VARIoT IoT vulnerabilities database

VAR-200911-0397 | CVE-2009-2816 | WebKit Vulnerable to cross-site request forgery |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page. Apple Safari Used in etc. WebKit is prone to a vulnerability that lets attackers bypass the same-origin policy.
Attackers can exploit this issue to access resources from another origin in the context of another domain. This can facilitate cross-site request-forgery attacks. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA37346
VERIFY ADVISORY:
http://secunia.com/advisories/37346/
DESCRIPTION:
Some vulnerabilities have been reported in Apple Safari, which can be
exploited by malicious people to bypass certain security restrictions,
disclose sensitive information, or compromise a user's system.
1) An integer overflow error when processing ColorSync profiles
embedded in images can be exploited to potentially execute arbitrary
code.
For more information see vulnerability #4 in:
SA36701
2) An error exists when handling an "Open Image in New Tab", "Open
Image in New Window", or "Open Link in New Tab" shortcut menu action
performed on a link to a local file. This can be exploited to load a
local HTML file and disclose sensitive information by tricking a user
into performing the affected actions within a specially crafted
webpage.
3) An error exists in WebKit when sending "preflight" requests
originating from a page in a different origin.
4) Multiple errors in WebKit when handling FTP directory listings on
Windows can be exploited to disclose sensitive information, cause a
crash, or potentially execute arbitrary code.
5) An error in WebKit when handling an HTML 5 Media Element on Mac OS
X can be exploited to bypass remote image loading restrictions via
e.g. HTML-formatted emails.
NOTE: Some errors leading to crashes, caused by the included libxml2
library, have also been reported.
SOLUTION:
Update to version 4.0.4.
PROVIDED AND/OR DISCOVERED BY:
1-3, 5) Reported by the vendor.
4) The vendor credits Michal Zalewski of Google Inc.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT3949
OTHER REFERENCES:
SA36701:
http://secunia.com/advisories/36701/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
This is related to vulnerability #3 in:
SA37346
The security issue is reported in versions prior to 3.0.195.33.
For more information:
SA37346
SOLUTION:
Do not browse untrusted sites with an application using Qt components
based on WebKit. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
SUSE update for Multiple Packages
SECUNIA ADVISORY ID:
SA43068
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43068/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
RELEASE DATE:
2011-01-25
DISCUSS ADVISORY:
http://secunia.com/advisories/43068/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/43068/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
SUSE has issued an update for multiple packages, which fixes multiple
vulnerabilities
VAR-200911-0390 | CVE-2009-3384 | Apple Safari of WebKit Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply. WebKit is prone to multiple remote code-execution, denial-of-service, and information-disclosure vulnerabilities.
An attacker may exploit these issues by enticing victims into connecting to a malicious FTP server. WebKit is an open source browser web page layout engine. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA37346
VERIFY ADVISORY:
http://secunia.com/advisories/37346/
DESCRIPTION:
Some vulnerabilities have been reported in Apple Safari, which can be
exploited by malicious people to bypass certain security restrictions,
disclose sensitive information, or compromise a user's system.
1) An integer overflow error when processing ColorSync profiles
embedded in images can be exploited to potentially execute arbitrary
code.
For more information see vulnerability #4 in:
SA36701
2) An error exists when handling an "Open Image in New Tab", "Open
Image in New Window", or "Open Link in New Tab" shortcut menu action
performed on a link to a local file. This can be exploited to load a
local HTML file and disclose sensitive information by tricking a user
into performing the affected actions within a specially crafted
webpage.
3) An error exists in WebKit when sending "preflight" requests
originating from a page in a different origin. This can be exploited
to facilitate cross-site request forgery attacks by injecting custom
HTTP headers.
5) An error in WebKit when handling an HTML 5 Media Element on Mac OS
X can be exploited to bypass remote image loading restrictions via
e.g. HTML-formatted emails.
NOTE: Some errors leading to crashes, caused by the included libxml2
library, have also been reported.
SOLUTION:
Update to version 4.0.4.
PROVIDED AND/OR DISCOVERED BY:
1-3, 5) Reported by the vendor.
4) The vendor credits Michal Zalewski of Google Inc.
ORIGINAL ADVISORY:
http://support.apple.com/kb/HT3949
OTHER REFERENCES:
SA36701:
http://secunia.com/advisories/36701/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
For more information:
SA37346
SOLUTION:
Do not browse untrusted sites with an application using Qt components
based on WebKit. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial:
http://secunia.com/products/corporate/vim/
----------------------------------------------------------------------
TITLE:
SUSE update for Multiple Packages
SECUNIA ADVISORY ID:
SA43068
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43068/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
RELEASE DATE:
2011-01-25
DISCUSS ADVISORY:
http://secunia.com/advisories/43068/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/43068/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
SUSE has issued an update for multiple packages, which fixes multiple
vulnerabilities
VAR-200911-0308 | CVE-2007-5475 | Linksys WAP4400N Wi-Fi Access point buffer overflow vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Multiple buffer overflows in the Marvell wireless driver, as used in Linksys WAP4400N Wi-Fi access point with firmware 1.2.17 on the Marvell 88W8361P-BEM1 chipset, and other products, allow remote 802.11-authenticated users to cause a denial of service (wireless access point crash) and possibly execute arbitrary code via an association request with long (1) rates, (2) extended rates, and unspecified other information elements. Linksys WAP4400N wireless access point devices are prone to a denial-of-service vulnerability because they fail to adequately verify user-supplied input.
Remote attackers can exploit this issue to hang or reboot a vulnerable device, denying service to legitimate users. Attackers may also be able to run arbitrary code, but this has not been confirmed.
Linksys WAP4400N devices running firmware 1.2.17 are vulnerable.
NOTE: Since the flaw is in the Marvell 88W8361P-BEM1 chipset driver, other devices and firmware versions using the same code may also be affected. This can be achieved only after a
successful 802.11 authentication (in "Open" or "Shared" mode according
to the configuration of the wireless access point).
This security vulnerability was originally reported to Linksys, updated
firmwares should be available on Cisco/Linksys web site. Any other
wireless device relying on this vulnerable wireless driver is likely to
be vulnerable.
Credits:
--------
* This vulnerability was discovered by Laurent Butti from France Telecom
/ Orange
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
Linksys WAP4400N Association Request Denial of Service
SECUNIA ADVISORY ID:
SA37345
VERIFY ADVISORY:
http://secunia.com/advisories/37345/
DESCRIPTION:
A vulnerability has been reported in Linksys WAP4400N, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an unspecified error when parsing
information elements included in association requests and can be
exploited to reboot or hang an affected device.
The vulnerability is reported in firmware version 1.2.17.
SOLUTION:
Reportedly fixed in firmware version 1.2.19.
PROVIDED AND/OR DISCOVERED BY:
Laurent Butti, France Telecom / Orange
ORIGINAL ADVISORY:
http://archives.neohapsis.com/archives/bugtraq/current/0074.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200911-0144 | CVE-2009-3935 | IBM BladeCenter T For Advanced Management Module Firmware vulnerabilities |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx and 8730-2xx have unknown impact and attack vectors.
The impact of these issues is currently unknown. We will update this BID when more information emerges.
Versions prior to BladeCenter Advanced Management Module 2.50G are vulnerable. IBM BladeCenter is IBM's blade server
VAR-200911-0398 | CVE-2009-3555 |
SSL and TLS protocols renegotiation vulnerability
Related entries in the VARIoT exploits database: VAR-E-200912-0008, VAR-E-200911-0011, VAR-E-200911-0655, VAR-E-200912-1885 |
CVSS V2: 5.8 CVSS V3: - Severity: MEDIUM |
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. Hitachi Web Server for, SSL There is a vulnerability in which arbitrary data is inserted at the beginning of communication data when using the function.Arbitrary data may be inserted at the beginning of communication data by a third party. A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2011-0003
Synopsis: Third party component updates for VMware vCenter
Server, vCenter Update Manager, ESXi and ESX
Issue date: 2011-02-10
Updated on: 2011-02-10 (initial release of advisory)
CVE numbers: --- Apache Tomcat ---
CVE-2009-2693 CVE-2009-2901 CVE-2009-2902
CVE-2009-3548 CVE-2010-2227 CVE-2010-1157
--- Apache Tomcat Manager ---
CVE-2010-2928
--- cURL ---
CVE-2010-0734
--- COS Kernel ---
CVE-2010-1084 CVE-2010-2066 CVE-2010-2070
CVE-2010-2226 CVE-2010-2248 CVE-2010-2521
CVE-2010-2524 CVE-2010-0008 CVE-2010-0415
CVE-2010-0437 CVE-2009-4308 CVE-2010-0003
CVE-2010-0007 CVE-2010-0307 CVE-2010-1086
CVE-2010-0410 CVE-2010-0730 CVE-2010-1085
CVE-2010-0291 CVE-2010-0622 CVE-2010-1087
CVE-2010-1173 CVE-2010-1437 CVE-2010-1088
CVE-2010-1187 CVE-2010-1436 CVE-2010-1641
CVE-2010-3081
--- Microsoft SQL Express ---
CVE-2008-5416 CVE-2008-0085 CVE-2008-0086
CVE-2008-0107 CVE-2008-0106
--- OpenSSL ---
CVE-2010-0740 CVE-2010-0433
CVE-2010-3864 CVE-2010-2939
--- Oracle (Sun) JRE ---
CVE-2009-3555 CVE-2010-0082 CVE-2010-0084
CVE-2010-0085 CVE-2010-0087 CVE-2010-0088
CVE-2010-0089 CVE-2010-0090 CVE-2010-0091
CVE-2010-0092 CVE-2010-0093 CVE-2010-0094
CVE-2010-0095 CVE-2010-0837 CVE-2010-0838
CVE-2010-0839 CVE-2010-0840 CVE-2010-0841
CVE-2010-0842 CVE-2010-0843 CVE-2010-0844
CVE-2010-0845 CVE-2010-0846 CVE-2010-0847
CVE-2010-0848 CVE-2010-0849 CVE-2010-0850
CVE-2010-0886 CVE-2010-3556 CVE-2010-3566
CVE-2010-3567 CVE-2010-3550 CVE-2010-3561
CVE-2010-3573 CVE-2010-3565 CVE-2010-3568
CVE-2010-3569 CVE-2010-1321 CVE-2010-3548
CVE-2010-3551 CVE-2010-3562 CVE-2010-3571
CVE-2010-3554 CVE-2010-3559 CVE-2010-3572
CVE-2010-3553 CVE-2010-3549 CVE-2010-3557
CVE-2010-3541 CVE-2010-3574
--- pam_krb5 ---
CVE-2008-3825 CVE-2009-1384
- ------------------------------------------------------------------------
1. Summary
Update 1 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere
Hypervisor (ESXi) 4.1, ESXi 4.1, addresses several security issues.
2. Relevant releases
vCenter Server 4.1 without Update 1,
vCenter Update Manager 4.1 without Update 1,
ESXi 4.1 without patch ESXi410-201101201-SG,
ESX 4.1 without patch ESX410-201101201-SG.
3. Problem Description
a. vCenter Server and vCenter Update Manager update Microsoft
SQL Server 2005 Express Edition to Service Pack 3
Microsoft SQL Server 2005 Express Edition (SQL Express)
distributed with vCenter Server 4.1 Update 1 and vCenter Update
Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2
to SQL Express Service Pack 3, to address multiple security
issues that exist in the earlier releases of Microsoft SQL Express.
Customers using other database solutions need not update for
these issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-5416, CVE-2008-0085, CVE-2008-0086,
CVE-2008-0107 and CVE-2008-0106 to the issues addressed in MS SQL
Express Service Pack 3.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.1 Windows Update 1
vCenter 4.0 Windows affected, patch pending
VirtualCenter 2.5 Windows affected, no patch planned
Update Manager 4.1 Windows Update 1
Update Manager 4.0 Windows affected, patch pending
Update Manager 1.0 Windows affected, no patch planned
hosted * any any not affected
ESXi any ESXi not affected
ESX any ESX not affected
* Hosted products are VMware Workstation, Player, ACE, Fusion.
b. vCenter Apache Tomcat Management Application Credential Disclosure
The Apache Tomcat Manager application configuration file contains
logon credentials that can be read by unprivileged local users.
The issue is resolved by removing the Manager application in
vCenter 4.1 Update 1.
If vCenter 4.1 is updated to vCenter 4.1 Update 1 the logon
credentials are not present in the configuration file after the
update.
VMware would like to thank Claudio Criscione of Secure Networking
for reporting this issue to us.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-2928 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.1 Windows Update 1
vCenter 4.0 Windows not affected
VirtualCenter 2.5 Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX any ESX not affected
* hosted products are VMware Workstation, Player, ACE, Fusion.
c. vCenter Server and ESX, Oracle (Sun) JRE is updated to version
1.6.0_21
Oracle (Sun) JRE update to version 1.6.0_21, which addresses
multiple security issues that existed in earlier releases of
Oracle (Sun) JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Oracle (Sun) JRE 1.6.0_19: CVE-2009-3555, CVE-2010-0082,
CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088,
CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092,
CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837,
CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841,
CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845,
CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849,
CVE-2010-0850.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following name to the security issue fixed in
Oracle (Sun) JRE 1.6.0_20: CVE-2010-0886.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.1 Windows Update 1
vCenter 4.0 Windows not applicable **
VirtualCenter 2.5 Windows not applicable **
Update Manager 4.1 Windows not applicable **
Update Manager 4.0 Windows not applicable **
Update Manager 1.0 Windows not applicable **
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201101201-SG
ESX 4.0 ESX not applicable **
ESX 3.5 ESX not applicable **
ESX 3.0.3 ESX not applicable **
* hosted products are VMware Workstation, Player, ACE, Fusion.
** this product uses the Oracle (Sun) JRE 1.5.0 family
d. vCenter Update Manager Oracle (Sun) JRE is updated to version
1.5.0_26
Oracle (Sun) JRE update to version 1.5.0_26, which addresses
multiple security issues that existed in earlier releases of
Oracle (Sun) JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Oracle (Sun) JRE 1.5.0_26: CVE-2010-3556, CVE-2010-3566,
CVE-2010-3567, CVE-2010-3550, CVE-2010-3561, CVE-2010-3573,
CVE-2010-3565,CVE-2010-3568, CVE-2010-3569, CVE-2009-3555,
CVE-2010-1321, CVE-2010-3548, CVE-2010-3551, CVE-2010-3562,
CVE-2010-3571, CVE-2010-3554, CVE-2010-3559, CVE-2010-3572,
CVE-2010-3553, CVE-2010-3549, CVE-2010-3557, CVE-2010-3541,
CVE-2010-3574.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.1 Windows not applicable **
vCenter 4.0 Windows affected, patch pending
VirtualCenter 2.5 Windows affected, no patch planned
Update Manager 4.1 Windows Update 1
Update Manager 4.0 Windows affected, patch pending
Update Manager 1.0 Windows affected, no patch planned
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX not applicable **
ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX affected, no patch planned
ESX 3.0.3 ESX affected, no patch planned
* hosted products are VMware Workstation, Player, ACE, Fusion.
** this product uses the Oracle (Sun) JRE 1.6.0 family
e. vCenter Server and ESX Apache Tomcat updated to version 6.0.28
Apache Tomcat updated to version 6.0.28, which addresses multiple
security issues that existed in earlier releases of Apache Tomcat
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Apache Tomcat 6.0.24: CVE-2009-2693, CVE-2009-2901, CVE-2009-2902,i
and CVE-2009-3548.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the following names to the security issues fixed in
Apache Tomcat 6.0.28: CVE-2010-2227, CVE-2010-1157.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.1 Windows Update 1
vCenter 4.0 Windows affected, patch pending
VirtualCenter 2.5 Windows not applicable **
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201101201-SG
ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX not applicable **
ESX 3.0.3 ESX not applicable **
* hosted products are VMware Workstation, Player, ACE, Fusion.
** this product uses the Apache Tomcat 5.5 family
f. vCenter Server third party component OpenSSL updated to version
0.9.8n
The version of the OpenSSL library in vCenter Server is updated to
0.9.8n.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-0740 and CVE-2010-0433 to the
issues addressed in this version of OpenSSL.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.1 Windows Update 1
vCenter 4.0 Windows affected, patch pending
VirtualCenter 2.5 Windows affected, no patch planned
hosted * any any not applicable
ESXi any ESXi not applicable
ESX any ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
g. ESX third party component OpenSSL updated to version 0.9.8p
The version of the ESX OpenSSL library is updated to 0.9.8p.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-3864 and CVE-2010-2939 to the
issues addressed in this update.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi 4.1 ESXi ESXi410-201101201-SG
ESXi 4.0 ESXi affected, patch pending
ESXi 3.5 ESXi affected, patch pending
ESX 4.1 ESX ESX410-201101201-SG
ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
* hosted products are VMware Workstation, Player, ACE, Fusion.
h. ESXi third party component cURL updated
The version of cURL library in ESXi is updated.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-0734 to the issues addressed in
this update.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi 4.1 ESXi ESXi410-201101201-SG
ESXi 4.0 ESXi affected, patch pending
ESXi 3.5 ESXi affected, patch pending
ESX any ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
i. ESX third party component pam_krb5 updated
The version of pam_krb5 library is updated.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-3825 and CVE-2009-1384 to the
issues addressed in the update.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201101201-SG
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
* hosted products are VMware Workstation, Player, ACE, Fusion.
j. ESX third party update for Service Console kernel
The Service Console kernel is updated to include kernel version
2.6.18-194.11.1.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-1084, CVE-2010-2066, CVE-2010-2070,
CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524,
CVE-2010-0008, CVE-2010-0415, CVE-2010-0437, CVE-2009-4308,
CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-1086,
CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-0291,
CVE-2010-0622, CVE-2010-1087, CVE-2010-1173, CVE-2010-1437,
CVE-2010-1088, CVE-2010-1187, CVE-2010-1436, CVE-2010-1641, and
CVE-2010-3081 to the issues addressed in the update.
Note: This update also addresses the 64-bit compatibility mode
stack pointer underflow issue identified by CVE-2010-3081. This
issue was patched in an ESX 4.1 patch prior to the release of
ESX 4.1 Update 1.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201101201-SG
ESX 4.0 ESX affected, patch pending
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
4. Solution
Please review the patch/release notes for your product and version
and verify the checksum of your downloaded file.
VMware vCenter Server 4.1 Update 1 and modules
----------------------------------------------
http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0
Release Notes:
http://downloads.vmware.com/support/pubs/vs_pages/vsp_pubs_esx41_vc41.html
File type: .iso
md5sum: 729cf247aa5d33ceec431c86377eee1a
sha1sum: c1e10a5fcbc1ae9d13348d43541d574c563d66f0
File type: .zip
md5sum: fd1441bef48a153f2807f6823790e2f0
sha1sum: 31737a816ed1c08ab3a505fb6db2483f49ad7c19
VMware vSphere Client
File type: .exe
md5sum: cb6aa91ada1289575355d79e8c2a9f8e
sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4
ESXi 4.1 Installable Update 1
-----------------------------
http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0
Release Notes:
http://downloads.vmware.com/support/vsphere4/doc/vsp_esxi41_u1_rel_notes.html
http://kb.vmware.com/kb/1027919
File type: .iso
MD5SUM: d68d6c2e040a87cd04cd18c04c22c998
SHA1SUM: bbaacc0d34503822c14f6ccfefb6a5b62d18ae64
ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.1)
File type: .zip
MD5SUM: 2f1e009c046b20042fae3b7ca42a840f
SHA1SUM: 1c9c644012dec657a705ddd3d033cbfb87a1fab1
ESXi 4.1 Update 1 (upgrade ZIP from ESXi 4.0)
File type: .zip
MD5SUM: 67b924618d196dafaf268a7691bd1a0f
SHA1SUM: 9d74b639e703259d9e49c0341158e0d4e45de516
ESXi 4.1 Update 1 (upgrade ZIP from ESXi 3.5)
File type: .zip
MD5SUM: a6024b9f6c6b7b2c629696afc6d07cf4
SHA1SUM: b3841de1a30617ac68d5a861882aa72de3a93488
VMware Tools CD image for Linux Guest OSes
File type: .iso
MD5SUM: dad66fa8ece1dd121c302f45444daa70
SHA1SUM: 56535a2cfa7799607356c6fd0a7d9f041da614af
VMware vSphere Client
File type: .exe
MD5SUM: cb6aa91ada1289575355d79e8c2a9f8e
SHA1SUM: f9e3d8eb83196ae7c31aab554e344a46b722b1e4
ESXi Installable Update 1 contains the following security bulletins:
ESXi410-201101201-SG.
ESX 4.1 Update 1
----------------
http://downloads.vmware.com/d/info/datacenter_downloads/vmware_vsphere_4/4_0
Release Notes:
http://downloads.vmware.com/support/vsphere4/doc/vsp_esx41_u1_rel_notes.html
http://kb.vmware.com/kb/1029353
ESX 4.1 Update 1 (DVD ISO)
File type: .iso
md5sum: b9a275b419a20c7bedf31c0bf64f504e
sha1sum: 2d85edcaca8218013585e1eab00bc80db6d96e11
ESX 4.1 Update 1 (upgrade ZIP from ESX 4.1)
File type: .zip
md5sum: 2d81a87e994aa2b329036f11d90b4c14
sha1sum: c2bfc0cf7ac03d24afd5049ddbd09a865aad1798
Pre-upgrade package for ESX 4.0 to ESX 4.1 Update 1
File type: .zip
md5sum: 75f8cebfd55d8a81deb57c27def963c2
sha1sum: 889c15aa8008fe0e29439d0ab3468c2beb1c4fe2
ESX 4.1 Update 1 (upgrade ZIP from ESX 4.0)
File type: .zip
md5sum: 1dc9035cd10e7e60d27e7a7aef57b4c2
sha1sum: e6d3fb65d83a3e263d0f634a3572025854ff8922
VMware Tools CD image for Linux Guest OSes
File type: .iso
md5sum: dad66fa8ece1dd121c302f45444daa70
sha1sum: 56535a2cfa7799607356c6fd0a7d9f041da614af
VMware vSphere Client
File type: .exe
md5sum: cb6aa91ada1289575355d79e8c2a9f8e
sha1sum: f9e3d8eb83196ae7c31aab554e344a46b722b1e4
ESX410-Update01 contains the following security bulletins:
ESX410-201101201-SG (COS kernel, pam_krb5, cURL, OpenSSL,
Apache Tomcat, Oracle (Sun) JRE) | http://kb.vmware.com/kb/1027904
ESX410-201101226-SG (glibc) | http://kb.vmware.com/kb/1031330
ESX410-Update01 also contains the following non-security bulletins
ESX410-201101211-UG, ESX410-201101213-UG, ESX410-201101215-UG,
ESX410-201101202-UG, ESX410-201101203-UG, ESX410-201101204-UG,
ESX410-201101206-UG, ESX410-201101207-UG, ESX410-201101208-UG,
ESX410-201101214-UG, ESX410-201101216-UG, ESX410-201101217-UG,
ESX410-201101218-UG, ESX410-201101219-UG, ESX410-201101220-UG,
ESX410-201101221-UG, ESX410-201101222-UG, ESX410-201101225-UG.
To install an individual bulletin use esxupdate with the -b option.
5. References
CVE numbers
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0106
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2226
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2521
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2524
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1086
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1085
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1087
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1173
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1436
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3554
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3574
- ------------------------------------------------------------------------
6. Change log
2011-02-10 VMSA-2011-0003
Initial security advisory in conjunction with the release of vCenter
Server 4.1 Update 1, vCenter Update Manager 4.1 Update 1, ESXi 4.1
Update 1, and ESX 4.1 Update 1 on 2011-02-10.
- -----------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2011 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
iEYEARECAAYFAk1U1eoACgkQS2KysvBH1xm3swCfeh4sWvPOubDT1K7QlRj3SjW9
dxYAmwbNLMR9IG/rKZDYh9hqcf4IldCX
=2pVj
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
.
HP System Management Homepage v6.2 or subsequent for Linux (x86), Linux (AMD64/EM64T), and Windows can be downloaded from the following link. The attack is related to the way how TLS and SSL handle
session renegotiations. CVE-2009-3555 has been assigned to this
vulnerability.
As a partial mitigation against this attack, this apache2 update
disables client-initiated renegotiations. The attack is
still possible in configurations where the server initiates the
renegotiation. This is the case for the following configurations
(the information in the changelog of the updated packages is
slightly inaccurate):
- - The "SSLVerifyClient" directive is used in a Directory or Location
context.
- - The "SSLCipherSuite" directive is used in a Directory or Location
context.
As a workaround, you may rearrange your configuration in a way that
SSLVerifyClient and SSLCipherSuite are only used on the server or
virtual host level.
A complete fix for the problem will require a protocol change. Further
information will be included in a separate announcement about this
issue.
