VARIoT IoT vulnerabilities database

Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9.0, when Internet Explorer 6.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. HP Operations Orchestration is an operation and maintenance manual automation platform that automates the transformation and deployment of client devices and data center infrastructure. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Versions prior to HP Operations Orchestration 9.0 are vulnerable. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP Operations Orchestration Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA41983 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41983/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41983 RELEASE DATE: 2010-10-28 DISCUSS ADVISORY: http://secunia.com/advisories/41983/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41983/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41983 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Operations Orchestration, which can be exploited by malicious people to conduct cross-site scripting attacks. Unspecified input is not properly sanitised before being returned to the user. SOLUTION: Upgrade to version 9.0 (contact HP Support for update information). PROVIDED AND/OR DISCOVERED BY: The vendor credits Michael Schratt, WienIT. ORIGINAL ADVISORY: HPSBMA02588 SSRT100001: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02541822 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button. Apple iPhone is prone to a security-bypass vulnerability due to a failure to restrict access to locked devices. An attacker with physical access to a locked device can exploit this issue to bypass the passcode and make calls to numbers in the address book. The following iOS are vulnerable: iOS version 4.2 beta iOS version 4.1 iOS version 4.0

The Netgear CG3000/CG3100 Cable Gateway is a wired gateway device. The Netgear CG3000/CG3100 Cable Gateway has multiple security vulnerabilities that allow an attacker to escalate privileges or perform denial of service. Access rights are handled incorrectly, allowing the logged in user to load the interface of the \"NETGEAR_SE\" user. The device does not verify the SSH passwords for the \"NETGEAR_SE\" and \"MSO\" users, providing a blank password to bypass the authentication access device. There is an error in the print server. Submitting a special message to the TCP 1024 or 9100 port can cause the device to reset.

Microsoft Windows Mobile is prone to a denial-of-service vulnerability because it fails to adequately validate user-supplied input. An attacker can exploit this issue to crash a device running Windows Mobile, denying service to legitimate users. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed. Windows Mobile versions 6.1 and 6.5 are vulnerable; other versions may also be affected.

The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service (file descriptor exhaustion and daemon outage) by sending a QUIT command during a disallowed data-transfer attempt. Pyftpdlib (Python FTP server library) provides an advanced portable programming interface for implementing asynchronous FTP server functions. An input validation vulnerability exists in the ftp_QUIT function in the ftpserver.py file in versions prior to pyftpdlib 0.5.0

ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack. Pyftpdlib (Python FTP server library) provides an advanced portable programming interface for implementing asynchronous FTP server functions

Multiple untrusted search path vulnerabilities in Phoenix Project Manager 2.1.0.8 allow local users to gain privileges via a Trojan horse (1) wbtrv32.dll or (2) w3btrv7.dll file in the current working directory, as demonstrated by a directory that contains a .ppx file. NOTE: some of these details are obtained from third party information. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. (1) wbtrv32.dll Or (2) w3btrv7.dll It may be possible to get permission through the file. ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Phoenix Project Manager Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41907 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41907/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41907 RELEASE DATE: 2010-10-20 DISCUSS ADVISORY: http://secunia.com/advisories/41907/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41907/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41907 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Phoenix Project Manager, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. wbtrv32.dll and w3btrv7.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a PPX file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 2.1.0.8. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: anT!-Tr0J4n ORIGINAL ADVISORY: http://packetstormsecurity.org/1010-exploits/phoenix-dllhijack.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Stack-based buffer overflow in a certain ActiveX control in MediaDBPlayback.DLL 2.2.0.5 in the Moxa ActiveX SDK allows remote attackers to execute arbitrary code via a long PlayFileName property value. Moxa is committed to the development and manufacture of information networking products, providing customers with cost-effective and stable serial communication solutions, serial device networking solutions, and industrial Ethernet solutions. Failed exploit attempts will result in a denial-of-service condition. Moxa ActiveX SDK 2.2.0.5 is vulnerable; other versions may also be affected

Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense).". Symantec Norton Antivirus 2011 is prone to a security-bypass vulnerability that may allow an attacker to bypass virus scans. Successful exploits will allow attackers to bypass virus scanning, possibly allowing malicious files to escape detection

Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) SCPC_INITIALIZE, (2) SCPC_INITIALIZE_RF, or (3) SCPC_TXTEVENT packet. NOTE: it was later reported that 1.06 is also affected by one of these requests. RealFlex RealWin HMI service (912/tcp) Contains multiple stack buffer overflow vulnerabilities. RealFlex RealWin HMI service (912/tcp) Contains two stack buffer overflow vulnerabilities. The first one is, SCPC_INITIALIZE() and SCPC_INITIALIZE_RF() In the function sprintf() Use, the second is SCPC_TXTEVENT() In the function strcpy() Due to the use of each.RealFlex RealWin HMI Service disruption by a third party with access to the service (DoS) An attacker may be attacked or execute arbitrary code. RealWin is a data acquisition and monitoring control system (SCADA) server product running on the Windows platform. - A boundary error occurred while processing the \"SCPC_INITIALIZE\" and \"SCPC_INITIALIZE_RF\" messages. Sending a specially constructed message to the TCP 912 port triggered a stack-based buffer overflow. - Handling \"SCPC_TXTEVENT\" messages with boundary errors, sending specially constructed messages to the TCP 912 port can trigger a stack-based buffer overflow. Failed exploit attempts will cause a denial-of-service condition. DATAC RealWin versions 2.0 and prior are vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: RealWin Packet Processing Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA41849 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41849/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41849 RELEASE DATE: 2010-10-18 DISCUSS ADVISORY: http://secunia.com/advisories/41849/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41849/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41849 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered two vulnerabilities in RealWin, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerabilities are confirmed in RealWin 2.1 Build 6.1.8.10. SOLUTION: Restrict network access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/realwin_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in OpenConnect before 2.23 allows remote AnyConnect SSL VPN servers to cause a denial of service (application crash) via a 404 HTTP status code. Openconnect is prone to a denial-of-service vulnerability. OpenConnect is an open client for Cisco AnyConnect VPN. An unspecified vulnerability exists in versions prior to OpenConnect 2.23

Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file. is prone to a local security vulnerability. Cisco Secure Desktop (CSD) is an endpoint security solution that integrates firewall, access control, intrusion prevention, and application control

The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files. Attackers can exploit this issue to overwrite arbitrary files with root privileges. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cisco AnyConnect VPN Client Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA42093 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42093/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42093 RELEASE DATE: 2010-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/42093/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42093/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42093 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco AnyConnect VPN Client, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is reported in versions prior to 2.3 running on Linux and Mac. SOLUTION: Update to version 2.3. PROVIDED AND/OR DISCOVERED BY: Reported in the description of the OpenConnect client. ORIGINAL ADVISORY: http://www.infradead.org/openconnect.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The document view window in Accela BizSearch Gateway Option has the following vulnerabilities which allow a remote attacker to: * display a fraudulent web page over a legitimate web page * steal cookies stored in browser * place arbitrary cookies into browserA remote attacker could display a fraudulent web page over a legitimate one, steal cookies stored in browser or place arbitrary cookies into browser.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JobServer.exe process which listens by default on several TCP ports above 1024. When parsing a GIOP request, the process trusts a user-supplied 32-bit value and allocates a buffer on the heap. The process then proceeds to copy the string following this value from the packet until it finds a NULL byte. By crafting a specifically sized packet a remote attacker can overflow the buffer and gain code execution under the context of the SYSTEM user. SAP Crystal Reports is a powerful, dynamic, and actionable reporting solution that helps you design, navigate, and visualize report presentations, and deliver reports online or by embedding reports into enterprise applications. Failed exploit attempts will likely crash the application. ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: SAP Crystal Reports Two Vulnerabilities SECUNIA ADVISORY ID: SA41683 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41683/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41683 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41683/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41683/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41683 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in SAP Crystal Reports, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error within CMS.exe when parsing GIOP requests can be exploited to cause a heap-based buffer overflow via a specially crafted packet. 2) A boundary error within JobServer.exe when parsing GIOP requests can be exploited to cause a heap-based buffer overflow via a specially crafted packet. SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SAP: https://websmp130.sap-ag.de/sap/support/notes/1509604 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-195/ http://www.zerodayinitiative.com/advisories/ZDI-10-196/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -- Vendor Response: SAP states: A solution was provided via SAP note 1509604 (https://websmp130.sap-ag.de/sap/support/notes/1509604) -- Disclosure Timeline: 2010-07-20 - Vulnerability reported to vendor 2010-10-12 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * AbdulAziz Hariri * Andrea Micalizzi aka rgod -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi

The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address and a parent's e-mail address, related to parental notification of unapproved e-mail addresses. Mail is prone to a security bypass vulnerability. Mail (also known as Mail.app or Apple Mail) is an email client in the Mac OS X operating system launched by Apple

