Sign-up

VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-200905-0505 CVE-2009-0945 WebKit In SVGPathList Vulnerability in arbitrary code execution related to processing of documents with data structures CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption. WebKit of insertItemBefore Methods include SVGPathList A vulnerability exists in the execution of arbitrary code due to flaws in the processing of documents with data structures.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.The specific flaw exists during the parsing of malformed SVGLists via the SVGPathList data structure, the following lists are affected: SVGTransformList, SVGStringList, SVGNumberList, SVGPathSegList, SVGPointList, SVGLengthList. When a negative index argument is suppled to the insertItemBefore() method, a memory corruption occurs resulting in the ability to execute arbitrary code. WebKit is prone to a remote memory-corruption vulnerability. Failed exploit attempts will result in a denial-of-service condition. The issue also affects the following: Apple Safari prior to 3.2.3 Apple Mac OS X v10.5 through v10.5.6, Apple Mac OS X Server v10.5 through v10.5.6 Google Chrome prior to 1.0.154.65. Safari is the web browser bundled by default in the Apple operating system. There is a memory corruption vulnerability in the processing of SVGList objects in WebKit in Safari. Safari has multiple input validation errors in its handling of the feed: URL, and accessing a malicious feed: URL can lead to arbitrary JavaScript execution. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1988-1 security@debian.org http://www.debian.org/security/ Giuseppe Iuculano February 02, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Packages : qt4-x11 Vulnerability : several vulnerabilities Problem type : local (remote) Debian-specific: no CVE Ids : CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 CVE-2009-1699 CVE-2009-1711 CVE-2009-1712 CVE-2009-1713 CVE-2009-1725 CVE-2009-2700 Debian Bugs : 532718 534946 538347 545793 Several vulnerabilities have been discovered in qt4-x11, a cross-platform C++ application framework. CVE-2009-1690 Use-after-free vulnerability in WebKit, as used in qt4-x11, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs. CVE-2009-1698 WebKit in qt4-x11 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. CVE-2009-1699 The XSL stylesheet implementation in WebKit, as used in qt4-x11 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD. CVE-2009-1711 WebKit in qt4-x11 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. CVE-2009-1713 The XSLT functionality in WebKit, as used in qt4-x11 does not properly implement the document function, which allows remote attackers to read arbitrary local files and files from different security zones. CVE-2009-1725 WebKit in qt4-x11 does not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. CVE-2009-2700 qt4-x11 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. The oldstable distribution (etch) is not affected by these problems. For the stable distribution (lenny), these problems have been fixed in version 4.4.3-1+lenny1. For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 4.5.3-1. We recommend that you upgrade your qt4-x11 packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-x11_4.4.3.orig.tar.gz Size/MD5 checksum: 112939803 376c003317c4417326ba2116370227d0 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-x11_4.4.3-1+lenny1.diff.gz Size/MD5 checksum: 113988 44e1d7b1418a2ea5811b2ba390c6e5e2 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-x11_4.4.3-1+lenny1.dsc Size/MD5 checksum: 2517 a643e142a0548df25f447e5147e36434 Architecture independent packages: http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-doc_4.4.3-1+lenny1_all.deb Size/MD5 checksum: 52927996 d4f9f1f38e28b02b57f77631c80936c5 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-doc-html_4.4.3-1+lenny1_all.deb Size/MD5 checksum: 26654448 7e65171932e77223aa5b1393daec55f5 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 30804 242795a7b4b6b75655d0c2a1900b4f96 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 256632 ea070e02a8243c8b73463820aa18c16c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 194438 7639b8b9266a76ffa2880e10b265bfd0 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 64780 2e260f7f62771c80884a2a35dcb9b449 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 1642920 05ec919d8ff16f4e5bc9a3e3b0ce6718 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 54143826 a8112a75ecbdf5bf5fba60c5ffcf6639 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 493846 ab8a83e873d4b4df0353b24abdfde772 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 90539672 57d2f91d1b32c724e8ac67fa185f08ce http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 4748512 dc56c050f7fd6162b5ea5b4a862e47ec http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 248966 0d4ee203a4eeead29a21142cf5f5f36a http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 2227462 3298ca0048afc6ba038e2173f76ad99b http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 45958 5c05bee20ac16e347b4df914df0ba573 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 3824480 fb0afb2adf09e056ac1b2a952f923f82 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 14064920 9b168b2fe8e39d65a5de4ec66d98dbb3 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 41942 02c839761d645d29e364fa9d585e0155 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 1510874 55bcc0f38bb98aded16cd3d058948f1a http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 1842134 cc1c00d45977cdafc257a38a19c9f3d6 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 148296 62a149e29e40961eb3ee9fa3f71e46cf http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 4747984 5940af0438fa7982819efc9361d4d218 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 10853838 1b534f13f38e5c4d6d3a6605e27ca5ef http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 986808 4008560ed1b894058f5f7f793224470f http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 194846 393eb42698732905ee322c2e88ea3cbf http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 149118 0d473109c91d1a3deb7af4bd6edd7975 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 74138 a395afc4c7c8ba3dad39322d08c9dfd2 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 30798 05efcfccb419463c2b61fb1f3ca29a95 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 506180 e6d0197c68897fe67a908077b2784533 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 2208902 3898119a8c37a4f40ec3e16269fbf32c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 50888 fef3650e86c4153c7247d2846d000431 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 428680 f37d8592f6211e98858663bc7da5aa11 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 62188 6c0c7762f36acdb31cd172cb8d16746f http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 41200 39bc11946cc3e99f9f54c2c0381e6dd4 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 144382 c12f803d4285afc61380fcdf04fcd4de http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_alpha.deb Size/MD5 checksum: 59926 eaa5395d210bfe708d015c176d207481 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 50214 3cbce693aef71ebfc94652571f581a16 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 61290 76c1ba9c1cc77a714e491ec648ac2d49 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 134690 bf94e92323e68a1b948b7983e8883154 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 458816 2625fac9bd465f2267bb7cf3ca9b12b4 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 1377026 0bc2e8c416723c12a1c2b5325f1d255d http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 87591154 684110dfa018fb12451fade881f2b258 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 70622 c3d8b1eae3557735e3d2cffa1c27a943 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 456012 31697e41896daf771dcdcb4c342b9c06 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 10553896 068c89d9d205cce3c972849793ddc8c6 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 42370 21d5c9fbb91e60d69bd9ce720da2e459 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 58260 0fd799b66c8bdbcaefa98b9924f888ec http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 30802 83b99b7cb51bd621183483db893bbeec http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 1537710 cc75e5bc1a0c87b20ed7100d4a293039 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 2079558 559afbeeec5a3d3bd9df5c2dbc6d0896 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 4274120 97907f0117b368f4b9f23e8599473261 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 30814 7e47a757325b8476e352b03a5c5aec78 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 185344 f9f81022af95cf86541b7a21ca68c220 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 62948 51bc553e17ca6d1f015faf7a70705e45 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 53394502 984acdfd4d9573bedbb1cb9fdea32099 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 3448144 7d523c3c7fcead5b0debdf212ab4b0d7 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 1625680 3bf0cbca2bbd44cb0c84ce0c84ef51cf http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 42656 0ae1f63bf9d2776f6e4048d790ff0fb6 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 237786 b0240806281af4bde43a18ca30beaf9c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 4306138 060500a3c0fd9443305bbc3833a2b2bc http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 186262 bf6a12b3e66e84a41c27cc64d8b9222b http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 828912 cb315956769fcb6630164a2cc0db2a9f http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 137534 f7afd2dc5df6ba81c2e8aacd05263288 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-ibase_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 72788 a96bc474a1dc453038d3e20b91e7da26 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 46088 4a2e8968fc286fa45456feb782501e49 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 2093718 97bc8a55dba288d7d8238b7c37242acc http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 411410 25d97c749070beb820016b63e3275ef0 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 13411206 ed59b0df741ce51e3fd53a20c0d2460f http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 132960 bfd90128e17d45d3d1a9e275cf9b8484 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_amd64.deb Size/MD5 checksum: 240992 baa32b82cf072af916cf54f348ac8b21 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 1490244 b7f5b5521e518f8195a93eaa64a47a6f http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 246778 c578bafdc84117e2e0489f345d63a328 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 4090556 c364c817a98b4b55de7db3124d201a3d http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 13976018 09b344b3f55cf804b29c7b902f358a66 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 30552 3d452b1bbe742911a2c49f0a0533c9f8 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 4302420 bbba102425af53a59e362e8f8ed8a176 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 1559374 b39af442b4a69b9e5ed26f3c949a8c45 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 2051900 8b58466730fdfc163674f8ce67465ac1 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 850514 7da47a92f793e4e87d5cf6ddac563a39 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 42030 ae1f63cdb4c19c090c6efe685bfae0d6 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 72300 1b5f88254367f44211bdfdf921c39305 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 182426 a39e968a814382611f19a5834655cdda http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 57682 874b69bbb0a4e184ccad60b18cf71e80 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 60030 8f8a1faf24aedb8c7db0d349ea894837 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 1291440 cce8b6f8f434f8bc1ccb32779cf74644 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 178792 e7b00a6eed81bd71d2f5277e2595bd4f http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 10208362 5bca5461f7ce8a51e55f130fd4c5d852 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 49814 8038cb08e95871bcdbc6eed747729874 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 30542 145c03d402a1d9cdeb105acc4dfd9add http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 129170 a5cc1ffd87f255b17187b9116a9a902f http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 417314 193284b6d133efd2ce923c4c3498b76e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 457766 b8337c15ad7022f03a339d76e288e510 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 51245582 f28d2c30200aa4c3dfa1c658aa8194c3 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 42882 2bb5d6c5158c98e0e753118653e100e6 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 405660 1cf50d4eadc18a9ec58a0b64a57e4bb3 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 89502610 17620beaf7eb7648a6e76bd3b6ef5b81 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 2052626 9d52d385b4dfe5b3e84e9f37f6a5262d http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 62778 96b4ad6c7002d4b5d6e0d29b8c3c48c4 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 139982 0e82833ffd6e4370103a67002551850e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 2935026 7a1986aa9702df21c770f4b66477e0eb http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 45656 b41efd29606c780b4fde733ca7fadd2b http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 133334 79223e7f554a07aec91ee2dd23683edf http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_armel.deb Size/MD5 checksum: 233960 e4fddb32150f6d343bfcc85e7b58215a hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 76570 d8ed6f1595b23cdff3874e2bc9bc16ab http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 502954 af0b3cc8554f302f8e0a8837b2793499 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 88102392 6910957cabd74c068fb43581a7654495 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 1047740 bce5cbb0da6e22a8e3fa9d82faf69a48 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 65002 d54455c037071dfa191e7fa774068345 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 164024 271f70ccadf4536f0168be44d2edb617 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 272194 5ceba67ab66f9c687ccd5aa6dd9a2a42 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 52802 ee752bab39d48e9ed3aa9ac22b459fdc http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 139864 4f5c9f13f9b53d7174ed75bafd186490 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 269716 8c763165b42e2e7fcc2163fd61229a96 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 43398 b7b64dfe8ceeb67d551faee74f8e8184 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 534088 2c2ab2681f9b1d71fa6cc7f16c4aab66 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 1733748 7c2e5e485e341b2440f08cd720d63ee5 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 10984260 b721e64df219e2afda07c0a9dae77bd3 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 48060 ed2b04165cfb65391efbc5a857ef925a http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 42290 27850d5246ca6fd752d8391adb686d48 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 5050272 9788f089c1d28f7b5daefc7948aa0d93 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 13472070 1ef74506e71dfe9d4f54eea5f17888cf http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 1634402 5314d4d81ac19f5645b1e1675ba6525e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 4753614 7c5f9e9415a58b065b593228bd8cac77 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 2311948 368daa9ae5595e3b01fc46c3d772d5e8 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 440934 dff816abb46a6fd0901aa7b46df70978 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 216320 06af895bbc34177ba07a54640fcd82f9 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 4111644 ba7285e1ab7763143616162c647f9c1c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 30560 7179e8bfc10ffba15f16fc489d6c8767 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 54867760 f3a6306eb7868e2051c9133ae13001a5 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 2482204 99df86846bac3b9ed311d208e3d60052 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 