In addition, this update fixes the following issues in Apache's
mod_proxy_ftp:
CVE-2009-3094: Insufficient input validation in the mod_proxy_ftp
module allowed remote FTP servers to cause a denial of service (NULL
pointer dereference and child process crash) via a malformed reply to
an EPSV command.
CVE-2009-3095: Insufficient input validation in the mod_proxy_ftp
module allowed remote authenticated attackers to bypass intended access
restrictions and send arbitrary FTP commands to an FTP server.
For the stable distribution (lenny), these problems have been fixed in
version 2.2.9-10+lenny6. This version also includes some non-security
bug fixes that were scheduled for inclusion in the next stable point
release (Debian 5.0.4).
The oldstable distribution (etch), these problems have been fixed in
version 2.2.3-4+etch11.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems will be fixed in version 2.2.14-2.
This advisory also provides updated apache2-mpm-itk packages which
have been recompiled against the new apache2 packages.
Updated apache2-mpm-itk packages for the armel architecture are not
included yet.
We recommend that you upgrade your apache2 and apache2-mpm-itk packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch (oldstable)
- -------------------------------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.dsc
Size/MD5 checksum: 1071 dff8f31d88ede35bb87f92743d2db202
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3.orig.tar.gz
Size/MD5 checksum: 6342475 f72ffb176e2dc7b322be16508c09f63c
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.diff.gz
Size/MD5 checksum: 124890 c9b197b2a4bade4e92f3c65b88eea614
Architecture independent packages:
http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.3-4+etch11_all.deb
Size/MD5 checksum: 2247064 357f2daba8360eaf00b0157326c4d258
http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.3-4+etch11_all.deb
Size/MD5 checksum: 6668542 043a6a14dc48aae5fa8101715f4ddf81
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11_all.deb
Size/MD5 checksum: 41626 27661a99c55641d534a5ffe4ea828c4b
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch11_all.deb
Size/MD5 checksum: 275872 8ff0ac120a46e235a9253df6be09e4d5
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_alpha.deb
Size/MD5 checksum: 346016 02b337e48ef627e13d79ad3919bc380d
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_alpha.deb
Size/MD5 checksum: 407682 f01d7e23f206baed1e42c60e15fe240f
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_alpha.deb
Size/MD5 checksum: 1017408 1c8dccbed0a309ed0b74b83667f1d587
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_alpha.deb
Size/MD5 checksum: 449704 b227ff8c9bceaa81488fec48b81f18f6
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_alpha.deb
Size/MD5 checksum: 450266 766ba095925ee31c175716084f41b3cf
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_alpha.deb
Size/MD5 checksum: 444898 3b1d9a9531c82872d36ce295d6cba581
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_alpha.deb
Size/MD5 checksum: 407030 eedabbc4930b3c14012f57ec7956847b
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_alpha.deb
Size/MD5 checksum: 184920 2d152290678598aeacd32564c2ec37c2
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_amd64.deb
Size/MD5 checksum: 409010 15d5dda7eb1e9e8d406cd9ff4b25e60f
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_amd64.deb
Size/MD5 checksum: 408330 0bf271280295146f4ded8c02335e8fc1
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_amd64.deb
Size/MD5 checksum: 1000068 f92b3deafb9ce263d0d66b753231a003
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_amd64.deb
Size/MD5 checksum: 436268 9ef6b02f0ecf9905c14114a464c86f80
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_amd64.deb
Size/MD5 checksum: 432320 b734b0c2f1d2177a828cff7d8e34d17c
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_amd64.deb
Size/MD5 checksum: 342152 ef061f914027b41b788a31758d7c4e96
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_amd64.deb
Size/MD5 checksum: 436766 deb97a3637ae8be3e016e37c038bc470
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_amd64.deb
Size/MD5 checksum: 172802 0550f661c804ef0c0ec31e1928f5f97d
arm architecture (ARM)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_arm.deb
Size/MD5 checksum: 421056 b55b215aee8398e6388a73b421229db7
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_arm.deb
Size/MD5 checksum: 408940 8782732ef6487ef268abf2856ec5e2c0
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_arm.deb
Size/MD5 checksum: 408140 f3627e52eaf7a011a5a624ea25fa058b
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_arm.deb
Size/MD5 checksum: 968448 ac1354c562e7969e47561f4cba3a859b
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_arm.deb
Size/MD5 checksum: 346166 a8729d03737330075908c2b8b2f5ce0b
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_arm.deb
Size/MD5 checksum: 157634 53c277ca7e52e7e60a523183e87beec3
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_arm.deb
Size/MD5 checksum: 421782 b17f7ce0bfd6fee4877d9bccaf82770e
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_arm.deb
Size/MD5 checksum: 417026 03b845039bf49fba64f064acda350f43
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_hppa.deb
Size/MD5 checksum: 444058 16fb9ac5807fcf161321ffc8467e963d
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_hppa.deb
Size/MD5 checksum: 179532 b1f7b89ac1e830b72e30c9476b813263
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_hppa.deb
Size/MD5 checksum: 352116 f34f19a1bf40a37695ac0aeb3f5b6d10
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_hppa.deb
Size/MD5 checksum: 443324 e7106e9195fcd9f34ced7bccb009cbb7
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_hppa.deb
Size/MD5 checksum: 1078948 29a60062b3f7676f768dda1d4cdb78fd
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_hppa.deb
Size/MD5 checksum: 439968 6ff5b95ba06596c04f2fc7dc3adac7ac
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_hppa.deb
Size/MD5 checksum: 410880 28ce1d24c4e152624c38330d34781636
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_hppa.deb
Size/MD5 checksum: 409994 2ce21d9fc51fbbeb5e05ac7c418d7e11
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_i386.deb
Size/MD5 checksum: 409776 04bafa059e90c14851f290c02fc7a29e
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_i386.deb
Size/MD5 checksum: 963818 f2755fd250837dd878a24ffc8527855d
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_i386.deb
Size/MD5 checksum: 425034 fc0b075a77853494886719b1bf4d7092
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_i386.deb
Size/MD5 checksum: 421206 d2758678dc6dcfb2298a5e69dbd199d0
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_i386.deb
Size/MD5 checksum: 425510 5df035120241567d62ba4154a7ade25f
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_i386.deb
Size/MD5 checksum: 161256 614f006996e6309829bf7c80bb95e3ed
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_i386.deb
Size/MD5 checksum: 410518 833b5256083de5f76d83354f63916af2
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_i386.deb
Size/MD5 checksum: 343876 435638e472ccb187c7713f96840cf156
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_ia64.deb
Size/MD5 checksum: 407664 9929d570df08ea81c10235d8cfad8cec
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_ia64.deb
Size/MD5 checksum: 231808 505ed0109a851680126951f228f4ed40
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_ia64.deb
Size/MD5 checksum: 491120 d1ef23e9bbd457b1c30d50234050b112
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_ia64.deb
Size/MD5 checksum: 498202 f430c9b4231122f996799b45d68596a3
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_ia64.deb
Size/MD5 checksum: 407018 f721b04b90b8b2b5ec76916488395bdd
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_ia64.deb
Size/MD5 checksum: 360664 08763e41786b3c5b28cf3e27d234419d
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_ia64.deb
Size/MD5 checksum: 497388 6ef80d442fbf5046e78b9b2a0637adb9
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_ia64.deb
Size/MD5 checksum: 1204566 d1cc5f38e5683c539db6673611585b67
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mips.deb
Size/MD5 checksum: 430112 01c3cf5fc888bff3967c95736b3caf40
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mips.deb
Size/MD5 checksum: 407674 688656128f0f46e8b35da61d731e244f
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mips.deb
Size/MD5 checksum: 434122 791a223b58a6a3a00fdd5517decc6ff2
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mips.deb
Size/MD5 checksum: 951736 68a93c433a24dd42b461907c2b61c6d2
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mips.deb
Size/MD5 checksum: 407022 10cf7a6fa3ad60183a80b7fddc08ed98
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mips.deb
Size/MD5 checksum: 350066 ab3498abf9ddc41f0665be9c2912beab
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mips.deb
Size/MD5 checksum: 434784 2d07f9376a7c7eb6229e0c5238e604fc
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mips.deb
Size/MD5 checksum: 169932 db0ecd6b89594ecbff3bacd9d184f808
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mipsel.deb
Size/MD5 checksum: 428958 3c7b9e69ccbeb0db17d437ece3717b65
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mipsel.deb
Size/MD5 checksum: 407040 61a67a76dd0acfaeb747d5ee745cb3fa
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mipsel.deb
Size/MD5 checksum: 433736 74adf126949edfd4b1af734b3a8255f8
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mipsel.deb
Size/MD5 checksum: 951730 3c9d5a12163e7d1c939d26829a4454f1
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mipsel.deb
Size/MD5 checksum: 407694 0297490b8b4aff5e1a4527a9c897fbee
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mipsel.deb
Size/MD5 checksum: 350302 843a3c227ba43dc4b882c96cad62a6eb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mipsel.deb
Size/MD5 checksum: 434220 b18b6688a18a11d7bfa20d486c13ae64
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mipsel.deb
Size/MD5 checksum: 168814 6eedc4fb9e8027cf6d11c427a1cc4f8c
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_powerpc.deb
Size/MD5 checksum: 1061292 0a43b7054755c361229d5e14db9c3156
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_powerpc.deb
Size/MD5 checksum: 432806 ebe9b3113da3361dabf67acd291f9d93
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_powerpc.deb
Size/MD5 checksum: 168374 ab7eb4de4a4c224a94698ebb67f627ea
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_powerpc.deb
Size/MD5 checksum: 433416 0c53941e7e8765780e4e4a71f81a592b
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_powerpc.deb
Size/MD5 checksum: 354920 0682a419e0d59ff5a2af1f322991b157
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_powerpc.deb
Size/MD5 checksum: 410150 69ddc8b0b8ec235e65eabde0adbc1db7
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_powerpc.deb
Size/MD5 checksum: 428826 f556fd9726b4c66bbe6fdc05b84d9918
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_powerpc.deb
Size/MD5 checksum: 409396 d4b779470977873916bff7353829f172
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_s390.deb
Size/MD5 checksum: 437364 0d844765789f2fcc4cf0c24e755b4c3d
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_s390.deb
Size/MD5 checksum: 994710 63d476187cc9eed384ff792ce8b6f471
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_s390.deb
Size/MD5 checksum: 443278 114375b6439d8a9cf344dd4829c7b6d2
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_s390.deb
Size/MD5 checksum: 407682 e0db3031b4bb381a0f3178569d4c514a
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_s390.deb
Size/MD5 checksum: 442268 219d9f7f67d2a53a3c3e700c68a6d682
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_s390.deb
Size/MD5 checksum: 348624 ac97c9840e0cb11a1cf1e44fd1875015
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_s390.deb
Size/MD5 checksum: 407026 6233c65e8860b416d7a6265ae2c2eda4
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_s390.deb
Size/MD5 checksum: 177986 634687237fd58d539bc9492415a94b77
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_sparc.deb
Size/MD5 checksum: 418896 96bdf44ad9d8c1d86ee3aaf383c9dcce
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_sparc.deb
Size/MD5 checksum: 412078 c9aab17ccba1846ea02df78f636a28a6
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_sparc.deb
Size/MD5 checksum: 342696 7dd353d553f6a495c506b22f60ff2a0d
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_sparc.deb
Size/MD5 checksum: 158054 60de9a240c905bdb6ffa0ab6c032096d
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_sparc.deb
Size/MD5 checksum: 422966 edb7194c73d08c0bdb1eed6bd19ceb53
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_sparc.deb
Size/MD5 checksum: 422444 ad0a85ada33d687e1fc67b0fa3c40244
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_sparc.deb
Size/MD5 checksum: 960150 0dae013a3e07502409918ff649cb1375
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_sparc.deb
Size/MD5 checksum: 411290 88e769a08329b6728c6fd0770d241874
Debian GNU/Linux 5.0 alias lenny (stable)
- -----------------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz
Size/MD5 checksum: 6396996 80d3754fc278338033296f0d41ef2c04
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.dsc
Size/MD5 checksum: 1673 f6846ac2d9cbd7887629a9c503154310
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.diff.gz
Size/MD5 checksum: 145719 fd456ef168b7f1ca1055ffbca1df53db
Architecture independent packages:
http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny6_all.deb
Size/MD5 checksum: 2060318 c2499fa1040a9ace89c1a969de4db870
http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny6_all.deb
Size/MD5 checksum: 6736558 e09131a305cf2e51d3c14ed7c1beaf5d
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6_all.deb
Size/MD5 checksum: 45238 922ce7e9d14885bab9c9cbbfab99fbd3
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 209720 29861b61a3ae0912a7eb1ba2096b0421
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 84444 af60f321516a06fc9588433ba2c1a88e
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 256598 730d50c0f57ba7aad84e6897217bf42d
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 2402082 b932e642a152e30f948437d7313d2dcf
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 82728 bb04bbeae7865acad1ae89e943702623
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_alpha.deb
Size/MD5 checksum: 198236 61b2f1529a056145d9ea8a87c5c5e8c0
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 208690 f6d15e0b6fa15a3738e9130b4044ce37
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 849014 dddd323a55b010c29a8626194b71a7a1
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 147844 40f11b60e0f5154680f16c1c67943101
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 261662 7b88269d9ce2877809a0f47daa4e756d
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_alpha.deb
Size/MD5 checksum: 262336 eced46181f89a7f8ee636c0dce4789f7
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 210246 bb629f54f383bfcce66a6bf0bc1a2b6d
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 825462 051201fb8baa9a7a961961dd5082929a
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 257694 3b8c5bff06a870ccd062ce53771a43a4
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 211268 5e07756440fecd3a3ee3815a6cff3ff5
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 258424 92c5467fbef1d4da6803507b679df099
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 82532 40718aa8ebb6532404fad4b5ee2a1e09
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 84140 743b1e0fd988539a7346bddbcd573767
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 253708 bcc5c9f767c1e62913af45827f04b83f
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_amd64.deb
Size/MD5 checksum: 195214 42f4650b895a51b853c253bbbd1e2cc0
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 2455308 9b8792a5defa5193d825d31dc47b43f2
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_amd64.deb
Size/MD5 checksum: 144980 240232c2f4932579c60ecee786c0af26
arm architecture (ARM)
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 224760 9615e8207a01d2759de57b58cd885286
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 83230 c840cb7342a3a83e0587fd3baacce760
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 2327178 39819fd5f56728620aaefdbe10887c2b
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 147202 f7ebf064272389cf2dd7db7bfe3ff267
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_arm.deb
Size/MD5 checksum: 161596 b7a2763998f12394ecae68df6ec73fbb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 223898 fbd3f6bc3340643f55862e5b14947345
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 786918 a142a6fbee216aaa87378bdc53773eb2
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 209812 2e4b61b494abdd8e52b219456a82e499
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 219946 4ac3564788d25b492a833e2df463b41e
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 81412 abe1efff8619aac89534c3f4d57c5356
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_arm.deb
Size/MD5 checksum: 211008 865b518f1a18de1020feb2212b137a6c
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 212612 2b8654bdda7346a2a7804800e9a11d8e
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 802766 535b466511548a5264b0da3a3a348381
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 226068 8921ab3294cf45178f3b90fd51fbafc3
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 213694 38498cbd15341da4279e4193a4708c6c
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 226354 57f22f55c3ca485b5974e1f2a4ef1414
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 83934 6a6a2de840f638874d8ae05611f142b9
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 82284 b225eb7806650013baccae619ad08f2b
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 2340926 83bb45aa97542f6f796780c8a2d24c8b
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 221894 872e3f1df2080a84cca36f48e6c8e575
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_armel.deb
Size/MD5 checksum: 151226 3172e8ba667991da2881ea6a7b2781cc
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 84022 f603a1c369bbc7d05efe1ad99325e020
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 153048 0568fcb47c9cad398c7fd7abe2276828
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 82214 f27d31e710ba6640471c47a6fc240aad
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 246406 f18257777ba62d65ceb3aa4842415c74
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 241578 e71e710d7889e79b85e4c20b539a4d26
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 211730 a9913999aac5559db1e75835d87a2efd
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 896810 e8e2d9459750e5d9be76c00923a25696
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 245816 6a876fb502903c7bfcb5a4b8dad71a7a
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 213028 f072f0ca44edc122c1b3e1da847f1c8c
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_hppa.deb
Size/MD5 checksum: 183316 41a32b0fd061c4f2afbd740af5e8325a
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_hppa.deb
Size/MD5 checksum: 2385020 366e6e9bd1dec0ba6a784813785f13d3
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 82366 ab10d1ab26c914777c5296fe9ccfe027
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 241326 2ee9101bf92fcac69249094b3ca11e2a
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 240776 43a654cf0439fc97997a57baec5e2995
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 84104 f73a1bff0a8a4426e63803c4e5c67c60
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 783440 053ba7ef4fbb56547200c32c35ac8a0e
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 143414 c20c10a3eadac1c494a5750888875800
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 237396 06841f14531fab0adb92177af849c8be
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 211420 69c67bd0052c70322924b901ba5f5428
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 2324892 87c51cc1fb8ae2532adcfa601a7b5af4
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_i386.deb
Size/MD5 checksum: 212726 11b86a68880fa98a130e449dec0fbbcc
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_i386.deb
Size/MD5 checksum: 179396 4ae5716372fe19991b0d8a4cc751d45f
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 162732 0a9a153e3703f9dbd33e325d67373bce
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_ia64.deb
Size/MD5 checksum: 247068 39445ee73d2076bfa589a5840a3d6024
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 1036624 80b366704dc888c2bea8d84c316faf33
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 208668 c2b06d3c767fa737fbf5e1c3d50d001c
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 311692 77ff8879c2853c4b33903299ec3120c8
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 312616 1c20b667ebbd43b0ee1b01cd1cdd991d
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 83920 a383c7aef1758f963c019793af7b5f92
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 2317952 803f0b941814cbbc49f4e37bc3b9ca95
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 209700 59ab45d2c7c2168a941ff2fc842268e1
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 304670 067ece69f8b9518f9b18cd948c4df971
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_ia64.deb
Size/MD5 checksum: 85802 9294d252435e8026d6135bf8efdfaf46
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 2465158 a36366e07810785cd1f2dc3b020d3486
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 780460 a5daeb91029f3b027a810ee22456ebd3
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 233408 ec9001ee4c996d0b14a9e67d9ce380ec
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 82082 1fc55f0526e3bf90c2156364055a1627
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mips.deb
Size/MD5 checksum: 171444 789208a77578e49ebca9be904c99aff3
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 83688 8612d0c31dee19c557723b08354c20d7
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 149712 ac8ddf3ab4a3b0fb255adbc588e57305
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 209718 8af3815f7794f4e60d72ba52d3bd19c4
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 229494 c2ef345862009f2a2b979205fec22567
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 208698 246c0001aaa98be577f6c5f004330285
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mips.deb
Size/MD5 checksum: 233980 ce7b3760443a98b0ddc0607a7a9842bf
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 228110 e45b1c3294102e26eee671b860f4aabc
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 208710 1403636fff03ab43353cdffdef62ffd7
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 83708 9b1c257025920f6dd0a7a2b231c97141
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 209740 546504d6f0a2a449e9bcd618f4700ce5
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 82128 31209b35ecb423f2d88347df6c08eddb
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 2420074 b57ff2a01ee7f29d0dcba4214dc7fc21
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 232140 3dfff4c54077cb221e19533f19538834
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 778974 d9d0084ea48aaa56d2f99c632711d084
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mipsel.deb
Size/MD5 checksum: 169470 f04a239ba4f1d6ae4ff8ce0960f784fd
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 232796 8ced513dc28d7165fd76076803b98188
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mipsel.deb
Size/MD5 checksum: 150024 c2a66c2c63eeb66df98b136cceadc780
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 84570 b43f074242385089dda2aae2e9ae1595
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 915976 723f3349b829894595b913099f06ecc2
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 257408 c4bab781417526a0dfdb2240ab2fef07
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 2495210 6fb817120bcb095006fd09d2318f28ee
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_powerpc.deb
Size/MD5 checksum: 195192 6b4d950e48c6cdfd00d403e42b719b40
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 208684 ece82cc979cff6832d51a6caf51f38b5
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 82908 c54a24103b503b5de1b27993ee33610f
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 160960 361e2bae65d5f1303073d8e4d88ccdb7
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 209714 81fbc6671b2d4137dc52232e9d572ea9
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 258234 6dbd57dc907e93b5e9dcd3058e99b30f
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_powerpc.deb
Size/MD5 checksum: 253294 696e2e9219d6e029c0c6f024045a4d5f
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 82544 4e332ccedffd13b1e7b866fe71cf8a9b
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_s390.deb
Size/MD5 checksum: 197642 e32a924a47b90452356956e3fe39d34e
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 255970 197eea5c422ecf37ec592bf9612c3b2f
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 208694 33dddaec24eb4475411eb55abb5d5e71
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 150912 2aa00b2fb3b84a536030f5b5635115bc
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 209726 cf54089c8a33087820f8c9359e461625
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 2409108 1b6e40f5d2772a0a1f26424f4b470136
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 824586 ff52926d953f8b5cbde82ac31176dedb
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 259924 655aca8f56383ebd106ded50d8f557ea
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 260610 12751082d3f1466735d1b3d395d63690
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_s390.deb
Size/MD5 checksum: 84310 9aa451ccb1513c05f4ccc0319124181e
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 2231018 fcdbb08c45ff474592590fac0aa78dac
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 84568 6dcf4195e216a22ef2919806d55d5098
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 237224 9bf96cc5f932643b1c55c6a9fa238af1
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 241474 ed8557af547d9d55a075fca5cf88488d
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 82888 bde0baf83e2e972b398be6a500f77125
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_sparc.deb
Size/MD5 checksum: 177562 09cbb49296407c83ef1575b003dfb129
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 241014 2c10b920cdfec918af3eb148e29fca0f
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 212798 28edff7612bb824fc20d88c29b8b7e1f
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 781748 63e7003956d73b1a04e544c00eaa7728
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 213976 b7e758d0a2e6574944d27e2d6e40f60c
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_sparc.deb
Size/MD5 checksum: 146596 c37cea33bed94a68326b511a66bf050e
These files will probably be moved into the stable distribution on
its next update. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201406-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: IcedTea JDK: Multiple vulnerabilities
Date: June 29, 2014
Bugs: #312297, #330205, #340819, #346799, #352035, #353418,
#354231, #355127, #370787, #387637, #404095, #421031,
#429522, #433389, #438750, #442478, #457206, #458410,
#461714, #466822, #477210, #489570, #508270
ID: 201406-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in the IcedTea JDK, the worst
of which could lead to arbitrary code execution.
Background
==========
IcedTea is a distribution of the Java OpenJDK source code built with
free build tools.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/icedtea-bin < 6.1.13.3 >= 6.1.13.3
Description
===========
Multiple vulnerabilities have been discovered in the IcedTea JDK.
Please review the CVE identifiers referenced below for details.
