VARIoT IoT vulnerabilities database

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks Remote Management. Access to a single node with Remote Management client installed and configured is required.The specific flaw exists within the storage of Remote Management authentication information on the client. The client utilizes a password stored in the registry that is common among all nodes. This can be exploited by an attacker to execute remote code on any target with the client installed. Novell ZENworks Configuration Management is a desktop management software that helps customers reduce their IT ownership costs. Novell ZENworks Server and desktop management have security vulnerabilities that allow malicious users to bypass some security restrictions. Novell ZENworks is prone to a security-bypass vulnerability. The following applications are vulnerable: Novell ZENworks for Servers 3.0.2 Novell ZENworks for Desktops 4 Novell ZENworks for Desktops 4.0.1 Novell ZENworks Server Management 7.ZSM7 SP1 Novell ZENworks Desktop Management 7.ZDM7 SP1. ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Novell ZENworks Remote Management Password Authentication Security Issue SECUNIA ADVISORY ID: SA40838 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40838/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40838 RELEASE DATE: 2010-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/40838/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40838/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40838 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Novell ZENworks Server and Desktop Management, which can be exploited by malicious people to bypass certain security restrictions. when a common password has been distributed via NAL or TED). SOLUTION: The vendor recommends disabling password mode of authentication in the Remote Management policy (disabled by default). Alternatively, the vendor suggests to only distribute a common password via NAL or TED in trusted environments. PROVIDED AND/OR DISCOVERED BY: The vendor credits TippingPoint ZDI. ORIGINAL ADVISORY: Novell: http://www.novell.com/support/viewContent.do?externalId=7006557&sliceId=1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -- Vendor Response: Novell has issued an update to correct this vulnerability. More details can be found at: http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7006557&sliceId=1&docTypeID=DT_TID_1_1&dialogID=80488553&stateId=1%200%2080486291 -- Disclosure Timeline: 2010-06-07 - Vulnerability reported to vendor 2010-08-09 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * sb -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi

D-Link WBR-2310 is a wireless router device. D-Link WBR-2310 Web Server incorrectly filters specially constructed GET requests. Remote attackers can use the vulnerability to perform denial of service attacks on service programs. D-Link WBR-2310 is prone to a remote buffer-overflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. This issue occurs in the device's webserver. D-Link WBR-2310 firmware version 1.04 is vulnerable; other versions may also be affected

The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. It is relatively easy to find a string that has the same hash value as a regular password.Authentication by attacker API (loginLib) May be used to access services using. The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. VxWorks is prone to a security vulnerability due to an insecure-hashing algorithm. The issue affects multiple products from multiple vendors that ship with the VxWorks operating system. NOTE: This document previously covered two vulnerabilities in VxWorks. The remote security-bypass issue has been moved to BID 42158 (VxWorks Debugging Service Security-Bypass Vulnerability) to allow for better documentation of both issues. This flaw occurs due to an insecure password hashing implementation in the authentication library (loginLib) of the VxWorks operating system. Regardless of what password is set for a particular account, there are a only small number (~210k) of possible hash outputs. Typical passwords consisting of alphanumeric characters and symbols fall within an even smaller range of hash outputs (~8k), making this trivial to brute force over the network. To excaberate matters, loginLib has no support for account lockouts and the FTP daemon does not disconnect clients that consistently fail to authenticate. This reduces the brute force time for the FTP service to approximately 30 minutes. To demonstrate the hash weakness, the password of "insecure" hashes to the value "Ry99dzRcy9". The password of "s{{{{{^O" also hashes to the same output. The hashing algorithm itself is based on an additive sum with a small XOR operation. The resulting sums are then transformed to a printable string, but the range of possible intermediate values is limited and mostly sequential. The entire collision table has been precomputed and will be released in early September as an input file for common brute force tools. More information about the hashing algorithm itself is available at the Metasploit blog post below: http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html There are three requirements for this vulnerability to be exploited: * The device must be running at least one service that uses loginLib for authentication. Telnet and FTP do so by default. * A valid username must be known to the attacker. This is usually