1674078 b3a41e98392119d6f18714f2cd30c620 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 30556 4deae2df41ac92447aab4a19f28f449c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 67256 918f264f290aa032321eb41ffe3fb470 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 61638 d43df02948f52ae0ade58491e4e01184 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 215604 1368fdf3f01f9c6c8fe1f9ebf692aa7f http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_hppa.deb Size/MD5 checksum: 150290 3e019e50412c7053e59210d23558ff3f i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 60056 17379341e284a38f644c3ef48f3d153f http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 4308318 f66dac39c8646b5d6f86d687d14876a5 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 86425734 45941d60457519d748df891ae9d6fb3b http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 49540 53ef1e6bd36093d87e3a9ae9e4f8f25b http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 1525530 086e6751de436355a09962c886622f5b http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 41558 610999d2f201d4aa2dbe2a8a7b89a297 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 30562 eb0de8312c4ae39517ce301513321433 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 134916 39a04c32712484b7afdeb8b18e9eaba9 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 1577902 c4e82a4d23e9d82fc3d03df912075dfd http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 132728 9f0b09e83111a6747b398ae769a58838 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 42696 c35fed94056e8b19ef711354aa2ec581 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 444694 f1a39c9137fb693c29296b8e253b13bc http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 780670 23067bad00a58f4072ca1af9a41af2ff http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 460070 a63dc401216e6c27d9047f1a755d2ca0 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 10386438 2591e51461f3b4a7247007cf45267135 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 3249592 ee8c1c0aa94c466ddeaafb4bd1f491db http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 61966 72d831daa19c34c59051845b4cd58a16 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 181350 9f48c0dbab6bb86cb5c59a9024493036 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 2083758 009fd94d4fac6f73eada4d20f91e88a2 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 1389528 c80b6c53b187a323ecdfd3f4cfd5b44d http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 53025666 29e651bcb5703a6bfe40a0800e36df1f http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 30570 1e680aaa186d52d2a2242dd19b76ffa6 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 185196 c8e779b2db03670eb05556887dfd0fc3 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-ibase_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 72576 15f2f845993e5fe2dfe38cf4202e0070 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 236816 c6dfeb8fd01d4405377e4ccdda4131cb http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 4282456 35848f6936fe030424f44e71992631e5 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 57054 ead8f282f8104e070642dcced8ec9bdb http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 135448 6c28e942bcdbeac060e8e8a0a84ddb90 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 45662 7902e7c821865035758a060acc06d1b8 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 13273488 dfd26b502ae2ec0b07ba5c8c3009f47b http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 403720 dfb3f85f19b28ae30d4fb8d7a70b3101 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 2103050 15bf7f0d013780dc6644c598cf9bfc2c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 70224 7292d01857e2e63c8d9c2a7559ce5e5c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_i386.deb Size/MD5 checksum: 240438 0677fbf3af429aed4042035cf5fe3174 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 1117582 626119564af23bf1502e7356f21b6915 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 44950 b77dd8bcdd872ce53477addc87e837fe http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 6027574 84ed0cba631580c23c512ef0528ce6a3 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 30550 67930c8d0685ce81832a8ce84c0f7a24 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 68624 068eb1b54b047f52435a2020e206ae5e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 53396760 3d187d9ea8c05ec521440f2b30091fa6 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 2575384 59b7a007a62ff3a30631333384f4ef15 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 487778 06aca6786068692ae811409418122138 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 295098 dbfaa938bdc60534692c34ffb94abe4c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 2668608 9e82b0b6dfcba94112666fe8ea9c8d9a http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 66094 4cfea5eee8f72a9ac230fa6a460a6d5f http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 41242 1777cf6df5b2dcfbba2d6408e64cc03d http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 54168 5ce5f187a81716b59d8f21bb5b574946 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 233336 53f4577c6bfc5ac24e83a9351f52cb57 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 302362 cc74da836c1676844082c818ed1186a6 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 172432 d240749108d8900be7a1845294bff484 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 89080984 bc9e19f29d3e5528bae6c65f32b716ed http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 579478 488c9c35a86921e6190c0e4955536b37 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 166064 d7731426876b36221566f86a0a0e2453 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 70086 16f96b3e2676c23e80c968753e82784a http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 11526082 37f059728643cfabb94d9733655bac61 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 146634 8327e828736c91db0177ba6ba042cabc http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 1806196 15600b5f7f3d78467e2781fe84910620 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 4894148 f2ace07dc909157d021948dac7fc3bf5 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 13971058 8a29679d1abf4a4e2df783cf1a861a1e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 250056 54ad40eb2b043e44bc0cf72cb82f99e6 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 83468 49e601ace7fc68fda06d2ea501eb79a5 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 49078 2e01f8e5b543ed924286fbb75fa2efd8 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 661268 6d6858547004e307d140d694f27431d4 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 30558 f2ce47b00bc67df9b185cc270a87e47c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 1873218 0e559bc2e24169cd62289412e0453f00 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 5244556 804c0718a2caacf6d26fffdbf006adae http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_ia64.deb Size/MD5 checksum: 2208414 069ed40aae3c456f06c81c06da3460e9 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 13731026 2cf7a5b1603540351b28ea37a98a681b http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 61884 19402e470dd403395446a6e5c55626b3 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 445328 4d20e4060988521dc63cbf37c30f100d http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 232750 0754ed2ce13641874a5fcc696cca9fd7 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 45358 dd4b5a28a81306956a47c03554cc8d59 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 2076344 cc317e6f6ef542e9ef43691e0cdfe625 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 238704 fab119df8f0826eb2c25a090f711b45e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 30564 2c816aed7bf0e28f6b425de26929e419 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 4384714 7900cddfa51331384db080a6040c7f74 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 130570 60d8c58cbbf93fbf0ce8a8df5aa1fee5 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 138014 9e039fbb1238db80bab9e04ecea71a80 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 41614 e05888e3d7f0138c24fb20a5a422b4ca http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 3291732 5a8544c976f02858283c26ba43bd109a http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 1353820 3cd3c7a8b0a56f081f3bca85a27a76ef http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 1997940 54b5e8e103e38cd53a13bfbd27559328 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 1548658 a8a9cc3cc9115c75a45bc0cd694134b8 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 193882 2bf228574df6a2835552b4815afc696a http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 186294 d88d65e6a85ce57bcf9e81fa4fd04b77 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 30556 05b460890a55a81ba0f192235a3c0192 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 4351110 afac1e4e3ac405e1bbe8283e37d20b45 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 49412 ca97fb0c6d14a2114885b2cb87786e15 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 41262 7f4bb9e46d585246ed69e7da595570bd http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 10432216 ef271383ff6f2600b966955f21d75dc1 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 1599606 3e088686e99b421f9f531ea7d5baa162 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 796818 a4a24e95261b29c8da07f3b5b61a14c2 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 57742 1350b3cc65918433cf9974be12129405 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 69750 dc570d8cf67f8ae2f44df459f89a7704 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 60274 eabf99068a0d0182eb1d95bc231d9c82 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 431144 e23f8d941bf2f10c1a9ea53f01b19261 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 55251700 eedba6f66975bbb0433c6e650d33071f http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 425568 c4936529fc1fcb1d135cfc01892ab40d http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 131324 0a867f9ea1ea1eb906d46f43c180fe05 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_mips.deb Size/MD5 checksum: 89596300 6d22a177a7c1ef7e457a75756990d604 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 229968 e7876664a0ea2577213f6dc854dc7beb http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 10376684 ee440eeb5d00ea1a8e1172d3b3d00aff http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 4347292 f4cd4c89a0f7537f8e26f6879a0f893e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 191406 9f015ddc9e3e9c718cb97ab11296c6e5 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 41540 7661ae54a10a2d2ca44875d123705870 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 30552 3d0751fdd9aed771e4912c211bea089e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 1958868 43fc237fccc7979cb4328769a9712b44 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 236330 f39a7a36d1d13e6cabc183b54bc8a541 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 135644 50bb1a918ca208dbb524211ca2f1fd72 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 4290348 10ad0e19a2388acc31a88f8ac25ad2e5 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 57452 e41274c827e5cf94498772b74579d58e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 30570 f48d279ccdd49c6e519da7df2f910b1e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 86262916 279b30139f7d4e7a24bc3fe3873d802e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 130074 20a9cb3f067bb663cf6b9e5500afc15d http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 3144304 18c39b4efe29da0f6698f7cc1662513c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 759628 8bd9c81c6160c6fa73955e6eb7589143 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 129280 0d196ba45f0f25957b28519063fec79a http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 59950 ce633cf5f8ca612bdea81d98eb984c39 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 69248 c26886682df753907b8c6e32167135e8 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 1585390 09d818aafb7331444c5f799390a5ab61 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 49176 34549e52d8e29ed02c7d469145c47391 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 1532608 37e6e25a50b4f9823a5455c51966c8e3 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 425456 5883cd14a56c3bc2903f72704231a0bf http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 439666 5fbc5af909dc395f49f720542f8735d1 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 13194092 ea7674bd0c4b797d0295b17dd1ed3e85 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 45182 8ffbc7bb8d565ddc3fe773a2c099a523 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 422618 b1edf41f7dc0214b2dac0c3395fac73c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 52871332 be96377a4b5ebdaddef10c5001895cbe http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 2048016 8569e3fdef2371d07a123344e7ef8abb http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 61554 bf0effb3185b92e7eb0de5729f1be76e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 41254 70f58c78b610e1937e52eb34e5809d2e http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 1327318 de6c4ecc2baf7e28b8705dca4f3606a7 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_mipsel.deb Size/MD5 checksum: 184066 ff313cbda6b9bcb6dd71dc7cca3c07ec powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 13997058 d47bbbd31efc9282a917cc48d921c1fb http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 140650 f0f469b814443d6113365d6ac8c01b4f http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 42212 81d51c4361750df38e6dd7bcb7f294e4 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 4435166 cd8b0b45170ea1ccb5af66a2a037f9ac http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 196810 77aa5a519b4bbc82fac8ea9d7086ede4 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 60652 8ce4b23af0fc90b90d9c4d53d1a50bda http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 30802 69317bc289e10bf016e6df959f364f63 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 2182738 31201b8165db906fb338c217aaf7b835 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 44858 e2f7113b7b7c00a86caf179c2a8042b2 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 90556268 8acc67fe335daaf799bece65ea6ef2e4 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 2149626 93b142c76b1c8e1fba0f2d5c5e1f52b0 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-ibase_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 75792 97ae586b12501133f0f3c2139fd55620 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 64864 33f39474f447957c77cb1eca2188fdff http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 251222 2b12af171e0b6bc3e01a2d169f8e9ded http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 4545642 fb808821c12d59490d232c1573ce9425 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 140016 deb24263775b117ef8367bc89d4d68be http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 3497416 0f97f950fb49a399532694aa6ab40b8c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 459192 5ee6a6fbfa1548358ca2ad801e033340 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 144158 80581254defdb7d7b7d3af7069ff14b2 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 72716 7912412d5e675fb673132200d9d9117d http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 480786 60e389b50aae477531b50dc2905f20b8 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 1594040 395947773b25b0692d566f9c6e47e0b4 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 48414 9056405b51e0f2cad816e071a36776f4 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 194714 caad1a28959aa7fea561dc06bef55346 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 55217666 f4f0f246c07a7ae1b44497fc00dbd8e3 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 244830 f074a00e007903e3771c66df7f3efcfa http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 30790 c1dec1bf28a20e1bd2a24833d2384bec http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 52576 c783203cfb164e0013fbfded1c1d0052 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 854404 560ba73fc55690189a271215f3ef2c2e