Resolution
==========
All IcedTea JDK users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-6.1.13.3"
References
==========
[ 1 ] CVE-2009-3555
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555
[ 2 ] CVE-2010-2548
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2548
[ 3 ] CVE-2010-2783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2783
[ 4 ] CVE-2010-3541
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541
[ 5 ] CVE-2010-3548
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548
[ 6 ] CVE-2010-3549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549
[ 7 ] CVE-2010-3551
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551
[ 8 ] CVE-2010-3553
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553
[ 9 ] CVE-2010-3554
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554
[ 10 ] CVE-2010-3557
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557
[ 11 ] CVE-2010-3561
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561
[ 12 ] CVE-2010-3562
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562
[ 13 ] CVE-2010-3564
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3564
[ 14 ] CVE-2010-3565
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565
[ 15 ] CVE-2010-3566
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566
[ 16 ] CVE-2010-3567
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567
[ 17 ] CVE-2010-3568
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568
[ 18 ] CVE-2010-3569
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569
[ 19 ] CVE-2010-3573
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573
[ 20 ] CVE-2010-3574
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574
[ 21 ] CVE-2010-3860
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3860
[ 22 ] CVE-2010-4351
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4351
[ 23 ] CVE-2010-4448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448
[ 24 ] CVE-2010-4450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450
[ 25 ] CVE-2010-4465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465
[ 26 ] CVE-2010-4467
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467
[ 27 ] CVE-2010-4469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469
[ 28 ] CVE-2010-4470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470
[ 29 ] CVE-2010-4471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471
[ 30 ] CVE-2010-4472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472
[ 31 ] CVE-2010-4476
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476
[ 32 ] CVE-2011-0025
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0025
[ 33 ] CVE-2011-0706
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0706
[ 34 ] CVE-2011-0815
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815
[ 35 ] CVE-2011-0822
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0822
[ 36 ] CVE-2011-0862
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862
[ 37 ] CVE-2011-0864
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864
[ 38 ] CVE-2011-0865
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865
[ 39 ] CVE-2011-0868
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868
[ 40 ] CVE-2011-0869
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869
[ 41 ] CVE-2011-0870
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0870
[ 42 ] CVE-2011-0871
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871
[ 43 ] CVE-2011-0872
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872
[ 44 ] CVE-2011-3389
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389
[ 45 ] CVE-2011-3521
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521
[ 46 ] CVE-2011-3544
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544
[ 47 ] CVE-2011-3547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547
[ 48 ] CVE-2011-3548
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548
[ 49 ] CVE-2011-3551
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551
[ 50 ] CVE-2011-3552
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552
[ 51 ] CVE-2011-3553
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553
[ 52 ] CVE-2011-3554
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554
[ 53 ] CVE-2011-3556
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556
[ 54 ] CVE-2011-3557
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557
[ 55 ] CVE-2011-3558
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558
[ 56 ] CVE-2011-3560
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560
[ 57 ] CVE-2011-3563
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563
[ 58 ] CVE-2011-3571
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3571
[ 59 ] CVE-2011-5035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035
[ 60 ] CVE-2012-0497
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497
[ 61 ] CVE-2012-0501
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501
[ 62 ] CVE-2012-0502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502
[ 63 ] CVE-2012-0503
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503
[ 64 ] CVE-2012-0505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505
[ 65 ] CVE-2012-0506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506
[ 66 ] CVE-2012-0547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547
[ 67 ] CVE-2012-1711
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711
[ 68 ] CVE-2012-1713
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713
[ 69 ] CVE-2012-1716
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716
[ 70 ] CVE-2012-1717
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717
[ 71 ] CVE-2012-1718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718
[ 72 ] CVE-2012-1719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719
[ 73 ] CVE-2012-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723
[ 74 ] CVE-2012-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724
[ 75 ] CVE-2012-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725
[ 76 ] CVE-2012-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726
[ 77 ] CVE-2012-3216
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216
[ 78 ] CVE-2012-3422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3422
[ 79 ] CVE-2012-3423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3423
[ 80 ] CVE-2012-4416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416
[ 81 ] CVE-2012-4540
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4540
[ 82 ] CVE-2012-5068
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068
[ 83 ] CVE-2012-5069
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069
[ 84 ] CVE-2012-5070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070
[ 85 ] CVE-2012-5071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071
[ 86 ] CVE-2012-5072
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072
[ 87 ] CVE-2012-5073
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073
[ 88 ] CVE-2012-5074
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074
[ 89 ] CVE-2012-5075
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075
[ 90 ] CVE-2012-5076
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076
[ 91 ] CVE-2012-5077
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077
[ 92 ] CVE-2012-5081
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081
[ 93 ] CVE-2012-5084
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084
[ 94 ] CVE-2012-5085
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085
[ 95 ] CVE-2012-5086
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086
[ 96 ] CVE-2012-5087
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087
[ 97 ] CVE-2012-5089
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089
[ 98 ] CVE-2012-5979
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5979
[ 99 ] CVE-2013-0169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169
[ 100 ] CVE-2013-0401
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401
[ 101 ] CVE-2013-0424
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0424
[ 102 ] CVE-2013-0425
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0425
[ 103 ] CVE-2013-0426
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0426
[ 104 ] CVE-2013-0427
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0427
[ 105 ] CVE-2013-0428
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0428
[ 106 ] CVE-2013-0429
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0429
[ 107 ] CVE-2013-0431
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0431
[ 108 ] CVE-2013-0432
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0432
[ 109 ] CVE-2013-0433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0433
[ 110 ] CVE-2013-0434
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0434
[ 111 ] CVE-2013-0435
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0435
[ 112 ] CVE-2013-0440
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0440
[ 113 ] CVE-2013-0441
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0441
[ 114 ] CVE-2013-0442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0442
[ 115 ] CVE-2013-0443
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0443
[ 116 ] CVE-2013-0444
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0444
[ 117 ] CVE-2013-0450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0450
[ 118 ] CVE-2013-0809
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809
[ 119 ] CVE-2013-1475
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1475
[ 120 ] CVE-2013-1476
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1476
[ 121 ] CVE-2013-1478
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1478
[ 122 ] CVE-2013-1480
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1480
[ 123 ] CVE-2013-1484
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484
[ 124 ] CVE-2013-1485
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485
[ 125 ] CVE-2013-1486
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486
[ 126 ] CVE-2013-1488
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488
[ 127 ] CVE-2013-1493
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493
[ 128 ] CVE-2013-1500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500
[ 129 ] CVE-2013-1518
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518
[ 130 ] CVE-2013-1537
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537
[ 131 ] CVE-2013-1557
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557
[ 132 ] CVE-2013-1569
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569
[ 133 ] CVE-2013-1571
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571
[ 134 ] CVE-2013-2383
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383
[ 135 ] CVE-2013-2384
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384
[ 136 ] CVE-2013-2407
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407
[ 137 ] CVE-2013-2412
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412
[ 138 ] CVE-2013-2415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415
[ 139 ] CVE-2013-2417
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417
[ 140 ] CVE-2013-2419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419
[ 141 ] CVE-2013-2420
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420
[ 142 ] CVE-2013-2421
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421
[ 143 ] CVE-2013-2422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422
[ 144 ] CVE-2013-2423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423
[ 145 ] CVE-2013-2424
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424
[ 146 ] CVE-2013-2426
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426
[ 147 ] CVE-2013-2429
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429
[ 148 ] CVE-2013-2430
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430
[ 149 ] CVE-2013-2431
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431
[ 150 ] CVE-2013-2436
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436
[ 151 ] CVE-2013-2443
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443
[ 152 ] CVE-2013-2444
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444
[ 153 ] CVE-2013-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445
[ 154 ] CVE-2013-2446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446
[ 155 ] CVE-2013-2447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447
[ 156 ] CVE-2013-2448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448
[ 157 ] CVE-2013-2449
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449
[ 158 ] CVE-2013-2450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450
[ 159 ] CVE-2013-2451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451
[ 160 ] CVE-2013-2452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452
[ 161 ] CVE-2013-2453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453
[ 162 ] CVE-2013-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454
[ 163 ] CVE-2013-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455
[ 164 ] CVE-2013-2456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456
[ 165 ] CVE-2013-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457
[ 166 ] CVE-2013-2458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458
[ 167 ] CVE-2013-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459
[ 168 ] CVE-2013-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460
[ 169 ] CVE-2013-2461
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461
[ 170 ] CVE-2013-2463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463
[ 171 ] CVE-2013-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465
[ 172 ] CVE-2013-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469
[ 173 ] CVE-2013-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470
[ 174 ] CVE-2013-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471
[ 175 ] CVE-2013-2472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472
[ 176 ] CVE-2013-2473
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473
[ 177 ] CVE-2013-3829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829
[ 178 ] CVE-2013-4002
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4002
[ 179 ] CVE-2013-5772
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772
[ 180 ] CVE-2013-5774
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774
[ 181 ] CVE-2013-5778
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778
[ 182 ] CVE-2013-5780
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780
[ 183 ] CVE-2013-5782
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782
[ 184 ] CVE-2013-5783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783
[ 185 ] CVE-2013-5784
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784
[ 186 ] CVE-2013-5790
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790
[ 187 ] CVE-2013-5797
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797
[ 188 ] CVE-2013-5800
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800
[ 189 ] CVE-2013-5802
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802
[ 190 ] CVE-2013-5803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803
[ 191 ] CVE-2013-5804
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804
[ 192 ] CVE-2013-5805
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805
[ 193 ] CVE-2013-5806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806
[ 194 ] CVE-2013-5809
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809
[ 195 ] CVE-2013-5814
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814
[ 196 ] CVE-2013-5817
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817
[ 197 ] CVE-2013-5820
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820
[ 198 ] CVE-2013-5823
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823
[ 199 ] CVE-2013-5825
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825
[ 200 ] CVE-2013-5829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829
[ 201 ] CVE-2013-5830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830
[ 202 ] CVE-2013-5840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840
[ 203 ] CVE-2013-5842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842
[ 204 ] CVE-2013-5849
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849
[ 205 ] CVE-2013-5850
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850
[ 206 ] CVE-2013-5851
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851
[ 207 ] CVE-2013-6629
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6629
[ 208 ] CVE-2013-6954
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6954
[ 209 ] CVE-2014-0429
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429
[ 210 ] CVE-2014-0446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446
[ 211 ] CVE-2014-0451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451
[ 212 ] CVE-2014-0452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452
[ 213 ] CVE-2014-0453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453
[ 214 ] CVE-2014-0456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456
[ 215 ] CVE-2014-0457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457
[ 216 ] CVE-2014-0458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458
[ 217 ] CVE-2014-0459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459
[ 218 ] CVE-2014-0460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460
[ 219 ] CVE-2014-0461
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461
[ 220 ] CVE-2014-1876
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1876
[ 221 ] CVE-2014-2397
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397
[ 222 ] CVE-2014-2398
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398
[ 223 ] CVE-2014-2403
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403
[ 224 ] CVE-2014-2412
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412
[ 225 ] CVE-2014-2414
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414
[ 226 ] CVE-2014-2421
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421
[ 227 ] CVE-2014-2423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423
[ 228 ] CVE-2014-2427
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201406-32.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
Corrected: 2009-12-03 09:18:40 UTC (RELENG_8, 8.0-STABLE)
2009-12-03 09:18:40 UTC (RELENG_8_0, 8.0-RELEASE-p1)
2009-12-03 09:18:40 UTC (RELENG_7, 7.2-STABLE)
2009-12-03 09:18:40 UTC (RELENG_7_2, 7.2-RELEASE-p5)
2009-12-03 09:18:40 UTC (RELENG_7_1, 7.1-RELEASE-p9)
2009-12-03 09:18:40 UTC (RELENG_6, 6.4-STABLE)
2009-12-03 09:18:40 UTC (RELENG_6_4, 6.4-RELEASE-p8)
2009-12-03 09:18:40 UTC (RELENG_6_3, 6.3-RELEASE-p14)
CVE Name: CVE-2009-3555
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>. Background
The SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols
provide a secure communications layer over which other protocols can be
utilized. The most widespread use of SSL/TLS is to add security to the
HTTP protocol, thus producing HTTPS.
FreeBSD includes software from the OpenSSL Project which implements SSL
and TLS.
II. Problem Description
The SSL version 3 and TLS protocols support session renegotiation without
cryptographically tying the new session parameters to the old parameters.
III. This can be exploited in several ways, including:
* Causing a server to interpret incoming messages as having been sent
under the auspices of a client SSL key when in fact they were not;
* Causing a client request to be appended to an attacker-supplied
request, potentially revealing to the attacker the contents of the client
request (including any authentication parameters); and
* Causing a client to receive a response to an attacker-supplied request
instead of a response to the request sent by the client.
IV. Solution
NOTE WELL: This update causes OpenSSL to reject any attempt to renegotiate
SSL / TLS session parameters. As a result, connections in which the other
party attempts to renegotiate session parameters will break.
Perform one of the following:
1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE, or 8-STABLE, or to
the RELENG_8_0, RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security
branch dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 6.3, 6.4,
7.1, 7.2, and 8.0 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-09:15/ssl.patch
# fetch http://security.FreeBSD.org/patches/SA-09:15/ssl.patch.asc
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/secure/lib/libcrypto
# make obj && make depend && make includes && make && make install
NOTE: On the amd64 platform, the above procedure will not update the
lib32 (i386 compatibility) libraries. On amd64 systems where the i386
compatibility libraries are used, the operating system should instead
be recompiled as described in
<URL:http://www.FreeBSD.org/handbook/makeworld.html>
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_6
src/crypto/openssl/ssl/s3_pkt.c 1.1.1.10.2.1
src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.3
src/crypto/openssl/ssl/s3_lib.c 1.1.1.10.2.1
RELENG_6_4
src/UPDATING 1.416.2.40.2.12
src/sys/conf/newvers.sh 1.69.2.18.2.14
src/crypto/openssl/ssl/s3_pkt.c 1.1.1.10.12.1
src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.6.2
src/crypto/openssl/ssl/s3_lib.c 1.1.1.10.12.1
RELENG_6_3
src/UPDATING 1.416.2.37.2.19
src/sys/conf/newvers.sh 1.69.2.15.2.18
src/crypto/openssl/ssl/s3_pkt.c 1.1.1.10.10.1
src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.4.2
src/crypto/openssl/ssl/s3_lib.c 1.1.1.10.10.1
RELENG_7
src/crypto/openssl/ssl/s3_pkt.c 1.1.1.12.2.1
src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.2
src/crypto/openssl/ssl/s3_lib.c 1.1.1.13.2.1
RELENG_7_2
src/UPDATING 1.507.2.23.2.8
src/sys/conf/newvers.sh 1.72.2.11.2.9
src/crypto/openssl/ssl/s3_pkt.c 1.1.1.12.8.1
src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.1.2.1
src/crypto/openssl/ssl/s3_lib.c 1.1.1.13.8.1
RELENG_7_1
src/UPDATING 1.507.2.13.2.12
src/sys/conf/newvers.sh 1.72.2.9.2.13
src/crypto/openssl/ssl/s3_pkt.c 1.1.1.12.6.1
src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.6.2
src/crypto/openssl/ssl/s3_lib.c 1.1.1.13.6.1
RELENG_8
src/crypto/openssl/ssl/s3_pkt.c 1.2.2.1
src/crypto/openssl/ssl/s3_srvr.c 1.3.2.1
src/crypto/openssl/ssl/s3_lib.c 1.2.2.1
RELENG_8_0
src/UPDATING 1.632.2.7.2.4
src/sys/conf/newvers.sh 1.83.2.6.2.4
src/crypto/openssl/ssl/s3_pkt.c 1.2.4.1
src/crypto/openssl/ssl/s3_srvr.c 1.3.4.1
src/crypto/openssl/ssl/s3_lib.c 1.2.4.1
- -------------------------------------------------------------------------
Subversion:
Branch/path Revision
- -------------------------------------------------------------------------
stable/6/ r200054
releng/6.4/ r200054
releng/6.3/ r200054
stable/7/ r200054
releng/7.2/ r200054
releng/7.1/ r200054
- -------------------------------------------------------------------------
VII.
HP Integrated Lights-Out 2 (iLO2) firmware versions 2.05 and earlier.
HP Integrated Lights-Out 3 (iLO3) firmware versions 1.16 and earlier.
The latest firmware and installation instructions are available from the HP Business Support Center: http://www.hp.com/go/bizsupport
HP Integrated Lights-Out 2 (iLO2) Online ROM Flash Component for Linux and Windows v2.06 or subsequent. Service (DoS)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01963123
Version: 1
HPSBUX02498 SSRT090264 rev.1 - HP-UX Running Apache, Remote Unauthorized Data Injection, Denial of
Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-12-21
Last Updated: 2009-12-21
Potential Security Impact: Remote unauthorized data injection, Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP-UX running Apache v2.0.59.12 and earlier. The
vulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS).
References: CVE-2009-3555
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.12 and previous.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following temporary software updates to resolve the vulnerability.
NOTE: The vulnerability is resolved in OpenSSL 0.9.8l. HP-UX Apache v2.0.59.X versions use statically linked
libraries. HP-UX Apache v2.0.59.13 is compiled with OpenSSL 0.9.8l. Other versions of HP-UX Apache require the
HP-UX OpenSSL packages recommended in HPSBUX02482 SSRT090249, available here
http://www.itrc.hp.com/service/cki/secBullArchive.do
To review previously published Security Bulletins visit http://www.itrc.hp.com/service/cki/secBullArchive.do
The depots are available are available using ftp.
Host / Account / Password
ftp.usa.hp.com / sb02498 / Secure12
HP-UX Release / Temporary Depot name / SHA-1 Sum
B.11.11 (IPv4 and IPv6) / Apache 2.0.59.13 PA-64-32-1111.depot /
3B6BE547403C28926482192408D5D5AB603A403D
B.11.23 PA-32 / Apache 2.0.59.13 IA-PA-32-1123.depot /
4809BAF0F83F78F60B7EC73FAF584D221B1CB4A7
B.11.23 IA-64 / Apache 2.0.59.13 IA-PA-64-1123.depot /
1D65F7D49883399F4D202E16754CF7DAE71E3B47
B.11.31 PA-32 / Apache 2.0.59.13 IA-PA-32-1131.depot /
943E21D4621B480B5E8E651ACB605B8F7EA47304
B.11.31 IA-64 / Apache 2.0.59.13 IA-PA-64-1131.depot /
B8836FDB73434A3C26FB411E3F7CB3211129E5AC
MANUAL ACTIONS: Yes
Install Apache v2.0.59.13 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security
Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a
specific HP-UX system. It can also download patches and create a depot automatically. For more information
see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
For Apache IPv4 and IPv6
HP-UX B.11.11
=============
hpuxwsAPACHE.APACHE
hpuxwsAPACHE.APACHE2
hpuxwsAPACHE.AUTH_LDAP
hpuxwsAPACHE.AUTH_LDAP2
hpuxwsAPACHE.MOD_JK
hpuxwsAPACHE.MOD_JK2
hpuxwsAPACHE.MOD_PERL
hpuxwsAPACHE.MOD_PERL2
hpuxwsAPACHE.PHP
hpuxwsAPACHE.PHP2
hpuxwsAPACHE.WEBPROXY
action: install revision B.2.0.59.13 or subsequent
HP-UX B.11.23
=============
hpuxwsAPCH32.APACHE
hpuxwsAPCH32.APACHE2
hpuxwsAPCH32.AUTH_LDAP
hpuxwsAPCH32.AUTH_LDAP2
hpuxwsAPCH32.MOD_JK
hpuxwsAPCH32.MOD_JK2
hpuxwsAPCH32.MOD_PERL
hpuxwsAPCH32.MOD_PERL2
hpuxwsAPCH32.PHP
hpuxwsAPCH32.PHP2
hpuxwsAPCH32.WEBPROXY
hpuxwsAPACHE.APACHE
hpuxwsAPACHE.APACHE2
hpuxwsAPACHE.AUTH_LDAP
hpuxwsAPACHE.AUTH_LDAP2
hpuxwsAPACHE.MOD_JK
hpuxwsAPACHE.MOD_JK2
hpuxwsAPACHE.MOD_PERL
hpuxwsAPACHE.MOD_PERL2
hpuxwsAPACHE.PHP
hpuxwsAPACHE.PHP2
hpuxwsAPACHE.WEBPROXY
action: install revision B.2.0.59.13 or subsequent
HP-UX B.11.31
=============
hpuxwsAPCH32.APACHE
hpuxwsAPCH32.APACHE2
hpuxwsAPCH32.AUTH_LDAP
hpuxwsAPCH32.AUTH_LDAP2
hpuxwsAPCH32.MOD_JK
hpuxwsAPCH32.MOD_JK2
hpuxwsAPCH32.MOD_PERL
hpuxwsAPCH32.MOD_PERL2
hpuxwsAPCH32.PHP
hpuxwsAPCH32.PHP2
hpuxwsAPCH32.WEBPROXY
hpuxwsAPACHE.APACHE
hpuxwsAPACHE.APACHE2
hpuxwsAPACHE.AUTH_LDAP
hpuxwsAPACHE.AUTH_LDAP2
hpuxwsAPACHE.MOD_JK
hpuxwsAPACHE.MOD_JK2
hpuxwsAPACHE.MOD_PERL
hpuxwsAPACHE.MOD_PERL2
hpuxwsAPACHE.PHP
hpuxwsAPACHE.PHP2
hpuxwsAPACHE.WEBPROXY
action: install revision B.2.0.59.13 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 21 December 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. A short term
solution was released Sat Nov 07 2009 by the ASF team to mitigate
these problems. Apache will now reject in-session renegotiation
(CVE-2009-3555).
