VARIoT IoT vulnerabilities database

Unspecified vulnerability in OpenConnect before 2.23 allows remote AnyConnect SSL VPN servers to cause a denial of service (application crash) via a 404 HTTP status code. Openconnect is prone to a denial-of-service vulnerability. OpenConnect is an open client for Cisco AnyConnect VPN. An unspecified vulnerability exists in versions prior to OpenConnect 2.23

Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file. is prone to a local security vulnerability. Cisco Secure Desktop (CSD) is an endpoint security solution that integrates firewall, access control, intrusion prevention, and application control

The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files. Attackers can exploit this issue to overwrite arbitrary files with root privileges. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco AnyConnect VPN Client Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA42093 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42093/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42093 RELEASE DATE: 2010-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/42093/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42093/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42093 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco AnyConnect VPN Client, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is reported in versions prior to 2.3 running on Linux and Mac. SOLUTION: Update to version 2.3. PROVIDED AND/OR DISCOVERED BY: Reported in the description of the OpenConnect client. ORIGINAL ADVISORY: http://www.infradead.org/openconnect.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The document view window in Accela BizSearch Gateway Option has the following vulnerabilities which allow a remote attacker to: * display a fraudulent web page over a legitimate web page * steal cookies stored in browser * place arbitrary cookies into browserA remote attacker could display a fraudulent web page over a legitimate one, steal cookies stored in browser or place arbitrary cookies into browser.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JobServer.exe process which listens by default on several TCP ports above 1024. When parsing a GIOP request, the process trusts a user-supplied 32-bit value and allocates a buffer on the heap. The process then proceeds to copy the string following this value from the packet until it finds a NULL byte. By crafting a specifically sized packet a remote attacker can overflow the buffer and gain code execution under the context of the SYSTEM user. SAP Crystal Reports is a powerful, dynamic, and actionable reporting solution that helps you design, navigate, and visualize report presentations, and deliver reports online or by embedding reports into enterprise applications. Failed exploit attempts will likely crash the application. ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: SAP Crystal Reports Two Vulnerabilities SECUNIA ADVISORY ID: SA41683 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41683/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41683 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41683/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41683/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41683 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in SAP Crystal Reports, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error within CMS.exe when parsing GIOP requests can be exploited to cause a heap-based buffer overflow via a specially crafted packet. 2) A boundary error within JobServer.exe when parsing GIOP requests can be exploited to cause a heap-based buffer overflow via a specially crafted packet. SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SAP: https://websmp130.sap-ag.de/sap/support/notes/1509604 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-195/ http://www.zerodayinitiative.com/advisories/ZDI-10-196/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -- Vendor Response: SAP states: A solution was provided via SAP note 1509604 (https://websmp130.sap-ag.de/sap/support/notes/1509604) -- Disclosure Timeline: 2010-07-20 - Vulnerability reported to vendor 2010-10-12 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * AbdulAziz Hariri * Andrea Micalizzi aka rgod -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi

The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address and a parent's e-mail address, related to parental notification of unapproved e-mail addresses. Mail is prone to a security bypass vulnerability. Mail (also known as Mail.app or Apple Mail) is an email client in the Mac OS X operating system launched by Apple

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. Xpdf is prone to a vulnerability due to an array-indexing error. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious PDF file with an affected application. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application. Packages for 2009.0 are provided as of the Extended Maintenance Program. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFM3Ra0mqjQ0CJFipgRAifRAJ9k+ShgxdVIOXD1cd+oAhpZMhDYsACZAQwN bF7gGtlw9dl5Da13toBE974= =fyOW -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Xpdf Two Vulnerabilities SECUNIA ADVISORY ID: SA41709 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41709/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41709 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41709/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41709/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41709 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Xpdf, which can potentially be exploited by malicious people to compromise a user's system. For more information see vulnerabilities #1 and #2 in: SA41596 SOLUTION: Do not open files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Reported in Poppler by Joel Voss, Leviathan Security Group. ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0751.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201402-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xpdf: User-assisted execution of arbitrary code Date: February 17, 2014 Bugs: #386271 ID: 201402-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in Xpdf could result in execution of arbitrary code. Background ========== Xpdf is an X viewer for PDF files. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/xpdf <= 3.02-r4 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. Please review the CVE identifiers referenced below for details. Impact ====== A context-dependent attacker could execute arbitrary code or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== Gentoo has discontinued support for Xpdf. We recommend that users unmerge Xpdf: # emerge --unmerge "app-text/xpdf" References ========== [ 1 ] CVE-2009-4035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4035 [ 2 ] CVE-2010-3702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3702 [ 3 ] CVE-2010-3704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3704 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201402-17.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . For the stable distribution (lenny), these problems have been fixed in version 3.02-1.4+lenny3. For the upcoming stable distribution (squeeze) and the unstable distribution (sid), these problems don't apply, since xpdf has been patched to use the Poppler PDF library. Upgrade instructions - -------------------- If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Background ========== Poppler is a cross-platform PDF rendering library originally based on Xpdf. =========================================================== Ubuntu Security Notice USN-1005-1 October 19, 2010 poppler vulnerabilities CVE-2010-3702, CVE-2010-3703, CVE-2010-3704 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libpoppler1 0.5.1-0ubuntu7.8 libpoppler1-glib 0.5.1-0ubuntu7.8 Ubuntu 8.04 LTS: libpoppler-glib2 0.6.4-1ubuntu3.5 libpoppler2 0.6.4-1ubuntu3.5 Ubuntu 9.04: libpoppler-glib4 0.10.5-1ubuntu2.6 libpoppler4 0.10.5-1ubuntu2.6 Ubuntu 9.10: libpoppler-glib4 0.12.0-0ubuntu2.3 libpoppler5 0.12.0-0ubuntu2.3 Ubuntu 10.04 LTS: libpoppler-glib4 0.12.4-0ubuntu5.1 libpoppler5 0.12.4-0ubuntu5.1 Ubuntu 10.10: libpoppler-glib5 0.14.3-0ubuntu1.1 libpoppler7 0.14.3-0ubuntu1.1 In general, a standard system update will make all the necessary changes. Details follow: It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.1-0ubuntu7.8.diff.gz Size/MD5: 27259 bedbca4c7d1fbb131e87ac7d01b9ccfb http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.1-0ubuntu7.8.dsc Size/MD5: 2375 9242a34c31aec338034bad41ff0e04fb http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.1.orig.tar.gz Size/MD5: 954930 a136cd731892f4570933034ba97c8704 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.8_amd64.deb Size/MD5: 729804 990c4697220246f06734ec985bf79805 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.8_amd64.deb Size/MD5: 58242 4e17049f4d461125928bd33eb905542e http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.8_amd64.deb Size/MD5: 47402 2e1911778f8d114dc01570a16cc753fa http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.8_amd64.deb Size/MD5: 52998 4dc5f9471611f96ec0bfb5314a527d67 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.8_amd64.deb Size/MD5: 43618 37459b85fdf031fdba6e1b35ea116679 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.8_amd64.deb Size/MD5: 546536 7ad7ef20bd092f9007a0a4f2920d301d http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.8_amd64.deb Size/MD5: 101316 389d8b7bf42dd291ae246bbe5306c66e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.8_i386.deb Size/MD5: 664928 8670a45be74a527aa2381c786d6f499c http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.8_i386.deb Size/MD5: 56038 20fa91b22991fbf8f2855d0019a30066 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.8_i386.deb Size/MD5: 46100 aa511d2877d5a86ee35fb8760168e746 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.8_i386.deb Size/MD5: 51888 e635377fcd0afcc86fb5665f12596940 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.8_i386.deb Size/MD5: 43120 0a299604034207977e6549719e97c3bb http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.8_i386.deb Size/MD5: 505126 546b78451a3db468d906a13c3e461755 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.8_i386.deb Size/MD5: 93028 075e41dd3d3608e7e4a5f682d3ab0d45 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.8_powerpc.deb Size/MD5: 769490 69fe73d00ba079febc5ada96e82cb518 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.8_powerpc.deb Size/MD5: 60272 ef55f2b86d376cfc7f81786fa56f0852 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.8_powerpc.deb Size/MD5: 47556 20725d1ceae67bd27b629bda23ea27aa http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.8_powerpc.deb Size/MD5: 54288 f1652517075e0ea34c6b762e8e1ec6ba http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.8_powerpc.deb Size/MD5: 44890 7ce2dad1bd9962aecd9184b74de80dbd http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.8_powerpc.deb Size/MD5: 552776 7b30e7f41666d93aaa7d3a95537333d8 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.8_powerpc.deb Size/MD5: 105656 6d4c33c8c30e18aba3e5248d19945312 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.8_sparc.deb Size/MD5: 690766 199896329398917fe8f2a37179d02a34 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.8_sparc.deb Size/MD5: 56618 d6fe358f5cdcbc02450e69db342ee8b3 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.8_sparc.deb Size/MD5: 46092 5d19384e2488912b2ba4d98ff39906b7 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.8_sparc.deb Size/MD5: 51360 9b6aaada69d2fd81edbf8a3f1e236256 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.8_sparc.deb Size/MD5: 42362 914f0dfd79b25858ad12ad20c4407905 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.8_sparc.deb Size/MD5: 518396 ccb5b4d7b6a3966174b55e82597d90b8 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.8_sparc.deb Size/MD5: 93880 6343457c99d3fe9e95c65e7f11ed1688 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.6.4-1ubuntu3.5.diff.gz Size/MD5: 22610 e40e61ff8f404dd8c570d7d9d37d3344 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.6.4-1ubuntu3.5.dsc Size/MD5: 1832 5e30251249c773f2fdb94278bf11050c http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.6.4.orig.tar.gz Size/MD5: 1294481 13d12ca4e349574cfbbcf4a9b2b3ae52 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 899230 8fce2b7acfae6b6397caf9caf140a031 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 110018 dfafa5b34781fe749705af443a32d855 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 54810 5febb6077ff4019f33ef36b39d05087b http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 46176 f53d822dbade16249befcf24f503c443 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 25520 85571978f17908b52fde4a635b1a411e http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 146760 9ff80c2dbf2bb811e31e1b66caf6279c http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 201282 909dc624c82bc3c89a0b46ee49fc080f http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 648816 9c4f1dbc90f19b95970d601d05ebf72b http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 78984 ea5c07bc1f8cc794416c93e05b4f4815 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 839500 f428fc3b2317229955ebf3145bd8b1ef http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 102844 5abd270a2f436fd79d5fa021ed0a75a2 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 52354 58e6cec2618c530ae21ca02fb009da06 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 42614 9370944020717ba5be753fe28ab981d0 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 25050 57ac26b842693f33b609ea6d6ced073b http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 143622 9f476e4d71f8693f39e73e76c9a65d3c http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 190086 b40f870abc3aa6f6b8203de269e88d93 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 623310 43c9e0e5063794de8b008a567dd48545 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 73692 d5434601a4e7ef66297888f349217a1f lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 859546 59e85a8660b8972ffac2b9964be303bd http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 103834 2dd93fcfeb085ad2d2ebbf2631b094e9 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 52614 bfa697640e43ddb7314d66f7107e021f http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 43048 f1173347bdf4b450a9058f558a0e98e0 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 24792 2f1a32e1c3062d9ff8ad2bac1a89a5e2 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 145068 e079cb3940740d3866454898c7a635ba http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 191294 c0083aef2f0adfc21064be2f95f6316d http://ports.ubuntu.com/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 637232 bff9ecff5a68a668e00a2c0bab55b290 http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 74708 14d03ac4f0abc79bb2b7696776db9362 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 956836 642c3332a4295161be0729b72f6ccfb0 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 115792 671359d71e699df8ef011ef9b1b97e13 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 58464 118f2e096f121fb43ad8a287335f5892 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 46142 60ec3d227164cb4f52531bf0d0d94a71 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 28862 cf22690c891eaf82c9587faff7e7aec1 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 152744 fef8f36a164ceb3a425882cc697d9cad http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 209554 7c20fafa41749c91709a2c925844cad1 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 683376 5c9e55ebefa5e5dfabbd72787bf5b7bb http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 94454 50f79c3f37ccade2e26ac5f01fedb367 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 859950 ca8b01d58970c27729fb9311f7706611 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 104158 a60feaf9f57f703ae37d4587071e10e3 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 51408 3a832dd5583a5ebdca67fb868b774f46 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 42008 563aa6cce06916284a5bbccc8f9a4a2a http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 23902 dbda45ef43ff352439a2595766a8725f http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 145340 fcacd993458d4e16e4104b1c2fef74b5 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 193258 872f6f3ef8af1a386100f929342c23f3 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 631572 31bc91916469b6fee1e4ed2411b98c70 http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 72984 85a3e42acdf1819c8fc07053cb9012c3 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.10.5-1ubuntu2.6.diff.gz Size/MD5: 22658 46a4434de1013ad6a1aedd7f83f4638e http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.10.5-1ubuntu2.6.dsc Size/MD5: 2319 cb6568c37577a77805a323102daf8cbe http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.10.5.orig.tar.gz Size/MD5: 1516687 125f671a19707861132fb03e73b61184 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 1000762 2511c181edee11136cd95f2fd8f7df4e http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 124320 8e44bb95aaf500ea3f5f2cfeda92c77b http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 64498 433f22fd427b85eda6c6f79c093c7bf4 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 51136 3fce9dd192f7cf72beb2a462b78a045f http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 26084 40b1eb43d7c31c344ee807f67b56405a http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 166096 856ebcf506dfe1e6f73a16d039683576 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 235030 001590442c32e9d44d12c708cb484a34 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 715688 100b06d8f1c178b74a72627c1293a99d http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 3191282 9fad2dc154e6816007978eecba272f98 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 80310 e6f5e58168c6548ee953afc2f2e198e2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 939116 1a637f61cc6980c737f0485fc2ee9d46 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 118186 be93a766d70095e2b904e8a1059c1ea9 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 61432 b48d904620036b494dae30f846757933 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 48108 502e462be767601fd4f37278ff6fb0c9 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 25400 0d97956139ca4df762ff50924775c7ee http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 164406 c48888d902bace1af6f9568bc7d11781 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 219842 642d8bf864daa53baa9aba14ef1d8e8d http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 687198 ebd3b55dd94130e8031fce6fdd9c2977 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 3106210 be7d517d3130e27b75b778b1fafab2c2 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 75150 842cb849ecdc92162f1ef0645a89694a lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 951712 5833f800109087edef20d0d2e043a2a0 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 118064 f415be637dbb5991ce0cf7d4bc62b9b7 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 61512 247589fb21e89512e10055a39cdef0c0 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 48234 53a1552904e2243babf5b4480f4e39d2 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 25090 fe55913c8f07a2d573d202669dd1697e http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 164652 37ca1c8caa83a03a65f2d24d4f7576bb http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 220064 5d8c233389507dc10c6830ab35ab31e4 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 698034 6b6e1e71dc2b4d73ce5d91ab18ed1434 http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 3141000 792164965ecec628891930c15056146e http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 75852 566179c180af7420345a59aef66d20ab powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 1067816 72f7c6c253c7a0d6de9572a45b766bea http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 132060 05faca87e109c1c75a82a458b2d23949 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 69138 2c877d50106cacbfa82cb9e60e572e7e http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 51250 377d0b6a2fb986aafde1ee9f8045e04a http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 28790 9a4a744f8bbaee83ab3e0d624425dda3 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 170364 ce061c2566a07dd3c159a23d66d829fc http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 239232 b223e0531752af48a78b9feb2964e77a http://ports.ubuntu.com/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 751112 72ec27c3cfa98ec9c51e1735b233d70a http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 3289146 731cdf54cada7da65a2a3c939df59f93 http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 92846 b62d9487645a67d4c892c3671a75e05c sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 958890 6948353f591647da86e316845ec8f9eb http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 120824 6ff59a3bbd4a9b425ef23110a76c4298 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 61180 2cc5e6f027e76b607defdc9a797fea4d http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 47586 c343721df8aec6efa801c42368c65187 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 24302 829a6fd6cb43629453b0d03abb134c74 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 165794 e2baae9323c3dc1bfd4c7a5188b876a4 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 227060 24c905d2bf65312b9654f3a8c3ff1b85 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 699612 e891d015a5e9f4a06c62330ae13ad8ff http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 3054006 65d02dc72ebedeee044492a0d54a7c9b http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 75462 14106f64edcc64399c73cecfffe82660 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0-0ubuntu2.3.diff.gz Size/MD5: 16162 e2f7027909f54a82d3b05a5dab49bfe3 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0-0ubuntu2.3.dsc Size/MD5: 2333 0ca7e3c51f46e811ab8b764d19735017 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0.orig.tar.gz Size/MD5: 1595424 399b25d9d71ad22bc9a2a9281769c49c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 1051980 811eb825ef2a4a35a2737c7cc8f7dc18 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 147620 0df853686d2bde4d3251e2034d4aaca4 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 75082 66a4118be485eca8c0d64bcb507d95fe http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 56040 9aa3e75a67f5b3325354e0cd0783b4eb http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 26016 ab04a30595e5e10a8ea324ce5429859d http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 169758 a0feabc74a20a921577bb14b328f4f08 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 246134 66b67de914b70e969cef45ad38be8350 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 758072 3759109d011266b2f989d6d4b9c700f8 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 3352576 018f3529b1b4b66eb8fce6446e151276 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 84178 3242ad6a0e40ac5017b25f252026b4ec i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 989400 4c6f5530a2751fbef0c4cf2b91c0a450 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 140982 8b2732a5ee3087e754cfbc8a311508a9 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 72374 9dafd2e2f353b30269b61184d8a05a73 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 53740 92abc5198ae95accc2a9c04535a12e74 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 25630 9ed21683dc9ce42230357a75c9f8efaf http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 166244 5407024e0fbca9ca17cf31784689f530 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 231402 085ad28bb8f30fb81c922bdf98461f62 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 725946 56e85e5a60eded5dd71286df5afcddad http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 3273936 4900c20227ee15c570803e0a5ea2380e http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 80140 8397685b99e33d2295945e01b5a9c5a9 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 1024116 82f69ec56049caaaa2e6d6ddfbcf38e9 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 145452 ca9c8d859dd2c259254c1015c8150e7c http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 73070 93faf777eb853626a8021a4fdf951ae0 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 53314 f04f80d8c690dd8eed9f2d8629b82ab6 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 24216 5597f9b407ed6e297dfb60495a926835 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 168690 d5f6fc3fd30c50549a0425684be4456f http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 244286 73acb1d168e1b946fc0ab87e52a98d2b http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 749218 e362ac899fed10132a24579c856392bf http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 3243524 b3809cb3b43f6c6fcbf78e5f195454b8 http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 80606 84e09ef47c3a62d374f7d72d077857f7 Updated packages for Ubuntu 10.