http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 422532 b0ffc9c56df7f7f2445eee291c820749 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 11235082 9a80f5e8649a24c8c4da3b4f77f2d924 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 1597838 597ccee014ca55295e45cc97f98cf73c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 1455288 bfd8f94f8a4f65603cf0c3ad7762ab78 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_powerpc.deb Size/MD5 checksum: 65100 8d6ca22bb24e9304c2030e99ac38279a s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 852900 ab84bcde1321f0b33c04686edbdd7f1d http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 42392 47c06dcbbd608394b79a52ce13befe24 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 4336914 41015bf0edea53f8df86a3f0892b0516 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 186528 f627eabae0217449b946acbadd9d2885 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 245080 5d54afb9b1998f0cbe571c2d4bc63d98 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 4317764 3c3bf66ecd2a332dcee92f90ce8c7e76 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 55245590 565b4ec96fbf02ac81f9e08cf3af205a http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 63496 ac31ab8ec8679251afc06f54d49aa4ee http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 1548988 516a92fd4db89942aa6b8e6a21ce02d0 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 10492564 9fd10fe6fd84eb14d3b23832eab65124 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 192324 f7ab5380c677edcf15ebdd8e4f184a34 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 45234 66f5a114119c904ad46e6e848154ecd2 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 70528 708da134eee0742b14bdc76af09c1627 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 449388 ddfe9418c152ae4a55042d85d69c9c37 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 1417152 806724b858f8c693c582360f544ee5de http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 1475076 3d24017f5b062c615f490301ac27214a http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 14296138 9aeeb16c17f3034e55a0b7a82643417a http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 142528 d836b52cf73b72199562d684a8eeb2ed http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 30558 8277d0f9382a8f7a4867d6a87711ea87 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 414206 91ad7bda75d6664b197485977a8955f2 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 30546 632c492577c5af53fc01161de449dabb http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 2154792 5b8fe3e7e176155dc97e5ffcfe7426fd http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 91685948 b8b0e9db0180b1c47c16bdd5746598ef http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 62314 c47784c1587ea7e4425a33495c9de617 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 2095460 145b66848768e0f8330e2edbc88db858 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 138826 7a8a21a09786137a9c13ab56988488ce http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 42386 64c89d29b0f5d0d84536105c6beff329 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 59058 a6cecbd3d78430f46b0317e2c9e0ea45 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 129886 76b18008de98800aed1777ddaf1d0a86 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 246406 43de5e12b7dcd643850775095b120a1c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 49912 e42ce220d1adfac8630ee0eed70ce2b9 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 3378234 976ddc4073eb8acbbd4bdb2d2fb3cf83 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_s390.deb Size/MD5 checksum: 477090 d2fd78ee5b1d8b1b93830e5b9d10cea4 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 1612394 aeed09e1c797c6f3c78c2db6adddbd66 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 13513910 e11a313d02af5a5b79733f13ad5a9627 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 133442 e42268cd2ac22a6e0af50701d289d81b http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 138466 b789834cb08512d7f2cf779cf00e60e9 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 62244 8d8fc29313a6ecec4863bc1eaf20b0a7 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 86626712 cbe2e0a6baeba262cf0f6134aca47998 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 238238 3fdf41c36cce556577084517cfe63c6d http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 245044 919c3190e38c7ba7be27bdc24db75653 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-ibase_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 69856 a06755c7fc2a9974ab129bc02b2d7e5c http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 418010 5a8a929c3d633524085bac704917ab55 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 2098292 d926ce20c96607548bfbef73bba1ac8b http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 180832 32e134535beccec0979de7d105ff7490 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 54687724 1088d3a4524de00036f2c88559c7ec07 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 49476 aa94973518edb2faaad42c2205aa930c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 45524 0fb2f6c5e15d90e2aeaaf96289a6ba17 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 60184 9e22d62c7c2d77a7d75644680ab9811c http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 30810 45cf6b13c45cb2811780530b8a60f04a http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 1582588 ff25c993d3d60e229cef37321692a1fd http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 10547182 7243f1579c193aec7c3d472b65383861 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 1376686 edcdf57e4e38b4f3b2937de6b808a0f5 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 3692006 a01a7f3e016589c2eba628a72c554064 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 186504 b008a5e95976305e9412c286195501c1 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 69522 29dfe86fa6214e7dedd4caa3e89f6fec http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 451670 cdd73f76458886fd7fc787d4c7145622 http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 4302930 65d8e1404fc0d9cfe0fb1f0e94be0900 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 4349116 3867bd57ca4431d98fe4a476c3580990 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 30802 9a791075b2a61d609b00964e08777ad4 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 457166 c2ffc3b9e5128626418b082aacff0dcf http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 2110668 e01397334eae0b1520ec76d179f4b10b http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 42510 e72b9f8cc81106c60ea68e600166b903 http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 138498 c32afba000ebf7e606381e014ac6a424 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 42218 882c929eb6b8334340f3483c89e17eae http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 57508 590be78cb50ec0134ef9f1bfbc0e3595 http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_sparc.deb Size/MD5 checksum: 1053648 28d8a618c3eaf32fb797fa56e00a8f81 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAktoqrUACgkQNxpp46476apXlwCfX4/NGKODvpcR0lKw69TjHNlV 0CQAn37Oz00Rq3T2OwNDVTcTpYzDyCMJ =yUgH -----END PGP SIGNATURE----- . NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0791). (CVE-2009-1709). This update provides a solution to this vulnerability. (CVE-2009-1687). (CVE-2009-1690). (CVE-2009-0689). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1687 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1725 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1690 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2537 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0945 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.1: c08161eacba6cdb1b0ba26babe5f8cc5 2009.1/i586/kdelibs4-core-4.2.4-0.8mdv2009.1.i586.rpm 933468cf4109252dac5119edd958f73d 2009.1/i586/kdelibs4-devel-4.2.4-0.8mdv2009.1.i586.rpm 96703a0ef0baf299647ff27d64cb0680 2009.1/i586/libkde3support4-4.2.4-0.8mdv2009.1.i586.rpm e5f60ba41e5919fa77c313b204e1f712 2009.1/i586/libkdecore5-4.2.4-0.8mdv2009.1.i586.rpm cf8af6e467cd1585c44e1cce01362526 2009.1/i586/libkdefakes5-4.2.4-0.8mdv2009.1.i586.rpm 1c9c04b5f6c0c59d2e5860b077e0c6e3 2009.1/i586/libkdesu5-4.2.4-0.8mdv2009.1.i586.rpm 89fe7c33c7e5bcc23595560ae4664bf6 2009.1/i586/libkdeui5-4.2.4-0.8mdv2009.1.i586.rpm 30b73ef58ac3a45ff86756ad09d0d555 2009.1/i586/libkdnssd4-4.2.4-0.8mdv2009.1.i586.rpm a1f00af00ea7e52d9f187f1fe5ccdfe2 2009.1/i586/libkfile4-4.2.4-0.8mdv2009.1.i586.rpm 553486988b945307ee038cb41dcb76e6 2009.1/i586/libkhtml5-4.2.4-0.8mdv2009.1.i586.rpm 9d9501ff70e709c5ea32b35aa985688a 2009.1/i586/libkimproxy4-4.2.4-0.8mdv2009.1.i586.rpm a2ec3f440eb6cf545abbc63a3d34c1e5 2009.1/i586/libkio5-4.2.4-0.8mdv2009.1.i586.rpm 4168e955b60a5a69d8f1e085b30d0424 2009.1/i586/libkjs4-4.2.4-0.8mdv2009.1.i586.rpm bfcece9c73348c6415c48ec266877908 2009.1/i586/libkjsapi4-4.2.4-0.8mdv2009.1.i586.rpm 228ca7dc2a86fdc868a5937b16a7a08c 2009.1/i586/libkjsembed4-4.2.4-0.8mdv2009.1.i586.rpm f6297ae0630eb6207895df9f2f971eb6 2009.1/i586/libkmediaplayer4-4.2.4-0.8mdv2009.1.i586.rpm cf6113c17858d5e6e3c0e04622f8a66c 2009.1/i586/libknewstuff2_4-4.2.4-0.8mdv2009.1.i586.rpm da55a2f428ad020834f7b91c0023ecf6 2009.1/i586/libknotifyconfig4-4.2.4-0.8mdv2009.1.i586.rpm 9fef466138ff78a3d6d3244998a9ba30 2009.1/i586/libkntlm4-4.2.4-0.8mdv2009.1.i586.rpm 4f7c0ad254ec1990f5dab1c0b959629d 2009.1/i586/libkparts4-4.2.4-0.8mdv2009.1.i586.rpm 8c58d6a9a6ec7fc21f287b2f4c2e9858 2009.1/i586/libkpty4-4.2.4-0.8mdv2009.1.i586.rpm 8ed500d050b95560d7eff6db26fa05ee 2009.1/i586/libkrosscore4-4.2.4-0.8mdv2009.1.i586.rpm 2d8d12d8a7bbfe18f6b04b9807795077 2009.1/i586/libkrossui4-4.2.4-0.8mdv2009.1.i586.rpm 8cc5c226e381b122983440b3440c1476 2009.1/i586/libktexteditor4-4.2.4-0.8mdv2009.1.i586.rpm 3c53941130fb8cc6d12b8cdea488f536 2009.1/i586/libkunittest4-4.2.4-0.8mdv2009.1.i586.rpm 3996bfcff0b2465c39c6ccdb8367f401 2009.1/i586/libkutils4-4.2.4-0.8mdv2009.1.i586.rpm 129a26ab20c792994113b5db00b7f7c4 2009.1/i586/libnepomuk4-4.2.4-0.8mdv2009.1.i586.rpm 0b88090e1cba0db59a3fb85c34e6b726 2009.1/i586/libplasma3-4.2.4-0.8mdv2009.1.i586.rpm 79b484a6c8e20db156fbe130c81e2001 2009.1/i586/libsolid4-4.2.4-0.8mdv2009.1.i586.rpm ddd09e03af15f421b2e38b6f06c0247a 2009.1/i586/libthreadweaver4-4.2.4-0.8mdv2009.1.i586.rpm fe70dc01416cc986d1e19c15a0b5cfa7 2009.1/SRPMS/kdelibs4-4.2.4-0.8mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 89f77418ccda86b51c7d32d011e88e9b 2009.1/x86_64/kdelibs4-core-4.2.4-0.8mdv2009.1.x86_64.rpm d0b009e595350648b12cca1ee094802e 2009.1/x86_64/kdelibs4-devel-4.2.4-0.8mdv2009.1.x86_64.rpm 03db494c356e0b0823ddf697d42c0f50 2009.1/x86_64/lib64kde3support4-4.2.4-0.8mdv2009.1.x86_64.rpm 6d98531ba95a096fd49801f7df452776 2009.1/x86_64/lib64kdecore5-4.2.4-0.8mdv2009.1.x86_64.rpm bf3845f586eeeaafab5e25442f4d8950 2009.1/x86_64/lib64kdefakes5-4.2.4-0.8mdv2009.1.x86_64.rpm b9767fb69262886d60a7844ad6569e27 2009.1/x86_64/lib64kdesu5-4.2.4-0.8mdv2009.1.x86_64.rpm d709c9fb8874c432d1b4e415e9c06858 2009.1/x86_64/lib64kdeui5-4.2.4-0.8mdv2009.1.x86_64.rpm 6d062780a7629eed7e93ab9e66daf633 2009.1/x86_64/lib64kdnssd4-4.2.4-0.8mdv2009.1.x86_64.rpm f39c44bc7572d06921061c0ac5ef78c9 2009.1/x86_64/lib64kfile4-4.2.4-0.8mdv2009.1.x86_64.rpm 90f8ecd4967830ebff3b81732162fe33 2009.1/x86_64/lib64khtml5-4.2.4-0.8mdv2009.1.x86_64.rpm 005d7de69a0063a8dc396b9dffdf20ed 2009.1/x86_64/lib64kimproxy4-4.2.4-0.8mdv2009.1.x86_64.rpm 3924d83bf43990f7a7ba5d2eea29ef5d 2009.1/x86_64/lib64kio5-4.2.4-0.8mdv2009.1.x86_64.rpm 9124f0ce5f1643e4310ef0bfc5fda970 2009.1/x86_64/lib64kjs4-4.2.4-0.8mdv2009.1.x86_64.rpm 573504d0c305e757b3c163b9132264e4 2009.1/x86_64/lib64kjsapi4-4.2.4-0.8mdv2009.1.x86_64.rpm 917e5b175a3a5480e848dee6201e99d9 2009.1/x86_64/lib64kjsembed4-4.2.4-0.8mdv2009.1.x86_64.rpm 604cce29c11b2452b2744ff72e248b7c 2009.1/x86_64/lib64kmediaplayer4-4.2.4-0.8mdv2009.1.x86_64.rpm bd75d3e4feaa98a3659ae5d113fe45f6 2009.1/x86_64/lib64knewstuff2_4-4.2.4-0.8mdv2009.1.x86_64.rpm 0a7d48b91c673f5908ce2d47a77746e2 2009.1/x86_64/lib64knotifyconfig4-4.2.4-0.8mdv2009.1.x86_64.rpm a91967cfec8b470cc7520ac17590d41b 2009.1/x86_64/lib64kntlm4-4.2.4-0.8mdv2009.1.x86_64.rpm 0159bb033c507f20fb8bd77a7a8be43a 2009.1/x86_64/lib64kparts4-4.2.4-0.8mdv2009.1.x86_64.rpm a062d0124cdea9dfcafb82ed2c5dfd54 2009.1/x86_64/lib64kpty4-4.2.4-0.8mdv2009.1.x86_64.rpm 8c0950479a23531a03836f7744d6b90d 2009.1/x86_64/lib64krosscore4-4.2.4-0.8mdv2009.1.x86_64.rpm ca61efacf989bd4421d2c88abc440e3f 2009.1/x86_64/lib64krossui4-4.2.4-0.8mdv2009.1.x86_64.rpm bcd31e87995de0f86ad9c363e87ea0d4 2009.1/x86_64/lib64ktexteditor4-4.2.4-0.8mdv2009.1.x86_64.rpm 23a0f2c640a20dd1be2b4475a9102cd6 2009.1/x86_64/lib64kunittest4-4.2.4-0.8mdv2009.1.x86_64.rpm e49987a6d8016b6ac39011b6cac0b570 2009.1/x86_64/lib64kutils4-4.2.4-0.8mdv2009.1.x86_64.rpm 90d6806fa9dcd2ac1b71fc3b72dd4f81 2009.1/x86_64/lib64nepomuk4-4.2.4-0.8mdv2009.1.x86_64.rpm 4808080c578223d0bcb156e78f5d661f 2009.1/x86_64/lib64plasma3-4.2.4-0.8mdv2009.1.x86_64.rpm e8cecb137634dfc738617b67a6d34122 2009.1/x86_64/lib64solid4-4.2.4-0.8mdv2009.1.x86_64.rpm 35c8778eaaa5465a8f15c27a57d8ed60 2009.1/x86_64/lib64threadweaver4-4.2.4-0.8mdv2009.1.x86_64.rpm fe70dc01416cc986d1e19c15a0b5cfa7 2009.1/SRPMS/kdelibs4-4.2.4-0.8mdv2009.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLX/3wmqjQ0CJFipgRApr4AKC7I0w56Y9GFgmZeeNIeUDGaXgxHQCg6N5C YuntVxGlOXktJ3qUQl1SZ1Y= =5Avg -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ZDI-09-022: Apple Safari Malformed SVGList Parsing Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-022 May 13, 2009 -- CVE ID: CVE-2009-0945 -- Affected Vendors: Apple -- Affected Products: Apple Safari -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 6960. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT3549 -- Disclosure Timeline: 2009-03-19 - Vulnerability reported to vendor 2009-05-13 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Nils -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ . (CVE-2009-0945) Several flaws were discovered in the QtWebKit browser and JavaScript engines. (CVE-2009-1699, CVE-2009-1713) It was discovered that QtWebKit did not prevent the loading of local Java applets. =========================================================== Ubuntu Security Notice USN-822-1 August 24, 2009 kde4libs, kdelibs vulnerabilities CVE-2009-0945, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: kdelibs4c2a 4:3.5.10-0ubuntu1~hardy1.2 Ubuntu 8.10: kdelibs4c2a 4:3.5.10-0ubuntu6.1 kdelibs5 4:4.1.4-0ubuntu1~intrepid1.2 Ubuntu 9.04: kdelibs4c2a 4:3.5.10.dfsg.1-1ubuntu8.1 kdelibs5 4:4.2.2-0ubuntu5.