Additionally the SNI patch was upgraded for 2009.0/MES5 and 2009.1.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
bb7817c8fd6d45007367f738772a6bf3 2009.0/i586/apache-base-2.2.9-12.5mdv2009.0.i586.rpm
f8726194a60735e448281060ae4b36da 2009.0/i586/apache-devel-2.2.9-12.5mdv2009.0.i586.rpm
fbe7be6f33026519e367e66e0b562340 2009.0/i586/apache-htcacheclean-2.2.9-12.5mdv2009.0.i586.rpm
138023055641f45f4a164e7c971a6a09 2009.0/i586/apache-mod_authn_dbd-2.2.9-12.5mdv2009.0.i586.rpm
5e688241469d2d4e99f5fd1dac76fa2f 2009.0/i586/apache-mod_cache-2.2.9-12.5mdv2009.0.i586.rpm
467f3e03bb9523d213e34310be245005 2009.0/i586/apache-mod_dav-2.2.9-12.5mdv2009.0.i586.rpm
c19b8084698b3aab5e04c8e398105b64 2009.0/i586/apache-mod_dbd-2.2.9-12.5mdv2009.0.i586.rpm
6c387d03bcf96be55e5668d06468961a 2009.0/i586/apache-mod_deflate-2.2.9-12.5mdv2009.0.i586.rpm
e349b4f55aa3d804295c70b9bddc923d 2009.0/i586/apache-mod_disk_cache-2.2.9-12.5mdv2009.0.i586.rpm
3a0aca578f2caf6bd6fde3b4ea2d3d3a 2009.0/i586/apache-mod_file_cache-2.2.9-12.5mdv2009.0.i586.rpm
ae1cd7db54f7858dcd3cf46316fac109 2009.0/i586/apache-mod_ldap-2.2.9-12.5mdv2009.0.i586.rpm
6d253c599f47f2aa5f872939bd685880 2009.0/i586/apache-mod_mem_cache-2.2.9-12.5mdv2009.0.i586.rpm
df04a63519e442a6c5b1c1a5dc166dce 2009.0/i586/apache-mod_proxy-2.2.9-12.5mdv2009.0.i586.rpm
0ee61ddcc9ba15f27105ac6e40b33feb 2009.0/i586/apache-mod_proxy_ajp-2.2.9-12.5mdv2009.0.i586.rpm
85bd2fd587538304570dda2ee99997c5 2009.0/i586/apache-mod_ssl-2.2.9-12.5mdv2009.0.i586.rpm
d4eb614eb21ae8fcffcd2200808f733d 2009.0/i586/apache-modules-2.2.9-12.5mdv2009.0.i586.rpm
b14ffea00afa59052bf9fa46d64502d7 2009.0/i586/apache-mod_userdir-2.2.9-12.5mdv2009.0.i586.rpm
0b50fbd6f26a4215c5a3a6741473f423 2009.0/i586/apache-mpm-event-2.2.9-12.5mdv2009.0.i586.rpm
84b03ef6c45c982d8e79ae3efa48a039 2009.0/i586/apache-mpm-itk-2.2.9-12.5mdv2009.0.i586.rpm
f2d3438adfafbbd2916fd68e14ab1a5f 2009.0/i586/apache-mpm-peruser-2.2.9-12.5mdv2009.0.i586.rpm
81da89c424782750e7f48080b36d7b53 2009.0/i586/apache-mpm-prefork-2.2.9-12.5mdv2009.0.i586.rpm
3ed1f4255c574b656617d5fe8858067c 2009.0/i586/apache-mpm-worker-2.2.9-12.5mdv2009.0.i586.rpm
ecbe5b3f18db2406073e54e58a79bebd 2009.0/i586/apache-source-2.2.9-12.5mdv2009.0.i586.rpm
702c4ff60f52c7e0576ea5532dddc9e3 2009.0/SRPMS/apache-2.2.9-12.5mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
71ed1d9246a9412d4da492a3d197540d 2009.0/x86_64/apache-base-2.2.9-12.5mdv2009.0.x86_64.rpm
2dc2a515c8dc7ed51d0a360689f69bd0 2009.0/x86_64/apache-devel-2.2.9-12.5mdv2009.0.x86_64.rpm
0e9c6e43d4fed842aed0302bd9a791b1 2009.0/x86_64/apache-htcacheclean-2.2.9-12.5mdv2009.0.x86_64.rpm
694b5febe352ece3681a78fe727f7509 2009.0/x86_64/apache-mod_authn_dbd-2.2.9-12.5mdv2009.0.x86_64.rpm
7476323e5873c8069b18eb30a6e083b4 2009.0/x86_64/apache-mod_cache-2.2.9-12.5mdv2009.0.x86_64.rpm
da79b5a011f779c6d3a2f7e7a05e87ce 2009.0/x86_64/apache-mod_dav-2.2.9-12.5mdv2009.0.x86_64.rpm
8283a2cce0751f50595b959d4a00fb82 2009.0/x86_64/apache-mod_dbd-2.2.9-12.5mdv2009.0.x86_64.rpm
ab4b98932e3afd3d93a30929007ac210 2009.0/x86_64/apache-mod_deflate-2.2.9-12.5mdv2009.0.x86_64.rpm
3e696b66694d83821c393561e1bc263e 2009.0/x86_64/apache-mod_disk_cache-2.2.9-12.5mdv2009.0.x86_64.rpm
c1fd15eb1469a629af3c532ddfa4367f 2009.0/x86_64/apache-mod_file_cache-2.2.9-12.5mdv2009.0.x86_64.rpm
62e77f84a029b5b06f97d0c68598b13c 2009.0/x86_64/apache-mod_ldap-2.2.9-12.5mdv2009.0.x86_64.rpm
f4e7eaac49d05c28b9404b5a90744ade 2009.0/x86_64/apache-mod_mem_cache-2.2.9-12.5mdv2009.0.x86_64.rpm
9a111de2c5b552a8511ff4a58c6cd8b1 2009.0/x86_64/apache-mod_proxy-2.2.9-12.5mdv2009.0.x86_64.rpm
978da0f65f1112b8e8f1f506c728b861 2009.0/x86_64/apache-mod_proxy_ajp-2.2.9-12.5mdv2009.0.x86_64.rpm
898dcdbe09b70afa7c59ca19e1130084 2009.0/x86_64/apache-mod_ssl-2.2.9-12.5mdv2009.0.x86_64.rpm
3a96f2129bbde56d1412a074362bb26f 2009.0/x86_64/apache-modules-2.2.9-12.5mdv2009.0.x86_64.rpm
f80f2d91501d2dcbf4ea6c1eff3ed4ca 2009.0/x86_64/apache-mod_userdir-2.2.9-12.5mdv2009.0.x86_64.rpm
17c9bb917167139a3b69f7fd5bb5817f 2009.0/x86_64/apache-mpm-event-2.2.9-12.5mdv2009.0.x86_64.rpm
adf43b31e6fce40e28a03dc225408f90 2009.0/x86_64/apache-mpm-itk-2.2.9-12.5mdv2009.0.x86_64.rpm
0b1ac1a128b892df681ba5712a6621f1 2009.0/x86_64/apache-mpm-peruser-2.2.9-12.5mdv2009.0.x86_64.rpm
8fc055280e0c1ef8e7c5758c855b4439 2009.0/x86_64/apache-mpm-prefork-2.2.9-12.5mdv2009.0.x86_64.rpm
093d7472250b96ef722124e082cba6a5 2009.0/x86_64/apache-mpm-worker-2.2.9-12.5mdv2009.0.x86_64.rpm
9956109782f361eb6c98dbcce8f42c7a 2009.0/x86_64/apache-source-2.2.9-12.5mdv2009.0.x86_64.rpm
702c4ff60f52c7e0576ea5532dddc9e3 2009.0/SRPMS/apache-2.2.9-12.5mdv2009.0.src.rpm
Mandriva Linux 2009.1:
94e185add24c4e10121981195c930620 2009.1/i586/apache-base-2.2.11-10.6mdv2009.1.i586.rpm
7b0c7a2be7dcdd645b7593f63aac6011 2009.1/i586/apache-devel-2.2.11-10.6mdv2009.1.i586.rpm
f580d6b478eef55019c7f038d3b688ab 2009.1/i586/apache-htcacheclean-2.2.11-10.6mdv2009.1.i586.rpm
b10871dc531adee1ecff565108c5c6e4 2009.1/i586/apache-mod_authn_dbd-2.2.11-10.6mdv2009.1.i586.rpm
a37da4e13ce3d6e89a3c51b1659d4f92 2009.1/i586/apache-mod_cache-2.2.11-10.6mdv2009.1.i586.rpm
f4a0ae7521abffef05e7e9f3930b2e5f 2009.1/i586/apache-mod_dav-2.2.11-10.6mdv2009.1.i586.rpm
6b0408eedde371ac765f77ce6c21c214 2009.1/i586/apache-mod_dbd-2.2.11-10.6mdv2009.1.i586.rpm
9dc3c4df8071b8bb169404c5569d6f93 2009.1/i586/apache-mod_deflate-2.2.11-10.6mdv2009.1.i586.rpm
7ad5f4ad2f6670be4a89c0be1783aeea 2009.1/i586/apache-mod_disk_cache-2.2.11-10.6mdv2009.1.i586.rpm
e695fe99060ffca44c0be14d1cdb04ed 2009.1/i586/apache-mod_file_cache-2.2.11-10.6mdv2009.1.i586.rpm
819cea0e5f59cd42dce452acd0c0c23a 2009.1/i586/apache-mod_ldap-2.2.11-10.6mdv2009.1.i586.rpm
c3ffcfa7d92d1fc79267cb0a8f5b2946 2009.1/i586/apache-mod_mem_cache-2.2.11-10.6mdv2009.1.i586.rpm
a3f647d9b03d0f740473f55095932593 2009.1/i586/apache-mod_proxy-2.2.11-10.6mdv2009.1.i586.rpm
f9ca6ceda431aaa1d5cf65f81bb74e29 2009.1/i586/apache-mod_proxy_ajp-2.2.11-10.6mdv2009.1.i586.rpm
8310b77c823aff2f583fa50148f470ff 2009.1/i586/apache-mod_ssl-2.2.11-10.6mdv2009.1.i586.rpm
2712526500eb75864f53d9abc4ab0e51 2009.1/i586/apache-modules-2.2.11-10.6mdv2009.1.i586.rpm
2d47c9c2713d57c09dfcc80fe54b2433 2009.1/i586/apache-mod_userdir-2.2.11-10.6mdv2009.1.i586.rpm
255e720dfd9fa2cd9a44aefd58c6ba44 2009.1/i586/apache-mpm-event-2.2.11-10.6mdv2009.1.i586.rpm
7425fcb2ea8dd837c5a2354c093e764b 2009.1/i586/apache-mpm-itk-2.2.11-10.6mdv2009.1.i586.rpm
5bfda50c5f1a6bb0ccb4d3d11c8feb1e 2009.1/i586/apache-mpm-peruser-2.2.11-10.6mdv2009.1.i586.rpm
44608bdac0bf32c864183440a5aead32 2009.1/i586/apache-mpm-prefork-2.2.11-10.6mdv2009.1.i586.rpm
e8a4b35f1f1200c04a3dfc29d5613d47 2009.1/i586/apache-mpm-worker-2.2.11-10.6mdv2009.1.i586.rpm
e94c33087169b55d533b90b45963c6eb 2009.1/i586/apache-source-2.2.11-10.6mdv2009.1.i586.rpm
a3d3eace4fc86e7ec9c1e8184d40e8d3 2009.1/SRPMS/apache-2.2.11-10.6mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
06575f7b7439048b85e0f95479ab6552 2009.1/x86_64/apache-base-2.2.11-10.6mdv2009.1.x86_64.rpm
09f8979708a230d8573195f5af443ba8 2009.1/x86_64/apache-devel-2.2.11-10.6mdv2009.1.x86_64.rpm
c5ac4447e3c98a555bf458d842527a8b 2009.1/x86_64/apache-htcacheclean-2.2.11-10.6mdv2009.1.x86_64.rpm
0ea0c2a44c6490641b0db3bf9f9d7409 2009.1/x86_64/apache-mod_authn_dbd-2.2.11-10.6mdv2009.1.x86_64.rpm
8230b3bb1aa3bd6e31c9825ed4954010 2009.1/x86_64/apache-mod_cache-2.2.11-10.6mdv2009.1.x86_64.rpm
7cf8275713a8ea9aaaacd76f978dc542 2009.1/x86_64/apache-mod_dav-2.2.11-10.6mdv2009.1.x86_64.rpm
e99e0b8f90e0cfb803621d33a71fcc2a 2009.1/x86_64/apache-mod_dbd-2.2.11-10.6mdv2009.1.x86_64.rpm
ded8e4e2b4890559e15874eb662f92cb 2009.1/x86_64/apache-mod_deflate-2.2.11-10.6mdv2009.1.x86_64.rpm
cdb3af03ea373fadccd2f7a626b3f78e 2009.1/x86_64/apache-mod_disk_cache-2.2.11-10.6mdv2009.1.x86_64.rpm
9c4700ffcefc5b647826a6fbff0656d3 2009.1/x86_64/apache-mod_file_cache-2.2.11-10.6mdv2009.1.x86_64.rpm
122139cc3ce8849b56441f7cc8ef1604 2009.1/x86_64/apache-mod_ldap-2.2.11-10.6mdv2009.1.x86_64.rpm
8bc5b5f06bc8f8fcf7df33eb4424a232 2009.1/x86_64/apache-mod_mem_cache-2.2.11-10.6mdv2009.1.x86_64.rpm
f43fd5d1dad41550a7e083d72ae711a8 2009.1/x86_64/apache-mod_proxy-2.2.11-10.6mdv2009.1.x86_64.rpm
11fb4de40d40787954bff02fcde4e7b9 2009.1/x86_64/apache-mod_proxy_ajp-2.2.11-10.6mdv2009.1.x86_64.rpm
b762ddfe0acd03be89a37ee168f79f45 2009.1/x86_64/apache-mod_ssl-2.2.11-10.6mdv2009.1.x86_64.rpm
10b5baf1b7a17673cc7e313c45b34eca 2009.1/x86_64/apache-modules-2.2.11-10.6mdv2009.1.x86_64.rpm
8fa6579a4728ea68c20d0d66e870802c 2009.1/x86_64/apache-mod_userdir-2.2.11-10.6mdv2009.1.x86_64.rpm
3ff5897b6496f0cf1c142a158200f9d3 2009.1/x86_64/apache-mpm-event-2.2.11-10.6mdv2009.1.x86_64.rpm
7285b05e6050739f199e3ace130adbe7 2009.1/x86_64/apache-mpm-itk-2.2.11-10.6mdv2009.1.x86_64.rpm
51299d866a14149696c0435e7ec6d3a3 2009.1/x86_64/apache-mpm-peruser-2.2.11-10.6mdv2009.1.x86_64.rpm
d17d49f4fb7bb986964dcd261c600dee 2009.1/x86_64/apache-mpm-prefork-2.2.11-10.6mdv2009.1.x86_64.rpm
ad6fc82908c310d1be2ccdf4fb4d3ce3 2009.1/x86_64/apache-mpm-worker-2.2.11-10.6mdv2009.1.x86_64.rpm
4a84ec62874c0c91d36819c81d1e0767 2009.1/x86_64/apache-source-2.2.11-10.6mdv2009.1.x86_64.rpm
a3d3eace4fc86e7ec9c1e8184d40e8d3 2009.1/SRPMS/apache-2.2.11-10.6mdv2009.1.src.rpm
Mandriva Linux 2010.0:
d1809e51bc2dbb3a655246e85a95caf0 2010.0/i586/apache-base-2.2.14-1.1mdv2010.0.i586.rpm
a78c15bf2b5e5a75eb7fc8eaa725344a 2010.0/i586/apache-devel-2.2.14-1.1mdv2010.0.i586.rpm
4f464ba836031170feb0b4e661b34419 2010.0/i586/apache-htcacheclean-2.2.14-1.1mdv2010.0.i586.rpm
0f75c700952a8384685c8d9e9f31b065 2010.0/i586/apache-mod_authn_dbd-2.2.14-1.1mdv2010.0.i586.rpm
7d98bab9cd58fae7dc2eb8e7651276de 2010.0/i586/apache-mod_cache-2.2.14-1.1mdv2010.0.i586.rpm
5e627fd34f349b2bd2a89e4c9e1f6746 2010.0/i586/apache-mod_dav-2.2.14-1.1mdv2010.0.i586.rpm
fdf016ba91662793af3b5a18b004f6ac 2010.0/i586/apache-mod_dbd-2.2.14-1.1mdv2010.0.i586.rpm
1088dbea44ae4db977b77198cd564125 2010.0/i586/apache-mod_deflate-2.2.14-1.1mdv2010.0.i586.rpm
c553147aa3bea5f1e455a71fffdfb6bc 2010.0/i586/apache-mod_disk_cache-2.2.14-1.1mdv2010.0.i586.rpm
350885b059fb57ed93eb6e7d4f197d3f 2010.0/i586/apache-mod_file_cache-2.2.14-1.1mdv2010.0.i586.rpm
83566cb97d796f0ddece9aa90a1ac81a 2010.0/i586/apache-mod_ldap-2.2.14-1.1mdv2010.0.i586.rpm
3dd06c6346f120722de6d78cf9372079 2010.0/i586/apache-mod_mem_cache-2.2.14-1.1mdv2010.0.i586.rpm
2e6a0c297c4b443c5327567aa1c7c243 2010.0/i586/apache-mod_proxy-2.2.14-1.1mdv2010.0.i586.rpm
40771fe728d628bfbfa2287d6f4c3155 2010.0/i586/apache-mod_proxy_ajp-2.2.14-1.1mdv2010.0.i586.rpm
259eb6f83c314c314bd9fb08f90743aa 2010.0/i586/apache-mod_proxy_scgi-2.2.14-1.1mdv2010.0.i586.rpm
4592b29ddde103e442b0a55486d6b9c2 2010.0/i586/apache-mod_ssl-2.2.14-1.1mdv2010.0.i586.rpm
829f927a019c51e53edb1a4d2e98c6b4 2010.0/i586/apache-modules-2.2.14-1.1mdv2010.0.i586.rpm
a9a5e28bc8dfb9d4589260d22afb846d 2010.0/i586/apache-mod_userdir-2.2.14-1.1mdv2010.0.i586.rpm
e83d855a1717bdcb5b90471136f43ab2 2010.0/i586/apache-mpm-event-2.2.14-1.1mdv2010.0.i586.rpm
535262f8fa474ae09f5587a8f690fe06 2010.0/i586/apache-mpm-itk-2.2.14-1.1mdv2010.0.i586.rpm
acfb57b5b632cf0c559e583c7eba5698 2010.0/i586/apache-mpm-peruser-2.2.14-1.1mdv2010.0.i586.rpm
2b096ca235d6a5965bd9e93451f9465c 2010.0/i586/apache-mpm-prefork-2.2.14-1.1mdv2010.0.i586.rpm
4799ce79cbaccfdeb627494d10e75d70 2010.0/i586/apache-mpm-worker-2.2.14-1.1mdv2010.0.i586.rpm
73047099f8f8c6c73eb0bbf912dc242c 2010.0/i586/apache-source-2.2.14-1.1mdv2010.0.i586.rpm
0dd58d7f80879f76093cfa19db00cacd 2010.0/SRPMS/apache-2.2.14-1.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
17403e4a16b7588d58353351f39b5123 2010.0/x86_64/apache-base-2.2.14-1.1mdv2010.0.x86_64.rpm
efbd8d015a1f022995d50aef8fccf514 2010.0/x86_64/apache-devel-2.2.14-1.1mdv2010.0.x86_64.rpm
06f5ab103a5f763361a76ad85f38006d 2010.0/x86_64/apache-htcacheclean-2.2.14-1.1mdv2010.0.x86_64.rpm
cef5c18678dbbdb2a995a2743923b652 2010.0/x86_64/apache-mod_authn_dbd-2.2.14-1.1mdv2010.0.x86_64.rpm
6f94396641d7461ed7ac6dee4728a16d 2010.0/x86_64/apache-mod_cache-2.2.14-1.1mdv2010.0.x86_64.rpm
d82b85275deb95aa088f2be367720974 2010.0/x86_64/apache-mod_dav-2.2.14-1.1mdv2010.0.x86_64.rpm
ff677c2a96d9827c57de63024bf3b325 2010.0/x86_64/apache-mod_dbd-2.2.14-1.1mdv2010.0.x86_64.rpm
68c028d2759cb4bbfa92be5124c9e82a 2010.0/x86_64/apache-mod_deflate-2.2.14-1.1mdv2010.0.x86_64.rpm
8e83040fd096abe63b523aafc0cd330f 2010.0/x86_64/apache-mod_disk_cache-2.2.14-1.1mdv2010.0.x86_64.rpm
aedf657533f6ef8b87755e33992ae547 2010.0/x86_64/apache-mod_file_cache-2.2.14-1.1mdv2010.0.x86_64.rpm
70b9c3abf78961d732a64c3c0ef777d8 2010.0/x86_64/apache-mod_ldap-2.2.14-1.1mdv2010.0.x86_64.rpm
9f5355474bfa4e92b625f8a151f7ad57 2010.0/x86_64/apache-mod_mem_cache-2.2.14-1.1mdv2010.0.x86_64.rpm
9c88234150d3538ac4b12c91d81fafdd 2010.0/x86_64/apache-mod_proxy-2.2.14-1.1mdv2010.0.x86_64.rpm
7b131710288ef094929d4c7c3345e38f 2010.0/x86_64/apache-mod_proxy_ajp-2.2.14-1.1mdv2010.0.x86_64.rpm
11703b4164fac113e64dd5015be06cda 2010.0/x86_64/apache-mod_proxy_scgi-2.2.14-1.1mdv2010.0.x86_64.rpm
c11b40d2a2bae457207708ba7f60f6d5 2010.0/x86_64/apache-mod_ssl-2.2.14-1.1mdv2010.0.x86_64.rpm
b4e568b230723eb8e9f4361c9023f06d 2010.0/x86_64/apache-modules-2.2.14-1.1mdv2010.0.x86_64.rpm
e814f74a0199f669684c00cd4f73e5f5 2010.0/x86_64/apache-mod_userdir-2.2.14-1.1mdv2010.0.x86_64.rpm
68bf641f60ef5972aa965f82ccbd2d2b 2010.0/x86_64/apache-mpm-event-2.2.14-1.1mdv2010.0.x86_64.rpm
e7a9752d15eba26d1ac072b2e25ee559 2010.0/x86_64/apache-mpm-itk-2.2.14-1.1mdv2010.0.x86_64.rpm
f6a733d163fc33345c5bd2e2104f4337 2010.0/x86_64/apache-mpm-peruser-2.2.14-1.1mdv2010.0.x86_64.rpm
ccdcfa4fa39683a78a43f0115cb5e299 2010.0/x86_64/apache-mpm-prefork-2.2.14-1.1mdv2010.0.x86_64.rpm
d94ec40a8272788ae9636c444f354c65 2010.0/x86_64/apache-mpm-worker-2.2.14-1.1mdv2010.0.x86_64.rpm
714f9b5de7bcc482988ceac41d186236 2010.0/x86_64/apache-source-2.2.14-1.1mdv2010.0.x86_64.rpm
0dd58d7f80879f76093cfa19db00cacd 2010.0/SRPMS/apache-2.2.14-1.1mdv2010.0.src.rpm
Corporate 3.0:
445117a109396af9413dca2a69f01a0a corporate/3.0/i586/apache2-2.0.48-6.24.C30mdk.i586.rpm
30176ca39c3d65c2e50cf4c4d192dfa2 corporate/3.0/i586/apache2-common-2.0.48-6.24.C30mdk.i586.rpm
96b47f57ba9fb077da6cf27bc21e7a76 corporate/3.0/i586/apache2-devel-2.0.48-6.24.C30mdk.i586.rpm
ee2e1c41ed579312e9f6365af1f475b3 corporate/3.0/i586/apache2-manual-2.0.48-6.24.C30mdk.i586.rpm
06ce15a998c23ec835a81a061455249a corporate/3.0/i586/apache2-mod_cache-2.0.48-6.24.C30mdk.i586.rpm
7abe5081d5d991b09a8484f41aeadba5 corporate/3.0/i586/apache2-mod_dav-2.0.48-6.24.C30mdk.i586.rpm
73516b134aed9853067ab93fe830513b corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.24.C30mdk.i586.rpm
0d98687a38a7a9806030d8514fe9e0bc corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.24.C30mdk.i586.rpm
8be5990f31ccf58eb110efb0c45487b7 corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.24.C30mdk.i586.rpm
4ddd2e15e616715ea577e1b1b010da39 corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.24.C30mdk.i586.rpm
bccdb965684cd1e24d054f7febc096ff corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.24.C30mdk.i586.rpm
345e5038a9390a07a62d39da825df65d corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.24.C30mdk.i586.rpm
a3e4dc57677b0728ae7c87a4a0cd4e68 corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.24.C30mdk.i586.rpm
c5c5fde933d0a30744a18e8fbdc677f5 corporate/3.0/i586/apache2-modules-2.0.48-6.24.C30mdk.i586.rpm
da00919dd82d8db9b7fb4a63c6b44965 corporate/3.0/i586/apache2-source-2.0.48-6.24.C30mdk.i586.rpm
036643a921387b88380a3f913865ec5f corporate/3.0/i586/libapr0-2.0.48-6.24.C30mdk.i586.rpm
63e2249a390c150ab253ad9b22c3be11 corporate/3.0/SRPMS/apache2-2.0.48-6.24.C30mdk.src.rpm
Corporate 3.0/X86_64:
8ed8407694197319443b1dc1400d41c6 corporate/3.0/x86_64/apache2-2.0.48-6.24.C30mdk.x86_64.rpm
6a1163108c43c55a8a55619493d641a0 corporate/3.0/x86_64/apache2-common-2.0.48-6.24.C30mdk.x86_64.rpm
58151e6d42ced2607936d1b1c213dd32 corporate/3.0/x86_64/apache2-devel-2.0.48-6.24.C30mdk.x86_64.rpm
99a3c31922d94d203af88a2563d13084 corporate/3.0/x86_64/apache2-manual-2.0.48-6.24.C30mdk.x86_64.rpm
b08953bf8a87cbee0241d847e6cbb6a6 corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.24.C30mdk.x86_64.rpm
1a5ad78b7315a7a6bfa05db7438c6eda corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.24.C30mdk.x86_64.rpm
a636014239d93572e2a91ee866ae3f82 corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.24.C30mdk.x86_64.rpm
9adcf4378314a767e696654b3331b457 corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.24.C30mdk.x86_64.rpm
49ef3af0b106e5eec7fe3005fb81b5d4 corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.24.C30mdk.x86_64.rpm
958dffea2073203c81f20b9f0bea9482 corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.24.C30mdk.x86_64.rpm
a9e65314e2fd6e892509e0da10f6eeb0 corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.24.C30mdk.x86_64.rpm
1868d43b584b33eecf05d34e9cf3fb4c corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.24.C30mdk.x86_64.rpm
5be056de8b78c46a8c92215dbd5f227e corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.24.C30mdk.x86_64.rpm
e7afdce1e4b9e73f8798a7ac1651b896 corporate/3.0/x86_64/apache2-modules-2.0.48-6.24.C30mdk.x86_64.rpm
af0468764dd4b41a504a767bc83cb6e0 corporate/3.0/x86_64/apache2-source-2.0.48-6.24.C30mdk.x86_64.rpm
ca4b564d5e3bf167a6aa1f9ed2b4d87a corporate/3.0/x86_64/lib64apr0-2.0.48-6.24.C30mdk.x86_64.rpm
63e2249a390c150ab253ad9b22c3be11 corporate/3.0/SRPMS/apache2-2.0.48-6.24.C30mdk.src.rpm
Corporate 4.0:
d07e89c7290315f70eac762e5b18c87a corporate/4.0/i586/apache-base-2.2.3-1.9.20060mlcs4.i586.rpm
024922fdd74e02987c974574bee16142 corporate/4.0/i586/apache-devel-2.2.3-1.9.20060mlcs4.i586.rpm
a6f56a8099acac3eed1a5795b319894b corporate/4.0/i586/apache-htcacheclean-2.2.3-1.9.20060mlcs4.i586.rpm
04013648d7252ff8280b8a0bd0bc54d8 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.9.20060mlcs4.i586.rpm
bbe1270f753acfcadd609f0f5271ab59 corporate/4.0/i586/apache-mod_cache-2.2.3-1.9.20060mlcs4.i586.rpm
8e39e175d01ba601cc8f4a89aa0aafe8 corporate/4.0/i586/apache-mod_dav-2.2.3-1.9.20060mlcs4.i586.rpm
c624f40ca8a6e17396aa6c8b0e87316a corporate/4.0/i586/apache-mod_dbd-2.2.3-1.9.20060mlcs4.i586.rpm
48507ca50019f15557211e7208917442 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.9.20060mlcs4.i586.rpm
0c35cb63bff80d6a374dc1bb638c293d corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.9.20060mlcs4.i586.rpm
e54a0df2e42964146494087a713c88d7 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.9.20060mlcs4.i586.rpm
6671114f02a3f484499ea8c374e8490a corporate/4.0/i586/apache-mod_ldap-2.2.3-1.9.20060mlcs4.i586.rpm
9a9c1bea5eec317c217d696d72569e6e corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.9.20060mlcs4.i586.rpm
23f6363a3bf7833d2b96a3297e4a564f corporate/4.0/i586/apache-mod_proxy-2.2.3-1.9.20060mlcs4.i586.rpm
3b9415f481e7a22a5198028ae959a5dd corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.9.20060mlcs4.i586.rpm
86554d7f517fce317019f67fd75259ad corporate/4.0/i586/apache-mod_ssl-2.2.3-1.9.20060mlcs4.i586.rpm
e3e5dc6310d7bf1d4d2044b1725a9d48 corporate/4.0/i586/apache-modules-2.2.3-1.9.20060mlcs4.i586.rpm
2fd54535f742c7717965f9724d2d01f0 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.9.20060mlcs4.i586.rpm
632c40b46876d9b703ad23eced906f78 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.9.20060mlcs4.i586.rpm
e30e11806815fb176b3c803c5019f177 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.9.20060mlcs4.i586.rpm
b5a512cf0d830276bee061adc68865c6 corporate/4.0/i586/apache-source-2.2.3-1.9.20060mlcs4.i586.rpm
130effba39f8a908caf0cd50bc21032b corporate/4.0/SRPMS/apache-2.2.3-1.9.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
ecc2a3bd8e40259f3abe8b919be7c19e corporate/4.0/x86_64/apache-base-2.2.3-1.9.20060mlcs4.x86_64.rpm
15fbe828c013d9e6f057429316e52b4f corporate/4.0/x86_64/apache-devel-2.2.3-1.9.20060mlcs4.x86_64.rpm
35200d719d37cce3340a3340ed8844f0 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.9.20060mlcs4.x86_64.rpm
9557096c0aaa1654b01a702aaec9cfdc corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.9.20060mlcs4.x86_64.rpm
360db7ff5aeb5fb4d50965ff46cf33c2 corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.9.20060mlcs4.x86_64.rpm
fc3466f85615fe8c101c378cf708925e corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.9.20060mlcs4.x86_64.rpm
36c78f40285a12e4435cdc3f50760e98 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.9.20060mlcs4.x86_64.rpm
af76befa20d16f23e2ca3cdb058a6556 corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.9.20060mlcs4.x86_64.rpm
1c150757dbf06246e7410267e56bc874 corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.9.20060mlcs4.x86_64.rpm
3a4209a8308aeeddbf85013373e24fe8 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.9.20060mlcs4.x86_64.rpm
bf2d893217e5394b69d6cedb35ba9fcd corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.9.20060mlcs4.x86_64.rpm
bab8c9e7147958bda7d19884a1f79828 corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.9.20060mlcs4.x86_64.rpm
b8b59cf82195b1525939ae6b2c8d6f74 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.9.20060mlcs4.x86_64.rpm
982465827884b85213e668abc230f614 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.9.20060mlcs4.x86_64.rpm
d9a259ad81f55eabf8a41444f65a5e88 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.9.20060mlcs4.x86_64.rpm
3745511966963a96653d60c083e20557 corporate/4.0/x86_64/apache-modules-2.2.3-1.9.20060mlcs4.x86_64.rpm
f715e52fc3c12cc00bdce10f7d51b393 corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.9.20060mlcs4.x86_64.rpm
e475591ac7db24d778cea1aa9aac4273 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.9.20060mlcs4.x86_64.rpm
3033b599c0c128f6db7d86563f4ae8a8 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.9.20060mlcs4.x86_64.rpm
d80783acdafdac78524ce398c49d9109 corporate/4.0/x86_64/apache-source-2.2.3-1.9.20060mlcs4.x86_64.rpm
130effba39f8a908caf0cd50bc21032b corporate/4.0/SRPMS/apache-2.2.3-1.9.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
5cbfefa0f9325fa6f9ef005f07a6b8b8 mes5/i586/apache-base-2.2.9-12.5mdvmes5.i586.rpm
88d57fd2e10472f88f140ff8d55dbc38 mes5/i586/apache-devel-2.2.9-12.5mdvmes5.i586.rpm
aa0a36e0aced2ca4547b2bc110b6ef4d mes5/i586/apache-htcacheclean-2.2.9-12.5mdvmes5.i586.rpm
ab53720093285644b4ac28acf4da4691 mes5/i586/apache-mod_authn_dbd-2.2.9-12.5mdvmes5.i586.rpm
3f77dbc75bdd7ee21f29b441c6e521ed mes5/i586/apache-mod_cache-2.2.9-12.5mdvmes5.i586.rpm
a4bf3ff6e987fe3343af8434757a88a7 mes5/i586/apache-mod_dav-2.2.9-12.5mdvmes5.i586.rpm
05ff14c67e71e4b64afa718ac6ba3546 mes5/i586/apache-mod_dbd-2.2.9-12.5mdvmes5.i586.rpm
da8d3fe9b8273ac43b6bfc1f34863fde mes5/i586/apache-mod_deflate-2.2.9-12.5mdvmes5.i586.rpm
97244389ee38b5de47643effc489204a mes5/i586/apache-mod_disk_cache-2.2.9-12.5mdvmes5.i586.rpm
d5978571771f84149dffc6190a3e8ea3 mes5/i586/apache-mod_file_cache-2.2.9-12.5mdvmes5.i586.rpm
463698779bc7b8bbfdb06160ee8338c0 mes5/i586/apache-mod_ldap-2.2.9-12.5mdvmes5.i586.rpm
75e208ff4c965cb9562d71b0c3f3b54b mes5/i586/apache-mod_mem_cache-2.2.9-12.5mdvmes5.i586.rpm
258387abdac4af540702af7a3ddc369f mes5/i586/apache-mod_proxy-2.2.9-12.5mdvmes5.i586.rpm
d34347687b1487625db8f33ac1c9bf0a mes5/i586/apache-mod_proxy_ajp-2.2.9-12.5mdvmes5.i586.rpm
250b156963ece2dc2f9fdac651f6a395 mes5/i586/apache-mod_ssl-2.2.9-12.5mdvmes5.i586.rpm
d21faefa501bb2e5f5858476e02c1226 mes5/i586/apache-modules-2.2.9-12.5mdvmes5.i586.rpm
0f28dbb179b145765fe5ed88ceb8ec74 mes5/i586/apache-mod_userdir-2.2.9-12.5mdvmes5.i586.rpm
bfa565b70c216c8768a2feb891cc2603 mes5/i586/apache-mpm-event-2.2.9-12.5mdvmes5.i586.rpm
5a283fab88631fddb90ed198a0e013f7 mes5/i586/apache-mpm-itk-2.2.9-12.5mdvmes5.i586.rpm
d1f025db329f45b590decda1dd39f139 mes5/i586/apache-mpm-peruser-2.2.9-12.5mdvmes5.i586.rpm
831118fd77a0867e1648bf7b81d3dc21 mes5/i586/apache-mpm-prefork-2.2.9-12.5mdvmes5.i586.rpm