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.4-0ubuntu5.1.diff.gz Size/MD5: 36586 3c8f46489d270a6553c603f1bf42df61 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.4-0ubuntu5.1.dsc Size/MD5: 2321 6309c218890373f2d2f3829083f1e14e http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.4.orig.tar.gz Size/MD5: 1674400 4155346f9369b192569ce9184ff73e43 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 1057464 02cfbb58b185dce47f79752bc448ecfb http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 153226 6a1cd66dad1f036c916834a9bee5290e http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 79122 fc4779709ed8b692f9debc48054dcf66 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 56012 6c389ff1ec4144b526b34e3df0390361 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 26902 e4f305ff49b07e2d4266f3c23b737328 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 172296 6a277bb044e8bddf0b7211ef4f201e8a http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 252048 07a540e9727055ad6ea3af4805ca02f4 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 762152 b900a754d1f4fd137a984a5d9a428b49 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 3392098 40b5213d5c65333912cb2a6837cb8155 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 84984 222e314966329a71370119194760f289 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 994314 0cf46cddcca262acb400301c6ccfadcf http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 146050 ecfd6621c0c8125575908fce67e87037 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 75926 9460e967f9ea99f6e52cea7b82794cf1 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 53792 094890d2058126fad34a2a9f1b74a9fe http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 26526 ae6f93323c82c1d452e81335025c4677 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 169754 b69d20dacb024e9412954289e62606e5 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 237416 79df3cbaef280ae078fe5d90d1efeca6 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 729896 ebd5b47847b7d4c2d6a7956d5f2b9c9c http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 3308176 1901fd74a67d54354fc37140a3820651 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 80940 24c64a45a096f19bc5e29ac070570932 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 1139050 391b272517bddffbfecbbc91a43b7f96 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 160174 5e5fbf2fdbf5007373e8f76a762b875d http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 83092 96d39f59f5dbb721fc5bbd370f0b3540 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 57086 00f8a4e9617f841bd90e57d2835311f4 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 27700 b373ca19c5ec767a6398dffc9bedd553 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 174170 ff1770256477129693ba12fa671d00f2 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 257882 c5a46d4e9d96ab2e705e5a538cf3731e http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 802012 68d7baf4f9f6c09fbf4f1c0e382fa182 http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 3517048 e614b7e4a6a126f9b7dd67f6efefd117 http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 85044 6187f4e8bac574e941da55a6a69690af sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 1061366 41136167b401a0728acbcdb4019d10a9 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 152744 080f6cd7a3b25dafb7a859b7feb7095e http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 77452 04f109d31474b5aa18934e158adf6d62 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 54694 2300562f2a7cfb8d4a33f881332ace15 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 25448 53b2a8352578c81f64e8f4cab898007b http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 172760 f147f6913ced592759716f7b3df63af2 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 255112 3257864700e4387e8cf4e11e5f4aef4e http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 761444 626f9943c20f6c2f8cddfaed957e0251 http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 3312976 945e1150e98d3545f2790ceaec85220f http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 82324 33c251009e49841c9ae76e74a1e4e559 Updated packages for Ubuntu 10.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.14.3-0ubuntu1.1.diff.gz Size/MD5: 14357 2913cf42deabe02923039b83f4d3a09b http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.14.3-0ubuntu1.1.dsc Size/MD5: 2426 d8addbeb6ab59e8dfeaab3262b4215e8 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.14.3.orig.tar.gz Size/MD5: 1791880 1024c608a8a7c1d6ec301bddf11f3af9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-cpp-dev_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 64468 6a423398bc892f513b2f38e2e3d5c602 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-cpp0_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 31168 539169982c29fbd85ad92d3564b46332 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 1103468 a14ada191171b0af80c8ed455cc43602 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 165088 a094e30c378323c4e13fce76cb41eaef http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib5_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 83900 ba49980dc7ae19ec805f2d2e0a9dd341 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 59162 2e9264fd1688912c647a684349b04bc1 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 26422 f2e204b7a284aa1c7762671eb764f65f http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 175388 12fdd82ec02447154cb66ffee97eb6bd http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 262250 4b22149a50d268aff9c443f577272ec9 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler7_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 783016 b6a88c5290d6584cf118e03486ee5b28 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 3782700 92aaee73614843eb71a1e894d6e6b6db http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 84584 cff59800844c6d64d58481682d7096c2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-cpp-dev_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 61226 2daec50e448a0023cefc89ecdac63e2f http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-cpp0_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 31404 ad307f5350fd07a9cc409f4e9e1a76a3 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 1031432 cb1b0f48c777da1e83104a1f8a92850c http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 156646 33c97aaca1542522ac44c0c2c1aa32f9 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib5_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 80682 9c4b0a4534eb6719a7d9f974b2fc8b61 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 56974 6d8a32bff9e98d95c8cf754c47aae4f6 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 25986 ce814f61d00c0be09742cff50d691d1a http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 172378 d6a441c24baa014e23428de75ee78913 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 246084 0f3d944e284b2e96f78ff7c897d89310 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler7_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 746296 c5b46a4f36381b2d6ac1f4cdc973a85d http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 3694024 28b7b242f8fe4b6decc198ce2cddc5e4 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 79640 326c2ea9f373fec8622ca654b942fee2 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-cpp-dev_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 65034 e6fe859f3e6071f20f9cf880107c1f2e http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-cpp0_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 32576 1923fe67aeb448dae67c0c3de7acad51 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 1182088 7d90bf72cedc6ccda4da639e657ba3ec http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 171878 728ed879151c66c82c09d074ca3d6b74 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib5_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 88564 38714d7ad6697b4231e2c89c511195c4 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 60498 2422b28c607abc4cf25388199ad89052 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 27190 4e063517954ef91ae8ce1d959f939bad http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 177264 79deabe8844ba4993b7643a846b6ba7f http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 270448 a6924c87f821b74c9d9ef642d3182194 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler7_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 822532 fded6e9509fb172ea0587cd536b8e24c http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 3916390 bd49980f1d5fe6a419961106a2635ad6 http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 82814 8552bb3b2508b96a0c3a2be0b7a02f00 . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). For more information: SA41709 SOLUTION: Update to version 1.0.4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: tetex security update Advisory ID: RHSA-2012:1201-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1201.html Issue date: 2012-08-23 CVE Names: CVE-2010-2642 CVE-2010-3702 CVE-2010-3704 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 ===================================================================== 1. Summary: Updated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. teTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code: Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files. (CVE-2010-2642, CVE-2011-0433) An invalid pointer dereference flaw was found in t1lib. (CVE-2011-0764) A use-after-free flaw was found in t1lib. (CVE-2011-1553) An off-by-one flaw was found in t1lib. (CVE-2011-1554) An out-of-bounds memory read flaw was found in t1lib. A specially-crafted font file could, when opened, cause teTeX to crash. (CVE-2011-1552) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code: An uninitialized pointer use flaw was discovered in Xpdf. If pdflatex was used to process a TeX document referencing a specially-crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3702) An array index error was found in the way Xpdf parsed PostScript Type 1 fonts embedded in PDF documents. If pdflatex was used to process a TeX document referencing a specially-crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3704) Red Hat would like to thank the Evince development team for reporting CVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter of CVE-2010-2642. All users of tetex are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference 638960 - CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse() 666318 - CVE-2010-2642 evince, t1lib: Heap based buffer overflow in DVI file AFM font parser 679732 - CVE-2011-0433 evince, t1lib: Heap-based buffer overflow DVI file AFM font parser 692853 - CVE-2011-1552 t1lib: invalid read crash via crafted Type 1 font 692854 - CVE-2011-1553 t1lib: Use-after-free via crafted Type 1 font 692856 - CVE-2011-1554 t1lib: Off-by-one via crafted Type 1 font 692909 - CVE-2011-0764 t1lib: Invalid pointer dereference via crafted Type 1 font 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/tetex-3.0-33.15.el5_8.1.src.rpm i386: tetex-3.0-33.15.el5_8.1.i386.rpm tetex-afm-3.0-33.15.el5_8.1.i386.rpm tetex-debuginfo-3.0-33.15.el5_8.1.i386.rpm tetex-doc-3.0-33.15.el5_8.1.i386.rpm tetex-dvips-3.0-33.15.el5_8.1.i386.rpm tetex-fonts-3.0-33.15.el5_8.1.i386.rpm tetex-latex-3.0-33.15.el5_8.1.i386.rpm tetex-xdvi-3.0-33.15.el5_8.1.i386.rpm x86_64: tetex-3.0-33.15.el5_8.1.x86_64.rpm tetex-afm-3.0-33.15.el5_8.1.x86_64.rpm tetex-debuginfo-3.0-33.15.el5_8.1.x86_64.rpm tetex-doc-3.0-33.15.el5_8.1.x86_64.rpm tetex-dvips-3.0-33.15.el5_8.1.x86_64.rpm tetex-fonts-3.0-33.15.el5_8.1.x86_64.rpm tetex-latex-3.0-33.15.el5_8.1.x86_64.rpm tetex-xdvi-3.0-33.15.el5_8.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/tetex-3.0-33.15.el5_8.1.src.rpm i386: tetex-3.0-33.15.el5_8.1.i386.rpm tetex-afm-3.0-33.15.el5_8.1.i386.rpm tetex-debuginfo-3.0-33.15.el5_8.1.i386.rpm tetex-doc-3.0-33.15.el5_8.1.i386.rpm tetex-dvips-3.0-33.15.el5_8.1.i386.rpm tetex-fonts-3.0-33.15.el5_8.1.i386.rpm tetex-latex-3.0-33.15.el5_8.1.i386.rpm tetex-xdvi-3.0-33.15.el5_8.1.i386.rpm ia64: tetex-3.0-33.15.el5_8.1.ia64.rpm tetex-afm-3.0-33.15.el5_8.1.ia64.rpm tetex-debuginfo-3.0-33.15.el5_8.1.ia64.rpm tetex-doc-3.0-33.15.el5_8.1.ia64.rpm tetex-dvips-3.0-33.15.el5_8.1.ia64.rpm tetex-fonts-3.0-33.15.el5_8.1.ia64.rpm tetex-latex-3.0-33.15.el5_8.1.ia64.rpm tetex-xdvi-3.0-33.15.el5_8.1.ia64.rpm ppc: tetex-3.0-33.15.el5_8.1.ppc.rpm tetex-afm-3.0-33.15.el5_8.1.ppc.rpm tetex-debuginfo-3.0-33.15.el5_8.1.ppc.rpm tetex-doc-3.0-33.15.el5_8.1.ppc.rpm tetex-dvips-3.0-33.15.el5_8.1.ppc.rpm tetex-fonts-3.0-33.15.el5_8.1.ppc.rpm tetex-latex-3.0-33.15.el5_8.1.ppc.rpm tetex-xdvi-3.0-33.15.el5_8.1.ppc.rpm s390x: tetex-3.0-33.15.el5_8.1.s390x.rpm tetex-afm-3.0-33.15.el5_8.1.s390x.rpm tetex-debuginfo-3.0-33.15.el5_8.1.s390x.rpm tetex-doc-3.0-33.15.el5_8.1.s390x.rpm tetex-dvips-3.0-33.15.el5_8.1.s390x.rpm tetex-fonts-3.0-33.15.el5_8.1.s390x.rpm tetex-latex-3.0-33.15.el5_8.1.s390x.rpm tetex-xdvi-3.0-33.15.el5_8.1.s390x.rpm x86_64: tetex-3.0-33.15.el5_8.1.x86_64.rpm tetex-afm-3.0-33.15.el5_8.1.x86_64.rpm tetex-debuginfo-3.0-33.15.el5_8.1.x86_64.rpm tetex-doc-3.0-33.15.el5_8.1.x86_64.rpm tetex-dvips-3.0-33.15.el5_8.1.x86_64.rpm tetex-fonts-3.0-33.15.el5_8.1.x86_64.rpm tetex-latex-3.0-33.15.el5_8.1.x86_64.rpm tetex-xdvi-3.0-33.15.el5_8.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2642.html https://www.redhat.com/security/data/cve/CVE-2010-3702.html https://www.redhat.com/security/data/cve/CVE-2010-3704.html https://www.redhat.com/security/data/cve/CVE-2011-0433.html https://www.redhat.com/security/data/cve/CVE-2011-0764.html https://www.redhat.com/security/data/cve/CVE-2011-1552.html https://www.redhat.com/security/data/cve/CVE-2011-1553.html https://www.redhat.com/security/data/cve/CVE-2011-1554.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQNkf0XlSAg2UNWIIRAiQFAJ9WUAfXKk43rYvg+UYPr0aOZvojRgCeKWRl PAzUWlaBGi1pT+Kr2TaQk1E= =iYiF -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames. GNU libc is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to make the affected computer unresponsive, denying service to legitimate users. Multiple vendors' implementations are reported to be affected, including: NetBSD OpenBSD FreeBSD Oracle Solaris 10 Additional vendors' implementations may also be affected. ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. For more information see vulnerability #2: SA42984 The vulnerability is reported in the following versions R15, R16, R16.1, and R16.2. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Oracle Solaris Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42984 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42984/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42984 RELEASE DATE: 2011-01-19 DISCUSS ADVISORY: http://secunia.com/advisories/42984/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42984/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42984 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges and by malicious people to disclose system information, cause a DoS (Denial of Service), and compromise a vulnerable system. 1) An unspecified error in the CDE Calendar Manager Service daemon can be exploited to potentially execute arbitrary code via specially crafted RPC packets. 2) An unspecified error in the FTP server can be exploited to cause a DoS. 3) An unspecified error in a Ethernet driver can be exploited to disclose certain system information. 4) An unspecified error in the kernel NFS component can be exploited to cause a DoS. 5) An unspecified error in the kernel can be exploited by local users to cause a DoS. 6) A second unspecified error in the kernel can be exploited by local users to cause a DoS. 7) An unspecified error in the Standard C Library (libc) can be exploited by local users to gain escalated privileges. 8) An unspecified error in the Fault Manager daemon can be exploited by local users to gain escalated privileges. 9) An unspecified error in the XScreenSaver component can be exploited by local users to gain escalated privileges. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for January 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:02.libc Security Advisory The FreeBSD Project Topic: glob(3) related resource exhaustion Category: core Module: libc Announced: 2013-02-19 Affects: All supported versions of FreeBSD. Corrected: 2013-02-05 09:53:32 UTC (stable/7, 7.4-STABLE) 2013-02-19 13:27:20 UTC (releng/7.4, 7.4-RELEASE-p12) 2013-02-05 09:53:32 UTC (stable/8, 8.3-STABLE) 2013-02-19 13:27:20 UTC (releng/8.3, 8.3-RELEASE-p6) 2013-02-05 09:53:32 UTC (stable/9, 9.1-STABLE) 2013-02-19 13:27:20 UTC (releng/9.0, 9.0-RELEASE-p6) 2013-02-19 13:27:20 UTC (releng/9.1, 9.1-RELEASE-p1) CVE Name: CVE-2010-2632 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. I. Background The glob(3) function is a pathname generator that implements the rules for file name pattern matching used by the shell. II. Problem Description GLOB_LIMIT is supposed to limit the number of paths to prevent against memory or CPU attacks. The implementation however is insufficient. III. Impact An attacker that is able to exploit this vulnerability could cause excessive memory or CPU usage, resulting in a Denial of Service. A common target for a remote attacker could be ftpd(8). IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch # fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch.asc # gpg --verify libc.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch Recompile the operating system using buildworld and installworld as described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>. Restart all daemons, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Restart all daemons, or reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch/path Revision - ------------------------------------------------------------------------- stable/7/ r246357 releng/7.4/ r246989 stable/8/ r246357 releng/8.3/ r246989 stable/9/ r246357 releng/9.0/ r246989 releng/9.1/ r246989 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2632 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-13:02.libc.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (FreeBSD) iEYEARECAAYFAlEjf80ACgkQFdaIBMps37JFUgCfUrw8Ky4U19COja6fna49Calv z/YAn1JSGxzHCo8vLj4XhtXqrQt68or4 =mCPv -----END PGP SIGNATURE----- . MacOSX 10.8.3 ftpd Remote Resource Exhaustion Maksymilian Arciemowicz http://cxsecurity.com/ http://cvemap.org/ Public Date: 01.02.2013 http://cxsecurity.com/cveshow/CVE-2010-2632 http://cxsecurity.com/cveshow/CVE-2011-0418 --- 1. Description --- Old vulnerability in libc allow to denial of service ftpd in MacOSX 10.8.3. Officially Apple has resolved this issue in Jun 2011. Apple use tnftpd as a main ftp server. tnftpd has migrated some functions from libc to own code (including glob(3)). Missing patch for resource exhaustion was added in version 20130322. To this time, we can use CVE-2010-2632 to denial of service the ftp server. The funniest is report http://support.apple.com/kb/ht4723 where CVE-2010-2632 was patched. That true 'libc is patched', but nobody from Apple has verified ftp. I really don't believe in penetrating testing form Apple side. Situation don't seems good. I has asked for open source donations, unfortunately Apple do not financial help vendors, what use their software in own products. Proof of Concept is available since 2010 http://cxsecurity.com/issue/WLB-2011030145 Video demonstrated how to kill Mac Mini in basic version i5 with 10GB RAM in 30 min is available on http://cxsec.org/video/macosx_ftpd_poc/ --- 2. References --- Multiple Vendors libc/glob(3) remote ftpd resource exhaustion http://cxsecurity.com/issue/WLB-2010100135 http://cxsecurity.com/cveshow/CVE-2010-2632 Multiple FTPD Server GLOB_BRACE|GLOB_LIMIT memory exhaustion http://cxsecurity.com/issue/WLB-2011050004 http://cxsecurity.com/cveshow/CVE-2011-0418 More CWE-399 resource exhaustion examples: http://cxsecurity.com/cwe/CWE-399 Last related to http://www.freebsd.org/security/advisories/FreeBSD-SA-13:02.libc.asc --- 3. Contact --- Maksymilian Arciemowicz Best regards, CXSEC TEAM http://cxsecurity.com/

Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Acrobat and Reader are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Adobe Reader and Acrobat versions prior to and including 9.3.4 and 8.2.4 are affected. I. An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file. The Adobe Reader browser plug-in, which can automatically open PDF documents hosted on a website, is available for multiple web browsers and operating systems. Additional information is available in US-CERT Vulnerability Note VU#491991. II. Impact These vulnerabilities could allow a remote attacker to execute arbitrary code, write arbitrary files or folders to the file system, escalate local privileges, or cause a denial of service on an affected system as the result of a user opening a malicious PDF file. III. Solution Update Adobe has released updates to address this issue. Disable JavaScript in Adobe Reader and Acrobat Disabling JavaScript may prevent some exploits from resulting in code execution. Acrobat JavaScript can be disabled using the Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable Acrobat JavaScript). Adobe provides a framework to blacklist specific JavaScipt APIs. If JavaScript must be enabled, this feature may be useful when specific APIs are known to be vulnerable or used in attacks. Prevent Internet Explorer from automatically opening PDF files The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to a safer option that prompts the user by importing the following as a .REG file: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\AcroExch.Document.7] "EditFlags"=hex:00,00,00,00 Disable the display of PDF files in the web browser Preventing PDF files from opening inside a web browser will partially mitigate this vulnerability. If this workaround is applied, it may also mitigate future vulnerabilities. To prevent PDF files from automatically being opened in a web browser, do the following: 1. 2. Open the Edit menu. 3. Choose the Preferences option. 4. Choose the Internet section. 5. Uncheck the "Display PDF in browser" checkbox. Do not access PDF files from untrusted sources Do not open unfamiliar or unexpected PDF files, particularly those hosted on websites or delivered as email attachments. Please see Cyber Security Tip ST04-010. IV. References * Security update available for Adobe Reader and Acrobat - <http://www.adobe.com/support/security/bulletins/apsb10-21.html> * US-CERT Vulnerability Note VU#491991 - <http://www.kb.cert.org/vuls/id/491991> * Adobe Reader and Acrobat JavaScript Blacklist Framework - <http://kb2.adobe.com/cps/504/cpsid_50431.html> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA10-279A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA10-279A Feedback VU#491991" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2010 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History October 06, 2010: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTKxxvD6pPKYJORa3AQIL3wgAp2tynQw73VA+B70fuEl+os17BeVaP8zn 5aoWS6QBRx+Q8Ijw1wnKT1sF4IWaDWTWqPo0yt6MLx8WwO2ei8WaB+aMOwy9ZBo3 BbCOPSM63/3jBrJuCDs4x2PhZDzg2GJf4Zw8NN2oCSOXMxYGhx16QQzo2lY35CBJ cvCSiLtNQuqpnvNMi2DJhArwxStK9Un2fli7IqwXzC6+RIgrk1l/EAM/6CO2+AwJ Se0bDWBjwR5YverLEXoLuBbF0lHvQ0+V/vT5Q/zBDYUwcWkBL2n7NwdbKI9pYZxL 8Te7YapqAnMNgI1/PnYI/W369Vq3U6QoQVVR9ZoyLGw8x0A57cpU2g== =Rc0h -----END PGP SIGNATURE-----

Research In Motion BlackBerry Device Software is prone to a cross-domain information-disclosure vulnerability because the application's web browser fails to properly enforce the same-origin policy. An attacker can exploit this issue to access local files or content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information or may aid in further attacks.

