VARIoT IoT vulnerabilities database

The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL. Mac OS X is prone to a denial-of-service vulnerability. I. Further details are available in the US-CERT Vulnerability Notes Database. II. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. _________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History May 29 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx 403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ== =QvSr -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Secunia Network Software Inspector 2.0 (NSI) - Public Beta The Public Beta has ended. Thanks to all that participated. Learn more: http://secunia.com/network_software_inspector_2/ ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA30430 VERIFY ADVISORY: http://secunia.com/advisories/30430/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote REVISION: 1.1 originally posted 2008-05-29 OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) An error in AFP server allows connected users or guests to access files and directories that are not within a shared directory. 2) Some vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks or to cause a DoS (Denial of Service). 3) An unspecified error in AppKit can potentially be exploited to execute arbitrary code when a user opens a specially crafted document file with an editor that uses AppKit (e.g. TextEdit). 4) Multiple unspecified errors exist in the processing of Pixlet video files. These can be exploited to cause memory corruption and potentially allow for execution of arbitrary code when a user opens a specially crafted movie file. 5) An unspecified error exists in Apple Type Services when processing embedded fonts in PDF files. This can be exploited to cause a memory corruption when a PDF file containing a specially crafted embedded font is printed. Successful exploitation may allow execution of arbitrary code. 6) An error in Safari's SSL client certificate handling can lead to an information disclosure of the first client certificate found in the keychain when a web server issues a client certificate request. 7) An integer overflow exists in CoreFoundation when handling CFData objects. This can be exploited to cause a heap-based buffer overflow if an application calls "CFDataReplaceBytes" with an invalid "length" argument. 8) An error due to an uninitialised variable in CoreGraphics can potentially be exploited to execute arbitrary code when a specially crafted PDF is opened. 9) A weakness is caused due to users not being warned before opening certain potentially unsafe content types. 10) An error when printing to password-protected printers with debug logging enabled may lead to the disclosure of sensitive information. 11) Some vulnerabilities in Adobe Flash Player can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to potentially compromise a user's system. For more information: SA28083 12) An integer underflow error in Help Viewer when handling help:topic URLs can be exploited to cause a buffer overflow when a specially crafted help:topic URL is accessed. Successful exploitation may allow execution of arbitrary code. 13) A conversion error exists in ICU when handling certain character encodings. This can potentially be exploited bypass content filters and may lead to cross-site scripting and disclosure of sensitive information. 14) Input passed to unspecified parameters in Image Capture's embedded web server is not properly sanitised before being used. This can be exploited to disclose the content of local files via directory traversal attacks. 15) An error in the handling of temporary files in Image Capture can be exploited by malicious, local users to manipulate files with the privilege of a user running Image Capture. 16) A boundary error in the BMP and GIF image decoding engine in ImageIO can be exploited to disclose content in memory. 17) Some vulnerabilities in ImageIO can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerabilities are caused due to the use of vulnerable libpng code. For more information: SA27093 SA27130 18) An integer overflow error in ImageIO within the processing of JPEG2000 images can be exploited to cause a heap-based buffer overflow when a specially crafted JPEG2000 image is viewed. Successful exploitation of this vulnerability may allow execution of arbitrary code. 19) An error in Mail is caused due to an uninitialised variable and can lead to disclosure of sensitive information and potentially execution of arbitrary code when mail is sent through an SMTP server over IPv6. 20) A vulnerability in Mongrel can be exploited by malicious people to disclose sensitive information. For more information: SA28323 21) The sso_util command-line tool requires that passwords be passed to it in its arguments, which can be exploited by malicious, local users to disclose the passwords. 22) An error in Wiki Server can be exploited to determine valid local user names when nonexistent blogs are accessed. Security Update 2008-003 (PPC): http://www.apple.com/support/downloads/securityupdate2008003ppc.html Security Update 2008-003 Server (PPC): http://www.apple.com/support/downloads/securityupdate2008003serverppc.html Security Update 2008-003 Server (Universal): http://www.apple.com/support/downloads/securityupdate2008003serveruniversal.html Security Update 2008-003 (Intel): http://www.apple.com/support/downloads/securityupdate2008003intel.html Mac OS X 10.5.3 Combo Update: http://www.apple.com/support/downloads/macosx1053comboupdate.html Mac OS X 10.5.3 Update: http://www.apple.com/support/downloads/macosx1053update.html Mac OS X Server 10.5.3 Combo Update: http://www.apple.com/support/downloads/macosxserver1053comboupdate.html Mac OS X Server 10.5.3 Update: http://www.apple.com/support/downloads/macosxserver1053update.html PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Alex deVries and Robert Rich 3) Rosyna of Unsanity 5) Melissa O'Neill, Harvey Mudd College 9) Brian Mastenbrook 12) Paul Haddad, PTH Consulting 16) Gynvael Coldwind, Hispasec 19) Derek Morr, Pennsylvania State University 21) Geoff Franks, Hauptman Woodward Institute 22) Don Rainwater, University of Cincinnati CHANGELOG: 2008-05-29: Added links to Mac OS X 10.5.3 in "Solution" section. ORIGINAL ADVISORY: http://support.apple.com/kb/HT1897 OTHER REFERENCES: SA18008: http://secunia.com/advisories/18008/ SA18307: http://secunia.com/advisories/18307/ SA26273: http://secunia.com/advisories/26273/ SA26636: http://secunia.com/advisories/26636/ SA27093: http://secunia.com/advisories/27093/ SA27130: http://secunia.com/advisories/27130/ SA28081: http://secunia.com/advisories/28081/ SA28083: http://secunia.com/advisories/28083/ SA28323: http://secunia.com/advisories/28323/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. The vulnerability is caused due to an error in the handling of return values of "hashes()" in the "cs_validate_page()" function when processing signed Mach-O binaries and can be exploited to cause a system panic. Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems

Stack-based buffer overflow in PccScan.dll before build 1451 in Trend Micro AntiVirus plus AntiSpyware 2008, Internet Security 2008, and Internet Security Pro 2008 allows user-assisted remote attackers to cause a denial of service (SfCtlCom.exe crash), and allows local users to gain privileges, via a malformed .zip archive with a long name, as demonstrated by a .zip file created via format string specifiers in a crafted .uue file. Trend Micro Antivirus Plus Antispyware is prone to a denial-of-service vulnerability. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. The vulnerability is caused due to a boundary error within PccScan.dll when decoding UUE files and can be exploited to cause a buffer overflow via a specially crafted UUE file. NOTE: The vendor's advisory states that the vulnerability is caused due to a format-string error when handling certain fields of a UUE file during decoding. It is not clear if this is a separate vulnerability. http://solutionfile.trendmicro.com/solutionfile/1036464/EN/tis_160_win_en_patch_pccscan1451.exe PROVIDED AND/OR DISCOVERED BY: Sowhat, Nevis Labs ORIGINAL ADVISORY: Trend Micro: http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036464 Sowhat: http://secway.org/advisory/AD20071211.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries. Kerio WinRoute Firewall is prone to an unspecified weakness that allows local users to bypass proxy authentication. Exploiting this issue may permit a local attacker to obtain web pages that are supposed to be administratively prohibited with proxy controls. Versions prior to Kerio WinRoute Firewall 6.4.1 contain this weakness. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. SOLUTION: Update to version 6.4.1. http://www.kerio.com/kwf_download.html PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.kerio.com/kwf_history.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Provided by Hitachi JP1/Cm2/Network Node Manager (NNM) Contains a cross-site scripting vulnerability. Provided by Hitachi JP1/Cm2/Network Node Manager (NNM) Is software that can centrally manage network configurations and failures. this NNM Contains a cross-site scripting vulnerability. There are several affected systems. For details, check the information provided by the vendor. This vulnerability information is based on the Information Security Early Warning Partnership. IPA To report to JPCERT/CC Has coordinated with the vendor. Reporter: NTT Data Security Corporation 辻 Nobuhiro MrAn arbitrary script may be executed on the user's web browser.

Multiple unspecified vulnerabilities in the Flash media handler in Apple QuickTime before 7.3.1 allow remote attackers to execute arbitrary code or have other unspecified impacts via a crafted QuickTime movie. The most serious issue will allow remote attackers to execute code. The remote-code execution issues involve processing '.swf' files. The 'Quicktime.qts' module uses the 'BitMapFormat' attribute of the 'Parser' object without validating its contents. An attacker can exploit some of these issues to execute arbitrary code with the privileges of the user running the affected application. The impact of the other issues has not been specified. These issues affect versions prior to QuickTime 7.3.1 for these platforms: Mac OS X v10.3.9 Mac OS X v10.4.9 or later Mac OS X v10.5 or later Microsoft Windows Vista Microsoft Windows XP SP2. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA28092 VERIFY ADVISORY: http://secunia.com/advisories/28092/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/ DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. 1) A boundary error in the handling of QTL files can be exploited to cause a heap-based buffer overflow when a user views a specially crafted QTL file. SOLUTION: Update to Apple QuickTime version 7.3.1. QuickTime 7.3.1 for Panther: http://www.apple.com/support/downloads/quicktime731forpanther.html QuickTime 7.3.1 for Tiger: http://www.apple.com/support/downloads/quicktime731fortiger.html QuickTime 7.3.1 for Leopard: http://www.apple.com/support/downloads/quicktime731forleopard.html QuickTime 7.3.1 for Windows: http://www.apple.com/support/downloads/quicktime731forwindows.html PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor. 2) The vendor credits: * Tom Ferris, Adobe Secure Software Engineering Team (ASSET) * Mike Price of McAfee Avert Labs * Lionel d'Hauenens and Brian Mariani of Syseclabs ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307176 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remote attackers to execute arbitrary code via a crafted QTL file. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted QTL file. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. The software is capable of handling multiple sources such as digital video, media segments, and more. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA28092 VERIFY ADVISORY: http://secunia.com/advisories/28092/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/ DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. Successful exploitation may allow execution of arbitrary code. 2) Various unspecified errors exist in QuickTime's Flash media handler, which can be exploited to execute arbitrary code. The vulnerabilities are reported in Apple QuickTime prior to version 7.3.1. SOLUTION: Update to Apple QuickTime version 7.3.1. QuickTime 7.3.1 for Panther: http://www.apple.com/support/downloads/quicktime731forpanther.html QuickTime 7.3.1 for Tiger: http://www.apple.com/support/downloads/quicktime731fortiger.html QuickTime 7.3.1 for Leopard: http://www.apple.com/support/downloads/quicktime731forleopard.html QuickTime 7.3.1 for Windows: http://www.apple.com/support/downloads/quicktime731forwindows.html PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor. 2) The vendor credits: * Tom Ferris, Adobe Secure Software Engineering Team (ASSET) * Mike Price of McAfee Avert Labs * Lionel d'Hauenens and Brian Mariani of Syseclabs ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307176 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Apache is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. This issue affects the following: - The 'mod_imagemap' module in Apache 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, and 2.2.0 - The 'mod_imap' module in Apache 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, and 1.3.0. =========================================================== Ubuntu Security Notice USN-575-1 February 04, 2008 apache2 vulnerabilities CVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: apache2-mpm-perchild 2.0.55-4ubuntu2.3 apache2-mpm-prefork 2.0.55-4ubuntu2.3 apache2-mpm-worker 2.0.55-4ubuntu2.3 Ubuntu 6.10: apache2-mpm-perchild 2.0.55-4ubuntu4.2 apache2-mpm-prefork 2.0.55-4ubuntu4.2 apache2-mpm-worker 2.0.55-4ubuntu4.2 Ubuntu 7.04: apache2-mpm-event 2.2.3-3.2ubuntu2.1 apache2-mpm-perchild 2.2.3-3.2ubuntu2.1 apache2-mpm-prefork 2.2.3-3.2ubuntu2.1 apache2-mpm-worker 2.2.3-3.2ubuntu2.1 Ubuntu 7.10: apache2-mpm-event 2.2.4-3ubuntu0.1 apache2-mpm-perchild 2.2.4-3ubuntu0.1 apache2-mpm-prefork 2.2.4-3ubuntu0.1 apache2-mpm-worker 2.2.4-3ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This was only vulnerable in Ubuntu 6.06. A remote attacker could send Apache crafted date headers and cause a denial of service via application crash. By default, mod_proxy is disabled in Ubuntu. (CVE-2007-3847) It was discovered that mod_autoindex did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2007-4465) It was discovered that mod_imap/mod_imagemap did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000) It was discovered that mod_status when status pages were available, allowed for cross-site scripting attacks. By default, mod_status is disabled in Ubuntu. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6421) It was discovered that mod_proxy_balancer could be made to dereference a NULL pointer. A remote attacker could send a crafted request and cause a denial of service via application crash. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422) It was discovered that mod_proxy_ftp did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz Size/MD5: 121305 10359a467847b63f8d6603081450fece http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc Size/MD5: 1148 923d0e3dcb5afba32a130aed96ac7214 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb Size/MD5: 2124588 2befe634f0a889cc2241772f2a7d7164 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 832842 032c077cfeb6ffbc3989c54c27cb729a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 228206 771457a0b555eef325be270e1c22c0c2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 223236 77988570570b779ebf92fcc3dc7dc198 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 227904 945d30797a27c7ac28a96d9c1793b80d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 171402 3b7567107864cf36953e7911a4851738 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 172186 85a591ea061cbc727fc261b046781502 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 94240 b80027348754c493312269f7410b38fe http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 36228 2821ca9410c9cd287e756f05b0f6930c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 285664 76f4879738a0a788414316581ac2010b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 144250 3cd8327429958569a306257da57e8be0 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 786052 7bdddb451607eeb2abb9706641675397 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 202862 a88456a5949fe1da4ad3f6c969d3a886 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 198746 aa72459cae4f5765ccd1b58d275961bc http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 202338 13bbe75f89aeedb6dec9be929528df48 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 171408 34209e19f6ef01cb08aa75c1b3045495 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 172176 4521336ea6f4d87391ee96d70b79f887 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 92182 d8a3310073c017cdc7d3ffd1046a50cf http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 36220 0ae71bd4efdd0fb325864f46ba4f16e7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 261736 476e8d909e279fac698baf9cf0d62300 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 132160 3efb3c11dd844fbc429eff5818dcdae2 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 859014 a8c42d748bfd616f6a6f1bbbf2224205 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 220254 84f7c2678fbab6b303361d32f1a741a8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 215932 bee4a6e00371117203647fd3a311658a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 219800 aaf4968deba24912e4981f35a367a086 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 171410 a15c13c0a2ec49e805f9ae83e5db4ae7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 172198 4e411b4b16daab9a0ddc9ea3651f448d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 103940 dca02b7f5bc6848fa1dc8aa530f04910 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 36222 619ee3ea1064d11a02de092690bfb1e1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 281280 9325dbc26f57d76254ceca78bee4cff2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 141398 668d7fb9dd196e82601ca6d43a326813 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 803242 120feec10c0dcc370894e2a3bdcd399b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 210668 062841f2fd30c07ff1f5b101a7c1e196 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 206266 35b3b9d4b34844b01576ca7963b5edda http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 209954 4f99e4d02fc93222cb541edb09358b79 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 171404 bd728a86c1a8984d60caeee35da0c451 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 172184 1794886b8aca59cf28cbe28d853f42ae http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 93282 1ae6def788c74750d79055784c0d8006 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 36230 5f1d8e4d19324674a1f5748601431758 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 267832 96c149638daeb993250b18c9f4285abf http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 130082 7a62f71e679a233ca118cb9813ffd3e3 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz Size/MD5: 121671 775c3b2d53630ddfb4386cbfdb954861 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc Size/MD5: 1148 a5dd357e0bef2dc308656c6c0af5ca1c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb Size/MD5: 2124902 baf4147b4e4d939a08f20c8ac987abf7 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 836086 e04fced4fc1efd4a192a4016f679bc38 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 227790 27c558402837f9d4c85315dcdde2f4e1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 222698 a33ef1566dcd4793b0aa633435e8ee44 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 227296 4b3c5e771574d858dd655a9e0a7a5d8c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 171640 bd8fbcd40f5431e6688156ba4b17e960 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 172412 0520836bca78eb64bc97d4a8cc481487 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 94518 8b35759996e50046eca8154ebc63fc1f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 36530 1b08b4418ff0f7ba90940433116cf6d8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 286876 1426b92819b56ff892483acedfdea4c6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 145340 109c93408c5197be50960cce80c23b7c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 806640 81e91910683454a4b2444e0ce8e929bc http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 209996 27440ecbe836673f63ae1773e238eb65 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 206098 e77a4b69c1c456f4ca6c03d9105d8552 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 209552 8a23207211e54b138d5a87c15c097908 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 171636 07616e459905bad152a8669c8f670436 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 172408 69300678b2f8b908f90a91de325c7ee2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 93558 d47cdad1593a7332507c7d0388effbf4 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 36532 47800e58ec26a1389005b8120ad3ca3e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 266728 65cd78808f959d9e73a4d5e348bf3e20 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 137934 1493ea26165b34a841da777ed801ca7a powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 865216 a635390e5772dd30dac70f7aba5e620d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 222022 e37ef7d710800e568d838242d3129725 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 217630 53127602a5df28a5d66fdd11e396c346 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 221782 d3e43cef5b90a7e3aa405a5d167ddfb6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 171632 d9f1c242ffeab1b90850a6ffc78f0148 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 172404 51b40f3e6a486ce372844ad24b83ecf5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 104970 0f281f65023f52f0bea2dc54136b6c57 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 36530 c8c4a7e645fe938da23737602589d08c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 284866 ba3e1b09a14d8e5485561118f6eeefb7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 144554 66d17552fd2385cfdf44c5d55ea583c9 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 811380 c2578ed2a96363e7c5fb268933487ccb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 212602 aab797ade503fec11a36dbf640e1ef08 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 208354 0a571678c269d1da06787dac56567f1c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 212052 90754ccdcd95e652413426376078d223 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 171634 00fbac613f13f1d1e20470ce42703018 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 172414 65e31d4a009a9663212f8cfcfa492c53 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 94100 95bd6b71a6bc1fceeccbc51d2b913bd2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 36532 b4a7ccf0ba37c70b78a950bacbc4a650 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 268776 5b157a4dd55f533a610bc6c111e9d414 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 131000 dda2d34f2e90e0468b02e261ae2c6afe Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz Size/MD5: 115896 cbb8201fa61844fe02dcc7c2e1e35cf5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc Size/MD5: 1128 77143d282e5fc16d3f1dc327b7a4fd87 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb Size/MD5: 2199570 be1a62334680ed00d5f5a4c74113d524 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb Size/MD5: 272460 eb0d9dce34ef9dd4b940fb98c38e529c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb Size/MD5: 6672646 b3d11c9f4451f75e4ff17e663999a579 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb Size/MD5: 39090 d2db3ef69d13b4ed76493e189174c304 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 450016 f2726571f028c6f228a73faa1b620f63 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 445732 2f791f5e207e2ed047c4ed36572cea6d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 449602 a67b291ea2270e9c46f8eaecef65f7c6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 403950 bc7a8419daa6c451decbb5640241df32 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 404518 099bb7f53ae885bd7e8157c781c5b50b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 341726 0aed173b3eb2db83ddd6ddb49bab7c4e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 971426 30db1106dfea5106da54d2287c02a380 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 433320 03d3aa003bf777f1f1ae9d8f814caac1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 429248 e49f5accb8764204a2a759ea8b2dea55 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 432706 a3c32680004d3e0b460513d426006bb0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 403964 63c77d5009e715094d21c273b57c04d0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 404530 f4b9eb26fa058eaec8f75ae956cbc852 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 340810 e5d63edb8c0f2baccf9a2b072d1c3d74 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 929546 828b8224e2540d7bc4e462d5b2b1f8af powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 451914 b1057076382cb22727fa0bcd202c57dd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 447340 44e26684bd3a09f2ed6969d2c540f5ae http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 451324 2c029a48b2242e1fdf137a6cec3af09d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 403974 65a11cfaee921517445cf74ed04df701 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 404538 d27226fdeac7d193651a2cb2bd4b61e8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 360936 058bbb5e05afc0ca08805ca71a713a42 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 1073822 0f9dda867e9131cc5418dd40ec579d38 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 434804 ff6361811108a9be8b45dd255b84c376 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 430968 367e708f82317b657439fc9e70dfb3eb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 434308 2073137bb138dc52bbace666714f4e14 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 403952 f0ed9c92b917d1749825e64be61d8822 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 404520 fa7ce800de2eb5719c479a7506798b88 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 343774 880faca3543426734431c29de77c3048 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 938534 3e9075d30b9cedd73a936a14b8b84374 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz Size/MD5: 121669 dd7399c1dacd25d2153af25d3e9c3ea5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc Size/MD5: 1241 9b9bd27a1cfe3fc33d63b0b13d345e98 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb Size/MD5: 2211118 6da81663b251e862bb665d9627271b9f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb Size/MD5: 278032 4f8270cff0a532bd059741b366047da9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb Size/MD5: 6700348 b133a1244f39b3f64fdd47cdd4a64480 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb Size/MD5: 42192 3f0351337b9c5d21ceea4b92a3911040 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 456628 d85a3cbc0eef82e845a8327180136469 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 452408 8dd9341af4b538e6c9f8f70faf5fd2f2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 456134 f6bcb10663b0c13cdf68c6d0e83c6342 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 410020 036c44117688999e0eaa7a6cfc1b5a11 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 410604 cbb1e906a74fb2a34f41a3243ffa8010 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 347444 63413a914cb4546704032ab8f7f16a80 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 989366 b0c2d84f421fcb331efcec2a7b0711d1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 439730 46888aaf742cdcc30bcf7983d31c0158 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 435354 f3557e1a87154424e9144cf672110e93 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 439062 3469e523d93cfc20b71271b1f24daea1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 410026 fafeb6f9433f595e1a634505f78d2bd1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 410606 29b01db3883e5d12a5992c22cadfbe7a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 346490 6581362eebd73d91d1f74ebd9941c890 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 944816 a1f598ad168bf49f12f8b0cf08ab7908 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 458126 f08b8b1f2673fdfcbd849bc913006408 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 453546 f52c55b92d5b1c42cb4cfcfee774b1bd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 457466 f7b948be666100a7f5631cbafe2255dd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 410024 3bba352e3a2d8730a23d04fdcea5abd9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 410606 b95af66f260d1291e92986790b7d2f0f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 366550 c2f8906ce78396a240e37c08aa2cc197 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 1091688 f214016a736f7743a28dfd03e09753e2 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 440954 f1a98acdf576d3e7c9576501f7886d30 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 437166 36b4878e0e9593b5d28c743eb093784a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 440446 46d56f1a8d1b10cc937c8252648a583e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 410028 0c28e9654530a4ecf363d998b78e1fd5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 410608 8e22b403b2315b190263f8ba2c8f98dd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 349678 fe7ce515de30be0ef1ddf865cae5dd49 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 956316 009e48ea5e94d39830b3e9ba21aa55c8 . The HP Business Availability Center v8.02 kit is available on the HP Software Support Online portal at: http://support.openview.hp.com/support.jsp . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2009-0010 Synopsis: VMware Hosted products update libpng and Apache HTTP Server Issue date: 2009-08-20 Updated on: 2009-08-20 (initial release of advisory) CVE numbers: CVE-2009-0040 CVE-2007-3847 CVE-2007-1863 CVE-2006-5752 CVE-2007-3304 CVE-2007-6388 CVE-2007-5000 CVE-2008-0005 - ------------------------------------------------------------------------ 1. Summary Updated VMware Hosted products address security issues in libpng and the Apace HTTP Server. 2. Relevant releases VMware Workstation 6.5.2 and earlier, VMware Player 2.5.2 and earlier, VMware ACE 2.5.2 and earlier 3. Problem Description a. Third Party Library libpng Updated to 1.2.35 Several flaws were discovered in the way third party library libpng handled uninitialized pointers. An attacker could create a PNG image file in such a way, that when loaded by an application linked to libpng, it could cause the application to crash or execute arbitrary code at the privilege level of the user that runs the application. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0040 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 6.5.x any 6.5.3 build 185404 or later Player 2.5.x any 2.5.3 build 185404 or later ACE 2.5.x any 2.5.3 build 185404 or later Server 2.x any patch pending Server 1.x any patch pending Fusion 2.x Mac OS/X not affected Fusion 1.x Mac OS/X not affected ESXi 4.0 ESXi not affected ESXi 3.5 ESXi not affected ESX 4.0 ESX not affected ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 3.0.2 ESX not affected ESX 2.5.5 ESX not affected * * The libpng update for the Service Console of ESX 2.5.5 is documented in VMSA-2009-0007. b. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752, CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the issues that have been addressed by this update. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 6.5.x any not affected Player 2.5.x any not affected ACE 2.5.x Windows 2.5.3 build 185404 or later ACE 2.5.x Linux update Apache on host system * Server 2.x any not affected Server 1.x any not affected Fusion 2.x Mac OS/X not affected Fusion 1.x Mac OS/X not affected ESXi 4.0 ESXi not affected ESXi 3.5 ESXi not affected ESX 4.0 ESX not affected ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 3.0.2 ESX not affected ESX 2.5.5 ESX not affected * The Apache HTTP Server is not part of an ACE install on a Linux host. 4. Solution Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file. VMware Workstation 6.5.3 ------------------------ http://www.vmware.com/download/ws/ Release notes: http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html For Windows Workstation for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 7565d16b7d7e0173b90c3b76ca4656bc sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1 For Linux Workstation for Linux 32-bit Linux 32-bit .rpm md5sum: 4d55c491bd008ded0ea19f373d1d1fd4 sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e Workstation for Linux 32-bit Linux 32-bit .bundle md5sum: d4a721c1918c0e8a87c6fa4bad49ad35 sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5 Workstation for Linux 64-bit Linux 64-bit .rpm md5sum: 72adfdb03de4959f044fcb983412ae7c sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb Workstation for Linux 64-bit Linux 64-bit .bundle md5sum: 83e1f0c94d6974286256c4d3b559e854 sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542 VMware Player 2.5.3 ------------------- http://www.vmware.com/download/player/ Release notes: http://www.vmware.com/support/player25/doc/releasenotes_player253.html Player for Windows binary http://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe md5sum: fe28f193374c9457752ee16cd6cad4e7 sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04 Player for Linux (.rpm) http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm md5sum: c99cd65f19fdfc7651bcb7f328b73bc2 sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e Player for Linux (.bundle) http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle md5sum: 210f4cb5615bd3b2171bc054b9b2bac5 sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b Player for Linux - 64-bit (.rpm) http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm md5sum: f91576ef90b322d83225117ae9335968 sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974 Player for Linux - 64-bit (.bundle) http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle md5sum: 595d44d7945c129b1aeb679d2f001b05 sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4 VMware ACE 2.5.3 ---------------- http://www.vmware.com/download/ace/ Release notes: http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html ACE Management Server Virtual Appliance AMS Virtual Appliance .zip md5sum: 44cc7b86353047f02cf6ea0653e38418 sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1 VMware ACE for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef ACE Management Server for Windows Windows .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef ACE Management Server for SUSE Enterprise Linux 9 SLES 9 .rpm md5sum: a4fc92d7197f0d569361cdf4b8cca642 sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75 ACE Management Server for Red Hat Enterprise Linux 4 RHEL 4 .rpm md5sum: 841005151338c8b954f08d035815fd58 sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005 - ------------------------------------------------------------------------ 6. Change log 2009-08-20 VMSA-2009-0010 Initial security advisory after release of Workstation 6.5.3, Player 2.5.3, and ACE 2.5.3 on 2009-08-20. - ------------------------------------------------------------------------ 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2009 VMware Inc. All rights reserved. The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 912f61ea5210fbb94d71eef7bb634903 2007.0/i586/apache-base-2.2.3-1.3mdv2007.0.i586.rpm cb04a945da63abf56db5b444a3360916 2007.0/i586/apache-devel-2.2.3-1.3mdv2007.0.i586.rpm f4c419b30cd6f6520d9c995b9edf7098 2007.0/i586/apache-htcacheclean-2.2.3-1.3mdv2007.0.i586.rpm 1a40e9af24dce5bec34c4264ae1bdce2 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.3mdv2007.0.i586.rpm 333f116f1036dcc4a95612179f7a34bd 2007.0/i586/apache-mod_cache-2.2.3-1.3mdv2007.0.i586.rpm 717feaa8449934514872fde1dfb26ff8 2007.0/i586/apache-mod_dav-2.2.3-1.3mdv2007.0.i586.rpm 15d3661edb2fa693fcc16e890f2b25a1 2007.0/i586/apache-mod_dbd-2.2.3-1.3mdv2007.0.i586.rpm 90bdaeaea54a973f5e813a495d82b14b 2007.0/i586/apache-mod_deflate-2.2.3-1.3mdv2007.0.i586.rpm 52a5ee95962b1153467443fb608eb3d8 2007.0/i586/apache-mod_disk_cache-2.2.3-1.3mdv2007.0.i586.rpm 8a0a950bfe0ce68ca498761e120d05da 2007.0/i586/apache-mod_file_cache-2.2.3-1.3mdv2007.0.i586.rpm 4f6b84375fd94d4467a3e3088de26a80 2007.0/i586/apache-mod_ldap-2.2.3-1.3mdv2007.0.i586.rpm fa98d84669215b56d3f64450af0d0f5d 2007.0/i586/apache-mod_mem_cache-2.2.3-1.3mdv2007.0.i586.rpm 665f988fa0cc99b4b55b01565a2d3075 2007.0/i586/apache-mod_proxy-2.2.3-1.3mdv2007.0.i586.rpm a22e15e33709ec0fff4c453643094031 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.3mdv2007.0.i586.rpm cca659746b2601dc61f8382c64d40206 2007.0/i586/apache-mod_ssl-2.2.3-1.3mdv2007.0.i586.rpm 208d8db690290b848c266593324c2a75 2007.0/i586/apache-mod_userdir-2.2.3-1.3mdv2007.0.i586.rpm 92a1be6ec8e7a0b274666ea7b2c8c47f 2007.0/i586/apache-modules-2.2.3-1.3mdv2007.0.i586.rpm 71670f17ade1c090567f4850c796bdef 2007.0/i586/apache-mpm-prefork-2.2.3-1.3mdv2007.0.i586.rpm dd78ed04d011e11e8872c606d4edfa93 2007.0/i586/apache-mpm-worker-2.2.3-1.3mdv2007.0.i586.rpm eb5785a9e04f14ac7788d43d18c39fcc 2007.0/i586/apache-source-2.2.3-1.3mdv2007.0.i586.rpm f066c405e8993de4fa506d8c05d37b9e 2007.0/SRPMS/apache-2.2.3-1.3mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: b25f0ae69e8be8c807afb36a5b58e4a7 2007.0/x86_64/apache-base-2.2.3-1.3mdv2007.0.x86_64.rpm ec93723ef9b7a5e62dc6704461e2b034 2007.0/x86_64/apache-devel-2.2.3-1.3mdv2007.0.x86_64.rpm 200fac36fbd67d6cd1857272aa5147e7 2007.0/x86_64/apache-htcacheclean-2.2.3-1.3mdv2007.0.x86_64.rpm ac7ec3a712d56ce1a076f29439c042d4 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.3mdv2007.0.x86_64.rpm 126f880a37723b316f13f01c612883c5 2007.0/x86_64/apache-mod_cache-2.2.3-1.3mdv2007.0.x86_64.rpm 69460daf3173b6c9f0d9f84c3597d81a 2007.0/x86_64/apache-mod_dav-2.2.3-1.3mdv2007.0.x86_64.rpm 52cf72324ae29121fe2e2c955808791f 2007.0/x86_64/apache-mod_dbd-2.2.3-1.3mdv2007.0.x86_64.rpm 17517cc4f69dec1f4ba1c08b242526e4 2007.0/x86_64/apache-mod_deflate-2.2.3-1.3mdv2007.0.x86_64.rpm a5a27827a3f488b9f31a231aad43eae7 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.3mdv2007.0.x86_64.rpm f413791db00e648dc0fae00336340bf0 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.3mdv2007.0.x86_64.rpm 9d74a9b5ff153557cf361ca1726fd9b1 2007.0/x86_64/apache-mod_ldap-2.2.3-1.3mdv2007.0.x86_64.rpm b8fde6545785d79344d5a85b7bd88903 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.3mdv2007.0.x86_64.rpm da3a732c1e41e62207085aefcd0fb99c 2007.0/x86_64/apache-mod_proxy-2.2.3-1.3mdv2007.0.x86_64.rpm df716921b9736859a712dea86b22c3f5 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.3mdv2007.0.x86_64.rpm c69fd37756dbe81df897396e6c6413de 2007.0/x86_64/apache-mod_ssl-2.2.3-1.3mdv2007.0.x86_64.rpm a24b51c168be4a5d57a1d1b5a1401f83 2007.0/x86_64/apache-mod_userdir-2.2.3-1.3mdv2007.0.x86_64.rpm e481d9ceb7ffa6a6299417a6f7874c07 2007.0/x86_64/apache-modules-2.2.3-1.3mdv2007.0.x86_64.rpm 0917c7d2edab62a4c62e4dd6136dec93 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.3mdv2007.0.x86_64.rpm a98b13300b903a0219dc9de626ea1bbe 2007.0/x86_64/apache-mpm-worker-2.2.3-1.3mdv2007.0.x86_64.rpm e83551cd2c8365788b767f90c204a13d 2007.0/x86_64/apache-source-2.2.3-1.3mdv2007.0.x86_64.rpm f066c405e8993de4fa506d8c05d37b9e 2007.0/SRPMS/apache-2.2.3-1.3mdv2007.0.src.rpm Mandriva Linux 2007.1: cb95db6136cbe28610e3e9baab45abeb 2007.1/i586/apache-base-2.2.4-6.4mdv2007.1.i586.rpm 6f9a4f9e658d51acdb9b8230a3ff8d10 2007.1/i586/apache-devel-2.2.4-6.4mdv2007.1.i586.rpm 71499b6f32722a7af4b664849eac6320 2007.1/i586/apache-htcacheclean-2.2.4-6.4mdv2007.1.i586.rpm 4c747fdb75063c7bb9bd50c0dbc59a5b 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.4mdv2007.1.i586.rpm a3cae606ac80d807f84177c60e8455c8 2007.1/i586/apache-mod_cache-2.2.4-6.4mdv2007.1.i586.rpm 0f518e3f63d47d1c5a8193d95030f52d 2007.1/i586/apache-mod_dav-2.2.4-6.4mdv2007.1.i586.rpm 3ad5c633a0dcc187aad028f48dfb5b92 2007.1/i586/apache-mod_dbd-2.2.4-6.4mdv2007.1.i586.rpm 5fa41f5ac0caecb71c639f78222d8cee 2007.1/i586/apache-mod_deflate-2.2.4-6.4mdv2007.1.i586.rpm 1b4b5d31d1596eaa30987921d0ab07be 2007.1/i586/apache-mod_disk_cache-2.2.4-6.4mdv2007.1.i586.rpm 597eb4248325c05c1fafae90378425d6 2007.1/i586/apache-mod_file_cache-2.2.4-6.4mdv2007.1.i586.rpm f868cb2c42e06ae77fe349c7d31e0958 2007.1/i586/apache-mod_ldap-2.2.4-6.4mdv2007.1.i586.rpm a8696226c9930799d1fbad199c5e7084 2007.1/i586/apache-mod_mem_cache-2.2.4-6.4mdv2007.1.i586.rpm 2b62f69a3f58f1c572cbd8e961c11043 2007.1/i586/apache-mod_proxy-2.2.4-6.4mdv2007.1.i586.rpm bea2a28dc594b5fb8ef0591a7bb91714 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.4mdv2007.1.i586.rpm 9719faa4845deef9dc95f4ceeefce0e6 2007.1/i586/apache-mod_ssl-2.2.4-6.4mdv2007.1.i586.rpm 938e503476cac7f68b57322494e8f471 2007.1/i586/apache-mod_userdir-2.2.4-6.4mdv2007.1.i586.rpm cd01ff99ebacfe90c317d253d7ac11c4 2007.1/i586/apache-modules-2.2.4-6.4mdv2007.1.i586.rpm 5d830472142486b008e84851f5befdf9 2007.1/i586/apache-mpm-event-2.2.4-6.4mdv2007.1.i586.rpm 48ec7cbe8edbd745cc8446f2d274d8b7 2007.1/i586/apache-mpm-itk-2.2.4-6.4mdv2007.1.i586.rpm ada3666e18e2c49eb4849afbdad60f75 2007.1/i586/apache-mpm-prefork-2.2.4-6.4mdv2007.1.i586.rpm 7830123c1e76e8d02ca0a140c2b5f6c6 2007.1/i586/apache-mpm-worker-2.2.4-6.4mdv2007.1.i586.rpm 6498cc5113689f513cbdcfae0a2a3ad4 2007.1/i586/apache-source-2.2.4-6.4mdv2007.1.i586.rpm a716565584726e4d2d94ca4796c1d403 2007.1/SRPMS/apache-2.2.4-6.4mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 839816f464191d3aff0882eac70cea40 2007.1/x86_64/apache-base-2.2.4-6.4mdv2007.1.x86_64.rpm ac4910f34cbf168df34cd123604b044b 2007.1/x86_64/apache-devel-2.2.4-6.4mdv2007.1.x86_64.rpm a4b4f9d518ed8621348527938f6a8230 2007.1/x86_64/apache-htcacheclean-2.2.4-6.4mdv2007.1.x86_64.rpm d554aa06a52bd72e20f035beedd50dcf 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.4mdv2007.1.x86_64.rpm 68659f413d0b1102c220b1b4824489b6 2007.1/x86_64/apache-mod_cache-2.2.4-6.4mdv2007.1.x86_64.rpm d92ec9a9deb7d188e644075a18951ae6 2007.1/x86_64/apache-mod_dav-2.2.4-6.4mdv2007.1.x86_64.rpm 07b06f6de52f0f107106cead6f47de2c 2007.1/x86_64/apache-mod_dbd-2.2.4-6.4mdv2007.1.x86_64.rpm 6bf077871aa95d08c934eacac7f1291e 2007.1/x86_64/apache-mod_deflate-2.2.4-6.4mdv2007.1.x86_64.rpm b16f793759b09e75b7e162a5d858d835 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.4mdv2007.1.x86_64.rpm 635452cc08657fa5da5b65dc40bf2c1b 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.4mdv2007.1.x86_64.rpm 7a238972b773975493d8931d573233ec 2007.1/x86_64/apache-mod_ldap-2.2.4-6.4mdv2007.1.x86_64.rpm 46704ca76800a5b967a4dd6e8efef986 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.4mdv2007.1.x86_64.rpm 3c23cff577f9697b719c90918ef91b44 2007.1/x86_64/apache-mod_proxy-2.2.4-6.4mdv2007.1.x86_64.rpm c4ea096a86cdab894cb59bb868b849f0 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.4mdv2007.1.x86_64.rpm 01f40dde7c3c93606c82681af472815f 2007.1/x86_64/apache-mod_ssl-2.2.4-6.4mdv2007.1.x86_64.rpm 9ade922fc7d52d73a47ca5f3cb2c7525 2007.1/x86_64/apache-mod_userdir-2.2.4-6.4mdv2007.1.x86_64.rpm 5e7e44ef5703f1e4fe5a952e5a3f5239 2007.1/x86_64/apache-modules-2.2.4-6.4mdv2007.1.x86_64.rpm e1b06e559e600461e19f9ab0f21d94be 2007.1/x86_64/apache-mpm-event-2.2.4-6.4mdv2007.1.x86_64.rpm 9903bcc1c12a86a9c2f9483d0ef9685e 2007.1/x86_64/apache-mpm-itk-2.2.4-6.4mdv2007.1.x86_64.rpm ce244cc42b6c411d2e3264c6ac6e1a76 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.4mdv2007.1.x86_64.rpm 5989a935f4a0e20ac2844982e81cda83 2007.1/x86_64/apache-mpm-worker-2.2.4-6.4mdv2007.1.x86_64.rpm 339fccde52210eca1bf7e3cf05b9ce0e 2007.1/x86_64/apache-source-2.2.4-6.4mdv2007.1.x86_64.rpm a716565584726e4d2d94ca4796c1d403 2007.1/SRPMS/apache-2.2.4-6.4mdv2007.1.src.rpm Mandriva Linux 2008.0: cb013d3f4f40e2dfe6a90e0a2a7cdd74 2008.0/i586/apache-base-2.2.6-8.1mdv2008.0.i586.rpm f2e8d6e8191794fac34ddc7fc0f38588 2008.0/i586/apache-devel-2.2.6-8.1mdv2008.0.i586.rpm 8456184db4de115db70e603dbe252456 2008.0/i586/apache-htcacheclean-2.2.6-8.1mdv2008.0.i586.rpm 9e8861daffdf9d6b0ab431b1c3c1fac9 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.1mdv2008.0.i586.rpm de1f407b2eb4d84140686375d3497006 2008.0/i586/apache-mod_cache-2.2.6-8.1mdv2008.0.i586.rpm eaf010272f97a507f37a6145bb9de809 2008.0/i586/apache-mod_dav-2.2.6-8.1mdv2008.0.i586.rpm 4d1073009151607b47ffcedc96cdb834 2008.0/i586/apache-mod_dbd-2.2.6-8.1mdv2008.0.i586.rpm cfc6f2958ef8d117d1070e422078cdfa 2008.0/i586/apache-mod_deflate-2.2.6-8.1mdv2008.0.i586.rpm 3c423e687c0afc1b224e6535e16ec279 2008.0/i586/apache-mod_disk_cache-2.2.6-8.1mdv2008.0.i586.rpm ef790e64feeaf1a9ee5c58fd7e3b359d 2008.0/i586/apache-mod_file_cache-2.2.6-8.1mdv2008.0.i586.rpm 8f86f4c499dfa14fb2daf4f8b578e150 2008.0/i586/apache-mod_ldap-2.2.6-8.1mdv2008.0.i586.rpm 21b1fc690f38b779ee79bed31c5fa3a2 2008.0/i586/apache-mod_mem_cache-2.2.6-8.1mdv2008.0.i586.rpm 0ec954d20d7a080cc9a19c2146480897 2008.0/i586/apache-mod_proxy-2.2.6-8.1mdv2008.0.i586.rpm 50a87c9099f0c094c9fbb763e334fae9 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.1mdv2008.0.i586.rpm 9d4e1c4a6614e70b77cd2e03e3baeaea 2008.0/i586/apache-mod_ssl-2.2.6-8.1mdv2008.0.i586.rpm 29346499f10a850f8011191b0d242709 2008.0/i586/apache-mod_userdir-2.2.6-8.1mdv2008.0.i586.rpm 21c5bc6f2861cc532c8b5dae3f3e1ee2 2008.0/i586/apache-modules-2.2.6-8.1mdv2008.0.i586.rpm 944b6d2f395f4d26deeef93f9ce55c5b 2008.0/i586/apache-mpm-event-2.2.6-8.1mdv2008.0.i586.rpm 0fc46d4eae684b21a9a98a6c876960b3 2008.0/i586/apache-mpm-itk-2.2.6-8.1mdv2008.0.i586.rpm ab00a26cd43e9045e66da620e9678412 2008.0/i586/apache-mpm-prefork-2.2.6-8.1mdv2008.0.i586.rpm 785499e86b70da53c76a7d3321da1b30 2008.0/i586/apache-mpm-worker-2.2.6-8.1mdv2008.0.i586.rpm c1ccaf747ebe4bd71f875f70c969d4e7 2008.0/i586/apache-source-2.2.6-8.1mdv2008.0.i586.rpm 2d535ab37b9a247e827054766219f7e6 2008.0/SRPMS/apache-2.2.6-8.