2e40c5744eca10bcee1994265bfa0add mes5/i586/apache-mpm-worker-2.2.9-12.5mdvmes5.i586.rpm
384f3506ca34228b8608333366c06567 mes5/i586/apache-source-2.2.9-12.5mdvmes5.i586.rpm
cc6d4768770054f71e7863e59e82d7d2 mes5/SRPMS/apache-2.2.9-12.5mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
042689e5830432c43d311f5852c8a6b9 mes5/x86_64/apache-base-2.2.9-12.5mdvmes5.x86_64.rpm
e8ef5d5e9b50211446abb3bdce89490e mes5/x86_64/apache-devel-2.2.9-12.5mdvmes5.x86_64.rpm
1feb03240bdd0062a74e144019e65627 mes5/x86_64/apache-htcacheclean-2.2.9-12.5mdvmes5.x86_64.rpm
53490db1804ebfe8f37e0c5583ff199f mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.5mdvmes5.x86_64.rpm
57e1c45e2bd8e9c9cd2863a4a75a655f mes5/x86_64/apache-mod_cache-2.2.9-12.5mdvmes5.x86_64.rpm
896de3fbd0e0e39f97c46f9b97689076 mes5/x86_64/apache-mod_dav-2.2.9-12.5mdvmes5.x86_64.rpm
c3753326915c49a65d6b2dfe591bc417 mes5/x86_64/apache-mod_dbd-2.2.9-12.5mdvmes5.x86_64.rpm
8213cf826f9b91a97d7ff9211c66580a mes5/x86_64/apache-mod_deflate-2.2.9-12.5mdvmes5.x86_64.rpm
01ba45d05dc6c0760b39f1292c44a898 mes5/x86_64/apache-mod_disk_cache-2.2.9-12.5mdvmes5.x86_64.rpm
8d1b82025dce6cd6e58d64fb55f5f924 mes5/x86_64/apache-mod_file_cache-2.2.9-12.5mdvmes5.x86_64.rpm
d7b2408e8084272e00b42ac6239c8093 mes5/x86_64/apache-mod_ldap-2.2.9-12.5mdvmes5.x86_64.rpm
c062d0ff490d24df2de15d863a13d471 mes5/x86_64/apache-mod_mem_cache-2.2.9-12.5mdvmes5.x86_64.rpm
38ef66a65a44187ca6a07bb02f96a8c0 mes5/x86_64/apache-mod_proxy-2.2.9-12.5mdvmes5.x86_64.rpm
408e4b205660e653dfc352ef2ec1fcab mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.5mdvmes5.x86_64.rpm
65f377cb8cf3d4179f94ff11b274f857 mes5/x86_64/apache-mod_ssl-2.2.9-12.5mdvmes5.x86_64.rpm
97bd5c4da3618a8732ae533fa7486f5e mes5/x86_64/apache-modules-2.2.9-12.5mdvmes5.x86_64.rpm
5ddfd8c440d9e9276eb3ce6fb1e06bcb mes5/x86_64/apache-mod_userdir-2.2.9-12.5mdvmes5.x86_64.rpm
e91ef205af8b8aaca58b941f11a38d04 mes5/x86_64/apache-mpm-event-2.2.9-12.5mdvmes5.x86_64.rpm
d565fc890d268b77fe4de543bf00be40 mes5/x86_64/apache-mpm-itk-2.2.9-12.5mdvmes5.x86_64.rpm
ba4ff5181db66fd6759a4a0d43e2e4dd mes5/x86_64/apache-mpm-peruser-2.2.9-12.5mdvmes5.x86_64.rpm
a9b109a311a1750adafefe3fa20ed68e mes5/x86_64/apache-mpm-prefork-2.2.9-12.5mdvmes5.x86_64.rpm
2860b00556bc4c55a240ceb4f69043fb mes5/x86_64/apache-mpm-worker-2.2.9-12.5mdvmes5.x86_64.rpm
65fc889e99eb01a8c7abb77258ef078f mes5/x86_64/apache-source-2.2.9-12.5mdvmes5.x86_64.rpm
cc6d4768770054f71e7863e59e82d7d2 mes5/SRPMS/apache-2.2.9-12.5mdvmes5.src.rpm
Multi Network Firewall 2.0:
445117a109396af9413dca2a69f01a0a mnf/2.0/i586/apache2-2.0.48-6.24.C30mdk.i586.rpm
30176ca39c3d65c2e50cf4c4d192dfa2 mnf/2.0/i586/apache2-common-2.0.48-6.24.C30mdk.i586.rpm
96b47f57ba9fb077da6cf27bc21e7a76 mnf/2.0/i586/apache2-devel-2.0.48-6.24.C30mdk.i586.rpm
ee2e1c41ed579312e9f6365af1f475b3 mnf/2.0/i586/apache2-manual-2.0.48-6.24.C30mdk.i586.rpm
06ce15a998c23ec835a81a061455249a mnf/2.0/i586/apache2-mod_cache-2.0.48-6.24.C30mdk.i586.rpm
7abe5081d5d991b09a8484f41aeadba5 mnf/2.0/i586/apache2-mod_dav-2.0.48-6.24.C30mdk.i586.rpm
73516b134aed9853067ab93fe830513b mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.24.C30mdk.i586.rpm
0d98687a38a7a9806030d8514fe9e0bc mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.24.C30mdk.i586.rpm
8be5990f31ccf58eb110efb0c45487b7 mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.24.C30mdk.i586.rpm
4ddd2e15e616715ea577e1b1b010da39 mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.24.C30mdk.i586.rpm
bccdb965684cd1e24d054f7febc096ff mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.24.C30mdk.i586.rpm
345e5038a9390a07a62d39da825df65d mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.24.C30mdk.i586.rpm
a3e4dc57677b0728ae7c87a4a0cd4e68 mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.24.C30mdk.i586.rpm
c5c5fde933d0a30744a18e8fbdc677f5 mnf/2.0/i586/apache2-modules-2.0.48-6.24.C30mdk.i586.rpm
da00919dd82d8db9b7fb4a63c6b44965 mnf/2.0/i586/apache2-source-2.0.48-6.24.C30mdk.i586.rpm
036643a921387b88380a3f913865ec5f mnf/2.0/i586/libapr0-2.0.48-6.24.C30mdk.i586.rpm
63e2249a390c150ab253ad9b22c3be11 mnf/2.0/SRPMS/apache2-2.0.48-6.24.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. ----------------------------------------------------------------------
Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management
Free webinars
http://secunia.com/vulnerability_scanning/corporate/webinars/
----------------------------------------------------------------------
TITLE:
OpenOffice.org Data Manipulation and Code Execution Vulnerabilities
SECUNIA ADVISORY ID:
SA40070
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/40070/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=40070
RELEASE DATE:
2010-06-08
DISCUSS ADVISORY:
http://secunia.com/advisories/40070/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/40070/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=40070
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Two vulnerabilities have been reported in OpenOffice.org, which can
be exploited by malicious people to manipulate certain data or
compromise a user's system.
1) An error in the TLS protocol while handling session
re-negotiations in included libraries can be exploited to manipulate
session data.
For more information see vulnerability #1 in:
SA37291
2) An error when exploring python code through the scripting IDE can
be exploited to potentially execute arbitrary code.
The vulnerabilities are reported in versions prior to 3.2.1.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.openoffice.org/security/cves/CVE-2009-3555.html
http://www.openoffice.org/security/cves/CVE-2010-0395.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor. Such input strings represent valid
numbers and can be contained in data supplied by an attacker over the
network, leading to a denial-of-service attack.
Note that this update introduces an OpenJDK package based on the
IcedTea release 1.8.3 into the old stable distribution. This
addresses several dozen security vulnerabilities, most of which are
only exploitable by malicious mobile code. A notable exception is
CVE-2009-3555, the TLS renegotiation vulnerability. This update
implements the protocol extension described in RFC 5746, addressing
this issue.
This update also includes a new version of Hotspot, the Java virtual
machine, which increases the default heap size on machines with
several GB of RAM. If you run several JVMs on the same machine, you
might have to reduce the heap size by specifying a suitable -Xmx
argument in the invocation of the "java" command.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: openssl
Announcement ID: SUSE-SA:2009:057
Date: Wed, 18 Nov 2009 08:00:00 +0000
Affected Products: openSUSE 11.0
openSUSE 11.1
openSUSE 11.2
SUSE SLES 9
Novell Linux Desktop 9
Open Enterprise Server
Novell Linux POS 9
SLE SDK 10 SP2
SLE SDK 10 SP3
SUSE Linux Enterprise Desktop 10 SP2
SUSE Linux Enterprise Desktop 10 SP3
SUSE Linux Enterprise 10 SP2 DEBUGINFO
SUSE Linux Enterprise Server 10 SP2
SUSE Linux Enterprise 10 SP3 DEBUGINFO
SUSE Linux Enterprise Server 10 SP3
SLES 11 DEBUGINFO
SUSE Moblin 2.0
SLE 11
SLED 11
SLES 11
Vulnerability Type: man-in-the-middle attack
CVSS v2 Base Score: 6.4 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:P/A:P)
SUSE Default Package: yes
Cross-References: CVE-2009-3555
Content of This Advisory:
1) Security Vulnerability Resolved:
using unauthenticated data during TLS renegotiation
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
none
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The TLS/SSLv3 protocol as implemented in openssl prior to this update
was not able to associate already sent data to a renegotiated connection.
This allowed man-in-the-middle attackers to inject HTTP requests in a
HTTPS session without being noticed.
For example Apache's mod_ssl was vulnerable to this kind of attack because
it uses openssl.
It is believed that this vulnerability is actively exploited in the wild to
get access to HTTPS protected web-sites.
Please note that renegotiation will be disabled for any application using
openssl by this update and may cause problems in some cases.
Additionally this attack is not limited to HTTP.
2) Solution or Work-Around
There is no work-around known.
Moblin packages will be released later.
3) Special Instructions and Notes
Please note that this update disables renegotiation for all applications
using openssl.
All applications using openssl need to be restarted. You can find out what
library an application uses with lsof(8) as root.
If possible restart your system.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 11.2:
http://download.opensuse.org/debug/update/11.2/rpm/i586/compat-openssl097g-debuginfo-0.9.7g-149.5.3.i586.rpm
http://download.opensuse.org/debug/update/11.2/rpm/i586/compat-openssl097g-debugsource-0.9.7g-149.5.3.i586.rpm
http://download.opensuse.org/debug/update/11.2/rpm/i586/libopenssl0_9_8-debuginfo-0.9.8k-3.5.3.i586.rpm
http://download.opensuse.org/debug/update/11.2/rpm/i586/openssl-debuginfo-0.9.8k-3.5.3.i586.rpm
http://download.opensuse.org/debug/update/11.2/rpm/i586/openssl-debugsource-0.9.8k-3.5.3.i586.rpm
http://download.opensuse.org/update/11.2/rpm/i586/compat-openssl097g-0.9.7g-149.5.3.i586.rpm
http://download.opensuse.org/update/11.2/rpm/i586/libopenssl-devel-0.9.8k-3.5.3.i586.rpm
http://download.opensuse.org/update/11.2/rpm/i586/libopenssl0_9_8-0.9.8k-3.5.3.i586.rpm
http://download.opensuse.org/update/11.2/rpm/i586/openssl-0.9.8k-3.5.3.i586.rpm
http://download.opensuse.org/update/11.2/rpm/i586/openssl-doc-0.9.8k-3.5.3.i586.rpm
openSUSE 11.1:
http://download.opensuse.org/debug/update/11.1/rpm/i586/compat-openssl097g-debuginfo-0.9.7g-146.11.1.i586.rpm
http://download.opensuse.org/debug/update/11.1/rpm/i586/compat-openssl097g-debugsource-0.9.7g-146.11.1.i586.rpm
http://download.opensuse.org/debug/update/11.1/rpm/i586/openssl-debuginfo-0.9.8h-28.11.1.i586.rpm
http://download.opensuse.org/debug/update/11.1/rpm/i586/openssl-debugsource-0.9.8h-28.11.1.i586.rpm
http://download.opensuse.org/update/11.1/rpm/i586/compat-openssl097g-0.9.7g-146.11.1.i586.rpm
http://download.opensuse.org/update/11.1/rpm/i586/libopenssl-devel-0.9.8h-28.11.1.i586.rpm
http://download.opensuse.org/update/11.1/rpm/i586/libopenssl0_9_8-0.9.8h-28.11.1.i586.rpm
http://download.opensuse.org/update/11.1/rpm/i586/openssl-0.9.8h-28.11.1.i586.rpm
http://download.opensuse.org/update/11.1/rpm/i586/openssl-doc-0.9.8h-28.11.1.i586.rpm
openSUSE 11.0:
http://download.opensuse.org/debug/update/11.0/rpm/i586/compat-openssl097g-debuginfo-0.9.7g-119.7.i586.rpm
http://download.opensuse.org/debug/update/11.0/rpm/i586/compat-openssl097g-debugsource-0.9.7g-119.7.i586.rpm
http://download.opensuse.org/debug/update/11.0/rpm/i586/openssl-debuginfo-0.9.8g-47.10.i586.rpm
http://download.opensuse.org/debug/update/11.0/rpm/i586/openssl-debugsource-0.9.8g-47.10.i586.rpm
http://download.opensuse.org/update/11.0/rpm/i586/compat-openssl097g-0.9.7g-119.7.i586.rpm
http://download.opensuse.org/update/11.0/rpm/i586/libopenssl-devel-0.9.8g-47.10.i586.rpm
http://download.opensuse.org/update/11.0/rpm/i586/libopenssl0_9_8-0.9.8g-47.10.i586.rpm
http://download.opensuse.org/update/11.0/rpm/i586/openssl-0.9.8g-47.10.i586.rpm
http://download.opensuse.org/update/11.0/rpm/i586/openssl-certs-0.9.8g-47.10.i586.rpm
http://download.opensuse.org/update/11.0/rpm/i586/openssl-doc-0.9.8g-47.10.i586.rpm
Platform Independent:
openSUSE 11.2:
http://download.opensuse.org/update/11.2/rpm/noarch/openssl-certs-0.9.8h-28.2.1.noarch.rpm
openSUSE 11.1:
http://download.opensuse.org/update/11.1/rpm/noarch/openssl-certs-0.9.8h-25.2.13.noarch.rpm
Power PC Platform:
openSUSE 11.1:
http://download.opensuse.org/debug/update/11.1/rpm/ppc/compat-openssl097g-debuginfo-0.9.7g-146.11.1.ppc.rpm
http://download.opensuse.org/debug/update/11.1/rpm/ppc/compat-openssl097g-debuginfo-64bit-0.9.7g-146.11.1.ppc.rpm
http://download.opensuse.org/debug/update/11.1/rpm/ppc/compat-openssl097g-debugsource-0.9.7g-146.11.1.ppc.rpm
http://download.opensuse.org/debug/update/11.1/rpm/ppc/openssl-debuginfo-0.9.8h-28.11.1.ppc.rpm
http://download.opensuse.org/debug/update/11.1/rpm/ppc/openssl-debugsource-0.9.8h-28.11.1.ppc.rpm
http://download.opensuse.org/update/11.1/rpm/ppc/compat-openssl097g-0.9.7g-146.11.1.ppc.rpm
http://download.opensuse.org/update/11.1/rpm/ppc/compat-openssl097g-64bit-0.9.7g-146.11.1.ppc.rpm
http://download.opensuse.org/update/11.1/rpm/ppc/libopenssl-devel-0.9.8h-28.11.1.ppc.rpm
http://download.opensuse.org/update/11.1/rpm/ppc/libopenssl0_9_8-0.9.8h-28.11.1.ppc.rpm
http://download.opensuse.org/update/11.1/rpm/ppc/libopenssl0_9_8-64bit-0.9.8h-28.11.1.ppc.rpm
http://download.opensuse.org/update/11.1/rpm/ppc/openssl-0.9.8h-28.11.1.ppc.rpm
http://download.opensuse.org/update/11.1/rpm/ppc/openssl-doc-0.9.8h-28.11.1.ppc.rpm
openSUSE 11.0:
http://download.opensuse.org/debug/update/11.0/rpm/ppc/compat-openssl097g-debuginfo-0.9.7g-119.7.ppc.rpm
http://download.opensuse.org/debug/update/11.0/rpm/ppc/compat-openssl097g-debugsource-0.9.7g-119.7.ppc.rpm
http://download.opensuse.org/debug/update/11.0/rpm/ppc/openssl-debuginfo-0.9.8g-47.10.ppc.rpm
http://download.opensuse.org/debug/update/11.0/rpm/ppc/openssl-debugsource-0.9.8g-47.10.ppc.rpm
http://download.opensuse.org/update/11.0/rpm/ppc/compat-openssl097g-0.9.7g-119.7.ppc.rpm
http://download.opensuse.org/update/11.0/rpm/ppc/compat-openssl097g-64bit-0.9.7g-119.7.ppc.rpm
http://download.opensuse.org/update/11.0/rpm/ppc/libopenssl-devel-0.9.8g-47.10.ppc.rpm
http://download.opensuse.org/update/11.0/rpm/ppc/libopenssl0_9_8-0.9.8g-47.10.ppc.rpm
http://download.opensuse.org/update/11.0/rpm/ppc/libopenssl0_9_8-64bit-0.9.8g-47.10.ppc.rpm
http://download.opensuse.org/update/11.0/rpm/ppc/openssl-0.9.8g-47.10.ppc.rpm
http://download.opensuse.org/update/11.0/rpm/ppc/openssl-certs-0.9.8g-47.10.ppc.rpm
http://download.opensuse.org/update/11.0/rpm/ppc/openssl-doc-0.9.8g-47.10.ppc.rpm
x86-64 Platform:
openSUSE 11.2:
http://download.opensuse.org/debug/update/11.2/rpm/x86_64/compat-openssl097g-debuginfo-0.9.7g-149.5.3.x86_64.rpm
http://download.opensuse.org/debug/update/11.2/rpm/x86_64/compat-openssl097g-debuginfo-32bit-0.9.7g-149.5.3.x86_64.rpm
http://download.opensuse.org/debug/update/11.2/rpm/x86_64/compat-openssl097g-debugsource-0.9.7g-149.5.3.x86_64.rpm
http://download.opensuse.org/debug/update/11.2/rpm/x86_64/libopenssl0_9_8-debuginfo-0.9.8k-3.5.3.x86_64.rpm
http://download.opensuse.org/debug/update/11.2/rpm/x86_64/libopenssl0_9_8-debuginfo-32bit-0.9.8k-3.5.3.x86_64.rpm
http://download.opensuse.org/debug/update/11.2/rpm/x86_64/openssl-debuginfo-0.9.8k-3.5.3.x86_64.rpm
http://download.opensuse.org/debug/update/11.2/rpm/x86_64/openssl-debugsource-0.9.8k-3.5.3.x86_64.rpm
http://download.opensuse.org/update/11.2/rpm/x86_64/compat-openssl097g-0.9.7g-149.5.3.x86_64.rpm
http://download.opensuse.org/update/11.2/rpm/x86_64/compat-openssl097g-32bit-0.9.7g-149.5.3.x86_64.rpm
http://download.opensuse.org/update/11.2/rpm/x86_64/libopenssl-devel-0.9.8k-3.5.3.x86_64.rpm
http://download.opensuse.org/update/11.2/rpm/x86_64/libopenssl0_9_8-0.9.8k-3.5.3.x86_64.rpm
http://download.opensuse.org/update/11.2/rpm/x86_64/libopenssl0_9_8-32bit-0.9.8k-3.5.3.x86_64.rpm
http://download.opensuse.org/update/11.2/rpm/x86_64/openssl-0.9.8k-3.5.3.x86_64.rpm
http://download.opensuse.org/update/11.2/rpm/x86_64/openssl-doc-0.9.8k-3.5.3.x86_64.rpm
openSUSE 11.1:
http://download.opensuse.org/debug/update/11.1/rpm/x86_64/compat-openssl097g-debuginfo-0.9.7g-146.11.1.x86_64.rpm
http://download.opensuse.org/debug/update/11.1/rpm/x86_64/compat-openssl097g-debuginfo-32bit-0.9.7g-146.11.1.x86_64.rpm
http://download.opensuse.org/debug/update/11.1/rpm/x86_64/compat-openssl097g-debugsource-0.9.7g-146.11.1.x86_64.rpm
http://download.opensuse.org/debug/update/11.1/rpm/x86_64/openssl-debuginfo-0.9.8h-28.11.1.x86_64.rpm
http://download.opensuse.org/debug/update/11.1/rpm/x86_64/openssl-debugsource-0.9.8h-28.11.1.x86_64.rpm
http://download.opensuse.org/update/11.1/rpm/x86_64/compat-openssl097g-0.9.7g-146.11.1.x86_64.rpm
http://download.opensuse.org/update/11.1/rpm/x86_64/compat-openssl097g-32bit-0.9.7g-146.11.1.x86_64.rpm
http://download.opensuse.org/update/11.1/rpm/x86_64/libopenssl-devel-0.9.8h-28.11.1.x86_64.rpm
http://download.opensuse.org/update/11.1/rpm/x86_64/libopenssl0_9_8-0.9.8h-28.11.1.x86_64.rpm
http://download.opensuse.org/update/11.1/rpm/x86_64/libopenssl0_9_8-32bit-0.9.8h-28.11.1.x86_64.rpm
http://download.opensuse.org/update/11.1/rpm/x86_64/openssl-0.9.8h-28.11.1.x86_64.rpm
http://download.opensuse.org/update/11.1/rpm/x86_64/openssl-doc-0.9.8h-28.11.1.x86_64.rpm
openSUSE 11.0:
http://download.opensuse.org/debug/update/11.0/rpm/x86_64/compat-openssl097g-debuginfo-0.9.7g-119.7.x86_64.rpm
http://download.opensuse.org/debug/update/11.0/rpm/x86_64/compat-openssl097g-debugsource-0.9.7g-119.7.x86_64.rpm
http://download.opensuse.org/debug/update/11.0/rpm/x86_64/openssl-debuginfo-0.9.8g-47.10.x86_64.rpm
http://download.opensuse.org/debug/update/11.0/rpm/x86_64/openssl-debugsource-0.9.8g-47.10.x86_64.rpm
http://download.opensuse.org/update/11.0/rpm/x86_64/compat-openssl097g-0.9.7g-119.7.x86_64.rpm
http://download.opensuse.org/update/11.0/rpm/x86_64/compat-openssl097g-32bit-0.9.7g-119.7.x86_64.rpm
http://download.opensuse.org/update/11.0/rpm/x86_64/libopenssl-devel-0.9.8g-47.10.x86_64.rpm
http://download.opensuse.org/update/11.0/rpm/x86_64/libopenssl0_9_8-0.9.8g-47.10.x86_64.rpm
http://download.opensuse.org/update/11.0/rpm/x86_64/libopenssl0_9_8-32bit-0.9.8g-47.10.x86_64.rpm
http://download.opensuse.org/update/11.0/rpm/x86_64/openssl-0.9.8g-47.10.x86_64.rpm
http://download.opensuse.org/update/11.0/rpm/x86_64/openssl-certs-0.9.8g-47.10.x86_64.rpm
http://download.opensuse.org/update/11.0/rpm/x86_64/openssl-doc-0.9.8g-47.10.x86_64.rpm
Sources:
openSUSE 11.2:
http://download.opensuse.org/update/11.2/rpm/src/compat-openssl097g-0.9.7g-149.5.3.src.rpm
http://download.opensuse.org/update/11.2/rpm/src/openssl-0.9.8k-3.5.3.src.rpm
http://download.opensuse.org/update/11.2/rpm/src/openssl-certs-0.9.8h-28.2.1.src.rpm
openSUSE 11.1:
http://download.opensuse.org/update/11.1/rpm/src/compat-openssl097g-0.9.7g-146.11.1.src.rpm
http://download.opensuse.org/update/11.1/rpm/src/openssl-0.9.8h-28.11.1.src.rpm
http://download.opensuse.org/update/11.1/rpm/src/openssl-certs-0.9.8h-25.2.13.src.rpm
openSUSE 11.0:
http://download.opensuse.org/update/11.0/rpm/src/compat-openssl097g-0.9.7g-119.7.src.rpm
http://download.opensuse.org/update/11.0/rpm/src/openssl-0.9.8g-47.10.src.rpm
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
SUSE Linux Enterprise Server 10 SP3
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=c061b25f20728b088a7357bd5622663c
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=f99093a5bf235f2d2471722a946414f0
SLE SDK 10 SP3
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=f99093a5bf235f2d2471722a946414f0
SUSE Linux Enterprise 10 SP3 DEBUGINFO
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=f99093a5bf235f2d2471722a946414f0
SUSE Linux Enterprise Desktop 10 SP3
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=c061b25f20728b088a7357bd5622663c
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=f99093a5bf235f2d2471722a946414f0
Open Enterprise Server
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=966f4c625ed61db11e3e99daf4715b56
Novell Linux POS 9
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=966f4c625ed61db11e3e99daf4715b56
Novell Linux Desktop 9
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=966f4c625ed61db11e3e99daf4715b56
SUSE SLES 9
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=966f4c625ed61db11e3e99daf4715b56
SUSE Moblin 2.0
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=4ce70591574c803658a0a92c20de4b63
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=7b9d9b0dd5ed590f2715f8868f4732dd
SUSE Linux Enterprise Server 10 SP2
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=94258f4988a9f1a208fd7e21392bd3be
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=aa66d8843925bd9511841d6ad82f49c1
SLE SDK 10 SP2
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=aa66d8843925bd9511841d6ad82f49c1
SUSE Linux Enterprise 10 SP2 DEBUGINFO
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=aa66d8843925bd9511841d6ad82f49c1
SUSE Linux Enterprise Desktop 10 SP2
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=94258f4988a9f1a208fd7e21392bd3be
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=aa66d8843925bd9511841d6ad82f49c1
SLES 11
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=d0129289ed5f99e99f64649fe9227069
SLED 11
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=2ffd4e402785dad2cb33b70b2b6b9d9b
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=d0129289ed5f99e99f64649fe9227069
SLE 11
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=d0129289ed5f99e99f64649fe9227069
SLES 11 DEBUGINFO
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=2ffd4e402785dad2cb33b70b2b6b9d9b
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=d0129289ed5f99e99f64649fe9227069
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
Please read our Summary Report.
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security@suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build@suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security@opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe@opensuse.org>.
opensuse-security-announce@opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe@opensuse.org>.
=====================================================================
SUSE's security contact is <security@suse.com> or <security@suse.de>.
The <security@suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
SOLUTION:
Apply updates (please see the vendor's advisory for details). For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com
VAR-200911-0416 | CVE-2009-2820 | Apple Mac OS X of CUPS Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues. CUPS is prone to a cross-site scripting vulnerability because the software fails to sufficiently sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
NOTE: This vulnerability was originally reported in BID 36956 (Apple Mac OS X 2009-006 Multiple Security Vulnerabilities), but has been given its own record to better document it.
This issue affects versions prior to CUPS 1.4.2. Mac OS X is the operating system used by the Apple family of machines.
For the stable distribution (lenny), this problem has been fixed in
version 1.3.8-1+lenny7.
For the oldstable distribution (etch), this problem has been fixed in
version 1.2.7-4+etch9.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem will be fixed soon.
We recommend that you upgrade your cups packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9.diff.gz
Size/MD5 checksum: 112995 fe3566daa6615bcd625288ce98e9384f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9.dsc
Size/MD5 checksum: 1095 804241054cda1301d183492ea5969649
Architecture independent packages:
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4+etch9_all.deb
Size/MD5 checksum: 917720 bc97c75dacbd345dfd07e9397c91c38f
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4+etch9_all.deb
Size/MD5 checksum: 46524 4f95c2485efda6dc7fc306162a5b1641
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_alpha.deb
Size/MD5 checksum: 72990 bf27b53404f44fcea401f8ff88de8aa2
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_alpha.deb
Size/MD5 checksum: 1095268 d25ffb1cdb0d32cb3d80d6a551b355c7
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_alpha.deb
Size/MD5 checksum: 184818 00aa5f531b8c3a30c6c77b926be722d2
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_alpha.deb
Size/MD5 checksum: 175652 d52f9ee130bbf84d5436a71bb526f56c
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_alpha.deb