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. Xpdf is prone to a vulnerability due to an array-indexing error. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious PDF file with an affected application. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: fad54e0d6a59fb9114f71c5aa5897a1c 2009.0/i586/xpdf-3.02-12.4mdv2009.0.i586.rpm 175716771ba0bc1ca2b76db66612d380 2009.0/i586/xpdf-common-3.02-12.4mdv2009.0.i586.rpm 0998d140092d3ddc85faa15d17686a04 2009.0/SRPMS/xpdf-3.02-12.4mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 7153e3886a99e6177ab056c063c1979e 2009.0/x86_64/xpdf-3.02-12.4mdv2009.0.x86_64.rpm 0393c48ff731618ca6417b0d3e96b02b 2009.0/x86_64/xpdf-common-3.02-12.4mdv2009.0.x86_64.rpm 0998d140092d3ddc85faa15d17686a04 2009.0/SRPMS/xpdf-3.02-12.4mdv2009.0.src.rpm Corporate 4.0: 723f068961b5011a7d1cd7c6d93166e2 corporate/4.0/i586/xpdf-3.02-0.5.20060mlcs4.i586.rpm 7d25f96da76b7aeb65d34da2ade390bb corporate/4.0/i586/xpdf-tools-3.02-0.5.20060mlcs4.i586.rpm 9cfce68a816e22c6121a4d69cc201d7e corporate/4.0/SRPMS/xpdf-3.02-0.5.20060mlcs4.src.rpm Corporate 4.0/X86_64: 05739a863c4cfdd05dfb3c7f25584f2b corporate/4.0/x86_64/xpdf-3.02-0.5.20060mlcs4.x86_64.rpm f057f86308907ab31a0ab139ef8859c5 corporate/4.0/x86_64/xpdf-tools-3.02-0.5.20060mlcs4.x86_64.rpm 9cfce68a816e22c6121a4d69cc201d7e corporate/4.0/SRPMS/xpdf-3.02-0.5.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFM3Ra0mqjQ0CJFipgRAifRAJ9k+ShgxdVIOXD1cd+oAhpZMhDYsACZAQwN bF7gGtlw9dl5Da13toBE974= =fyOW -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Xpdf Two Vulnerabilities SECUNIA ADVISORY ID: SA41709 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41709/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41709 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41709/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41709/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41709 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Xpdf, which can potentially be exploited by malicious people to compromise a user's system. For more information see vulnerabilities #1 and #2 in: SA41596 SOLUTION: Do not open files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Reported in Poppler by Joel Voss, Leviathan Security Group. Red Hat credits Sauli Pahlman of CERT-FI. ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0751.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . For the stable distribution (lenny), these problems have been fixed in version 3.02-1.4+lenny3. For the upcoming stable distribution (squeeze) and the unstable distribution (sid), these problems don't apply, since xpdf has been patched to use the Poppler PDF library. Upgrade instructions - -------------------- If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk0Q5M4ACgkQXm3vHE4uyloQDACfabZRl0gOaEHypK8Ovaggiyte XHgAn18UdLjvYoXkxzbPC7NqNvsmaCg6 =UpYe -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-1005-1 October 19, 2010 poppler vulnerabilities CVE-2010-3702, CVE-2010-3703, CVE-2010-3704 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libpoppler1 0.5.1-0ubuntu7.8 libpoppler1-glib 0.5.1-0ubuntu7.8 Ubuntu 8.04 LTS: libpoppler-glib2 0.6.4-1ubuntu3.5 libpoppler2 0.6.4-1ubuntu3.5 Ubuntu 9.04: libpoppler-glib4 0.10.5-1ubuntu2.6 libpoppler4 0.10.5-1ubuntu2.6 Ubuntu 9.10: libpoppler-glib4 0.12.0-0ubuntu2.3 libpoppler5 0.12.0-0ubuntu2.3 Ubuntu 10.04 LTS: libpoppler-glib4 0.12.4-0ubuntu5.1 libpoppler5 0.12.4-0ubuntu5.1 Ubuntu 10.10: libpoppler-glib5 0.14.3-0ubuntu1.1 libpoppler7 0.14.3-0ubuntu1.1 In general, a standard system update will make all the necessary changes. Details follow: It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.1-0ubuntu7.8.diff.gz Size/MD5: 27259 bedbca4c7d1fbb131e87ac7d01b9ccfb http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.1-0ubuntu7.8.dsc Size/MD5: 2375 9242a34c31aec338034bad41ff0e04fb http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.5.1.orig.tar.gz Size/MD5: 954930 a136cd731892f4570933034ba97c8704 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.8_amd64.deb Size/MD5: 729804 990c4697220246f06734ec985bf79805 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.8_amd64.deb Size/MD5: 58242 4e17049f4d461125928bd33eb905542e http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.8_amd64.deb Size/MD5: 47402 2e1911778f8d114dc01570a16cc753fa http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.8_amd64.deb Size/MD5: 52998 4dc5f9471611f96ec0bfb5314a527d67 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.8_amd64.deb Size/MD5: 43618 37459b85fdf031fdba6e1b35ea116679 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.8_amd64.deb Size/MD5: 546536 7ad7ef20bd092f9007a0a4f2920d301d http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.8_amd64.deb Size/MD5: 101316 389d8b7bf42dd291ae246bbe5306c66e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.8_i386.deb Size/MD5: 664928 8670a45be74a527aa2381c786d6f499c http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.8_i386.deb Size/MD5: 56038 20fa91b22991fbf8f2855d0019a30066 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.8_i386.deb Size/MD5: 46100 aa511d2877d5a86ee35fb8760168e746 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.8_i386.deb Size/MD5: 51888 e635377fcd0afcc86fb5665f12596940 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.8_i386.deb Size/MD5: 43120 0a299604034207977e6549719e97c3bb http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.8_i386.deb Size/MD5: 505126 546b78451a3db468d906a13c3e461755 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.8_i386.deb Size/MD5: 93028 075e41dd3d3608e7e4a5f682d3ab0d45 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.8_powerpc.deb Size/MD5: 769490 69fe73d00ba079febc5ada96e82cb518 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.8_powerpc.deb Size/MD5: 60272 ef55f2b86d376cfc7f81786fa56f0852 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.8_powerpc.deb Size/MD5: 47556 20725d1ceae67bd27b629bda23ea27aa http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.8_powerpc.deb Size/MD5: 54288 f1652517075e0ea34c6b762e8e1ec6ba http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.8_powerpc.deb Size/MD5: 44890 7ce2dad1bd9962aecd9184b74de80dbd http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.8_powerpc.deb Size/MD5: 552776 7b30e7f41666d93aaa7d3a95537333d8 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.8_powerpc.deb Size/MD5: 105656 6d4c33c8c30e18aba3e5248d19945312 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.5.1-0ubuntu7.8_sparc.deb Size/MD5: 690766 199896329398917fe8f2a37179d02a34 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.5.1-0ubuntu7.8_sparc.deb Size/MD5: 56618 d6fe358f5cdcbc02450e69db342ee8b3 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.5.1-0ubuntu7.8_sparc.deb Size/MD5: 46092 5d19384e2488912b2ba4d98ff39906b7 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-glib_0.5.1-0ubuntu7.8_sparc.deb Size/MD5: 51360 9b6aaada69d2fd81edbf8a3f1e236256 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1-qt_0.5.1-0ubuntu7.8_sparc.deb Size/MD5: 42362 914f0dfd79b25858ad12ad20c4407905 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler1_0.5.1-0ubuntu7.8_sparc.deb Size/MD5: 518396 ccb5b4d7b6a3966174b55e82597d90b8 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.5.1-0ubuntu7.8_sparc.deb Size/MD5: 93880 6343457c99d3fe9e95c65e7f11ed1688 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.6.4-1ubuntu3.5.diff.gz Size/MD5: 22610 e40e61ff8f404dd8c570d7d9d37d3344 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.6.4-1ubuntu3.5.dsc Size/MD5: 1832 5e30251249c773f2fdb94278bf11050c http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.6.4.orig.tar.gz Size/MD5: 1294481 13d12ca4e349574cfbbcf4a9b2b3ae52 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 