easy to determine through product manuals or a cursory review of the firmware binaries. * The target service must be using with default loginLib library and must not have changed the authentication function to point to a custom backend. A typical VxWorks device will meet all three requirements by default, but customization by the device manufacturer may preclude this from being exploited. In general, if the device displays a VxWorks banner for Telnet or FTP, it is more than likely vulnerable. -- Vendor Response: Wind River Systems has notified their customers of the issue and suggested that each downstream vendor replace the existing hash implementation with SHA512 or SHA256. The exact extent of the vulnerability and the complete list of affected devices is not known at this time. Example code from Wind River Systems has been supplied to CERT and is included in the advisory below: http://www.kb.cert.org/vuls/id/840249 -- Disclosure Timeline: 2009-06-02 - Vulnerability reported to CERT for vendor notification 2009-08-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by HD Moore -- About Rapid7 Security Rapid7 provides vulnerability management, compliance and penetration testing solutions for Web application, network and database security. In addition to developing the NeXpose Vulnerability Management system, Rapid7 manages the Metasploit Project and is the primary sponsor of the W3AF web assessment tool. Our vulnerability disclosure policy is available online at: http://www.rapid7.com/disclosure.jsp

The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks before 6.9 does not properly support a large set of distinct possible passwords, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. Some products based on VxWorks have the WDB target agent debug service enabled by default. This service provides read/write access to the device's memory and allows functions to be called. The VxWorks WDB target agent is a target-resident, run-time facility that is required for connecting host tools to a VxWorks target system during development. WDB is a selectable component in the VxWorks configuration and is enabled by default. The WDB debug agent access is not secured and does provide a security hole in a deployed system. It is advisable for production systems to reconfigure VxWorks with only those components needed for deployed operation and to build it as the appropriate type of system image. It is recommended to remove host development components such as the WDB target agent and debugging components (INCLUDE_WDB and INCLUDE_DEBUG) as well as other operating system components that are not required to support customer applications. Consult the VxWorks Kernel Programmer's guide for more information on WDB.Additional information can be found in ICS-CERT advisory ICSA-10-214-01 and on the Metasploit Blog. An attacker can use the debug service to fully compromise the device. The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. VxWorks is an embedded real-time operating system. VxWorks has multiple security vulnerabilities that allow an attacker to bypass security restrictions and gain unauthorized access to the system. For example, when logging in with the default 'target/password', 'y{{{{{SS' will HASH out the same result as 'password'. So you can use 'password' and 'y{{{{{SS' as the password to log in. Vendor affected: TP-Link (http://tp-link.com) Products affected: * All TP-Link VxWorks-based devices (confirmed by vendor) * All "2-series" switches (confirmed by vendor) * TL-SG2008 semi-managed switch (confirmed by vendor) * TL-SG2216 semi-managed switch (confirmed by vendor) * TL-SG2424 semi-managed switch (confirmed by vendor) * TL-SG2424P semi-managed switch (confirmed by vendor) * TL-SG2452 semi-managed switch (confirmed by vendor) Vulnerabilities: * All previously-reported VxWorks vulnerabilities from 6.6.0 on; at the very least: * CVE-2013-0716 (confirmed by vendor) * CVE-2013-0715 (confirmed by vendor) * CVE-2013-0714 (confirmed by vendor) * CVE-2013-0713 (confirmed by vendor) * CVE-2013-0712 (confirmed by vendor) * CVE-2013-0711 (confirmed by vendor) * CVE-2010-2967 (confirmed by vendor) * CVE-2010-2966 (confirmed by vendor) * CVE-2008-2476 (confirmed by vendor) * SSLv2 is available and cannot be disabled unless HTTPS is completely disabled (allows downgrade attacks) (confirmed by vendor) * SSL (v2, v3) offers insecure cipher suites and HMACs which cannot be disabled (allows downgrade attacks) (confirmed by vendor) Design flaws: * Telnet is available and cannot be disabled (confirmed by vendor) * SSHv1 enabled by default if SSH is enabled (confirmed by vendor) Vendor response: TP-Link are not convinced that these flaws should be repaired. TP-Link's Internet presence -- or at least DNS -- is available only intermittently. Most emails bounced. Lost contact with vendor, but did confirm that development lead is now on holiday and will not return for at least a week. Initial vendor reaction was to recommend purchase of "3-series" switches. Vendor did not offer reasons why "3-series" switches would be more secure, apart from lack of telnet service. Vendor confirmed that no development time can be allocated to securing "2-series" product and all focus has shifted to newer products. (TL-SG2008 first product availability July 2014...) Vendor deeply confused about security of DES/3DES, MD5, claimed that all security is relative. ("...