This vulnerability allows attackers to deny services on vulnerable installations of Novell eDirectory. Authentication is not required in order to trigger this vulnerability.The flaw exists within Novell's eDirectory Server's NCP implementation which binds, by default, to TCP port 524. While handling a malformed request, the application explicitly trusts a field when translating it to an index into a table of counters. If this index is too large, the application will set a value outside the array and the ndsd process will become unresponsive resulting in an inability to authenticate to that server. Novell eDirectory is a cross-platform directory server. Novell eDirectory is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to crash the application, denying service to legitimate users. Versions prior to eDirectory 8.8.5 ftf3 are vulnerable. ZDI-10-189: Novell eDirectory Server Malformed Index Denial of Service Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-189 October 1, 2010 -- CVSS: 7.8, (AV:N/AC:L/Au:N/C:N/I:N/A:C) -- Affected Vendors: Novell -- Affected Products: Novell eDirectory -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9971. -- Vendor Response: Novell has issued an update to correct this vulnerability. More details can be found at: http://www.novell.com/support/viewContent.do?externalId=7006389&amp;sliceId=2 -- Disclosure Timeline: 2009-04-28 - Vulnerability reported to vendor 2010-10-01 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * 1c239c43f521145fa8385d64a9c32243 -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Intellicom NetBiter is a hardware device that is managed using the WebSCADA protocol. The Intellicom Netbiter webSCADA product 'read.cgi' has multiple security vulnerabilities that allow attackers to obtain sensitive information. - Local files are available through directory traversal attacks: /cgi-bin/read.cgi?page=../../../../../../../../../.. /../etc/passwd%00- can submit the following request for sensitive information: /cgi-bin/read.cgi?file=/home/config/users.cfg - by injecting a specially constructed GIF image on the LOGO page modification Upload malicious code: /cgi-bin/read.cgi?page=config.html&file=/home/config/pages/2.conf&section=PAGE2GIF Hide malicious code in image content for SCADA server management and unauthorized OS command execution. An attacker can exploit these issues to upload and execute arbitrary script code on an affected computer with the privileges of the webserver process, view arbitrary local files, or obtain sensitive data that can aid in further attacks. Netbiter webSCADA WS100 and Netbiter webSCADA WS200 are vulnerable; other versions may also be affected

Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket. Apache 'APR-util' is prone to a vulnerability that may allow attackers to cause a denial-of-service condition. Versions prior to 'APR-util' 1.3.10 are vulnerable. Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMp2gfmqjQ0CJFipgRAt4MAKDyY5474rouxr68uwdAJFM5ccGCWQCgluf4 +3Ue46VyQAyCWIdyaxpp9no= =hI/k -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: JBoss Enterprise Web Server 1.0.2 update Advisory ID: RHSA-2011:0896-01 Product: JBoss Enterprise Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0896.html Issue date: 2011-06-22 CVE Names: CVE-2008-7270 CVE-2009-3245 CVE-2009-3560 CVE-2009-3720 CVE-2009-3767 CVE-2010-1157 CVE-2010-1452 CVE-2010-1623 CVE-2010-2068 CVE-2010-3718 CVE-2010-4172 CVE-2010-4180 CVE-2011-0013 CVE-2011-0419 ===================================================================== 1. Summary: JBoss Enterprise Web Server 1.0.2 is now available from the Red Hat Customer Portal for Red Hat Enterprise Linux 4, 5 and 6, Solaris, and Microsoft Windows. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Description: JBoss Enterprise Web Server is a fully-integrated and certified set of components for hosting Java web applications. This is the first release of JBoss Enterprise Web Server for Red Hat Enterprise Linux 6. For Red Hat Enterprise Linux 4 and 5, Solaris, and Microsoft Windows, this release serves as a replacement for JBoss Enterprise Web Server 1.0.1, and includes a number of bug fixes. Refer to the Release Notes, linked in the References, for more information. This update corrects security flaws in the following components: tomcat6: A cross-site scripting (XSS) flaw was found in the Manager application, used for managing web applications on Apache Tomcat. If a remote attacker could trick a user who is logged into the Manager application into visiting a specially-crafted URL, the attacker could perform Manager application tasks with the privileges of the logged in user. (CVE-2010-4172) tomcat5 and tomcat6: It was found that web applications could modify the location of the Apache Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web application could use this flaw to trick Tomcat into giving it read and write access to an arbitrary directory on the file system. (CVE-2010-3718) A second cross-site scripting (XSS) flaw was found in the Manager application. A malicious web application could use this flaw to conduct an XSS attack, leading to arbitrary web script execution with the privileges of victims who are logged into and viewing Manager application web pages. (CVE-2011-0013) A possible minor information leak was found in the way Apache Tomcat generated HTTP BASIC and DIGEST authentication requests. For configurations where a realm name was not specified and Tomcat was accessed via a proxy, the default generated realm contained the hostname and port used by the proxy to send requests to the Tomcat server. (CVE-2010-1157) httpd: A flaw was found in the way the mod_dav module of the Apache HTTP Server handled certain requests. If a remote attacker were to send a carefully crafted request to the server, it could cause the httpd child process to crash. (CVE-2010-1452) A flaw was discovered in the way the mod_proxy_http module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. In some configurations, the proxy could return a response intended for another user under certain timeout conditions, possibly leading to information disclosure. Note: This issue only affected httpd running on the Windows operating system. (CVE-2010-2068) apr: It was found that the apr_fnmatch() function used an unconstrained recursion when processing patterns with the '*' wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching (such as an httpd server using the mod_autoindex module), to exhaust all stack memory or use an excessive amount of CPU time when performing matching. (CVE-2011-0419) apr-util: It was found that certain input could cause the apr-util library to allocate more memory than intended in the apr_brigade_split_line() function. An attacker able to provide input in small chunks to an application using the apr-util library (such as httpd) could possibly use this flaw to trigger high memory consumption. (CVE-2010-1623) The following flaws were corrected in the packages for Solaris and Windows. Updates for Red Hat Enterprise Linux can be downloaded from the Red Hat Network. Multiple flaws in OpenSSL, which could possibly cause a crash, code execution, or a change of session parameters, have been corrected. (CVE-2009-3245, CVE-2010-4180, CVE-2008-7270) Two denial of service flaws were corrected in Expat. (CVE-2009-3560, CVE-2009-3720) An X.509 certificate verification flaw was corrected in OpenLDAP. (CVE-2009-3767) More information about these flaws is available from the CVE links in the References. 3. Solution: All users of JBoss Enterprise Web Server 1.0.1 as provided from the Red Hat Customer Portal are advised to upgrade to JBoss Enterprise Web Server 1.0.2, which corrects these issues. The References section of this erratum contains a download link (you must log in to download the update). Before installing the update, backup your existing JBoss Enterprise Web Server installation (including all applications and configuration files). Apache Tomcat and the Apache HTTP Server must be restarted for the update to take effect. 4. Bugs fixed (http://bugzilla.redhat.com/): 530715 - CVE-2009-3767 OpenLDAP: Doesn't properly handle NULL character in subject Common Name 531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences 533174 - CVE-2009-3560 expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences 570924 - CVE-2009-3245 openssl: missing bn_wexpand return value checks 585331 - CVE-2010-1157 tomcat: information disclosure in authentication headers 618189 - CVE-2010-1452 httpd mod_cache, mod_dav: DoS (httpd child process crash) by parsing URI structure with missing path segments 632994 - CVE-2010-2068 httpd (mod_proxy): Sensitive response disclosure due improper handling of timeouts 640281 - CVE-2010-1623 apr-util: high memory consumption in apr_brigade_split_line() 656246 - CVE-2010-4172 tomcat: cross-site-scripting vulnerability in the manager application 659462 - CVE-2010-4180 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack 660650 - CVE-2008-7270 openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack 675786 - CVE-2011-0013 tomcat: XSS vulnerability in HTML Manager interface 675792 - CVE-2010-3718 tomcat: file permission bypass flaw 703390 - CVE-2011-0419 apr: unconstrained recursion in apr_fnmatch 5. References: https://www.redhat.com/security/data/cve/CVE-2008-7270.html https://www.redhat.com/security/data/cve/CVE-2009-3245.html https://www.redhat.com/security/data/cve/CVE-2009-3560.html https://www.redhat.com/security/data/cve/CVE-2009-3720.html https://www.redhat.com/security/data/cve/CVE-2009-3767.html https://www.redhat.com/security/data/cve/CVE-2010-1157.html https://www.redhat.com/security/data/cve/CVE-2010-1452.html https://www.redhat.com/security/data/cve/CVE-2010-1623.html https://www.redhat.com/security/data/cve/CVE-2010-2068.html https://www.redhat.com/security/data/cve/CVE-2010-3718.html https://www.redhat.com/security/data/cve/CVE-2010-4172.html https://www.redhat.com/security/data/cve/CVE-2010-4180.html https://www.redhat.com/security/data/cve/CVE-2011-0013.html https://www.redhat.com/security/data/cve/CVE-2011-0419.html https://access.redhat.com/security/updates/classification/#moderate http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Web_Server/1.0/html-single/Release_Notes_1.0.2/index.html https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=webserver&version=1.0.2 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOAuGhXlSAg2UNWIIRAqmMAJ4r9f3dvSqtXd7MjjpO8g90BsEongCgmhEo /GsGpZfcRmJUiJiwYZJk5fU= =KiZb -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Background ========== The Apache Portable Runtime (aka APR) provides a set of APIs for creating platform-independent applications. The Apache Portable Runtime Utility Library (aka APR-Util) provides an interface to functionality such as XML parsing, string matching and database connections. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/apr < 1.4.8-r1 >= 1.4.8-r1 2 dev-libs/apr-util < 1.3.10 >= 1.3.10 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Apache Portable Runtime and APR Utility Library. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache Portable Runtime users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/apr-1.4.8-r1" All users of the APR Utility Library should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/apr-util-1.3.10" Packages which depend on these libraries may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages. References ========== [ 1 ] CVE-2010-1623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1623 [ 2 ] CVE-2011-0419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0419 [ 3 ] CVE-2011-1928 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1928 [ 4 ] CVE-2012-0840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0840 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201405-24.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03280632 Version: 2 HPSBMU02764 SSRT100827 rev.2 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-04-16 Last Updated: 2012-04-19 Potential Security Impact: Remote cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, other vulnerabilities Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely and locally resulting in cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, and other vulnerabilities. References: CVE-2009-0037, CVE-2010-0734, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-2791, CVE-2010-3436, CVE-2010-4409, CVE-2010-4645, CVE-2011-0014, CVE-2011-0195, CVE-2011-0419, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1467, CVE-2011-1468, CVE-2011-1470, CVE-2011-1471, CVE-2011-1928, CVE-2011-1938, CVE-2011-1945, CVE-2011-2192, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3189, CVE-2011-3192, CVE-2011-3267, CVE-2011-3268, CVE-2011-3207, CVE-2011-3210, CVE-2011-3348, CVE-2011-3368, CVE-2011-3639, CVE-2011-3846, SSRT100376, CVE-2012-0135, SSRT100609, CVE-2012-1993, SSRT10043 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) before v7.0 running on Linux and Windows. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2009-0037 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-0734 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2010-1452 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-1623 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-2068 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2010-2791 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2010-3436 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2010-4409 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2010-4645 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-0014 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-0195 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-0419 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1148 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-1153 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-1464 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1467 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-1468 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1471 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1928 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1938 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-1945 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2011-2192 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-2202 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2011-2483 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3182 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-3189 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3192 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2011-3267 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-3268 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3207 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0 CVE-2011-3210 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-3348 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-3368 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3639 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-3846 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2012-0135 (AV:N/AC:M/Au:S/C:N/I:N/A:P) 3.5 CVE-2012-1993 (AV:L/AC:L/Au:S/C:P/I:P/A:N) 3.2 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett-Packard Company thanks Sow Ching Shiong coordinating with Secunia for reporting CVE-2011-3846 to security-alert@hp.com. The Hewlett-Packard Company thanks Silent Dream for reporting CVE-2012-0135 to security-alert@hp.com RESOLUTION HP has provided HP System Management Homepage v7.0 or subsequent to resolve the vulnerabilities. SMH v7.0 is available here: http://h18000.www1.hp.com/products/servers/management/agents/index.html HISTORY Version:1 (rev.1) 16 April 2012 Initial release Version:2 (rev.2) 19 April 2012 Remove CVE-2011-4317 Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Jeff Trawick discovered a flaw in the apr_brigade_split_line() function in apr-util. This upgrade fixes this issue. After the upgrade, any running apache2 server processes need to be restarted. For the stable distribution (lenny), this problem has been fixed in version 1.2.12+dfsg-8+lenny5. For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 1.3.9+dfsg-4. We recommend that you upgrade your apr-util packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny (stable) - ----------------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz Size/MD5 checksum: 658687 4ef3e41037fe0cdd3a0d107335a008eb http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny5.dsc Size/MD5 checksum: 1531 3c280d9325eccb5b202f797dfe4b0fec http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny5.diff.gz Size/MD5 checksum: 23557 ccbe052945c3c7a7abb083a5780e63fa alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_alpha.deb Size/MD5 checksum: 90912 f01833decf4c09cb19900ad830537656 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_alpha.deb Size/MD5 checksum: 157332 c768e904368992a886bab995d06be691 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_alpha.deb Size/MD5 checksum: 147422 1f0111e3b3d573c860d72fb7d8f0e8b5 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_amd64.deb Size/MD5 checksum: 133214 02ecc9426d426a0b07fad57d8548a552 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_amd64.deb Size/MD5 checksum: 80190 bc013109f72a0550ab75a3cbcea4c8e3 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_amd64.deb Size/MD5 checksum: 148128 a9074ac6c50448c01a8b79a1b43fd71a arm architecture (ARM) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_arm.deb Size/MD5 checksum: 71238 0f14138790b33ed5312d1bd9c64b1f00 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_arm.deb Size/MD5 checksum: 124300 360c36286adba8e4590d3d788edc861b http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_arm.deb Size/MD5 checksum: 139246 1221f6cb3918a1b4fea98aac628f1eaa armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_armel.deb Size/MD5 checksum: 125562 e438c52ef68ba41152adf433bc21d616 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_armel.deb Size/MD5 checksum: 70018 364da2335ced6c3219f8e6ce206b66e3 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_armel.deb Size/MD5 checksum: 139230 76e5e253b409ce658a5be6362344fff5 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_hppa.deb Size/MD5 checksum: 83802 c410f61265b32634094ad350d0d4aeb5 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_hppa.deb Size/MD5 checksum: 138764 b467ed9dc49f4379e6db88d45e4ef233 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_hppa.deb Size/MD5 checksum: 143056 952388a55397fad1995bc02367571482 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_i386.deb Size/MD5 checksum: 141614 edd53fa18ff076d2dff72b40a9651d14 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_i386.deb Size/MD5 checksum: 73984 2aa25fcf6479e34bdce90f1b989dfa4f http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_i386.deb Size/MD5 checksum: 121060 788336d970df93d381088228298e4f4d ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_ia64.deb Size/MD5 checksum: 110820 789ad31d3dc20ebc5e7a3d1d791087c5 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_ia64.deb Size/MD5 checksum: 136570 67db51e6841ba527c27cd8608f203760 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_ia64.deb Size/MD5 checksum: 169058 def2319fc7c98c667ff63fab83ba848a mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_mips.deb Size/MD5 checksum: 137656 65b830e995d0e1df9e5dd3ded8d70384 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_mips.deb Size/MD5 checksum: 74498 dbae966eba410854729e65f1b923616f http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_mips.deb Size/MD5 checksum: 147726 0a00e22703d26b6cb7d9c3b378f628ac mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_mipsel.deb Size/MD5 checksum: 144892 99888c01ccac0d9faa3a5550b15fba7a http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_mipsel.deb Size/MD5 checksum: 74218 8231602412144f158ab4d1250df32cfe http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_mipsel.deb Size/MD5 checksum: 136538 e0bb514608d43f8c8b2316f631e7e297 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_powerpc.deb Size/MD5 checksum: 147160 87609acb8e723f45311251cfa03faa8b http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_powerpc.deb Size/MD5 checksum: 132642 954d78228520f1a803835405fee1a9f5 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_powerpc.deb Size/MD5 checksum: 83158 1de0e929812f80a27c5b5ef505a74da3 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_s390.deb Size/MD5 checksum: 85652 125b09d4165e3cc8faa822ceba8746e7 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_s390.deb Size/MD5 checksum: 133244 c8ebef5c30d2b61def461d62b8ea7b23 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_s390.deb Size/MD5 checksum: 148902 0ac9f485e20eaf0eff64845c96c63c02 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_sparc.deb Size/MD5 checksum: 125152 d7b0e9e282c1f6532f2239a9eba4e207 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_sparc.deb Size/MD5 checksum: 72892 a0fd31dbfcd9cf8301b274d733315162 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_sparc.deb Size/MD5 checksum: 131960 95bb41d3245d5d0d6569d6fb045decba These files will probably be moved into the stable distribution on its next update. ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Apache HTTP Server APR-util Multiple Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA41811 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41811/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41811 RELEASE DATE: 2010-10-20 DISCUSS ADVISORY: http://secunia.com/advisories/41811/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41811/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41811 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Apache HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerabilities are caused due to application using vulnerable APR-utils code. For more information: SA41701 SOLUTION: Update to version 2.2.17. ORIGINAL ADVISORY: http://www.apache.org/dist/httpd/Announcement2.2.html http://www.apache.org/dist/httpd/CHANGES_2.2.17 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . =========================================================== Ubuntu Security Notice USN-1021-1 November 25, 2010 apache2 vulnerabilities CVE-2010-1452, CVE-2010-1623 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.12 Ubuntu 8.04 LTS: apache2.2-common 2.2.8-1ubuntu0.19 Ubuntu 9.10: apache2.2-common 2.2.12-1ubuntu2.4 Ubuntu 10.04 LTS: apache2.2-common 2.2.14-5ubuntu8.4 Ubuntu 10.10: apache2.2-common 2.2.16-1ubuntu3.1 In general, a standard system update will make all the necessary changes. Details follow: It was discovered that Apache's mod_cache and mod_dav modules incorrectly handled requests that lacked a path. This issue affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-1452) It was discovered that Apache did not properly handle memory when destroying APR buckets. This issue affected Ubuntu 6.06 LTS and 10.10. (CVE-2010-1623) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.12.diff.gz Size/MD5: 134865 3a8ddb93ba4acb10e5a25f8fedff76c8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.12.dsc Size/MD5: 1823 ea94bede6f84eff66e7ddbed098314b3 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.12_all.deb Size/MD5: 2126274 cabf3e5b4db7aa0fedb11a88f8b75bd6 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.12_amd64.deb Size/MD5: 835158 fe32a82ad3ebc2bcb3dd761089125095 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.12_amd64.deb Size/MD5: 229940 b5a9d6e605da9a7eaa482afe5209dc7b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.12_amd64.deb Size/MD5: 225020 ea417c30c902579143a7514c6ab9f85a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.12_amd64.deb Size/MD5: 229516 5fa43f8e2ff727ee42a0ba40cdb1fa69 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.12_amd64.deb Size/MD5: 173264 e23808d6fb41ebb4cd3a7bd2d02362f7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.12_amd64.deb Size/MD5: 174046 3e816aa3c599f5ee36de1061bdd49a6a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.12_amd64.deb Size/MD5: 95854 94297f57007c1b9161d2cb3357584f47 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.12_amd64.deb Size/MD5: 37898 7747042159ee5f8bb6c49d8a8c4ba4df http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.12_amd64.deb Size/MD5: 287552 041d5d83609f70f50b6aa142f13ba670 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.12_amd64.deb Size/MD5: 146132 e5da23a1537a20d723470a0ea65e842e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.12_i386.deb Size/MD5: 788394 9dec38ca7cf477fab1d5e235d722eb18 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.12_i386.deb Size/MD5: 204496 17b851c580fdd514732f26d4bbd259b6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.12_i386.deb Size/MD5: 200398 933aebfa68842dfe55408582cb7f9d86 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.12_i386.deb Size/MD5: 203956 58a25ad65c7231f12fb16eb5866e32cf http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.12_i386.deb Size/MD5: 173272 ee2c6892d43a29dc81b6d9ba8371b658 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.12_i386.deb Size/MD5: 174054 f2cbea79976c62934145b24d0a724e9b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.12_i386.deb Size/MD5: 93772 82e6a9c1c6d6df884c3af138c0775b67 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.12_i386.deb Size/MD5: 37898 8038ee56310c3e9ba48390fdf2fef08c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.12_i386.deb Size/MD5: 263514 f0612bf70590d673c89e3cb570e2fc6c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.12_i386.deb Size/MD5: 133962 50c5afa21c1885b85123ec625ec56ae3 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.12_powerpc.deb Size/MD5: 861224 cf92679fbac1e52c2d8a598ff44f188b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.12_powerpc.deb Size/MD5: 221912 7b83f2457d7cf8d19fd0cb7316d56e0e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.12_powerpc.deb Size/MD5: 217554 5fbbd3b402cdf67e53ba32736ab8053f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.12_powerpc.deb Size/MD5: 221388 dee996cd2f6ebc9145e6011ef53a2ee0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.12_powerpc.deb Size/MD5: 173274 94584b32580ebe3812025aa4afb9c955 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.12_powerpc.deb Size/MD5: 174052 98cb6b1ccf81313ff962bcb5b39ac7d2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.12_powerpc.deb Size/MD5: 105582 c4c9f9cc5720100d6bddd79db1307217 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.12_powerpc.deb Size/MD5: 37896 6b743ca1fca7190d0285566d13bda51d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.12_powerpc.deb Size/MD5: 283142 6a92a690cf5cc721aa63521aad9392cc http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.12_powerpc.deb Size/MD5: 143218 61e6e554125129329aa23caea6ab7d6d sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.12_sparc.deb Size/MD5: 805924 63dbfa9c4db04615df89b1f2c33ef244 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.12_sparc.deb Size/MD5: 212036 92c7ee68d10a57e7a5286330c4949c40 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.12_sparc.deb Size/MD5: 207740 508ef2ff0c8a3ff1957bab5239bd82ca http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.12_sparc.deb Size/MD5: 211424 26d7573f55a65f1c2179a6454a8a2247 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.12_sparc.deb Size/MD5: 173266 3e233d63f56f4db03c8f51fbe59d8bfd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.12_sparc.deb Size/MD5: 174060 86dbedfeba4eae832e919c411303ee29 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.12_sparc.deb Size/MD5: 94908 b5433d52f99b3e6e537e59f1c8d6d9da http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.12_sparc.deb Size/MD5: 37894 5e76d199949e5f9a8325ff3f7a645cd5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.12_sparc.deb Size/MD5: 269530 c1b082f05af3f78475ebf419439def01 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.12_sparc.deb Size/MD5: 131930 0a007c073d905b15132bfc31ccda1798 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.19.diff.gz Size/MD5: 147731 47643f18d53daf8750e4538970c83d07 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.19.dsc Size/MD5: 2046 1376672acd99ef14f01a6a8cc34c4346 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.19_all.deb Size/MD5: 1945340 4d59aa0089912c2624eb180d51b03c14 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.19_all.deb Size/MD5: 73650 77d5950a1c521b641aa72fb166eaa06f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.19_all.deb Size/MD5: 6458166 4e10a40f1f1e579be261f40a7be2e295 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.19_all.deb Size/MD5: 46410 6198a6eba06d945ad9597e82c280d9cb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.19_amd64.deb Size/MD5: 254742 fd54d116879ed6590105b26b01ff0dac http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.19_amd64.deb Size/MD5: 249806 b3b1fae6e7e4dbf28b4d7711aa56e978 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.19_amd64.deb Size/MD5: 254062 36933808b11f1f28501c9c864b399388 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.19_amd64.deb Size/MD5: 209526 bb74dd0a139b249c56d65868a9dc73e8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.19_amd64.deb Size/MD5: 210246 bfd89c9521fecf9ed688249ccbfec002 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.19_amd64.deb Size/MD5: 142524 f1940eea967b918bd45b47caab2f4569 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.19_amd64.deb Size/MD5: 818246 088f766f2ec56ec65bf755554a86b10d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.19_i386.deb Size/MD5: 237310 e10dd07bd6e8c12c6612a49a63b8be7d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.19_i386.deb Size/MD5: 233246 c8fd94e5d140caec9c66794a71549c03 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.19_i386.deb Size/MD5: 236460 14c91ad0347f05d6e7340f6a1f928e27 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.19_i386.deb Size/MD5: 208474 ef4b083322079968262bdcba6b3c6a67 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.19_i386.deb Size/MD5: 209230 c881dc1f09b1f6b44438447aae8f6a9d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.19_i386.deb Size/MD5: 141750 73549c8f179ff90ae2f46b8c0c8b15f8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.19_i386.deb Size/MD5: 771740 b1d59367bfecfac830bae15c80f35220 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.19_lpia.deb Size/MD5: 236226 48998dba63cfeaa6643d70566b3a4b01 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.19_lpia.deb Size/MD5: 231844 92cd164c9cd479000ba26116d3b02528 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.19_lpia.deb Size/MD5: 235380 6467532b910026e940667bb198713aae http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.19_lpia.deb Size/MD5: 206216 3138f3c4b223d1fe380f0225400e01bd http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.19_lpia.deb Size/MD5: 206970 cf900b47ca37e165bf27178bc2ace931 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.19_lpia.deb Size/MD5: 141842 112093d097022b08aed1b5c88124422c http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.19_lpia.deb Size/MD5: 750718 8c133b186cdac6c1ecb4545d6a3e694a powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.19_powerpc.deb Size/MD5: 254768 91f01fceef69cabdec4b757de95158f4 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.19_powerpc.deb Size/MD5: 250222 63f05e66592f62d2737af8d7cbe477b9 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.19_powerpc.deb Size/MD5: 254334 668e26ac957e82ecf2d453785694084b http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.19_powerpc.deb Size/MD5: 206226 18129b8fd8c67956365dcde559bc5d5d http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.19_powerpc.deb Size/MD5: 207008 f472f886b6ef23dd312b6f260ac0ad4a http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.19_powerpc.deb Size/MD5: 159022 cdc450f459faf8aa6e0aeea4302fb482 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.19_powerpc.deb Size/MD5: 907128 ebb5b80e3b8e86d65e737e9233adedf1 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.19_sparc.deb Size/MD5: 238036 08f53aec4792eb86f8703bc0c2704f6f http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.19_sparc.deb Size/MD5: 233776 75ee213b18e3a99bac748634268f5d4f http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.19_sparc.deb Size/MD5: 237202 27b608c9dc3e5e230c43f8f8c3ec700e http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.19_sparc.deb Size/MD5: 206232 5924f7ed7175f472504ef1cf6ce4d86c http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.19_sparc.deb Size/MD5: 206998 3c0e7c38872cef1e334feb1129b2692f http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.19_sparc.deb Size/MD5: 144452 50eaa5db62fba9c3c618b7cabe90a309 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.19_sparc.deb Size/MD5: 766340 8da38a1e49155f52ea46423fe4c4ee06 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.4.diff.gz Size/MD5: 188484 c434b577603818436c5ee70fe88edf0f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.4.dsc Size/MD5: 2553 7abc36d70b6407bf31d0260f8526e905 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz Size/MD5: 6678149 17f017b571f88aa60abebfe2945d7caf Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.4_all.deb Size/MD5: 2246980 8e954b9a42e2fc44d823b610c63103f6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.4_all.deb Size/MD5: 2346 111dc0ced8a829de9835209e392cf3e7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.4_all.deb Size/MD5: 2376 a66e6d805229684af87c68ab069ea266 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.4_all.deb Size/MD5: 2314 0a40f20a353e1880aa3bc30aa875def7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.4_all.deb Size/MD5: 285472 2cf254bff1dd932e27a2f5eb0f2124a8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.4_all.deb Size/MD5: 1424 8200e0af179d043e28c2f13cd5f1238a http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.4_all.deb Size/MD5: 2372 4daddf09fd746f243e1c8e232741cd8b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.4_amd64.deb Size/MD5: 138384 c23f1742d1a4d1ff327012cc58cd28a6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.4_amd64.deb Size/MD5: 139496 80d1bf7089621f9c00605116bd4efb26 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.4_amd64.deb Size/MD5: 157192 3e2876e823a747c961f8b59df1900dc7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.4_amd64.deb Size/MD5: 1406140 f67eb0ab245047eb2719a695b671fa7d http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.4_amd64.deb Size/MD5: 93116 e92b6c82515c6103af4c84178defec73 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.4_amd64.deb Size/MD5: 91618 087b0450f9a88bb5317701537e0007b9 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.4_i386.deb Size/MD5: 137086 9fd8574d5a320f22ce3c83cc9317927e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.4_i386.deb Size/MD5: 138186 d1b822bee829beffc46f8a9aa94199e3 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.4_i386.deb Size/MD5: 155560 0025c5f7797bd018be99822a99119f40 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.4_i386.deb Size/MD5: 1309800 d94bad874d281bab671b0412cf17afb3 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.4_i386.deb Size/MD5: 92244 594282d8a9901fab271fb283b9bc9fbd http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.4_i386.deb Size/MD5: 90682 d4609ceb9bb59604ce158ca6e1014cb4 armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.4_armel.deb Size/MD5: 138226 c907c76b362a7bcf49dbe953071c2c4c http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.4_armel.deb Size/MD5: 139390 241cf4036e1794a425a618596eee14da http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.4_armel.deb Size/MD5: 158704 3258d4b715849de1ce8e43ded000c2e4 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.4_armel.deb Size/MD5: 1272916 b8242bb6da822d44ccec1a8fad064688 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.4_armel.deb Size/MD5: 92320 4b0485fe9f0df0bd32c6e3da0e42a87f http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.4_armel.deb Size/MD5: 90936 e9437ec0e9571f04f72f88dbe8ad369f lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.4_lpia.deb Size/MD5: 137098 2fba573c3a8a0beee6b720ddf7a147fa http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.4_lpia.deb Size/MD5: 138198 37dae52a4c96112916917dabab555b30 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.4_lpia.deb Size/MD5: 155464 dfd5669eafaf325fa75f1e64eb29bfad http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.4_lpia.deb Size/MD5: 1291192 6d4d11afb217b49470a4710eb4566143 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.4_lpia.deb Size/MD5: 92194 44e4c307a00e68e702c52ba8d10c7984 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.4_lpia.deb Size/MD5: 90690 399761c5a6fcd2014b219e7b8cd31d32 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.4_powerpc.deb Size/MD5: 137092 417a344f112a5b13ea5f36a600018d3c http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.4_powerpc.deb Size/MD5: 138196 3e2b46cf25a41c0d4ad1af6b24407c25 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.4_powerpc.deb Size/MD5: 161418 2b41d2b09b03e8e4066194a16774fec1 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.4_powerpc.deb Size/MD5: 1390750 edcd289885e3c92f7694efa4abc6188f http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.4_powerpc.deb Size/MD5: 92754 1c97103bbb049dd7ee8b836fe26b2031 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.4_powerpc.deb Size/MD5: 91142 034979974f2a357218bf614d882cfa23 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.4_sparc.deb Size/MD5: 137088 058fccf694c50b3852c281f0fa701e66 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.4_sparc.deb Size/MD5: 138186 625a413761fd36b9bf7755cab9a97118 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.4_sparc.deb Size/MD5: 159860 a1efd79d8fba8be9477305d221e43334 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.4_sparc.deb Size/MD5: 1298622 f2256441099614d6e416338cc05c6794 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.4_sparc.deb Size/MD5: 92524 61dc9b0d61de14659665b5b2908c0df6 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.4_sparc.deb Size/MD5: 90922 a843867aac530a79cda6005ed54a4ff1 Updated packages for Ubuntu 10.