899230 8fce2b7acfae6b6397caf9caf140a031 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 110018 dfafa5b34781fe749705af443a32d855 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 54810 5febb6077ff4019f33ef36b39d05087b http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 46176 f53d822dbade16249befcf24f503c443 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 25520 85571978f17908b52fde4a635b1a411e http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 146760 9ff80c2dbf2bb811e31e1b66caf6279c http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 201282 909dc624c82bc3c89a0b46ee49fc080f http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 648816 9c4f1dbc90f19b95970d601d05ebf72b http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_amd64.deb Size/MD5: 78984 ea5c07bc1f8cc794416c93e05b4f4815 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 839500 f428fc3b2317229955ebf3145bd8b1ef http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 102844 5abd270a2f436fd79d5fa021ed0a75a2 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 52354 58e6cec2618c530ae21ca02fb009da06 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 42614 9370944020717ba5be753fe28ab981d0 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 25050 57ac26b842693f33b609ea6d6ced073b http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 143622 9f476e4d71f8693f39e73e76c9a65d3c http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 190086 b40f870abc3aa6f6b8203de269e88d93 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 623310 43c9e0e5063794de8b008a567dd48545 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_i386.deb Size/MD5: 73692 d5434601a4e7ef66297888f349217a1f lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 859546 59e85a8660b8972ffac2b9964be303bd http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 103834 2dd93fcfeb085ad2d2ebbf2631b094e9 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 52614 bfa697640e43ddb7314d66f7107e021f http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 43048 f1173347bdf4b450a9058f558a0e98e0 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 24792 2f1a32e1c3062d9ff8ad2bac1a89a5e2 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 145068 e079cb3940740d3866454898c7a635ba http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 191294 c0083aef2f0adfc21064be2f95f6316d http://ports.ubuntu.com/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 637232 bff9ecff5a68a668e00a2c0bab55b290 http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_lpia.deb Size/MD5: 74708 14d03ac4f0abc79bb2b7696776db9362 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 956836 642c3332a4295161be0729b72f6ccfb0 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 115792 671359d71e699df8ef011ef9b1b97e13 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 58464 118f2e096f121fb43ad8a287335f5892 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 46142 60ec3d227164cb4f52531bf0d0d94a71 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 28862 cf22690c891eaf82c9587faff7e7aec1 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 152744 fef8f36a164ceb3a425882cc697d9cad http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 209554 7c20fafa41749c91709a2c925844cad1 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 683376 5c9e55ebefa5e5dfabbd72787bf5b7bb http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_powerpc.deb Size/MD5: 94454 50f79c3f37ccade2e26ac5f01fedb367 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 859950 ca8b01d58970c27729fb9311f7706611 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 104158 a60feaf9f57f703ae37d4587071e10e3 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib2_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 51408 3a832dd5583a5ebdca67fb868b774f46 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 42008 563aa6cce06916284a5bbccc8f9a4a2a http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 23902 dbda45ef43ff352439a2595766a8725f http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-2_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 145340 fcacd993458d4e16e4104b1c2fef74b5 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 193258 872f6f3ef8af1a386100f929342c23f3 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler2_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 631572 31bc91916469b6fee1e4ed2411b98c70 http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.6.4-1ubuntu3.5_sparc.deb Size/MD5: 72984 85a3e42acdf1819c8fc07053cb9012c3 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.10.5-1ubuntu2.6.diff.gz Size/MD5: 22658 46a4434de1013ad6a1aedd7f83f4638e http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.10.5-1ubuntu2.6.dsc Size/MD5: 2319 cb6568c37577a77805a323102daf8cbe http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.10.5.orig.tar.gz Size/MD5: 1516687 125f671a19707861132fb03e73b61184 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 1000762 2511c181edee11136cd95f2fd8f7df4e http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 124320 8e44bb95aaf500ea3f5f2cfeda92c77b http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 64498 433f22fd427b85eda6c6f79c093c7bf4 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 51136 3fce9dd192f7cf72beb2a462b78a045f http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 26084 40b1eb43d7c31c344ee807f67b56405a http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 166096 856ebcf506dfe1e6f73a16d039683576 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 235030 001590442c32e9d44d12c708cb484a34 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 715688 100b06d8f1c178b74a72627c1293a99d http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 3191282 9fad2dc154e6816007978eecba272f98 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_amd64.deb Size/MD5: 80310 e6f5e58168c6548ee953afc2f2e198e2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 939116 1a637f61cc6980c737f0485fc2ee9d46 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 118186 be93a766d70095e2b904e8a1059c1ea9 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 61432 b48d904620036b494dae30f846757933 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 48108 502e462be767601fd4f37278ff6fb0c9 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 25400 0d97956139ca4df762ff50924775c7ee http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 164406 c48888d902bace1af6f9568bc7d11781 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 219842 642d8bf864daa53baa9aba14ef1d8e8d http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 687198 ebd3b55dd94130e8031fce6fdd9c2977 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 3106210 be7d517d3130e27b75b778b1fafab2c2 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_i386.deb Size/MD5: 75150 842cb849ecdc92162f1ef0645a89694a lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 951712 5833f800109087edef20d0d2e043a2a0 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 118064 f415be637dbb5991ce0cf7d4bc62b9b7 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 61512 247589fb21e89512e10055a39cdef0c0 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 48234 53a1552904e2243babf5b4480f4e39d2 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 25090 fe55913c8f07a2d573d202669dd1697e http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 164652 37ca1c8caa83a03a65f2d24d4f7576bb http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 220064 5d8c233389507dc10c6830ab35ab31e4 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 698034 6b6e1e71dc2b4d73ce5d91ab18ed1434 http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 3141000 792164965ecec628891930c15056146e