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 56b868f5c7a86b68666af13fe2a5c925 2008.0/x86_64/apache-base-2.2.6-8.1mdv2008.0.x86_64.rpm 16ca885969a1bd9d7f6d4a00a7c33095 2008.0/x86_64/apache-devel-2.2.6-8.1mdv2008.0.x86_64.rpm 76bcdbe509c56ec471ff767f5f7f925f 2008.0/x86_64/apache-htcacheclean-2.2.6-8.1mdv2008.0.x86_64.rpm 36fc978398d6b8f406f0913ecac5576e 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.1mdv2008.0.x86_64.rpm d6644c5729325e3a0f7bda5ffe12523c 2008.0/x86_64/apache-mod_cache-2.2.6-8.1mdv2008.0.x86_64.rpm 98e86f62995310727dc7b7343776c948 2008.0/x86_64/apache-mod_dav-2.2.6-8.1mdv2008.0.x86_64.rpm 7aa7da7cb9fc4f29071535620de42023 2008.0/x86_64/apache-mod_dbd-2.2.6-8.1mdv2008.0.x86_64.rpm 8cb681d914e9619adf261dca86154538 2008.0/x86_64/apache-mod_deflate-2.2.6-8.1mdv2008.0.x86_64.rpm 1ebc35b8050495230d6809f97dd89731 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.1mdv2008.0.x86_64.rpm 7db7d64521dc4253edc59645e79a5e57 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.1mdv2008.0.x86_64.rpm 5624b75d6d1eb311e6332c6a7e10e42f 2008.0/x86_64/apache-mod_ldap-2.2.6-8.1mdv2008.0.x86_64.rpm e7049015c893a5a75d0c4bbc68e18615 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.1mdv2008.0.x86_64.rpm 910e8bcb28e00501ebd39aa9c30e3cad 2008.0/x86_64/apache-mod_proxy-2.2.6-8.1mdv2008.0.x86_64.rpm 2451f7726434398f715bac328422faa8 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.1mdv2008.0.x86_64.rpm c6a102776378eecfbe64f87d2a4f261b 2008.0/x86_64/apache-mod_ssl-2.2.6-8.1mdv2008.0.x86_64.rpm 27a79220cf963ba1dfe6f17d6e66d3f5 2008.0/x86_64/apache-mod_userdir-2.2.6-8.1mdv2008.0.x86_64.rpm e87a2f8d0e8cf23fe0cc3a7a44195f68 2008.0/x86_64/apache-modules-2.2.6-8.1mdv2008.0.x86_64.rpm 6224d03ea5169e71fd588ddff0b95f16 2008.0/x86_64/apache-mpm-event-2.2.6-8.1mdv2008.0.x86_64.rpm e61bcd69bd997a5cddacc2f58dd1f1b9 2008.0/x86_64/apache-mpm-itk-2.2.6-8.1mdv2008.0.x86_64.rpm 304a7257ba0104bb799c3ab6a09cb977 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.1mdv2008.0.x86_64.rpm d19f57238828efc73f24ff69c1dca341 2008.0/x86_64/apache-mpm-worker-2.2.6-8.1mdv2008.0.x86_64.rpm e72351edf865715beac70996ca1ea09b 2008.0/x86_64/apache-source-2.2.6-8.1mdv2008.0.x86_64.rpm 2d535ab37b9a247e827054766219f7e6 2008.0/SRPMS/apache-2.2.6-8.1mdv2008.0.src.rpm Corporate 4.0: 0c36f90139943f6564058fb6c9a0028c corporate/4.0/i586/apache-base-2.2.3-1.3.20060mlcs4.i586.rpm 2c23db7c0c820a6d05cf9e89e10d437b corporate/4.0/i586/apache-devel-2.2.3-1.3.20060mlcs4.i586.rpm 6729c4c238ea40547ca8ad4ad34fac39 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.3.20060mlcs4.i586.rpm 8c6b35f7192abf90e6af6a07c27099d0 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.3.20060mlcs4.i586.rpm 6f3ae30580187b440261747c0f975ec6 corporate/4.0/i586/apache-mod_cache-2.2.3-1.3.20060mlcs4.i586.rpm 56dd118e6e37165e6638baab4e58d08e corporate/4.0/i586/apache-mod_dav-2.2.3-1.3.20060mlcs4.i586.rpm 6e3512489622cf59e0f32458d943f65b corporate/4.0/i586/apache-mod_dbd-2.2.3-1.3.20060mlcs4.i586.rpm 7946432730bdac3ec21ca376f8f8ca12 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.3.20060mlcs4.i586.rpm eeac05dfe0a57512de566f6a2e1e105e corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.3.20060mlcs4.i586.rpm b50af44b3084fcff0bc6cff1ac50023f corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.3.20060mlcs4.i586.rpm a92816a879182cbca50ebace4bb5f193 corporate/4.0/i586/apache-mod_ldap-2.2.3-1.3.20060mlcs4.i586.rpm 2ca6a18de738a817cb346f1eb31bf76a corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.3.20060mlcs4.i586.rpm b984ff19a2458f844f62be84635060d1 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.3.20060mlcs4.i586.rpm b816b9c09345b92da5a0216f5e9db932 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.3.20060mlcs4.i586.rpm 240fb4ea33d91846fc083def26b19465 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.3.20060mlcs4.i586.rpm afcda5d86a48edba71a81a8fda0d0f75 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.3.20060mlcs4.i586.rpm 76705f36eb869b9a1520df0c09a7d1e9 corporate/4.0/i586/apache-modules-2.2.3-1.3.20060mlcs4.i586.rpm eb5bc900fa99aab700c29af7978ca44f corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.3.20060mlcs4.i586.rpm 57a7cb6d3fc97eca6c46685f606a3618 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.3.20060mlcs4.i586.rpm 804752d26fd2db2088cbc73ee9aee8f5 corporate/4.0/i586/apache-source-2.2.3-1.3.20060mlcs4.i586.rpm ece351bfa879df71f200f00d143779b9 corporate/4.0/SRPMS/apache-2.2.3-1.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: 74d411bb422230857a8971a9ce428c0e corporate/4.0/x86_64/apache-base-2.2.3-1.3.20060mlcs4.x86_64.rpm 5ede29fb5e502fdc96dbb4722b69bb26 corporate/4.0/x86_64/apache-devel-2.2.3-1.3.20060mlcs4.x86_64.rpm dcecf6dece1ec0c083f924b8e545b864 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.3.20060mlcs4.x86_64.rpm b7bf0d94f575d6e1e42296b69e5d056b corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.3.20060mlcs4.x86_64.rpm 6718af7bd108e06d8e6be0046473ce69 corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm fce075627de036b3d71a93ceafa6105e corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.3.20060mlcs4.x86_64.rpm 973a484aed44fd0281c34a0227131400 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.3.20060mlcs4.x86_64.rpm 359ad6bfc294b82d14788ea3f2fb5b1f corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.3.20060mlcs4.x86_64.rpm ce014700683860f81922680ab29d335b corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm b918e9b9eeb06303a8b3f26f63666f74 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm 969c3cf38987f91d576de441e5781b5d corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.3.20060mlcs4.x86_64.rpm e3c4128b336c45e9470e57a1439cead9 corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm e6c07bd0bed38660852db97807e0b3dd corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.3.20060mlcs4.x86_64.rpm d6b2621b48abe4c74ecd5e24e7c3c9f9 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.3.20060mlcs4.x86_64.rpm 166b443903e18e77afee950f368ae763 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.3.20060mlcs4.x86_64.rpm bcbd01a168655d57ad7dcbf424b4d91a corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.3.20060mlcs4.x86_64.rpm 3723d163f681e478e677c75a286f352e corporate/4.0/x86_64/apache-modules-2.2.3-1.3.20060mlcs4.x86_64.rpm f17cbd7d765045b30dd43f62efb7cfd3 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.3.20060mlcs4.x86_64.rpm 6e704ce4a8ab0b5817273af16b997ea2 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.3.20060mlcs4.x86_64.rpm f35f2e3795dba910451ac03ec63f8898 corporate/4.0/x86_64/apache-source-2.2.3-1.3.20060mlcs4.x86_64.rpm ece351bfa879df71f200f00d143779b9 corporate/4.0/SRPMS/apache-2.2.3-1.3.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHjmhKmqjQ0CJFipgRAkyLAJ4jEFMu2rAIE8XH60UDFYapm8fGgwCfaHL0 O/KXRt/gdgAAug5/9/aFGGA= =YkQ1 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02824490 Version: 1 HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2011-05-05 Last Updated: 2011-05-05 Potential Security Impact: Remote Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, unauthorized modification Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. References: CVE-2002-0839, CVE-2002-0840, CVE-2003-0542, CVE-2004-0492, CVE-2005-2491, CVE-2005-3352, CVE-2005-3357, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-3918, CVE-2006-4339, CVE-2006-4343, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2009-1891, CVE-2009-3095, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3555, CVE-2010-0010 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following software updates available to resolve these vulnerabilities. Kit Name Location HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html CSWS_PHP V2.2 http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html HISTORY Version:1 (rev.1) - 5 May 2011 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEUEARECAAYFAk3C8qwACgkQ4B86/C0qfVnBqgCYtJgc2OLmG0JEGU4sCpzntC4E HACgjeWEt9Ja5qNdjhL5iwOp3JVtVic= =EvRT -----END PGP SIGNATURE-----

Multiple Trend Micro products are prone to a buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, the attacker may also be able to execute arbitrary code, but this has not been confirmed.

SAP MaxDB is prone to an unspecified remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will crash the application. This issue affects MaxDB 7.6.00.37 and 7.4.3.32; other versions may also be affected.

Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. This vulnerability CVE-2006-4190 Is a different vulnerability.By a third party .. Dance Music is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input

Firefly is an open source media server used by Roku SoundBridge and iTunes. There are multiple security vulnerabilities such as information disclosure and denial of service in Firefly: ------------------------------------ -----A] Directory traversal on Windows platform -------------------------------------- --- If you use 3 periods in the HTTP request, you can get the specific file in the parent directory of Firefly's management root folder, that is, the attacker can download all the configuration files of the server or firefly.log and other files. Mt-daapd.conf file. This vulnerability can only be exploited on Windows servers. -----------------------------------B] Windows platform bypasses certification -------- --------------------------- If the server is password protected, an unauthenticated remote attacker can have a \"/\" position before the URI. Use the period (\".\"), backslash (\"\\\"), or blank (GET file.txt HTTP/1.0) to download the files in the management root folder. This vulnerability can only be exploited on Windows servers. ----------------------------------------------C] Copy HTTP Parameter Denial Service --------------------------------------------- Send Two or more HTTP parameters with the same name (such as two Host or User-Agent) can cause the server to terminate. -----------------------------------D] Partial query results in 100% CPU usage ----- ------------------------------ The remote attacker connects to the server and sends the first line of the request (GET/HTTP/1.0) This can cause the server's CPU to reach 100% until it is disconnected from the server. Firefly Media Server is prone to multiple information-disclosure and denial-of-service vulnerabilities because it fails to handle specially crafted HTTP GET requests. Attackers can exploit these issues to access potentially sensitive information, crash the server, or consume excessive resources. Successful exploits could aid in further attacks or deny service to legitimate users

Easy File Sharing Web Server allows visitors to upload/download files via a browser, with FTP and WEB versions. Easy File Sharing Web Server has an input validation vulnerability when processing user requests. Remote attackers may exploit this vulnerability to obtain sensitive information. Easy File Sharing Web Server does not properly filter certain parameters when uploading files, allowing users to upload files to any parent directory through directory traversal attacks; in addition, there is an error in processing file download requests, allowing users to download admin.sdb and user. Any .sdb database file other than sdb; there is an error in processing the username registration request, allowing the user to leak any file content in the user folder by creating an account with the same username and file name

The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwl_get_hw_mode return value without checking for NULL, which might allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors during module initialization. The 'iwlwifi' drive is prone to a NULL-pointer dereference vulnerability because of a flaw in the 'compatible/iwl3945-base.c' file. Attackers can exploit this issue to trigger a kernel panic and cause denial-of-service conditions. Versions prior to iwlwifi 1.1.22 are vulnerable. Wireless WiFi Link is a wireless network card used in many notebooks. There is a loophole in the implementation of the Wireless WiFi Link network card driver, and a remote attacker may use this loophole to make the user's system unavailable. The iwl_set_rate() function of the compatible/iwl3945-base.c file in the iwlwifi driver of the Wireless WiFi Link network card has a null pointer reference vulnerability: static void iwl_set_rate(struct iwl_priv *priv) { const struct ieee80211_hw_mode *hw = NULL; struct ieee80211_rate *rate; int i; (1) hw = iwl_get_hw_mode(priv, priv->phymode); <-- not check ret priv->active_rate = 0; priv->active_rate_basic = 0; IWL_DEBUG_RATE("Setting rates for 802.11%c\n" , hw->mode == MODE_IEEE80211A ? 'a' : ((hw->mode == MODE_IEEE80211B) ? 'b' : 'g')); (2) for (i = 0; i < hw->num_rates; i++) { <-- null deref. (1) does not check the return value of iwl_get_hw_mode, if NULL is returned, it will cause (2) to reference a null pointer. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA29236 VERIFY ADVISORY: http://secunia.com/advisories/29236/ CRITICAL: Less critical IMPACT: Unknown, Security Bypass, DoS WHERE: Local system OPERATING SYSTEM: Red Hat Enterprise Linux Desktop (v. 5 client) http://secunia.com/product/13653/ Red Hat Enterprise Linux (v. 5 server) http://secunia.com/product/13652/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes a security issue and some vulnerabilities, where one has an unknown impact and others can be exploited by malicious, local users to bypass certain security restrictions or cause a DoS (Denial of Service). For more information: SA27842 SA27915 SA28696 SOLUTION: Updated packages are available via Red Hat Network. http://rhn.redhat.com ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2008-0154.html OTHER REFERENCES: SA27842: http://secunia.com/advisories/27842/ SA27915: http://secunia.com/advisories/27915/ SA28696: http://secunia.com/advisories/28696/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459. Cisco 7940型IP电话是一种多功能通讯设备，通过IP网络传递语音信号. Cisco 7940在处理畸形INVITE消息时存在漏洞，远程攻击者可能利用此漏洞导致设备不可用. 如果向Cisco 7940 IP电话发送了一系列SIP INVITE消息的话，就可能导致设备看起来在正常工作而实际上无法接收或发起呼叫，继续发送INVITE消息的话就会导致设备重启. 攻击者所发送的SIP INVITE消息中的Request-URI部分应不包含有用户名，如INVITE sip：XXX.XXX.XXX.XXX SIP/2.0。需要发送6次才能导致设备拒绝服务，如下所示： X ----------------------- INVITE (Call-ID ＃1) -----------------------＞ Cisco 7940 X ＜------------------ 100 Trying (Call-ID ＃1) --------------------- Cisco 7940 .... --------5 New Dialogs like the previous-------- .... X ----------------------- INVITE (Call-ID ＃7) -----------------------＞ Cisco 7940 X ＜------------------ 486 Busy (Call-ID ＃7) --------------------- Cisco 7940 -------- DoS for aproximatly 3 minutes ------ X ＜------------------ 486 Busy (Call-ID ＃1) --------------------- Cisco 7940 X ＜------------------ 486 Busy (Call-ID ＃2) --------------------- Cisco 7940 X ＜------------------ 486 Busy (Call-ID ＃3) --------------------- Cisco 7940 X ＜------------------ 486 Busy (Call-ID ＃4) --------------------- Cisco 7940 X ＜------------------ 486 Busy (Call-ID ＃5) --------------------- Cisco 7940 X ＜------------------ 486 Busy (Call-ID ＃6) --------------------- Cisco 7940. Cisco 7940 SIP phones are prone to a denial-of-service vulnerability because the device fails to handle specially crafted SIP INVITE messages. Exploiting this issue allows remote attackers to cause the device to fail to respond to further call requests and to potentially crash, denying service to legitimate users. This issue affects version P0S3-08-7-00 of Cisco 7940 SIP phones; other versions may also be affected. Cisco 7940 has a loophole when processing malformed INVITE messages. Remote attackers may use this loophole to make the device unavailable. The Request-URI part of the SIP INVITE message sent by the attacker should not contain the user name, such as INVITE sip:XXX.XXX.XXX.XXX SIP/2.0. It needs to be sent 6 times to cause the device to deny service, as follows: X ----------------------- INVITE (Call-ID #1) ---- -------------------> Cisco 7940 X <------------------ 100 Trying (Call-ID #1 ) --------------------- Cisco 7940 ...

Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CiscoWorks is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. CiscoWorks 2.6 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: CiscoWorks Common Services Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA27902 VERIFY ADVISORY: http://secunia.com/advisories/27902/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote SOFTWARE: CiscoWorks Common Services Software 3.x http://secunia.com/product/6330/ DESCRIPTION: Dave Lewis has reported a vulnerability in CiscoWorks Common Services, which can be exploited by malicious people to conduct cross-site scripting attacks. Unspecified input passed to the CiscoWorks Server login page is not properly sanitised before being returned to the user. The vulnerability is reported in CiscoWorks Common Services 3.0.x and 3.1 for both Solaris and Windows systems. SOLUTION: Apply vendor patch (registered customers). http://www.cisco.com/pcgi-bin/tablebuild.pl/cw2000-cd-one PROVIDED AND/OR DISCOVERED BY: Dave Lewis ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml Liquidmatrix: http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in the Sun eXtended System Control Facility (XSCF) Control Package (XCP) firmware before 1050 on SPARC Enterprise M4000, M5000, M8000, and M9000 servers allows remote attackers to cause a denial of service (reboot) via (1) telnet, (2) ssh, or (3) http network traffic that triggers memory exhaustion. (1) telnet Network traffic (2) ssh Network traffic (3) http Network traffic. Sun XSCF Control Package (XCP) firmware for SPARC is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to deny service to legitimate users. Versions prior to XCP 1050 are vulnerable. is an XSCF control software package used in servers such as SPARC Enterprise M4000 by Oracle Corporation of the United States. The following products are affected: Oracle SPARC Enterprise M4000, M5000, M8000, M9000 servers. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. The vulnerabilities are caused due to unspecified errors within telnet, Secure Shell (SSH), and httpd daemons of the firmware, which can be exploited to cause a DoS. SOLUTION: Update to XCP version 1050 or later. http://www.sun.com/download/products.xml?id=46fc425e PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103159-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

HFS HTTP File Server is prone to a vulnerability that lets attackers upload files and place them in arbitrary locations on the server. The issue occurs because the software fails to adequately sanitize user-supplied input. A successful exploit may allow the attacker to upload malicious files and potentially execute them; this may lead to various attacks. This issue affects versions prior to HTTP File Server 2.2b.

Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445. Cisco Security Agent for Microsoft Windows is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data. Remote attackers can exploit this issue to execute arbitrary machine code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions. This issue affects all standalone and managed versions of Cisco Security Agent for Windows. A remote attacker might cause system with CSA installed to restart or BSOD. By sending carefully crafted data an attacker might cause remote code execution, thus gains complete control over the system. By default CSA allows access to TCP ports 139 and 445. After establishing a session to TCP ports 139 and 445, an attacker can complete an exploitation without any authentication simply by sending a single packet. Other Cisco software that uses CSA component is also affected. Workaround ============= * Restrict access to TCP ports 139 and 445. Vendor Status ============== 2007.09.27 Informed the vendor 2007.10.23 Vendor confirmed the vulnerability 2007.12.05 Vendor released a security advisory (cisco-sa-20071205-csa) and related patches. For more details about the Cisco security advisory, please refer to: http://www.cisco.com/warp/public/707/cisco-sa-20071205-csa.shtml Additional Information ======================== The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-5580 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. Candidates may change significantly before they become official CVE entries. Acknowledgment =============== NSFOCUS Security Team DISCLAIMS ========== THE INFORMATION PROVIDED IS RELEASED BY NSFOCUS "AS IS" WITHOUT WARRANTY OF ANY KIND. NSFOCUS DISCLAIMS ALL WARRANTIES, EITHER EXPRESSED OR IMPLIED, EXCEPT FOR THE WARRANTIES OF MERCHANTABILITY. IN NO EVENT SHALL NSFOCUS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF NSFOCUS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. DISTRIBUTION OR REPRODUCTION OF THE INFORMATION IS PROVIDED THAT THE ADVISORY IS NOT MODIFIED IN ANY WAY. Copyright 1999-2007 NSFOCUS. All Rights Reserved. Terms of use. NSFocus Security Team <security@nsfocus.com> NSFOCUS INFORMATION TECHNOLOGY CO.,LTD (http://www.nsfocus.com) . ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. The vulnerability is caused due to a boundary error in an unspecified system driver used by the application and can be exploited to cause a buffer overflow via a specially crafted packet sent to port 139/TCP or 445/TCP. Successful exploitation may allow execution of arbitrary code. Please see the vendor's advisory for a list of Cisco products that include the agent. SOLUTION: Apply updates. http://www.cisco.com/pcgi-bin/tablebuild.pl/csm-app?psrtdcat20e2 PROVIDED AND/OR DISCOVERED BY: The vendor credits NSFocus Security Team. ORIGINAL ADVISORY: Cisco (cisco-sa-20071205-csa): http://www.cisco.com/warp/public/707/cisco-sa-20071205-csa.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request. Kerberos是美国麻省理工学院（MIT）开发的一套网络认证协议，它采用客户端/服务器结构，并且客户端和服务器端均可对对方进行身份认证（即双重验证），可防止窃听、防止replay攻击等。MIT Kerberos 5（又名krb5）是美国麻省理工学院（MIT）开发的一套网络认证协议，它采用客户端/服务器结构，并且客户端和服务器端均可对对方进行身份认证（即双重验证），可防止窃听、防止replay攻击等. Kerberos的实现上存在多个内存破坏漏洞，远程攻击者可能利用这些漏洞导致服务程序崩溃. gssftp的ftpd是Kerberos加密的FTP服务器，可通过Kerberos 5认证。在ftpd.c的reply()函数中存在未初始化的指针： void reply(int n, char *fmt, ...) { ... (1) int length, kerror; ＜---- declared length without initializer if (n) sprintf(in, \"\\%d\\%c\", n, cont_char); else in[0] = \'\'＼0\'\'; strncat(in, buf, sizeof (in) - strlen(in) - 1); ＃ifdef KRB5_KRB4_COMPAT if (strcmp(auth_type, \"KERBEROS_V4\") == 0) { if (clevel == PROT_P) length = krb_mk_priv((unsigned char *)in, (unsigned char *)out, strlen(in), schedule, ＆kdata.session, ＆ctrl_addr, ＆his_addr); else length = krb_mk_safe((unsigned char *)in, (unsigned char *)out, strlen(in), ＆kdata.session, ＆ctrl_addr, ＆his_addr); if (length == -1) { syslog(LOG_ERR, \"krb_mk_\\%s failed for KERBEROS_V4\", clevel == PROT_P ? \"priv\" ： \"safe\"); fputs(in,stdout); } } else ＃endif /* KRB5_KRB4_COMPAT */ ＃ifdef GSSAPI /* reply (based on level) */ if (strcmp(auth_type, \"GSSAPI\") == 0) { gss_buffer_desc in_buf, out_buf; OM_uint32 maj_stat, min_stat; int conf_state; in_buf.value = in; in_buf.length = strlen(in); maj_stat = gss_seal(＆min_stat, gcontext, clevel == PROT_P, /* private */ GSS_C_QOP_DEFAULT, ＆in_buf, ＆conf_state, ＆out_buf); if (maj_stat != GSS_S_COMPLETE) { ＃if 0 /* Don\'\'t setup an infinite loop */ /* generally need to deal */ secure_gss_error(maj_stat, min_stat, (clevel==PROT_P)? \"gss_seal ENC didn\'\'t complete\"： \"gss_seal MIC didn\'\'t complete\"); ＃endif /* 0 */ } else if ((clevel == PROT_P) ＆＆ !conf_state) { ＃if 0 /* Don\'\'t setup an infinite loop */ secure_error(\"GSSAPI didn\'\'t encrypt message\"); ＃endif /* 0 */ } else { memcpy(out, out_buf.value, length=out_buf.length); gss_release_buffer(＆min_stat, ＆out_buf); } } ＃endif /* GSSAPI */ /* Othe. Multiple memory-corruption vulnerabilities with unknown impacts affect MIT Kerberos 5. These issues include a use-after-free vulnerability, an integer-overflow vulnerability, and two double-free vulnerabilities. It adopts a client/server structure, and both the client and the server can authenticate each other (that is, double verification), which can prevent eavesdropping and replay attack, etc. MIT Kerberos 5 (also known as krb5) is a set of network authentication protocols developed by the Massachusetts Institute of Technology (MIT). ), which can prevent eavesdropping, prevent replay attacks, etc. There are multiple memory corruption vulnerabilities in the implementation of Kerberos, and remote attackers may use these vulnerabilities to cause the service program to crash. gssftp's ftpd is a Kerberos-encrypted FTP server that can pass Kerberos 5 authentication. (Only Ubuntu 6.06 LTS was affected.) (CVE-2007-5902, CVE-2007-5971, CVE-2007-5972) Joel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos did not correctly verify certain packet structures. II.DETAILS: ---------- Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Description A uninitialized vulnerability (CVE-2007-5894)in function reply() in ftpd.c. A dereferencing vulnerability(CVE-2007-5901) in gssapi lib in function gss_indicate_mechs(mi norStatus, mechSet) in g_initialize.c and a integer overflow vunerability(CVE-2007-5902) in rpc lib in function svcauth_gss_get_principal in svc_auth_gss.c. A double free vulnerability(CVE-2007-5971) in function gss_krb5int_make_seal_token_v3 in k5sealv3.c and another double free vulnerability(CVE-2007-5972) in function krb5_def_store_mkey in lib/kdb/kdb_default.c. Impact Reading uninitialized variables can result in unpredictable behavior, crashes, or security holes. Dereferencing,integer overflow and double free may cause instability and potentially crash. References ========== [ 1 ] CVE-2007-5894 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894 [ 2 ] CVE-2007-5901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5901 [ 3 ] CVE-2007-5902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5902 [ 4 ] CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 [ 5 ] CVE-2007-5972 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5972 III.CREDIT: ---------- Venustech AD-LAB discovery this vuln. Thank to all Venustech AD-Lab guys. V.DISCLAIMS: ----------- The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Copyright 1996-2007 VENUSTECH. All Rights Reserved. Terms of use. VENUSTECH Security Lab VENUSTECH INFORMATION TECHNOLOGY CO.,LTD(http://www.venustech.com.cn) Security Trusted {Solution} Provider Service _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-924-1 April 07, 2010 krb5 vulnerabilities CVE-2007-5901, CVE-2007-5902, CVE-2007-5971, CVE-2007-5972, CVE-2010-0629 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: krb5-kdc 1.6.dfsg.3~beta1-2ubuntu1.4 libkrb53 1.6.dfsg.3~beta1-2ubuntu1.4 Ubuntu 8.10: krb5-kdc 1.6.dfsg.4~beta1-3ubuntu0.4 Ubuntu 9.04: krb5-kdc 1.6.dfsg.4~beta1-5ubuntu2.3 libkrb53 1.6.dfsg.4~beta1-5ubuntu2.3 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Sol Jerome discovered that the Kerberos kadmind service did not correctly free memory. An unauthenticated remote attacker could send specially crafted traffic to crash the kadmind process, leading to a denial of service. (CVE-2010-0629) It was discovered that Kerberos did not correctly free memory in the GSSAPI library. If a remote attacker were able to manipulate an application using GSSAPI carefully, the service could crash, leading to a denial of service. (Ubuntu 8.10 was not affected.) (CVE-2007-5901, CVE-2007-5971) It was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. If a remote attacker were able to manipulate an application using these libraries carefully, the service could crash, leading to a denial of service. (Only Ubuntu 8.04 LTS was affected.) (CVE-2007-5902, CVE-2007-5972) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.3~beta1-2ubuntu1.4.diff.gz Size/MD5: 1747579 857bc90fe202aacef9aa7ec1915912b0 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.3~beta1-2ubuntu1.4.dsc Size/MD5: 1135 4cacf5667996472a34c29f5db3590a0a http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.3~beta1.orig.tar.gz Size/MD5: 14672599 7a36c3471aa31ffd01d5a020f9d82dff Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.6.dfsg.3~beta1-2ubuntu1.4_all.deb Size/MD5: 2121560 319ec346ce4f7acfcd3f535276b2e7e9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 140892 372ce44cc13bfcea71652553d16ab0f6 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 162164 6b37b079fa1b8fd1d512e8d5a268c6e3 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 1337522 23370d40c101659acb54bd203c263e3d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 89344 02a61de3df97772e9a46ce5f960d392d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 497374 89e647e9beec851c340774d758f6d68c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 88168 6f6c1a76b5fd3f579c26f5438fb04f69 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 230020 ff26ae7c13bedcd6335b36d335357f79 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 65660 6ad8023f8ec936b19046b04c95c948bc http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 186140 af7b0135284c9bffd16a6a03b2c36703 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 64960 abc799e9e887480fc993bdba504af466 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 91866 cfb606d8378283313f5009faa2dec564 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 73208 6ee86c16449e975666de4454ca001fb4 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 131262 a8beec1ae2763a39f4224e6457d79a68 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 146000 ea7aad15118b9e3df627d9e41f641c25 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 1289340 b3f36e7e2fb3fdba00a5af1153c4f407 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 89352 372324ef9477c4a6f3f9bc31ef297a57 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 460514 62959156fab7500c76d9f11ebae51d52 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 81706 fbbc1993212b37307d15fbac473a1568 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 201704 e920981af86ee031bcf12fdf0d58f044 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 60694 c1e8663d26f5090f64350e56967f1b4b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 173246 532692f310673efbd4329d0661811370 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 61726 78e20ba263aad29b73f92ce156ba12a7 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 84298 fe5eceddccc659692e8c95149da13dd9 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 66892 efb07a08a44037d73c7e98525dcbab56 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 131436 e9a07a3d73999fe64e97ec4f15754f00 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 143896 0885dad9ce7cfb900e80f664256ce3c7 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 1318388 8c5fee9fe04a1d4d5cd50e31066c592d http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 89348 f12babd06a10b951388d6618288b081d http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 455898 ceb7713ec70fe69de2e9e675f34162eb http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 82168 603b21fbba3e4092e21e95f7fc79addb http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 200914 066a5fa912c9a64a2a4f4de12326ded2 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 60786 d11c67185932d0b746584e0406294a3e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 172640 2de487fc075709f917b2396a053d8bde http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 61574 394a1d2ee087fb9ed2d8bbdd6b54c1c2 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 84204 1c7cccecf78f77db4073669da9f82ef7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 67206 ce64e680e6c213afea88440bb1d944b6 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 158748 c5daffac1ce8e89ee9002325f63ed078 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 159344 