45325/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45325/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45325 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system. 1) An error within CFNetwork when handling the "text/plain" content type can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) An error exists within CFNetwork when handling SSL certificates, which does not properly verify disabled root certificates. This can lead to certificates signed by the disabled root certificates being validated. 4) An integer overflow error exists within the ColorSync component. For more information see vulnerability #5 in: SA45054 5) An off-by-one error exists within the CoreFoundation framework. For more information see vulnerability #6 in: SA45054 6) An integer overflow error exists in CoreGraphics. For more information see vulnerability #7 in: SA45054 7) An error exists within ICU (International Components for Unicode). For more information see vulnerability #11 in: SA45054 8) An error exists in ImageIO within the handling of TIFF files when handling certain uppercase strings. For more information see vulnerability #9 in: SA45054 9) An error in ImageIO within the handling of CCITT Group 4 encoded TIFF image files can be exploited to cause a heap-based buffer overflow. 10) A use-after-free error within WebKit when handling TIFF images can result in an invalid pointer being dereferenced when a user views a specially crafted web page. 11) An error within libxslt can be exploited to disclose certain addresses from the heap. For more information see vulnerability #2 in: SA43832 12) An off-by-one error within libxml when handling certain XML data can be exploited to cause a heap-based buffer overflow. 13) An error in the "AutoFill web forms" feature can be exploited to disclose certain information from the user's Address Book by tricking a user into visiting a specially crafted web page. 14) A cross-origin error when handling certain fonts in Java Applets can lead to certain text being displayed on other sites. 15) Multiple unspecified errors in the WebKit component can be exploited to corrupt memory. 16) An error within WebKit when handling libxslt configurations can be exploited to create arbitrary files. 17) A cross-origin error when handling Web Workers can lead to certain information being disclosed. 18) A cross-origin error when handling certain URLs containing a username can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. 19) A cross-origin error when handling DOM nodes can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. 20) An error within the handling of DOM history objects can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar. 21) An error within the handling of RSS feeds may lead to arbitrary files from a user's system being sent to a remote server. 22) A weakness in WebKit can lead to remote DNS prefetching For more information see vulnerability #6 in: SA42312 23) A use-after-free error within WebKit when processing MathML markup tags can result in an invalid pointer being dereferenced when a user views a specially crafted web page. 24) An error within WebKit when parsing a frameset element can be exploited to cause a heap-based buffer overflow. 25) A use-after-free error within WebKit when handling XHTML tags can result in an invalid tag pointer being dereferenced when a user views a specially crafted web page. 26) A use-after-free error within WebKit when handling SVG tags can result in an invalid pointer being dereferenced when a user views a specially crafted web page. SOLUTION: Update to version 5.1 or 5.0.6. PROVIDED AND/OR DISCOVERED BY: 10) Juan Pablo Lopez Yacubian via iDefense 4) binaryproof via ZDI 8) Dominic Chell, NGS Secure 23, 25, 26) wushi, team509 via iDefense 24) Jose A. Vazquez via iDefense The vendor credits: 1) Hidetake Jo via Microsoft Vulnerability Research (MSVR) and Neal Poole, Matasano Security 2) Takehiro Takahashi, IBM X-Force Research 3) An anonymous reporter 5) Harry Sintonen 6) Cristian Draghici, Modulo Consulting and Felix Grobert, Google Security Team 7) David Bienvenu, Mozilla 9) Cyril CATTIAUX, Tessi Technologies 11) Chris Evans, Google Chrome Security Team 12) Billy Rios, Google Security Team 13) Florian Rienhardt of BSI, Alex Lambert, and Jeremiah Grossman 14) Joshua Smith, Kaon Interactive 16) Nicolas Gregoire, Agarri 17) Daniel Divricean, divricean.ro 18) Jobert Abma, Online24 19) Sergey Glazunov 20) Jordi Chancel 21) Jason Hullinger 22) Mike Cardwell, Cardwell IT The vendor provides a bundled list of credits for vulnerabilities in #15: * David Weston, Microsoft and Microsoft Vulnerability Research (MSVR) * Yong Li, Research In Motion * SkyLined, Google Chrome Security Team * Abhishek Arya (Inferno), Google Chrome Security Team * Nikita Tarakanov and Alex Bazhanyuk, CISS Research Team * J23 via ZDI * Rob King via ZDI * wushi, team509 via ZDI * wushi of team509 * Adam Barth, Google Chrome Security Team * Richard Keen * An anonymous researcher via ZDI * Rik Cabanier, Adobe Systems * Martin Barbella * Sergey Glazunov * miaubiz * Andreas Kling, Nokia * Marek Majkowski via iDefense * John Knottenbelt, Google ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4808 iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=930 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=931 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=932 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=933 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=934 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-228/ NGS Secure: http://archives.neohapsis.com/archives/bugtraq/2011-07/0034.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. iDefense Security Advisory 07.20.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 20, 2011 I. BACKGROUND MathML is an XML-based markup language used to describe mathematical operations. It can be embedded inside of HTML and is supported by the WebKit engine. II. DESCRIPTION Remote exploitation of a use-after-free vulnerability in WebKit, as included with multiple vendors' browsers, could allow an attacker to execute arbitrary code with the privileges of the current user. <BR><BR> The vulnerability occurs during the processing of MathML markup tags. Specifically, it is possible to trigger a use-after-free vulnerability when Safari fails to properly release an object. The object's memory is freed; however, a reference to the object remains. When the reference is later used to access the object, this now invalid memory is treated as a valid object and the object's vtable is used to make an indirect function call. This may result in the execution of arbitrary code. III. ANALYSIS Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the user viewing the Web page. An attacker typically accomplishes this via social engineering or injecting content into compromised, trusted sites. After the user visits the malicious Web page, no further user interaction is needed. IV. V. WORKAROUND Disabling JavaScript is an effective workaround for this vulnerability. VI. VENDOR RESPONSE Apple Inc. has released patches which addresses this issue. For more information, consult their advisory at the following URL: http://support.apple.com/kb/HT4808 VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2011-1449 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 12/15/2010 Initial Vendor Notification 12/15/2010 Initial Vendor Reply 07/20/2011 Coordinated Public Disclosure IX. CREDIT This vulnerability was reported to iDefense by wushi of team509. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright © 2011 Verisign Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information

Hitachi Web Server is a web server on Hitachi products. The Hitachi Web Server SSL protocol has errors and can be injected into any plain text. Handling session negotiation makes the TLS protocol wrong, and man-in-the-middle attacks can inject arbitrary clear text before legitimate clients send data. Attackers can exploit this issue to obtain potentially sensitive information that may aid in further attacks. ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Hitachi Web Server Two Vulnerabilities SECUNIA ADVISORY ID: SA44309 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44309/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44309 RELEASE DATE: 2011-04-26 DISCUSS ADVISORY: http://secunia.com/advisories/44309/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44309/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44309 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Hitachi Web Server, which can be exploited by malicious people to disclose sensitive information and manipulate certain data. 1) An error in the SSL protocol can be exploited to insert arbitrary plaintext. This may be related to vulnerability #3 in: SA38776 Please see the vendor's advisory for the list of affected versions. SOLUTION: Apply patches. Please see the vendor's advisory for more information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-006/index.html http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-007/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AT-TFTP is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users. AT-TFTP 1.8 is affected; other versions may also be vulnerable.