http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_lpia.deb Size/MD5: 75852 566179c180af7420345a59aef66d20ab powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 1067816 72f7c6c253c7a0d6de9572a45b766bea http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 132060 05faca87e109c1c75a82a458b2d23949 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 69138 2c877d50106cacbfa82cb9e60e572e7e http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 51250 377d0b6a2fb986aafde1ee9f8045e04a http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 28790 9a4a744f8bbaee83ab3e0d624425dda3 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 170364 ce061c2566a07dd3c159a23d66d829fc http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 239232 b223e0531752af48a78b9feb2964e77a http://ports.ubuntu.com/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 751112 72ec27c3cfa98ec9c51e1735b233d70a http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 3289146 731cdf54cada7da65a2a3c939df59f93 http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_powerpc.deb Size/MD5: 92846 b62d9487645a67d4c892c3671a75e05c sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 958890 6948353f591647da86e316845ec8f9eb http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 120824 6ff59a3bbd4a9b425ef23110a76c4298 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 61180 2cc5e6f027e76b607defdc9a797fea4d http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 47586 c343721df8aec6efa801c42368c65187 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 24302 829a6fd6cb43629453b0d03abb134c74 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 165794 e2baae9323c3dc1bfd4c7a5188b876a4 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 227060 24c905d2bf65312b9654f3a8c3ff1b85 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler4_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 699612 e891d015a5e9f4a06c62330ae13ad8ff http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 3054006 65d02dc72ebedeee044492a0d54a7c9b http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.10.5-1ubuntu2.6_sparc.deb Size/MD5: 75462 14106f64edcc64399c73cecfffe82660 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0-0ubuntu2.3.diff.gz Size/MD5: 16162 e2f7027909f54a82d3b05a5dab49bfe3 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0-0ubuntu2.3.dsc Size/MD5: 2333 0ca7e3c51f46e811ab8b764d19735017 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.0.orig.tar.gz Size/MD5: 1595424 399b25d9d71ad22bc9a2a9281769c49c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 1051980 811eb825ef2a4a35a2737c7cc8f7dc18 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 147620 0df853686d2bde4d3251e2034d4aaca4 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 75082 66a4118be485eca8c0d64bcb507d95fe http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 56040 9aa3e75a67f5b3325354e0cd0783b4eb http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 26016 ab04a30595e5e10a8ea324ce5429859d http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 169758 a0feabc74a20a921577bb14b328f4f08 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 246134 66b67de914b70e969cef45ad38be8350 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 758072 3759109d011266b2f989d6d4b9c700f8 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 3352576 018f3529b1b4b66eb8fce6446e151276 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.3_amd64.deb Size/MD5: 84178 3242ad6a0e40ac5017b25f252026b4ec i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 989400 4c6f5530a2751fbef0c4cf2b91c0a450 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 140982 8b2732a5ee3087e754cfbc8a311508a9 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 72374 9dafd2e2f353b30269b61184d8a05a73 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 53740 92abc5198ae95accc2a9c04535a12e74 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 25630 9ed21683dc9ce42230357a75c9f8efaf http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 166244 5407024e0fbca9ca17cf31784689f530 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 231402 085ad28bb8f30fb81c922bdf98461f62 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 725946 56e85e5a60eded5dd71286df5afcddad http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 3273936 4900c20227ee15c570803e0a5ea2380e http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.3_i386.deb Size/MD5: 80140 8397685b99e33d2295945e01b5a9c5a9 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 1024116 82f69ec56049caaaa2e6d6ddfbcf38e9 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 145452 ca9c8d859dd2c259254c1015c8150e7c http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 73070 93faf777eb853626a8021a4fdf951ae0 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 53314 f04f80d8c690dd8eed9f2d8629b82ab6 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 24216 5597f9b407ed6e297dfb60495a926835 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 168690 d5f6fc3fd30c50549a0425684be4456f http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 244286 73acb1d168e1b946fc0ab87e52a98d2b http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 749218 e362ac899fed10132a24579c856392bf http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 3243524 b3809cb3b43f6c6fcbf78e5f195454b8 http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.0-0ubuntu2.3_sparc.deb Size/MD5: 80606 84e09ef47c3a62d374f7d72d077857f7 Updated packages for Ubuntu 10.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.4-0ubuntu5.1.diff.gz Size/MD5: 36586 3c8f46489d270a6553c603f1bf42df61 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.4-0ubuntu5.1.dsc Size/MD5: 2321 6309c218890373f2d2f3829083f1e14e http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.12.4.orig.tar.gz Size/MD5: 1674400 4155346f9369b192569ce9184ff73e43 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 1057464 02cfbb58b185dce47f79752bc448ecfb http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 153226 6a1cd66dad1f036c916834a9bee5290e http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 79122 fc4779709ed8b692f9debc48054dcf66 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 56012 6c389ff1ec4144b526b34e3df0390361 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 26902 e4f305ff49b07e2d4266f3c23b737328 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 172296 6a277bb044e8bddf0b7211ef4f201e8a http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 252048 07a540e9727055ad6ea3af4805ca02f4 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 762152 b900a754d1f4fd137a984a5d9a428b49 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 3392098 40b5213d5c65333912cb2a6837cb8155 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.4-0ubuntu5.1_amd64.deb Size/MD5: 84984 222e314966329a71370119194760f289 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 994314 0cf46cddcca262acb400301c6ccfadcf http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 146050 ecfd6621c0c8125575908fce67e87037 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib4_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 75926 9460e967f9ea99f6e52cea7b82794cf1 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 53792 094890d2058126fad34a2a9f1b74a9fe http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 26526 ae6f93323c82c1d452e81335025c4677 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 169754 b69d20dacb024e9412954289e62606e5 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 237416 79df3cbaef280ae078fe5d90d1efeca6 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler5_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 729896 ebd5b47847b7d4c2d6a7956d5f2b9c9c http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 