Size/MD5 checksum: 95922 8d80f7b83c755b59401fa7dd0b2ca81e
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_alpha.deb
Size/MD5 checksum: 1605614 26620cc74617e392217a198fbde74860
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_alpha.deb
Size/MD5 checksum: 86404 5cebb372c4230f6ec95f89be9183293c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_alpha.deb
Size/MD5 checksum: 39290 429780ee5c35d47504291877979b6a15
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_amd64.deb
Size/MD5 checksum: 162858 1efc0ec7be9fc17ec25aab13eeb6e169
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_amd64.deb
Size/MD5 checksum: 80712 2f639382f1e7767254a39358e7a79aed
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_amd64.deb
Size/MD5 checksum: 1090142 e33720ca87a04a87fe9a23b281c1bac0
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_amd64.deb
Size/MD5 checksum: 86648 7eacddf27156689a52fe3b620392f734
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_amd64.deb
Size/MD5 checksum: 1578128 1726cfeb573c14d325bd7d3c6ec29188
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_amd64.deb
Size/MD5 checksum: 53050 342387c9d81a32530263493d8a11eb86
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_amd64.deb
Size/MD5 checksum: 142540 66ff1c8c7c2bae7320d208e1ac6748c5
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_amd64.deb
Size/MD5 checksum: 36356 a752bf52d8c59b7e7b16a44e6265da78
arm architecture (ARM)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_arm.deb
Size/MD5 checksum: 78688 9ee5e250e8db317459cf64f0f4d2b9e9
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_arm.deb
Size/MD5 checksum: 155024 2e0ba671643828c8a208647ffc267b64
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_arm.deb
Size/MD5 checksum: 85562 05a0e3e5bbcc37c3a22e5e5343bbc44d
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_arm.deb
Size/MD5 checksum: 1569288 8871122b1793c0e6f24e10fb781e0cb9
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_arm.deb
Size/MD5 checksum: 48948 9c51ba4c36e7fc6c4dbd2da98be31557
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_arm.deb
Size/MD5 checksum: 1024098 d942cccf63a8013a157f6cd8b8091a77
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_arm.deb
Size/MD5 checksum: 36760 f4f9b00a6516aaad65423afdb7cc15c3
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_arm.deb
Size/MD5 checksum: 131680 8ae7ad06a988b72ec037bd8576a5401b
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_hppa.deb
Size/MD5 checksum: 57248 6ce4ddf236ef42bd67a8cbdfcd433a22
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_hppa.deb
Size/MD5 checksum: 91630 2351fe0384a9aacfe47d2917fad5c373
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_hppa.deb
Size/MD5 checksum: 86788 4f32c2829c4e067c47d2d403a7ce4f41
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_hppa.deb
Size/MD5 checksum: 1038730 ae7853cba7ba8f46eb0b8f02b32afc01
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_hppa.deb
Size/MD5 checksum: 1630072 270330a3a787ab952bb8c315bff4dea3
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_hppa.deb
Size/MD5 checksum: 154678 0b97726ccaf51ff69b8f29159f3def07
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_hppa.deb
Size/MD5 checksum: 172288 f62575c4d075147cdab3e2b3912a28d2
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_hppa.deb
Size/MD5 checksum: 40378 7dfc68f3a0de6c6a0027cf3f82f28100
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_i386.deb
Size/MD5 checksum: 1558554 20697fd1df339dfe66645e41f8fdab62
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_i386.deb
Size/MD5 checksum: 53226 ed047b982bccef707582c5239e6c4529
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_i386.deb
Size/MD5 checksum: 79704 defeadc51fe3b8e70c248e7f7cd78eeb
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_i386.deb
Size/MD5 checksum: 87582 82b5f9adc2612c3d3818d9ee619e98c2
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_i386.deb
Size/MD5 checksum: 161536 cc750090dea44733d5bfa4859768fd50
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_i386.deb
Size/MD5 checksum: 137800 ced35b0270e6f9576a084a848097e56c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_i386.deb
Size/MD5 checksum: 998886 599796e90c29f4adfd032f7eced8dbd6
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_i386.deb
Size/MD5 checksum: 36234 47bd2806f7fa212153053cf58bfa7f1b
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_ia64.deb
Size/MD5 checksum: 192380 fac2ee8208cc62269d660293987722c4
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_ia64.deb
Size/MD5 checksum: 46336 537bf35bd49b91a743511ae655ea98fa
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_ia64.deb
Size/MD5 checksum: 106222 41d7dfbd5f5f8989c491dd7c6256d23c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_ia64.deb
Size/MD5 checksum: 1773934 ed2f57b9532dfdd17a487cc794674254
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_ia64.deb
Size/MD5 checksum: 204566 e0b3ae3cb6dcf554600cd8a6282f31c3
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_ia64.deb
Size/MD5 checksum: 1109732 dc2117102927617da49909c68a4c010d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_ia64.deb
Size/MD5 checksum: 107490 e755ddc16e79d95f5e717cdda6b8b66a
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_ia64.deb
Size/MD5 checksum: 74382 2625f53f6a81c275e6b3600b6f83e40e
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_mips.deb
Size/MD5 checksum: 158354 8c52640f70fd6bd724e48bf3aa5ddaf6
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_mips.deb
Size/MD5 checksum: 1569908 6e4b324f3d4ef8630c4a8a1d8d373a10
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_mips.deb
Size/MD5 checksum: 1100238 265ebdea306b57efaa192601902c6152
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_mips.deb
Size/MD5 checksum: 76154 a2b996d1dced2ccf1d0b325e403ad76e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_mips.deb
Size/MD5 checksum: 57670 e7496d3c9ff40b21841004011d984ab0
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_mips.deb
Size/MD5 checksum: 36110 2e6233c94a391e3c12a42fb242b90c0d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_mips.deb
Size/MD5 checksum: 150984 c4b5d5c3e84d1558a3a9779f8a44880e
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_mips.deb
Size/MD5 checksum: 87150 252b222f10710ac818eaa39d0e62d1d0
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_mipsel.deb
Size/MD5 checksum: 158900 8fef7b67a8b23b8410cad13581d3c87f
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_mipsel.deb
Size/MD5 checksum: 1089172 4026204ebe8cd1e3aca31fabd5c4751d
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_mipsel.deb
Size/MD5 checksum: 36056 72c3532a5db151edc04ddcf5230d10ae
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_mipsel.deb
Size/MD5 checksum: 1555346 7d1c3413c07ce587bcbc6b0825b27aa1
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_mipsel.deb
Size/MD5 checksum: 57798 e38bc41a4cee06be91e5ca90eaa834d6
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_mipsel.deb
Size/MD5 checksum: 150896 010940ad9b6f216f58055dee0c05720e
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_mipsel.deb
Size/MD5 checksum: 77452 1bf693a139ca808f0ddfde50daeb3951
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_mipsel.deb
Size/MD5 checksum: 87318 e6aadf01613a8363e9a77dabda1cc7b0
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_powerpc.deb
Size/MD5 checksum: 89456 ce774884f9f2d60d53b9738087b1997c
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_powerpc.deb
Size/MD5 checksum: 41338 6470a2c554400bf5d76df57a10c59b1a
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_powerpc.deb
Size/MD5 checksum: 163538 f312c95edac480e335383282e658afa4
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_powerpc.deb
Size/MD5 checksum: 1148886 2867ed7850c711eb45802ee198667b6c
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_powerpc.deb
Size/MD5 checksum: 136252 ead19e10b92e029542cf17b378a567fc
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_powerpc.deb
Size/MD5 checksum: 89566 03ad548ff0f04c960eb4f242dc46251d
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_powerpc.deb
Size/MD5 checksum: 51924 f25670cf80cd3d7558da75c315305725
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_powerpc.deb
Size/MD5 checksum: 1584292 238dcd774ade788f8bd22094c45a1330
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_s390.deb
Size/MD5 checksum: 37416 996dfcb6fb6f65d8f13b7dae44e19dcf
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_s390.deb
Size/MD5 checksum: 144934 ce53888a5d6fb6546cea3a29554dc617
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_s390.deb
Size/MD5 checksum: 1039580 aa0880a0c055113199e8f7c7bbdb2478
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_s390.deb
Size/MD5 checksum: 167056 4a769af5c2d19121705021fa93f50754
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_s390.deb
Size/MD5 checksum: 1589794 9dfd00c1deacfda509f538cee7713da4
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_s390.deb
Size/MD5 checksum: 88248 1d05ee6ddb20e514e6c99fe31399f2d5
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_s390.deb
Size/MD5 checksum: 52516 fb5a46492d2a20e430af75e816924b35
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_s390.deb
Size/MD5 checksum: 82330 16608e47717961ab5ae7a00d73bed368
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_sparc.deb
Size/MD5 checksum: 78514 690e8cc7cc8cec06cfbff7bce25484c5
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_sparc.deb
Size/MD5 checksum: 994252 5085b682f7e0c7ec22be63843cd3f015
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_sparc.deb
Size/MD5 checksum: 51784 9bd7bf8d93316b8a59d98541101cbc73
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_sparc.deb
Size/MD5 checksum: 139562 c783267048e5410b6ab38dadf6b92fd7
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_sparc.deb
Size/MD5 checksum: 36024 29fbb1ae8a6be5647d0d1eae4dbe35aa
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_sparc.deb
Size/MD5 checksum: 159428 42067c27bab2c7e5dc0da63f92ce073b
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_sparc.deb
Size/MD5 checksum: 1564572 83de8732694d0cc2aa0cd70636c89917
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_sparc.deb
Size/MD5 checksum: 85628 a06afa2268b22d071eec37a6a0f558ad
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7.diff.gz
Size/MD5 checksum: 188585 2f134119c9ab17213747ad55cd3abdf5
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8.orig.tar.gz
Size/MD5 checksum: 4796827 10efe9825c1a1dcd325be47a6cc21faf
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7.dsc
Size/MD5 checksum: 1838 598e0194241cb4b10e6ea6264c620f11
Architecture independent packages:
http://security.debian.org/pool/updates/main/c/cups/cupsys-client_1.3.8-1+lenny7_all.deb
Size/MD5 checksum: 52150 fcd78609b6330b7cac8eebf77d90551b
http://security.debian.org/pool/updates/main/c/cups/libcupsys2_1.3.8-1+lenny7_all.deb
Size/MD5 checksum: 52148 64539574b4ba2f2bdde5cfe8a5bb404a
http://security.debian.org/pool/updates/main/c/cups/cupsys-dbg_1.3.8-1+lenny7_all.deb
Size/MD5 checksum: 52146 899bfa5316f20775298b3d05e2e66ce9
http://security.debian.org/pool/updates/main/c/cups/cupsys-bsd_1.3.8-1+lenny7_all.deb
Size/MD5 checksum: 52148 7cf6e014adbf027f70c5be49eb8ca71d
http://security.debian.org/pool/updates/main/c/cups/cupsys-common_1.3.8-1+lenny7_all.deb
Size/MD5 checksum: 52150 0d536e8ea0f7bdbebe13163779e3d4f4
http://security.debian.org/pool/updates/main/c/cups/libcupsys2-dev_1.3.8-1+lenny7_all.deb
Size/MD5 checksum: 52158 7876f928d67e4f50f752a1af537d5d96
http://security.debian.org/pool/updates/main/c/cups/cupsys_1.3.8-1+lenny7_all.deb
Size/MD5 checksum: 52132 b55b302d127310628d5e5969828c90ba
http://security.debian.org/pool/updates/main/c/cups/cups-common_1.3.8-1+lenny7_all.deb
Size/MD5 checksum: 1174986 c6fed6d41ec1e486fc11ee5a632d4fb0
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_alpha.deb
Size/MD5 checksum: 2100558 63e7858512acf957df56b998c2890862
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_alpha.deb
Size/MD5 checksum: 179252 8c451eb372aab1a00e5ab852bbb16aa1
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_alpha.deb
Size/MD5 checksum: 118462 891f827943c1fcd54a427bd69a5907f1
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_alpha.deb
Size/MD5 checksum: 37994 ce1a404f568126985fc9480e8f4d5d34
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_alpha.deb
Size/MD5 checksum: 1144620 3c164140815a4c6df3ddfc6ae93950b9
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_alpha.deb
Size/MD5 checksum: 108568 eaaf105093f5f2ec429ccdc1064b6721
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_alpha.deb
Size/MD5 checksum: 81502 b5437c0bf2576174a46fea03ea11a446
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_alpha.deb
Size/MD5 checksum: 446024 53ff55379c20c80ae0a63e70f43edf7a
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_amd64.deb
Size/MD5 checksum: 398418 80f6b9037d8d40264bdd353c717bf316
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_amd64.deb
Size/MD5 checksum: 2053110 f64a171669c6f0fa931ef50a409771f0
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_amd64.deb
Size/MD5 checksum: 168524 713d8df4f1c3946bb40b604f49656d55
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_amd64.deb
Size/MD5 checksum: 61044 0aa9904819ab2da5339a5b4e28ffe59a
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_amd64.deb
Size/MD5 checksum: 1196946 978ae6594fb203b6d507220725854f98
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_amd64.deb
Size/MD5 checksum: 117084 1b712fc7ceaa991aec6066d17c3d8a03
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_amd64.deb
Size/MD5 checksum: 99838 13e57d407ac2bac36c7077ebb5259748
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_amd64.deb
Size/MD5 checksum: 37148 9f2d8c0ca7a37a225d7ce1723eba3829
arm architecture (ARM)
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_arm.deb
Size/MD5 checksum: 386376 57fc5eb1b60843db37cc1560b34657ba
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_arm.deb
Size/MD5 checksum: 154852 cdfe93b0117b4d7ad86e097848f56a72
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_arm.deb
Size/MD5 checksum: 2059778 bc505f53c123e86f61e0208bd0a5d361
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_arm.deb
Size/MD5 checksum: 1119820 b567be834797c76ffb5a664e398bc34e
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_arm.deb
Size/MD5 checksum: 112910 6f17df41cbb09df50155199f9be963a6
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_arm.deb
Size/MD5 checksum: 55578 f4b763671e94082fbf85803d45ecd392
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_arm.deb
Size/MD5 checksum: 96992 051d9fb6750b876d06191fb7e355e9ac
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_arm.deb
Size/MD5 checksum: 36312 166cc83ac06c835703410efd4765deab
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_armel.deb
Size/MD5 checksum: 37670 81910b769bfbc1349c0b153ad9164d92
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_armel.deb
Size/MD5 checksum: 157710 aca520902431f9719aa580f098a03628
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_armel.deb
Size/MD5 checksum: 386566 d977a3c0fda5314a6c71484987949f73
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_armel.deb
Size/MD5 checksum: 117932 ba1d3d8a1858053b0183961d82a09ebe
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_armel.deb
Size/MD5 checksum: 1132990 bb1d93250d6fca508cfff4997e605040
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_armel.deb
Size/MD5 checksum: 55010 447b83ce0df1e08e3cbe914981ea413d
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_armel.deb
Size/MD5 checksum: 2085014 f55b91ec749afcb1379aeca406b16f8f
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_armel.deb
Size/MD5 checksum: 98412 b7cc38ea409402878d9b2e78fd627a42
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_hppa.deb
Size/MD5 checksum: 119870 a9351e7030124a64654c5dbf2d748b57
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_hppa.deb
Size/MD5 checksum: 38172 02d9783ce625e884a7ffb5a6ea4fbdc2
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_hppa.deb
Size/MD5 checksum: 103156 8d7ae253b7155cc5d230f0ac7d3c88e6
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_hppa.deb
Size/MD5 checksum: 1138966 b46cff43879618898839dc38f8c276de
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_hppa.deb
Size/MD5 checksum: 63126 264faa52eb7b76b7ba3af3854f3ab6cc
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_hppa.deb
Size/MD5 checksum: 172700 34bf188a372a5101789842c4b2bbd5c8
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_hppa.deb
Size/MD5 checksum: 2119306 a5b452236f9e35cb754c76105158114b
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_hppa.deb
Size/MD5 checksum: 409118 0b899d323223726af53c0ac7f51fb98e
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_i386.deb
Size/MD5 checksum: 396398 a0b5f18275849bf02dbdc626cf805c1d
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_i386.deb
Size/MD5 checksum: 60438 59a35fa422c60d5adc9dff540706337a
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_i386.deb
Size/MD5 checksum: 1095692 fc5f6cc06799f5c00c943f9379db64be
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_i386.deb
Size/MD5 checksum: 99362 39bcf5f4db639ccd311870d9e90e7545
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_i386.deb
Size/MD5 checksum: 36492 febb3dc6f35605754664c84f0681cdd1
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_i386.deb
Size/MD5 checksum: 165512 f063ca52a622599e17be45bfda802830
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_i386.deb
Size/MD5 checksum: 2057466 86304106605edfb61db25d14a74429ea
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_i386.deb
Size/MD5 checksum: 114902 954a28c392b37ded2ffc21bab16efaab
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_ia64.deb
Size/MD5 checksum: 139092 9d9f826faf7a99009aafb25c7deb637e
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_ia64.deb
Size/MD5 checksum: 123498 9377b05d42466021c1420362d3bb0157
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_ia64.deb
Size/MD5 checksum: 447534 783bb7f09f0dd7ebb82b168285ed3d2c
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_ia64.deb
Size/MD5 checksum: 2283614 8c700df25e12cb4ac24d5884a77e8cef
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_ia64.deb
Size/MD5 checksum: 1150652 e89ea87fa2fa750cf7385ef3f8efc9e5
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_ia64.deb
Size/MD5 checksum: 86010 db2d06c843ddfdc86d75eaa6c8f07248
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_ia64.deb
Size/MD5 checksum: 209138 4fbbef77787d20f8c7f828a02a504757
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_ia64.deb
Size/MD5 checksum: 41290 854227929b82c27f1645f401ddd2ea08
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_mips.deb
Size/MD5 checksum: 2049028 ba814726491cf18adc33b978cdf41ebf
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_mips.deb
Size/MD5 checksum: 157944 2f2a6f1e03a329dd9bfe66aefc042e78
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_mips.deb
Size/MD5 checksum: 405610 0d67a4c1476444a5bb7da06f04b0fe1a
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_mips.deb
Size/MD5 checksum: 1172578 d4329dafd5542e0128668a590898fb2e
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_mips.deb
Size/MD5 checksum: 108484 9a4fcffe8fdaf374474c5ea0c8d7c8f5
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_mips.deb
Size/MD5 checksum: 98750 51447de9ba4558914df798f65058b6c9
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_mips.deb
Size/MD5 checksum: 65290 7879c6993282cc2cc1efb3d5872b06b8
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_mips.deb
Size/MD5 checksum: 36010 d670bc2bd607cc2625d4011fc8af900e
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_mipsel.deb
Size/MD5 checksum: 1158288 d8b64c43ee3f0e59cc31660873f1834e
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_mipsel.deb
Size/MD5 checksum: 158360 8197e028f08047fda6557b6b6fc9d3f3
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_mipsel.deb
Size/MD5 checksum: 65214 715dcb4022b19252c1eea1b784884310
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_mipsel.deb
Size/MD5 checksum: 36160 c94fe31c9b1e23e5753806cf033bf34f
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_mipsel.deb
Size/MD5 checksum: 98910 2da6b027dc7b588830d98e798f784f0b
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_mipsel.deb
Size/MD5 checksum: 2030054 28c9e99b851466e97e50c5712fe3342f
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_mipsel.deb
Size/MD5 checksum: 403242 f8b494cf670baee9b65c8e6cc39080d4
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_mipsel.deb
Size/MD5 checksum: 109970 bf6fc87864ec7230506e5fd7c7abcd8b
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_powerpc.deb
Size/MD5 checksum: 136082 318d392ca604759afb280639cac8b03c
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_powerpc.deb
Size/MD5 checksum: 61152 985c626435a88fd3446dc88a447d2c9b
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_powerpc.deb
Size/MD5 checksum: 174320 57e2e7b2e6fd39ad63a1ba17e7194f40
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_powerpc.deb
Size/MD5 checksum: 394250 fde0e239f7e24e2ba4ee42e6596c60ba
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_powerpc.deb
Size/MD5 checksum: 104862 51a12f1bb7a775ddca43c10945639dfb
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_powerpc.deb
Size/MD5 checksum: 44204 f285bf023a4680b7da64118d586e1d5e
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_powerpc.deb
Size/MD5 checksum: 2124674 d8c9de7eef052dd764d66188837d86c9
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_powerpc.deb
Size/MD5 checksum: 1191028 1b4729142f6cdda734027dda48752afd
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_s390.deb
Size/MD5 checksum: 171654 0d53ed748c513498f55341ba19cfde32
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_s390.deb
Size/MD5 checksum: 2092930 7aef582c65b9873a66cd3e632acbec6e
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_s390.deb
Size/MD5 checksum: 1190710 884a98297180cc5c5bace0204ac48148
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_s390.deb
Size/MD5 checksum: 118578 9ec07d8c2bdc5a9645d6d32c460357e7
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_s390.deb
Size/MD5 checksum: 60714 a37d661adbf755636f2b1f9340d4a96a
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_s390.deb
Size/MD5 checksum: 101620 bb3e1691cf3fa70e880823db340aa835
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_s390.deb
Size/MD5 checksum: 37804 5d817c9fa3eb1ebea486d0f0244384a5
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_s390.deb
Size/MD5 checksum: 399768 b1bdeedfe5bfe453de5ee9f065f169bf
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_sparc.deb
Size/MD5 checksum: 2067200 1b832d51127c5a3cdf1d2f9f15fbbc9f
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_sparc.deb
Size/MD5 checksum: 57760 9be4f682c78cce9c7d0e80a5d6ed3f61
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_sparc.deb
Size/MD5 checksum: 1049966 1c15bf61b0f26558c8d3eb49a8aaf682
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_sparc.deb
Size/MD5 checksum: 160982 6eda428d97d49e0b90d143599ac019f5
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_sparc.deb
Size/MD5 checksum: 97212 d57b0db0765d63f354d44a3aa4799f56
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_sparc.deb
Size/MD5 checksum: 392614 124cc14e2eeceea46a513424d40860f5
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_sparc.deb
Size/MD5 checksum: 38826 ae41ac61dab018ddb25f84f517076d3e
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_sparc.deb
Size/MD5 checksum: 116488 a91a68f4eaaf11f8666f0d07da26bf23
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkr40h0ACgkQ62zWxYk/rQcmrQCfT/1a/+FSdezaW1pc/iHM/jLN
jrgAoI1qnCASB/CO/zVZea8yTWpEXuc+
=mK8e
-----END PGP SIGNATURE-----
.