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.4.diff.gz Size/MD5: 214170 04cbe3e7dbcc5b4ddd35b21d0a3c3a21 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.4.dsc Size/MD5: 2697 97667571f87fad4f3bf780660bc8c9c2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14.orig.tar.gz Size/MD5: 6684081 2c1e3c7ba00bcaa0163da7b3e66aaa1e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.14-5ubuntu8.4_all.deb Size/MD5: 2257806 5ee35fe75e4686cf2c07ca2182e98763 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.4_amd64.deb Size/MD5: 2396 3495d9a0b12b11e9b84367f88154f25c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.4_amd64.deb Size/MD5: 2420 83460dfe877ea3410b48369f4a34af98 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.4_amd64.deb Size/MD5: 2366 e672be8888f996c88ecc89a7028e1627 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.4_amd64.deb Size/MD5: 136256 98cb1e84d40d909d4d0ad4aca6f30de2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.4_amd64.deb Size/MD5: 137296 515247ff5030aa36b60adba52442c740 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.4_amd64.deb Size/MD5: 161144 2bb237d9a4439f423f4fa114a2525a12 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.4_amd64.deb Size/MD5: 2730470 eab39d33b994199d36ebb957a123dbd4 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.4_amd64.deb Size/MD5: 290016 fddb6361852490101e224a7c1f82f05c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.4_amd64.deb Size/MD5: 1478 b7c29c953866efbc2ec4175fcf487f20 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.4_amd64.deb Size/MD5: 2416 9a58afd42551ead0286ed61d8d759480 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.4_amd64.deb Size/MD5: 96900 bac870aae281673809371b223e98730e http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.4_amd64.deb Size/MD5: 95280 a137d32d18872d9536e13f07ec6fd9b4 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.4_i386.deb Size/MD5: 2398 4970639c8f7929558a4f178918c71ed0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.4_i386.deb Size/MD5: 2426 46c5fa6d2335809a08df67ff56601eb2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.4_i386.deb Size/MD5: 2372 9a2309b55f8ff81d6910ba3e90768823 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.4_i386.deb Size/MD5: 136280 a34b804f15dd99cce4fef5d25176fb74 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.4_i386.deb Size/MD5: 137320 1c54433a0a33c3e3ed19201dc76e9f58 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.4_i386.deb Size/MD5: 159676 e2d37adb96e9617fbb1c8b969b1437da http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.4_i386.deb Size/MD5: 2622444 7516dddc543f6cb5f94b68c17912410e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.4_i386.deb Size/MD5: 290042 b12f37c292398c2a72251d3435ae4221 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.4_i386.deb Size/MD5: 1484 19ff1abb2167ccc156a684b18806c75d http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.4_i386.deb Size/MD5: 2422 cb08e644167f4d921256f14350be3574 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.4_i386.deb Size/MD5: 96256 7037d8cbe08da992b954dd8c0b40d772 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.4_i386.deb Size/MD5: 94688 4cd9bef52d2e6dc5b69e2feb22a53bb4 armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.4_armel.deb Size/MD5: 2418 7b269901e2ee8330bb9c663fd87a52f2 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.4_armel.deb Size/MD5: 2450 0eb9823e5732b2609b1bab4a9a015396 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.4_armel.deb Size/MD5: 2388 d36eeb0ff65a2ad7f77b711bd2b15536 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.4_armel.deb Size/MD5: 137490 fbbc19f8ec3b8e265806bbad838015f3 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.4_armel.deb Size/MD5: 138604 58930629457b7cbcb7bb376787cd58d1 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.4_armel.deb Size/MD5: 166036 11bb48cedf436f4f4165c91dd455cd0a http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.4_armel.deb Size/MD5: 2570184 bf5c8de7bd17f69c38f3c010aa6d0687 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.4_armel.deb Size/MD5: 296804 b7e72993adef3bb5ebccd01618f6497c http://ports.ubuntu.com/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.4_armel.deb Size/MD5: 1484 b666a37339a59449994e13eed862dcf8 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.4_armel.deb Size/MD5: 2430 b6db059708469f9a5e5ad6442b555632 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.4_armel.deb Size/MD5: 96048 9552f51119734d54d191de544648824e http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.4_armel.deb Size/MD5: 94420 e2ec6d54b05f732b5f6beda813050216 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.4_powerpc.deb Size/MD5: 2400 6d0d60a2ba2b0614f84c29615c2fab68 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.4_powerpc.deb Size/MD5: 2426 7b241f8cf87d2d1a2e0609d59233315f http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.4_powerpc.deb Size/MD5: 2370 7b7d53516231e64e9e33fcdb21fb79c8 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.4_powerpc.deb Size/MD5: 136286 ee325a5dadbfc853bb85833f4a9697a0 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.4_powerpc.deb Size/MD5: 137326 bafa0e2940b070741e9925d45b9929eb http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.4_powerpc.deb Size/MD5: 165972 7a162a07a604396bb869e48349987f20 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.4_powerpc.deb Size/MD5: 2765528 6433cf125eb9e0ef3d0e2f21d47a35e1 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.4_powerpc.deb Size/MD5: 290060 73c20ef9768548a99340075e5c62ad47 http://ports.ubuntu.com/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.4_powerpc.deb Size/MD5: 1482 68dd440815d96cc7c79e9b113c298432 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.4_powerpc.deb Size/MD5: 2422 d35130d8b0d0e64f240cc3d5838ec4dd http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.4_powerpc.deb Size/MD5: 96814 acc862b8a8fd0cce9968fe096c44d5e2 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.4_powerpc.deb Size/MD5: 95158 f60b2c25b5a1b01b1bb0a2b493cd6d02 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.4_sparc.deb Size/MD5: 2398 6929b88c9e44d507ab0e03865c1edb8e http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.4_sparc.deb Size/MD5: 2428 bab8d175709b58469ad9bcbf6a37fa75 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.4_sparc.deb Size/MD5: 2374 dd6508665c6085db3d481c301106b1ea http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.4_sparc.deb Size/MD5: 136266 17359c6d663f70cc875bc132e605bbcd http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.4_sparc.deb Size/MD5: 137304 fdadd775a849f1d509e3c06e897b16a1 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.4_sparc.deb Size/MD5: 165934 0038d53032dd272071361e87baa6b3db http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.4_sparc.deb Size/MD5: 2593250 834feb1137b15ed401121da6a3dde53e http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.4_sparc.deb Size/MD5: 290046 ccb65f6f739901f563c594b6ede83d14 http://ports.ubuntu.com/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.4_sparc.deb Size/MD5: 1484 7364939ba13e0485a429f4cb0778401f http://ports.ubuntu.com/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.4_sparc.deb Size/MD5: 2426 39ad9b647530c6a093f3af4e057186db http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.4_sparc.deb Size/MD5: 96708 1d9a1e4af412fce2ef9e8d59e76ba701 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.4_sparc.deb Size/MD5: 95030 24cae3e808f72d139e8c8f9a0a1a5f38 Updated packages for Ubuntu 10.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.16-1ubuntu3.1.diff.gz Size/MD5: 210573 e26889953d3627e2422fec608fc80c3d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.16-1ubuntu3.1.dsc Size/MD5: 2686 ea9a620794423fa14751e5cd43fa4ca5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.16.orig.tar.gz Size/MD5: 6369022 7f33f2c8b213ad758c009ae46d2795ed Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.16-1ubuntu3.1_all.deb Size/MD5: 2281132 494153ffbed2685dde1f6916f2a08cca amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.16-1ubuntu3.1_amd64.deb Size/MD5: 2346 00e768131218fed520005c54e40e003d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.16-1ubuntu3.1_amd64.deb Size/MD5: 2374 3d95d9e31bea8d0806c6eec320ac15cb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.16-1ubuntu3.1_amd64.deb Size/MD5: 2318 ca7c42028becd3dc67b57e7bef8ef10a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.16-1ubuntu3.1_amd64.deb Size/MD5: 136352 9c6890b3ea07d4bdb3bf61434331eea1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.16-1ubuntu3.1_amd64.deb Size/MD5: 137404 47b6cf10e5d1d2f6694f7e66075bb78d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.16-1ubuntu3.1_amd64.deb Size/MD5: 164446 051b56eca89069afe34fa087d61c733c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.16-1ubuntu3.1_amd64.deb Size/MD5: 2708768 c39117c9b15969612466f50b447c83fb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.16-1ubuntu3.1_amd64.deb Size/MD5: 301360 1dd5f68877240b580f4170eb8899ee78 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.16-1ubuntu3.1_amd64.deb Size/MD5: 1480 bf4687f34a36e2dd5fd6abeb8b4d4f95 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.16-1ubuntu3.1_amd64.deb Size/MD5: 2372 1f19a348c1d7b3ed9d6f0878b5b272e9 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.16-1ubuntu3.1_amd64.deb Size/MD5: 63248 fe1af941aa4eb9131ccccdba0e1f1d39 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.16-1ubuntu3.1_amd64.deb Size/MD5: 61608 470342447d4ac4918f1b1d085dff3145 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.16-1ubuntu3.1_i386.deb Size/MD5: 2348 08f85de3ba757debc03542b7fc8bb7f2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.16-1ubuntu3.1_i386.deb Size/MD5: 2370 ddc38a5cdc523d48f3b2245d15fab0e1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.16-1ubuntu3.1_i386.deb Size/MD5: 2318 10262b0fe6e8f4711dcf4f78e554ce48 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.16-1ubuntu3.1_i386.deb Size/MD5: 136346 8df092b1962d1f1b1a0fc2515ecba1ff http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.16-1ubuntu3.1_i386.deb Size/MD5: 137398 7f456e656957af71a105b354c82da467 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.16-1ubuntu3.1_i386.deb Size/MD5: 162926 543ef93eca3885696733bdb701a90f11 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.16-1ubuntu3.1_i386.deb Size/MD5: 2599636 de6c8c71455af7457b3d5aed41f6a6a1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.16-1ubuntu3.1_i386.deb Size/MD5: 301338 0e03201bef1db838eae11578c300639c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.16-1ubuntu3.1_i386.deb Size/MD5: 1484 b9ab3e6acb3d599d3fe5151c99d4ed9b http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.16-1ubuntu3.1_i386.deb Size/MD5: 2372 99101004b20ee162d8756260db08f3c6 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.16-1ubuntu3.1_i386.deb Size/MD5: 62616 223469805f5385cc39303d40e15fde9f http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.16-1ubuntu3.1_i386.deb Size/MD5: 61084 9bc45e0880ce5040fefe8bd69a43a336 armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.16-1ubuntu3.1_armel.deb Size/MD5: 2358 76401e331821ff276e7644756b27d226 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.16-1ubuntu3.1_armel.deb Size/MD5: 2386 e27b65bb92caa4de4454244ace916b5a http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.16-1ubuntu3.1_armel.deb Size/MD5: 2330 b930ca53ad10db075535a85b3c65998e http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.16-1ubuntu3.1_armel.deb Size/MD5: 137000 58a0c4cd01b9a74d6c70331910d3f675 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.16-1ubuntu3.1_armel.deb Size/MD5: 137980 f9abd743069a6a5b0d3d12b7b3f394bf http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.16-1ubuntu3.1_armel.deb Size/MD5: 171270 41c4177586990d5b0ffb6d400143dd05 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.16-1ubuntu3.1_armel.deb Size/MD5: 2597444 f39c0e92a9d29b576481f5aefa092942 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.16-1ubuntu3.1_armel.deb Size/MD5: 308998 e065288aef4c6eff945d875dc3ac0cfd http://ports.ubuntu.com/pool/main/a/apache2/apache2_2.2.16-1ubuntu3.1_armel.deb Size/MD5: 1484 a139b1e561a9e9aa5363b9c06a0b6850 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-mpm-itk_2.2.16-1ubuntu3.1_armel.deb Size/MD5: 2388 9ec0b59a116e500e700c196ef84afadf http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.16-1ubuntu3.1_armel.deb Size/MD5: 62568 d1354d5a2b5bc2007b7b0dfe0f7dd029 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.16-1ubuntu3.1_armel.deb Size/MD5: 61040 5c9f05ef22ab25d170adde8fc3ac1baa powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.16-1ubuntu3.1_powerpc.deb Size/MD5: 2356 e8d3ec459e0e6f561b512c43b5883261 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.16-1ubuntu3.1_powerpc.deb Size/MD5: 2376 090d1fa0b687fd98ef9c8a57d6436a46 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.16-1ubuntu3.1_powerpc.deb Size/MD5: 2328 eb2755e9de3df3adfdd0df8e139f8fd7 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.16-1ubuntu3.1_powerpc.deb Size/MD5: 136376 04fea44be8c57e9aac5c65692a98a33c http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.16-1ubuntu3.1_powerpc.deb Size/MD5: 137430 f773f801e1b1fb3cbfbcfe4199f1c708 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.16-1ubuntu3.1_powerpc.deb Size/MD5: 169084 8554332e458f686edd300669e824430a http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.16-1ubuntu3.1_powerpc.deb Size/MD5: 2746688 692017e3371da59f57290dd720ec513e http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.16-1ubuntu3.1_powerpc.deb Size/MD5: 301376 aadf2f481ad35398288c1bf4f89f6d6e http://ports.ubuntu.com/pool/main/a/apache2/apache2_2.2.16-1ubuntu3.1_powerpc.deb Size/MD5: 1490 3364ae2f5f0388fb16de7d0927b0a17c http://ports.ubuntu.com/pool/universe/a/apache2/apache2-mpm-itk_2.2.16-1ubuntu3.1_powerpc.deb Size/MD5: 2376 09345c3706b6106802bbfa01ee2e8f52 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.16-1ubuntu3.1_powerpc.deb Size/MD5: 63140 8163a71079cbc6f0aa8e004ddf082b2d http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.16-1ubuntu3.1_powerpc.deb Size/MD5: 61554 3d5ddc7250edc6c9d36b8323b8bb53c9

The 3Com H3C S3600/S3100 is an intelligent, resilient Ethernet switch designed and developed based on the IToIP concept. The 3Com H3C S3600/S3100 series switches have security vulnerabilities that allow malicious users to perform denial of service attacks. When there is an error in processing DHCP messages, submitting a specially constructed BOOTP or DHCP message without the \"Discover\" (53) option can cause the device to reset. To successfully exploit the vulnerability, DHCP sniffing needs to be enabled. ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: 3Com H3C 3100 / 3600 Switches DHCP Denial of Service Vulnerability SECUNIA ADVISORY ID: SA41531 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41531/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41531 RELEASE DATE: 2010-09-30 DISCUSS ADVISORY: http://secunia.com/advisories/41531/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41531/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41531 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in 3Com H3C 3100 and 3600 Series switches, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is reported in the following products: * 3Com H3C S3100-EI * 3Com H3C S3600-SI * 3Com H3C S3600-EI SOLUTION: Update to the latest version. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: 3Com (LSOD10083, LSOD10084): http://support.3com.com/documents/93010/H3C_S3600EI_CMW3.10.R1702P18_Release_Notes.pdf http://support.3com.com/documents/93010/H3C_S3100EI_CMW3.10.R2211P06_Release_Notes.pdf http://support.3com.com/documents/93010/H3C_S3600SI_CMW3.10.R1702P18_Release_Notes.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453. Synology DiskStation (DSM) is a network storage server (NAS) from Synology, which can be used as a file sharing center in a local area network

Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a "web commands injection" issue. Synology DiskStation Manager is prone to multiple HTML-injection vulnerabilities because the device's web-based administration application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Synology DiskStation Manager 2.x is vulnerable; other versions may also be affected. Synology DiskStation (DSM) is a network storage server (NAS) from Synology, which can be used as a file sharing center in a local area network. Check Point Software Technologies - Vulnerability Discovery Team (VDT) http://www.checkpoint.com/defense/ Web commands injection through FTP Login in Synology Disk Station CVE-2010-2453 INTRODUCTION Synology Inc develops high-performance, reliable, versatile, and environmentally-friendly Network Attached Storage (NAS) products. Synology's goal is to deliver user-friendly storage solutions and solid customer service to satisfy the needs of businesses, home offices, individual users and families. The disk station product provided by Synology as Network Attached Storage is vulnerable to multiple vulnerabilities including the possibility of remote command execution via CSRF (Cross Site Request Forging) through FTP login console. The FTP server is provided as a configurable service through web interface which provides backend access to manage the disks station. The problem occurs in the FTP logging mechanism together with the admin interface used to view those logs. The FTP console input in the form username and password gets logged in the web application interface. This problem was confirmed in the following versions of Synology Disk Station, other versions may be also affected. Synology Disk Station 2.x Synology issued an update for this vulnerability in the release DSM3.0-1337. CVSS Scoring System The CVSS score is: 9.5 Base Score: 10 Temporal Score: 9.5 We used the following values to calculate the scores: Base score is: AV:N/AC:L/Au:N/C:C/I:C/A:C Temporal score is: E:F/RL:U/RC:C DETAILS There are four steps for exploitation, specified here together with the identified problem: 1. The attacker can inject malicious input from the FTP login console. As the authentication credentials are inappropriate the FTP authentication module generates error and the requisite input is logged in to the web interface of the disk station. 2. Secondly the FTP logging module is not designed appropriately and the content comes from the FTP login console is directly placed into the log window without verification of the Content-Type parameter. The content is allowed to be rendered as HTML, Script etc. An attacker can inject malicious HTML tags, DOM calls, third part y scripts, CSRF calls that gets executed in the context of logged in account which is administering it. 3. Usually log mechanism is handled by the admin account. The chances of code execution and injection fulfillment are high within full privileges as of administrator. So any code injected by the attacker becomes persistent in most of the cases and remain there for execution. Moreover CSRF code with malicious calls can be executed without user interaction. 4. Attacker has to be well versed in directory structure of the disk station manager so that injections can be made according to that and further operations can be performed. The FTP servers accept username string upto 80-100 characters which is good enough to craft injections to get the things done The scripts can be inserted from local domain or LAN or third party source to inject arbitrary code. C:\Users\Administrator>ftp example.com Connected to example.com. 220 Disk Station FTP server at DiskStation ready. User (example.com:(none)): "/><script>alert("Check Point VDT"</script> 331 Password required for "/><script>alert("Check Point VDT"</script> Password: 530 Login incorrect. Login failed. ftp> Invalid command. ftp> bye 421 Timeout (300 seconds): closing control connection. In order to determine the size of the allowed input string, we can do: C:\Users\Administrator>ftp example.com Connected to example.com. 220 Disk Station FTP server at DiskStation ready. User (example.com:(none)): AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -> Our input 331 Password required for AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA. -> The total lenght really used Password: 530 Login incorrect. Login failed. ftp> Invalid command. ftp> bye 421 Timeout (300 seconds): closing control connection. CREDITS This vulnerability was discovered and researched by Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT) and Aditya K. Sood from Secniche. Best Regards, Rodrigo. -- Rodrigo Rubira Branco Senior Security Researcher Vulnerability Discovery Team (VDT) Check Point Software Technologies _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

The SAP Management Console is a management console for SAP products. A security vulnerability exists in the SAP Management Console that allows an attacker to exploit this vulnerability to trigger a null pointer application, destroy the primary management interface, and perform a denial of service attack. Due to the nature of this issue, arbitrary code execution may be possible; this has not been confirmed

Ipswitch IMail Server is a mail server bundled with the Ipswitch collaboration component. IMail Server has multiple security vulnerabilities that allow an attacker to conduct a denial of service attack. 1) SmtpDLL.dll has two boundary errors. Sending an email containing a specially constructed sender (\"FROM:\" field) can cause the queue management service (queuemgr.exe) to crash. To successfully exploit the vulnerability you need to enable \"Copy All Mail To:\" and archive via SMTP options. 2) IMailSrv.exe has a boundary error when processing some spool files, and sends a specially constructed email, such as containing multiple \"Reply-To:\" or \"Resent-From:\" header fields to the SMTP service, which can trigger stack-based buffering. Area overflow. This vulnerability can be used to generate multiple windows crash dialogs or to write disk space with a spool file.