[E]ven SHA-1 can be cracked, they just have different security level.") Fix availability: None. Work-arounds advised: None possible. Remove products from network. ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Rockwell Automation 1756-ENBT Series A VxWorks Debugger Vulnerability SECUNIA ADVISORY ID: SA40829 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40829/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40829 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40829/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40829/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40829 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Rockwell Automation 1756-ENBT series A, which can be exploited by malicious people to compromise the vulnerable device. The vulnerability is caused due to the VxWorks debug agent being enabled, which can be exploited to gain control over the device by e.g. sending specially crafted requests to port 17185/UDP. The vulnerability is reported in Rockwell Automation 1756-ENBT series A running firmware versions 3.2.6 and 3.6.1. SOLUTION: See Rockwell Automation Technote #69735. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported in VxWorks by Bennett Todd, Shawn Merdinger, and HD Moore. ORIGINAL ADVISORY: US-CERT VU#362332: http://www.kb.cert.org/vuls/id/362332 http://www.kb.cert.org/vuls/id/MAPG-86FPQL HD Moore: http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and earlier uses the LOGIN_USER_NAME and LOGIN_USER_PASSWORD (aka LOGIN_PASSWORD) parameters to create hardcoded credentials, which makes it easier for remote attackers to obtain access via a (1) telnet, (2) rlogin, or (3) FTP session. Some products based on VxWorks have the WDB target agent debug service enabled by default. This service provides read/write access to the device's memory and allows functions to be called. The VxWorks WDB target agent is a target-resident, run-time facility that is required for connecting host tools to a VxWorks target system during development. WDB is a selectable component in the VxWorks configuration and is enabled by default. The WDB debug agent access is not secured and does provide a security hole in a deployed system. It is advisable for production systems to reconfigure VxWorks with only those components needed for deployed operation and to build it as the appropriate type of system image. It is recommended to remove host development components such as the WDB target agent and debugging components (INCLUDE_WDB and INCLUDE_DEBUG) as well as other operating system components that are not required to support customer applications. Consult the VxWorks Kernel Programmer's guide for more information on WDB.Additional information can be found in ICS-CERT advisory ICSA-10-214-01 and on the Metasploit Blog. An attacker can use the debug service to fully compromise the device. The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. VxWorks is an embedded real-time operating system. VxWorks has multiple security vulnerabilities that allow an attacker to bypass security restrictions and gain unauthorized access to the system. For example, when logging in with the default 'target/password', 'y{{{{{SS' will HASH out the same result as 'password'. So you can use 'password' and 'y{{{{{SS' as the password to log in. Vendor affected: TP-Link (http://tp-link.com) Products affected: * All TP-Link VxWorks-based devices (confirmed by vendor) * All "2-series" switches (confirmed by vendor) * TL-SG2008 semi-managed switch (confirmed by vendor) * TL-SG2216 semi-managed switch (confirmed by vendor) * TL-SG2424 semi-managed switch (confirmed by vendor) * TL-SG2424P semi-managed switch (confirmed by vendor) * TL-SG2452 semi-managed switch (confirmed by vendor) Vulnerabilities: * All previously-reported VxWorks vulnerabilities from 6.6.0 on; at the very least: * CVE-2013-0716 (confirmed by vendor) * CVE-2013-0715 (confirmed by vendor) * CVE-2013-0714 (confirmed by vendor) * CVE-2013-0713 (confirmed by vendor) * CVE-2013-0712 (confirmed by vendor) * CVE-2013-0711 (confirmed by vendor) * CVE-2010-2967 (confirmed by vendor) * CVE-2010-2966 (confirmed by vendor) * CVE-2008-2476 (confirmed by vendor) * SSLv2 is available and cannot be disabled unless HTTPS is completely disabled (allows downgrade attacks) (confirmed by vendor) * SSL (v2, v3) offers insecure cipher suites and HMACs which cannot be disabled (allows downgrade attacks) (confirmed by vendor) Design flaws: * Telnet is available and cannot be disabled (confirmed by vendor) * SSHv1 enabled by default if SSH is enabled (confirmed by vendor) Vendor response: TP-Link are not convinced that these flaws should be repaired. TP-Link's Internet presence -- or at least DNS -- is available only intermittently. Most emails bounced. Lost contact with vendor, but did confirm that development lead is now on holiday and will not return for at least a week. Initial vendor reaction was to recommend purchase of "3-series" switches. Vendor did not offer reasons why "3-series" switches would be more secure, apart from lack of telnet service. Vendor confirmed that no development time can be allocated to securing "2-series" product and all focus has shifted to newer products. (TL-SG2008 first product availability July 2014...) Vendor deeply confused about security of DES/3DES, MD5, claimed that all security is relative. ("...