Use-after-free vulnerability in the abstract file-descriptor handling
interface in the cupsdDoSelect function in scheduler/select.c in the
scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers
to cause a denial of service (daemon crash or hang) via a client
disconnection during listing of a large number of print jobs, related
to improperly maintaining a reference count. NOTE: some of these
details are obtained from third party information (CVE-2009-3553).
Use-after-free vulnerability in the abstract file-descriptor handling
interface in the cupsdDoSelect function in scheduler/select.c in the
scheduler in cupsd in CUPS 1.3.7, 1.3.9, 1.3.10, and 1.4.1, when kqueue
or epoll is used, allows remote attackers to cause a denial of service
(daemon crash or hang) via a client disconnection during listing
of a large number of print jobs, related to improperly maintaining
a reference count. NOTE: some of these details are obtained from
third party information. NOTE: this vulnerability exists because of
an incomplete fix for CVE-2009-3553 (CVE-2010-0302).
The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS
1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable
to determine the file that provides localized message strings, which
allows local users to gain privileges via a file that contains crafted
localization data with format string specifiers (CVE-2010-0393).
The updated packages have been patched to correct these issues.
Update:
Packages for Mandriva Linux 2010.0 was missing with
MDVSA-2010:073. This advisory provides packages for 2010.0 as well.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0393
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.0:
ba3d43f654fd15aea9f81eadb57c3022 2010.0/i586/cups-1.4.1-12.1mdv2010.0.i586.rpm
b1f275796b029190380e40ae23ae8ed0 2010.0/i586/cups-common-1.4.1-12.1mdv2010.0.i586.rpm
296b30522aa7c008767c6b285aa4b715 2010.0/i586/cups-serial-1.4.1-12.1mdv2010.0.i586.rpm
b3abb3c2299c1cb32848c0ee5954eed8 2010.0/i586/libcups2-1.4.1-12.1mdv2010.0.i586.rpm
d91c255a1e42e5988f1d8d2d94ffd369 2010.0/i586/libcups2-devel-1.4.1-12.1mdv2010.0.i586.rpm
ba336d918bbe9d03cf4fa823293bfb37 2010.0/i586/php-cups-1.4.1-12.1mdv2010.0.i586.rpm
c3aee001d1629963053f475a49b7cd5d 2010.0/SRPMS/cups-1.4.1-12.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
7c089025f467e5b366e57a15e85857ce 2010.0/x86_64/cups-1.4.1-12.1mdv2010.0.x86_64.rpm
0e0e4ad3a4d42022d22a88ee8568f8bf 2010.0/x86_64/cups-common-1.4.1-12.1mdv2010.0.x86_64.rpm
cb7b4cadce5a174bbd4027f478b38c26 2010.0/x86_64/cups-serial-1.4.1-12.1mdv2010.0.x86_64.rpm
653bd25375281b919c6438e71052359d 2010.0/x86_64/lib64cups2-1.4.1-12.1mdv2010.0.x86_64.rpm
7bebd27fa6ce2aa5667d28fd7b06702e 2010.0/x86_64/lib64cups2-devel-1.4.1-12.1mdv2010.0.x86_64.rpm
34452fc88d7a16591eb653a32c6daa28 2010.0/x86_64/php-cups-1.4.1-12.1mdv2010.0.x86_64.rpm
c3aee001d1629963053f475a49b7cd5d 2010.0/SRPMS/cups-1.4.1-12.1mdv2010.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLxclfmqjQ0CJFipgRAmhmAJ4qtZ7GxqbmNOSfJeozcsqRCBvAsACg2vG+
NRt/ytxq5LWHwOAGFnOKnIw=
=ayqT
-----END PGP SIGNATURE-----
. ===========================================================
Ubuntu Security Notice USN-856-1 November 10, 2009
cups, cupsys vulnerability
CVE-2009-2820
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
cupsys 1.2.2-0ubuntu0.6.06.15
Ubuntu 8.04 LTS:
cupsys 1.3.7-1ubuntu3.6
Ubuntu 8.10:
cups 1.3.9-2ubuntu9.3
Ubuntu 9.04:
cups 1.3.9-17ubuntu3.4
Ubuntu 9.10:
cups 1.4.1-5ubuntu2.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Aaron Sigel discovered that the CUPS web interface incorrectly protected
against cross-site scripting (XSS) and cross-site request forgery (CSRF)
attacks. If an authenticated user were tricked into visiting a malicious
website while logged into CUPS, a remote attacker could modify the CUPS
configuration and possibly steal confidential data.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.15.diff.gz
Size/MD5: 104771 87e69cec16a6ce946d9596058c0261d1
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.15.dsc
Size/MD5: 1060 87fa569bd9079b3f9ae30a7f5b1f3ed8
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz
Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.15_all.deb
Size/MD5: 996 5d9f34a7f057bea3779c75981ca1d7e5
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.15_amd64.deb
Size/MD5: 36226 a186aaa1808f0fa03cff48951770b61b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.15_amd64.deb
Size/MD5: 81904 a73eba03491711b206001709bac3a550
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.15_amd64.deb
Size/MD5: 2288926 bdb47ce648589b90bd4a10dbdc94f5bb
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.15_amd64.deb
Size/MD5: 6096 0b87c751ab9a74660e413a0f69d68712
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.15_amd64.deb
Size/MD5: 77794 0c51a6a20c0007ce2f8c3be394db475b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.15_amd64.deb
Size/MD5: 25744 c440f5af5a1d0be9283b80eb0f4d0c83
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.15_amd64.deb
Size/MD5: 130490 06fa7d92ad32a77ea5199ba83d673f2a
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.15_i386.deb
Size/MD5: 34774 829f4e4086e8adb0eba77bcb58ecee0b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.15_i386.deb
Size/MD5: 77974 a7bf3198c8b5fa6da7e857e6eb8416eb
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.15_i386.deb
Size/MD5: 2256010 fcd1236998321b7a8c65b3d318ee7023
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.15_i386.deb
Size/MD5: 6096 6bb5d1d19ec1fc2f1875805f17e779a6
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.15_i386.deb
Size/MD5: 76904 c61e67f0700f841e2da1e5602268df71
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.15_i386.deb
Size/MD5: 25742 9d736132828e8565b7d4f87fd06f9ae1
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.15_i386.deb
Size/MD5: 122698 03f0cc40b9f63ad05067f977f1743afc
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.15_powerpc.deb
Size/MD5: 40470 b13d7d7e2ebfd52f7935f230592b977a
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.15_powerpc.deb
Size/MD5: 89554 fdf6dc49944611171160ca2e9b668886
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.15_powerpc.deb
Size/MD5: 2303628 854768b41f63c26d0213a12c4bdcea6d
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.15_powerpc.deb
Size/MD5: 6092 014972a73d49bcfc876b9f35b6a17ce4
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.15_powerpc.deb
Size/MD5: 79440 7644cf7dd4d0ec99cddca2b0db13c510
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.15_powerpc.deb
Size/MD5: 25744 b2fa52250a676c06edc8bfed7719fbb9
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.15_powerpc.deb
Size/MD5: 128460 55fe9c48706da675b81bb83e4466be5a
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.15_sparc.deb
Size/MD5: 35396 abe44a6d16984d98b3c3e5b4991d5fd6
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.15_sparc.deb
Size/MD5: 78720 c84169c3254bb33d641641b80101dee6
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.15_sparc.deb
Size/MD5: 2289862 1a82a4d1bda122225e1338ce3ec45962
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.15_sparc.deb
Size/MD5: 6096 1b282763cbeea2fd8b5dff2e105eb3bc
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.15_sparc.deb
Size/MD5: 76716 c7772687eaa66a7b68796c4105f01987
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.15_sparc.deb
Size/MD5: 25746 39f480cdac828972f58628088263b84b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.15_sparc.deb
Size/MD5: 124188 df1f99d038d093827ad90caf192e6fe3
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.6.diff.gz
Size/MD5: 138908 1f4c6bba57e34c8b0445bd657f018518
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.6.dsc
Size/MD5: 1441 ca6956a573222ee58f15c60a90782325
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7.orig.tar.gz
Size/MD5: 4700333 383e556d9841475847da6076c88da467
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.7-1ubuntu3.6_all.deb
Size/MD5: 1144326 600452c68fc842fa1137cd56cdb2cc95
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.6_amd64.deb
Size/MD5: 37532 65e462f458840b27ee0aa3a828460c06
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.6_amd64.deb
Size/MD5: 89990 fe90d7c0a97abe9cc428d80ddebaefa6
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.6_amd64.deb
Size/MD5: 1882364 f756fa793fdb0374f5bbf08c711733a1
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.6_amd64.deb
Size/MD5: 60810 8e03369bfad4b19fc04980faab219f3b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.6_amd64.deb
Size/MD5: 50220 3a9bf5779d6af022cb3ae7d18a8cd23e
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.6_amd64.deb
Size/MD5: 344936 e8ab75c73b8afe80dea4a5e2edb25ff7
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.6_amd64.deb
Size/MD5: 178260 b0980c5d1c4236a5ba8c65daf3a82045
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.6_i386.deb
Size/MD5: 36948 f9a0258caa98d72b8ff90524c4b6838f
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.6_i386.deb
Size/MD5: 88408 adde906bb679cae1d3ee998a3d17da65
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.6_i386.deb
Size/MD5: 1864908 c3bd3e8f2ea8a061938fc832788322f2
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.6_i386.deb
Size/MD5: 60086 31c04f13fc3f1ee19a98a3d55c57b664
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.6_i386.deb
Size/MD5: 49862 58fffaafbf57e7cb948dcc7b90f5f686
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.6_i386.deb
Size/MD5: 339358 0aa0767fe15c5b67de4acc5651cbda2b
http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.6_i386.deb
Size/MD5: 175110 e9a577ef206d7e0467a7344c237a774c
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.6_lpia.deb
Size/MD5: 36656 1787515e8c02e5093a714361f0f9cc2f
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.6_lpia.deb
Size/MD5: 88744 ae737319f0a10ddc0efe7b3d81c2e3d3
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.6_lpia.deb
Size/MD5: 1866968 6faef7d9fe0c114700d26a7d6a114e1d
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.6_lpia.deb
Size/MD5: 60490 e604f70078c332415b5c4e736b9bf20f
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.6_lpia.deb
Size/MD5: 50808 f18d90468c7de32208dcd755b7b1710f
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.6_lpia.deb
Size/MD5: 337018 dd7a5ba2b1da8316655e01c6a15f2227
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.6_lpia.deb
Size/MD5: 174036 2b92d3854cdd18ea9723cb20ba827a19
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.6_powerpc.deb
Size/MD5: 46934 31b017c71fa40d9ebbd54eb9da83b00a
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.6_powerpc.deb
Size/MD5: 110828 67cd5c1d59adc436f7ea8390e087fa71
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.6_powerpc.deb
Size/MD5: 1951172 29af30483fa378cc08687f8274b5820e
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.6_powerpc.deb
Size/MD5: 59934 0ce64a7415f4a42890834e8615c4665a
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.6_powerpc.deb
Size/MD5: 54920 9283343babb780c9524dc592de14292d
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.6_powerpc.deb
Size/MD5: 341670 771bc58593ea3c07bdeb3df5f168ab5b
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.6_powerpc.deb
Size/MD5: 184002 989fd37b0bf831eb847264a634fdf9ef
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.6_sparc.deb
Size/MD5: 38028 174419b4c0abdd61484e425f01610210
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.6_sparc.deb
Size/MD5: 91028 31cd2ac8fd872d978edb21b975870e10
http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.6_sparc.deb
Size/MD5: 1899750 51a378e29cbf0f8cf7660b2b56419199
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.6_sparc.deb
Size/MD5: 57826 f19bbe276d3d2b6c77312256a1960efd
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.6_sparc.deb
Size/MD5: 48216 76cdedba99120c1d30930dd230794010
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.6_sparc.deb
Size/MD5: 341394 230070d09d4ef210d9cb346a1f2a191a
http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.6_sparc.deb
Size/MD5: 173922 5131154538109753d0bf8cbfc2541c99
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.3.diff.gz
Size/MD5: 333061 7330706de0300ff8fdf726f3947c8591
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.3.dsc
Size/MD5: 2043 45087adf6eeff3c066199bb22f0fd2b0
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9.orig.tar.gz
Size/MD5: 4809771 e6f2d90491ed050e5ff2104b617b88ea
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.3.9-2ubuntu9.3_all.deb
Size/MD5: 1163036 0dc85ed980aec7d0ca47204a75509ae1
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-bsd_1.3.9-2ubuntu9.3_all.deb
Size/MD5: 58406 481ebb8e769372ae687ab7ddf7327906
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-client_1.3.9-2ubuntu9.3_all.deb
Size/MD5: 58414 e7ca2633acec5df8dab00059dde56b2c
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.3.9-2ubuntu9.3_all.deb
Size/MD5: 58410 a9db719c1ce851adb8b6f1b3a0292fd3
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys_1.3.9-2ubuntu9.3_all.deb
Size/MD5: 58402 963fab3a432f3fbaeed5bf7e75e93189
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsys2-dev_1.3.9-2ubuntu9.3_all.deb
Size/MD5: 58414 6c6b2fbd1483536ce5b0b84f2942eac0
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.3.9-2ubuntu9.3_all.deb
Size/MD5: 4524 8a04eee20e31ba3d4db226b94e806ffa
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/libcupsys2_1.3.9-2ubuntu9.3_all.deb
Size/MD5: 58410 f6d280e42e630216364ce4e9b3136117
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.3_amd64.deb
Size/MD5: 37294 341fa919b705a94131b06993bc1306ca
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.3_amd64.deb
Size/MD5: 119768 439a3382fd8b8f693067eea48c2fbb75
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.3_amd64.deb
Size/MD5: 1684258 2a89e2b4214dc1c9655958f45c1e00ce
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.3_amd64.deb
Size/MD5: 2174130 dd2f8e5999162a4a3ead263c52fa6a72
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.3_amd64.deb
Size/MD5: 352190 d88f098ca2df6ca6550d54174de65f80
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.3_amd64.deb
Size/MD5: 173382 733cac3f769a1c52558642fe10a1bfb5
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.3_amd64.deb
Size/MD5: 61314 0d99a1cff97c0784d4696afaba555293
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.3_amd64.deb
Size/MD5: 52314 10a5f5634ddea63b458f4238f66d3f99
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.3_i386.deb
Size/MD5: 36214 72d3ce2e7cf9d7a56764957c507a622e
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.3_i386.deb
Size/MD5: 115352 b55209a22d3e27ccdafdede9ef5377a8
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.3_i386.deb
Size/MD5: 1544420 508fb74502494b68cb5bf3794aff56a6
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.3_i386.deb
Size/MD5: 2141140 c3b8f6e371dcac9a00c8ee219ecb0da1
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.3_i386.deb
Size/MD5: 345996 55f1960c0a948ec3ec1f6bb677122af7
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.3_i386.deb
Size/MD5: 170330 09bbbc7e202e8a656a7a8629eb573cdc
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.3_i386.deb
Size/MD5: 60544 bedf6b86e68b3de6fcf82cee0279cc7a
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.3_i386.deb
Size/MD5: 51720 009a1818552a2b23b95718a42beb7525
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.3_lpia.deb
Size/MD5: 36022 2096f92303c88a6fb46eaf667ee8c97b
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.3_lpia.deb
Size/MD5: 114514 f57873ae6357e865ad727c1420d838a1
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.3_lpia.deb
Size/MD5: 1573394 b002825eba4a5a5aad9203e846f42a8d
http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu9.3_lpia.deb
Size/MD5: 2138032 aafe118649a62ef824a31747237863a3
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.3_lpia.deb
Size/MD5: 342976 9bf54204f2c3f4b580337478cc22c457
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.3_lpia.deb
Size/MD5: 168554 069c4f08a44b5e46c67394d8024e95eb
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.3_lpia.deb
Size/MD5: 60628 dc313ec6bd4ad41888a34992064edcb7
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.3_lpia.deb
Size/MD5: 52392 5886c4bff162dc7c37dbab5fb8edc793
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.3_powerpc.deb
Size/MD5: 43570 3acb58e49bdb265105c8c85d62b3c0f9
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.3_powerpc.deb
Size/MD5: 138178 2aec882da8d417fc0d697591f0615dfd
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.3_powerpc.deb
Size/MD5: 1664346 3d7e4d2e7e013350b57353c855d516a9
http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu9.3_powerpc.deb
Size/MD5: 2266006 729bfb459a25c0bf4ac77324fdcbda08
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.3_powerpc.deb
Size/MD5: 347978 420d3ef4ce4e26ff4c318148f8096438
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.3_powerpc.deb
Size/MD5: 177652 0ee07a4050ce0d3ac386367992baf460
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.3_powerpc.deb
Size/MD5: 61268 fb32593477a6556744d30c101a7e2d7f
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.3_powerpc.deb
Size/MD5: 57450 259fe729e86bbb840397ab3ab743aa88
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.3_sparc.deb
Size/MD5: 37208 186537b71f462834d7e0042f9854a2a8
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.3_sparc.deb
Size/MD5: 117628 84b8143dc57f77c22f1ced6de81e621a
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.3_sparc.deb
Size/MD5: 1492506 8eb12df3c0fe54d2a451b8c7fdeacffd
http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu9.3_sparc.deb
Size/MD5: 2202788 6144f2913f70ea29abc24f94e747309f
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.3_sparc.deb
Size/MD5: 344786 37263ca6477d26b0069bbe4d48107a16
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.3_sparc.deb
Size/MD5: 166470 5da8682bbcb6ae6a67bed5e3d19c745c
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.3_sparc.deb
Size/MD5: 57860 470f78d4513016627a1a18659f054e0f
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.3_sparc.deb
Size/MD5: 49794 3c99682d1fd2e494dadc9654fa452a17
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.4.diff.gz
Size/MD5: 335454 b82f7db3a8bcfa9d3e93d1534b88e4b9
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.4.dsc
Size/MD5: 1994 c6ac782dbbb04a8a775f62541e76a31c
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9.orig.tar.gz
Size/MD5: 4809771 e6f2d90491ed050e5ff2104b617b88ea
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.3.9-17ubuntu3.4_all.deb
Size/MD5: 1165440 5e5bf6235af398e25167d85876b634c1
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.3.9-17ubuntu3.4_all.deb
Size/MD5: 60696 37e4136782a9a165f13e8f3b94c4f9fe
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsys2-dev_1.3.9-17ubuntu3.4_all.deb
Size/MD5: 60708 dd229fccbb8ccae2ccb054c25b4c5994
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.3.9-17ubuntu3.4_all.deb
Size/MD5: 60694 c657f3a0791603065a5cf67eb8e5e194
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.3.9-17ubuntu3.4_all.deb
Size/MD5: 60700 8ee570b8b489e97493e2d4d783d75ed9
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.3.9-17ubuntu3.4_all.deb
Size/MD5: 4522 08c65389dbb6f9626ada34ad06d9b2bf
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.3.9-17ubuntu3.4_all.deb
Size/MD5: 60692 5b51d759aa47528de1dfa7d9c42fc26c
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/libcupsys2_1.3.9-17ubuntu3.4_all.deb
Size/MD5: 60696 db06a18f2cef2fc5c6f0495474d49add
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.4_amd64.deb
Size/MD5: 37310 22991bc6d3baa0b3afa0db4532465284
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.4_amd64.deb
Size/MD5: 119738 860a7bbf2861f4042832eb029c31a446
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.4_amd64.deb
Size/MD5: 1659750 5e22db8ad5bd95b010563ae65ff3f228
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.4_amd64.deb
Size/MD5: 2170068 cf6798e1de2477a3f8320bb5ecfbc589
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.4_amd64.deb
Size/MD5: 352132 ec1e110dc766771b6c5fab0e39c59e40
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.4_amd64.deb
Size/MD5: 177592 601031c57026090350eaf94c759a15eb
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.4_amd64.deb
Size/MD5: 61268 60e1ff066280cc55800c18cb804f2f4e
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.4_amd64.deb
Size/MD5: 52218 269daec8f3f73b8b4b16407498c1fd05
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.4_i386.deb
Size/MD5: 36236 2ab79e7b6645e36dd7c2a4cbcb17b521
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.4_i386.deb
Size/MD5: 115308 5b8bfbd49572609010ff85e4ecc40a6c
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.4_i386.deb
Size/MD5: 1519390 c9695938dae4fe6073aef5392caf8a6c
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.4_i386.deb
Size/MD5: 2136394 6b7bbb0d01cf0622410dd9d4c4376558
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.4_i386.deb
Size/MD5: 345980 c2f9a9283d71dddc23e56b3e622d0c24
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.4_i386.deb
Size/MD5: 174200 4108f0c04a0ec92a4194ed2df8c37f0f
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.4_i386.deb
Size/MD5: 60500 e691c2405ed5cd5572a966914db68ade
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.4_i386.deb
Size/MD5: 51540 39eb1f820a11ce3c25c9011e1ef98a9b
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.4_lpia.deb
Size/MD5: 36040 cbce23be76ca47db07aa74a82102312a
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.4_lpia.deb
Size/MD5: 114514 c183acb169b907cb5dbe7c4ba8b48a35
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.4_lpia.deb
Size/MD5: 1547628 817a2ea820c9f3f1dfc8794bcd1c69ee
http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.4_lpia.deb
Size/MD5: 2133908 e4c4d9f860d24e0c2f90fb6560db5057
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.4_lpia.deb
Size/MD5: 342932 be341b8686a73586144d028093fdaed7
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.4_lpia.deb
Size/MD5: 172396 da4f011567b8a08b48f549c91599b319
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.4_lpia.deb
Size/MD5: 60666 3be2eeaacbe6a47748ae963e5886385c
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.4_lpia.deb
Size/MD5: 52342 5a98f1739f1f0415479613061432c6eb
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.4_powerpc.deb
Size/MD5: 43562 534f1caca68a72a3e76710a9000f459a
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.4_powerpc.deb
Size/MD5: 138140 d828d31864e344e2786928975c7c9f95
