VARIoT IoT vulnerabilities database

Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including Address Book, CFNetwork, ColorSync, CoreFoundation, CUPS, Desktop Services, iChat, IO Storage Family, Launch Services, Mail, Quick Look, Safari, Safari RSS, SMB, Software Update, Spin Tracer, Spotlight, tcpdump, and XQuery. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues. I. Further details are available in the related vulnerability notes. These products include: * Adobe Flash * Adobe Shockwave * GNU Tar II. Impact The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, surreptitious video conference initiation, and denial of service. III. This and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA07-352A Feedback VU#905292" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. _________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History December 18, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR2hR0fRFkHkM87XOAQL7Egf+NvQEwnN2IGDdDwMEb9C2RDw58FXq0EMZ 7SRO8qbrM0c+G3apLFlmCCivWpGHqms2hzrSeon/Ym1YstHQOQeoJANmsHA3SyKz Wx8TIG10jEiAgytMuyrYjf0w3alXBEsDgXcu8FRc5Z4dg7osMPe7Lco7vVfMvoZG IpEEQu98zxh2p+Vhf1XKr9UfUnkD4O88rRAs+M1oDZd46GH+JvkYLgLCmkMSwIcs Vi4M7J+KHUBBkaMZYjnp+YqRwNDq9sGskVEOVDMk9OXw7VhAR7Kf8/zo9Tt1h3P0 h9JeMBHHb0M0MEtYHx/7JxpleXS3LtyiL0kDb9cbMjxU0kKK9SKb/Q== =Y1jd -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA28136 VERIFY ADVISORY: http://secunia.com/advisories/28136/ CRITICAL: Highly critical IMPACT: Hijacking, Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 2) An error in the handling of downloaded files in CFNetwork can be exploited via directory traversal attacks to automatically download files to arbitrary folders when a user is enticed to visit a specially crafted web page. 3) An unspecified error exists in ColorSync when processing images with an embedded ColorSync profile, which can be exploited to cause a memory corruption. Successful exploitation may allow execution of arbitrary code. 4) A race condition exists in the "CFURLWriteDataAndPropertiesToResource" API, which can lead to files being created with insecure permissions. 5) A boundary error exists in the printer driver for CUPS. This can be exploited to cause a buffer overflow and allows an admin user to execute arbitrary code with system privileges by passing a specially crafted URI to the CUPS service. 6) A boundary error in CUPS can be exploited by malicious people to compromise a vulnerable system. For more information: SA27233 7) An integer underflow error in the CUPS backend in the handling of SNMP responses can be exploited to cause a stack-based buffer overflow by sending a specially crafted SNMP response. Successful exploitation allows execution of arbitrary code, but requires that SNMP is enabled. 8) A boundary error in Desktop Services can be exploited to cause a heap-based buffer overflow when a user opens a directory containing a specially crafted .DS_Store file. Successful exploitation may allow execution of arbitrary code. 9) An input validation error in tar can be exploited by malicious people to compromise a user's system. For more information: SA26573 10) An unspecified error in iChat can be exploited by malicious people on the local network to initiate a video connection without the user's approval. 11) An unspecified error exists within IO Storage Family when handling GUID partition maps within a disk image. This can be exploited to execute arbitrary code when a user is enticed to open a specially crafted disk image. 12) Launch Services does not handle HTML files as potentially unsafe content. This can be exploited to disclose sensitive information or conduct cross-site scripting attacks by enticing a user to open a specially crafted HTML file. 13) A vulnerability in Mail in the handling of unsafe file types can be exploited to compromise a user's system. For more information: SA27785 14) An error in Mail can cause the application to default to SMTP plaintext authentication if the server supports only MD5 Challenge-Response authentication and plaintext authentication. 15) Some vulnerabilities in perl can be exploited by malicious people to compromise a vulnerable system. For more information: SA27546 16) A security issue in python can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA26837 17) Plug-ins in Quick Look are not restricted from making network requests. This may lead to the disclosure of sensitive information when previewing an HTML file. 18) URLs contained in movie files may be accessed when creating an icon for a movie file or previewing a movie file using QuickLook. 19) Some security issues in ruby can be exploited by malicious people to conduct spoofing attacks. For more information: SA26985 20) Some vulnerabilities and a security issue in Ruby on Rails can be exploited by malicious people to disclose sensitive information or to conduct session fixation attacks. For more information: SA25699 SA27781 21) An error in Safari allows a page to navigate the subframes of any other page. This can be exploited to conduct cross-site scripting attacks and to disclose sensitive information when a user visits a specially crafted web page. 22) An unspecified error in Safari in the handling of RSS feeds can be exploited to cause a memory corruption and may allow execution of arbitrary code when a user accesses a specially crafted URL. 23) Some boundary errors in Samba can be exploited by malicious people to compromise a vulnerable system. For more information: SA27450 24) Some boundary errors in the Shockwave Plug-in can be exploited by malicious people to compromise a user's system. For more information: SA19218 25) A boundary error in the processing of command line arguments to "mount_smbfs" and "smbutil" can be exploited to cause a stack-based buffer overflow and execute arbitrary code with system privileges. 26) The distribution definition file used in Software Update is received by using HTTP without any authentication and allows execution of arbitrary commands. Successful exploitation requires a MitM (Man-in-the-Middle) attack. 27) An error due to an insecure file operation exists in the handling of output files in SpinTracer. This may allow a malicious, local user to execute arbitrary code with system privileges. 28) An unspecified error exists in the Microsoft Office Spotlight Importer, which can be exploited to cause a memory corruption when a user downloads a specially crafted .xls file. Successful exploitation may allow execution of arbitrary code. 29) Some vulnerabilities in tcpdump can be exploited by malicious people to cause a DoS or to compromise a user's system. For more information: SA24318 SA26135 30) Some vulnerabilities exist the Perl Compatible Regular Expressions (PCRE) library used by XQuery, which can potentially be exploited to compromise a vulnerable system. For more information: SA27543 SOLUTION: Apply Security Update 2007-009. Security Update 2007-009 (10.4.11 Universal): http://www.apple.com/support/downloads/securityupdate200700910411universal.html Security Update 2007-009 (10.4.11 PPC): http://www.apple.com/support/downloads/securityupdate200700910411ppc.html Security Update 2007-009 (10.5.1): http://www.apple.com/support/downloads/securityupdate20070091051.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Sean Harding. 3) The vendor credits Tom Ferris, Adobe Secure Software Engineering Team (ASSET). 5) The vendor credits Dave Camp, Critical Path Software. 7) The vendor credits Wei Wang, McAfee Avert Labs. 12) The vendor credits Michal Zalewski, Google Inc. 15) The vendor credits Tavis Ormandy and Will Drewry, Google Security Team. 18) The vendor credits Lukhnos D. Liu, Lithoglyph Inc. 26) Moritz Jodeit. 27) The vendor credits Kevin Finisterre, DigitalMunition ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307179 OTHER REFERENCES: SA19218: http://secunia.com/advisories/19218/ SA24318: http://secunia.com/advisories/24318/ SA25699: http://secunia.com/advisories/25699/ SA26135: http://secunia.com/advisories/26135/ SA26573: http://secunia.com/advisories/26573/ SA26837: http://secunia.com/advisories/26837/ SA26985: http://secunia.com/advisories/26985/ SA27233: http://secunia.com/advisories/27233/ SA27450: http://secunia.com/advisories/27450/ SA27543: http://secunia.com/advisories/27543/ SA27546: http://secunia.com/advisories/27546/ SA27781: http://secunia.com/advisories/27781/ SA27785: http://secunia.com/advisories/27785/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including Address Book, CFNetwork, ColorSync, CoreFoundation, CUPS, Desktop Services, iChat, IO Storage Family, Launch Services, Mail, Quick Look, Safari, Safari RSS, SMB, Software Update, Spin Tracer, Spotlight, tcpdump, and XQuery. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. 1) A signedness error exists within the processing of ASN1 encoded strings from SNMP responses. For more information: SA28129 The vulnerability affects openSUSE 10.2 and 10.3 only. x86 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-1.2.12-22.6.i586.rpm e844b0c92d437c25e71c9be92c3d6ee4 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-client-1.2.12-22.6.i586.rpm 7f3525adc1a7ab85f3650fd9adf69bc8 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-devel-1.2.12-22.6.i586.rpm 88ea6ba071bd51ee23b87c5d13a551b6 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/cups-libs-1.2.12-22.6.i586.rpm 5a41077855e2e502d6c1cfb5e369ef8b openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-1.2.7-12.9.i586.rpm c4163c0ad47db8221f9b1ea41bdbf259 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-client-1.2.7-12.9.i586.rpm b55019f39c36ea6ef3352635b7093705 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-devel-1.2.7-12.9.i586.rpm f83d6477eb8f1c2ed76ba1f4b896ced3 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/cups-libs-1.2.7-12.9.i586.rpm 295394a3fdc59c155d1683a3084df888 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-1.1.23-40.35.i586.rpm a5efab6d27bc1262873d4b467e288bbd ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-client-1.1.23-40.35.i586.rpm 69b85c943b27dccf4fd3c69072ee01de ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-devel-1.1.23-40.35.i586.rpm 8ab20affa8deb5a6d75481e244935761 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/cups-libs-1.1.23-40.35.i586.rpm 79005dc03c94da463a65b6313a06515e Power PC Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-1.2.12-22.6.ppc.rpm 63f5378c91584358555df660d128cc0f http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-client-1.2.12-22.6.ppc.rpm 835d0e286f18d2fa5bba7fa6a0ecef60 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-devel-1.2.12-22.6.ppc.rpm 47bf9d7837037bc8ea2394a3c63cdf2e http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/cups-libs-1.2.12-22.6.ppc.rpm 7421ec50af012b698f9f3e55b8dc15db openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-1.2.7-12.9.ppc.rpm ccabb5d2c72bc5fa707289b1d2529884 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-client-1.2.7-12.9.ppc.rpm 06e88fbb162d9505027071cfb49c2981 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-devel-1.2.7-12.9.ppc.rpm fdd75eb988613f025a6882e509e6f8db ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/cups-libs-1.2.7-12.9.ppc.rpm cf062d8d41eddd7eef98fb9518db4f26 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-1.1.23-40.35.ppc.rpm 2abd05fc5936cb3b3c54af60dc9f4cce ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-client-1.1.23-40.35.ppc.rpm e503e321ae5683fe8ea66084616fe0f1 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-devel-1.1.23-40.35.ppc.rpm 5c5c12e135f4f3a3dd752a24f165c80c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/cups-libs-1.1.23-40.35.ppc.rpm 17b18d3827777331560d97ff934f7a2b x86-64 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-1.2.12-22.6.x86_64.rpm f04e3ddc357e5c81e6db4170d2d773e7 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-client-1.2.12-22.6.x86_64.rpm 8b91333502a71746b16a77369d062b33 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-devel-1.2.12-22.6.x86_64.rpm 6599150352f49d5494125502a86d8930 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-libs-1.2.12-22.6.x86_64.rpm c1635a3dab2ddda61b1ea7ed835334f8 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/cups-libs-32bit-1.2.12-22.6.x86_64.rpm e84064f49db1ec54dbf9247148d91ee7 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-1.2.7-12.9.x86_64.rpm a71b6141bac10ef6b32fd156e107afa6 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-client-1.2.7-12.9.x86_64.rpm 971d1b6ed9965673b232c18c8c6897f0 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-devel-1.2.7-12.9.x86_64.rpm dcca8172ada73a69773b2be6e6b5a46e ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-libs-1.2.7-12.9.x86_64.rpm e418b6e5ab33453fabb81a0a64d72587 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/cups-libs-32bit-1.2.7-12.9.x86_64.rpm 4c9bb5f870772967b8dcb6d47e4118c5 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-1.1.23-40.35.x86_64.rpm 56c999311218649e26f5e5b745f206de ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-client-1.1.23-40.35.x86_64.rpm f7f80373487516f8258f5d32497deade ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-devel-1.1.23-40.35.x86_64.rpm 7b734519a2317ad3b706e2661c67fc3f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-libs-1.1.23-40.35.x86_64.rpm facfda468d147b872cd003cf38dd385d ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/cups-libs-32bit-1.1.23-40.35.x86_64.rpm 48fdaa964afc64d86ebb59670a2100fb Sources: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/cups-1.2.12-22.6.src.rpm ed83be3003be5537bdbf50274c6fea06 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/cups-1.2.7-12.9.src.rpm 9c0ba6d4e3c15b81642d65d5e5582ef2 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/cups-1.1.23-40.35.src.rpm ca0082ed490367ee4dba961dd1d5081f Open Enterprise Server http://support.novell.com/techcenter/psdb/eb37a23ce60ab91ec04f08ea1e3aa56a.html Novell Linux POS 9 http://support.novell.com/techcenter/psdb/eb37a23ce60ab91ec04f08ea1e3aa56a.html Novell Linux Desktop 9 http://support.novell.com/techcenter/psdb/eb37a23ce60ab91ec04f08ea1e3aa56a.html SUSE Linux Enterprise Server 10 SP1 http://support.novell.com/techcenter/psdb/eb37a23ce60ab91ec04f08ea1e3aa56a.html SUSE Linux Enterprise Desktop 10 SP1 http://support.novell.com/techcenter/psdb/eb37a23ce60ab91ec04f08ea1e3aa56a.html SUSE SLES 9 http://support.novell.com/techcenter/psdb/eb37a23ce60ab91ec04f08ea1e3aa56a.html ORIGINAL ADVISORY: http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00003.html OTHER REFERENCES: SA28129: http://secunia.com/advisories/28129/ SA28136: http://secunia.com/advisories/28136/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. I. Further details are available in the related vulnerability notes. These products include: * Adobe Flash * Adobe Shockwave * GNU Tar II. Impact The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, surreptitious video conference initiation, and denial of service. III. This and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA07-352A Feedback VU#905292" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. _________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History December 18, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR2hR0fRFkHkM87XOAQL7Egf+NvQEwnN2IGDdDwMEb9C2RDw58FXq0EMZ 7SRO8qbrM0c+G3apLFlmCCivWpGHqms2hzrSeon/Ym1YstHQOQeoJANmsHA3SyKz Wx8TIG10jEiAgytMuyrYjf0w3alXBEsDgXcu8FRc5Z4dg7osMPe7Lco7vVfMvoZG IpEEQu98zxh2p+Vhf1XKr9UfUnkD4O88rRAs+M1oDZd46GH+JvkYLgLCmkMSwIcs Vi4M7J+KHUBBkaMZYjnp+YqRwNDq9sGskVEOVDMk9OXw7VhAR7Kf8/zo9Tt1h3P0 h9JeMBHHb0M0MEtYHx/7JxpleXS3LtyiL0kDb9cbMjxU0kKK9SKb/Q== =Y1jd -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA28136 VERIFY ADVISORY: http://secunia.com/advisories/28136/ CRITICAL: Highly critical IMPACT: Hijacking, Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) A format string error in the URL handler of Address Book can be exploited to execute arbitrary code when a user views a specially crafted web page. 2) An error in the handling of downloaded files in CFNetwork can be exploited via directory traversal attacks to automatically download files to arbitrary folders when a user is enticed to visit a specially crafted web page. 3) An unspecified error exists in ColorSync when processing images with an embedded ColorSync profile, which can be exploited to cause a memory corruption. Successful exploitation may allow execution of arbitrary code. 4) A race condition exists in the "CFURLWriteDataAndPropertiesToResource" API, which can lead to files being created with insecure permissions. 5) A boundary error exists in the printer driver for CUPS. 6) A boundary error in CUPS can be exploited by malicious people to compromise a vulnerable system. For more information: SA27233 7) An integer underflow error in the CUPS backend in the handling of SNMP responses can be exploited to cause a stack-based buffer overflow by sending a specially crafted SNMP response. Successful exploitation allows execution of arbitrary code, but requires that SNMP is enabled. 