9fb7e6c72d4e07e06e704b127582204a http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 1335326 2e5bf6c9daec4169d467583f70b2652f http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 89362 edd451d9c7efb36480bd396347d33b47 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 482430 c4f6f3ee75b56c4fb436e0a55f008097 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 95278 554caab935dc3d35ed2297dff4b9cd21 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 245012 0a16b0e350544021fd2a3a8879d1372f http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 68806 ea6d4ae9080e63be328418af216cf7fd http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 199412 9063aec6b15eab435032ac249f516a44 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 64060 a367b9c7a4afee60fe4b8e7e98eac1a4 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 100238 e253160984af0fd0f914b453bf604b1d http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 75518 7bfda8e39e560cb747ad8b78ceee7fa8 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 134486 d031b1b700640b4e254e9ba9950c0a9c http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 142010 d0fd459614fb1e4bb411b5ff1220e6a9 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 1213582 cd49f178b2202d58d3eb471a3c791e49 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 89356 8e603c181d789500185720f8e35da971 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 428108 356af6cc775d8bafe2a028c43a33b89c http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 83266 e87d03878c6db3b236edbe0616e1c839 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 211652 121558486b173d309bccbe304b8ec550 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 64092 69c588ea021fc09582f299ec80ce5ebf http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 173032 01fd0f15a60c39f2180c0290b8b4f015 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 58806 e21d86723683a97d0f9812d820b39da7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 87886 eef2eaa5c992cd9849f865c5b88de7aa http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 69614 8f28b615e8a75bb0a6e04da3131c39bb Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1-3ubuntu0.4.diff.gz Size/MD5: 858566 abe6f3bf8714b16dd084cd583b5aa350 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1-3ubuntu0.4.dsc Size/MD5: 1671 e03526558ccf9a954c92a3e257e66351 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1.orig.tar.gz Size/MD5: 11647547 08d6ce311204803acbe878ef0bb23c71 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.6.dfsg.4~beta1-3ubuntu0.4_all.deb Size/MD5: 2148728 a0785e0f46d4268e3906483b821241bb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 146234 7c1e6b679b00982416953a085acb5f39 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 165978 0415c29a760df4dbf38e3b82e93aaf54 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 1474040 289fcb9189903998fe6adb217d111257 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 92554 db275139f0715242c7f339b0005f7f65 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 510612 ad1d674ce1ffc4f39dfc6d75d8c80282 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 92862 99ee34c7a17ce0cb980ba620cbc97e67 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 237266 eb87e828f93d628e7dab9de7a657566d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 68946 43644b68a2aa3219a07dcb85f7a45371 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 107696 5be51db685dc9d9536765a0771e52223 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 196660 e36a1e5bc9fd0b173bbd0fca05b79d0b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 67914 098fd941dbdb7c32ce12f983dbbd6ed9 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 94504 4bbe57034a98573f623870361380055d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 76670 6759a5aad2f5ba13b5b0354dc025aa0c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 136816 71232407545e52025735e7e630496f84 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 150618 e413fd35cb127f765870211bc25a47ec http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 1413034 f1f3fb8a55ee8ba77c9b6aac5ad9aff4 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 92570 98ed6b6053fff58ac3a600f4b51b7cd0 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 472690 7cf30b9521b99808b48879295b579d07 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 86424 76aefeea8bbaecc66933de53158503fe http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 213602 a6d796c92390bc1b9ff794ae4204f974 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 63886 8a7affbe90bd3c31e1bb360f4f93ce90 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 102054 15234247c475c7ac05549b3e0ac04e8a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 183124 34b361091e4883adf77658c04f431edb http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 64676 72cd11a2060ebd4524dfb4345d6ac3b0 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 87766 bd091590f2ebf42a256b00c00ca08704 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 70558 37b76c195ee928457ddb7f859ee19b80 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 136772 173deb07bb07502e6d16adc880d27209 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 148130 beebf3d09c4c0f5b605a1719d87d3f62 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 1443468 4236ad375d51fe23404e21b1979103cf http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 92538 c696e177873d8255183b7cc50576eb48 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 463248 680eff30a2fd36ab52900ad3b7d58192 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 86530 2d5c2d44148bcc30b1fc0862c26bbc88 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 206758 d08cdf41d7ee2bacd847639b5f5b8676 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 63948 c42df041a5ed4079b03fad6d1fd16a5d http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 101826 1bfed64995fab3d278fd7e382be0f207 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 182666 c40bbef2b97460a08eb18a64767c9f8f http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 64188 1421cd4073a447d334eea471a2dd548f http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 86954 b9b8f522b5881cc111124d368dcc0d6f http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 70346 f77d255277ff6ea8964c3992dded5118 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 157076 4501c9b76ba4cd09cce27ef2ce1a74ad http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 161396 9f6134a5f7e29859b46f41fa1f6c23a8 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 1472026 4f1e6fbc7c474bd9ddedce81c307e52f http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 92578 3b7a1d729048d6c66629e03a8230cb8b http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 492848 c791a13ad685af0293c3b8b0397adb25 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 96700 4980c34839066b9866eacb06fb385d23 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 245612 c4f47729971c422bdf47cbc86669999b http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 70360 4904070348252bd4bdd692d85af4249a http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 110768 2c18038848b99c2f90b87a0c8af7a2e5 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 202494 7c9671f7bdb178be8f1bbc8445ab00a9 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 66680 36a33a9765740aa2eab16419017562b0 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 98830 bfafb479fdc24c38cda9ab334c7c059e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 77096 ffc6213bd7623df1b396d14a72d4e830 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 140360 97dcf304de4a27ebac536e0092b7fc1b http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 144848 64545260134ceba4c1fa36bbb5dbb3e7 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 1332818 cfbeb843bc41b29bc39c9f472cc6f388 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 92562 18978f9e7ff1ce581359bffaa3183cae http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 433500 135cfb8e8a08c6086ee81a2401f5caea http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 87970 205855c848f241acd5262a11ca7bbc7a http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 221618 1475ec81f68851111b85bb0bb0ab6fbf http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 67506 5742f0bd5b8775f8aa948f8fda02456b http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 100974 b9c4cb0e343eb63dbda925b29888186d http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 182710 be662df46e52c604f0ef9aee39287bd4 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 60936 d39a4e432ed22e23cc7342986b59cad2 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 91922 62f5f68fe447a9e1367457ba4ac1033e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 72734 e3a771cb836f6fc6b40402befbdfdf20 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1-5ubuntu2.3.diff.gz Size/MD5: 884759 6834e06b9b7420e013639e5f0177dde7 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1-5ubuntu2.3.dsc Size/MD5: 1671 2df8fc05d522a39465b516106eb1c720 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1.orig.tar.gz Size/MD5: 11647547 08d6ce311204803acbe878ef0bb23c71 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.6.dfsg.4~beta1-5ubuntu2.3_all.deb Size/MD5: 2149012 143718b601a3a99b8ebd05937ecaed25 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 146656 2d86ade2be3e079d940e8919217802e7 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 166316 faec7da08e9aa386f72e349c7408bf10 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 1479408 de4a5e28107e556683c959c1a0cfa819 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 93046 a88830b71b66d9071ecf9e43422c1d3e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 512336 6623911d29c86d0da61a57ac3f5443fa http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 93766 c1fe58d664c3021eb0f3b39a21f292f6 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 237514 15434edb948a81df6827c54e7cfc493a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 69208 f38a09c9ce73b663053b0c16e562d53e http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 108010 397c0979124621bde63b49d55df1951b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 198894 971764b78a61757018f675faaf8d13c2 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 68258 7abb3d320bbaac22e6d91c8ddf808ced http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 94832 c3b98b57230bdd7b7f6ebb83418b398f http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 76946 85b0519be431be8228d1b8930ca82032 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 137258 6722093f41aea33c126c60594e91aa89 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 150922 b01712adff6c2dd19bbb578691b55a82 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 1417102 87153ec02650a379e068d91412027243 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 93044 d29e99de8b3cd37a2f66411cb62f69e6 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 473744 d7f752135e4a924139b89e5873901aa1 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 87338 441b4cbdfcf76a714c81f88fc78d45f0 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 213942 12b948c395cf70a2fea94cc8fc195228 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 64306 bab53b895c90f98f7964e66768e8e020 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 102364 0892484a20867e24c567a57fa9bdabbe http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 185436 c7716a56e5e00c6b34c37d619c3e2fd3 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 65034 673f5afa510e0b6c9718ca2b0b1d8634 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 88118 4d16b24b0c8de073394fcd16efbd471b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 70886 7c57638b2967e79f0b35ed27baca2c5c lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 137092 88eac351aa4c04cabeb5004ba0488a89 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 148518 5c4bcb387e8ceae4642e955c9073b936 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 1448176 04dc34d8d656fdd5cabfd522a2862fcb http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 93040 696bfd471bba2b1f3cb7d5c0538068d0 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 464142 11481d506c939a4595c5d235768692e5 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 87422 41b6c7fb1aed7ddfd0732af69c393ee5 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 207106 86e5df0b876d7a0fc53ff75dffcced9e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 64392 783c9e473eb37ca0368c9a52aa92d343 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 102218 548d6f447c103522fa6616dbea42e75a http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 184990 325f5322d631683068bc6ddc6af35940 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 64550 b6b3f9ad2c07f8f7597c484fc14315be http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 87292 bcdb18ceb438927ab77150be9c4176f9 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 70680 eb8483a9164d278a76774413d9660ddb powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 157362 3603a529157befb84af0edad2c3bb7dc http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 161722 7ba5b2cd8023ffb44230d435aad75f4c http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 1476674 1db714f8b53e25bdc2301cdfa99551bf http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 93054 82c6e84e63e5c5a561dfc55a5bbee018 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 494652 9251f6d55d90fbf9bb28ee930cef7aed http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 97626 05a2eef51dafed34f8689bde6d025d51 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 245924 2e85a1edc5ea735861525a91a37bcca6 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 70818 aa62de270b7d513cd8bd5831c63e4d20 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 111146 d4464357b86e371914cc23251c2c1780 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 204756 dd5364842f6604199e2d7698334771ff http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 67072 5144031c10eebd19c85b9bed8186b5a7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 99180 54eca3303b1097ee902e2ef84f0220e7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 77438 a18355513e1155b4dc997881878ce816 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 140558 5c0e1c57333b16f654ed94502e54d354 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 145012 bc16c76d7e202efb7f392185f9a34ecf http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 1337686 00ce5bdd2e53fd6059205375458ba917 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 93054 29490c704727e89faf1079f1b517606e http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 434466 9047f19cc6730c592a0f9ac99abd31e4 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 88702 55bf696f05f0d9b72b630d35422ed905 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 221790 bf2fb8e80cf389bee1a7b9edbcacb3d0 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 67822 4c2219ff77a59d8bcc8c78fb07e5b0e7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 101378 d7720e20362e7870e6d205a924b7e486 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 184808 7d8827058a213b3216c16cfe15d26bf1 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 61274 1b5b021b7e019641010877555e99058d http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 92206 8baa9bba468967c26e6a2c87ffa8dfbb http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 73024 607a1edca12d6130393158fc82b86b28

Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. Vulnerabilities in the MIT Kerberos libgssrpc library may allow an attacker to cause a denial of service or potentially execute arbitrary code. Kerberos是美国麻省理工学院（MIT）开发的一套网络认证协议，它采用客户端/服务器结构，并且客户端和服务器端均可对对方进行身份认证（即双重验证），可防止窃听、防止replay攻击等。MIT Kerberos 5（又名krb5）是美国麻省理工学院（MIT）开发的一套网络认证协议，它采用客户端/服务器结构，并且客户端和服务器端均可对对方进行身份认证（即双重验证），可防止窃听、防止replay攻击等. Kerberos的实现上存在多个内存破坏漏洞，远程攻击者可能利用这些漏洞导致服务程序崩溃. gssftp的ftpd是Kerberos加密的FTP服务器，可通过Kerberos 5认证。在ftpd.c的reply()函数中存在未初始化的指针： void reply(int n, char *fmt, ...) { ... (1) int length, kerror; ＜---- declared length without initializer if (n) sprintf(in, \"\\%d\\%c\", n, cont_char); else in[0] = \'\'＼0\'\'; strncat(in, buf, sizeof (in) - strlen(in) - 1); ＃ifdef KRB5_KRB4_COMPAT if (strcmp(auth_type, \"KERBEROS_V4\") == 0) { if (clevel == PROT_P) length = krb_mk_priv((unsigned char *)in, (unsigned char *)out, strlen(in), schedule, ＆kdata.session, ＆ctrl_addr, ＆his_addr); else length = krb_mk_safe((unsigned char *)in, (unsigned char *)out, strlen(in), ＆kdata.session, ＆ctrl_addr, ＆his_addr); if (length == -1) { syslog(LOG_ERR, \"krb_mk_\\%s failed for KERBEROS_V4\", clevel == PROT_P ? \"priv\" ： \"safe\"); fputs(in,stdout); } } else ＃endif /* KRB5_KRB4_COMPAT */ ＃ifdef GSSAPI /* reply (based on level) */ if (strcmp(auth_type, \"GSSAPI\") == 0) { gss_buffer_desc in_buf, out_buf; OM_uint32 maj_stat, min_stat; int conf_state; in_buf.value = in; in_buf.length = strlen(in); maj_stat = gss_seal(＆min_stat, gcontext, clevel == PROT_P, /* private */ GSS_C_QOP_DEFAULT, ＆in_buf, ＆conf_state, ＆out_buf); if (maj_stat != GSS_S_COMPLETE) { ＃if 0 /* Don\'\'t setup an infinite loop */ /* generally need to deal */ secure_gss_error(maj_stat, min_stat, (clevel==PROT_P)? \"gss_seal ENC didn\'\'t complete\"： \"gss_seal MIC didn\'\'t complete\"); ＃endif /* 0 */ } else if ((clevel == PROT_P) ＆＆ !conf_state) { ＃if 0 /* Don\'\'t setup an infinite loop */ secure_error(\"GSSAPI didn\'\'t encrypt message\"); ＃endif /* 0 */ } else { memcpy(out, out_buf.value, length=out_buf.length); gss_release_buffer(＆min_stat, ＆out_buf); } } ＃endif /* GSSAPI */ /* Othe. It adopts a client/server structure, and both the client and the server can authenticate each other (that is, double verification), which can prevent eavesdropping and replay attack, etc. ), which can prevent eavesdropping, prevent replay attacks, etc. gssftp's ftpd is a Kerberos-encrypted FTP server that can pass Kerberos 5 authentication. A flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4 protocol packets. This issue only affects krb5kdc when it has Kerberos v4 protocol compatibility enabled, which is a compiled-in default in all Kerberos versions that Mandriva Linux ships prior to Mandriva Linux 2008.0. The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 64c3f5c31177dcacc99b021ec6ed1271 2007.1/i586/ftp-client-krb5-1.5.2-6.6mdv2007.1.i586.rpm 11b4194bc9edba8c0951e44660ba9955 2007.1/i586/ftp-server-krb5-1.5.2-6.6mdv2007.1.i586.rpm 23794e6e0cb1d46a329c42a04f672c5f 2007.1/i586/krb5-server-1.5.2-6.6mdv2007.1.i586.rpm 0fbb29bd81c8452d937d30fbbda62242 2007.1/i586/krb5-workstation-1.5.2-6.6mdv2007.1.i586.rpm 8f4eea60bf4ea3bfc776f1c117ceb26d 2007.1/i586/libkrb53-1.5.2-6.6mdv2007.1.i586.rpm fd5b1da0a056d995011d2b1a692e4292 2007.1/i586/libkrb53-devel-1.5.2-6.6mdv2007.1.i586.rpm ca79ccbe3f286b9069f0ae028d9816f7 2007.1/i586/telnet-client-krb5-1.5.2-6.6mdv2007.1.i586.rpm 8a7c84f1fe1bbb5338723f28d12a9f21 2007.1/i586/telnet-server-krb5-1.5.2-6.6mdv2007.1.i586.rpm 22830790ad7715479b7d4fbecc6c1e7f 2007.1/SRPMS/krb5-1.5.2-6.6mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: fc02060b7c1da08c33952e6c14fb5627 2007.1/x86_64/ftp-client-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 513fca34bdd1f2a5643a8e6adeb62e0e 2007.1/x86_64/ftp-server-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 4f42d639753a885212e6d62bfe84a121 2007.1/x86_64/krb5-server-1.5.2-6.6mdv2007.1.x86_64.rpm 6b2ca028321fb08199be20a4aedef4a0 2007.1/x86_64/krb5-workstation-1.5.2-6.6mdv2007.1.x86_64.rpm 4d453dc2a579e74e29dfc052197fedc1 2007.1/x86_64/lib64krb53-1.5.2-6.6mdv2007.1.x86_64.rpm b22d9f1b515df1a5270d2d4c373b7dd3 2007.1/x86_64/lib64krb53-devel-1.5.2-6.6mdv2007.1.x86_64.rpm 21b245649de9e38e43782bd1a18922a7 2007.1/x86_64/telnet-client-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 1322374ab1c15b5c1392ee4ae5f915e7 2007.1/x86_64/telnet-server-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 22830790ad7715479b7d4fbecc6c1e7f 2007.1/SRPMS/krb5-1.5.2-6.6mdv2007.1.src.rpm Mandriva Linux 2008.0: 3ee5a309927b830bf8559a872161384b 2008.0/i586/ftp-client-krb5-1.6.2-7.1mdv2008.0.i586.rpm 1835baa43ab27aac2493dc7821bafa8a 2008.0/i586/ftp-server-krb5-1.6.2-7.1mdv2008.0.i586.rpm 5e8369c201ac4678a7bc46590107e45f 2008.0/i586/krb5-1.6.2-7.1mdv2008.0.i586.rpm 94277e76faf2b75553c2e6250e428a43 2008.0/i586/krb5-server-1.6.2-7.1mdv2008.0.i586.rpm 695d5b85347b906401433fa55177be1a 2008.0/i586/krb5-workstation-1.6.2-7.1mdv2008.0.i586.rpm 4696cbae0ce644c265b74ff4ce59a865 2008.0/i586/libkrb53-1.6.2-7.1mdv2008.0.i586.rpm cc8122a1c6a3449fc41d3022bbdffeb2 2008.0/i586/libkrb53-devel-1.6.2-7.1mdv2008.0.i586.rpm d5e75835b35e81a3f7d038e501dabd1c 2008.0/i586/telnet-client-krb5-1.6.2-7.1mdv2008.0.i586.rpm 072b5ba782fbd1659ed8bde15bd11b5a 2008.0/i586/telnet-server-krb5-1.6.2-7.1mdv2008.0.i586.rpm cfd133fde8cc72b038ea61dc94405701 2008.0/SRPMS/krb5-1.6.2-7.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 7a8c1c390b1d1a0b2a8fe28e8fb6a458 2008.0/x86_64/ftp-client-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm 9b312bd49bd858d00d00ec299866a275 2008.0/x86_64/ftp-server-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm 19f7d0590227c4cc636ee5528db8027a 2008.0/x86_64/krb5-1.6.2-7.1mdv2008.0.x86_64.rpm 6a84bc19cb8e32f7331ce4c1ed36dc9d 2008.0/x86_64/krb5-server-1.6.2-7.1mdv2008.0.x86_64.rpm dabaf97b9b36316dc2b69e9edc953793 2008.0/x86_64/krb5-workstation-1.6.2-7.1mdv2008.0.x86_64.rpm 2810bbed78b7480ff48b021a798cb5a1 2008.0/x86_64/lib64krb53-1.6.2-7.1mdv2008.0.x86_64.rpm 734b018e6b05204767d07a7d53ef2c3c 2008.0/x86_64/lib64krb53-devel-1.6.2-7.1mdv2008.0.x86_64.rpm 787fb5ea70eff84b91eea5d68c1e956d 2008.0/x86_64/telnet-client-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm d6224c005bc7c818c117e3fc61643840 2008.0/x86_64/telnet-server-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm cfd133fde8cc72b038ea61dc94405701 2008.0/SRPMS/krb5-1.6.2-7.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFH4WG/mqjQ0CJFipgRAom/AKDt3NL//QdT6Aw4zm4Ok/TlQjpNLQCeJ2qJ Hsy0RD3h2ilxoUTodKz7J5k= =y37y -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. I. II. III. Solution Install updates from your vendor Check with your vendors for patches or updates. For information about a vendor, please see the systems affected section in vulnerability notes VU#895609 and VU#374121 or contact your vendor directly. Administrators who compile MIT Kerberos from source should refer to MIT Security Advisory 2008-002 for more information. IV. References * US-CERT Vulnerability Note VU#895609 - <http://www.kb.cert.org/vuls/id/895609> * US-CERT Vulnerability Note VU#374121 - <http://www.kb.cert.org/vuls/id/374121> * MIT krb5 Security Advisory 2008-002 - <http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt2> _________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA08-079B.html> _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA08-079B Feedback VU#895609" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. _________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History March 19, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR+E+pPRFkHkM87XOAQK1jwf/ZDEomMLCZvsmN7KVXa0Il5PqXlfRvG2Y jdWPUCi92qmgvm8LdqoNgAUxnUGYzCHLQzw8ebmnz37AMigDNsYIzFHStgnoJDVi iK6UGC6gHLnGJFuG+otEC9jZaVeIiUbKddB2+vzvmDWLnvIsyxzmHf6lJe0IrZlH ho/cCgpfRctgZHM5Ke+pPPqMjZZ7u0OUQnM7MIcSsZbKxw8x2CyUpaSiheMDhf8p 8JGyx+nkyvZoja6Ee4WCRq3xtVaUlp/sg8IZYY5nav2VuSh15rJXLJCWDBXUU+oV aAXPa2JEx5Cn3S0CFz8SIJ4NoLUp09usVMFyeNd57FMBKRjTAC/DBw== =4wkz -----END PGP SIGNATURE----- . Background ========== MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. kadmind is the MIT Kerberos 5 administration daemon, KDC is the Key Distribution Center. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-crypt/mit-krb5 < 1.6.3-r1 >= 1.6.3-r1 Description =========== * Two vulnerabilities were found in the Kerberos 4 support in KDC: A global variable is not set for some incoming message types, leading to a NULL pointer dereference or a double free() (CVE-2008-0062) and unused portions of a buffer are not properly cleared when generating an error message, which results in stack content being contained in a reply (CVE-2008-0063). * Jeff Altman (Secure Endpoints) discovered a buffer overflow in the RPC library server code, used in the kadmin server, caused when too many file descriptors are opened (CVE-2008-0947). These bugs can only be triggered when Kerberos 4 support is enabled. This bug can only be triggered in configurations that allow large numbers of open file descriptors in a process. Workaround ========== Kerberos 4 support can be disabled via disabling the "krb4" USE flag and recompiling the ebuild, or setting "v4_mode=none" in the [kdcdefaults] section of /etc/krb5/kdc.conf. This will only work around the KDC related vulnerabilities. Resolution ========== All MIT Kerberos 5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.6.3-r1" References ========== [ 1 ] CVE-2007-5901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894 [ 2 ] CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 [ 3 ] CVE-2008-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062 [ 4 ] CVE-2008-0063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063 [ 5 ] CVE-2008-0947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-31.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . (Only Ubuntu 6.06 LTS was affected.) (CVE-2007-5902, CVE-2007-5971, CVE-2007-5972) Joel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos did not correctly verify certain packet structures. Description A uninitialized vulnerability (CVE-2007-5894)in function reply() in ftpd.c. A dereferencing vulnerability(CVE-2007-5901) in gssapi lib in function gss_indicate_mechs(mi norStatus, mechSet) in g_initialize.c and a integer overflow vunerability(CVE-2007-5902) in rpc lib in function svcauth_gss_get_principal in svc_auth_gss.c. Impact Reading uninitialized variables can result in unpredictable behavior, crashes, or security holes. Dereferencing,integer overflow and double free may cause instability and potentially crash. References ========== [ 1 ] CVE-2007-5894 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894 [ 2 ] CVE-2007-5901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5901 [ 3 ] CVE-2007-5902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5902 [ 4 ] CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 [ 5 ] CVE-2007-5972 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5972 III.CREDIT: ---------- Venustech AD-LAB discovery this vuln. Thank to all Venustech AD-Lab guys. V.DISCLAIMS: ----------- The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Copyright 1996-2007 VENUSTECH. All Rights Reserved. Terms of use. VENUSTECH Security Lab VENUSTECH INFORMATION TECHNOLOGY CO.,LTD(http://www.venustech.com.cn) Security Trusted {Solution} Provider Service _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-924-1 April 07, 2010 krb5 vulnerabilities CVE-2007-5901, CVE-2007-5902, CVE-2007-5971, CVE-2007-5972, CVE-2010-0629 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: krb5-kdc 1.6.dfsg.3~beta1-2ubuntu1.4 libkrb53 1.6.dfsg.3~beta1-2ubuntu1.4 Ubuntu 8.10: krb5-kdc 1.6.dfsg.4~beta1-3ubuntu0.4 Ubuntu 9.04: krb5-kdc 1.6.dfsg.4~beta1-5ubuntu2.3 libkrb53 1.6.dfsg.4~beta1-5ubuntu2.3 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Sol Jerome discovered that the Kerberos kadmind service did not correctly free memory. (CVE-2010-0629) It was discovered that Kerberos did not correctly free memory in the GSSAPI library. (Ubuntu 8.10 was not affected.) (CVE-2007-5901, CVE-2007-5971) It was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. (Only Ubuntu 8.04 LTS was affected.) (CVE-2007-5902, CVE-2007-5972) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.3~beta1-2ubuntu1.4.diff.gz Size/MD5: 1747579 857bc90fe202aacef9aa7ec1915912b0 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.3~beta1-2ubuntu1.4.dsc Size/MD5: 1135 4cacf5667996472a34c29f5db3590a0a http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.3~beta1.orig.tar.gz Size/MD5: 14672599 7a36c3471aa31ffd01d5a020f9d82dff Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.6.dfsg.3~beta1-2ubuntu1.4_all.deb Size/MD5: 2121560 319ec346ce4f7acfcd3f535276b2e7e9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 140892 372ce44cc13bfcea71652553d16ab0f6 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 162164 6b37b079fa1b8fd1d512e8d5a268c6e3 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 1337522 23370d40c101659acb54bd203c263e3d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 89344 02a61de3df97772e9a46ce5f960d392d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 497374 89e647e9beec851c340774d758f6d68c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 88168 6f6c1a76b5fd3f579c26f5438fb04f69 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 230020 ff26ae7c13bedcd6335b36d335357f79 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 65660 6ad8023f8ec936b19046b04c95c948bc http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 186140 af7b0135284c9bffd16a6a03b2c36703 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 64960 abc799e9e887480fc993bdba504af466 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 91866 cfb606d8378283313f5009faa2dec564 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 73208 6ee86c16449e975666de4454ca001fb4 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 131262 a8beec1ae2763a39f4224e6457d79a68 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 146000 ea7aad15118b9e3df627d9e41f641c25 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 1289340 b3f36e7e2fb3fdba00a5af1153c4f407 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 89352 372324ef9477c4a6f3f9bc31ef297a57 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 460514 62959156fab7500c76d9f11ebae51d52 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 81706 fbbc1993212b37307d15fbac473a1568 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 201704 e920981af86ee031bcf12fdf0d58f044 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 60694 c1e8663d26f5090f64350e56967f1b4b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 173246 532692f310673efbd4329d0661811370 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 61726 78e20ba263aad29b73f92ce156ba12a7 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 84298 fe5eceddccc659692e8c95149da13dd9 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 66892 efb07a08a44037d73c7e98525dcbab56 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 131436 e9a07a3d73999fe64e97ec4f15754f00 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 143896 0885dad9ce7cfb900e80f664256ce3c7 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 1318388 8c5fee9fe04a1d4d5cd50e31066c592d http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 89348 f12babd06a10b951388d6618288b081d http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 455898 ceb7713ec70fe69de2e9e675f34162eb http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 82168 603b21fbba3e4092e21e95f7fc79addb http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 200914 066a5fa912c9a64a2a4f4de12326ded2 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 60786 d11c67185932d0b746584e0406294a3e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 172640 2de487fc075709f917b2396a053d8bde http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 61574 394a1d2ee087fb9ed2d8bbdd6b54c1c2 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 