Unspecified vulnerability in the H.323 implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 2.5.x before 2.5.2 and 2.6.x before 2.6.1, allows remote attackers to cause a denial of service (traceback and device reload) via crafted H.323 packets, aka Bug ID CSCtd33567. Cisco IOS of H.323 For implementation, H.323 Service operation disruption due to incomplete packet processing (DoS) There is a vulnerability that becomes a condition. The problem is Bug ID : CSCtd33567 It is a problem.Skillfully crafted by a third party H.323 Service disruption via packets (DoS) There is a possibility of being put into a state. Cisco IOS is prone to an unspecified remote denial-of-service vulnerability. An attacker can exploit this issue to cause the affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCtd33567. ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: cisco-sa-20100922-h323: http://www.cisco.com/warp/public/707/cisco-sa-20100922-h323.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Cisco has released free software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities other than disabling H.323 on the vulnerable device. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100922-h323.shtml Note: The September 22, 2010, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 22, 2010, or earlier: http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html Affected Products ================= These vulnerabilities only affect devices that are running Cisco IOS Software with H.323 voice services enabled. Vulnerable Products +------------------ Cisco devices that are running affected Cisco IOS Software versions that are configured to process H.323 messages are affected by these vulnerabilities. H.323 is not enabled by default. To determine if the Cisco IOS Software device is running H.323 services, issue the show process cpu | include H323 command, as shown in this example: Router# show process cpu | include H323 249 16000 3 5333 0.00% 0.00% 0.00% 0 CCH323_CT 250 0 1 0 0.00% 0.00% 0.00% 0 CCH323_DNS Router# In the previous example the processes CCH323_CT and CCH323_DNS are running on the device; therefore, the device is listening to H.323 messages. The device is vulnerable if any of these processes (or similar) are active. Note: Creating a dial peer by issuing the dial-peer voice command will start the H.323 processes, which causes the Cisco IOS device to process H.323 messages. To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L: Router# show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 14:39 by dchih !--- output truncated The following example identifies a Cisco product that is running Cisco IOS Software Release 12.4(20)T with an installed image name of C1841-ADVENTERPRISEK9-M: Router# show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 10-Jul-08 20:25 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS Reference Guide" at the following link: http://www.cisco.com/web/about/security/intelligence/ios-ref.html Products Confirmed Not Vulnerable +-------------------------------- Cisco IOS XR Software is not affected by these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities. Details ======= H.323 is the International Telecommunication Union (ITU) standard for real-time multimedia communications and conferencing over packet-based (IP) networks. A subset of the H.323 standard is H.225.0, a standard that is used for call signaling protocols and media stream packetization over IP networks. An attacker can exploit these vulnerabilities remotely by sending crafted H.323 packets to an affected device that is running Cisco IOS Software. A TCP three-way handshake is required to exploit these vulnerabilities. These vulnerabilities are documented in Cisco Bug IDs CSCtc73759 ( registered customers only) and CSCtd33567 ( registered customers only) , and have been assigned Common Vulnerabilities and Exposures (CVE) IDs CVE-2010-2828 and CVE-2010-2829, respectively. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCtc73759 - Device crashing upon receipt of specific traffic CVSS Base Score - 7.8 Access Vector Network Access Complexity Low Authentication None Confidentiality Impact None Integrity Impact None Availability Impact Complete CVSS Temporal Score - 6.4 Exploitability Functional Remediation Level Official Fix Report Confidence Confirmed CSCtd33567 - Traceback seen when receiving crafted H.323 packets CVSS Base Score - 7.8 Access Vector Network Access Complexity Low Authentication None Confidentiality Impact None Integrity Impact None Availability Impact Complete CVSS Temporal Score - 6.4 Exploitability Functional Remediation Level Official Fix Report Confidence Confirmed Impact ====== Successful exploitation of the vulnerabilities described in this advisory may cause the affected device to reload. Theses vulnerabilities could be exploited repeatedly to cause an extended DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Each row of the following Cisco IOS Software table corresponds to a Cisco IOS Software train. If a particular train is vulnerable, the earliest releases that contain the fix are listed in the First Fixed Release For This Advisory column. The First Fixed Release for All Advisories in the September 2010 Bundle Publication column lists the earliest possible releases that correct all the published vulnerabilities in the Cisco IOS Software Security Advisory bundled publication. Cisco recommends upgrading to the latest available release, where possible. +--------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+-------------------------------------------------------| | Affected | | First Fixed Release for | | 12.0-Based | First Fixed Release for | All Advisories in the | | Releases | This Advisory | September 2010 Bundle | | | | Publication | |--------------------------------------------------------------------| | There are no affected 12.0-based releases | |--------------------------------------------------------------------| | Affected | | First Fixed Release for | | 12.1-Based | First Fixed Release for | All Advisories in the | | Releases | This Advisory | September 2010 Bundle | | | | Publication | |------------+---------------------------+---------------------------| | | | Vulnerable; first fixed | | | | in 12.4T | | 12.1 | Not Vulnerable | | | | | Releases up to and | | | | including 12.1(4b) are | | | | not vulnerable. | |------------+---------------------------+---------------------------| | 12.1AA | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1AX | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1AY | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1AZ | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1CX | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1DA | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1DB | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1DC | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1E | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1EA | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1EB | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1EC | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1EO | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1EU | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1EV | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1EW | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1EX | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1EY | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1EZ | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1GA | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1GB | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | | 12.1T | | | | | Releases up to and | Releases up to and | | | including 12.1(3a)T8 are | including 12.1(3a)T8 are | | | not vulnerable. | not vulnerable. | |------------+---------------------------+---------------------------| | 12.1XA | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1XB | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1XC | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1XD | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1XE | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1XF | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1XG | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1XH | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1XI | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.1XJ | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.1XL | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.1XM | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.1XP | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.1XQ | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.1XR | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | | 12.1XS | | | | | Releases up to and | Releases up to and | | | including 12.1(3)XS are | including 12.1(3)XS are | | | not vulnerable. | not vulnerable. | |------------+---------------------------+---------------------------| | | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | | 12.1XT | | | | | Releases up to and | Releases up to and | | | including 12.1(2)XT2 are | including 12.1(2)XT2 are | | | not vulnerable. | not vulnerable. | |------------+---------------------------+---------------------------| | 12.1XU | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.1XV | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.1XW | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1XX | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | | 12.1XY | | | | | Releases up to and | Releases up to and | | | including 12.1(4)XY are | including 12.1(4)XY are | | | not vulnerable. | not vulnerable. | |------------+---------------------------+---------------------------| | 12.1XZ | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.1YA | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.1YB | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.1YC | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.1YD | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | | Releases prior to 12.1(5) | Releases prior to 12.1(5) | | | YE6 are vulnerable, | YE6 are vulnerable, | | 12.1YE | release 12.1(5)YE6 and | release 12.1(5)YE6 and | | | later are not vulnerable; | later are not vulnerable; | | | first fixed in 12.4 | first fixed in 12.4T | |------------+---------------------------+---------------------------| | 12.1YF | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.1YH | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.1YI | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | 12.1YJ | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | Affected | | First Fixed Release for | | 12.2-Based | First Fixed Release for | All Advisories in the | | Releases | This Advisory | September 2010 Bundle | | | | Publication | |------------+---------------------------+---------------------------| | 12.2 | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | | 12.2B | | | | | Releases up to and | Releases up to and | | | including 12.2(2)B7 are | including 12.2(2)B7 are | | | not vulnerable. | not vulnerable. | |------------+---------------------------+---------------------------| | 12.2BC | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2BW | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.2SB | in 12.2SB | | 12.2BX | | | | | Releases up to and | Releases up to and | | | including 12.2(15)BX are | including 12.2(15)BX are | | | not vulnerable. | not vulnerable. | |------------+---------------------------+---------------------------| | | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | | 12.2BY | | | | | Releases up to and | Releases up to and | | | including 12.2(2)BY3 are | including 12.2(2)BY3 are | | | not vulnerable. | not vulnerable. | |------------+---------------------------+---------------------------| | 12.2BZ | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2CX | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2CY | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.2CZ | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | 12.2DA | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2DD | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.2DX | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.2EW | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2EWA | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2EX | Vulnerable; migrate to | Not Vulnerable | | | any release in 12.2SE | | |------------+---------------------------+---------------------------| | 12.2EY | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2EZ | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2FX | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2FY | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2FZ | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IRA | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+---------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IRB | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+---------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IRC | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+---------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IRD | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+---------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IRE | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+---------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IXA | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+---------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IXB | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+---------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IXC | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+---------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IXD | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+---------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IXE | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+---------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IXF | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+---------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IXG | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+---------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IXH | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+---------------------------+---------------------------| | 12.2JA | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2JK | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2MB | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | | Releases up to and | Releases up to and | | | including 12.2(15)MC1 are | including 12.2(15)MC1 are | | | not vulnerable. | not vulnerable. Releases | | 12.2MC | | 12.2(15)MC2b and later | | | Releases 12.2(15)MC2b and | are not vulnerable; first | | | later are not vulnerable; | fixed in 12.4T | | | first fixed in 12.4 | | |------------+---------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2MRA | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+---------------------------+---------------------------| | 12.2MRB | Not Vulnerable | 12.2(33)MRB2 | |------------+---------------------------+---------------------------| | | Releases prior to 12.2 | Releases prior to 12.2 | | 12.2S | (30)S are vulnerable, | (30)S are vulnerable, | | | release 12.2(30)S and | release 12.2(30)S and | | | later are not vulnerable | later are not vulnerable | |------------+---------------------------+---------------------------| | | 12.2(31)SB19 | 12.2(31)SB19 | | | | | | 12.2SB | Releases prior to 12.2 | Releases prior to 12.2 | | | (33)SB5 are vulnerable, | (33)SB5 are vulnerable, | | | release 12.2(33)SB5 and | release 12.2(33)SB5 and | | | later are not vulnerable | later are not vulnerable | |------------+---------------------------+---------------------------| | 12.2SBC | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.2SB | in 12.2SB | |------------+---------------------------+---------------------------| | 12.2SCA | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.2SCB | in 12.2SCB | |------------+---------------------------+---------------------------| | | 12.2(33)SCB10 | | | | | | | 12.2SCB | 12.2(33)SCB9 | 12.2(33)SCB9 | | | | | | | 12.2(33)SCB8 | | |------------+---------------------------+---------------------------| | | 12.2(33)SCC5 | | | 12.2SCC | | 12.2(33)SCC5 | | | 12.2(33)SCC4 | | |------------+---------------------------+---------------------------| | | 12.2(33)SCD3 | | | 12.2SCD | | 12.2(33)SCD3 | | | 12.2(33)SCD4 | | |------------+---------------------------+---------------------------| | 12.2SE | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2SEA | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2SEB | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2SEC | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2SED | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2SEE | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2SEF | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2SEG | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | | Releases prior to 12.2 | Releases prior to 12.2 | | | (40)SG are vulnerable, | (40)SG are vulnerable, | | 12.2SG | release 12.2(40)SG and | release 12.2(40)SG and | | | later are not vulnerable; | later are not vulnerable; | | | migrate to any release in | migrate to any release in | | | 12.2SGA | 12.2SGA | |------------+---------------------------+---------------------------| | 12.2SGA | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2SL | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2SM | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2SO | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2SQ | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | | Releases prior to 12.2 | Releases prior to 12.2 | | 12.2SRA | (33)SRA6 are vulnerable, | (33)SRA6 are vulnerable, | | | release 12.2(33)SRA6 and | release 12.2(33)SRA6 and | | | later are not vulnerable | later are not vulnerable | |------------+---------------------------+---------------------------| | | Releases prior to 12.2 | Releases prior to 12.2 | | 12.2SRB | (33)SRB1 are vulnerable, | (33)SRB1 are vulnerable, | | | release 12.2(33)SRB1 and | release 12.2(33)SRB1 and | | | later are not vulnerable | later are not vulnerable | |------------+---------------------------+---------------------------| | 12.2SRC | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2SRD | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2SRE | Not Vulnerable | 12.2(33)SRE1 | |------------+---------------------------+---------------------------| | 12.2STE | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2SU | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | | Releases prior to 12.2 | Releases prior to 12.2 | | | (29b)SV1 are vulnerable, | (29b)SV1 are vulnerable, | | 12.2SV | release 12.2(29b)SV1 and | release 12.2(29b)SV1 and | | | later are not vulnerable; | later are not vulnerable; | | | migrate to any release in | migrate to any release in | | | 12.2SVD | 12.2SVD | |------------+---------------------------+---------------------------| | 12.2SVA | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2SVC | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2SVD | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2SVE | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | | Releases up to and | Releases up to and | | | including 12.2(21)SW1 are | including 12.2(21)SW1 are | | | not vulnerable. | not vulnerable. Releases | | 12.2SW | | 12.2(25)SW12 and later | | | Releases 12.2(25)SW12 and | are not vulnerable; first | | | later are not vulnerable; | fixed in 12.4T | | | first fixed in 12.4T | | |------------+---------------------------+---------------------------| | | | Releases up to and | | 12.2SX | Not Vulnerable | including 12.2(14)SX2 are | | | | not vulnerable. | |------------+---------------------------+---------------------------| | | Releases prior to 12.2 | Vulnerable; Contact your | | | (17b)SXA2 are vulnerable, | support organization per | | 12.2SXA | release 12.2(17b)SXA2 and | the instructions in | | | later are not vulnerable | Obtaining Fixed Software | | | | section of this advisory | |------------+---------------------------+---------------------------| | | Releases prior to 12.2 | Vulnerable; Contact your | | | (17d)SXB7 are vulnerable, | support organization per | | 12.2SXB | release 12.2(17d)SXB7 and | the instructions in | | | later are not vulnerable; | Obtaining Fixed Software | | | migrate to any release in | section of this advisory | | | 12.2SXE | | |------------+---------------------------+---------------------------| | | Releases prior to 12.2 | Vulnerable; Contact your | | | (18)SXD2 are vulnerable, | support organization per | | 12.2SXD | release 12.2(18)SXD2 and | the instructions in | | | later are not vulnerable | Obtaining Fixed Software | | | | section of this advisory | |------------+---------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2SXE | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+---------------------------+---------------------------| | | Only 12.2(18)SXF7 and | Releases prior to 12.2 | | 12.2SXF | 12.2(18)SXF8 are | (18)SXF11 are vulnerable, | | | vulnerable | release 12.2(18)SXF11 and | | | | later are not vulnerable | |------------+---------------------------+---------------------------| | 12.2SXH | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2SXI | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | | | | support organization per | | | 12.2SY | the instructions in | Not Vulnerable | | | Obtaining Fixed Software | | | | section of this advisory | | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.2SZ | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | 12.2T | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.2TPC | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | | Vulnerable; first fixed | | | | in 12.4 | | | 12.2XA | | Vulnerable; first fixed | | | Releases up to and | in 12.4T | | | including 12.2(1)XA are | | | | not vulnerable. | | |------------+---------------------------+---------------------------| | 12.2XB | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.2XC | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.2XD | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.2XE | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2XF | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2XG | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.2XH | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.2XI | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.2XJ | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.2XK | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.2XL | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.2XM | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | | Releases prior to 12.2 | | | | (33)XN1 are vulnerable, | Vulnerable; first fixed | | 12.2XN | release 12.2(33)XN1 and | in 12.2SB | | | later are not vulnerable; | | | | first fixed in 12.2SB | | |------------+---------------------------+---------------------------| | 12.2XNA | Please see Cisco IOS-XE | Please see Cisco IOS-XE | | | Software Availability | Software Availability | |------------+---------------------------+---------------------------| | 12.2XNB | Please see Cisco IOS-XE | Please see Cisco IOS-XE | | | Software Availability | Software Availability | |------------+---------------------------+---------------------------| | 12.2XNC | Please see Cisco IOS-XE | Please see Cisco IOS-XE | | | Software Availability | Software Availability | |------------+---------------------------+---------------------------| | 12.2XND | Please see Cisco IOS-XE | Please see Cisco IOS-XE | | | Software Availability | Software Availability | |------------+---------------------------+---------------------------| | 12.2XNE | Please see Cisco IOS-XE | Please see Cisco IOS-XE | | | Software Availability | Software Availability | |------------+---------------------------+---------------------------| | 12.2XNF | Please see Cisco IOS-XE | Please see Cisco IOS-XE | | | Software Availability | Software Availability | |------------+---------------------------+---------------------------| | 12.2XO | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2XQ | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.2XR | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2XS | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.2XT | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.2XU | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.2XV | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.2XW | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.2YA | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.2YB | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.2YC | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.2YD | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.2YE | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.2YF | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | 12.2YG | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.2YH | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.2YJ | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.2YK | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.2YL | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | 12.2YM | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.2YN | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | | | | support organization per | | | 12.2YO | the instructions in | Not Vulnerable | | | Obtaining Fixed Software | | | | section of this advisory | | |------------+---------------------------+---------------------------| | 12.2YP | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2YQ | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2YR | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2YS | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.2YT | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.2YU | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | | Releases prior to 12.2 | Releases prior to 12.2 | | 12.2YV | (11)YV1 are vulnerable, | (11)YV1 are vulnerable, | | | release 12.2(11)YV1 and | release 12.2(11)YV1 and | | | later