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: It was discovered that KDE-Libs did not properly handle certain malformed SVG images. This issue only affected Ubuntu 9.04. (CVE-2009-0945) It was discovered that the KDE JavaScript garbage collector did not properly handle memory allocation failures. (CVE-2009-1687) It was discovered that KDE-Libs did not properly handle HTML content in the head element. (CVE-2009-1690) It was discovered that KDE-Libs did not properly handle the Cascading Style Sheets (CSS) attr function call. (CVE-2009-1698) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu1~hardy1.2.diff.gz Size/MD5: 1809719 988ba0b3fcdebaacd489ef624af90d52 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu1~hardy1.2.dsc Size/MD5: 1729 c2ba26fd1969292837be77339835463e http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.orig.tar.gz Size/MD5: 18631467 5eeb6f132e386668a0395d4d426d495e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.10-0ubuntu1~hardy1.2_all.deb Size/MD5: 7326386 15016f77751a853d96fbc549bdd0a487 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.10-0ubuntu1~hardy1.2_all.deb Size/MD5: 25454764 b8e521c8bfc228667701baad29f9ea0b http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu1~hardy1.2_all.deb Size/MD5: 9322 8a87b3a4fed9f227bb9e2eb0c0cd4829 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.2_amd64.deb Size/MD5: 26758194 806e9679c84113d44a6fdcb3827e22b6 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.2_amd64.deb Size/MD5: 1381550 739025e9a5f87b174b1b099b8c1f3e4f http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.2_amd64.deb Size/MD5: 10654972 04e9b1429bb914d202bfedfc652dab2f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.2_i386.deb Size/MD5: 25990732 a09812c65c6e8d93ed21591cee340396 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.2_i386.deb Size/MD5: 1410600 4f6d363ac598ecf83ab910e920cb08b0 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.2_i386.deb Size/MD5: 9614618 de2bdf46fa444443af067acdb288d758 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.2_lpia.deb Size/MD5: 25971080 5073531043650dac33a01175fd9ba304 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.2_lpia.deb Size/MD5: 1375956 fbcbdc659fc44128a4bf37afdc3d466b http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.2_lpia.deb Size/MD5: 9642602 904999dc74b11f078c50b9798be80b41 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.2_powerpc.deb Size/MD5: 27656762 88ea3f12cee10e81fe212f604697ee87 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.2_powerpc.deb Size/MD5: 1393490 7b6d787cba530e950ac4e783693cbce9 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.2_powerpc.deb Size/MD5: 10453190 a09dadf79f488712a21d49a829e26c79 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.2_sparc.deb Size/MD5: 25026168 a2066fad04e4b92cb4374a10f3ca4912 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.2_sparc.deb Size/MD5: 1376552 ca7b84a5ea9c36ca36d51b113335ab70 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.2_sparc.deb Size/MD5: 9596082 29426bec2f7943549b046d8aced4172d Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.1.4-0ubuntu1~intrepid1.2.diff.gz Size/MD5: 94086 bca07843a8dbb43504199cf28f5e5e66 http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.1.4-0ubuntu1~intrepid1.2.dsc Size/MD5: 2308 42bc5a6639b095c402aa1336159b958a http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.1.4.orig.tar.gz Size/MD5: 11190299 18264580c1d6d978a3049a13fda36f29 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu6.1.diff.gz Size/MD5: 720448 8dc9da15189485cac9374322825bccbc http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu6.1.dsc Size/MD5: 2284 e99a996b350144fdf4bef83e6f339ce5 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.orig.tar.gz Size/MD5: 18631467 5eeb6f132e386668a0395d4d426d495e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-data_4.1.4-0ubuntu1~intrepid1.2_all.deb Size/MD5: 3110640 8abefbf8d9f4c168a645761589c2935e http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-doc_4.1.4-0ubuntu1~intrepid1.2_all.deb Size/MD5: 68582 86eda9548527b86c791c29789ed7fe28 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.10-0ubuntu6.1_all.deb Size/MD5: 7321518 162272e6155b3cd9f3ea08c566b80e5b http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.10-0ubuntu6.1_all.deb Size/MD5: 25522224 a0ce548bf6862e68285df52ac391c429 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu6.1_all.deb Size/MD5: 2270 650ab9bbf7f9748a9344495da23a2c82 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.2_amd64.deb Size/MD5: 395434 02fdee1fed9ff829a045d3785730d2fd http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.2_amd64.deb Size/MD5: 66055728 a8c41d8a9dc4e540a2c7d0c8199799a4 http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.2_amd64.deb Size/MD5: 1440484 79881c87f9bd56d377790807842c3dcb http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.2_amd64.deb Size/MD5: 10104606 421e72c07c231a7a68bcbca2c8069062 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.1_amd64.deb Size/MD5: 27376386 59c3b6c1110365d63e1da80c363b96da http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.1_amd64.deb Size/MD5: 1371456 f25f7f7b7fbc0c99df8ca1f2e734a64c http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.1_amd64.deb Size/MD5: 10929852 e55ab2261280a73df4d75b9a0112ec87 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.2_i386.deb Size/MD5: 371576 68138ccb311714315e34a88645c29b33 http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.2_i386.deb Size/MD5: 65218012 5fd7fa06fa0d28c98f75c58b3c8130ee http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.2_i386.deb Size/MD5: 1437924 c1df5e2b5b8aa17774b23e651b9a88ee http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.2_i386.deb Size/MD5: 9524338 f0a135714a94aefab44f7380a40e967f http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.1_i386.deb Size/MD5: 26665042 cf31490fcc88f793c5ea6175b29b4df3 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.1_i386.deb Size/MD5: 1404872 d383c99760eb1c92ab22a52bd6f33d4e http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.1_i386.deb Size/MD5: 10144008 7e596d9e1464e5d016f674fb5d73b869 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.2_lpia.deb Size/MD5: 376410 ffc3b92e989c2a301559ebeea2f03d6e http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.2_lpia.deb Size/MD5: 65334318 d54fd6082a0ab4c1d324759379674b3d http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.2_lpia.deb Size/MD5: 1440518 01b987ef5588a94e82dbffa4f5afd1a1 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.2_lpia.deb Size/MD5: 9536660 c3369e8abf325a91ab192e1349c3ecb2 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.1_lpia.deb Size/MD5: 26674802 9de5792962f3c0bb21358f44aa000267 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.1_lpia.deb Size/MD5: 1368306 b21739dc8c80f55ce0205efcdd2f2e08 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.1_lpia.deb Size/MD5: 10141386 ee45606aa19cc8ceaeb73c5d4e6048c5 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.2_powerpc.deb Size/MD5: 422856 6467cb43fcd16c4d6db7ff5053aaec1b http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.2_powerpc.deb Size/MD5: 69277942 6820294b0c9505435fbff224c1a4f4f2 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.2_powerpc.deb Size/MD5: 1445424 99b6afac70dead785c3211a9e92516f6 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.2_powerpc.deb Size/MD5: 10239400 be1872cf9859bf46176a2d485584134f http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.1_powerpc.deb Size/MD5: 28217616 c2360441a42e8b9d8b91120b38d8ba51 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.1_powerpc.deb Size/MD5: 1380892 2841eff5fc2a0a50227ca9a8d34c0a3b http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.1_powerpc.deb Size/MD5: 10748632 f6e7de17cd38ee62c1f082a4fb218949 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.2_sparc.deb Size/MD5: 381184 1718118e08731a9690a5ce00f0c9f88b http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.2_sparc.deb Size/MD5: 64515916 f380c0a0865f4dbaad6b7e2d22d93294 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.2_sparc.deb Size/MD5: 1437568 14c1a84e7a518b443b0e851ef41f9ada http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.2_sparc.deb Size/MD5: 9653946 803926ff9f9cc59a2f728d1aef8affbd http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.1_sparc.deb Size/MD5: 25440578 311423fbaa788d51978e7857010c9242 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.1_sparc.deb Size/MD5: 1368492 d4364357c5450b07aca1aa8981d96290 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.1_sparc.deb Size/MD5: 9800480 4dc89a5d63ce16463a822f16fb82f3d7 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.2.2-0ubuntu5.1.diff.gz Size/MD5: 102579 71b53faad8570c6ad92c0fc5e6aa4dfb http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.2.2-0ubuntu5.1.dsc Size/MD5: 2305 558c2bdbbdb899c71197683df45fc75d http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.2.2.orig.tar.gz Size/MD5: 12335659 83d6a0d59e79873bbe0a5a90ef23f27e http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-1ubuntu8.1.diff.gz Size/MD5: 724421 c73109ccdfb1d6c01eda7b6c0b4934a2 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-1ubuntu8.1.dsc Size/MD5: 2342 8ee55c88b43902a23d127d14917511be http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1.orig.tar.gz Size/MD5: 18639393 4bcfee29b0f939415791f5032a72e7b0 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-data_4.2.2-0ubuntu5.1_all.deb Size/MD5: 1991468 99747c4c57d32b9d7477ff0c418cbd1b http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.10.dfsg.1-1ubuntu8.1_all.deb Size/MD5: 6751880 d7dfaf8fc4b8e658722a2beaaa3403d6 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-1ubuntu8.1_all.deb Size/MD5: 2272 fcf90c11a73566f41fd0eb5b54c4ee8f amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.1_amd64.deb Size/MD5: 280594 b0ccdd311755d4d73e4ae5c14b749c41 http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.1_amd64.deb Size/MD5: 44148058 a7db92bd1bcf982314b0b89c1651a39b http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.1_amd64.deb Size/MD5: 1091210 b5430381f4c37424295eed580303a58c http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.1_amd64.deb Size/MD5: 7069750 e38c9e852339ef6c2134421765ed4eeb http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.1_amd64.deb Size/MD5: 102446 4370939a24e6e0783da79e4781a63b33 http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.1_amd64.deb Size/MD5: 611834 f61383e1830f92ed8ce2331ce4b8a366 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.1_amd64.deb Size/MD5: 27110136 a617a5b148e5e78f3b8523198869c8b0 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.1_amd64.deb Size/MD5: 1360082 d22364103ba04d238e9c6ce6632132c4 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.1_amd64.deb Size/MD5: 10782444 6fea32d8dd41bfae44c2c6392e74928d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.1_i386.deb Size/MD5: 268936 55d68e9bbd600e288721479d2b90e16e http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.1_i386.deb Size/MD5: 43456236 4fe778549740544eb1304cfba184d899 http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.1_i386.deb Size/MD5: 1090396 db9306ddd8d1029b523ef398cb0acfcb http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.1_i386.deb Size/MD5: 6775516 374ea41072ec5221589c5f022f648434 http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.1_i386.deb Size/MD5: 126910 e4dbfd8386ea15fb613d7d56c971fd5e http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.1_i386.deb Size/MD5: 569616 b83e42d5f01e5e64ebb376820855771d http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.1_i386.deb Size/MD5: 26382844 e88d283fb997e17aa96e8d7b0d6ca41e http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.1_i386.deb Size/MD5: 1394762 97bb37a8d0c8d60e278b671e14ee678b http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.1_i386.deb Size/MD5: 10006808 1e023a799c01aa6826ec770afbd68c90 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.1_lpia.deb Size/MD5: 275124 9779e3644ebfe8d78b7a4e3ffbf911f1 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.1_lpia.deb Size/MD5: 43588032 45eed1b291e0bd64bbbbbb3310d0f627 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.1_lpia.deb Size/MD5: 1092816 f7f13887c87e7ff27ae68785010e6720 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.1_lpia.deb Size/MD5: 6849342 b864a2c9fa03c050581a3102194adc1b http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.1_lpia.deb Size/MD5: 102444 7fee9a94b561c3fc03eac8de41b9ced5 http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.1_lpia.deb Size/MD5: 599800 9a75c9c7a63848de9c911e45370556e4 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.1_lpia.deb Size/MD5: 26385234 73d6c254de10b86ee1c4e042ad6af402 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.1_lpia.deb Size/MD5: 1356828 d361a888c74d0c508876404cbcad4af5 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.1_lpia.deb Size/MD5: 10020040 4f9bc1c45c3dd04185de146cb1d1f4fd powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.1_powerpc.deb Size/MD5: 269632 341b2a4e4e1dc63aa429a525ac5a2cd4 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.1_powerpc.deb Size/MD5: 43129040 2288d1735b6c017024e04702626a139d http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.1_powerpc.deb Size/MD5: 1089846 b7ce576938df67875e4cd0e61c86f9cd http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.1_powerpc.deb Size/MD5: 6201830 fa9f8330ab5390563e78f2dbdce2e3e5 http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.1_powerpc.deb Size/MD5: 102426 1cc244e9262435b1779586108b2388af http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.1_powerpc.deb Size/MD5: 554306 bc91379d58e2cc610671b092fcacbeb5 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.1_powerpc.deb Size/MD5: 27928600 45b14e2a27fba6bd686880d8db9df586 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.1_powerpc.deb Size/MD5: 1369304 3d402371b107efa1a35551ebf4d5b502 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.1_powerpc.deb Size/MD5: 10611572 a85ed7be116a175427d9da3ab4d1325f sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.1_sparc.deb Size/MD5: 249574 e2e1b89231e89f4756c5abf11fc3f336 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.1_sparc.deb Size/MD5: 40331324 5505211faa8ff8b08be22e533dd49dff http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.1_sparc.deb Size/MD5: 1086200 4f8049b2f341873fd26ecb2b03b1ba21 http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.1_sparc.deb Size/MD5: 5941632 a62ca018afa73d9d42feabd7cd12e534 http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.1_sparc.deb Size/MD5: 102468 6e6a2473358e87b7866b4844659d5a85 http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.1_sparc.deb Size/MD5: 529504 cc978af233ef52e1211e52ad00199cb0 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.1_sparc.deb Size/MD5: 25158764 020573ace30e4a179891aec0abe60149 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.1_sparc.deb Size/MD5: 1356898 a5c04c3bfce3e79bac6ad5be6b97e212 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.1_sparc.deb Size/MD5: 9662850 c7a7204aede16a1951ec1af8a26b4d1c
VAR-200905-0173 CVE-2009-1600 Apple Safari Vulnerabilities in which access restrictions on document objects can be bypassed CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Apple Safari executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content.". Safari is prone to a security bypass vulnerability. Safari is Apple Computer's bundled web browser
VAR-200905-0192 CVE-2009-1560 Cisco Linksys WVC54GCA Vulnerability in obtaining important information in wireless video cameras CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 stores passwords and wireless-network keys in cleartext in (1) pass_wd.htm and (2) Wsecurity.htm, which allows remote attackers to obtain sensitive information by reading the HTML source code. Wvc54gc is prone to a information disclosure vulnerability. The Linksys WVC54GCA is a wireless network camera
VAR-200906-0241 CVE-2009-2213 Citrix NetScaler Access Gateway  appliance  Security  Vulnerability to bypass access restrictions in default settings of global settings CVSS V2: 6.3
CVSS V3: 6.5
Severity: MEDIUM
The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions. Citrix NetScaler Access Gateway is prone to a vulnerability that can allow an attacker to gain unauthorized access to network resources, which may help in other attacks. This issue affects NetScaler Access Gateway Enterprise Edition with firmware 8.1 and earlier. NOTE: Appliances running version 9.0 that were upgraded from a previous version are also affected
VAR-201011-0089 CVE-2010-4211 PayPal app In Paypal Web Vulnerability impersonating a server CVSS V2: 2.9
CVSS V3: -
Severity: LOW