84204 1c7cccecf78f77db4073669da9f82ef7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 67206 ce64e680e6c213afea88440bb1d944b6 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 158748 c5daffac1ce8e89ee9002325f63ed078 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 159344 9fb7e6c72d4e07e06e704b127582204a http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 1335326 2e5bf6c9daec4169d467583f70b2652f http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 89362 edd451d9c7efb36480bd396347d33b47 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 482430 c4f6f3ee75b56c4fb436e0a55f008097 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 95278 554caab935dc3d35ed2297dff4b9cd21 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 245012 0a16b0e350544021fd2a3a8879d1372f http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 68806 ea6d4ae9080e63be328418af216cf7fd http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 199412 9063aec6b15eab435032ac249f516a44 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 64060 a367b9c7a4afee60fe4b8e7e98eac1a4 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 100238 e253160984af0fd0f914b453bf604b1d http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 75518 7bfda8e39e560cb747ad8b78ceee7fa8 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 134486 d031b1b700640b4e254e9ba9950c0a9c http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 142010 d0fd459614fb1e4bb411b5ff1220e6a9 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 1213582 cd49f178b2202d58d3eb471a3c791e49 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 89356 8e603c181d789500185720f8e35da971 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 428108 356af6cc775d8bafe2a028c43a33b89c http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 83266 e87d03878c6db3b236edbe0616e1c839 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 211652 121558486b173d309bccbe304b8ec550 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 64092 69c588ea021fc09582f299ec80ce5ebf http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 173032 01fd0f15a60c39f2180c0290b8b4f015 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 58806 e21d86723683a97d0f9812d820b39da7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 87886 eef2eaa5c992cd9849f865c5b88de7aa http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 69614 8f28b615e8a75bb0a6e04da3131c39bb Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1-3ubuntu0.4.diff.gz Size/MD5: 858566 abe6f3bf8714b16dd084cd583b5aa350 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1-3ubuntu0.4.dsc Size/MD5: 1671 e03526558ccf9a954c92a3e257e66351 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1.orig.tar.gz Size/MD5: 11647547 08d6ce311204803acbe878ef0bb23c71 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.6.dfsg.4~beta1-3ubuntu0.4_all.deb Size/MD5: 2148728 a0785e0f46d4268e3906483b821241bb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 146234 7c1e6b679b00982416953a085acb5f39 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 165978 0415c29a760df4dbf38e3b82e93aaf54 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 1474040 289fcb9189903998fe6adb217d111257 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 92554 db275139f0715242c7f339b0005f7f65 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 510612 ad1d674ce1ffc4f39dfc6d75d8c80282 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 92862 99ee34c7a17ce0cb980ba620cbc97e67 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 237266 eb87e828f93d628e7dab9de7a657566d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 68946 43644b68a2aa3219a07dcb85f7a45371 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 107696 5be51db685dc9d9536765a0771e52223 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 196660 e36a1e5bc9fd0b173bbd0fca05b79d0b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 67914 098fd941dbdb7c32ce12f983dbbd6ed9 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 94504 4bbe57034a98573f623870361380055d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 76670 6759a5aad2f5ba13b5b0354dc025aa0c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 136816 71232407545e52025735e7e630496f84 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 150618 e413fd35cb127f765870211bc25a47ec http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 1413034 f1f3fb8a55ee8ba77c9b6aac5ad9aff4 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 92570 98ed6b6053fff58ac3a600f4b51b7cd0 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 472690 7cf30b9521b99808b48879295b579d07 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 86424 76aefeea8bbaecc66933de53158503fe http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 213602 a6d796c92390bc1b9ff794ae4204f974 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 63886 8a7affbe90bd3c31e1bb360f4f93ce90 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 102054 15234247c475c7ac05549b3e0ac04e8a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 183124 34b361091e4883adf77658c04f431edb http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 64676 72cd11a2060ebd4524dfb4345d6ac3b0 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 87766 bd091590f2ebf42a256b00c00ca08704 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 70558 37b76c195ee928457ddb7f859ee19b80 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 136772 173deb07bb07502e6d16adc880d27209 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 148130 beebf3d09c4c0f5b605a1719d87d3f62 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 1443468 4236ad375d51fe23404e21b1979103cf http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 92538 c696e177873d8255183b7cc50576eb48 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 463248 680eff30a2fd36ab52900ad3b7d58192 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 86530 2d5c2d44148bcc30b1fc0862c26bbc88 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 206758 d08cdf41d7ee2bacd847639b5f5b8676 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 63948 c42df041a5ed4079b03fad6d1fd16a5d http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 101826 1bfed64995fab3d278fd7e382be0f207 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 182666 c40bbef2b97460a08eb18a64767c9f8f http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 64188 1421cd4073a447d334eea471a2dd548f http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 86954 b9b8f522b5881cc111124d368dcc0d6f http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 70346 f77d255277ff6ea8964c3992dded5118 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 157076 4501c9b76ba4cd09cce27ef2ce1a74ad http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 161396 9f6134a5f7e29859b46f41fa1f6c23a8 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 1472026 4f1e6fbc7c474bd9ddedce81c307e52f http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 92578 3b7a1d729048d6c66629e03a8230cb8b http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 492848 c791a13ad685af0293c3b8b0397adb25 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 96700 4980c34839066b9866eacb06fb385d23 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 245612 c4f47729971c422bdf47cbc86669999b http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 70360 4904070348252bd4bdd692d85af4249a http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 110768 2c18038848b99c2f90b87a0c8af7a2e5 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 202494 7c9671f7bdb178be8f1bbc8445ab00a9 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 66680 36a33a9765740aa2eab16419017562b0 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 98830 bfafb479fdc24c38cda9ab334c7c059e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 77096 ffc6213bd7623df1b396d14a72d4e830 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 140360 97dcf304de4a27ebac536e0092b7fc1b http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 144848 64545260134ceba4c1fa36bbb5dbb3e7 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 1332818 cfbeb843bc41b29bc39c9f472cc6f388 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 92562 18978f9e7ff1ce581359bffaa3183cae http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 433500 135cfb8e8a08c6086ee81a2401f5caea http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 87970 205855c848f241acd5262a11ca7bbc7a http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 221618 1475ec81f68851111b85bb0bb0ab6fbf http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 67506 5742f0bd5b8775f8aa948f8fda02456b http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 100974 b9c4cb0e343eb63dbda925b29888186d http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 182710 be662df46e52c604f0ef9aee39287bd4 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 60936 d39a4e432ed22e23cc7342986b59cad2 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 91922 62f5f68fe447a9e1367457ba4ac1033e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 72734 e3a771cb836f6fc6b40402befbdfdf20 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1-5ubuntu2.3.diff.gz Size/MD5: 884759 6834e06b9b7420e013639e5f0177dde7 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1-5ubuntu2.3.dsc Size/MD5: 1671 2df8fc05d522a39465b516106eb1c720 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1.orig.tar.gz Size/MD5: 11647547 08d6ce311204803acbe878ef0bb23c71 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.6.dfsg.4~beta1-5ubuntu2.3_all.deb Size/MD5: 2149012 143718b601a3a99b8ebd05937ecaed25 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 146656 2d86ade2be3e079d940e8919217802e7 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 166316 faec7da08e9aa386f72e349c7408bf10 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 1479408 de4a5e28107e556683c959c1a0cfa819 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 93046 a88830b71b66d9071ecf9e43422c1d3e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 512336 6623911d29c86d0da61a57ac3f5443fa http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 93766 c1fe58d664c3021eb0f3b39a21f292f6 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 237514 15434edb948a81df6827c54e7cfc493a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 69208 f38a09c9ce73b663053b0c16e562d53e http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 108010 397c0979124621bde63b49d55df1951b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 198894 971764b78a61757018f675faaf8d13c2 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 68258 7abb3d320bbaac22e6d91c8ddf808ced http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 94832 c3b98b57230bdd7b7f6ebb83418b398f http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 76946 85b0519be431be8228d1b8930ca82032 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 137258 6722093f41aea33c126c60594e91aa89 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 150922 b01712adff6c2dd19bbb578691b55a82 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 1417102 87153ec02650a379e068d91412027243 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 93044 d29e99de8b3cd37a2f66411cb62f69e6 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 473744 d7f752135e4a924139b89e5873901aa1 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 87338 441b4cbdfcf76a714c81f88fc78d45f0 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 213942 12b948c395cf70a2fea94cc8fc195228 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 64306 bab53b895c90f98f7964e66768e8e020 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 102364 0892484a20867e24c567a57fa9bdabbe http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 185436 c7716a56e5e00c6b34c37d619c3e2fd3 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 65034 673f5afa510e0b6c9718ca2b0b1d8634 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 88118 4d16b24b0c8de073394fcd16efbd471b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 70886 7c57638b2967e79f0b35ed27baca2c5c lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 137092 88eac351aa4c04cabeb5004ba0488a89 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 148518 5c4bcb387e8ceae4642e955c9073b936 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 1448176 04dc34d8d656fdd5cabfd522a2862fcb http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 93040 696bfd471bba2b1f3cb7d5c0538068d0 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 464142 11481d506c939a4595c5d235768692e5 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 87422 41b6c7fb1aed7ddfd0732af69c393ee5 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 207106 86e5df0b876d7a0fc53ff75dffcced9e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 64392 783c9e473eb37ca0368c9a52aa92d343 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 102218 548d6f447c103522fa6616dbea42e75a http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 184990 325f5322d631683068bc6ddc6af35940 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 64550 b6b3f9ad2c07f8f7597c484fc14315be http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 87292 bcdb18ceb438927ab77150be9c4176f9 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 70680 eb8483a9164d278a76774413d9660ddb powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 157362 3603a529157befb84af0edad2c3bb7dc http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 161722 7ba5b2cd8023ffb44230d435aad75f4c http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 1476674 1db714f8b53e25bdc2301cdfa99551bf http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 93054 82c6e84e63e5c5a561dfc55a5bbee018 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 494652 9251f6d55d90fbf9bb28ee930cef7aed http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 97626 05a2eef51dafed34f8689bde6d025d51 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 245924 2e85a1edc5ea735861525a91a37bcca6 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 70818 aa62de270b7d513cd8bd5831c63e4d20 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 111146 d4464357b86e371914cc23251c2c1780 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 204756 dd5364842f6604199e2d7698334771ff http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 67072 5144031c10eebd19c85b9bed8186b5a7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 99180 54eca3303b1097ee902e2ef84f0220e7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 77438 a18355513e1155b4dc997881878ce816 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 140558 5c0e1c57333b16f654ed94502e54d354 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 145012 bc16c76d7e202efb7f392185f9a34ecf http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 1337686 00ce5bdd2e53fd6059205375458ba917 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 93054 29490c704727e89faf1079f1b517606e http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 434466 9047f19cc6730c592a0f9ac99abd31e4 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 88702 55bf696f05f0d9b72b630d35422ed905 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 221790 bf2fb8e80cf389bee1a7b9edbcacb3d0 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 67822 4c2219ff77a59d8bcc8c78fb07e5b0e7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 101378 d7720e20362e7870e6d205a924b7e486 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 184808 7d8827058a213b3216c16cfe15d26bf1 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 61274 1b5b021b7e019641010877555e99058d http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 92206 8baa9bba468967c26e6a2c87ffa8dfbb http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 73024 607a1edca12d6130393158fc82b86b28