[E]ven SHA-1 can be cracked, they just have different security level.") Fix availability: None. Work-arounds advised: None possible. Remove products from network. R7-0034: VxWorks WDB Agent Debug Service Exposure August 2, 2010 -- Rapid7 Customer Protection: Rapid7 NeXpose customers have access to a vulnerability check for this flaw as of the latest update. More information about this check can be found online at: http://www.rapid7.com/vulndb/lookup/vxworks-wdbrpc-exposed -- Vulnerability Details: This vulnerability allows remote attackers to read memory, write memory, execute code, and ultimately take complete control of the affected device. This issue affects over 100 different vendors and a multitude of products, both shipping and end-of-life. A spreadsheet of identified products affected by this flaw can be found at the URL below. This index is not comprehensive and not all devices found are still supported. http://www.metasploit.com/data/confs/bsideslv2010/VxWorksDevices.xls This flaw occurs due to an insecure setting in the configuration file of the manufacturer's source code. This setting results in a system- debug service being exposed on UDP port 17185. More information about this issue can be found at the Metasploit blog: http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html -- Vendor Response: Wind River Systems has notified their customers of the issue and indicated that the WDB agent should be disabled for production builds. CERT has notified every vendor with an identified, shipping product containing this vulnerability. Responses for each specific vendor can be found in the CERT advisory: http://www.kb.cert.org/vuls/id/362332 -- Disclosure Timeline: 2010-06-02 - Vulnerability reported to CERT for vendor notification 2010-08-02 - Coordinated public release of advisory -- Credit: This vulnerability had been discovered in specific devices in multiple instances, first by Bennett Todd in 2002 and then Shawn Merdinger in 2005. A comprehensive analysis of all affected devices was conducted by HD Moore in 2010. -- About Rapid7 Security Rapid7 provides vulnerability management, compliance and penetration testing solutions for Web application, network and database security. In addition to developing the NeXpose Vulnerability Management system, Rapid7 manages the Metasploit Project and is the primary sponsor of the W3AF web assessment tool. Our vulnerability disclosure policy is available online at: http://www.rapid7.com/disclosure.jsp

The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via requests to UDP port 17185, a related issue to CVE-2005-3804. Some products based on VxWorks have the WDB target agent debug service enabled by default. This service provides read/write access to the device's memory and allows functions to be called. The VxWorks WDB target agent is a target-resident, run-time facility that is required for connecting host tools to a VxWorks target system during development. WDB is a selectable component in the VxWorks configuration and is enabled by default. The WDB debug agent access is not secured and does provide a security hole in a deployed system. It is advisable for production systems to reconfigure VxWorks with only those components needed for deployed operation and to build it as the appropriate type of system image. It is recommended to remove host development components such as the WDB target agent and debugging components (INCLUDE_WDB and INCLUDE_DEBUG) as well as other operating system components that are not required to support customer applications. Consult the VxWorks Kernel Programmer's guide for more information on WDB.Additional information can be found in ICS-CERT advisory ICSA-10-214-01 and on the Metasploit Blog. An attacker can use the debug service to fully compromise the device. The hashing algorithm that is used in the standard authentication API for VxWorks is susceptible to collisions. An attacker can brute force a password by guessing a string that produces the same hash as a legitimate password. It is relatively easy to find a string that has the same hash value as a regular password.Authentication by attacker API (loginLib) May be used to access services using. The problem is CVE-2005-3804 May be related toBy a third party UDP An arbitrary memory area may be read or modified, a function call executed, or a task managed through a request to the port. VxWorks is an embedded real-time operating system. VxWorks has multiple security vulnerabilities that allow an attacker to bypass security restrictions and gain unauthorized access to the system. For example, when logging in with the default 'target/password', 'y{{{{{SS' will HASH out the same result as 'password'. So you can use 'password' and 'y{{{{{SS' as the password to log in. Permissions and access control vulnerabilities exist in the WDB Target Agent Debugging Service in Wind River VxWorks 6.x, 5.x and earlier. VxWorks is prone to a remote security-bypass vulnerability. Successful exploits will allow remote attackers to perform debugging tasks on the vulnerable device. The issue affects multiple products from multiple vendors that ship with the VxWorks operating system. NOTE: This issue was previously covered in BID 42114 (VxWorks Multiple Security Vulnerabilities) but has been separated into its own record to better document it. R7-0035: VxWorks Authentication Library Weak Password Hashing August 2, 2010 -- Vulnerability Details: This vulnerability allows remote attackers to bypass the authentication process for the Telnet and FTP services of the VxWorks operating system. This flaw occurs due to an