are not vulnerable | later are not vulnerable | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.2YW | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.2YX | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.2YY | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.2YZ | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | 12.2ZA | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | | Releases up to and | Releases up to and | | 12.2ZB | including 12.2(8)ZB are | including 12.2(8)ZB are | | | not vulnerable. | not vulnerable. | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.2ZC | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.2ZD | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | 12.2ZE | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.2ZF | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.2ZG | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.2ZH | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.2ZJ | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.2ZL | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.2ZP | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | | Vulnerable; migrate to | Vulnerable; Contact your | | | any release in 12.2SXH | support organization per | | 12.2ZU | | the instructions in | | | Releases up to and | Obtaining Fixed Software | | | including 12.2(18)ZU are | section of this advisory | | | not vulnerable. | | |------------+---------------------------+---------------------------| | 12.2ZX | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2ZY | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+---------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2ZYA | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+---------------------------+---------------------------| | Affected | | First Fixed Release for | | 12.3-Based | First Fixed Release for | All Advisories in the | | Releases | This Advisory | September 2010 Bundle | | | | Publication | |------------+---------------------------+---------------------------| | 12.3 | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.3B | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.3BC | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.3BW | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.3EU | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.3JA | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.3JEA | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.3JEB | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.3JEC | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.3JED | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | | Releases up to and | Releases up to and | | | including 12.3(2)JK3 are | including 12.3(2)JK3 are | | | not vulnerable. | not vulnerable. Releases | | 12.3JK | | 12.3(8)JK1 and later are | | | Releases 12.3(8)JK1 and | not vulnerable; first | | | later are not vulnerable; | fixed in 12.4T | | | first fixed in 12.4 | | |------------+---------------------------+---------------------------| | 12.3JL | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.3JX | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.3T | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | | | Vulnerable; Contact your | | | Releases up to and | support organization per | | 12.3TPC | including 12.3(4)TPC11a | the instructions in | | | are not vulnerable. | Obtaining Fixed Software | | | | section of this advisory | |------------+---------------------------+---------------------------| | 12.3VA | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+---------------------------+---------------------------| | | Releases prior to 12.3(2) | | | | XA7 are vulnerable, | Vulnerable; first fixed | | 12.3XA | release 12.3(2)XA7 and | in 12.4T | | | later are not vulnerable; | | | | first fixed in 12.4 | | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.3XB | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | 12.3XC | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.3XD | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.3XE | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.3XF | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | 12.3XG | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | | Releases prior to 12.3(7) | Releases prior to 12.3(7) | | | XI11 are vulnerable, | XI11 are vulnerable, | | 12.3XI | release 12.3(7)XI11 and | release 12.3(7)XI11 and | | | later are not vulnerable; | later are not vulnerable; | | | first fixed in 12.2SB | first fixed in 12.2SB | |------------+---------------------------+---------------------------| | 12.3XJ | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.3YX | in 12.4XR | |------------+---------------------------+---------------------------| | 12.3XK | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.3XL | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+---------------------------+---------------------------| | 12.3XQ | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.3XR | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.3XS | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+---------------------------+---------------------------| | | Vulnerable; first fixed | | | | in 12.4T | | | 12.3XU | | Vulnerable; first fixed | | | Releases up to and | in 12.4T | | | including 12.3(8)XU1 are | | | | not vulnerable. | | |------------+---------------------------+---------------------------| | 12.3XW | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.3YX | in 12.4T | |------------+---------------------------+---------------------------| | 12.3XX | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.3XY | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.3XZ | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4 | in 12.4T | |------------+---------------------------+---------------------------| | 12.3YA | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+---------------------------+---------------------------| | 12.3YD | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+---------------------------+---------------------------| | 12.3YF | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.3YX | in 12.4XR | |------------+---------------------------+---------------------------| | 12.3YG | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+---------------------------+---------------------------| | 12.3YH | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+---------------------------+---------------------------| | 12.3YI | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+---------------------------+---------------------------| | 12.3YJ | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+---------------------------+---------------------------| | | Releases prior to 12.3 | | | | (11)YK3 are vulnerable, | Vulnerable; first fixed | | 12.3YK | release 12.3(11)YK3 and | in 12.4T | | | later are not vulnerable; | | | | first fixed in 12.4T | | |------------+---------------------------+---------------------------| | 12.3YM | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+---------------------------+---------------------------| | 12.3YQ | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+---------------------------+---------------------------| | | Vulnerable; first fixed | | | | in 12.4T | | | 12.3YS | | Vulnerable; first fixed | | | Releases up to and | in 12.4T | | | including 12.3(11)YS1 are | | | | not vulnerable. | | |------------+---------------------------+---------------------------| | 12.3YT | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+---------------------------+---------------------------| | 12.3YU | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+---------------------------+---------------------------| | 12.3YX | 12.3(14)YX17 | Vulnerable; first fixed | | | | in 12.4XR | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.3YZ | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | 12.3ZA | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+---------------------------+---------------------------| | Affected | | First Fixed Release for | | 12.4-Based | First Fixed Release for | All Advisories in the | | Releases | This Advisory | September 2010 Bundle | | | | Publication | |------------+---------------------------+---------------------------| | 12.4 | 12.4(25d) | 12.4(25d) | |------------+---------------------------+---------------------------| | 12.4GC | 12.4(24)GC2 | 12.4(24)GC2 | |------------+---------------------------+---------------------------| | 12.4JA | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.4JDA | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.4JDC | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.4JDD | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.4JHA | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.4JHB | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.4JK | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.4JL | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.4JMA | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.4JMB | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.4JX | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.4JY | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | 12.4MD | Not Vulnerable | 12.4(24)MD2 | |------------+---------------------------+---------------------------| | 12.4MDA | 12.4(22)MDA4 | 12.4(22)MDA4 | |------------+---------------------------+---------------------------| | 12.4MR | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4MRA | in 12.4MRA | |------------+---------------------------+---------------------------| | 12.4MRA | 12.4(20)MRA1 | 12.4(20)MRA1 | |------------+---------------------------+---------------------------| | | Releases prior to 12.4 | | | | (15)SW6 are vulnerable, | Vulnerable; first fixed | | 12.4SW | release 12.4(15)SW6 and | in 12.4T | | | later are not vulnerable; | | | | first fixed in 12.4T | | |------------+---------------------------+---------------------------| | | 12.4(15)T14 | 12.4(15)T14 | | | | | | 12.4T | 12.4(20)T6 | 12.4(20)T6 | | | | | | | 12.4(24)T4 | 12.4(24)T4 | |------------+---------------------------+---------------------------| | 12.4XA | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+---------------------------+---------------------------| | 12.4XB | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+---------------------------+---------------------------| | 12.4XC | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+---------------------------+---------------------------| | 12.4XD | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+---------------------------+---------------------------| | | Releases prior to 12.4(6) | Releases prior to 12.4(6) | | | XE5 are vulnerable, | XE5 are vulnerable, | | 12.4XE | release 12.4(6)XE5 and | release 12.4(6)XE5 and | | | later are not vulnerable; | later are not vulnerable; | | | first fixed in 12.4T | first fixed in 12.4T | |------------+---------------------------+---------------------------| | 12.4XF | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+---------------------------+---------------------------| | | Releases prior to 12.4(9) | | | | XG5 are vulnerable, | Vulnerable; first fixed | | 12.4XG | release 12.4(9)XG5 and | in 12.4T | | | later are not vulnerable; | | | | first fixed in 12.4T | | |------------+---------------------------+---------------------------| | 12.4XJ | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+---------------------------+---------------------------| | 12.4XK | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.4XL | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | | Releases prior to 12.4 | | | | (15)XM3 are vulnerable, | Vulnerable; first fixed | | 12.4XM | release 12.4(15)XM3 and | in 12.4T | | | later are not vulnerable; | | | | first fixed in 12.4T | | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.4XN | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.4XP | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | | Releases up to and | | | | including 12.4(15)XQ are | | | | not vulnerable. | 12.4(15)XQ6; Available on | | 12.4XQ | | 22-SEP-10 | | | Releases 12.4(15)XQ6 and | | | | later are not vulnerable; | | | | first fixed in 12.4T | | |------------+---------------------------+---------------------------| | | | 12.4(15)XR9 | | 12.4XR | Not Vulnerable | | | | | 12.4(22)XR7 | |------------+---------------------------+---------------------------| | 12.4XT | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.4XV | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | 12.4XW | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+---------------------------+---------------------------| | 12.4XY | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+---------------------------+---------------------------| | 12.4XZ | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+---------------------------+---------------------------| | 12.4YA | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.4YB | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.4YD | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+---------------------------+---------------------------| | | Releases prior to 12.4 | | | | (24)YE1 are vulnerable, | | | 12.4YE | release 12.4(24)YE1 and | 12.4(24)YE1 | | | later are not vulnerable; | | | | first fixed in 12.4T | | |------------+---------------------------+---------------------------| | 12.4YG | 12.4(24)YG3 | 12.4(24)YG3 | |------------+---------------------------+---------------------------| | Affected | | First Fixed Release for | | 15.0-Based | First Fixed Release for | All Advisories in the | | Releases | This Advisory | September 2010 Bundle | | | | Publication | |------------+---------------------------+---------------------------| | 15.0M | 15.0(1)M3 | 15.0(1)M3 | |------------+---------------------------+---------------------------| | | Cisco 7600 and 10000 | Cisco 7600 and 10000 | | | Series routers: Not | Series routers: 15.0(1)S1 | | | Vulnerable | (available early October | | | | 2010) | | 15.0S | Cisco ASR 1000 Series | | | | routes: Please see Cisco | Cisco ASR 1000 Series | | | IOS-XE Software | routes: Please see Cisco | | | Availability | IOS-XE Software | | | | Availability | |------------+---------------------------+---------------------------| | 15.0XA | Vulnerable; first fixed | Vulnerable; first fixed | | | in 15.1T | in 15.1T | |------------+---------------------------+---------------------------| | 15.0XO | Not Vulnerable | Not Vulnerable | |------------+---------------------------+---------------------------| | Affected | | First Fixed Release for | | 15.1-Based | First Fixed Release for | All Advisories in the | | Releases | This Advisory | September 2010 Bundle | | | | Publication | |------------+---------------------------+---------------------------| | | 15.1(1)T1 | | | 15.1T | | 15.1(2)T1 | | | 15.1(2)T0a | | |------------+---------------------------+---------------------------| | 15.1XB | Vulnerable; first fixed | Vulnerable; first fixed | | | in 15.1T | in 15.1T | +--------------------------------------------------------------------+ Cisco IOS XE Software +-------------------- +-------------------------------------------------------------------+ | Cisco IOS | First Fixed | First Fixed Release for All | | XE | Release for This | Advisories in the September 2010 | | Release | Advisory | Bundle Publication | |-----------+------------------+------------------------------------| | 2.1.x | Not Vulnerable | Not Vulnerable | |-----------+------------------+------------------------------------| | 2.2.x | Not Vulnerable | Not Vulnerable | |-----------+------------------+------------------------------------| | 2.3.x | Not Vulnerable | Not Vulnerable | |-----------+------------------+------------------------------------| | 2.4.x | Not Vulnerable | Not Vulnerable | |-----------+------------------+------------------------------------| | 2.5.x | 2.5.2 | Vulnerable; migrate to 2.6.2 or | | | | later | |-----------+------------------+------------------------------------| | 2.6.x | 2.6.1 | 2.6.2 | |-----------+------------------+------------------------------------| | 3.1.xS | Not Vulnerable | Not Vulnerable | +-------------------------------------------------------------------+ For mapping of Cisco IOS XE to Cisco IOS releases, please refer to the Cisco IOS XE 2 and Cisco IOS XE 3S Release Notes. Workarounds =========== There are no workarounds to mitigate these vulnerabilities apart from disabling H.323 if the Cisco IOS device does not require it. Applying access lists on interfaces that should not accept H.323 traffic and placing firewalls in strategic locations may greatly reduce exposure until an upgrade can be performed. Cisco provides Solution Reference Network Design (SRND) guides to help design and deploy networking solutions, which can be found at http://www.cisco.com/go/srnd Voice Security best practices are covered in the Cisco Unified Communications SRND Based on Cisco Unified Communications Manager 6.x at http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/6x/security.html To disable all H.323 call processing, administrators can issue the call service stop forced command under the voice service voip mode, as shown in this example: voice service voip h323 call service stop forced Note: The call service stop forced command disables all H.323 call processing. Additional mitigations that can be deployed on Cisco devices within the network are available in the companion document "Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco Voice Products", which is available at the following location: http://www.cisco.com/warp/public/707/cisco-amb-20100922-voice.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. These vulnerabilities were found during Cisco internal testing. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-2010922-h323.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +-----------------------------------------+ | Revision | | Initial | | 1.0 | 2010-September-22 | public | | | | release. | +-----------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (Darwin) iEYEARECAAYFAkyZ/SoACgkQ86n/Gc8U/uCR8ACfbSQwX1PMeEwUVJWTSeGDtyrW jTMAnRuYshIzCis7CHMiORtLxeSKi80b =B67E -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed IGMP packet, aka Bug ID CSCte14603. The problem is Bug ID : CSCte14603 It is a problem.Unauthorized by a third party IGMP Service disruption via packets (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCte14603. ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Cisco IOS IGMPv3 Denial of Service Vulnerability SECUNIA ADVISORY ID: SA41551 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41551/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41551 RELEASE DATE: 2010-09-23 DISCUSS ADVISORY: http://secunia.com/advisories/41551/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41551/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41551 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported to the vendor by a customer. ORIGINAL ADVISORY: cisco-sa-20100922-igmp: http://www.cisco.com/warp/public/707/cisco-sa-20100922-igmp.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Cisco has released free software updates that address this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100922-igmp.shtml Note: The September 22, 2010, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 22, 2010, or earlier: http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html Affected Products ================= Vulnerable Products +------------------ The following products are affected by this vulnerability: * Cisco IOS Software * Cisco IOS XE Software To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.4(20)T with an installed image name of C1841-ADVENTERPRISEK9-M: Router#show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 10-Jul-08 20:25 by prod_rel_team Additional information about Cisco IOS Software release naming conventions is available in White Paper: Cisco IOS and NX-OS Software Reference Guide. Products Confirmed Not Vulnerable +-------------------------------- No other Cisco products are currently known to be affected by this vulnerability. The IGMP version 1, IGMP version 2, and IPv6 Multicast Listener Discovery protocol (MLD) features in Cisco IOS and Cisco IOS XE Software are not affected by this vulnerability. Details ======= Internet Group Management Protocol (IGMP) is the protocol used by hosts and adjacent routers to manage membership in IP multicast groups. The IGMP version 3 protocol permits source-specific multicast which allows hosts to specify the IP address of the multicast source. A malformed IGMP packet can cause a vulnerable device to reload. This vulnerability can only be exploited if the malformed IGMP packet is received on an interface that has been enabled for IGMP version 3 and Protocol Independent Multicast (PIM). The malformed IGMP packet destination address can be unicast, multicast, or broadcast and can be addressed to any IP address in the vulnerable device, including loopback addresses. To exploit this vulnerability, a malformed packet must be received on a vulnerable interface, but it can be addressed to any IP address on the vulnerable device. Transit traffic will not trigger this vulnerability. A vulnerable interface configuration requires the PIM mode of operation (sparse-dense, sparse, or dense) to be configured in addition to the ip igmp version 3 command. The three possible configurations that permit exploitation of this vulnerability are: !--- Interface configured for PIM sparse and IGMPv3 interface GigabitEthernet0/0 ip address 192.168.0.1 255.255.255.0 ip pim sparse-mode ip igmp version 3 !--- Interface configured for PIM sparse-dense and IGMPv3 interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip pim sparse-dense-mode ip igmp version 3 !--- Interface configured for PIM dense and IGMPv3 interface GigabitEthernet0/2 ip address 192.168.2.1 255.255.255.0 ip pim dense-mode ip igmp version 3 The IGMP version 3 lite feature is unrelated to this vulnerability, in that the presence or absence of the ip igmp v3lite command on an interface does not change the vulnerable condition of that interface. The IP router alert option may or may not be present in packets attempting to exploit the vulnerability described in this document. This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2010-2830. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCte14603 - IGMPv3 DoS Vulnerability CVSS Base Score - 7.1 Access Vector Network Access Complexity Medium Authentication None Confidentiality Impact None Integrity Impact None Availability Impact Complete CVSS Temporal Score - 5.9 Exploitability Functional Remediation Level Official Fix Report Confidence Confirmed Impact ====== Successful exploitation of this vulnerability may cause the affected device vulnerable device to reload. Repeated exploitation may result in a sustained DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Each row of the following Cisco IOS Software table corresponds to a Cisco IOS Software train. If a particular train is vulnerable, the earliest releases that contain the fix are listed in the First Fixed Release For This Advisory column. The First Fixed Release for All Advisories in the September 2010 Bundle Publication column lists the earliest possible releases that correct all the published vulnerabilities in the Cisco IOS Software Security Advisory bundled publication. Cisco recommends upgrading to the latest available release, where possible. +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |------------+------------------------------------------------------| | Affected | | First Fixed Release for | | 12.0-Based | First Fixed Release for | All Advisories in the | | Releases | This Advisory | September 2010 Bundle | | | | Publication | |-------------------------------------------------------------------| | There are no affected 12.0 based releases | |-------------------------------------------------------------------| | Affected | | First Fixed Release for | | 12.1-Based | First Fixed Release for | All Advisories in the | | Releases | This Advisory | September 2010 Bundle | | | | Publication | |-------------------------------------------------------------------| | There are no affected 12.1 based releases | |-------------------------------------------------------------------| | Affected | | First Fixed Release for | | 12.2-Based | First Fixed Release for | All Advisories in the | | Releases | This Advisory | September 2010 Bundle | | | | Publication | |------------+--------------------------+---------------------------| | 12.2 | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | | | Vulnerable; first fixed | | | | in 12.4T | | 12.2B | Not Vulnerable | | | | | Releases up to and | | | | including 12.2(2)B7 are | | | | not vulnerable. | |------------+--------------------------+---------------------------| | 12.2BC | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2BW | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | | | Vulnerable; first fixed | | | | in 12.2SB | | 12.2BX | Not Vulnerable | | | | | Releases up to and | | | | including 12.2(15)BX are | | | | not vulnerable. | |------------+--------------------------+---------------------------| | | | Vulnerable; first fixed | | | | in 12.4T | | 12.2BY | Not Vulnerable | | | | | Releases up to and | | | | including 12.2(2)BY3 are | | | | not vulnerable. | |------------+--------------------------+---------------------------| | 12.2BZ | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2CX | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2CY | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2CZ | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.2DA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2DD | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2DX | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2EW | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2EWA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2EX | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2EY | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2EZ | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2FX | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2FY | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2FZ | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IRA | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IRB | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IRC | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IRD | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IRE | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IXA | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IXB | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IXC | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IXD | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IXE | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IXF | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IXG | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2IXH | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.2JA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2JK | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2MB | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | | | Releases up to and | | | | including 12.2(15)MC1 are | | 12.2MC | Not Vulnerable | not vulnerable. Releases | | | | 12.2(15)MC2b and later | | | | are not vulnerable; first | | | | fixed in 12.4T | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2MRA | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.2MRB | Not Vulnerable | 12.2(33)MRB2 | |------------+--------------------------+---------------------------| | | | Releases prior to 12.2 | | 12.2S | Not Vulnerable | (30)S are vulnerable, | | | | release 12.2(30)S and | | | | later are not vulnerable | |------------+--------------------------+---------------------------| | | | 12.2(31)SB19; Releases | | | | prior to 12.2(33)SB5 are | | 12.2SB | Not Vulnerable | vulnerable, release 12.2 | | | | (33)SB5 and later are not | | | | vulnerable | |------------+--------------------------+---------------------------| | 12.2SBC | Not Vulnerable | Vulnerable; first fixed | | | | in 12.2SB | |------------+--------------------------+---------------------------| | 12.2SCA | Not Vulnerable | Vulnerable; first fixed | | | | in 12.2SCB | |------------+--------------------------+---------------------------| | 12.2SCB | Not Vulnerable | 12.2(33)SCB9 | |------------+--------------------------+---------------------------| | 12.2SCC | Not Vulnerable | 12.2(33)SCC5 | |------------+--------------------------+---------------------------| | 12.2SCD | Not Vulnerable | 12.2(33)SCD3 | |------------+--------------------------+---------------------------| | 12.2SE | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SEA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SEB | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SEC | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SED | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SEE | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SEF | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SEG | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | | | Releases prior to 12.2 | | | | (40)SG are vulnerable, | | 12.2SG | Not Vulnerable | release 12.2(40)SG and | | | | later are not vulnerable; | | | | migrate to any release in | | | | 12.2SGA | |------------+--------------------------+---------------------------| | 12.2SGA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SL | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SM | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SO | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SQ | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | | | Releases prior to 12.2 | | 12.2SRA | Not Vulnerable | (33)SRA6 are vulnerable, | | | | release 12.2(33)SRA6 and | | | | later are not vulnerable | |------------+--------------------------+---------------------------| | | | Releases prior to 12.2 | | 12.2SRB | Not Vulnerable | (33)SRB1 are vulnerable, | | | | release 12.2(33)SRB1 and | | | | later are not vulnerable | |------------+--------------------------+---------------------------| | 12.2SRC | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SRD | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SRE | 12.2(33)SRE1 | 12.2(33)SRE1 | |------------+--------------------------+---------------------------| | 12.2STE | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SU | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | | | Releases prior to 12.2 | | | | (29b)SV1 are vulnerable, | | 12.2SV | Not Vulnerable | release 12.2(29b)SV1 and | | | | later are not vulnerable; | | | | migrate to any release in | | | | 12.2SVD | |------------+--------------------------+---------------------------| | 12.2SVA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SVC | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SVD | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SVE | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | | | Releases up to and | | | | including 12.2(21)SW1 are | | 12.2SW | Not Vulnerable | not vulnerable. Releases | | | | 12.2(25)SW12 and later | | | | are not vulnerable; first | | | | fixed in 12.4T | |------------+--------------------------+---------------------------| | | | Releases up to and | | 12.2SX | Not Vulnerable | including 12.2(14)SX2 are | | | | not vulnerable. | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2SXA | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2SXB | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2SXD | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2SXE | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Releases prior to 12.2 | | | | (18)SXF11 are vulnerable, | | 12.2SXF | Not Vulnerable | releases 12.2(18)SXF11 | | | | and later are not | | | | vulnerable | |------------+--------------------------+---------------------------| | 12.2SXH | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SXI | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2SY | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2SZ | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.2T | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2TPC | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.2XA | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XB | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XC | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XD | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XE | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2XF | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2XG | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XH | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XI | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XJ | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XK | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XL | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XM | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XN | Not Vulnerable | Vulnerable; first fixed | | | | in 12.2SB | |------------+--------------------------+---------------------------| | 12.2XNA | Please see Cisco IOS-XE | Please see Cisco IOS-XE | | | Software Availability | Software Availability | |------------+--------------------------+---------------------------| | 12.2XNB | Please see Cisco IOS-XE | Please see Cisco IOS-XE | | | Software Availability | Software Availability | |------------+--------------------------+---------------------------| | 12.2XNC | Please see Cisco IOS-XE | Please see Cisco IOS-XE | | | Software Availability | Software Availability | |------------+--------------------------+---------------------------| | 12.2XND | Please see Cisco IOS-XE | Please see Cisco IOS-XE | | | Software Availability | Software Availability | |------------+--------------------------+---------------------------| | 12.2XNE | Please see Cisco IOS-XE | Please see Cisco IOS-XE | | | Software Availability | Software Availability | |------------+--------------------------+---------------------------| | 12.2XNF | Please see Cisco IOS-XE | Please see Cisco IOS-XE | | | Software Availability | Software Availability | |------------+--------------------------+---------------------------| | 12.2XO | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2XQ | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XR | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2XS | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XT | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XU | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XV | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2XW | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2YA | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YB | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YC | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YD | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YE | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YF | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.2YG | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YH | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YJ | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YK | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YL | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.2YM | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YN | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.2YO | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2YP | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2YQ | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2YR | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2YS | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YT | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YU | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Releases prior to 12.2 | | 12.2YV | Not Vulnerable | (11)YV1 are vulnerable, | | | | release 12.2(11)YV1 and | | | | later are not vulnerable | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YW | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YX | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YY | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2YZ | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.2ZA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | | | Releases up to and | | 12.2ZB | Not Vulnerable | including 12.2(8)ZB are | | | | not vulnerable. | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2ZC | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2ZD | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.2ZE | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2ZF | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.2ZG | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.2ZH | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2ZJ | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2ZL | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2ZP | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2ZU | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.2ZX | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2ZY | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.2ZYA | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | Affected | | First Fixed Release for | | 12.3-Based | First Fixed Release for | All Advisories in the | | Releases | This Advisory | September 2010 Bundle | | | | Publication | |------------+--------------------------+---------------------------| | 12.3 | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3B | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3BC | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.3BW | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.3EU | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.3JA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.3JEA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.3JEB | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.3JEC | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.3JED | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | | | Releases up to and | | | | including 12.3(2)JK3 are | | 12.3JK | Not Vulnerable | not vulnerable. Releases | | | | 12.3(8)JK1 and later are | | | | not vulnerable; first | | | | fixed in 12.4T | |------------+--------------------------+---------------------------| | 12.3JL | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.3JX | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | | Vulnerable; first fixed | | | | in 12.4 | | | 12.3T | | Vulnerable; first fixed | | | Releases up to and | in 12.4T | | | including 12.3(11)T11 | | | | are not vulnerable. | | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.3TPC | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.3VA | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3XA | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.3XB | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.3XC | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3XD | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3XE | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.3XF | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.3XG | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | | | Releases prior to 12.3(7) | | | | XI11 are vulnerable, | | 12.3XI | Not Vulnerable | release 12.3(7)XI11 and | | | | later are not vulnerable; | | | | first fixed in 12.2SB | |------------+--------------------------+---------------------------| | 12.3XJ | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4XR | |------------+--------------------------+---------------------------| | 12.3XK | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3XL | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3XQ | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3XR | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3XS | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3XU | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3XW | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3XX | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3XY | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3XZ | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3YA | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3YD | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3YF | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4XR | |------------+--------------------------+---------------------------| | 12.3YG | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3YH | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3YI | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3YJ | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | 12.3YK | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.3YM | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.3YQ | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.3YS | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.3YT | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.3YU | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.3YX | 12.3(14)YX17 | Vulnerable; first fixed | | | | in 12.4XR | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.3YZ | Not Vulnerable | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | 12.3ZA | Not Vulnerable | Vulnerable; first fixed | | | | in 12.4T | |------------+--------------------------+---------------------------| | Affected | | First Fixed Release for | | 12.4-Based | First Fixed Release for | All Advisories in the | | Releases | This Advisory | September 2010 Bundle | | | | Publication | |------------+--------------------------+---------------------------| | 12.4 | 12.4(25d) | 12.4(25d) | |------------+--------------------------+---------------------------| | 12.4GC | 12.4(24)GC2 | 12.4(24)GC2 | |------------+--------------------------+---------------------------| | 12.4JA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.4JDA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.4JDC | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.4JDD | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.4JHA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.4JHB | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.4JK | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.4JL | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.4JMA | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.4JMB | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.4JX | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.4JY | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | 12.4MD | 12.4(24)MD2 | 12.4(24)MD2 | |------------+--------------------------+---------------------------| | | 12.4(24)MDA1 | | | 12.4MDA | | 12.4(22)MDA4 | | | 12.4(22)MDA4 | | |------------+--------------------------+---------------------------| | 12.4MR | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4MRA | in 12.4MRA | |------------+--------------------------+---------------------------| | 12.4MRA | 12.4(20)MRA1 | 12.4(20)MRA1 | |------------+--------------------------+---------------------------| | | Releases prior to 12.4 | | | | (15)SW6 are vulnerable, | | | 12.4SW | release 12.4(15)SW6 and | Vulnerable; first fixed | | | later are not | in 12.4T | | | vulnerable; first fixed | | | | in 12.4T | | |------------+--------------------------+---------------------------| | | 12.4(24)T3 | | | | | 12.4(15)T14 | | | 12.4(22)T5 | | | 12.4T | | 12.4(20)T6 | | | 12.4(20)T5 | | | | | 12.4(24)T4 | | | 12.4(15)T14 | | |------------+--------------------------+---------------------------| | 12.4XA | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.4XB | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.4XC | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.4XD | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | | Releases prior to 12.4 | Releases prior to 12.4(6) | | | (6)XE5 are vulnerable, | XE5 are vulnerable, | | 12.4XE | release 12.4(6)XE5 and | release 12.4(6)XE5 and | | | later are not | later are not vulnerable; | | | vulnerable; first fixed | first fixed in 12.4T | | | in 12.4T | | |------------+--------------------------+---------------------------| | 12.4XF | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.4XG | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.4XJ | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.4XK | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.4XL | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+--------------------------+---------------------------| | 12.4XM | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.4XN | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+--------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.4XP | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+--------------------------+---------------------------| | 12.4XQ | 12.4(15)XQ6; Available | 12.4(15)XQ6; Available on | | | on 22-SEP-10 | 22-SEP-10 | |------------+--------------------------+---------------------------| | | 12.4(15)XR9 | 12.4(15)XR9 | | 12.4XR | | | | | 12.4(22)XR7 | 12.4(22)XR7 | |------------+--------------------------+---------------------------| | 12.4XT | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.4XV | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+--------------------------+---------------------------| | 12.4XW | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.4XY | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.4XZ | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | 12.4YA | Vulnerable; first fixed | Vulnerable; first fixed | | | in 12.4T | in 12.4T | |------------+--------------------------+---------------------------| | | | Vulnerable; Contact your | | | | support organization per | | 12.4YB | 12.4(22)YB6 | the instructions in | | | | Obtaining Fixed Software | | | | section of this advisory | |------------+--------------------------+---------------------------| | | Vulnerable; Contact your | Vulnerable; Contact your | | | support organization per | support organization per | | 12.4YD | the instructions in | the instructions in | | | Obtaining Fixed Software | Obtaining Fixed Software | | | section of this advisory | section of this advisory | |------------+--------------------------+---------------------------| | | 12.4(24)YE1 | | | 12.4YE | | 12.4(24)YE1 | | | 12.4(22)YE4 | | |------------+--------------------------+---------------------------| | 12.4YG | 12.4(24)YG3 | 12.4(24)YG3 | |------------+--------------------------+---------------------------| | Affected | | First Fixed Release for | | 15.0-Based | First Fixed Release for | All Advisories in the | | Releases | This Advisory | September 2010 Bundle | | | | Publication | |------------+--------------------------+---------------------------| | 15.0M | 15.0(1)M2 | 15.0(1)M3 | |------------+--------------------------+---------------------------| | | Cisco 7600 and 10000 | Cisco 7600 and 10000 | | | Series routers: Not | Series routers: 15.0(1)S1 | | | vulnerable | (Available early October | | | | 2010) | | 15.0S | Cisco ASR 1000 Series | | | | routes: Please see Cisco | Cisco ASR 1000 Series | | | IOS-XE Software | routes: Please see Cisco | | | Availability | IOS-XE Software | | | | Availability | |------------+--------------------------+---------------------------| | 15.0XA | Vulnerable; migrate to | Vulnerable; first fixed | | | any release in 15.1T | in 15.1T | |------------+--------------------------+---------------------------| | 15.0XO | Not Vulnerable | Not Vulnerable | |------------+--------------------------+---------------------------| | Affected | | First Fixed Release for | | 15.1-Based | First Fixed Release for | All Advisories in the | | Releases | This Advisory | September 2010 Bundle | | | | Publication | |-------------------------------------------------------------------| | There are no affected 15.1 based releases | +-------------------------------------------------------------------+ Cisco IOS XE Software +-------------------- +-------------------------------------------------------------------+ | Cisco IOS | First Fixed | First Fixed Release for All | | XE | Release for This | Advisories in the September 2010 | | Release | Advisory | Bundle Publication | |-----------+------------------+------------------------------------| | 2.1.x | Not Vulnerable | Not Vulnerable | |-----------+------------------+------------------------------------| | 2.2.x | Not Vulnerable | Not Vulnerable | |-----------+------------------+------------------------------------| | 2.3.x | Not Vulnerable | Not Vulnerable | |-----------+------------------+------------------------------------| | 2.4.x | Not Vulnerable | Not Vulnerable | |-----------+------------------+------------------------------------| | 2.5.x | 2.5.2 | Vulnerable; migrate to 2.6.2 or | | | | later | |-----------+------------------+------------------------------------| | 2.6.x | Not Vulnerable | 2.6.2 | |-----------+------------------+------------------------------------| | 3.1.xS | Not Vulnerable | Not Vulnerable | +-------------------------------------------------------------------+ To map Cisco IOS XE Software releases to Cisco IOS Software releases, refer to the Cisco IOS XE 2 and Cisco IOS XE 3S Release Notes. Cisco IOS XR Software Table +-------------------------- Cisco IOS XR Software is not affected by the vulnerabilities disclosed in the September 22, 2010, Cisco IOS Software Security Advisory bundle publication. Workarounds =========== Additional mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20100922-igmp.shtml IGMP version 2 +------------- Customers who do not require the Source Specific Multicast (SSM) functionality can use IGMP version 2 as a workaround. interface GigabitEthernet0/0 ip address 192.168.0.1 255.255.255.0 ip pim sparse-mode ip igmp version 2 Control Plane Policing +--------------------- A partial mitigation of the vulnerability described in this document is to block IGMP packets with an IP Time to Live (TTL) field value that is not equal to 1. CoPP may be configured on a device to protect the management and control planes, and minimize the risk and effectiveness of direct infrastructure attacks by explicitly permitting only authorized traffic sent to infrastructure devices in accordance with existing security policies and configurations. The following example can be adapted to your network. Drop of IGMP packets with unicast IP destination addresses can also be implemented with CoPP if the network is using all multicast applications that utilize only multicast group destination addresses for IGMP packets. ! !-- The following access list is used !-- to determine what traffic needs to be dropped by a control plane !-- policy (the CoPP feature.) If the access list matches (permit), !-- then traffic will be dropped. If the access list does not !-- match (deny), then traffic will be processed by the router. !-- all IGMP packets with ttl different from 1 will be selected !-- by this acl and the "drop" action will be applied in the !-- corresponding CoPP polisy ! ip access-list extended IGMP-ACL permit igmp any any ttl neq 1 ! !-- Permit (Police or Drop)/Deny (Allow) all other Layer3 and Layer4 !-- traffic in accordance with existing security policies and !-- configurations for traffic that is authorized to be sent !-- to infrastructure devices. !-- Create a class map for traffic that will be policed by !-- the CoPP feature. ! class-map match-all drop-IGMP-class match access-group name IGMP-ACL ! !-- Create a policy map that will be applied to the !-- Control Plane of the device, and add the "drop-tcp-traffic" !-- class map. ! policy-map CoPP-policy class drop-IGMP-class drop ! !-- Apply the policy map to the control plane of the !-- device. ! control-plane service-policy input CoPP-policy Additional information on the configuration and use of the CoPP feature is available in the Control Plane Policing Implementation Best Practices. Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was reported to Cisco by a customer. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20100922-igmp.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2010-Sep-22 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (Darwin) iEYEARECAAYFAkyZ/SsACgkQ86n/Gc8U/uCbNgCfXPOxAGWckAe7qNCH3ji+tE3n tlcAniKclgzM+5lzNmRCpt3M7yJqDzcT =MXP9 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/