The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate. eBay PayPal is prone to a security-bypass vulnerability because it fails to properly verify x.509 certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers which will aid in further attacks. NOTE: This issue affects connections on unsecured Wi-Fi networks. Versions prior to PayPal 3.0.1 for iOS-based mobile devices are vulnerable. ---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. Highlights from the 2008 report: * Vulnerability Research * Software Inspection Results * Secunia Research Highlights * Secunia Advisory Statistics Request the full 2008 Report here: http://secunia.com/advisories/try_vi/request_2008_report/ Stay Secure, Secunia ---------------------------------------------------------------------- TITLE: McAfee Products Archive Handling Security Bypass SECUNIA ADVISORY ID: SA34949 VERIFY ADVISORY: http://secunia.com/advisories/34949/ DESCRIPTION: Some weaknesses have been reported in various McAfee products, which can be exploited by malware to bypass the scanning functionality. The weaknesses are caused due to errors in the handling of archive file formats (e.g. SOLUTION: Update .DAT files to DAT 5600 or later. http://www.mcafee.com/apps/downloads/security_updates/dat.asp PROVIDED AND/OR DISCOVERED BY: * Thierry Zoller * The vendor also credits Mickael Roger. ORIGINAL ADVISORY: McAfee: https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT Thierry Zoller: http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ________________________________________________________________________ From the low-hanging-fruit-department - Mcafee multiple generic evasions ________________________________________________________________________ Release mode: Coordinated but limited disclosure. Ref : TZO-182009 - Mcafee multiple generic evasions WWW : http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html Vendor : http://www.mcafee.com Status : Patched CVE : CVE-2009-1348 (provided by mcafee) https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT Security notification reaction rating : very good Notification to patch window : +-27 days (Eastern holidays in between) Disclosure Policy : http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html Affected products : - McAfee VirusScan\xae Plus 2009 - McAfee Total Protection\x99 2009 - McAfee Internet Security - McAfee VirusScan USB - McAfee VirusScan Enterprise - McAfee VirusScan Enterprise Linux - McAfee VirusScan Enterprise for SAP - McAfee VirusScan Enterprise for Storage - McAfee VirusScan Commandline - Mcafee SecurityShield for Microsoft ISA Server - Mcafee Security for Microsoft Sharepoint - Mcafee Security for Email Servers - McAfee Email Gateyway - McAfee Total Protection for Endpoint - McAfee Active Virus Defense - McAfee Active VirusScan It is unkown whether SaaS were affected (tough likely) : - McAfee Email Security Service - McAfee Total Protection Service Advanced I. Background ~~~~~~~~~~~~~ Quote: "McAfee proactively secures systems and networks from known and as yet undiscovered threats worldwide. Home users, businesses, service providers, government agencies, and our partners all trust our unmatched security expertise and have confidence in our comprehensive and proven solutions to effectively block attacks and prevent disruptions." II. Description ~~~~~~~~~~~~~~~ The parsing engine can be bypassed by a specially crafted and formated RAR (Headflags and Packsize),ZIP (Filelenght) archive. III. Impact ~~~~~~~~~~~ A general description of the impact and nature of AV Bypasses/evasions can be read at : http://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html The bug results in denying the engine the possibility to inspect code within RAR and ZIP archives. There is no inspection of the content at all and hence the impossibility to detect malicious code. IV. Disclosure timeline ~~~~~~~~~~~~~~~~~~~~~~~~~ DD/MM/YYYY 04/04/2009 : Send proof of concept RAR I, description the terms under which I cooperate and the planned disclosure date 06/04/2009 : Send proof of concept RAR II, description the terms under which I cooperate and the planned disclosure date 06/04/2009 : Mcafee acknowledges receipt and reproduction of RAR I, ack acknowledges receipt of RARII 10/04/2009 : Send proof of concept ZIP I, description the terms under which I cooperate and the planned disclosure date 21/04/2009 : Mcafee provides CVE number CVE-2009-1348 28/04/2009 : Mcafee informs me that the patch might be released on the 29th 29/04/2009 : Mcafee confirms patch release and provides URL https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT 29/04/2009 : Ask for affected versions 29/04/2009 : Mcafee replies " This issue does affect all vs engine products, including both gateway and endpoint" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
VAR-200905-0017 CVE-2008-6775 HTC Touch Pro Service disruption (DoS) Vulnerabilities CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
HTC Touch Pro and HTC Touch Cruise vCard allows remote attackers to cause denial of service (CPU consumption, SMS consumption, and connectivity loss) via a flood of vCards to UDP port 9204
VAR-200906-0445 CVE-2009-2066 Apple Safari In https In the context of the site Web Script execution vulnerability CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.". Multiple browsers are prone to a security-bypass vulnerability because they fail to display warnings when pages operating in a secure context try to request resources through insecure methods. Attackers may exploit this vulnerability to aid in phishing attacks or to obtain sensitive information. Other attacks are also possible. Note that to take advantage of this issue, an attacker must be able to intercept or control network traffic. This would normally be possible through a man-in-the-middle attack, DNS poisoning, or similar vectors. The following are vulnerable: Microsoft Internet Explorer Mozilla Firefox Apple Safari Opera Google Chrome Other browsers may also be affected
VAR-200906-0191 CVE-2009-2062 Apple Safari In https Any in the site context Web Script execution vulnerability CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. Multiple browsers are prone to a man-in-the-middle vulnerability. Attackers may exploit this vulnerability to aid in phishing attacks or to obtain sensitive information. Other attacks are also possible. Note that to take advantage of this issue, an attacker must be able to intercept or control network traffic. This would normally be possible through a man-in-the-middle attack, DNS poisoning, or similar vectors. The following are vulnerable: Mozilla Firefox prior to 3.0.10 Apple Safari prior to 3.2.2 Opera prior to 9.25 Additional browsers may also be affected. A man-in-the-middle attacker can modify the content of an http site by modifying the response of the content and causing an attack on any http network site. A 302 redirect message to execute arbitrary web scripts
VAR-200904-0511 CVE-2009-1348 McAfee VirusScan Used in products such as AV Vulnerabilities that can be avoided in the engine CVSS V2: 7.6
CVSS V3: -
Severity: HIGH
The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive. Multiple McAfee products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine. Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect. The issue affects all McAfee software that uses DAT files. ---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. Highlights from the 2008 report: * Vulnerability Research * Software Inspection Results * Secunia Research Highlights * Secunia Advisory Statistics Request the full 2008 Report here: http://secunia.com/advisories/try_vi/request_2008_report/ Stay Secure, Secunia ---------------------------------------------------------------------- TITLE: McAfee Products Archive Handling Security Bypass SECUNIA ADVISORY ID: SA34949 VERIFY ADVISORY: http://secunia.com/advisories/34949/ DESCRIPTION: Some weaknesses have been reported in various McAfee products, which can be exploited by malware to bypass the scanning functionality. The weaknesses are caused due to errors in the handling of archive file formats (e.g. SOLUTION: Update .DAT files to DAT 5600 or later. http://www.mcafee.com/apps/downloads/security_updates/dat.asp PROVIDED AND/OR DISCOVERED BY: * Thierry Zoller * The vendor also credits Mickael Roger. ORIGINAL ADVISORY: McAfee: https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT Thierry Zoller: http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ________________________________________________________________________ From the low-hanging-fruit-department - Mcafee multiple generic evasions ________________________________________________________________________ Release mode: Coordinated but limited disclosure. Ref : TZO-182009 - Mcafee multiple generic evasions WWW : http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html Vendor : http://www.mcafee.com Status : Patched CVE : CVE-2009-1348 (provided by mcafee) https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT Security notification reaction rating : very good Notification to patch window : +-27 days (Eastern holidays in between) Disclosure Policy : http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html Affected products : - McAfee VirusScan\xae Plus 2009 - McAfee Total Protection\x99 2009 - McAfee Internet Security - McAfee VirusScan USB - McAfee VirusScan Enterprise - McAfee VirusScan Enterprise Linux - McAfee VirusScan Enterprise for SAP - McAfee VirusScan Enterprise for Storage - McAfee VirusScan Commandline - Mcafee SecurityShield for Microsoft ISA Server - Mcafee Security for Microsoft Sharepoint - Mcafee Security for Email Servers - McAfee Email Gateyway - McAfee Total Protection for Endpoint - McAfee Active Virus Defense - McAfee Active VirusScan It is unkown whether SaaS were affected (tough likely) : - McAfee Email Security Service - McAfee Total Protection Service Advanced I. Background ~~~~~~~~~~~~~ Quote: "McAfee proactively secures systems and networks from known and as yet undiscovered threats worldwide. Home users, businesses, service providers, government agencies, and our partners all trust our unmatched security expertise and have confidence in our comprehensive and proven solutions to effectively block attacks and prevent disruptions." II. Description ~~~~~~~~~~~~~~~ The parsing engine can be bypassed by a specially crafted and formated RAR (Headflags and Packsize),ZIP (Filelenght) archive. III. Impact ~~~~~~~~~~~ A general description of the impact and nature of AV Bypasses/evasions can be read at : http://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html The bug results in denying the engine the possibility to inspect code within RAR and ZIP archives. There is no inspection of the content at all and hence the impossibility to detect malicious code. IV. Disclosure timeline ~~~~~~~~~~~~~~~~~~~~~~~~~ DD/MM/YYYY 04/04/2009 : Send proof of concept RAR I, description the terms under which I cooperate and the planned disclosure date 06/04/2009 : Send proof of concept RAR II, description the terms under which I cooperate and the planned disclosure date 06/04/2009 : Mcafee acknowledges receipt and reproduction of RAR I, ack acknowledges receipt of RARII 10/04/2009 : Send proof of concept ZIP I, description the terms under which I cooperate and the planned disclosure date 21/04/2009 : Mcafee provides CVE number CVE-2009-1348 28/04/2009 : Mcafee informs me that the patch might be released on the 29th 29/04/2009 : Mcafee confirms patch release and provides URL https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT 29/04/2009 : Ask for affected versions 29/04/2009 : Mcafee replies " This issue does affect all vs engine products, including both gateway and endpoint" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/. Description ~~~~~~~~~~~~~~~ Improper parsing of the PDF structure leads to evasion of detection of malicious PDF documents at scantime and runtime. This has been tested with several malicious PDF files and represents a generic evasion of all PDF signatures and heuristics. General information about evasion/bypasses can be found at : http://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html III. Impact ~~~~~~~~~~~ Known PDF exploits/malware may evade signature detection, 0day exploits may evade heuristics. Disclosure timeline ~~~~~~~~~~~~~~~~~~~~~~~~~ DD.MM.YYYY 01.06.2009 - Reported 20.10.2009 - McAfee informed us that they published the advisory on their website < waiting for others vendors to patch > 27.10.2009 - G-SEC releases this advisory About G-SEC ~~~~~~~~~~~ G-SEC\x99 is a vendor independent luxemburgish led IT security consulting group. More information available at : http://www.g-sec.lu/ _______________________________________________ Full-Disclosure - We believe in it. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia
VAR-200905-0194 CVE-2009-1572 Quagga of BGP Service disruption in daemon ( crash ) Vulnerabilities CVSS V2: 5.0
CVSS V3: -
Severity: Medium
The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error. Quagga is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to cause the vulnerable process to crash, denying further service to legitimate users. Quagga 0.99.11 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Are you missing: SECUNIA ADVISORY ID: Critical: Impact: Where: within the advisory below? This is now part of the Secunia commercial solutions. -- Debian GNU/Linux 5.0 alias lenny -- Source archives: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz Size/MD5 checksum: 2424191 c7a2d92e1c42214afef9b2e1cd4b5d06 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.diff.gz Size/MD5 checksum: 40070 b72e19ed913b32923cf4ef293c67f71c http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.dsc Size/MD5 checksum: 1651 a8ef80d57fd5a5a5b08c7ccc70e6a179 Architecture independent packages: http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny2_all.deb Size/MD5 checksum: 661226 720947423143cb35eb5c26a0d420066b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_alpha.deb Size/MD5 checksum: 1902736 570becd04ecb3dd8a0581010884928df amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_amd64.deb Size/MD5 checksum: 1748838 f3fcd731d119c422463c36bb4f08be1a arm architecture (ARM) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_arm.deb Size/MD5 checksum: 1449222 6b654e2d4e1a4f00169309ebbbd3dbf9 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_hppa.deb Size/MD5 checksum: 1681872 8894106d57df0a3d92bb84f148150c2d i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_i386.deb Size/MD5 checksum: 1606310 80046937a2da8a949a8167f753a583ce mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_mipsel.deb Size/MD5 checksum: 1600660 716f61415932929c2f668f99faea448e powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_powerpc.deb Size/MD5 checksum: 1715848 995194031d563994b7d77018d8a4ca3e s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_s390.deb Size/MD5 checksum: 1794568 b1b47e8dae153461f73c98a61c653e1e sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_sparc.deb Size/MD5 checksum: 1670342 18f98f0978f510ac18636ca1ccc9dfe7 -- Debian GNU/Linux unstable alias sid -- Fixed in version 0.99.11-2. Updated packages are available that bring Quagga to version 0.99.12 which provides numerous bugfixes over the previous 0.99.9 version, and also corrects this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1572 _______________________________________________________________________ Updated Packages: Corporate 4.0: 48c1d2504e08d2a26ac6ace2bc01124d corporate/4.0/i586/libquagga0-0.99.12-0.1.20060mlcs4.i586.rpm df93a452f47b8926f65a51231dd11f36 corporate/4.0/i586/libquagga0-devel-0.99.12-0.1.20060mlcs4.i586.rpm d2386e488423fbb81e44cb6dda4de9df corporate/4.0/i586/quagga-0.99.12-0.1.20060mlcs4.i586.rpm d4b9c5e2cec03ce49a76adcfe0e4a42e corporate/4.0/i586/quagga-contrib-0.99.12-0.1.20060mlcs4.i586.rpm 15e76c29c25f7730eae72c18da15b772 corporate/4.0/SRPMS/quagga-0.99.12-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: afc986d05e0bde73541f0cfe5b147d2c corporate/4.0/x86_64/lib64quagga0-0.99.12-0.1.20060mlcs4.x86_64.rpm 4cc0bec07f2b919abeac75dc06d7f3c0 corporate/4.0/x86_64/lib64quagga0-devel-0.99.12-0.1.20060mlcs4.x86_64.rpm 3d606fef235993483e9a448665e4e377 corporate/4.0/x86_64/quagga-0.99.12-0.1.20060mlcs4.x86_64.rpm f549ced36115d6609ac835c5aca0863d corporate/4.0/x86_64/quagga-contrib-0.99.12-0.1.20060mlcs4.x86_64.rpm 15e76c29c25f7730eae72c18da15b772 corporate/4.0/SRPMS/quagga-0.99.12-0.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKBsjAmqjQ0CJFipgRAkoyAJ4o+uz6I6p3tycZQfB5GbqTsTL5TwCgjJHK lIRHZW4+jB0P4UXMSyVUpxo= =2fxe -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-775-1 May 12, 2009 quagga vulnerability CVE-2009-1572 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: quagga 0.99.2-1ubuntu3.5 Ubuntu 8.04 LTS: quagga 0.99.9-2ubuntu1.2 Ubuntu 8.10: quagga 0.99.9-6ubuntu0.1 Ubuntu 9.04: quagga 0.99.11-1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that the BGP service in Quagga did not correctly handle certain AS paths containing 4-byte ASNs. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: SUSE Update for Multiple Packages SECUNIA ADVISORY ID: SA35685 VERIFY ADVISORY: http://secunia.com/advisories/35685/ DESCRIPTION: SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious users to disclose sensitive information, manipulate certain data, and by malicious people to disclose sensitive information, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. For more information: SA33338 SA33853 SA33884 SA34035 SA34481 SA34746 SA34797 SA35021 SA35128 SA35216 SA35296 SA35344 SA35422 1) A boundary error exists within the "pg_db_putline()" function in perl-DBD-Pg's dbdimp.c. This can be exploited to cause a heap-based buffer overflow if malicious rows are retrieved from the database using the "pg_getline()" or "getline()" function. 2) A memory leak exists within the function "dequote_bytea()" in perl-DBD-Pg's quote.c, which can be exploited to cause a memory exhaustion. 3) Various integer overflow errors exist within the "pdftops" application. This can be exploited to e.g. cause a crash or potentially execute arbitrary code by printing a specially crafted PDF file. 4) A vulnerability is caused due to an assertion error in bgpd when handling an AS path containing multiple 4 byte AS numbers, which can be exploited to crash to the daemon by advertising specially crafted AS paths. SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SR:2009:012: http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html OTHER REFERENCES: SA33338: http://secunia.com/advisories/33338/ SA33853: http://secunia.com/advisories/33853/ SA33884: http://secunia.com/advisories/33884/ SA34035: http://secunia.com/advisories/34035/ SA34481: http://secunia.com/advisories/34481/ SA34746: http://secunia.com/advisories/34746/ SA34797: http://secunia.com/advisories/34797/ SA35021: http://secunia.com/advisories/35021/ SA35128: http://secunia.com/advisories/35128/ SA35216: http://secunia.com/advisories/35216/ SA35296: http://secunia.com/advisories/35296/ SA35344: http://secunia.com/advisories/35344/ SA35422: http://secunia.com/advisories/35422/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200904-0687 No CVE Multiple Trend Micro Products RAR/ZIP/CAB Files Scan Evasion Vulnerability CVSS V2: -