8) A boundary error in Desktop Services can be exploited to cause a heap-based buffer overflow when a user opens a directory containing a specially crafted .DS_Store file. Successful exploitation may allow execution of arbitrary code. 9) An input validation error in tar can be exploited by malicious people to compromise a user's system. For more information: SA26573 10) An unspecified error in iChat can be exploited by malicious people on the local network to initiate a video connection without the user's approval. 11) An unspecified error exists within IO Storage Family when handling GUID partition maps within a disk image. This can be exploited to execute arbitrary code when a user is enticed to open a specially crafted disk image. 12) Launch Services does not handle HTML files as potentially unsafe content. This can be exploited to disclose sensitive information or conduct cross-site scripting attacks by enticing a user to open a specially crafted HTML file. 13) A vulnerability in Mail in the handling of unsafe file types can be exploited to compromise a user's system. For more information: SA27785 14) An error in Mail can cause the application to default to SMTP plaintext authentication if the server supports only MD5 Challenge-Response authentication and plaintext authentication. 15) Some vulnerabilities in perl can be exploited by malicious people to compromise a vulnerable system. For more information: SA27546 16) A security issue in python can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA26837 17) Plug-ins in Quick Look are not restricted from making network requests. This may lead to the disclosure of sensitive information when previewing an HTML file. 18) URLs contained in movie files may be accessed when creating an icon for a movie file or previewing a movie file using QuickLook. 19) Some security issues in ruby can be exploited by malicious people to conduct spoofing attacks. For more information: SA26985 20) Some vulnerabilities and a security issue in Ruby on Rails can be exploited by malicious people to disclose sensitive information or to conduct session fixation attacks. For more information: SA25699 SA27781 21) An error in Safari allows a page to navigate the subframes of any other page. This can be exploited to conduct cross-site scripting attacks and to disclose sensitive information when a user visits a specially crafted web page. 22) An unspecified error in Safari in the handling of RSS feeds can be exploited to cause a memory corruption and may allow execution of arbitrary code when a user accesses a specially crafted URL. 23) Some boundary errors in Samba can be exploited by malicious people to compromise a vulnerable system. For more information: SA27450 24) Some boundary errors in the Shockwave Plug-in can be exploited by malicious people to compromise a user's system. For more information: SA19218 25) A boundary error in the processing of command line arguments to "mount_smbfs" and "smbutil" can be exploited to cause a stack-based buffer overflow and execute arbitrary code with system privileges. 26) The distribution definition file used in Software Update is received by using HTTP without any authentication and allows execution of arbitrary commands. Successful exploitation requires a MitM (Man-in-the-Middle) attack. 27) An error due to an insecure file operation exists in the handling of output files in SpinTracer. This may allow a malicious, local user to execute arbitrary code with system privileges. 28) An unspecified error exists in the Microsoft Office Spotlight Importer, which can be exploited to cause a memory corruption when a user downloads a specially crafted .xls file. Successful exploitation may allow execution of arbitrary code. 29) Some vulnerabilities in tcpdump can be exploited by malicious people to cause a DoS or to compromise a user's system. For more information: SA24318 SA26135 30) Some vulnerabilities exist the Perl Compatible Regular Expressions (PCRE) library used by XQuery, which can potentially be exploited to compromise a vulnerable system. For more information: SA27543 SOLUTION: Apply Security Update 2007-009. Security Update 2007-009 (10.4.11 Universal): http://www.apple.com/support/downloads/securityupdate200700910411universal.html Security Update 2007-009 (10.4.11 PPC): http://www.apple.com/support/downloads/securityupdate200700910411ppc.html Security Update 2007-009 (10.5.1): http://www.apple.com/support/downloads/securityupdate20070091051.html PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Sean Harding. 3) The vendor credits Tom Ferris, Adobe Secure Software Engineering Team (ASSET). 5) The vendor credits Dave Camp, Critical Path Software. 7) The vendor credits Wei Wang, McAfee Avert Labs. 12) The vendor credits Michal Zalewski, Google Inc. 15) The vendor credits Tavis Ormandy and Will Drewry, Google Security Team. 18) The vendor credits Lukhnos D. Liu, Lithoglyph Inc. 26) Moritz Jodeit. 27) The vendor credits Kevin Finisterre, DigitalMunition ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307179 OTHER REFERENCES: SA19218: http://secunia.com/advisories/19218/ SA24318: http://secunia.com/advisories/24318/ SA25699: http://secunia.com/advisories/25699/ SA26135: http://secunia.com/advisories/26135/ SA26573: http://secunia.com/advisories/26573/ SA26837: http://secunia.com/advisories/26837/ SA26985: http://secunia.com/advisories/26985/ SA27233: http://secunia.com/advisories/27233/ SA27450: http://secunia.com/advisories/27450/ SA27543: http://secunia.com/advisories/27543/ SA27546: http://secunia.com/advisories/27546/ SA27781: http://secunia.com/advisories/27781/ SA27785: http://secunia.com/advisories/27785/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . The Red Hat Security Team also found two flaws in CUPS 1.1.x where a malicious user on the local subnet could send a set of carefully crafted IPP packets to the UDP port in such a way as to cause CUPS to crash (CVE-2008-0597) or consume memory and lead to a CUPS crash (CVE-2008-0596). Finally, another flaw was found in how CUPS handled the addition and removal of remote printers via IPP that could allow a remote attacker to send a malicious IPP packet to the UDP port causing CUPS to crash (CVE-2008-0882). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0596 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0597 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0886 _______________________________________________________________________ Updated Packages: Corporate 3.0: 71c1bd1c9099440da3e9afcfe4636525 corporate/3.0/i586/cups-1.1.20-5.16.C30mdk.i586.rpm a73fba38dbcf62fd4c64590e5d754126 corporate/3.0/i586/cups-common-1.1.20-5.16.C30mdk.i586.rpm 60b6e82788d5b0c51f68b0db44e31240 corporate/3.0/i586/cups-serial-1.1.20-5.16.C30mdk.i586.rpm 419d078e2df1396531c23cbbf2f2785d corporate/3.0/i586/libcups2-1.1.20-5.16.C30mdk.i586.rpm 064e5b42b27c90602bf8e7c47200bef8 corporate/3.0/i586/libcups2-devel-1.1.20-5.16.C30mdk.i586.rpm 5c363b9a8573a4ae3da5e654da34bae5 corporate/3.0/SRPMS/cups-1.1.20-5.16.C30mdk.src.rpm Corporate 3.0/X86_64: c33aff1c5bab9bce22f7a018f2fbfe7d corporate/3.0/x86_64/cups-1.1.20-5.16.C30mdk.x86_64.rpm ba1cba41b479e332e8d43652af86756d corporate/3.0/x86_64/cups-common-1.1.20-5.16.C30mdk.x86_64.rpm 211561645f6743343a0a9189ecd8e24e corporate/3.0/x86_64/cups-serial-1.1.20-5.16.C30mdk.x86_64.rpm d1cb2198f9b73cfb5d2ae3d69bacf12c corporate/3.0/x86_64/lib64cups2-1.1.20-5.16.C30mdk.x86_64.rpm 104350956cda23c2e2f5bb05a22df9c7 corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.16.C30mdk.x86_64.rpm 5c363b9a8573a4ae3da5e654da34bae5 corporate/3.0/SRPMS/cups-1.1.20-5.16.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHxGl7mqjQ0CJFipgRAgVuAJ9rJyJ0ysTKDyXgzUhz1Yl5SEP38wCg9SSt G00zNYjRErOH1eJ5lnnUNVs= =sKtb -----END PGP SIGNATURE-----

An "integer arithmetic" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflow. Apple QuickTime is prone to a stack-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. The issue also affects Apple TV 1.0 up to and including 2.1. The specific flaw exists within the parsing of a malformed movie atom. Specifying a large size will result in a stack overflow. -- Vendor Response: Apple has issued an update to correct this vulnerability. 1) An error in the processing of movie atoms can be exploited to cause a stack-based buffer overflow. For more information see vulnerability #8 in: SA27523 2) An error in the processing of STSZ atoms can be exploited to corrupt memory. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Cody Pierce, TippingPoint DVLabs 2) Reported by an anonymous person via ZDI. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-310A Apple QuickTime Updates for Multiple Vulnerabilities Original release date: November 06, 2007 Last revised: -- Source: US-CERT Systems Affected Vulnerabilities in Apple QuickTime affect * Apple Mac OS X * Microsoft Windows Overview Apple QuickTime contains multiple vulnerabilities. I. Description Apple QuickTime 7.3 resolves multiple vulnerabilities in the way different types of image and media files are handled. Note that Apple iTunes installs QuickTime, so any system with iTunes is vulnerable. II. For further information, please see About the security content of QuickTime 7.3. III. Solution Upgrade QuickTime Upgrade to QuickTime 7.3. This and other updates for Mac OS X are available via Apple Update. Secure your web browser To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser. References * About the security content of the QuickTime 7.3 Update - <http://docs.info.apple.com/article.html?artnum=306896> * How to tell if Software Update for Windows is working correctly when no updates are available - <http://docs.info.apple.com/article.html?artnum=304263> * Apple QuickTime Download - <http://www.apple.com/quicktime/download/> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> * Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/> _________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-310A.html> _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA07-310A Feedback VU#208011" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. _________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History November 6, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRzD0F/RFkHkM87XOAQLSVwf+LsCvcentaE5ATCISYhYd31ionkGNS9cn LeBC+yCyR330ztfQ9iBphoxxp+fYKpa/RRfnFHqJlv80HYYOiJvnunCdOY5IAbo5 ZyS2vou/ArW5WzJqk9Yq+31hClKQOIoLf/+NcUc7iKkfSBUC8/RsspascX31a1U+ dMF217Q/i9imjMhHr+PXZagRT1naUo8ygeDZ+94Vq+3XUB6qZb6rux8vFdVX3nEY yvg02JJTVpHy14Nk0KXfXwEq2Hc9uNTa/KwKknJMVqzev4eCAn+/wb424JxoKhqG lthnzMr/US4Q0NLKpFStcNyETEiKgM9RuZ4v6OWc+nJKVe+QwrDYhQ== =9WUY -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Gentoo update for win32codecs SECUNIA ADVISORY ID: SA29182 VERIFY ADVISORY: http://secunia.com/advisories/29182/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Gentoo Linux 1.x http://secunia.com/product/339/ DESCRIPTION: Gentoo has issued an update for win32codecs. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA21893 SA27523 SA27755 SOLUTION: Update to "media-libs/win32codecs-20071007-r2" or later. Note: This update removes the affected binary Quicktime library. ORIGINAL ADVISORY: http://www.gentoo.org/security/en/glsa/glsa-200803-08.xml OTHER REFERENCES: SA21893: http://secunia.com/advisories/21893/ SA27523: http://secunia.com/advisories/27523/ SA27755: http://secunia.com/advisories/27755/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Background ========== Win32 binary codecs provide support for video and audio playback. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/win32codecs < 20071007-r2 >= 20071007-r2 Description =========== Multiple buffer overflow, heap overflow, and integer overflow vulnerabilities were discovered in the Quicktime plugin when processing MOV, FLC, SGI, H.264 and FPX files. Workaround ========== There is no known workaround at this time. Resolution ========== All Win32 binary codecs users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/win32codecs-20071007-r2" Note: Since no updated binary versions have been released, the Quicktime libraries have been removed from the package. Please use the free alternative Quicktime implementations within VLC, MPlayer or Xine for playback. References ========== [ 1 ] CVE-2006-4382 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382 [ 2 ] CVE-2006-4384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384 [ 3 ] CVE-2006-4385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385 [ 4 ] CVE-2006-4386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386 [ 5 ] CVE-2006-4388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388 [ 6 ] CVE-2006-4389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389 [ 7 ] CVE-2007-4674 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674 [ 8 ] CVE-2007-6166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-08.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters. Exploiting these issues may help the attacker steal cookie-based authentication credentials and launch other attacks. These issues affect Unified MeetingPlace 6.0, 5.4, 5.3, and prior versions. Cisco Unified MeetingPlace is a set of multimedia conferencing solutions of Cisco (Cisco). This solution provides a user environment that integrates voice, video and Web conferencing. An input filtering vulnerability exists when MeetingPlace processes user data. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Input passed to certain parameters (e.g."FirstName" and "LastName") in mpweb/scripts/mpx.dll is not properly sanitised before being returned to a user. These can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Apply hotfix 5.4.156.2E or 6.0.244.1A, available via Cisco TAC (Technical Assistance Center). PROVIDED AND/OR DISCOVERED BY: Joren McReynolds ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. Perl is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input. This facilitates the remote compromise of affected computers. Perl 5.8 is vulnerable to this issue; other versions may also be affected. Perl is a free and powerful programming language. An error in the way Perl's regular expression engine calculates the space required to process regular expressions could allow a local attacker to elevate privileges. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ____________________________________________________________________________ Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2007.023 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2007.023 Advisory Published: 2007-11-08 08:52 UTC Issue Id (internal): OpenPKG-SI-20071108.01 Issue First Created: 2007-11-08 Issue Last Modified: 2007-11-08 Issue Revision: 01 ____________________________________________________________________________ Subject Name: perl Subject Summary: Programming Language Subject Home: http://www.perl.com/ Subject Versions: 5.* <= 5.8.8 Vulnerability Id: CVE-2007-5116 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: remote network Attack Impact: arbitrary code execution Description: Will Drewry and Tavis Ormandy of the Google Security Team have discovered a UTF-8 related heap overflow in the regular expression compiler of the Perl [0] programming language, probably allowing attackers to execute arbitrary code by compiling specially crafted regular expressions. References: [0] http://www.perl.com/ ____________________________________________________________________________ Primary Package Name: perl Primary Package Home: http://openpkg.org/go/package/perl Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Community CURRENT perl-5.8.8-20071108 ____________________________________________________________________________ For security reasons, this document was digitally signed with the OpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34) which you can download from http://openpkg.com/openpkg.com.pgp or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/. Follow the instructions at http://openpkg.com/security/signatures/ for more details on how to verify the integrity of this document. =========================================================== Ubuntu Security Notice USN-552-1 December 04, 2007 perl vulnerability CVE-2007-5116 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libperl5.8 5.8.7-10ubuntu1.1 Ubuntu 6.10: libperl5.8 5.8.8-6ubuntu0.1 Ubuntu 7.04: libperl5.8 5.8.8-7ubuntu0.1 Ubuntu 7.10: libperl5.8 5.8.8-7ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Perl's regular expression library did not correctly handle certain UTF sequences. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-10ubuntu1.1.diff.gz Size/MD5: 165472 98da6197bbc7b042806866f19809a8b5 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-10ubuntu1.1.dsc Size/MD5: 737 a90e131231bab24114d318e852fbc451 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7.orig.tar.gz Size/MD5: 12512211 dacefa1fe3c5b6d7bbc334ad94826131 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.7-10ubuntu1.1_all.deb Size/MD5: 7207544 8a96f50ff5738a2fafd7beb74a02f435 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.7-10ubuntu1.1_all.deb Size/MD5: 2325742 021c622fda16904921dfcf02a6aa96c4 http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.7-10ubuntu1.1_all.deb Size/MD5: 40008 bd31ddd280da57be85e00c7c19d1f457 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-10ubuntu1.1_amd64.deb Size/MD5: 640850 9d0719b4779da8f93fedfb0eb654132b http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-10ubuntu1.1_amd64.deb Size/MD5: 1012 9c697f9e42f949736cf725e9c2774371 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-10ubuntu1.1_amd64.deb Size/MD5: 820628 080304d81ce38cc91246c8c2b7ee891f http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-10ubuntu1.1_amd64.deb Size/MD5: 31478 dc27f9788ff01fd5097976ee75626e61 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-10ubuntu1.1_amd64.deb Size/MD5: 3978354 6d79ae2514a3ec9f152d0de125531192 http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-10ubuntu1.1_amd64.deb Size/MD5: 2639400 2532bbf9f7ec861e7722d5cc1bef9836 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-10ubuntu1.1_i386.deb Size/MD5: 559856 9ca996d88c16acb2a19eb6f80e3a68f4 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-10ubuntu1.1_i386.deb Size/MD5: 505890 501159b17800e56a2824b06aca598460 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-10ubuntu1.1_i386.deb Size/MD5: 737866 d3ca5af34f45f36979e644cb5e94cbb9 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-10ubuntu1.1_i386.deb Size/MD5: 28974 c4eade3cf3be3b813bcbd7af7841b146 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-10ubuntu1.1_i386.deb Size/MD5: 3296740 7e67c35913fd8046a75434e401130497 http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-10ubuntu1.1_i386.deb Size/MD5: 2404442 0138415fc08635142fb0985f30997655 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-10ubuntu1.1_powerpc.deb Size/MD5: 656338 6201cd747c040ba44701ed056c9760c0 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-10ubuntu1.1_powerpc.deb Size/MD5: 1014 fecb67e1721ab983e3fb1a69eb610672 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-10ubuntu1.1_powerpc.deb Size/MD5: 815514 2799cd895e4681ed7f194039368e1dae http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-10ubuntu1.1_powerpc.deb Size/MD5: 32042 808c4cdcc9db259a87224bbe75394c96 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-10ubuntu1.1_powerpc.deb Size/MD5: 3656072 73cdf23c1e5fbda52f4936bb6d52fc9a http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-10ubuntu1.1_powerpc.deb Size/MD5: 2594308 f6585376f877b9838bb62bd09002de49 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-10ubuntu1.1_sparc.deb Size/MD5: 599300 d4011b7ac37b77c53901f676a623cd0f http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-10ubuntu1.1_sparc.deb Size/MD5: 1008 caf72f034baf309d4a9269d45148325d http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-10ubuntu1.1_sparc.deb Size/MD5: 790400 23a9e4c89ad2fe168ccc2391a89e463d http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-10ubuntu1.1_sparc.deb Size/MD5: 30114 a53a3f41de69344ec741d46220e3ad7e http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-10ubuntu1.1_sparc.deb Size/MD5: 3581290 7be78922d29146a99fb5a3f7dec3790e http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-10ubuntu1.1_sparc.deb Size/MD5: 2485596 02c9351609686d699573508e64fa2db0 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-6ubuntu0.1.diff.gz Size/MD5: 88034 e7b46f9bc884e567164e379ab26e9650 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-6ubuntu0.1.dsc Size/MD5: 749 910ebb281f9ea452ae0857c8314d1cfd http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8.orig.tar.gz Size/MD5: 12829188 b8c118d4360846829beb30b02a6b91a7 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.8-6ubuntu0.1_all.deb Size/MD5: 7352010 b99926050f3b94b3e48860f70f740aa3 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.8-6ubuntu0.1_all.deb Size/MD5: 2309166 9d0fd2d1e39918d3dc0b1aab4c94fef1 http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.8-6ubuntu0.1_all.deb Size/MD5: 40398 22b82469393909ff8696fb66c5cd3a53 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-6ubuntu0.1_amd64.deb Size/MD5: 633844 d731f8b5c5e72a8f901b8e5f1ff9c969 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-6ubuntu0.1_amd64.deb Size/MD5: 1060 3f823954c678b8ec7cdbfa162769c5a2 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-6ubuntu0.1_amd64.deb Size/MD5: 809976 4b9d37a405a280fecd1f66de779bb3ff http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-6ubuntu0.1_amd64.deb Size/MD5: 2740032 0f8417f96f652753f1ba80248cf00b22 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-6ubuntu0.1_amd64.deb Size/MD5: 33032 2f89afbc96c250918bc1ca19d91e1adb http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-6ubuntu0.1_amd64.deb Size/MD5: 4047288 5732ea8ac056e8b84eae8aacff85e39f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-6ubuntu0.1_i386.deb Size/MD5: 576166 39f1f4597d70b448edabcf55ae025d31 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-6ubuntu0.1_i386.deb Size/MD5: 521498 35f0badd87f6ea95677671a923c0bd9b http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-6ubuntu0.1_i386.deb Size/MD5: 751416 fec47b71b9705f139a119e758522650c http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-6ubuntu0.1_i386.deb Size/MD5: 2507638 631968cae57f3b647ee7a2cbf6c1c326 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-6ubuntu0.1_i386.deb Size/MD5: 31446 697584fbffbdb407f414688b5e65de2e http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-6ubuntu0.1_i386.deb Size/MD5: 3375590 d60160cc0c6f0f02d7001c2b5b6c0eda powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-6ubuntu0.1_powerpc.deb Size/MD5: 655630 54ed7f131777c37840a07d45449abbed http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-6ubuntu0.1_powerpc.deb Size/MD5: 1058 c7d4ed077dc5f47813cf9651832c4139 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-6ubuntu0.1_powerpc.deb Size/MD5: 811264 dbfa0db2d5addbef8999a7ca635f76c9 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-6ubuntu0.1_powerpc.deb Size/MD5: 2704838 d58cadf730c133612a2b715a6d1ba76b http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-6ubuntu0.1_powerpc.deb Size/MD5: 33034 cb872bf5e3e82f2fadd68531744fce74 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-6ubuntu0.1_powerpc.deb Size/MD5: 3734780 89ad67a21fad9c6ad706ef4528ab244b sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-6ubuntu0.1_sparc.deb Size/MD5: 596308 ba0fd9953be95186e73fc0182e8bc638 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-6ubuntu0.1_sparc.deb Size/MD5: 1058 249e2f0416e9dda9b89b200fc0307abf http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-6ubuntu0.1_sparc.deb Size/MD5: 785358 57c0b81325a4178a03c5459f3764892c http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-6ubuntu0.1_sparc.deb Size/MD5: 2580646 a6bc6816614b1498813f73c64f6fcee5 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-6ubuntu0.1_sparc.deb Size/MD5: 31238 30dac6d5bc7e52ca86bf31b63d2b4bdc http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-6ubuntu0.1_sparc.deb Size/MD5: 3675336 12fa93853d4b4aec097c5bf94280fdb5 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu0.1.diff.gz Size/MD5: 93072 d7601147dea2f84164094cb5f465468f http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu0.1.dsc Size/MD5: 833 dc5eec23d30c9c2949d7f8db63853b1e http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8.orig.tar.gz Size/MD5: 12829188 b8c118d4360846829beb30b02a6b91a7 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.8-7ubuntu0.1_all.deb Size/MD5: 7352222 e55e069d2f8000557b7b5b2aa0a1adcb http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.8-7ubuntu0.1_all.deb Size/MD5: 2309560 dd6bed420c639b12e8d87e1e1c17761f http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.8-7ubuntu0.1_all.deb Size/MD5: 40926 c175bc89fb6e7ab0a09b42a256dffc92 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7ubuntu0.1_amd64.deb Size/MD5: 633990 6f659d15fd70053cadabb6eb4a62af97 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7ubuntu0.1_amd64.deb Size/MD5: 1054 9bce50cfb434976acdf5fde560b20488 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ubuntu0.1_amd64.deb Size/MD5: 825078 097d8f4a1122478d3757e806ce87aa52 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7ubuntu0.1_amd64.deb Size/MD5: 2751476 6f3d9b0d94b648240948c67cda43f5ea http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ubuntu0.1_amd64.deb Size/MD5: 33584 d9a3ef3ef1fe338c5d8d4b8becd90e54 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu0.1_amd64.deb Size/MD5: 4053672 6d4e46bffe916b65f60ad22646ffe04f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7ubuntu0.1_i386.deb Size/MD5: 575736 4e8b9308d46c94245aa425d5d748310b http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7ubuntu0.1_i386.deb Size/MD5: 533092 0e51d08b389b40e4de7ba387d1e84ec6 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ubuntu0.1_i386.deb Size/MD5: 764366 95193d01ace6a4e14a1def19b3f30545 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7ubuntu0.1_i386.deb Size/MD5: 2519080 f2d8e651e6a675a98f86f65646ce39e1 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ubuntu0.1_i386.deb Size/MD5: 31944 8c6a5688d5f2aff2af6a3720f493a171 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu0.1_i386.deb Size/MD5: 3387948 69d6eaa7c204c6fe7f64b654cf152894 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7ubuntu0.1_powerpc.deb Size/MD5: 655158 5353abcd2b8cc6984e62af1560c23553 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7ubuntu0.1_powerpc.deb Size/MD5: 1058 f4de2f8f93bc1b1b2b254165c145ee3b http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ubuntu0.1_powerpc.deb Size/MD5: 854058 a17efcd900e80cee096b1ad7d01b0f46 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7ubuntu0.1_powerpc.deb Size/MD5: 2721466 1412c01799559dd3d78e82c74a916996 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ubuntu0.1_powerpc.deb Size/MD5: 37020 96638207a58488a7be3b5736020fa9fe http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu0.1_powerpc.deb Size/MD5: 3769700 da74c33814b0565f4f073b00cecea400 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7ubuntu0.1_sparc.deb Size/MD5: 596338 0cd6d0e9704cd7ee3b3dd9e33f9d3396 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7ubuntu0.1_sparc.deb Size/MD5: 1058 84c48fa4edef5274c8d9d4c55fe3b52a http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ubuntu0.1_sparc.deb Size/MD5: 798438 69eb63699dea95c17df557ccd44564ca http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7ubuntu0.1_sparc.deb Size/MD5: 2592862 98850ef36922fa444fd0502afba43bd7 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ubuntu0.1_sparc.deb Size/MD5: 33070 d22c4f74172c4adba2697abf5c73c68e http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu0.1_sparc.deb Size/MD5: 3682418 60c99f0e4ccc43f85c79938a96ee0455 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu3.1.diff.gz Size/MD5: 93377 1e4ec9cfc65220001f38e66bc4f56f9e http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu3.1.dsc Size/MD5: 833 4f3fbac268e294b885eae342164b3689 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8.orig.tar.gz Size/MD5: 12829188 b8c118d4360846829beb30b02a6b91a7 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.8-7ubuntu3.1_all.deb Size/MD5: 7352108 e5eb23ee5b3aa0cdc9695a16d6806dce http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.8-7ubuntu3.1_all.deb Size/MD5: 2309548 a3e19bb488e5abdd25bb6dbfcfc41f01 http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.8-7ubuntu3.1_all.deb Size/MD5: 41112 015a3cd3f858159ca6e8f59d9f24a4ea amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7ubuntu3.1_amd64.deb Size/MD5: 636102 f074f93f1d6f20b5b4fd3a87681fcc6d http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7ubuntu3.1_amd64.deb Size/MD5: 1058 a08f769b54183fa2e1ad5209df65b4fa http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ubuntu3.1_amd64.deb Size/MD5: 826274 dded240edee784d66b32d15a42e21420 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7ubuntu3.1_amd64.deb Size/MD5: 2758908 030cca99de6221176f6f1b30b2730761 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ubuntu3.1_amd64.deb Size/MD5: 33638 0fb9c0f1f5a4ec9be1a8fa5b153f3a31 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu3.1_amd64.deb Size/MD5: 4054576 ed997ee6c2d500d6edc6cbc0044ce6be i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7ubuntu3.1_i386.deb Size/MD5: 576402 9a43f0153732f1c9da78dd888a679e08 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7ubuntu3.1_i386.deb Size/MD5: 533380 1bb3c67a2d586ef3eaefb41be94ab729 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ubuntu3.1_i386.deb Size/MD5: 765194 3e7418191776393366a27650158850f8 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7ubuntu3.1_i386.deb Size/MD5: 2522478 f8720540f22cf8cf7f09b3456b327cae http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ubuntu3.1_i386.deb Size/MD5: 31910 f109f1280eb2d49cd1c1ce6a0ca1f0be http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu3.1_i386.deb Size/MD5: 3386812 7d0627fd447f7304f09cf1f97fd9a60d powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7ubuntu3.1_powerpc.deb Size/MD5: 655908 8938912ff5b287ecf0cc03346c34bbb1 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7ubuntu3.1_powerpc.deb Size/MD5: 1064 798ce70342c8d3604f23f5752866ea81 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ubuntu3.1_powerpc.deb Size/MD5: 854220 c486169333316db7439e1095b1cce637 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7ubuntu3.1_powerpc.deb Size/MD5: 2724854 bdcd88d30efe2b485b35250c5c3ee797 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ubuntu3.1_powerpc.deb Size/MD5: 37026 a83324fe5b2179fd06f06bd68d349f25 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu3.1_powerpc.deb Size/MD5: 3768652 1a31197fa79647a63ea3ae553353a857 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7ubuntu3.1_sparc.deb Size/MD5: 596948 2d898e93ec93bec4f77d7d88601fab96 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7ubuntu3.1_sparc.deb Size/MD5: 1060 3d3ecf3c4b079230a7232667d86df061 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ubuntu3.1_sparc.deb Size/MD5: 799330 db0cf8569787563788f4b4299f3a24c3 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7ubuntu3.1_sparc.deb Size/MD5: 2594250 4d26ef4c14fa16e0cd5b94a75596590d http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ubuntu3.1_sparc.deb Size/MD5: 33122 264999f3199971dc1cf0aca911c3b1ea http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu3.1_sparc.deb Size/MD5: 3684732 497152ef28c663d150b4d1d564a1b068 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: AMD64 x86 emulation base libraries: Multiple vulnerabilities Date: December 12, 2014 Bugs: #196865, #335508, #483632, #508322 ID: 201412-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code. Background ========== AMD64 x86 emulation base libraries provides pre-compiled 32-bit libraries. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/emul-linux-x86-baselibs < 20140406-r1 >= 20140406-r1 Description =========== Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. Impact ====== A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All users of the AMD64 x86 emulation base libraries should upgrade to the latest version: # emerge --sync # emerge -1av ">=app-emulation/emul-linux-x86-baselibs-20140406-r1" NOTE: One or more of the issues described in this advisory have been fixed in previous updates. They are included in this advisory for the sake of completeness. It is likely that your system is already no longer affected by them. References ========== [ 1 ] CVE-2007-0720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0720 [ 2 ] CVE-2007-1536 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1536 [ 3 ] CVE-2007-2026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2026 [ 4 ] CVE-2007-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2445 [ 5 ] CVE-2007-2741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2741 [ 6 ] CVE-2007-3108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3108 [ 7 ] CVE-2007-4995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4995 [ 8 ] CVE-2007-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5116 [ 9 ] CVE-2007-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135 [ 10 ] CVE-2007-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5266 [ 11 ] CVE-2007-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5268 [ 12 ] CVE-2007-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5269 [ 13 ] CVE-2007-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5849 [ 14 ] CVE-2010-1205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205 [ 15 ] CVE-2013-0338 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0338 [ 16 ] CVE-2013-0339 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0339 [ 17 ] CVE-2013-1664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1664 [ 18 ] CVE-2013-1969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1969 [ 19 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 [ 20 ] CVE-2014-0160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0160 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2008-0001 Synopsis: Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages Issue date: 2008-01-07 Updated on: 2008-01-07 CVE numbers: CVE-2007-5360 CVE-2007-5398 CVE-2007-4572 CVE-2007-5191 CVE-2007-5116 CVE-2007-3108 CVE-2007-5135 - ------------------------------------------------------------------- 1. Summary: Updated service console patches 2. Relevant releases: ESX Server 3.0.2 without patches ESX-1002969, ESX-1002970, ESX-1002971, ESX-1002975, ESX-1002976 ESX Server 3.0.1 without patches ESX-1002962, ESX-1002963, ESX-1002964, ESX-1002968, ESX-1002972, ESX-1003176 3. Problem description: I OpenPegasus PAM Authentication Buffer Overflow Alexander Sotirov from VMware Security Research discovered a buffer overflow vulnerability in the OpenPegasus Management server. This flaw could be exploited by a malicious remote user on the service console network to gain root access to the service console. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5360 to this issue. RPM Updated: pegasus-2.5-552927 VM Shutdown: No Host Reboot: No Note: ESX Server 3.5 and ESX Server 3i are not affected by this issue. ESX Server 3.0.2 http://download3.vmware.com/software/vi/ESX-1002970.tgz md5sum: d19115e965d486e72100ce489efea707 http://kb.vmware.com/kb/1002970 ESX Server 3.0.1 http://download3.vmware.com/software/vi/ESX-1003176.tgz md5sum: 5674ca0dcfac90726014cc316444996e http://kb.vmware.com/kb/1003176 ESX Server 2.5.x Users should remove the OpenPegasus CIM Management rpm. This component is disabled by default, and VMware recommends that you do not use this component of ESX Server 2.x. If you want to use the CIM functionality, upgrade to ESX Server 3.0.1 or a later release. Note: This vulnerability can be exploited remotely only if the attacker has access to the service console network. Security best practices provided by VMware recommend that the service console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices. II Service Console package security updates a. Updated Samba package An issue where attackers on the service console management network can cause a stack-based buffer overflow in the reply_netbios_packet function of nmbd in Samba. On systems where Samba is being used as a WINS server, exploiting this vulnerability can allow remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request. An issue where attackers on the service console management network can exploit a vulnerability that occurs when Samba is configured as a Primary or Backup Domain controller. The vulnerability allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5398 and CVE-2007-4572 to these issues. Note: By default Samba is not configured as a WINS server or a domain controller and ESX is not vulnerable unless the administrator has changed the default configuration. This vulnerability can be exploited remotely only if the attacker has access to the service console network. Security best practices provided by VMware recommend that the service console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices. RPM Updated: samba-3.0.9-1.3E.14.1vmw samba-client-3.0.9-1.3E.14.1vmw samba-common-3.0.9-1.3E.14.1vmw VM Shutdown: Yes Host Reboot: Yes ESX Server 3.5.0 is not affected by this issue ESX Server 3.0.2 http://download3.vmware.com/software/vi/ESX-1002975.tgz md5sum: 797a7494c2c4eb49629d3f94818df5dd http://kb.vmware.com/kb/1002975 ESX Server 3.0.1 http://download3.vmware.com/software/vi/ESX-1002968.tgz md5sum: 5106d90afaf77c3a0d8433487f937d06 http://kb.vmware.com/kb/1002968 ESX Server 2.5.5 download Upgrade Patch 3 ESX Server 2.5.4 download Upgrade Patch 14 b. Updated util-linux package The patch addresses an issue where the mount and umount utilities in util-linux call the setuid and setgid functions in the wrong order and do not check the return values, which could allow attackers to gain elevated privileges via helper application such as mount.nfs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5191 to this issue. RPM Updated: util-linux-2.11y-31.24vmw losetup-2.11y-31.24vmw mount -2.11y-31.24vmw VM Shutdown: Yes Host Reboot: Yes ESX Server 3.0.2 http://download3.vmware.com/software/vi/ESX-1002976.tgz md5sum: 0fe833c50c0ecb0ff9340d6674be2e43 http://kb.vmware.com/kb/1002976 ESX Server 3.0.1 http://download3.vmware.com/software/vi/ESX-1002972.tgz md5sum: 59ca4a43f330c5f0b7a55693aa952cdc http://kb.vmware.com/kb/1002972 c. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5116 to this issue. RPM Updated: perl-5.8.0-97.EL3 VM Shutdown: Yes Host Reboot: Yes ESX Server 3.0.2 http://download3.vmware.com/software/vi/ESX-1002971.tgz md5sum: 337b09d9ae4b1694a045e216b69765e1 http://kb.vmware.com/kb/1002971 ESX Server 3.0.1 http://download3.vmware.com/software/vi/ESX-1002964.tgz md5sum: d47e26104bfd5e4018ae645638c94487 http://kb.vmware.com/kb/1002964 d. Updated OpenSSL package A flaw in the SSL_get_shared_ciphers() function can allow an attacker to cause a buffer overflow problem by sending ciphers to applications that use the function. A possible vulnerability that would allow a local attacker to obtain private RSA keys being used on a system using the OpenSSL package. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-3108, and CVE-2007-5135 to these issues. RPM Updated: openssl-0.9.7a-33.24 VM Shutdown: Yes Host Reboot: Yes ESX Server 3.0.2 http://download3.vmware.com/software/vi/ESX-1002969.tgz md5sum: 72fd28a9f9380158db149259fbdcaa3b http://kb.vmware.com/kb/1002969 ESX Server 3.0.1 http://download3.vmware.com/software/vi/ESX-1002962.tgz md5sum: a0727bdc2e1a6f00d5fe77430a6ee9d6 http://kb.vmware.com/kb/1002962 ESX Server 2.5.5 download Upgrade Patch 3 ESX Server 2.5.4 download Upgrade Patch 14 4. Solution: Please review the Patch notes for your product and version and verify the md5sum of your downloaded file. ESX Server 3.x Patches: http://www.vmware.com/download/vi/vi3_patches.html ESX Server 2.x Patches: http://www.vmware.com/download/esx/esx2_patches.html ESX Server 2.5.5 Upgrade Patch 3 http://download3.vmware.com/software/esx/esx-2.5.5-65742-upgrade.tar.gz md5sum: 9068250fdd604e8787ef40995a4638f9 http://www.vmware.com/support/esx25/doc/esx-255-200712-patch.html ESX Server 2.5.4 Upgrade Patch 14 http://download3.vmware.com/software/esx/esx-2.5.4-65752-upgrade.tar.gz md5sum: 24990b9207f882ccc91545b6fc90273d http://www.vmware.com/support/esx25/doc/esx-254-200712-patch.html 5. References: CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5360 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135 - ------------------------------------------------------------------- 6. Contact: E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce@lists.vmware.com * bugtraq@securityfocus.com * full-disclosure@lists.grok.org.uk E-mail: security@vmware.com Security web site http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2008 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHgtXJS2KysvBH1xkRCPnYAJoDMpdOmgs4e+JQ610SCjnKF99wpgCfcVO3 UCcAvs574f1LCZv+8lPQvrk= =Hzno -----END PGP SIGNATURE----- . Updated packages have been patched to prevent these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 7dee97092269465ccb5de0f35321ab13 2007.0/i586/perl-5.8.8-7.1mdv2007.0.i586.rpm efd626e1f1efd248e6c6570e88a599c3 2007.0/i586/perl-base-5.8.8-7.1mdv2007.0.i586.rpm 62b10d28a5abc05d3b8cd35c7f68e8aa 2007.0/i586/perl-devel-5.8.8-7.1mdv2007.0.i586.rpm 3a9dc19143ab6a27713fdeb6665d8d76 2007.0/i586/perl-doc-5.8.8-7.1mdv2007.0.i586.rpm 60b511580ae4f514434dd111efa42872 2007.0/i586/perl-suid-5.8.8-7.1mdv2007.0.i586.rpm 08e44392992b4ab983bf85debb8be462 2007.0/SRPMS/perl-5.8.8-7.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: be33f079454aec3b88f21716dfacf8d6 2007.0/x86_64/perl-5.8.8-7.1mdv2007.0.x86_64.rpm 5a82850218434119c3f55047b3068213 2007.0/x86_64/perl-base-5.8.8-7.1mdv2007.0.x86_64.rpm 4f995ed4fa46f2bf79a427d9341e895b 2007.0/x86_64/perl-devel-5.8.8-7.1mdv2007.0.x86_64.rpm e949a7e20661c6c5f4c4511f25196ff6 2007.0/x86_64/perl-doc-5.8.8-7.1mdv2007.0.x86_64.rpm a3df44cc0b957b02bfcab3eed98542dd 2007.0/x86_64/perl-suid-5.8.8-7.1mdv2007.0.x86_64.rpm 08e44392992b4ab983bf85debb8be462 2007.0/SRPMS/perl-5.8.8-7.1mdv2007.0.src.rpm Mandriva Linux 2007.1: efb800025ab3001b90af0e16e5a49886 2007.1/i586/perl-5.8.8-10.1mdv2007.1.i586.rpm 515beec177dd5a0418090016ae357274 2007.1/i586/perl-base-5.8.8-10.1mdv2007.1.i586.rpm ae79195a6f27e44fd4ff7899497cf948 2007.1/i586/perl-devel-5.8.8-10.1mdv2007.1.i586.rpm f721306e820d4c66db3466917cde67f9 2007.1/i586/perl-doc-5.8.8-10.1mdv2007.1.i586.rpm 85a219e5b2c3788841024be8d81b2cac 2007.1/i586/perl-suid-5.8.8-10.1mdv2007.1.i586.rpm 9b22a92ec4a3dc898a12bbb80ada4de2 2007.1/SRPMS/perl-5.8.8-10.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 1a17302f843293a5dc0063fe3e4549c0 2007.1/x86_64/perl-5.8.8-10.1mdv2007.1.x86_64.rpm c85ba481d517ec81c54eea5bc7064405 2007.1/x86_64/perl-base-5.8.8-10.1mdv2007.1.x86_64.rpm 5d3b84a1444339a83058bc3493506d22 2007.1/x86_64/perl-devel-5.8.8-10.1mdv2007.1.x86_64.rpm 005d395a8717bd5af248820eb01cc1d8 2007.1/x86_64/perl-doc-5.8.8-10.1mdv2007.1.x86_64.rpm f6c966ea032f921f033934d1f894b96b 2007.1/x86_64/perl-suid-5.8.8-10.1mdv2007.1.x86_64.rpm 9b22a92ec4a3dc898a12bbb80ada4de2 2007.1/SRPMS/perl-5.8.8-10.1mdv2007.1.src.rpm Mandriva Linux 2008.0: 6e84010549818c839e91034391b79f4f 2008.0/i586/perl-5.8.8-12.1mdv2008.0.i586.rpm f09541f2caf348aee64161cecdf7276e 2008.0/i586/perl-base-5.8.8-12.1mdv2008.0.i586.rpm dce7ae7aba1d356fd366075b67478493 2008.0/i586/perl-devel-5.8.8-12.1mdv2008.0.i586.rpm b3169afea74fd707021d03410172b6c0 2008.0/i586/perl-doc-5.8.8-12.1mdv2008.0.i586.rpm 78585fde0ad5b02f3e7c0f01d31a1ccf 2008.0/i586/perl-suid-5.8.8-12.1mdv2008.0.i586.rpm 584ad050342c7136e161fc48d29398bf 2008.0/SRPMS/perl-5.8.8-12.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 6ee9071cb1b0a6f38e731b1cd9a421e7 2008.0/x86_64/perl-5.8.8-12.1mdv2008.0.x86_64.rpm d7bd85fb101d94bf1dc84bcf817533d7 2008.0/x86_64/perl-base-5.8.8-12.1mdv2008.0.x86_64.rpm 031487e27d7f2a12003efe8ab714a096 2008.0/x86_64/perl-devel-5.8.8-12.1mdv2008.0.x86_64.rpm 3c1846b134cbd1461ffd291a95f6e2d2 2008.0/x86_64/perl-doc-5.8.8-12.1mdv2008.0.x86_64.rpm 99f545fefe35f45b5d90d2f98fe14da5 2008.0/x86_64/perl-suid-5.8.8-12.1mdv2008.0.x86_64.rpm 584ad050342c7136e161fc48d29398bf 2008.0/SRPMS/perl-5.8.8-12.1mdv2008.0.src.rpm Corporate 3.0: 9388a0766403e1accc6afc3d963960ba corporate/3.0/i586/perl-5.8.3-5.6.C30mdk.i586.rpm a67623fb7d2e4e18ca8976c64e43a4ca corporate/3.0/i586/perl-base-5.8.3-5.6.C30mdk.i586.rpm 9068ad50c3e10c29940bb071651a8d4d corporate/3.0/i586/perl-devel-5.8.3-5.6.C30mdk.i586.rpm a8a2e1b1963c212e4644c320f27c71d3 corporate/3.0/i586/perl-doc-5.8.3-5.6.C30mdk.i586.rpm 15b73b73ea6dd0de1100e1445690c034 corporate/3.0/SRPMS/perl-5.8.3-5.6.C30mdk.src.rpm Corporate 3.0/X86_64: f2f7445b49d5d7afa7b3766d71bdf65f corporate/3.0/x86_64/perl-5.8.3-5.6.C30mdk.x86_64.rpm ef5dabb99fdbe28068089eba1fd8bcc4 corporate/3.0/x86_64/perl-base-5.8.3-5.6.C30mdk.x86_64.rpm 4a5a04a330db20f460229aa69ded5e95 corporate/3.0/x86_64/perl-devel-5.8.3-5.6.C30mdk.x86_64.rpm 2bc06d931706f57fa946822f9396ffd6 corporate/3.0/x86_64/perl-doc-5.8.3-5.6.C30mdk.x86_64.rpm 15b73b73ea6dd0de1100e1445690c034 corporate/3.0/SRPMS/perl-5.8.3-5.6.C30mdk.src.rpm Corporate 4.0: e158109794ad5e71bc02f41adec150e1 corporate/4.0/i586/perl-5.8.7-3.3.20060mlcs4.i586.rpm 03c680726cf01c3d8f25cb7d61d7bb10 corporate/4.0/i586/perl-base-5.8.7-3.3.20060mlcs4.i586.rpm 51f55a3998dbcf2e9abcf821ffb3026f corporate/4.0/i586/perl-devel-5.8.7-3.3.20060mlcs4.i586.rpm f936e8720be0d37223b8a97dc2ed2704 corporate/4.0/i586/perl-doc-5.8.7-3.3.20060mlcs4.i586.rpm b4068ddb2d92f4845c29a6b3ca8feef5 corporate/4.0/i586/perl-suid-5.8.7-3.3.20060mlcs4.i586.rpm 3b23f4612d0a011d50c5eb6960ffa5c4 corporate/4.0/SRPMS/perl-5.8.7-3.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: c42250a8c42a0e349102ff977c6659cc corporate/4.0/x86_64/perl-5.8.7-3.3.20060mlcs4.x86_64.rpm 82d2bcbda0229415464c10471f881517 corporate/4.0/x86_64/perl-base-5.8.7-3.3.20060mlcs4.x86_64.rpm 7f07eddd92d4c49b3ee5c32c69d52996 corporate/4.0/x86_64/perl-devel-5.8.7-3.3.20060mlcs4.x86_64.rpm 140b57c79fc305a52e13ce5550e7d05c corporate/4.0/x86_64/perl-doc-5.8.7-3.3.20060mlcs4.x86_64.rpm ec3007ca202716e0c3872c37141fc2cc corporate/4.0/x86_64/perl-suid-5.8.7-3.3.20060mlcs4.x86_64.rpm 3b23f4612d0a011d50c5eb6960ffa5c4 corporate/4.0/SRPMS/perl-5.8.7-3.3.20060mlcs4.src.rpm Multi Network Firewall 2.0: 8ea5d389e9ddd9ca2e1b78869ad14ca7 mnf/2.0/i586/perl-5.8.3-5.6.M20mdk.i586.rpm f53bd974980010568e5153578d628323 mnf/2.0/i586/perl-base-5.8.3-5.6.M20mdk.i586.rpm 1335c295512b38ea524e201c66551132 mnf/2.0/i586/perl-devel-5.8.3-5.6.M20mdk.i586.rpm 8e306b59ecbb8583d5c1e4e74ef62e34 mnf/2.0/i586/perl-doc-5.8.3-5.6.M20mdk.i586.rpm 7576ea8ec817978b4602f5bf4c3436c5 mnf/2.0/SRPMS/perl-5.8.3-5.6.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHL9FBmqjQ0CJFipgRAhxaAJ44oWRrf/Q1Zj9q+HP4Y3pj9Y8XugCg398H Rl9c0TwvCe/HjAyI42+NhlU= =o1R+ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . b. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01362465 Version: 1 HPSBTU02311 SSRT080001 rev.1 - HP Tru64 UNIX running Perl, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2008-02-19 Last Updated: 2008-02-19 Potential Security Impact: Execution of Arbitrary Code Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified in Perl 5.8.7 and earlier running on HP Tru64 UNIX. References: CVE-2007-5116 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Tru64 UNIX v 5.1B-4 HP Tru64 UNIX v 5.1B-3 Internet Express (IX) for HP Tru64 UNIX v 6.7 BACKGROUND CVSS 2.0 Base Metrics Reference Base Vector Base Score CVE-2007-5116 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 Information on CVSS is documented in HP Customer Notice: HPSN-2008-002. RESOLUTION HP is releasing the following Early Release Patch (ERP) kits publicly for use by any customer until updates are available in mainstream release patch kits. The resolutions contained in the ERP kits are targeted for availability in the following mainstream kits: The Associated Products CD (APCD) associated with HP Tru64 UNIX v 5.1B-5 Internet Express (IX) for HP Tru64 UNIX v 6.8 The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERPs. Contact your service provider for assistance if the installation of the ERPs is blocked by any of your installed CSPs. The ERP kits distribute the following items: Patched version of Perl v 5.8.8 including source code HP Tru64 UNIX Version v5.1B-4 PREREQUISITE: HP Tru64 UNIX v5.1B-4 PK6 (BL27) Name: perl_V51BB27-ES-20080207 Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=perl_V51BB27-ES-20080207 HP Tru64 UNIX Version v5.1B-3 PREREQUISITE: HP Tru64 UNIX v5.1B-3 PK5 (BL26) Name: perl_V51BB26-ES-20080204 Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001399-V51BB26-ES-20071207 Internet Express (IX) for HP Tru64 UNIX v 6.7 PREREQUISITE: HP Tru64 UNIX v5.1B-3 PK5 (BL26) or HP Tru64 UNIX v5.1B-3 PK5 (BL26) NOTE: Use the Perl patch kit appropriate to the operating system version MD5 checksums are available from the ITRC patch database main page. From the patch database main page, click Tru64 UNIX, then click verifying MD5 checksums under useful links. PRODUCT SPECIFIC INFORMATION HISTORY Version:1 (rev.1) - 19 February 2008 Initial release Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." \xa9Copyright 2008 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners

Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns. Perl-Compatible Regular Expression (PCRE) The library contains UTF-8 When processing regular expression strings in modes other than, important information is leaked or service operation is interrupted because it is read in excess from the beginning. (DoS) There is a vulnerability that becomes a condition.“\X?\d” and “\P{L}?\d” Format regular expression UTF-8 When used in other modes, important information is taken or service operation is interrupted (DoS) There is a possibility of being put into a state. PCRE regular-expression library is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, or launch other attacks in the context of the application using the affected library. PCRE (Perl Compatible Regular Expressions) is an open source regular expression library written in C language developed by software developer Philip Hazel. There is an information leakage vulnerability in pcre's method of processing certain malformed regular expressions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1399-1 security@debian.org http://www.debian.org/security/ Florian Weimer November 5th, 2007 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : pcre3 Vulnerability : several Problem type : local (remote) Debian-specific: no CVE Ids : CVE-2007-1659 CVE-2007-1660 CVE-2007-1661 CVE-2007-1662 CVE-2007-4766 CVE-2007-4767 CVE-2007-4768 Tavis Ormandy of the Google Security Team has discovered several security issues in PCRE, the Perl-Compatible Regular Expression library, which potentially allow attackers to execute arbitrary code by compiling specially crafted regular expressions. Version 7.0 of the PCRE library featured a major rewrite of the regular expression compiler, and it was deemed infeasible to backport the security fixes in version 7.3 to the versions in Debian's stable and oldstable distributions (6.7 and 4.5, respectively). Therefore, this update contains version 7.3, with special patches to improve the compatibility with the older versions. As a result, extra care is necessary when applying this update. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1659 Unmatched \Q\E sequences with orphan \E codes can cause the compiled regex to become desynchronized, resulting in corrupt bytecode that may result in multiple exploitable conditions. CVE-2007-1660 Multiple forms of character class had their sizes miscalculated on initial passes, resulting in too little memory being allocated. CVE-2007-1661 Multiple patterns of the form \X?\d or \P{L}?\d in non-UTF-8 mode could backtrack before the start of the string, possibly leaking information from the address space, or causing a crash by reading out of bounds. CVE-2007-1662 A number of routines can be fooled into reading past the end of an string looking for unmatched parentheses or brackets, resulting in a denial of service. CVE-2007-4766 Multiple integer overflows in the processing of escape sequences could result in heap overflows or out of bounds reads/writes. CVE-2007-4767 Multiple infinite loops and heap overflows were disovered in the handling of \P and \P{x} sequences, where the length of these non-standard operations was mishandled. CVE-2007-4768 Character classes containing a lone unicode sequence were incorrectly optimised, resulting in a heap overflow. For the stable distribution (etch), these problems have been fixed in version 6.7+7.4-2. For the old stable distribution (sarge), these problems have been fixed in version 4.5+7.4-1. For the unstable distribution (sid), these problems have been fixed in version 7.3-1. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5+7.4-1.dsc Size/MD5 checksum: 883 c0a3ccb50369530f99e2316800fc8235 http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5+7.4-1.diff.gz Size/MD5 checksum: 95042 afc6a74beeef8cf5d176f67c69d24134 http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5+7.4.orig.tar.gz Size/MD5 checksum: 1106897 de886b22cddc8eaf620a421d3041ee0b Architecture independent packages: http://security.debian.org/pool/updates/main/p/pcre3/pgrep_4.5+7.4-1_all.deb Size/MD5 checksum: 762 6eaceaa90e829e7cdfa06fb998bb8233 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-1_alpha.deb Size/MD5 checksum: 218176 350cc1e53f59d700e499d1a748f8cbd8 http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-1_alpha.deb Size/MD5 checksum: 191076 fb92cd7ca9ef7716e60160acea9d8074 http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-1_alpha.deb Size/MD5 checksum: 21342 27b99f0f6f80046b565fb2ee4521bc9f arm architecture (ARM) http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-1_arm.deb Size/MD5 checksum: 209516 854273bab63857eaf33161db3c51fafb http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-1_arm.deb Size/MD5 checksum: 19404 dceedf5791eb956b0c17d981fde97d60 http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-1_arm.deb Size/MD5 checksum: 183560 a2571d9ddd20dea2b8c02c6f82aa2e04 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-1_hppa.deb Size/MD5 checksum: 208360 30d77147bb19d09c3022892f3c56799b http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-1_hppa.deb Size/MD5 checksum: 21022 c7a12598a8d72e3a1920ddf59d41c05b http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-1_hppa.deb Size/MD5 checksum: 190744 14a88e3a22a4513b33fd190fa985c459 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-1_i386.deb Size/MD5 checksum: 206134 433a36e096973d372994b3652504707f http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-1_i386.deb Size/MD5 checksum: 183984 aa21622f099330f60614304832e4c7f5 http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-1_i386.deb Size/MD5 checksum: 19034 d9af02efce9d0a499a0ab175a66a22ee ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-1_ia64.deb Size/MD5 checksum: 228448 8185ea0adb742d386eafbedb1a6150fa http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-1_ia64.deb Size/MD5 checksum: 24758 78fe5bff205289853471e48df1c9313f http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-1_ia64.deb Size/MD5 checksum: 211152 cea2a6ce5b965832743c0934147b9dc6 m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-1_m68k.deb Size/MD5 checksum: 172344 e36b664fd639e7da09087e48e3015e1c http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-1_m68k.deb Size/MD5 checksum: 17974 e4cf7a1f5c4e877e6303de0f1713bf37 http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-1_m68k.deb Size/MD5 checksum: 194320 ec7a340511218566fbf8fd24107c8db4 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-1_mips.deb Size/MD5 checksum: 181276 c6d1b927b0c1d76ef0f8c9aab01cc46d http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-1_mips.deb Size/MD5 checksum: 208676 0cac847f1c0aac143dc4221e94591fa8 http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-1_mips.deb Size/MD5 checksum: 20088 746734d3c58c1182f6e789e90421edab mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-1_mipsel.deb Size/MD5 checksum: 20236 cd7c9b57558c3f02336ef1a9336defd1 http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-1_mipsel.deb Size/MD5 checksum: 207652 676e7376ae34519aeffca833fe148920 http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-1_mipsel.deb Size/MD5 checksum: 181050 dfc9c14755d8cd1f6eda5869fc0cb7aa powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-1_powerpc.deb Size/MD5 checksum: 185100 9f43e18ab5ca3fb66955c6e6c2ea8a66 http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-1_powerpc.deb Size/MD5 checksum: 21244 d38c9a2953a360fee4985b16faf90356 http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-1_powerpc.deb Size/MD5 checksum: 213414 d951d611b6db1843939c258b9ae75b4d s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-1_s390.deb Size/MD5 checksum: 207600 67a6569168be876d2b277ab39741c8a8 http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-1_s390.deb Size/MD5 checksum: 20146 9d444e72c0d2c5801dd73fc615fdf21b http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-1_s390.deb Size/MD5 checksum: 186128 fcf344c6fe92b16fac749d20c31e27b2 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-1_sparc.deb Size/MD5 checksum: 182522 056c33ca98c1af1872554f11890a8aad http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-1_sparc.deb Size/MD5 checksum: 206190 f03644175e2850034f6808f0d1474128 http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-1_sparc.deb Size/MD5 checksum: 19582 6ff7847326eb7d43bd47e889b4a41b19 Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-2.diff.gz Size/MD5 checksum: 79078 1894a9a0dbab52b63d7e1a28f37ab6c6 http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-2.dsc Size/MD5 checksum: 888 4db4d7a4b61dada63242d7a95eaec294 http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4.orig.tar.gz Size/MD5 checksum: 1106897 de886b22cddc8eaf620a421d3041ee0b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-2_alpha.deb Size/MD5 checksum: 90652 e33f31b71bfc1786479d5de48b920276 http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-2_alpha.deb Size/MD5 checksum: 265062 0b62fa0afb187330894b04961325471f http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-2_alpha.deb Size/MD5 checksum: 21038 a7c378c89d6f69a5f04902b6a45a2a6d http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-2_alpha.deb Size/MD5 checksum: 209104 52e7e3c9a756535f6f02dd07df1d276e amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-2_amd64.deb Size/MD5 checksum: 89822 b617645e94ca5269c1c757c7eb0a03bb http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-2_amd64.deb Size/MD5 checksum: 20156 cf3f0d1a30d10a64c3f8067d5c8b98ad http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-2_amd64.deb Size/MD5 checksum: 198372 f0b2e646431302b576e0de6f4e4cbd0c http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-2_amd64.deb Size/MD5 checksum: 249792 cfcc6c71907b4aafd1f050569f413d2c arm architecture (ARM) http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-2_arm.deb Size/MD5 checksum: 88786 70d5ed4db2b37df871483e236430bfd9 http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-2_arm.deb Size/MD5 checksum: 198022 c10252b7cc4cb6f603efc21e20f6172f http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-2_arm.deb Size/MD5 checksum: 243784 3a34b552827049e989be0361faf88078 http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-2_arm.deb Size/MD5 checksum: 19920 9bd0dafb9121bb40fa2e556b8cc27c11 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-2_hppa.deb Size/MD5 checksum: 256874 aad214ff1157b3354c20348eb00e08ea http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-2_hppa.deb Size/MD5 checksum: 92136 7f4b7cbfd19c837fa2e412d289ab662c http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-2_hppa.deb Size/MD5 checksum: 20726 c759b1d33dd8ea8811c96ac9664c6242 http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-2_hppa.deb Size/MD5 checksum: 201700 c307db03fcc9d8e2cc1becd15e6458f6 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-2_i386.deb Size/MD5 checksum: 246578 6fc5148f6848d4b90041a9d3d738779a http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-2_i386.deb Size/MD5 checksum: 89706 d59cc3cc167b6d81c18bd13ded830fa6 http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-2_i386.deb Size/MD5 checksum: 197590 6f37a0e51e7fa6dc315f70a8f4347074 http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-2_i386.deb Size/MD5 checksum: 19348 2cb19f81e576321be69962a29ffdfa60 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-2_ia64.deb Size/MD5 checksum: 25654 5d93dd5f45f5ba92e97d7ce1891b7800 http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-2_ia64.deb Size/MD5 checksum: 230480 5853d6946a21a1404402371ba000e010 http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-2_ia64.deb Size/MD5 checksum: 93672 51714934316405999636b65a65a06bbe http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-2_ia64.deb Size/MD5 checksum: 280418 fb98335f69702d3fed96449fbee41eee mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-2_mips.deb Size/MD5 checksum: 20416 01c7d89a278c432b86ab97f9b1ac96a8 http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-2_mips.deb Size/MD5 checksum: 253406 7ad6c3ca69bcf480ae9d1b9199d88699 http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-2_mips.deb Size/MD5 checksum: 197750 17619a85539b72c20884a68e6c4c313f http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-2_mips.deb Size/MD5 checksum: 90378 288ca9b0d5b3a599cdbe7703fc4880c1 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-2_mipsel.deb Size/MD5 checksum: 252222 12c6750dcd7ed0bcfd947083981367a2 http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-2_mipsel.deb Size/MD5 checksum: 90350 aee7bd92b0cffd904cd4773b38396859 http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-2_mipsel.deb Size/MD5 checksum: 197412 d80633436080fed5611bb7403e9ba06f http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-2_mipsel.deb Size/MD5 checksum: 20454 d5bfe0b06780f9286eea54d184652ab4 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-2_powerpc.deb Size/MD5 checksum: 21268 27714c1940a36759ce00479802eb1e79 http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-2_powerpc.deb Size/MD5 checksum: 197508 0eb430eb3d93bd269e1bd039553fe2f1 http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-2_powerpc.deb Size/MD5 checksum: 252890 ef3bd238d7bc96f98a6e2b7e1b4fd4c3 http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-2_powerpc.deb Size/MD5 checksum: 91972 1631a4484913482d0095921279ecbb02 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-2_s390.deb Size/MD5 checksum: 20096 2470ee4920d007e89006c29f6657995d http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-2_s390.deb Size/MD5 checksum: 248408 12cc9fed15c7df3927cf2b1a67e7d932 http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-2_s390.deb Size/MD5 checksum: 90404 393b5a20b3ff3994fa67b54d655a1580 http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-2_s390.deb Size/MD5 checksum: 199852 41c608c3b77965984baf8369fc195e1a sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-2_sparc.deb Size/MD5 checksum: 19410 7fbb3350f740710b851a0559b0dd037b http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-2_sparc.deb Size/MD5 checksum: 197518 d0665f02b329c6d61715e2a35205d014 http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-2_sparc.deb Size/MD5 checksum: 247038 10cace98a25999d4a8cf15536a7e95f6 http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-2_sparc.deb Size/MD5 checksum: 88598 09bb6fa7dd8ebf1d3a18b46be0e398d4 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHL1oIXm3vHE4uyloRAst9AJ9IYwptSQJseS8EhIFA0AlapSqwhACgwkTF ts06dbP/9f/Sc2fR26Y2NMc= =iaWe -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-547-1 November 27, 2007 pcre3 vulnerabilities CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662, CVE-2007-4766, CVE-2007-4767, CVE-2007-4768 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libpcre3 7.4-0ubuntu0.6.06.1 libpcrecpp0 7.4-0ubuntu0.6.06.1 Ubuntu 6.10: libpcre3 7.4-0ubuntu0.6.10.1 libpcrecpp0 7.4-0ubuntu0.6.10.1 Ubuntu 7.04: libpcre3 7.4-0ubuntu0.7.04.1 libpcrecpp0 7.4-0ubuntu0.7.04.1 Ubuntu 7.10: libpcre3 7.4-0ubuntu0.7.10.1 libpcrecpp0 7.4-0ubuntu0.7.10.1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Due to the large internal code changes needed to solve outstanding flaws, it was not possible to backport all the upstream security fixes to the earlier released versions. Details follow: Tavis Ormandy and Will Drewry discovered multiple flaws in the regular expression handling of PCRE. He reported an error when processing "\Q\E" sequences with unmatched "\E" codes that can lead to the compiled bytecode being corrupted (CVE-2007-1659). Further improper calculations of memory boundaries were reported when matching certain input bytes against regex patterns in non UTF-8 mode (CVE-2007-1661) and when searching for unmatched brackets or parentheses (CVE-2007-1662). PCRE does not properly handle "\P" and "\P{x}" sequences which can lead to heap-based buffer overflows or trigger the execution of infinite loops (CVE-2007-4767), PCRE is also prone to an error when optimizing character classes containing a singleton UTF-8 sequence which might lead to a heap-based buffer overflow (CVE-2007-4768). Chris Evans also reported multiple integer overflow vulnerabilities in PCRE when processing a large number of named subpatterns ("name_count") or long subpattern names ("max_name_size") (CVE-2006-7227), and via large "min", "max", or "duplength" values (CVE-2006-7228) both possibly leading to buffer overflows. Another vulnerability was reported when compiling patterns where the "-x" or "-i" UTF-8 options change within the pattern, which might lead to improper memory calculations (CVE-2006-7230). Workaround ========== There is no known workaround at this time. Resolution ========== All PCRE users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libpcre-7.3-r1" References ========== [ 1 ] CVE-2006-7227 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7227 [ 2 ] CVE-2006-7228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228 [ 3 ] CVE-2006-7230 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7230 [ 4 ] CVE-2007-1659 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1659 [ 5 ] CVE-2007-1660 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1660 [ 6 ] CVE-2007-1661 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1661 [ 7 ] CVE-2007-1662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1662 [ 8 ] CVE-2007-4766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4766 [ 9 ] CVE-2007-4767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4767 [ 10 ] CVE-2007-4768 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4768 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200711-30.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. This update ensures that kazehakase uses that supported library, and not its own embedded and insecure version. We recommend that you upgrade your kazehakase package. Updated packages have been patched to prevent this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1659 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1660 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1661 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4768 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: e3eadb5dc3ae91ffc735a0021bb4c3b8 2007.1/i586/libpcre-devel-7.3-0.1mdv2007.1.i586.rpm 8eee92b33ed6f6be95cae33249242dfa 2007.1/i586/libpcre0-7.3-0.1mdv2007.1.i586.rpm 42e1ac0e8188b5f142e645c1ff6bb44d 2007.1/i586/pcre-7.3-0.1mdv2007.1.i586.rpm a03dca7708aa437655a393b0fe66f3c0 2007.1/SRPMS/pcre-7.3-0.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 370f8de2c9166883cbbcb2968b0575ec 2007.1/x86_64/lib64pcre-devel-7.3-0.1mdv2007.1.x86_64.rpm 306b2a144a25e1025d4ed02f3878b9dc 2007.1/x86_64/lib64pcre0-7.3-0.1mdv2007.1.x86_64.rpm 29b00561151987446eaaa3f0aaac5684 2007.1/x86_64/pcre-7.3-0.1mdv2007.1.x86_64.rpm a03dca7708aa437655a393b0fe66f3c0 2007.1/SRPMS/pcre-7.3-0.1mdv2007.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHM08lmqjQ0CJFipgRAvYTAKC+/5/D4RgCUnWInSK3iWw02iIZhACgliaH go5yp5LfVMY1jIk+EpEQgy0= =vGOF -----END PGP SIGNATURE-----