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.4_powerpc.deb
Size/MD5: 1635484 81b3e0169f72e4923bf4bb4daff26c13
http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.4_powerpc.deb
Size/MD5: 2257642 0e339166b7323218a1085c0c82fd7a7c
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.4_powerpc.deb
Size/MD5: 347900 a50d10218fce3b68203159bc371293f0
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.4_powerpc.deb
Size/MD5: 183046 f29e604a14a2bc69a9bd79cc51d52ae9
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.4_powerpc.deb
Size/MD5: 61312 e7b9ca29914ee9affec5e4d27e06e459
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.4_powerpc.deb
Size/MD5: 57406 68c55bbe03177f37c7dfba9936c68bea
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.4_sparc.deb
Size/MD5: 37206 d7adafff178271caa1fb4589563d505d
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.4_sparc.deb
Size/MD5: 117568 ea4127fb28b66a99869fe1a8e6db7175
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.4_sparc.deb
Size/MD5: 1464072 870d238bb2767b5a9b903ac0ac1c2dd3
http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.4_sparc.deb
Size/MD5: 2203838 7325f07f8a427a5bbd50d6d1b00133aa
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.4_sparc.deb
Size/MD5: 344720 a7caefd896fc92ef2973ff77e534551d
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.4_sparc.deb
Size/MD5: 170030 53208da1a634caac02d1f9064e94ff7f
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.4_sparc.deb
Size/MD5: 57856 42ebb0a99156e6e9cb8120b6ca085d95
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.4_sparc.deb
Size/MD5: 49694 cbd420eb793c89d633c15f7141493533
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.1.diff.gz
Size/MD5: 414079 ec1b2785e204040587d379dd0e641ad1
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.1.dsc
Size/MD5: 2272 965843554a241b6a33a579a0e2a5d654
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1.orig.tar.gz
Size/MD5: 5287327 4dc8f431ef50752dfd61d9d4959abd06
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.4.1-5ubuntu2.1_all.deb
Size/MD5: 1418920 46b9803e26d485beb81d8a4f0dd59cc6
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.4.1-5ubuntu2.1_all.deb
Size/MD5: 68976 8dba96de9fd5dddc605cb3a655125f8f
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsddk_1.4.1-5ubuntu2.1_all.deb
Size/MD5: 68936 fb5282d11eca79ee314306b2ff3e047a
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.4.1-5ubuntu2.1_all.deb
Size/MD5: 68970 521a313d0ba7caa9c1b1abe954cad9d2
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.4.1-5ubuntu2.1_all.deb
Size/MD5: 68974 db0c05a24ad39d36a3504e4001585339
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.4.1-5ubuntu2.1_all.deb
Size/MD5: 4548 2f09755aaeab6a7c55210f69056ef983
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.4.1-5ubuntu2.1_all.deb
Size/MD5: 68964 ee633cb6426259e9040925c4c0bd9cb4
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.1_amd64.deb
Size/MD5: 36728 99e15138c49f7647158ac567cea140f2
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.1_amd64.deb
Size/MD5: 120314 b6a4fca33212ac0f3f0a0d28c284a0fa
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.1_amd64.deb
Size/MD5: 88944 8e16293ce4bbee4d25452621a5d8bb3c
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.1_amd64.deb
Size/MD5: 1909510 f4e99cb68478a7543045c5d96b2492f6
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.1_amd64.deb
Size/MD5: 210280 4efe70259bd68bab99d6af37e3b83d44
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.1_amd64.deb
Size/MD5: 218154 57ac48d56cf39cccafaa41c761ee0831
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.1_amd64.deb
Size/MD5: 101138 cc401d5fe9eaebe5ccb3d05fc081fca5
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.1_amd64.deb
Size/MD5: 31578 65cb6d0b7c31f42d1e4dc7a558cb6247
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.1_amd64.deb
Size/MD5: 89540 c37c83f1307577413832478e6c530c7a
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.1_amd64.deb
Size/MD5: 22190 3fc0bf084d35bd59b65d6b05564f616e
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.1_amd64.deb
Size/MD5: 61526 8d87cbc9fdf86f9b3f36a31f885903ee
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.1_amd64.deb
Size/MD5: 53162 22462bb90ed221ae87f3aaf82c6e15e6
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.1_amd64.deb
Size/MD5: 80478 a196b04873b8a4538794141fb050f7c4
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.1_amd64.deb
Size/MD5: 15500 d585e4169708c121fc331ad76bc6734c
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.1_amd64.deb
Size/MD5: 142366 e8ed05502ab69c842622a8bd1c1ce2b6
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.1_amd64.deb
Size/MD5: 60100 fa37462e2be306dc2e59941ad7152b16
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.1_amd64.deb
Size/MD5: 34534 135edf4eb2c710ff5223b465a2458a49
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.1_i386.deb
Size/MD5: 35468 a4f9880fc829b12ff07236426f64fb9b
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.1_i386.deb
Size/MD5: 115372 9e0333d6e7334936505eab56c7b40007
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.1_i386.deb
Size/MD5: 88104 7e19734ed0db1a1d8a8037002171ea55
http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.1_i386.deb
Size/MD5: 1867734 7ed73f246e05368ebba018162cd290a2
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.1_i386.deb
Size/MD5: 199348 d3ddbf19d7989889cf7719bdf991e509
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.1_i386.deb
Size/MD5: 212228 149a9c34f3adff0b7477cd47b18637fd
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.1_i386.deb
Size/MD5: 100414 7e2f5ffc6c1a6304d59ccdcdfec17b1a
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.1_i386.deb
Size/MD5: 31372 476160c932e4f9f65c683ab895896694
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.1_i386.deb
Size/MD5: 89752 a35544f5d710449bb1c4f976114c0d40
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.1_i386.deb
Size/MD5: 22058 0e1b563c11d5f4557cdc6c7772c4ee52
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.1_i386.deb
Size/MD5: 60316 af61360870c910dbe75ab3175bd79324
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.1_i386.deb
Size/MD5: 52406 294706c65b211dc84b6303e7b6c8a621
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.1_i386.deb
Size/MD5: 80458 8e2ff90e6d15b94c283f37353ad0b618
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.1_i386.deb
Size/MD5: 15208 5e206398efb3de6f94ed622e5834ccd1
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.1_i386.deb
Size/MD5: 140852 0b2dc7bc7be253083a1a8a5d3a82b166
http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.1_i386.deb
Size/MD5: 61432 4dfac9d783c15467c903c3c5f5e3ad10
http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.1_i386.deb
Size/MD5: 32806 09aaa4f71966bca96c284e31d2ab50ab
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.1_lpia.deb
Size/MD5: 35442 201aa82511a54c6faa7f658f6911f5ca
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.1_lpia.deb
Size/MD5: 115232 36be681d1f598c5b063608da5e21b119
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.1_lpia.deb
Size/MD5: 88070 95ee10203129918b87f5981c0feb9e6f
http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.1_lpia.deb
Size/MD5: 1865396 df7a85287e16825a455fbe501f5f3aab
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.1_lpia.deb
Size/MD5: 196694 9464af9dfe4aa84dd770ba4dc8840970
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.1_lpia.deb
Size/MD5: 210766 c68f89f92f843f3a22c8b15c308a2c24
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.1_lpia.deb
Size/MD5: 99822 b8ac152be2e01ba5fa140b467efcbbc5
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.1_lpia.deb
Size/MD5: 31204 2228b4e2d9b7c9bfa77f86975128838d
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.1_lpia.deb
Size/MD5: 89176 bbedc8721d5e71b2f65b3a9b8fb8b559
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.1_lpia.deb
Size/MD5: 21772 fe557a92668bc1c56dd375b82a6631e3
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.1_lpia.deb
Size/MD5: 59954 3aba2f186b5d9fcd1904b16713530b36
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.1_lpia.deb
Size/MD5: 52568 73b85f807859d09b4642911b95bbac6c
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.1_lpia.deb
Size/MD5: 80406 98585805ac88d962655a0ce9691124f7
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.1_lpia.deb
Size/MD5: 15300 b74531b670ea8e804e75c2787a718e55
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.1_lpia.deb
Size/MD5: 141194 c33231f3557dc58a3db03a5bc33b3993
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.1_lpia.deb
Size/MD5: 62662 d744fd1f968312b4cf6d8c43adb46be8
http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.1_lpia.deb
Size/MD5: 33260 6c0faa6d9cbd47081129bc340b1df4dd
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.1_powerpc.deb
Size/MD5: 37006 542560af6515508437474629720d23b5
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.1_powerpc.deb
Size/MD5: 121726 3ed4a4acad8e622600b15a548ece010f
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.1_powerpc.deb
Size/MD5: 88690 b1751eaada5bfb6ef930cbf293a9820d
http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.1_powerpc.deb
Size/MD5: 1930968 f2141ef292d9d393f5b64611ac8d97c7
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.1_powerpc.deb
Size/MD5: 203490 99bef00a40b96891cda75f5bbc6d59a8
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.1_powerpc.deb
Size/MD5: 222890 847cc9438c701f8829e28f4c77013fc1
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.1_powerpc.deb
Size/MD5: 100380 65ce9fffb183b88fce1b07e896131957
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.1_powerpc.deb
Size/MD5: 33344 765416fd0fcc436f23a0132fc55ea1ee
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.1_powerpc.deb
Size/MD5: 88948 ebbdf4d99d1f7a8b666ff790abed4e3c
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.1_powerpc.deb
Size/MD5: 22312 1e144c65199ac01b65c6773754f44da6
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.1_powerpc.deb
Size/MD5: 60624 892688a051441152af7e32f5def6b6a0
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.1_powerpc.deb
Size/MD5: 55372 f855c16a48edddc765cce6fa833ef37b
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.1_powerpc.deb
Size/MD5: 80910 109a28f3068a9d82b039582b8017fc61
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.1_powerpc.deb
Size/MD5: 15790 4264515ba0e3bb544b24de41d2b7097b
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.1_powerpc.deb
Size/MD5: 140458 f108dcc4edfd300d2639e0e330a22ad3
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.1_powerpc.deb
Size/MD5: 64956 45f6e3d1aefa1e8a3577d3198a798357
http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.1_powerpc.deb
Size/MD5: 34784 c431eef32a2b7858e9e6de4fe799ca0d
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.1_sparc.deb
Size/MD5: 36064 7d325abd728d6110b71317174ebbb293
http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.1_sparc.deb
Size/MD5: 117962 6120775c6ec78d8d16573e350b1562f2
http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.1_sparc.deb
Size/MD5: 88522 bf8a9279b1119862d4622c4ca43b1687
http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.1_sparc.deb
Size/MD5: 1954476 049fd252226ac45ba96ac0cd9e098035
http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.1_sparc.deb
Size/MD5: 201448 5e04b7604a8bd88776dbe9e1ce772d47
http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.1_sparc.deb
Size/MD5: 209786 7d96c58efb78c81c22978b9a6702060e
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.1_sparc.deb
Size/MD5: 102028 70799968a9451b0f1ef69284c8fd2fb0
http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.1_sparc.deb
Size/MD5: 31558 95e7d5e402fcba5354642e11a08b1020
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.1_sparc.deb
Size/MD5: 89148 d4449b25673539fe5a94c2fe62e3608c
http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.1_sparc.deb
Size/MD5: 21380 d9ebc7d03b38e102f4c22ec6defc3ecd
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.1_sparc.deb
Size/MD5: 58158 f836d37fb4d6d173e8d8e5d2867b6a45
http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.1_sparc.deb
Size/MD5: 50290 9026505395d96d5618a4174466a7f867
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.1_sparc.deb
Size/MD5: 79672 5a50031c8b0249ef07d0649c395ec80c
http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.1_sparc.deb
Size/MD5: 14382 dd754302ed02f4812bd09d939700aa67
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.1_sparc.deb
Size/MD5: 143678 ba37f34a8a06502b81730b6d2a01fee4
http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.1_sparc.deb
Size/MD5: 61446 9a91de8d93701a2f9e2c282fe43748ed
http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.1_sparc.deb
Size/MD5: 33866 736cd09302ee78f8d6d7d05f207bc1dd
VAR-200911-0285 | CVE-2009-2833 | Apple Mac OS X of International Components for Unicode (ICU) Vulnerable to buffer overflow |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Successfully exploiting this issue may allow attackers to execute arbitrary code with the privileges of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.
This issue affects the following:
Mac OS X 10.5.8 and prior
Mac OS X Server 10.5.8 and prior
NOTE: This issue was previously covered in BID 36956 (Apple Mac OS X 2009-006 Multiple Security Vulnerabilities), but has been assigned its own record to better document it
VAR-200911-0286 | CVE-2009-2834 | Apple Mac OS X of IOKit Vulnerabilities in which keyboard firmware is modified |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors. Successful exploits may lead to other attacks
VAR-200911-0284 | CVE-2009-2832 | Apple Mac OS X of FTP Server Vulnerabilities in arbitrary code execution |
CVSS V2: 5.1 CVSS V3: - Severity: MEDIUM |
Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related to a "CWD command line tool.". Apple Mac OS X is prone to a buffer-overflow vulnerability that affects the FTP component.
Successful exploits may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 36956 (Apple Mac OS X 2009-006 Multiple Security
Vulnerabilities), but has been assigned its own record to better document it. Issuing CWD commands to deeply nested directory structures may lead to unexpected application termination or arbitrary code execution
VAR-200911-0283 | CVE-2009-2819 | Apple Mac OS X of AFP Vulnerability in arbitrary code execution on the client |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors.
Attackers can leverage these issues to execute arbitrary code with system-level privileges. Failed attacks will likely result in denial-of-service conditions.
NOTE: These issues were previously covered in BID 36956 (Apple Mac OS X 2009-006 Multiple Security Vulnerabilities), but have been assigned their own record to better document them.
The issues affect the following:
Mac OS X 10.5.8 and earlier
Mac OS X Server 10.5.8 and earlier
VAR-200911-0279 | CVE-2009-2831 | Apple Mac OS X of Dictionary Vulnerable to arbitrary code execution |
CVSS V2: 5.8 CVSS V3: - Severity: MEDIUM |
Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue.".
An attacker can exploit this issue to execute JavaScript code in the context of the logged-in user. Successful exploits can compromise the affected computer.
NOTE: This issue was previously covered in BID 36956 (Apple Mac OS X 2009-006 Multiple Security Vulnerabilities), but has been assigned its own record to better document it
VAR-200911-0277 | CVE-2009-2829 | Apple Mac OS X of Event Monitor Service disruption in (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a "log injection" issue. Apple Mac OS X is prone to a denial-of-service vulnerability that affects the Event Monitor component.
Attackers may exploit this issue to cause denial-of-service conditions in services that process the SSH server log data.
NOTE: This issue was previously covered in BID 36956 (Apple Mac OS X 2009-006 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.
This issue affects Mac OS X Server 10.5.8 and prior. There is a log injection vulnerability in Event Monitor, which can lead to log injection by connecting to the SSH server with specially crafted authentication information
VAR-200911-0278 | CVE-2009-2830 | Apple Mac OS X of Christos Zoulas file Vulnerable to buffer overflow |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might overlap CVE-2009-1515.
Successfully exploiting these issues may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition.
NOTE: These issues were previously covered in BID 36956 (Apple Mac OS X 2009-006 Multiple Security
Vulnerabilities), but have been assigned their own record to better document them
VAR-200911-0282 | CVE-2009-2818 | Mac OS X Server of Adaptive Firewall Brute force attack vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack). Apple Mac OS X is prone to a security-bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions and perform various attacks.
NOTE: This issue was previously covered in BID 36956 (Apple Mac OS X 2009-006 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.
This issue affects the following:
Mac OS X Server v10.5.8 and prior
Mac OS X Server v10.6.1 and prior. Adaptive Firewall responds to suspicious behavior, such as high volumes of access attempts, by creating temporary rules to limit access
VAR-200911-0276 | CVE-2009-2828 | Apple Mac OS X of DirectoryService Vulnerable to arbitrary code execution |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. Apple Mac OS X is prone to a memory-corruption vulnerability that affects the DirectoryService component.
Successfully exploiting this issue may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition.
NOTE: This issue was previously covered in BID 36956 (Apple Mac OS X 2009-006 Multiple Security
Vulnerabilities), but has been assigned its own record to better document it
VAR-200911-0275 | CVE-2009-2827 | Apple Mac OS X of Disk Image Vulnerable to buffer overflow |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image.
Successfully exploiting this issue may allow attackers to execute arbitrary code with superuser privileges, completely compromising affected computers. Failed exploit attempts will likely result in a denial-of-service condition.
This issue affects the following:
Mac OS X 10.5.8 and prior
Mac OS X Server 10.5.8 and prior
NOTE: This issue was previously covered in BID 36956 (Apple Mac OS X 2009-006 Multiple Security
Vulnerabilities), but has been assigned its own record to better document it. A heap overflow exists when handling disk images containing FAT filesystems
VAR-200911-0274 | CVE-2009-2826 | Apple Mac OS X of CoreGraphics Integer overflow vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow. Apple Mac OS X is prone to multiple memory-corruption vulnerabilities that affect the CoreGraphics component.
Successfully exploiting these issues may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition.
These issues affect the following:
Mac OS X v10.5.8 and prior
Mac OS X Server v10.5.8 and prior
NOTE: These issues were previously covered in BID 36956 (Apple Mac OS X 2009-006 Multiple Security Vulnerabilities), but have been assigned their own record to better document them. There are multiple integer overflows that can lead to heap overflow in CoreGraphics processing PDF files
VAR-200911-0273 | CVE-2009-2825 | Apple Mac OS X of Certificate Assistant In X.509 Any certificate processing SSL Vulnerability impersonating a server |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. This vulnerability CVE-2009-2408 And is related.A crafted certificate allows any man-in-the-middle attacker to SSL There is a possibility of impersonating a server. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-006.
This BID is being retired; the following individual records now document these issues:
36988 Apple Mac OS X QuickLook Remote Code Execution Vulnerability
36987 Apple Mac OS X Launch Services Remote Security Bypass Vulnerability
36985 Apple Mac OS X QuickDraw Manager Remote Code Execution Vulnerability
36984 Apple Mac OS X Login Window Race Condition Vulnerability
36983 Apple Mac OS X Kernel Multiple Vulnerabilities
36982 Apple Mac OS X International Components for Unicode Buffer Overflow Vulnerability
36978 Apple Mac OS X Dictionary Arbitrary Script Injection Vulnerability
36979 Apple Mac OS X IOKit Keyboard Firmware Local Unauthorized Access Vulnerability
36977 Apple Mac OS X Help Viewer Spoofed HTTP Response Remote Code Execution Vulnerability
36975 Apple Mac OS X FTP Server CWD Command Buffer Overflow Vulnerability
36973 Apple Mac OS X Disk Images FAT Filesystem Heap Buffer Overflow Vulnerability
36974 Apple Mac OS X CDF File Multiple Buffer Overflow Vulnerabilities
36972 Apple Mac OS X DirectoryService Memory Corruption Vulnerability
36961 Apple Mac OS X AFP Client Multiple Remote Code Execution Vulnerabilities
36966 Apple Mac OS X Event Monitor Log Parsing Denial of Service Vulnerability
36967 Apple Mac OS X Spotlight Insecure Temporary File Handling Vulnerability
36964 Apple Mac OS X Screen Sharing Client Multiple Remote Code Execution Vulnerabilities
36963 Apple Mac OS X Adaptive Firewall Security Bypass Vulnerability
36962 Apple Mac OS X CoreGraphics Multiple Heap-Overflow Vulnerabilities
36959 Apple Mac OS X Apple Type Services Multiple Memory Corruption Vulnerabilities
36990 Apple Mac OS X Apache HTTP TRACE Cross Site Scripting Vulnerability. There was a bug in the handling of SSL certificates that contained null characters in the CN field, and users could be misled into accepting a specially crafted certificate that looked like it matched the domain the user was visiting
VAR-200911-0272 | CVE-2009-2824 | Apple Mac OS X of Apple Type Services (ATS) Vulnerable to buffer overflow |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document.
Successfully exploiting these issues may allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition.
These issues affect the following:
Mac OS X v10.5.8 and prior
Mac OS X Server v10.5.8 and prior
NOTE: These issues were previously covered in BID 36956 (Apple Mac OS X 2009-006 Multiple Security Vulnerabilities), but have been assigned their own record to better document them
VAR-200911-0269 | CVE-2009-2840 | Apple Mac OS X of Spotlight Vulnerable to overwriting arbitrary files |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors.
NOTE: This issue was previously covered in BID 36956 (Apple Mac OS X 2009-006 Multiple Security Vulnerabilities), but has been assigned its own record to better document it