CVSS V3: -
Severity: -
Multiple Trend Micro products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine. Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect. ServerProtect for Microsoft Windows/Novell NetWare ServerProtect for EMC Celerra ServerProtect for NetApp ServerProtect for Linux ServerProtect for Network Appliance Filers Internet Security Pro Internet Security OfficeScan Component Worry Free Business Security - Standard Worry Free Business Security - Advanced Worry Free Business Security Hosted Housecall InterScan Web Security Suite InterScan Web Protect for ISA InterScan Messaging Security Appliance Neatsuite Advanced ScanMail for Exchange ScanMail for Domino Suites
VAR-200907-0162 CVE-2009-2452 Citrix Licensing Vulnerabilities in unknown details CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Multiple unspecified vulnerabilities in Citrix Licensing 11.5 have unknown impact and attack vectors, related to "underlying components of the License Management Console.". The impact of this vulnerability is currently unknown. Very few details are available regarding this issue. We will update this BID as more information emerges. Citrix Licensing 11.5 is vulnerable. ---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. SOLUTION: Update to the latest version of the Licensing Server. https://www.citrix.com/site/SS/downloads/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://support.citrix.com/article/CTX120742 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200904-0554 CVE-2009-1480 index.php Pragyan CMS In SQL Injection vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors. Pragyan CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Pragyan CMS 2.6.4 is vulnerable; other versions may also be affected
VAR-200905-0178 CVE-2009-1605 SumatraPDF Heap-based buffer overflow vulnerability CVSS V2: 9.3
CVSS V3: 5.4
Severity: HIGH
Heap-based buffer overflow in the loadexponentialfunc function in mupdf/pdf_function.c in MuPDF in the mupdf-20090223-win32 package, as used in SumatraPDF 0.9.3 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: some of these details are obtained from third party information. MuPDF is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users. ---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. Highlights from the 2008 report: * Vulnerability Research * Software Inspection Results * Secunia Research Highlights * Secunia Advisory Statistics Request the full 2008 Report here: http://secunia.com/advisories/try_vi/request_2008_report/ Stay Secure, Secunia ---------------------------------------------------------------------- TITLE: MuPDF "loadexponentialfunc()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA34916 VERIFY ADVISORY: http://secunia.com/advisories/34916/ DESCRIPTION: c has discovered a vulnerability in MuPDF, which can be exploited by malicious people to potentially compromise an application using the library. The vulnerability is caused due to a boundary error within the "loadexponentialfunc()" function in pdf_function.c. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in the MuPDF library included in the mupdf-20090223-win32 package. Other versions may also be affected. SOLUTION: Do not process untrusted PDF files using the library. PROVIDED AND/OR DISCOVERED BY: c ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0258.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200905-0190 CVE-2009-1558 Cisco Linksys WVC54GCA Wireless camcorder adm/file.cgi Vulnerable to directory traversal CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter. Linksys WVC54GCA Wireless-G Internet Home Monitoring Camera is prone to multiple directory-traversal vulnerabilities because the software fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues using directory-traversal strings ('../') to download arbitrary files with the privileges of the server process. Information obtained may aid in further attacks. Linksys WVC54GCA Wireless-G Internet Home Monitoring Camera firmware 1.00R22 and 1.00R24 are affected; other versions may also be vulnerable. The Linksys WVC54GCA is a wireless network camera
VAR-200904-0218 CVE-2009-0064 Symantec Brightmail Gateway Appliance of Control Center Vulnerability gained in CVSS V2: 9.0
CVSS V3: -
Severity: HIGH
Multiple unspecified vulnerabilities in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allow remote authenticated users to gain privileges, and possibly obtain sensitive information or hijack sessions of arbitrary users, via vectors involving (1) administrative scripts or (2) console functions. Symantec Brightmail Gateway is prone to a remote privilege-escalation vulnerability. Remote authorized attackers who have access to the targeted host's local network can exploit this issue to gain elevated access. Successful exploits may compromise the affected computer and may aid in other attacks. Versions prior to Brightmail Gateway 8.0.1 are vulnerable. Brightmail Gateway is Symantec's information security management platform. ---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. Highlights from the 2008 report: * Vulnerability Research * Software Inspection Results * Secunia Research Highlights * Secunia Advisory Statistics Request the full 2008 Report here: http://secunia.com/advisories/try_vi/request_2008_report/ Stay Secure, Secunia ---------------------------------------------------------------------- TITLE: Symantec Brightmail Gateway Control Center Multiple Vulnerabilities SECUNIA ADVISORY ID: SA34885 VERIFY ADVISORY: http://secunia.com/advisories/34885/ DESCRIPTION: Some vulnerabilities have been reported in Symantec Brightmail Gateway, which can be exploited by malicious people to conduct cross-site scripting attacks and by malicious users to bypass certain security restrictions. 1) Certain unspecified input passed to the Control Center is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Update to version 8.0.1 or later. PROVIDED AND/OR DISCOVERED BY: Marian Ventuneac, Perot Systems ORIGINAL ADVISORY: SYM09-005: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200905-0191 CVE-2009-1559 Cisco Linksys WVC54GCA On wireless camcorder adm/file.cgi Vulnerable to absolute path traversal CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Absolute path traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R24 and possibly 1.00R22 allows remote attackers to read arbitrary files via an absolute pathname in the this_file parameter. NOTE: traversal via a .. (dot dot) is probably also possible. Wvc54gca is prone to a directory traversal vulnerability. Linksys WVC54GCA Wireless-G Internet Home Monitoring Camera is prone to multiple directory-traversal vulnerabilities because the software fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues using directory-traversal strings ('../') to download arbitrary files with the privileges of the server process. Information obtained may aid in further attacks. Linksys WVC54GCA Wireless-G Internet Home Monitoring Camera firmware 1.00R22 and 1.00R24 are affected; other versions may also be vulnerable. The Linksys WVC54GCA is a wireless network camera
VAR-200905-0155 CVE-2009-1632 Ipsec-tools Certificate validation and NAT-Traversal Service disruption in (DoS) Vulnerabilities

Related entries in the VARIoT exploits database: VAR-E-200904-0796, VAR-E-200904-0795		 CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c. IPsec-Tools is affected by multiple remote denial-of-service vulnerabilities because the software fails to properly handle certain network packets. A successful attack allows a remote attacker to cause the application to crash or to consume excessive memory, denying further service to legitimate users. Versions prior to IPsec-Tools 0.7.2 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200905-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: IPSec Tools: Denial of Service Date: May 24, 2009 Bugs: #267135 ID: 200905-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple errors in the IPSec Tools racoon daemon might allow remote attackers to cause a Denial of Service. Background ========== The IPSec Tools are a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation. They include racoon, an Internet Key Exchange daemon for automatically keying IPsec connections. * Multiple memory leaks exist in (1) the eay_check_x509sign() function in racoon/crypto_openssl.c and (2) racoon/nattraversal.c (CVE-2009-1632). Impact ====== A remote attacker could send specially crafted fragmented ISAKMP packets without a payload or exploit vectors related to X.509 certificate authentication and NAT traversal, possibly resulting in a crash of the racoon daemon. Workaround ========== There is no known workaround at this time. Resolution ========== All IPSec Tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-firewall/ipsec-tools-0.7.2" References ========== [ 1 ] CVE-2009-1574 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1574 [ 2 ] CVE-2009-1632 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1632 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200905-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-1804-1 security@debian.org http://www.debian.org/security/ Nico Golde May 20th, 2009 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : ipsec-tools Vulnerability : null pointer dereference, memory leaks Problem type : remote Debian-specific: no Debian bug : 527634 528933 CVE ID : CVE-2009-1574 CVE-2009-1632 Several remote vulnerabilities have been discovered in racoon, the Internet Key Exchange daemon of ipsec-tools. The The Common Vulnerabilities and Exposures project identified the following problems: Neil Kettle discovered a NULL pointer dereference on crafted fragmented packets that contain no payload. This results in the daemon crashing which can be used for denial of service attacks (CVE-2009-1574). For the oldstable distribution (etch), this problem has been fixed in version 0.6.6-3.1etch3. For the stable distribution (lenny), this problem has been fixed in version 0.7.1-1.3+lenny2. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 1:0.7.1-1.5. We recommend that you upgrade your ipsec-tools packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3.dsc Size/MD5 checksum: 722 8b561cf84ac9c46ec07b037ce3ad06f1 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3.diff.gz Size/MD5 checksum: 49875 7444fb4ad448ccfffe878801a2b88d2e amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_amd64.deb Size/MD5 checksum: 343790 9cee9f8c479a3a2952d2913d7bdc4c5d http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_amd64.deb Size/MD5 checksum: 89184 5ccd4554eec28da6d933dc20a8a39393 arm architecture (ARM) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_arm.deb Size/MD5 checksum: 325706 9ce7988b74bccee252be7dac7ac8b5f7 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_arm.deb Size/MD5 checksum: 89748 513ded0e4a33200710444e1bf4ab67d8 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_hppa.deb Size/MD5 checksum: 353066 c56644b426ae945ca420d4ca37fc3f2a http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_hppa.deb Size/MD5 checksum: 94092 80b46b6fd60e857c84c588432b098957 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_i386.deb Size/MD5 checksum: 330258 b905d30958bd5c51d355f286f81b8be1 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_i386.deb Size/MD5 checksum: 85046 294ccbc4b51e4942edaeec7cd746dfa3 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_ia64.deb Size/MD5 checksum: 113356 111f0daa2075584c100efc9c11ecef73 http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_ia64.deb Size/MD5 checksum: 468296 bd4d69b5e0d4ee39ec564e1304f7649c mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_mips.deb Size/MD5 checksum: 89018 b6af57d65d43a7433132bee9657ba608 http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_mips.deb Size/MD5 checksum: 344558 aba2d85d5196c2a46555ad9e478d338a mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_mipsel.deb Size/MD5 checksum: 346856 97e04d97bdd55f852392d7461bad7f4d http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_mipsel.deb Size/MD5 checksum: 90308 9e780cda3df3384d0f1e33637d003f21 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_powerpc.deb Size/MD5 checksum: 91048 98174626d8ad1fba940c81001c337a4f http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_powerpc.deb Size/MD5 checksum: 337266 9f636e6d8904103b0096a4eed99e9cae s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_s390.deb Size/MD5 checksum: 341586 b42ddbad323dcdbd775d502f786ab449 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_s390.deb Size/MD5 checksum: 90750 62d4c3e618a6c69d532b8d8d33bb27b9 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_sparc.deb Size/MD5 checksum: 85710 9f1f526be4f2df4eb64d46023d87c6b3 http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_sparc.deb Size/MD5 checksum: 317136 38e50e9d97b46b51d12429b9ea727858 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2.diff.gz Size/MD5 checksum: 49472 4bc8ba2bd520a7514f2c33021c64e8ce http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1.orig.tar.gz Size/MD5 checksum: 1039057 ddff5ec5a06b804ca23dc41268368853 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2.dsc Size/MD5 checksum: 1144 46d3f28156ee183512a451588ef414e4 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_alpha.deb Size/MD5 checksum: 428532 052c13540da3fab19fdca83e9a389a39 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_alpha.deb Size/MD5 checksum: 114088 78065dd99d3732291e8d499383af17d9 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_amd64.deb Size/MD5 checksum: 409514 a421f12270f5b22639d67be8d2cc8b4e http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_amd64.deb Size/MD5 checksum: 104612 9ec93c697cf64232728d0dd5658efac8 arm architecture (ARM) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_arm.deb Size/MD5 checksum: 104604 78fa45a7e0503e4ee87e7508294cb0b0 http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_arm.deb Size/MD5 checksum: 381692 f1943edf9599189d16a2f936fa971abc armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_armel.deb Size/MD5 checksum: 387510 63ebe895d019d2362a0a11a0de0842c6 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_armel.deb Size/MD5 checksum: 104268 6c224349c910ffce5bb892f2a06dc243 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_i386.deb Size/MD5 checksum: 375004 5a43cbb6106d576ab686e9e4eb78c245 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_i386.deb Size/MD5 checksum: 99098 6c81df8c4653265f10ad6abf68091329 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_ia64.deb Size/MD5 checksum: 131288 dfa8646655028ae53bddad7f41e9f3a4 http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_ia64.deb Size/MD5 checksum: 544150 8e274b6b73125efe0fa8392398e0c5ea mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_mips.deb Size/MD5 checksum: 103502 5bd00dfdef0862a63bb666ed949e26ef http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_mips.deb Size/MD5 checksum: 388820 46fc10315192943b912126fe68ffeea9 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_mipsel.deb Size/MD5 checksum: 104216 a271cb33c891084479ed441945672f14 http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_mipsel.deb Size/MD5 checksum: 390562 352f78906e08ddb861053dfed30640bf powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_powerpc.deb Size/MD5 checksum: 403162 0210fa37088d78ee9aa53395aa0148e8 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_powerpc.deb Size/MD5 checksum: 109438 26f043be5fb248d33b605d1987fa472a s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_s390.deb Size/MD5 checksum: 107474 aa6203b0e9e6dacbe39520be6b849eea http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_s390.deb Size/MD5 checksum: 399386 e965abdcf32838fff7753e789e703205 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_sparc.deb Size/MD5 checksum: 102486 57b2e115a15e08518f00158c1fe36cf2 http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_sparc.deb Size/MD5 checksum: 373916 7e2278ac7b4f0b352814ad2f55b1213a These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkoUDnMACgkQHYflSXNkfP8LtgCdF9LmW/TOn9JDPTVGlt+7dccI 3MYAoJVcwmqHztsGgCgBps9hyqzrQJ5l =84V/ -----END PGP SIGNATURE----- . The updated packages have been patched to prevent this. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1632 _______________________________________________________________________ Updated Packages: Corporate 4.0: 4ccc0eafc222a8a5976a0e9eebbc7499 corporate/4.0/i586/ipsec-tools-0.6.5-2.4.20060mlcs4.i586.rpm f244df60a927a7aa4a539c2e8d9c699a corporate/4.0/i586/libipsec0-0.6.5-2.4.20060mlcs4.i586.rpm 95443caad35eb54d1f291f7368aac511 corporate/4.0/i586/libipsec0-devel-0.6.5-2.4.20060mlcs4.i586.rpm 0e9a4820ef81a4917d9c0a9c5befa27b corporate/4.0/SRPMS/ipsec-tools-0.6.5-2.4.20060mlcs4.src.rpm Corporate 4.0/X86_64: a1ccfd8a891340f52aa2f64d69e46e47 corporate/4.0/x86_64/ipsec-tools-0.6.5-2.4.20060mlcs4.x86_64.rpm 44ed76407c8633fcea7f4a3ab94f1842 corporate/4.0/x86_64/lib64ipsec0-0.6.5-2.4.20060mlcs4.x86_64.rpm d7a3ecf831ecfcbc1319558303a1be17 corporate/4.0/x86_64/lib64ipsec0-devel-0.6.5-2.4.20060mlcs4.x86_64.rpm 0e9a4820ef81a4917d9c0a9c5befa27b corporate/4.0/SRPMS/ipsec-tools-0.6.5-2.4.20060mlcs4.src.rpm Multi Network Firewall 2.0: f43aaba27d5ff88b38db39ebeaaaf5cd mnf/2.0/i586/ipsec-tools-0.2.5-0.7.M20mdk.i586.rpm fb19d1e75fd8f08ce9dc1586cdf9fa3b mnf/2.0/i586/libipsec-tools0-0.2.5-0.7.M20mdk.i586.rpm 2db168e39d44b361bab9ada981edaa90 mnf/2.0/SRPMS/ipsec-tools-0.2.5-0.7.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKETmdmqjQ0CJFipgRAloWAJ9wHsc3F9b0lI8E87n8+gT7j4t+jACg8OD2 obN0TVwX9QBtElK0wQeibi8= =dlxS -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-785-1 June 09, 2009 ipsec-tools vulnerabilities CVE-2009-1574, CVE-2009-1632 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: racoon 1:0.6.5-4ubuntu1.3 Ubuntu 8.04 LTS: racoon 1:0.6.7-1.1ubuntu1.2 Ubuntu 8.10: racoon 1:0.7-2.1ubuntu1.8.10.1 Ubuntu 9.04: racoon 1:0.7-2.1ubuntu1.9.04.1 In general, a standard system upgrade is sufficient to effect the necessary changes. (CVE-2009-1574) It was discovered that ipsec-tools did not properly handle memory usage when verifying certificate signatures or processing nat-traversal keep-alive messages. A remote attacker could send specially crafted packets to the server and exhaust available memory, leading to a denial of service
VAR-200905-0196 CVE-2009-1574 Ipsec-tools Service disruption in packet processing (DoS) Vulnerabilities

Related entries in the VARIoT exploits database: VAR-E-200904-0796, VAR-E-200904-0795		 CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference. Ipsec-tools of racoon/isakmp_frag.c Has a deficiency in handling fragmented packets with no payload, resulting in denial of service (DoS) There is a vulnerability that becomes a condition.Service operation disruption to a third party (DoS) There is a possibility of being put into a state. IPsec-Tools is affected by multiple remote denial-of-service vulnerabilities because the software fails to properly handle certain network packets. Versions prior to IPsec-Tools 0.7.2 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2010-12-16-1 Time Capsule and AirPort Base Station (802.11n) Firmware 7.5.2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.5.2 is now available and addresses the following: CVE-ID: CVE-2008-4309 Available for: AirPort Extreme Base Station with 802.11n, AirPort Express Base Station with 802.11n, Time Capsule Impact: A remote attacker may terminate the operation of the SNMP service Description: An integer overflow exists in the netsnmp_create_subtree_cache function. By default, the 'WAN SNMP' configuration option is disabled, and the SNMP service is accessible only to other devices on the local network. This issue is addressed by applying the Net-SNMP patches. CVE-ID: CVE-2009-2189 Available for: AirPort Extreme Base Station with 802.11n, AirPort Express Base Station with 802.11n, Time Capsule Impact: Receiving a large number of IPv6 Router Advertisement (RA) and Neighbor Discovery (ND) packets from a system on the local network may cause the base station to restart Description: A resource consumption issue exists in the base station's handling of Router Advertisement (RA) and Neighbor Discovery (ND) packets. A system on the local network may send a large number of RA and ND packets that could exhaust the base station's resources, causing it to restart unexpectedly. This issue is addressed by rate limiting incoming ICMPv6 packets. Credit to Shoichi Sakane of the KAME project, Kanai Akira of Internet Multifeed Co., Shirahata Shin and Rodney Van Meter of Keio University, and Tatuya Jinmei of Internet Systems Consortium, Inc. for reporting this issue. CVE-ID: CVE-2010-0039 Available for: AirPort Extreme Base Station with 802.11n, AirPort Express Base Station with 802.11n, Time Capsule Impact: An attacker may be able to query services behind an AirPort Base Station or Time Capsule's NAT from the source IP of the router, if any system behind the NAT has a portmapped FTP server Description: The AirPort Extreme Base Station and Time Capsule's Application-Level Gateway (ALG) rewrites incoming FTP traffic, including PORT commands, to appear as if it is the source. An attacker with write access to an FTP server inside the NAT may issue a malicious PORT command, causing the ALG to send attacker-supplied data to an IP and port behind the NAT. As the data is resent from the Base Station, it could potentially bypass any IP-based restrictions for the service. This issue is addressed by not rewriting inbound PORT commands via the ALG. Credit to Sabahattin Gucukoglu for reporting this issue. This issue is addressed through improved validation of fragmented ISAKMP packets. CVE-ID: CVE-2010-1804 Available for: AirPort Extreme Base Station with 802.11n, AirPort Express Base Station with 802.11n, Time Capsule Impact: A remote attacker may cause the device to stop processing network traffic Description: An implementation issue exists in the network bridge. Sending a maliciously crafted DHCP reply to the device may cause it to stop responding to network traffic. This issue affects devices that have been configured to act as a bridge, or are configured in Network Address Translation (NAT) mode with a default host enabled. By default, the device operates in NAT mode, and no default host is configured. This update addresses the issue through improved handling of DHCP packets on the network bridge. Credit to Stefan R. Filipek for reporting this issue. Installation note for Firmware version 7.5.2 Firmware version 7.5.2 is installed into Time Capsule or AirPort Base Station with 802.11n via AirPort Utility, provided with the device. It is recommended that AirPort Utility 5.5.2 be installed before upgrading to Firmware version 7.5.2. AirPort Utility 5.5.2 may be obtained through Apple's Software Download site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) iQEcBAEBAgAGBQJNCWXyAAoJEGnF2JsdZQeevTQH/0856gTUzzmL371/nSkhn3qq MCPQVaEMe8O/jy96nlskwzp3X0X0QmXePok1enp6QhDhHm0YL3a4q7YHd4zjm6mM JUoVR4JJRSKOb1bVdEXqo+qG/PH7/5ywfrGas+MjOshMa3gnhYVee39N7Xtz0pHD 3ZllZRwGwad1sQLL7DhJKZ92z6t2GfHoJyK4LZNemkQAL1HyUu7Hj9SlljcVB+Ub xNnpmBXJcCZzp4nRQM+fbLf6bdZ1ua5DTc1pXC8vETtxyHc53G/vLCu8SKBnTBlK JmkpGwG5fXNuYLL8ArFUuEu3zhE7kfdeftUrEez3YeL2DgU9iB8m8RkuuSrVJEY= =WPH8 -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200905-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: IPSec Tools: Denial of Service Date: May 24, 2009 Bugs: #267135 ID: 200905-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple errors in the IPSec Tools racoon daemon might allow remote attackers to cause a Denial of Service. Background ========== The IPSec Tools are a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation. They include racoon, an Internet Key Exchange daemon for automatically keying IPsec connections. * Multiple memory leaks exist in (1) the eay_check_x509sign() function in racoon/crypto_openssl.c and (2) racoon/nattraversal.c (CVE-2009-1632). Workaround ========== There is no known workaround at this time. Resolution ========== All IPSec Tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-firewall/ipsec-tools-0.7.2" References ========== [ 1 ] CVE-2009-1574 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1574 [ 2 ] CVE-2009-1632 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1632 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200905-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-1804-1 security@debian.org http://www.debian.org/security/ Nico Golde May 20th, 2009 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : ipsec-tools Vulnerability : null pointer dereference, memory leaks Problem type : remote Debian-specific: no Debian bug : 527634 528933 CVE ID : CVE-2009-1574 CVE-2009-1632 Several remote vulnerabilities have been discovered in racoon, the Internet Key Exchange daemon of ipsec-tools. This results in the daemon crashing which can be used for denial of service attacks (CVE-2009-1574). Various memory leaks in the X.509 certificate authentication handling and the NAT-Traversal keepalive implementation can result in memory exhaustion and thus denial of service (CVE-2009-1632). For the oldstable distribution (etch), this problem has been fixed in version 0.6.6-3.1etch3. For the stable distribution (lenny), this problem has been fixed in version 0.7.1-1.3+lenny2. For the testing distribution (squeeze), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 1:0.7.1-1.5. We recommend that you upgrade your ipsec-tools packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3.dsc Size/MD5 checksum: 722 8b561cf84ac9c46ec07b037ce3ad06f1 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3.diff.gz Size/MD5 checksum: 49875 7444fb4ad448ccfffe878801a2b88d2e amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_amd64.deb Size/MD5 checksum: 343790 9cee9f8c479a3a2952d2913d7bdc4c5d http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_amd64.deb Size/MD5 checksum: 89184 5ccd4554eec28da6d933dc20a8a39393 arm architecture (ARM) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_arm.deb Size/MD5 checksum: 325706 9ce7988b74bccee252be7dac7ac8b5f7 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_arm.deb Size/MD5 checksum: 89748 513ded0e4a33200710444e1bf4ab67d8 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_hppa.deb Size/MD5 checksum: 353066 c56644b426ae945ca420d4ca37fc3f2a http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_hppa.deb Size/MD5 checksum: 94092 80b46b6fd60e857c84c588432b098957 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_i386.deb Size/MD5 checksum: 330258 b905d30958bd5c51d355f286f81b8be1 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_i386.deb Size/MD5 checksum: 85046 294ccbc4b51e4942edaeec7cd746dfa3 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_ia64.deb Size/MD5 checksum: 113356 111f0daa2075584c100efc9c11ecef73 http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_ia64.deb Size/MD5 checksum: 468296 bd4d69b5e0d4ee39ec564e1304f7649c mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_mips.deb Size/MD5 checksum: 89018 b6af57d65d43a7433132bee9657ba608 http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_mips.deb Size/MD5 checksum: 344558 aba2d85d5196c2a46555ad9e478d338a mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_mipsel.deb Size/MD5 checksum: 346856 97e04d97bdd55f852392d7461bad7f4d http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_mipsel.deb Size/MD5 checksum: 90308 9e780cda3df3384d0f1e33637d003f21 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_powerpc.deb Size/MD5 checksum: 91048 98174626d8ad1fba940c81001c337a4f http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_powerpc.deb Size/MD5 checksum: 337266 9f636e6d8904103b0096a4eed99e9cae s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_s390.deb Size/MD5 checksum: 341586 b42ddbad323dcdbd775d502f786ab449 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_s390.deb Size/MD5 checksum: 90750 62d4c3e618a6c69d532b8d8d33bb27b9 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_sparc.deb Size/MD5 checksum: 85710 9f1f526be4f2df4eb64d46023d87c6b3 http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_sparc.deb Size/MD5 checksum: 317136 38e50e9d97b46b51d12429b9ea727858 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2.diff.gz Size/MD5 checksum: 49472 4bc8ba2bd520a7514f2c33021c64e8ce http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1.orig.tar.gz Size/MD5 checksum: 1039057 ddff5ec5a06b804ca23dc41268368853 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2.dsc Size/MD5 checksum: 1144 46d3f28156ee183512a451588ef414e4 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_alpha.deb Size/MD5 checksum: 428532 052c13540da3fab19fdca83e9a389a39 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_alpha.deb Size/MD5 checksum: 114088 78065dd99d3732291e8d499383af17d9 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_amd64.deb Size/MD5 checksum: 409514 a421f12270f5b22639d67be8d2cc8b4e http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_amd64.deb Size/MD5 checksum: 104612 9ec93c697cf64232728d0dd5658efac8 arm architecture (ARM) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_arm.deb Size/MD5 checksum: 104604 78fa45a7e0503e4ee87e7508294cb0b0 http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_arm.deb Size/MD5 checksum: 381692 f1943edf9599189d16a2f936fa971abc armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_armel.deb Size/MD5 checksum: 387510 63ebe895d019d2362a0a11a0de0842c6 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_armel.deb Size/MD5 checksum: 104268 6c224349c910ffce5bb892f2a06dc243 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_i386.deb Size/MD5 checksum: 375004 5a43cbb6106d576ab686e9e4eb78c245 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_i386.deb Size/MD5 checksum: 99098 6c81df8c4653265f10ad6abf68091329 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_ia64.deb Size/MD5 checksum: 131288 dfa8646655028ae53bddad7f41e9f3a4 http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_ia64.deb Size/MD5 checksum: 544150 8e274b6b73125efe0fa8392398e0c5ea mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_mips.deb Size/MD5 checksum: 103502 5bd00dfdef0862a63bb666ed949e26ef http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_mips.deb Size/MD5 checksum: 388820 46fc10315192943b912126fe68ffeea9 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_mipsel.deb Size/MD5 checksum: 104216 a271cb33c891084479ed441945672f14 http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_mipsel.deb Size/MD5 checksum: 390562 352f78906e08ddb861053dfed30640bf powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_powerpc.deb Size/MD5 checksum: 403162 0210fa37088d78ee9aa53395aa0148e8 http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_powerpc.deb Size/MD5 checksum: 109438 26f043be5fb248d33b605d1987fa472a s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_s390.deb Size/MD5 checksum: 107474 aa6203b0e9e6dacbe39520be6b849eea http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_s390.deb Size/MD5 checksum: 399386 e965abdcf32838fff7753e789e703205 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_sparc.deb Size/MD5 checksum: 102486 57b2e115a15e08518f00158c1fe36cf2 http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_sparc.deb Size/MD5 checksum: 373916 7e2278ac7b4f0b352814ad2f55b1213a These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkoUDnMACgkQHYflSXNkfP8LtgCdF9LmW/TOn9JDPTVGlt+7dccI 3MYAoJVcwmqHztsGgCgBps9hyqzrQJ5l =84V/ -----END PGP SIGNATURE----- . Updated packages are available that brings ipsec-tools to version 0.7.2 for Mandriva Linux 2008.1/2009.0/2009.1 which provides numerous bugfixes over the previous 0.7.1 version, and also corrects this issue. ipsec-tools for Mandriva Linux Corporate Server 4 has been patched to address this issue. Additionally the flex package required for building ipsec-tools has been fixed due to ipsec-tools build problems and is also available with this update. Update: Packages for 2008.0 are being provided due to extended support for Corporate products. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1574 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 8256debb7fe84394de70499907060de6 2008.0/i586/flex-2.5.33-2.1mdv2008.0.i586.rpm c03c0f9fe8f564ea777b82789ac95f41 2008.0/i586/ipsec-tools-0.7.2-0.1mdv2008.0.i586.rpm 9da2195c693a7fe40f7afb3c5806aaca 2008.0/i586/libipsec0-0.7.2-0.1mdv2008.0.i586.rpm 29dcc9414a59cba30ce801b9fef416a6 2008.0/i586/libipsec-devel-0.7.2-0.1mdv2008.0.i586.rpm b3ceeee8a3a36388d02426b77a45d862 2008.0/SRPMS/flex-2.5.33-2.1mdv2008.0.src.rpm b0cb7993f29eac3d5f170c7cd3cf0cb5 2008.0/SRPMS/ipsec-tools-0.7.2-0.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 36c5d0eb92197c814b90c814d21d3372 2008.0/x86_64/flex-2.5.33-2.1mdv2008.0.x86_64.rpm 7a976c988badcb9fae93509acfe99aa2 2008.0/x86_64/ipsec-tools-0.7.2-0.1mdv2008.0.x86_64.rpm 85b8ed6e328b048c13eb503bfee8dcdc 2008.0/x86_64/lib64ipsec0-0.7.2-0.1mdv2008.0.x86_64.rpm a22f34f1cfac38c9029eb032e3257285 2008.0/x86_64/lib64ipsec-devel-0.7.2-0.1mdv2008.0.x86_64.rpm b3ceeee8a3a36388d02426b77a45d862 2008.0/SRPMS/flex-2.5.33-2.1mdv2008.0.src.rpm b0cb7993f29eac3d5f170c7cd3cf0cb5 2008.0/SRPMS/ipsec-tools-0.7.2-0.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. =========================================================== Ubuntu Security Notice USN-785-1 June 09, 2009 ipsec-tools vulnerabilities CVE-2009-1574, CVE-2009-1632 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: racoon 1:0.6.5-4ubuntu1.3 Ubuntu 8.04 LTS: racoon 1:0.6.7-1.1ubuntu1.2 Ubuntu 8.10: racoon 1:0.7-2.1ubuntu1.8.10.1 Ubuntu 9.04: racoon 1:0.7-2.1ubuntu1.9.04.1 In general, a standard system upgrade is sufficient to effect the necessary changes. (CVE-2009-1574) It was discovered that ipsec-tools did not properly handle memory usage when verifying certificate signatures or processing nat-traversal keep-alive messages
VAR-200904-0235 CVE-2009-0164 CUPS In DNS Vulnerabilities that induce rebinding attacks CVSS V2: 6.4
CVSS V3: -
Severity: MEDIUM
The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks. CUPS is prone to an insufficient 'Host' header validation weakness. An attacker can use this weakness to carry out certain attacks such as DNS rebinding against the vulnerable server. I. II. Impact The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. References * Apple Security Update 2009-002 - <http://support.apple.com/kb/HT3549> * Safari 3.2.3 - <http://support.apple.com/kb/HT3550> * Apple Downloads - <http://support.apple.com/downloads/> * Software Update - <https://support.apple.com/kb/HT1338?viewlocale=en_US> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA09-133A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA09-133A Feedback VU#175188" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History May 13, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSgsdiHIHljM+H4irAQIsGAf+IykbS/FD1X/R2ooezndAmZjrcT29XnpV HO4DiMlKmqW+dUffk4mdJLVR7y8pwUuP4TbjwncoT39SDR9UoEankv7+Dao/qkM/ Jp0flkEpb5qtcIm9VnuWvpCE31OZZgwBwJ7f2WWzbBLqoZ5FIWAhCcW6E5v6mjVy J+Z4BmHYUIapPLzGzV8+HT6/7LRNpg+mZoldEBUoXXjik8o78v5A7iGyMSXoaBlV vL8N/3GG9a9xecLqbbv5N6ABsncHA9f/GzBnfJUqVHkUM1xnjqmgd7TZikObw+fJ xcgWvmYmoRdCMzM3b1jPqWPDGJDbo0oHZM3J3hKE+opsLe9xChM1qA== =dQ2L -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Are you missing: SECUNIA ADVISORY ID: Critical: Impact: Where: within the advisory below? This is now part of the Secunia commercial solutions. Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/ Click here to trial our solutions: http://secunia.com/advisories/try_vi/ ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA35074 VERIFY ADVISORY: http://secunia.com/advisories/35074/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) A vulnerability in Apache when handling FTP proxy requests can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA31384 2) A boundary error in the handling of Compact Font Format (CFF) fonts in Apple Type Services can be exploited to cause a heap-based buffer overflow when specially crafted document is downloaded or viewed. Successful exploitation allows execution of arbitrary code. 3) A vulnerability in BIND can potentially be exploited by malicious people to conduct spoofing attacks. For more information: SA33404 4) An error in the parsing of Set-Cookie headers in CFNetwork can result in applications using CFNetwork sending sensitive information in unencrypted HTTP requests. 5) An unspecified error in the processing of HTTP headers in CFNetwork can be exploited to cause a heap-based buffer overflow when visiting a malicious web site. Successful exploitation allows execution of arbitrary code. 6) Multiple errors exist in the processing of PDF files in CoreGraphics, which can be exploited to corrupt memory and execute arbitrary code via a specially crafted PDF file. 7) An integer underflow error in the processing of PDF files in CoreGraphics can be exploited to cause a heap-based buffer overflow when specially crafted PDF files is opened. Successful exploitation allows execution of arbitrary code. 8) Multiple vulnerabilities in the processing of JBIG2 streams within PDF files in CoreGraphics can be exploited by malicious people to compromise a user's system. For more information: SA34291 9) Multiple vulnerabilities in cscope can be exploited by malicious people to compromise a user's system. For more information: SA34978: 10) A boundary error in the handling of disk images can be exploited to cause a stack-based buffer overflow when a specially crafted disk image is mounted. 11) Multiple unspecified errors in the handling of disk images can be exploited to cause memory corruptions when a specially crafted disk image is mounted. Successful exploitation of vulnerabilities #10 and #11 allows execution of arbitrary code. 12) Multiple vulnerabilities in enscript can be exploited by malicious people to compromise a vulnerable system. For more information: SA13968 SA32137 13) Multiple vulnerabilities in the Flash Player plugin can be exploited by malicious people to compromise a user's system. For more information: SA34012 14) An error in Help Viewer when loading Cascading Style Sheets referenced in URL parameters can be exploited to invoke arbitrary AppleScript files. 15) A vulnerability exists due to Help Viewer not validating that full paths to HTML documents are within registered help books, which can be exploited to invoke arbitrary AppleScript files. Successful exploitation of vulnerabilities #14 and #15 allows execution of arbitrary code. 16) An error in iChat can result in AIM communication configured for SSL to be sent in plaintext. 17) An error in the handling of certain character encodings in ICU can be exploited to bypass filters on websites that attempt to mitigate cross-site scripting. 18) Some vulnerabilities in IPSec can be exploited by malicious users and malicious people to cause a DoS (Denial of Service). For more information: SA31450 SA31478 19) Multiple vulnerabilities in Kerberos can be exploited by malicious people to potentially disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. For more information: SA34347 20) An error in the handling of workqueues within the kernel can be exploited by malicious, local users to cause a DoS or execute arbitrary code with Kernel privileges. 21) An error in Launch Services can cause Finder to repeatedly terminate and relaunch when a specially crafted Mach-O is downloaded. 22) A vulnerability in libxml can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. For more information: SA31558 23) A vulnerability in Net-SNMP can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA32560 24) A vulnerability in Network Time can be exploited by malicious people to conduct spoofing attacks. For more information: SA33406 25) A vulnerability in Network Time can be exploited by malicious people to potentially compromise a user's system. For more information: SA34608 26) A vulnerability in Networking can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA31745 27) A vulnerability in OpenSSL can be exploited by malicious people to conduct spoofing attacks. For more information: SA33338 28) Some vulnerabilities in PHP can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system, and by malicious, local users to bypass certain security restrictions. For more information: SA32964 29) An unspecified error in QuickDraw Manager can be exploited to cause a memory corruption and potentially execute arbitrary code via a specially crafted PICT image. 30) An integer underflow error in the handling of PICT images in QuickDraw Manager can be exploited to cause a heap-based buffer overflow via a specially crafted PICT file. Successful exploitation allows execution of arbitrary code. 31) Multiple vulnerabilities in ruby can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and conduct spoofing attacks. For more information: SA31430 SA31602 32) An error in the use of the OpenSSL library in ruby can cause revoked certificates to be accepted. 33) A vulnerability in Safari when handling "feed:" URLs can be exploited to compromise a user's system. For more information: SA35056 34) Multiple unspecified errors in Spotlight can be exploited to cause memory corruptions and execute arbitrary code when a specially crafted Office document is downloaded. 35) An error when invoking the "login" command can result in unexpected high privileges. 36) A boundary error in telnet can be exploited to cause a stack-based buffer overflow when connecting to a server with an overly long canonical name in its DNS address record. Successful exploitation may allow execution of arbitrary code. 37) A vulnerability in WebKit when handling SVGList objects can be exploited to corrupt memory and potentially execute arbitrary code. For more information: SA35056 38) Multiple vulnerabilities in FreeType can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise applications using the library. For more information: SA20100 SA25350 SA34723 39) A vulnerability in xterm can be exploited by malicious people to compromise a user's system. For more information: SA33318 40) Multiple vulnerabilities in libpng can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library. For more information: SA29792 SA33970 SOLUTION: Update to Mac OS X v10.5.7 or apply Security Update 2009-002. Security Update 2009-002 (Server Tiger PPC): http://support.apple.com/downloads/DL819/SecUpdSrvr2009-002PPC.dmg Security Update 2009-002 (Tiger Intel): http://support.apple.com/downloads/DL817/SecUpd2009-002Intel.dmg Security Update 2009-002 (Server Universal): http://support.apple.com/downloads/DL816/SecUpdSrvr2009-002Univ.dmg Mac OS X Server 10.5.7 Update: http://support.apple.com/downloads/DL828/MacOSXServerUpd10.5.7.dmg Mac OS X Server Combo 10.5.7: http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dmg Security Update 2009-002 (Tiger PPC): http://support.apple.com/downloads/DL818/SecUpd2009-002PPC.dmg Mac OS X 10.5.7 Update: http://support.apple.com/downloads/DL826/MacOSXUpd10.5.7.dmg Mac OS X 10.5.7 Combo Update: http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg PROVIDED AND/OR DISCOVERED BY: The vendor credits: 2) Charlie Miller of Independent Security Evaluators 4) Andrew Mortensen of the University of Michigan 5) Moritz Jodeit, n.runs AG 7) Barry K. Nathan 8) Alin Rad Pop, Secunia Research and Will Dormann, CERT/CC 10) Tiller Beauchamp, IOActive 14, 15) Brian Mastenbrook 17) Chris Weber of Casaba Security 20) An anonymous researcher working with Verisign iDefense VCP 30) Damian Put and Sebastian Apelt, working with ZDI, and Chris Ries of Carnegie Mellon University Computing Services 38) Tavis Ormandy of the Google Security Team OTHER REFERENCES: SA13968: http://secunia.com/advisories/13968/ SA20100: http://secunia.com/advisories/20100/ SA25350: http://secunia.com/advisories/25350/ SA29792: http://secunia.com/advisories/29792/ SA31384: http://secunia.com/advisories/31384/ SA31430: http://secunia.com/advisories/31430/ SA31450: http://secunia.com/advisories/31450/ SA31478: http://secunia.com/advisories/31478/ SA31558: http://secunia.com/advisories/31558/ SA31602: http://secunia.com/advisories/31602/ SA31745: http://secunia.com/advisories/31745/ SA32137: http://secunia.com/advisories/32137/ SA32560: http://secunia.com/advisories/32560/ SA32964: http://secunia.com/advisories/32964/ SA33318: http://secunia.com/advisories/33318/ SA33338: http://secunia.com/advisories/33338/ SA33404: http://secunia.com/advisories/33404/ SA33406: http://secunia.com/advisories/33406/ SA33970: http://secunia.com/advisories/33970/ SA34012: http://secunia.com/advisories/34012/ SA34291: http://secunia.com/advisories/34291/ SA34347: http://secunia.com/advisories/34347/ SA34608: http://secunia.com/advisories/34608/ SA34723: http://secunia.com/advisories/34723/ SA34978: http://secunia.com/advisories/34978/ SA35056: http://secunia.com/advisories/35056/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: CUPS: Multiple vulnerabilities Date: April 23, 2009 Bugs: #263070 ID: 200904-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple errors in CUPS might allow for the remote execution of arbitrary code or DNS rebinding attacks. Background ========== CUPS, the Common Unix Printing System, is a full-featured print server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-print/cups < 1.3.10 >= 1.3.10 Description =========== The following issues were reported in CUPS: * iDefense reported an integer overflow in the _cupsImageReadTIFF() function in the "imagetops" filter, leading to a heap-based buffer overflow (CVE-2009-0163). * Braden Thomas and Drew Yao of Apple Product Security reported that CUPS is vulnerable to CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and poppler. Impact ====== A remote attacker might send or entice a user to send a specially crafted print job to CUPS, possibly resulting in the execution of arbitrary code with the privileges of the configured CUPS user -- by default this is "lp", or a Denial of Service. Workaround ========== There is no known workaround at this time. Resolution ========== All CUPS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.3.10" References ========== [ 1 ] CVE-2009-0146 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146 [ 2 ] CVE-2009-0147 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147 [ 3 ] CVE-2009-0163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163 [ 4 ] CVE-2009-0164 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0164 [ 5 ] CVE-2009-0166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200904-20.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5