Unspecified vulnerability in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a crafted image description atom in a movie file, related to "memory corruption.". Apple QuickTime contains a buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to execute code. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-310A Apple QuickTime Updates for Multiple Vulnerabilities Original release date: November 06, 2007 Last revised: -- Source: US-CERT Systems Affected Vulnerabilities in Apple QuickTime affect * Apple Mac OS X * Microsoft Windows Overview Apple QuickTime contains multiple vulnerabilities. I. Description Apple QuickTime 7.3 resolves multiple vulnerabilities in the way different types of image and media files are handled. Note that Apple iTunes installs QuickTime, so any system with iTunes is vulnerable. II. For further information, please see About the security content of QuickTime 7.3. III. Solution Upgrade QuickTime Upgrade to QuickTime 7.3. This and other updates for Mac OS X are available via Apple Update. Secure your web browser To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser. References * About the security content of the QuickTime 7.3 Update - <http://docs.info.apple.com/article.html?artnum=306896> * How to tell if Software Update for Windows is working correctly when no updates are available - <http://docs.info.apple.com/article.html?artnum=304263> * Apple QuickTime Download - <http://www.apple.com/quicktime/download/> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> * Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/> _________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-310A.html> _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA07-310A Feedback VU#208011" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. _________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History November 6, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRzD0F/RFkHkM87XOAQLSVwf+LsCvcentaE5ATCISYhYd31ionkGNS9cn LeBC+yCyR330ztfQ9iBphoxxp+fYKpa/RRfnFHqJlv80HYYOiJvnunCdOY5IAbo5 ZyS2vou/ArW5WzJqk9Yq+31hClKQOIoLf/+NcUc7iKkfSBUC8/RsspascX31a1U+ dMF217Q/i9imjMhHr+PXZagRT1naUo8ygeDZ+94Vq+3XUB6qZb6rux8vFdVX3nEY yvg02JJTVpHy14Nk0KXfXwEq2Hc9uNTa/KwKknJMVqzev4eCAn+/wb424JxoKhqG lthnzMr/US4Q0NLKpFStcNyETEiKgM9RuZ4v6OWc+nJKVe+QwrDYhQ== =9WUY -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA27523 VERIFY ADVISORY: http://secunia.com/advisories/27523/ CRITICAL: Highly critical IMPACT: Security Bypass, Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/ DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, and compromise a user's system. 2) A boundary error in the handling of Sample Table Sample Descriptor (STSD) atoms can be exploited to cause a heap-based buffer overflow when a user opens a specially crafted movie file. 3) Multiple errors exist in QuickTime for Java. These can be exploited by untrusted Java applets to disclose sensitive information or to execute arbitrary code with escalated privileges when a user visits a web page containing a malicious Java applet. 5) A boundary error in the processing of PICT image files can be exploited to cause a stack-based buffer overflow when a user opens a specially crafted PICT image file containing an invalid length for the "UncompressedQuickTimeData" opcode. 6) Errors exist in the parsing of Poly type opcodes (opcodes 0x0070-74) and the PackBitsRgn field (Opcode 0x0099) when processing PICT image files. The vulnerabilities are reported in QuickTime prior to version 7.3. SOLUTION: Update to version 7.3. QuickTime 7.3 for Leopard: http://www.apple.com/support/downloads/quicktime73forleopard.html QuickTime 7.3 for Tiger: http://www.apple.com/support/downloads/quicktime73fortiger.html QuickTime 7.3 for Panther: http://www.apple.com/support/downloads/quicktime73forpanther.html QuickTime 7.3 for Windows: http://www.apple.com/support/downloads/quicktime73forwindows.html PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Dylan Ashe, Adobe Systems Incorporated. 2) The vendor credits Tobias Klein, www.trapkit.de. 3) The vendor credits Adam Gowdiak. 4) Mario Ballano of 48bits.com, reported via iDefense. 5, 6) Ruben Santamarta of reversemode.com, reported via ZDI. 7) Ruben Santamarta and Mario Ballano, reported via ZDI. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=306896 iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-07-065.html http://www.zerodayinitiative.com/advisories/ZDI-07-066.html http://www.zerodayinitiative.com/advisories/ZDI-07-067.html http://www.zerodayinitiative.com/advisories/ZDI-07-068.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors. These issues facilitate the remote compromise of affected computers. These issues affect QuickTime for Java for both Apple Mac OS X and Microsoft Windows platforms. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-310A Apple QuickTime Updates for Multiple Vulnerabilities Original release date: November 06, 2007 Last revised: -- Source: US-CERT Systems Affected Vulnerabilities in Apple QuickTime affect * Apple Mac OS X * Microsoft Windows Overview Apple QuickTime contains multiple vulnerabilities. I. Description Apple QuickTime 7.3 resolves multiple vulnerabilities in the way different types of image and media files are handled. Note that Apple iTunes installs QuickTime, so any system with iTunes is vulnerable. II. For further information, please see About the security content of QuickTime 7.3. III. Solution Upgrade QuickTime Upgrade to QuickTime 7.3. Secure your web browser To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser. References * About the security content of the QuickTime 7.3 Update - <http://docs.info.apple.com/article.html?artnum=306896> * How to tell if Software Update for Windows is working correctly when no updates are available - <http://docs.info.apple.com/article.html?artnum=304263> * Apple QuickTime Download - <http://www.apple.com/quicktime/download/> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> * Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/> _________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-310A.html> _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA07-310A Feedback VU#208011" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. _________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History November 6, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRzD0F/RFkHkM87XOAQLSVwf+LsCvcentaE5ATCISYhYd31ionkGNS9cn LeBC+yCyR330ztfQ9iBphoxxp+fYKpa/RRfnFHqJlv80HYYOiJvnunCdOY5IAbo5 ZyS2vou/ArW5WzJqk9Yq+31hClKQOIoLf/+NcUc7iKkfSBUC8/RsspascX31a1U+ dMF217Q/i9imjMhHr+PXZagRT1naUo8ygeDZ+94Vq+3XUB6qZb6rux8vFdVX3nEY yvg02JJTVpHy14Nk0KXfXwEq2Hc9uNTa/KwKknJMVqzev4eCAn+/wb424JxoKhqG lthnzMr/US4Q0NLKpFStcNyETEiKgM9RuZ4v6OWc+nJKVe+QwrDYhQ== =9WUY -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA27523 VERIFY ADVISORY: http://secunia.com/advisories/27523/ CRITICAL: Highly critical IMPACT: Security Bypass, Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/ DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, and compromise a user's system. 1) An error in the handling of image description atoms can be exploited to cause a memory corruption when a user is enticed to open a specially crafted movie file. 2) A boundary error in the handling of Sample Table Sample Descriptor (STSD) atoms can be exploited to cause a heap-based buffer overflow when a user opens a specially crafted movie file. 4) A boundary error exists in the processing of panorama sample atoms in QTVR (QuickTime Virtual Reality) movie files, which can be exploited to cause a heap-based buffer overflow when a user is enticed to open a specially crafted movie file. 5) A boundary error in the processing of PICT image files can be exploited to cause a stack-based buffer overflow when a user opens a specially crafted PICT image file containing an invalid length for the "UncompressedQuickTimeData" opcode. 6) Errors exist in the parsing of Poly type opcodes (opcodes 0x0070-74) and the PackBitsRgn field (Opcode 0x0099) when processing PICT image files. These can be exploited to cause a heap corruption when a user opens a specially crafted PICT image file. 7) An error in the parsing of CTAB atoms can be exploited to cause a heap-based buffer overflow when a user opens a specially crafted movie file containing an invalid color table. Successful exploitation of these vulnerabilities allows execution of arbitrary code. The vulnerabilities are reported in QuickTime prior to version 7.3. SOLUTION: Update to version 7.3. QuickTime 7.3 for Leopard: http://www.apple.com/support/downloads/quicktime73forleopard.html QuickTime 7.3 for Tiger: http://www.apple.com/support/downloads/quicktime73fortiger.html QuickTime 7.3 for Panther: http://www.apple.com/support/downloads/quicktime73forpanther.html QuickTime 7.3 for Windows: http://www.apple.com/support/downloads/quicktime73forwindows.html PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Dylan Ashe, Adobe Systems Incorporated. 2) The vendor credits Tobias Klein, www.trapkit.de. 3) The vendor credits Adam Gowdiak. 4) Mario Ballano of 48bits.com, reported via iDefense. 5, 6) Ruben Santamarta of reversemode.com, reported via ZDI. 7) Ruben Santamarta and Mario Ballano, reported via ZDI. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=306896 iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-07-065.html http://www.zerodayinitiative.com/advisories/ZDI-07-066.html http://www.zerodayinitiative.com/advisories/ZDI-07-067.html http://www.zerodayinitiative.com/advisories/ZDI-07-068.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom. Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-310A Apple QuickTime Updates for Multiple Vulnerabilities Original release date: November 06, 2007 Last revised: -- Source: US-CERT Systems Affected Vulnerabilities in Apple QuickTime affect * Apple Mac OS X * Microsoft Windows Overview Apple QuickTime contains multiple vulnerabilities. I. Description Apple QuickTime 7.3 resolves multiple vulnerabilities in the way different types of image and media files are handled. Note that Apple iTunes installs QuickTime, so any system with iTunes is vulnerable. Solution Upgrade QuickTime Upgrade to QuickTime 7.3. This and other updates for Mac OS X are available via Apple Update. Secure your web browser To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser. References * About the security content of the QuickTime 7.3 Update - <http://docs.info.apple.com/article.html?artnum=306896> * How to tell if Software Update for Windows is working correctly when no updates are available - <http://docs.info.apple.com/article.html?artnum=304263> * Apple QuickTime Download - <http://www.apple.com/quicktime/download/> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> * Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/> _________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-310A.html> _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA07-310A Feedback VU#208011" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. _________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History November 6, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRzD0F/RFkHkM87XOAQLSVwf+LsCvcentaE5ATCISYhYd31ionkGNS9cn LeBC+yCyR330ztfQ9iBphoxxp+fYKpa/RRfnFHqJlv80HYYOiJvnunCdOY5IAbo5 ZyS2vou/ArW5WzJqk9Yq+31hClKQOIoLf/+NcUc7iKkfSBUC8/RsspascX31a1U+ dMF217Q/i9imjMhHr+PXZagRT1naUo8ygeDZ+94Vq+3XUB6qZb6rux8vFdVX3nEY yvg02JJTVpHy14Nk0KXfXwEq2Hc9uNTa/KwKknJMVqzev4eCAn+/wb424JxoKhqG lthnzMr/US4Q0NLKpFStcNyETEiKgM9RuZ4v6OWc+nJKVe+QwrDYhQ== =9WUY -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA27523 VERIFY ADVISORY: http://secunia.com/advisories/27523/ CRITICAL: Highly critical IMPACT: Security Bypass, Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/ DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, and compromise a user's system. 3) Multiple errors exist in QuickTime for Java. These can be exploited by untrusted Java applets to disclose sensitive information or to execute arbitrary code with escalated privileges when a user visits a web page containing a malicious Java applet. 5) A boundary error in the processing of PICT image files can be exploited to cause a stack-based buffer overflow when a user opens a specially crafted PICT image file containing an invalid length for the "UncompressedQuickTimeData" opcode. 6) Errors exist in the parsing of Poly type opcodes (opcodes 0x0070-74) and the PackBitsRgn field (Opcode 0x0099) when processing PICT image files. The vulnerabilities are reported in QuickTime prior to version 7.3. SOLUTION: Update to version 7.3. QuickTime 7.3 for Leopard: http://www.apple.com/support/downloads/quicktime73forleopard.html QuickTime 7.3 for Tiger: http://www.apple.com/support/downloads/quicktime73fortiger.html QuickTime 7.3 for Panther: http://www.apple.com/support/downloads/quicktime73forpanther.html QuickTime 7.3 for Windows: http://www.apple.com/support/downloads/quicktime73forwindows.html PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Dylan Ashe, Adobe Systems Incorporated. 2) The vendor credits Tobias Klein, www.trapkit.de. 3) The vendor credits Adam Gowdiak. 5, 6) Ruben Santamarta of reversemode.com, reported via ZDI. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=306896 iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-07-065.html http://www.zerodayinitiative.com/advisories/ZDI-07-066.html http://www.zerodayinitiative.com/advisories/ZDI-07-067.html http://www.zerodayinitiative.com/advisories/ZDI-07-068.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. iDefense Security Advisory 11.05.07 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 05, 2007 I. BACKGROUND QuickTime is Apple's media player product used to render video and other media. For more information visit http://www.apple.com/quicktime/ QuickTime VR (virtual reality) is a type of image file format supported by Apple's QuickTime. It allows the creation and viewing of photographically captured panoramas and the exploration of objects through images taken at multiple viewing angles. http://www.apple.com/quicktime/technologies/qtvr/ II. When processing panorama sample atoms, the size field in the atom header is not validated. QuickTime will copy the specified amount of memory to a fixed-size heap buffer, causing heap corruption. III. This could be accomplished by persuading the user to click a direct link to a malicious VR movie file. Additionally, this vulnerability could be exploited within a malicious web page. IV. DETECTION iDefense Labs confirmed this vulnerability exists in QuickTime VR extension 7.2.0.240 as included in QuickTime Player 7.2. Previous versions are suspected to be vulnerable. V. WORKAROUND Disabling the QuickTime plug-in for browsers can mitigate Web page attack vectors. To do this, uncheck the "Play movies automatically" setting within the QuickTime preferences Browser->Playback tab. VI. VENDOR RESPONSE Apple has released QuickTime 7.3 which resolves this issue. More information is available via Apple's QuickTime Security Update page at the URL shown below. http://docs.info.apple.com/article.html?artnum=306896 VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-4675 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 09/13/2007 Initial vendor notification 09/13/2007 Initial vendor response 11/05/2007 Coordinated public disclosure IX. CREDIT This vulnerability was reported to VeriSign iDefense by Mario Ballano from 48bits.com. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright \xa9 2007 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information

Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via crafted Sample Table Sample Descriptor (STSD) atoms in a movie file. Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-310A Apple QuickTime Updates for Multiple Vulnerabilities Original release date: November 06, 2007 Last revised: -- Source: US-CERT Systems Affected Vulnerabilities in Apple QuickTime affect * Apple Mac OS X * Microsoft Windows Overview Apple QuickTime contains multiple vulnerabilities. I. Description Apple QuickTime 7.3 resolves multiple vulnerabilities in the way different types of image and media files are handled. Note that Apple iTunes installs QuickTime, so any system with iTunes is vulnerable. II. For further information, please see About the security content of QuickTime 7.3. III. Solution Upgrade QuickTime Upgrade to QuickTime 7.3. This and other updates for Mac OS X are available via Apple Update. Secure your web browser To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser. References * About the security content of the QuickTime 7.3 Update - <http://docs.info.apple.com/article.html?artnum=306896> * How to tell if Software Update for Windows is working correctly when no updates are available - <http://docs.info.apple.com/article.html?artnum=304263> * Apple QuickTime Download - <http://www.apple.com/quicktime/download/> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> * Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/> _________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-310A.html> _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA07-310A Feedback VU#208011" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. _________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History November 6, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRzD0F/RFkHkM87XOAQLSVwf+LsCvcentaE5ATCISYhYd31ionkGNS9cn LeBC+yCyR330ztfQ9iBphoxxp+fYKpa/RRfnFHqJlv80HYYOiJvnunCdOY5IAbo5 ZyS2vou/ArW5WzJqk9Yq+31hClKQOIoLf/+NcUc7iKkfSBUC8/RsspascX31a1U+ dMF217Q/i9imjMhHr+PXZagRT1naUo8ygeDZ+94Vq+3XUB6qZb6rux8vFdVX3nEY yvg02JJTVpHy14Nk0KXfXwEq2Hc9uNTa/KwKknJMVqzev4eCAn+/wb424JxoKhqG lthnzMr/US4Q0NLKpFStcNyETEiKgM9RuZ4v6OWc+nJKVe+QwrDYhQ== =9WUY -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA27523 VERIFY ADVISORY: http://secunia.com/advisories/27523/ CRITICAL: Highly critical IMPACT: Security Bypass, Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/ DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, and compromise a user's system. 3) Multiple errors exist in QuickTime for Java. These can be exploited by untrusted Java applets to disclose sensitive information or to execute arbitrary code with escalated privileges when a user visits a web page containing a malicious Java applet. 5) A boundary error in the processing of PICT image files can be exploited to cause a stack-based buffer overflow when a user opens a specially crafted PICT image file containing an invalid length for the "UncompressedQuickTimeData" opcode. 6) Errors exist in the parsing of Poly type opcodes (opcodes 0x0070-74) and the PackBitsRgn field (Opcode 0x0099) when processing PICT image files. The vulnerabilities are reported in QuickTime prior to version 7.3. SOLUTION: Update to version 7.3. QuickTime 7.3 for Leopard: http://www.apple.com/support/downloads/quicktime73forleopard.html QuickTime 7.3 for Tiger: http://www.apple.com/support/downloads/quicktime73fortiger.html QuickTime 7.3 for Panther: http://www.apple.com/support/downloads/quicktime73forpanther.html QuickTime 7.3 for Windows: http://www.apple.com/support/downloads/quicktime73forwindows.html PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Dylan Ashe, Adobe Systems Incorporated. 2) The vendor credits Tobias Klein, www.trapkit.de. 3) The vendor credits Adam Gowdiak. 4) Mario Ballano of 48bits.com, reported via iDefense. 5, 6) Ruben Santamarta of reversemode.com, reported via ZDI. 7) Ruben Santamarta and Mario Ballano, reported via ZDI. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=306896 iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-07-065.html http://www.zerodayinitiative.com/advisories/ZDI-07-066.html http://www.zerodayinitiative.com/advisories/ZDI-07-067.html http://www.zerodayinitiative.com/advisories/ZDI-07-068.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values. Apple QuickTime contains a buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to execute code. User interaction is required to exploit this vulnerability in that the target must open a malicious file.The specific flaw exists in the parsing of the CTAB atom. This memory corruption can lead to the execution of arbitrary code. Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OSX. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. ZDI-07-065: Apple QuickTime Color Table RGB Parsing Heap Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-065.html November 5, 2007 -- CVE ID: CVE-2007-4677 -- Affected Vendor: Apple -- Affected Products: QuickTime 7.2 -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 5610. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://docs.info.apple.com/article.html?artnum=306896 -- Disclosure Timeline: 2007.09.14 - Vulnerability reported to vendor 2007.11.05 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by Ruben Santamarta of reversemode.com and Mario Ballano of 48bits.com. -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at postmaster@3com.com. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-310A Apple QuickTime Updates for Multiple Vulnerabilities Original release date: November 06, 2007 Last revised: -- Source: US-CERT Systems Affected Vulnerabilities in Apple QuickTime affect * Apple Mac OS X * Microsoft Windows Overview Apple QuickTime contains multiple vulnerabilities. I. Description Apple QuickTime 7.3 resolves multiple vulnerabilities in the way different types of image and media files are handled. Note that Apple iTunes installs QuickTime, so any system with iTunes is vulnerable. II. For further information, please see About the security content of QuickTime 7.3. III. Solution Upgrade QuickTime Upgrade to QuickTime 7.3. This and other updates for Mac OS X are available via Apple Update. Secure your web browser To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser. References * About the security content of the QuickTime 7.3 Update - <http://docs.info.apple.com/article.html?artnum=306896> * How to tell if Software Update for Windows is working correctly when no updates are available - <http://docs.info.apple.com/article.html?artnum=304263> * Apple QuickTime Download - <http://www.apple.com/quicktime/download/> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> * Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/> _________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-310A.html> _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA07-310A Feedback VU#208011" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. _________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History November 6, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRzD0F/RFkHkM87XOAQLSVwf+LsCvcentaE5ATCISYhYd31ionkGNS9cn LeBC+yCyR330ztfQ9iBphoxxp+fYKpa/RRfnFHqJlv80HYYOiJvnunCdOY5IAbo5 ZyS2vou/ArW5WzJqk9Yq+31hClKQOIoLf/+NcUc7iKkfSBUC8/RsspascX31a1U+ dMF217Q/i9imjMhHr+PXZagRT1naUo8ygeDZ+94Vq+3XUB6qZb6rux8vFdVX3nEY yvg02JJTVpHy14Nk0KXfXwEq2Hc9uNTa/KwKknJMVqzev4eCAn+/wb424JxoKhqG lthnzMr/US4Q0NLKpFStcNyETEiKgM9RuZ4v6OWc+nJKVe+QwrDYhQ== =9WUY -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA27523 VERIFY ADVISORY: http://secunia.com/advisories/27523/ CRITICAL: Highly critical IMPACT: Security Bypass, Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/ DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, and compromise a user's system. 2) A boundary error in the handling of Sample Table Sample Descriptor (STSD) atoms can be exploited to cause a heap-based buffer overflow when a user opens a specially crafted movie file. 3) Multiple errors exist in QuickTime for Java. These can be exploited by untrusted Java applets to disclose sensitive information or to execute arbitrary code with escalated privileges when a user visits a web page containing a malicious Java applet. 5) A boundary error in the processing of PICT image files can be exploited to cause a stack-based buffer overflow when a user opens a specially crafted PICT image file containing an invalid length for the "UncompressedQuickTimeData" opcode. 6) Errors exist in the parsing of Poly type opcodes (opcodes 0x0070-74) and the PackBitsRgn field (Opcode 0x0099) when processing PICT image files. The vulnerabilities are reported in QuickTime prior to version 7.3. SOLUTION: Update to version 7.3. QuickTime 7.3 for Leopard: http://www.apple.com/support/downloads/quicktime73forleopard.html QuickTime 7.3 for Tiger: http://www.apple.com/support/downloads/quicktime73fortiger.html QuickTime 7.3 for Panther: http://www.apple.com/support/downloads/quicktime73forpanther.html QuickTime 7.3 for Windows: http://www.apple.com/support/downloads/quicktime73forwindows.html PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Dylan Ashe, Adobe Systems Incorporated. 2) The vendor credits Tobias Klein, www.trapkit.de. 3) The vendor credits Adam Gowdiak. 4) Mario Ballano of 48bits.com, reported via iDefense. 5, 6) Ruben Santamarta of reversemode.com, reported via ZDI. 7) Ruben Santamarta and Mario Ballano, reported via ZDI. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=306896 iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-07-065.html http://www.zerodayinitiative.com/advisories/ZDI-07-066.html http://www.zerodayinitiative.com/advisories/ZDI-07-067.html http://www.zerodayinitiative.com/advisories/ZDI-07-068.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Stack-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid UncompressedQuickTimeData opcode length in a PICT image. User interaction is required to exploit this vulnerability in that the target must open a malicious image file.The specific flaw exists in the parsing of the pict file format. Apple QuickTime is prone to a stack-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://docs.info.apple.com/article.html?artnum=306896 -- Disclosure Timeline: 2007.09.14 - Vulnerability reported to vendor 2007.11.05 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by Ruben Santamarta of reversemode.com. -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at postmaster@3com.com. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-310A Apple QuickTime Updates for Multiple Vulnerabilities Original release date: November 06, 2007 Last revised: -- Source: US-CERT Systems Affected Vulnerabilities in Apple QuickTime affect * Apple Mac OS X * Microsoft Windows Overview Apple QuickTime contains multiple vulnerabilities. I. Description Apple QuickTime 7.3 resolves multiple vulnerabilities in the way different types of image and media files are handled. Note that Apple iTunes installs QuickTime, so any system with iTunes is vulnerable. II. For further information, please see About the security content of QuickTime 7.3. III. Solution Upgrade QuickTime Upgrade to QuickTime 7.3. This and other updates for Mac OS X are available via Apple Update. Secure your web browser To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser. References * About the security content of the QuickTime 7.3 Update - <http://docs.info.apple.com/article.html?artnum=306896> * How to tell if Software Update for Windows is working correctly when no updates are available - <http://docs.info.apple.com/article.html?artnum=304263> * Apple QuickTime Download - <http://www.apple.com/quicktime/download/> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> * Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/> _________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-310A.html> _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA07-310A Feedback VU#208011" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. _________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History November 6, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRzD0F/RFkHkM87XOAQLSVwf+LsCvcentaE5ATCISYhYd31ionkGNS9cn LeBC+yCyR330ztfQ9iBphoxxp+fYKpa/RRfnFHqJlv80HYYOiJvnunCdOY5IAbo5 ZyS2vou/ArW5WzJqk9Yq+31hClKQOIoLf/+NcUc7iKkfSBUC8/RsspascX31a1U+ dMF217Q/i9imjMhHr+PXZagRT1naUo8ygeDZ+94Vq+3XUB6qZb6rux8vFdVX3nEY yvg02JJTVpHy14Nk0KXfXwEq2Hc9uNTa/KwKknJMVqzev4eCAn+/wb424JxoKhqG lthnzMr/US4Q0NLKpFStcNyETEiKgM9RuZ4v6OWc+nJKVe+QwrDYhQ== =9WUY -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA27523 VERIFY ADVISORY: http://secunia.com/advisories/27523/ CRITICAL: Highly critical IMPACT: Security Bypass, Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/ DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, and compromise a user's system. 2) A boundary error in the handling of Sample Table Sample Descriptor (STSD) atoms can be exploited to cause a heap-based buffer overflow when a user opens a specially crafted movie file. 3) Multiple errors exist in QuickTime for Java. These can be exploited by untrusted Java applets to disclose sensitive information or to execute arbitrary code with escalated privileges when a user visits a web page containing a malicious Java applet. 4) A boundary error exists in the processing of panorama sample atoms in QTVR (QuickTime Virtual Reality) movie files, which can be exploited to cause a heap-based buffer overflow when a user is enticed to open a specially crafted movie file. 6) Errors exist in the parsing of Poly type opcodes (opcodes 0x0070-74) and the PackBitsRgn field (Opcode 0x0099) when processing PICT image files. 7) An error in the parsing of CTAB atoms can be exploited to cause a heap-based buffer overflow when a user opens a specially crafted movie file containing an invalid color table. The vulnerabilities are reported in QuickTime prior to version 7.3. SOLUTION: Update to version 7.3. QuickTime 7.3 for Leopard: http://www.apple.com/support/downloads/quicktime73forleopard.html QuickTime 7.3 for Tiger: http://www.apple.com/support/downloads/quicktime73fortiger.html QuickTime 7.3 for Panther: http://www.apple.com/support/downloads/quicktime73forpanther.html QuickTime 7.3 for Windows: http://www.apple.com/support/downloads/quicktime73forwindows.html PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Dylan Ashe, Adobe Systems Incorporated. 2) The vendor credits Tobias Klein, www.trapkit.de. 3) The vendor credits Adam Gowdiak. 4) Mario Ballano of 48bits.com, reported via iDefense. 5, 6) Ruben Santamarta of reversemode.com, reported via ZDI. 7) Ruben Santamarta and Mario Ballano, reported via ZDI. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=306896 iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-07-065.html http://www.zerodayinitiative.com/advisories/ZDI-07-066.html http://www.zerodayinitiative.com/advisories/ZDI-07-067.html http://www.zerodayinitiative.com/advisories/ZDI-07-068.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image. Apple QuickTime contains a stack buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to execute code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exist in the parsing of the PackBitsRgn field (Opcode 0x0099). Due to improper handling of a malformed element in the structure, heap corruption occurs. If properly constructed this can lead to code execution running under the credentials of the user. Apple QuickTime is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit these issues by enticing an unsuspecting user to open a specially crafted PICT image file. Failed exploit attempts likely result in denial-of-service conditions. These issues affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. would trigger this overflow, resulting in the execution of arbitrary instructions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-310A Apple QuickTime Updates for Multiple Vulnerabilities Original release date: November 06, 2007 Last revised: -- Source: US-CERT Systems Affected Vulnerabilities in Apple QuickTime affect * Apple Mac OS X * Microsoft Windows Overview Apple QuickTime contains multiple vulnerabilities. I. Note that Apple iTunes installs QuickTime, so any system with iTunes is vulnerable. II. For further information, please see About the security content of QuickTime 7.3. III. Solution Upgrade QuickTime Upgrade to QuickTime 7.3. This and other updates for Mac OS X are available via Apple Update. Secure your web browser To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser. References * About the security content of the QuickTime 7.3 Update - <http://docs.info.apple.com/article.html?artnum=306896> * How to tell if Software Update for Windows is working correctly when no updates are available - <http://docs.info.apple.com/article.html?artnum=304263> * Apple QuickTime Download - <http://www.apple.com/quicktime/download/> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> * Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/> _________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-310A.html> _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA07-310A Feedback VU#208011" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. _________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History November 6, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRzD0F/RFkHkM87XOAQLSVwf+LsCvcentaE5ATCISYhYd31ionkGNS9cn LeBC+yCyR330ztfQ9iBphoxxp+fYKpa/RRfnFHqJlv80HYYOiJvnunCdOY5IAbo5 ZyS2vou/ArW5WzJqk9Yq+31hClKQOIoLf/+NcUc7iKkfSBUC8/RsspascX31a1U+ dMF217Q/i9imjMhHr+PXZagRT1naUo8ygeDZ+94Vq+3XUB6qZb6rux8vFdVX3nEY yvg02JJTVpHy14Nk0KXfXwEq2Hc9uNTa/KwKknJMVqzev4eCAn+/wb424JxoKhqG lthnzMr/US4Q0NLKpFStcNyETEiKgM9RuZ4v6OWc+nJKVe+QwrDYhQ== =9WUY -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA27523 VERIFY ADVISORY: http://secunia.com/advisories/27523/ CRITICAL: Highly critical IMPACT: Security Bypass, Exposure of sensitive information, System access WHERE: >From remote SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/ DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, and compromise a user's system. 2) A boundary error in the handling of Sample Table Sample Descriptor (STSD) atoms can be exploited to cause a heap-based buffer overflow when a user opens a specially crafted movie file. 3) Multiple errors exist in QuickTime for Java. These can be exploited by untrusted Java applets to disclose sensitive information or to execute arbitrary code with escalated privileges when a user visits a web page containing a malicious Java applet. 4) A boundary error exists in the processing of panorama sample atoms in QTVR (QuickTime Virtual Reality) movie files, which can be exploited to cause a heap-based buffer overflow when a user is enticed to open a specially crafted movie file. 7) An error in the parsing of CTAB atoms can be exploited to cause a heap-based buffer overflow when a user opens a specially crafted movie file containing an invalid color table. The vulnerabilities are reported in QuickTime prior to version 7.3. SOLUTION: Update to version 7.3. QuickTime 7.3 for Leopard: http://www.apple.com/support/downloads/quicktime73forleopard.html QuickTime 7.3 for Tiger: http://www.apple.com/support/downloads/quicktime73fortiger.html QuickTime 7.3 for Panther: http://www.apple.com/support/downloads/quicktime73forpanther.html QuickTime 7.3 for Windows: http://www.apple.com/support/downloads/quicktime73forwindows.html PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Dylan Ashe, Adobe Systems Incorporated. 2) The vendor credits Tobias Klein, www.trapkit.de. 3) The vendor credits Adam Gowdiak. 4) Mario Ballano of 48bits.com, reported via iDefense. 5, 6) Ruben Santamarta of reversemode.com, reported via ZDI. 7) Ruben Santamarta and Mario Ballano, reported via ZDI. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=306896 iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=620 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-07-065.html http://www.zerodayinitiative.com/advisories/ZDI-07-066.html http://www.zerodayinitiative.com/advisories/ZDI-07-067.html http://www.zerodayinitiative.com/advisories/ZDI-07-068.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://docs.info.apple.com/article.html?artnum=306896 -- Disclosure Timeline: 2007.09.14 - Vulnerability reported to vendor 2007.11.05 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by Ruben Santamarta of reversemode.com. -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at postmaster@3com.com