3308176 1901fd74a67d54354fc37140a3820651 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.12.4-0ubuntu5.1_i386.deb Size/MD5: 80940 24c64a45a096f19bc5e29ac070570932 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 1139050 391b272517bddffbfecbbc91a43b7f96 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 160174 5e5fbf2fdbf5007373e8f76a762b875d http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 83092 96d39f59f5dbb721fc5bbd370f0b3540 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 57086 00f8a4e9617f841bd90e57d2835311f4 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 27700 b373ca19c5ec767a6398dffc9bedd553 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 174170 ff1770256477129693ba12fa671d00f2 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 257882 c5a46d4e9d96ab2e705e5a538cf3731e http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 802012 68d7baf4f9f6c09fbf4f1c0e382fa182 http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 3517048 e614b7e4a6a126f9b7dd67f6efefd117 http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.4-0ubuntu5.1_powerpc.deb Size/MD5: 85044 6187f4e8bac574e941da55a6a69690af sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 1061366 41136167b401a0728acbcdb4019d10a9 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 152744 080f6cd7a3b25dafb7a859b7feb7095e http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib4_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 77452 04f109d31474b5aa18934e158adf6d62 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 54694 2300562f2a7cfb8d4a33f881332ace15 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 25448 53b2a8352578c81f64e8f4cab898007b http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 172760 f147f6913ced592759716f7b3df63af2 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 255112 3257864700e4387e8cf4e11e5f4aef4e http://ports.ubuntu.com/pool/main/p/poppler/libpoppler5_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 761444 626f9943c20f6c2f8cddfaed957e0251 http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 3312976 945e1150e98d3545f2790ceaec85220f http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.12.4-0ubuntu5.1_sparc.deb Size/MD5: 82324 33c251009e49841c9ae76e74a1e4e559 Updated packages for Ubuntu 10.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.14.3-0ubuntu1.1.diff.gz Size/MD5: 14357 2913cf42deabe02923039b83f4d3a09b http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.14.3-0ubuntu1.1.dsc Size/MD5: 2426 d8addbeb6ab59e8dfeaab3262b4215e8 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler_0.14.3.orig.tar.gz Size/MD5: 1791880 1024c608a8a7c1d6ec301bddf11f3af9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-cpp-dev_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 64468 6a423398bc892f513b2f38e2e3d5c602 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-cpp0_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 31168 539169982c29fbd85ad92d3564b46332 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 1103468 a14ada191171b0af80c8ed455cc43602 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 165088 a094e30c378323c4e13fce76cb41eaef http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib5_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 83900 ba49980dc7ae19ec805f2d2e0a9dd341 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 59162 2e9264fd1688912c647a684349b04bc1 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 26422 f2e204b7a284aa1c7762671eb764f65f http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 175388 12fdd82ec02447154cb66ffee97eb6bd http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 262250 4b22149a50d268aff9c443f577272ec9 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler7_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 783016 b6a88c5290d6584cf118e03486ee5b28 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 3782700 92aaee73614843eb71a1e894d6e6b6db http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.14.3-0ubuntu1.1_amd64.deb Size/MD5: 84584 cff59800844c6d64d58481682d7096c2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-cpp-dev_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 61226 2daec50e448a0023cefc89ecdac63e2f http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-cpp0_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 31404 ad307f5350fd07a9cc409f4e9e1a76a3 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-dev_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 1031432 cb1b0f48c777da1e83104a1f8a92850c http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib-dev_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 156646 33c97aaca1542522ac44c0c2c1aa32f9 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-glib5_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 80682 9c4b0a4534eb6719a7d9f974b2fc8b61 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt-dev_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 56974 6d8a32bff9e98d95c8cf754c47aae4f6 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt2_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 25986 ce814f61d00c0be09742cff50d691d1a http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-3_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 172378 d6a441c24baa014e23428de75ee78913 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler-qt4-dev_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 246084 0f3d944e284b2e96f78ff7c897d89310 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/libpoppler7_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 746296 c5b46a4f36381b2d6ac1f4cdc973a85d http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-dbg_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 3694024 28b7b242f8fe4b6decc198ce2cddc5e4 http://security.ubuntu.com/ubuntu/pool/main/p/poppler/poppler-utils_0.14.3-0ubuntu1.1_i386.deb Size/MD5: 79640 326c2ea9f373fec8622ca654b942fee2 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-cpp-dev_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 65034 e6fe859f3e6071f20f9cf880107c1f2e http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-cpp0_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 32576 1923fe67aeb448dae67c0c3de7acad51 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-dev_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 1182088 7d90bf72cedc6ccda4da639e657ba3ec http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib-dev_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 171878 728ed879151c66c82c09d074ca3d6b74 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-glib5_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 88564 38714d7ad6697b4231e2c89c511195c4 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt-dev_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 60498 2422b28c607abc4cf25388199ad89052 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt2_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 27190 4e063517954ef91ae8ce1d959f939bad http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-3_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 177264 79deabe8844ba4993b7643a846b6ba7f http://ports.ubuntu.com/pool/main/p/poppler/libpoppler-qt4-dev_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 270448 a6924c87f821b74c9d9ef642d3182194 http://ports.ubuntu.com/pool/main/p/poppler/libpoppler7_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 822532 fded6e9509fb172ea0587cd536b8e24c http://ports.ubuntu.com/pool/main/p/poppler/poppler-dbg_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 3916390 bd49980f1d5fe6a419961106a2635ad6 http://ports.ubuntu.com/pool/main/p/poppler/poppler-utils_0.14.3-0ubuntu1.1_powerpc.deb Size/MD5: 82814 8552bb3b2508b96a0c3a2be0b7a02f00

Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames. GNU libc is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to make the affected computer unresponsive, denying service to legitimate users. Multiple vendors' implementations are reported to be affected, including: NetBSD OpenBSD FreeBSD Oracle Solaris 10 Additional vendors' implementations may also be affected. ---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. For more information see vulnerability #2: SA42984 The vulnerability is reported in the following versions R15, R16, R16.1, and R16.2. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Oracle Solaris Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42984 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42984/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42984 RELEASE DATE: 2011-01-19 DISCUSS ADVISORY: http://secunia.com/advisories/42984/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42984/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42984 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges and by malicious people to disclose system information, cause a DoS (Denial of Service), and compromise a vulnerable system. 1) An unspecified error in the CDE Calendar Manager Service daemon can be exploited to potentially execute arbitrary code via specially crafted RPC packets. 2) An unspecified error in the FTP server can be exploited to cause a DoS. 3) An unspecified error in a Ethernet driver can be exploited to disclose certain system information. 4) An unspecified error in the kernel NFS component can be exploited to cause a DoS. 5) An unspecified error in the kernel can be exploited by local users to cause a DoS. 6) A second unspecified error in the kernel can be exploited by local users to cause a DoS. 7) An unspecified error in the Standard C Library (libc) can be exploited by local users to gain escalated privileges. 8) An unspecified error in the Fault Manager daemon can be exploited by local users to gain escalated privileges. 9) An unspecified error in the XScreenSaver component can be exploited by local users to gain escalated privileges. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for January 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:02.libc Security Advisory The FreeBSD Project Topic: glob(3) related resource exhaustion Category: core Module: libc Announced: 2013-02-19 Affects: All supported versions of FreeBSD. Corrected: 2013-02-05 09:53:32 UTC (stable/7, 7.4-STABLE) 2013-02-19 13:27:20 UTC (releng/7.4, 7.4-RELEASE-p12) 2013-02-05 09:53:32 UTC (stable/8, 8.3-STABLE) 2013-02-19 13:27:20 UTC (releng/8.3, 8.3-RELEASE-p6) 2013-02-05 09:53:32 UTC (stable/9, 9.1-STABLE) 2013-02-19 13:27:20 UTC (releng/9.0, 9.0-RELEASE-p6) 2013-02-19 13:27:20 UTC (releng/9.1, 9.1-RELEASE-p1) CVE Name: CVE-2010-2632 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. I. Background The glob(3) function is a pathname generator that implements the rules for file name pattern matching used by the shell. II. Problem Description GLOB_LIMIT is supposed to limit the number of paths to prevent against memory or CPU attacks. The implementation however is insufficient. III. Impact An attacker that is able to exploit this vulnerability could cause excessive memory or CPU usage, resulting in a Denial of Service. A common target for a remote attacker could be ftpd(8). IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch # fetch http://security.FreeBSD.org/patches/SA-13:02/libc.patch.asc # gpg --verify libc.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch Recompile the operating system using buildworld and installworld as described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>. Restart all daemons, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Restart all daemons, or reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch/path Revision - ------------------------------------------------------------------------- stable/7/ r246357 releng/7.4/ r246989 stable/8/ r246357 releng/8.3/ r246989 stable/9/ r246357 releng/9.0/ r246989 releng/9.1/ r246989 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2632 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-13:02.libc.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (FreeBSD) iEYEARECAAYFAlEjf80ACgkQFdaIBMps37JFUgCfUrw8Ky4U19COja6fna49Calv z/YAn1JSGxzHCo8vLj4XhtXqrQt68or4 =mCPv -----END PGP SIGNATURE----- . MacOSX 10.8.3 ftpd Remote Resource Exhaustion Maksymilian Arciemowicz http://cxsecurity.com/ http://cvemap.org/ Public Date: 01.02.2013 http://cxsecurity.com/cveshow/CVE-2010-2632 http://cxsecurity.com/cveshow/CVE-2011-0418 --- 1. Description --- Old vulnerability in libc allow to denial of service ftpd in MacOSX 10.8.3. Officially Apple has resolved this issue in Jun 2011. Apple use tnftpd as a main ftp server. tnftpd has migrated some functions from libc to own code (including glob(3)). Missing patch for resource exhaustion was added in version 20130322. To this time, we can use CVE-2010-2632 to denial of service the ftp server. The funniest is report http://support.apple.com/kb/ht4723 where CVE-2010-2632 was patched. That true 'libc is patched', but nobody from Apple has verified ftp. I really don't believe in penetrating testing form Apple side. Situation don't seems good. I has asked for open source donations, unfortunately Apple do not financial help vendors, what use their software in own products. Proof of Concept is available since 2010 http://cxsecurity.com/issue/WLB-2011030145 Video demonstrated how to kill Mac Mini in basic version i5 with 10GB RAM in 30 min is available on http://cxsec.org/video/macosx_ftpd_poc/ --- 2. References --- Multiple Vendors libc/glob(3) remote ftpd resource exhaustion http://cxsecurity.com/issue/WLB-2010100135 http://cxsecurity.com/cveshow/CVE-2010-2632 Multiple FTPD Server GLOB_BRACE|GLOB_LIMIT memory exhaustion http://cxsecurity.com/issue/WLB-2011050004 http://cxsecurity.com/cveshow/CVE-2011-0418 More CWE-399 resource exhaustion examples: http://cxsecurity.com/cwe/CWE-399 Last related to http://www.freebsd.org/security/advisories/FreeBSD-SA-13:02.libc.asc --- 3. Contact --- Maksymilian Arciemowicz Best regards, CXSEC TEAM http://cxsecurity.com/

Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Acrobat and Reader are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Adobe Reader and Acrobat versions prior to and including 9.3.4 and 8.2.4 are affected. I. An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file. The Adobe Reader browser plug-in, which can automatically open PDF documents hosted on a website, is available for multiple web browsers and operating systems. Additional information is available in US-CERT Vulnerability Note VU#491991. II. Impact These vulnerabilities could allow a remote attacker to execute arbitrary code, write arbitrary files or folders to the file system, escalate local privileges, or cause a denial of service on an affected system as the result of a user opening a malicious PDF file. III. Solution Update Adobe has released updates to address this issue. Disable JavaScript in Adobe Reader and Acrobat Disabling JavaScript may prevent some exploits from resulting in code execution. Acrobat JavaScript can be disabled using the Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable Acrobat JavaScript). Adobe provides a framework to blacklist specific JavaScipt APIs. If JavaScript must be enabled, this feature may be useful when specific APIs are known to be vulnerable or used in attacks. Prevent Internet Explorer from automatically opening PDF files The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to a safer option that prompts the user by importing the following as a .REG file: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\AcroExch.Document.7] "EditFlags"=hex:00,00,00,00 Disable the display of PDF files in the web browser Preventing PDF files from opening inside a web browser will partially mitigate this vulnerability. If this workaround is applied, it may also mitigate future vulnerabilities. To prevent PDF files from automatically being opened in a web browser, do the following: 1. 2. Open the Edit menu. 3. Choose the Preferences option. 4. Choose the Internet section. 5. Uncheck the "Display PDF in browser" checkbox. Do not access PDF files from untrusted sources Do not open unfamiliar or unexpected PDF files, particularly those hosted on websites or delivered as email attachments. Please see Cyber Security Tip ST04-010. IV. References * Security update available for Adobe Reader and Acrobat - <http://www.adobe.com/support/security/bulletins/apsb10-21.html> * US-CERT Vulnerability Note VU#491991 - <http://www.kb.cert.org/vuls/id/491991> * Adobe Reader and Acrobat JavaScript Blacklist Framework - <http://kb2.adobe.com/cps/504/cpsid_50431.html> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA10-279A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA10-279A Feedback VU#491991" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2010 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History October 06, 2010: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTKxxvD6pPKYJORa3AQIL3wgAp2tynQw73VA+B70fuEl+os17BeVaP8zn 5aoWS6QBRx+Q8Ijw1wnKT1sF4IWaDWTWqPo0yt6MLx8WwO2ei8WaB+aMOwy9ZBo3 BbCOPSM63/3jBrJuCDs4x2PhZDzg2GJf4Zw8NN2oCSOXMxYGhx16QQzo2lY35CBJ cvCSiLtNQuqpnvNMi2DJhArwxStK9Un2fli7IqwXzC6+RIgrk1l/EAM/6CO2+AwJ Se0bDWBjwR5YverLEXoLuBbF0lHvQ0+V/vT5Q/zBDYUwcWkBL2n7NwdbKI9pYZxL 8Te7YapqAnMNgI1/PnYI/W369Vq3U6QoQVVR9ZoyLGw8x0A57cpU2g== =Rc0h -----END PGP SIGNATURE-----

Research In Motion BlackBerry Device Software is prone to a cross-domain information-disclosure vulnerability because the application's web browser fails to properly enforce the same-origin policy. An attacker can exploit this issue to access local files or content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information or may aid in further attacks.