The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permissions (group writable), which allows local admin users to gain root privileges by replacing unspecified files, which are executed when a user with physical access inserts a disk and the "Show Progress During Mount Scans" option is enabled. Symantec AntiVirus for Macintosh is prone to a local privilege-escalation vulnerability. This issue occurs in the Mount Scan feature. An attacker with group 'admin' privileges can exploit this issue to execute arbitrary code with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. The weakness is caused due to insecure permissions on the "/Library/Application Support" folder. replacing a certain application within the affected folder or tricking the Disk Mount scanner into launching an arbitrary executable by renaming folders. Successful exploitation requires membership of the "admin" group and that "mount scanning" is enabled and configured to show the progress. Linux and Windows versions are not affected. SOLUTION: The vendor recommends to disable "Show Progress During Mount Scans" and to set the sticky bit for the folder "Library/Application Support" (see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: The vendor credits William Carrel. ORIGINAL ADVISORY: http://securityresponse.symantec.com/avcenter/security/Content/2007.11.02.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method. SonicWALL SSL VPN Client is prone to multiple remote vulnerabilities. The issues occur in different ActiveX controls and include arbitrary-file-deletion and multiple stack-based buffer-overflow vulnerabilities. Attackers can exploit these issues to execute arbitrary code within the context of the affected application and delete arbitrary files on the client's computer. Failed exploit attempts will result in denial-of-service conditions. These issues affect SonicWALL SSL VPN 1.3.0.3 software as well as WebCacheCleaner 1.3.0.3 and NeLaunchCtrl 2.1.0.49 ActiveX controls; other versions may also be vulnerable. SonicWALL SSL-VPN can provide simple and easy-to-use VPN solutions for enterprise networks. Stack buffer, the following method can be used to jump the process to the UVWX domain: o.AddRouteEntry ("", "ABCDEFGHIJKLMNOPQRSTUVWX"); The following properties are also affected by Unicode overflow: serverAddress sessionId clientIPLower clientIPHigher userName domainName dnsSuffix. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: SonicWALL SSL VPN ActiveX Controls Multiple Vulnerabilities SECUNIA ADVISORY ID: SA27469 VERIFY ADVISORY: http://secunia.com/advisories/27469/ CRITICAL: Highly critical IMPACT: Manipulation of data, System access WHERE: >From remote OPERATING SYSTEM: SonicWALL SSL-VPN 2000 2.x http://secunia.com/product/9056/ SonicWALL SSL-VPN 200 2.x http://secunia.com/product/16416/ SonicWALL SSL-VPN 4000 2.x http://secunia.com/product/16417/ DESCRIPTION: Some vulnerabilities have been reported in SonicWALL SSL VPN, which can be exploited by malicious people to delete arbitrary files or to compromise a user's system. 1) Boundary errors within the NetExtender NELaunchCtrl ActiveX control when handling arguments passed to certain methods (e.g. "AddRouteEntry()", "serverAddress()", "sessionId()", "clientIPLower()", "clientIPHigher()", "userName()", "domainName()", and "dnsSuffix()") can be exploited to cause buffer overflows when a user e.g. visits a malicious website. The vulnerabilities are reported in WebCacheCleaner ActiveX control version 1.3.0.3 and NeLaunchCtrl ActiveX control version 2.1.0.49. Other versions may also be affected. SOLUTION: Update to firmware version 2.5 for SonicWALL SSL VPN 2000/4000, and version 2.1 for SonicWALL SSL-VPN 200. http://www.sonicwall.com/us/643.htm PROVIDED AND/OR DISCOVERED BY: 1) Independently discovered by: * lofi42 * Will Dormann, CERT/CC ("AddRouteEntry()" method) 2) lofi42 ORIGINAL ADVISORY: SEC Consult: http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt US-CERT VU#298521: http://www.kb.cert.org/vuls/id/298521 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Absolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 before 2.1, and SSL-VPN 2000/4000 before 2.5, allows remote attackers to delete arbitrary files via a full pathname in the argument to the FileDelete method. SonicWALL SSL VPN Client is prone to multiple remote vulnerabilities. The issues occur in different ActiveX controls and include arbitrary-file-deletion and multiple stack-based buffer-overflow vulnerabilities. Failed exploit attempts will result in denial-of-service conditions. These issues affect SonicWALL SSL VPN 1.3.0.3 software as well as WebCacheCleaner 1.3.0.3 and NeLaunchCtrl 2.1.0.49 ActiveX controls; other versions may also be vulnerable. SonicWALL SSL-VPN can provide simple and easy-to-use VPN solutions for enterprise networks. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: SonicWALL SSL VPN ActiveX Controls Multiple Vulnerabilities SECUNIA ADVISORY ID: SA27469 VERIFY ADVISORY: http://secunia.com/advisories/27469/ CRITICAL: Highly critical IMPACT: Manipulation of data, System access WHERE: >From remote OPERATING SYSTEM: SonicWALL SSL-VPN 2000 2.x http://secunia.com/product/9056/ SonicWALL SSL-VPN 200 2.x http://secunia.com/product/16416/ SonicWALL SSL-VPN 4000 2.x http://secunia.com/product/16417/ DESCRIPTION: Some vulnerabilities have been reported in SonicWALL SSL VPN, which can be exploited by malicious people to delete arbitrary files or to compromise a user's system. 1) Boundary errors within the NetExtender NELaunchCtrl ActiveX control when handling arguments passed to certain methods (e.g. "AddRouteEntry()", "serverAddress()", "sessionId()", "clientIPLower()", "clientIPHigher()", "userName()", "domainName()", and "dnsSuffix()") can be exploited to cause buffer overflows when a user e.g. visits a malicious website. The vulnerabilities are reported in WebCacheCleaner ActiveX control version 1.3.0.3 and NeLaunchCtrl ActiveX control version 2.1.0.49. Other versions may also be affected. SOLUTION: Update to firmware version 2.5 for SonicWALL SSL VPN 2000/4000, and version 2.1 for SonicWALL SSL-VPN 200. http://www.sonicwall.com/us/643.htm PROVIDED AND/OR DISCOVERED BY: 1) Independently discovered by: * lofi42 * Will Dormann, CERT/CC ("AddRouteEntry()" method) 2) lofi42 ORIGINAL ADVISORY: SEC Consult: http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt US-CERT VU#298521: http://www.kb.cert.org/vuls/id/298521 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5) userName, (6) domainName, or (7) dnsSuffix Unicode property value. NOTE: the AddRouteEntry vector is covered by CVE-2007-5603. SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX The control contains a buffer overflow vulnerability. SonicWALL SSL VPN Client is prone to multiple remote vulnerabilities. The issues occur in different ActiveX controls and include arbitrary-file-deletion and multiple stack-based buffer-overflow vulnerabilities. Attackers can exploit these issues to execute arbitrary code within the context of the affected application and delete arbitrary files on the client's computer. Failed exploit attempts will result in denial-of-service conditions. These issues affect SonicWALL SSL VPN 1.3.0.3 software as well as WebCacheCleaner 1.3.0.3 and NeLaunchCtrl 2.1.0.49 ActiveX controls; other versions may also be vulnerable. SonicWALL SSL-VPN can provide simple and easy-to-use VPN solutions for enterprise networks. There are multiple security holes in the ActiveX control implementation of SonicWALL SSL-VPN, and remote attackers may take advantage of these holes to control the user system. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: SonicWALL SSL VPN ActiveX Controls Multiple Vulnerabilities SECUNIA ADVISORY ID: SA27469 VERIFY ADVISORY: http://secunia.com/advisories/27469/ CRITICAL: Highly critical IMPACT: Manipulation of data, System access WHERE: >From remote OPERATING SYSTEM: SonicWALL SSL-VPN 2000 2.x http://secunia.com/product/9056/ SonicWALL SSL-VPN 200 2.x http://secunia.com/product/16416/ SonicWALL SSL-VPN 4000 2.x http://secunia.com/product/16417/ DESCRIPTION: Some vulnerabilities have been reported in SonicWALL SSL VPN, which can be exploited by malicious people to delete arbitrary files or to compromise a user's system. 1) Boundary errors within the NetExtender NELaunchCtrl ActiveX control when handling arguments passed to certain methods (e.g. "AddRouteEntry()", "serverAddress()", "sessionId()", "clientIPLower()", "clientIPHigher()", "userName()", "domainName()", and "dnsSuffix()") can be exploited to cause buffer overflows when a user e.g. visits a malicious website. Other versions may also be affected. SOLUTION: Update to firmware version 2.5 for SonicWALL SSL VPN 2000/4000, and version 2.1 for SonicWALL SSL-VPN 200. http://www.sonicwall.com/us/643.htm PROVIDED AND/OR DISCOVERED BY: 1) Independently discovered by: * lofi42 * Will Dormann, CERT/CC ("AddRouteEntry()" method) 2) lofi42 ORIGINAL ADVISORY: SEC Consult: http://www.sec-consult.com/fileadmin/Advisories/20071101-0_sonicwall_multiple.txt US-CERT VU#298521: http://www.kb.cert.org/vuls/id/298521 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in the Groupmax Collaboration - Schedule component in Hitachi Groupmax Collaboration Portal 07-30 through 07-30-/F and 07-32 through 07-32-/C, uCosminexus Collaboration Portal 06-30 through 06-30-/F and 06-32 through 06-32-/C, and Groupmax Collaboration Web Client - Mail/Schedule 07-30 through 07-30-/F and 07-32 through 07-32-/B might allow remote attackers to obtain sensitive information via unspecified vectors related to schedule portlets. The Schedule component in Groupmax Collaboration contains an information disclosure vulnerability where non-disclosable information can be displayed on a schedule portlet.Unintended information diasclosure could occur, which an attacker could exploit for further attack. Attackers can exploit this issue to access potentially sensitive information that could aid in further attacks. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Please see vendor advisory for affected products and versions. SOLUTION: Update to the latest versions (please see vendor advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS07-036_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail Server 2006.22, allows remote attackers to execute arbitrary code via a long boundary parameter in a multipart MIME e-mail message. IMail Client, which is included in Ipswitch IMail Server, is prone to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Attackers may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. This issue affects IMail Client 9.22, which is included with IMail Server 2006.22; other versions may also be affected. IPSwitch IMail is a Windows-based mail service program. ====================================================================== 2) Severity Rating: Moderately critical Impact: Denial of Service System compromise Where: Remote ====================================================================== 3) Vendor's Description of Software The IMail Client "is provided for those who are administering IMail Server on the NT workstation on which IMail Server is installed. It is useful for reading the 'root' mailbox, working with seldom-used accounts, and testing.". Product Link: http://www.ipswitch.com/purchase/products/imail_server.asp ====================================================================== 4) Description of Vulnerability Secunia Research has discovered a vulnerability in the IMail Client, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the IMail Client when processing emails containing multipart MIME data. ====================================================================== 5) Solution The vendor recommends users to delete the IMail Client application, which will be removed from the next major release of the IPSwitch IMail Server. ====================================================================== 6) Time Table 24/09/2007 - Vendor notified. 25/09/2007 - Vendor response. 30/10/2007 - Public disclosure. ====================================================================== 7) Credits Discovered by Secunia Research. ====================================================================== 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2007-4345 for the vulnerability. ====================================================================== 9) About Secunia Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration: http://corporate.secunia.com/ Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security. http://secunia.com/ Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general: http://corporate.secunia.com/secunia_research/33/ Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions: http://secunia.com/secunia_vacancies/ Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/secunia_security_advisories/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2007-81/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ====================================================================== . ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Successful exploitation may allow execution of arbitrary code. PROVIDED AND/OR DISCOVERED BY: Secunia Research ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2007-81/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists. Blue Coat ProxySG Management Console is prone to two cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Versions prior to ProxySG 4.2.6.1 and 5.2.2.5 are vulnerable. NOTE: This BID originally covered one issue, but was updated to also cover a second issue. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Blue Coat ProxySG SGOS Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA27452 VERIFY ADVISORY: http://secunia.com/advisories/27452/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: Blue Coat Security Gateway OS (SGOS) 4.x http://secunia.com/product/5419/ Blue Coat Security Gateway OS (SGOS) 5.x http://secunia.com/product/12422/ DESCRIPTION: A vulnerability has been reported in the Blue Coat ProxySG SGOS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to unspecified parameters when loading "Certificate Revocation Lists" via the management console is not properly sanitised before being returned to the user. SOLUTION: Update to version 4.2.6.1 or 5.2.2.5. PROVIDED AND/OR DISCOVERED BY: The vendor credits Adrian Pastor of ProCheckUp. ORIGINAL ADVISORY: http://www.bluecoat.com/support/securityadvisories/advisory_cross-site_scripting_vulnerability ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------