insecure password hashing implementation in the authentication library (loginLib) of the VxWorks operating system. Regardless of what password is set for a particular account, there are a only small number (~210k) of possible hash outputs. Typical passwords consisting of alphanumeric characters and symbols fall within an even smaller range of hash outputs (~8k), making this trivial to brute force over the network. To excaberate matters, loginLib has no support for account lockouts and the FTP daemon does not disconnect clients that consistently fail to authenticate. This reduces the brute force time for the FTP service to approximately 30 minutes. To demonstrate the hash weakness, the password of "insecure" hashes to the value "Ry99dzRcy9". The hashing algorithm itself is based on an additive sum with a small XOR operation. The resulting sums are then transformed to a printable string, but the range of possible intermediate values is limited and mostly sequential. The entire collision table has been precomputed and will be released in early September as an input file for common brute force tools. More information about the hashing algorithm itself is available at the Metasploit blog post below: http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html There are three requirements for this vulnerability to be exploited: * The device must be running at least one service that uses loginLib for authentication. Telnet and FTP do so by default. * A valid username must be known to the attacker. This is usually easy to determine through product manuals or a cursory review of the firmware binaries. A typical VxWorks device will meet all three requirements by default, but customization by the device manufacturer may preclude this from being exploited. In general, if the device displays a VxWorks banner for Telnet or FTP, it is more than likely vulnerable. -- Vendor Response: Wind River Systems has notified their customers of the issue and suggested that each downstream vendor replace the existing hash implementation with SHA512 or SHA256. The exact extent of the vulnerability and the complete list of affected devices is not known at this time. Example code from Wind River Systems has been supplied to CERT and is included in the advisory below: http://www.kb.cert.org/vuls/id/840249 -- Disclosure Timeline: 2009-06-02 - Vulnerability reported to CERT for vendor notification 2009-08-02 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by HD Moore -- About Rapid7 Security Rapid7 provides vulnerability management, compliance and penetration testing solutions for Web application, network and database security. In addition to developing the NeXpose Vulnerability Management system, Rapid7 manages the Metasploit Project and is the primary sponsor of the W3AF web assessment tool. Our vulnerability disclosure policy is available online at: http://www.rapid7.com/disclosure.jsp

Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe. Successfully exploiting this issue can allow attackers to elevate privileges, leading to a complete compromise of the device. iOS versions 4.0.1 and prior are vulnerable. NOTE (August 12, 2010): This BID was previously titled 'Apple iOS Multiple Vulnerabilities' and included details about a remote code-execution vulnerability. Following further analysis, we determined that the remote code-execution issue was already documented in BID 42241 (FreeType Compact Font Format (CFF) Multiple Stack Based Buffer Overflow Vulnerabilities). ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Apple iOS Security Bypass and PDF File Processing Vulnerability SECUNIA ADVISORY ID: SA40807 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40807/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40807 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40807/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40807/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40807 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to compromise a user's system. 1) An error in the processing of PDF files can be exploited to execute arbitrary code e.g. when a user visits a specially crafted web page. 2) An unspecified error in the kernel can be exploited to gain escalated privileges. The vulnerabilities are reported in 4.0.1. Other versions may also be affected. NOTE: The vulnerabilities are currently exploited to jailbreak a vulnerable device. SOLUTION: Do not browse untrusted sites or follow links from untrusted sources. Do not open PDF files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: comex, disclosed via jailbreakme.com OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information. FreeType 2 Is CFF A vulnerability exists in the handling of fonts. FreeType Is a library for handling various types of font files. FreeType 2 Is CFF A vulnerability exists in the processing of fonts that causes a stack corruption. Attack activity using this vulnerability has been confirmed.Crafted CFF Font FreeType 2 By loading it with an application that uses, arbitrary code may be executed by a remote third party. FreeType is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary-checks on user-supplied data. Failed exploit attempts will likely result in denial-of-service conditions. This BID has been updated to reflect details that may have been included in BID 42151. Apple iOS for iPhone, iPod touch, and iPad is prone to a local privilege-escalation vulnerability that affects the 'IOSurface' component. Successfully exploiting this issue can allow attackers to elevate privileges, leading to a complete compromise of the device. iOS versions 4.0.1 and prior are vulnerable. NOTE (August 12, 2010): This BID was previously titled 'Apple iOS Multiple Vulnerabilities' and included details about a remote code-execution vulnerability. Following further analysis, we determined that the remote code-execution issue was already documented in BID 42241 (FreeType Compact Font Format (CFF) Multiple Stack Based Buffer Overflow Vulnerabilities). It can be used to rasterize and map characters into bitmaps and provide support for other font-related businesses. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/freetype < 2.4.8 >= 2.4.8 Description =========== Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All FreeType users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.4.8" References ========== [ 1 ] CVE-2010-1797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1797 [ 2 ] CVE-2010-2497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2497 [ 3 ] CVE-2010-2498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2498 [ 4 ] CVE-2010-2499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2499 [ 5 ] CVE-2010-2500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2500 [ 6 ] CVE-2010-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2519 [ 7 ] CVE-2010-2520 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2520 [ 8 ] CVE-2010-2527 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2527 [ 9 ] CVE-2010-2541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2541 [ 10 ] CVE-2010-2805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2805 [ 11 ] CVE-2010-2806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2806 [ 12 ] CVE-2010-2807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2807 [ 13 ] CVE-2010-2808 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2808 [ 14 ] CVE-2010-3053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3053 [ 15 ] CVE-2010-3054 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3054 [ 16 ] CVE-2010-3311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3311 [ 17 ] CVE-2010-3814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3814 [ 18 ] CVE-2010-3855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3855 [ 19 ] CVE-2011-0226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0226 [ 20 ] CVE-2011-3256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3256 [ 21 ] CVE-2011-3439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3439 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201201-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-972-1 August 17, 2010 freetype vulnerabilities CVE-2010-1797, CVE-2010-2541, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libfreetype6 2.1.10-1ubuntu2.8 Ubuntu 8.04 LTS: libfreetype6 2.3.5-1ubuntu4.8.04.4 Ubuntu 9.04: libfreetype6 2.3.9-4ubuntu0.3 Ubuntu 9.10: libfreetype6 2.3.9-5ubuntu0.2 Ubuntu 10.04 LTS: libfreetype6 2.3.11-1ubuntu2.2 After a standard system update you need to restart your session to make all the necessary changes. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.8.diff.gz Size/MD5: 70961 d986f14b69d50fe1884e8dd5f9386731 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.8.dsc Size/MD5: 719 a91985ecc92b75aa3f3647506bad4039 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10.orig.tar.gz Size/MD5: 1323617 adf145ce51196ad1b3054d5fb032efe6 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_amd64.deb Size/MD5: 717794 f332d5b1974aa53f200e4e6ecf9df088 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_amd64.deb Size/MD5: 440974 afa83868cc67cec692f72a9dc93635ff http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_amd64.deb Size/MD5: 133902 dca56851436275285b4563c96388a070 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_amd64.udeb Size/MD5: 251958 358627e207009dbe0c5be095e7bed18d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_i386.deb Size/MD5: 677592 ee43f5e97f31b8da57582dbdb1e63033 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_i386.deb Size/MD5: 416328 ef092c08ba2c167af0da25ab743ea663 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_i386.deb Size/MD5: 117302 b2633ed4487657fe349fd3de76fce405 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_i386.udeb Size/MD5: 227436 f55ab8a9bb7e76ad743f6c0fa2974e64 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_powerpc.deb Size/MD5: 708654 ee71c714e62e96a9af4cf7ba909142e6 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_powerpc.deb Size/MD5: 431036 4f1c6a1e28d3a14b593bef37605119ab http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_powerpc.deb Size/MD5: 134260 66ba7d95f551eaadb1bba5a56d76529d http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_powerpc.udeb Size/MD5: 241726 d2c4f13b12c8280b1fad56cdc0965502 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_sparc.deb Size/MD5: 683964 49df9101deb9a317229351d72b5804ec http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_sparc.deb Size/MD5: 411982 efaca20d5deec9e51be023710902852b http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_sparc.deb Size/MD5: 120138 ff723720ed499e40049e3487844b9db3 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_sparc.udeb Size/MD5: 222676 71f172ba71fc507b04e5337d55b32ed6 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.4.diff.gz Size/MD5: 40949 1cc5014da4db8200edb54df32561fcd0 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.4.dsc Size/MD5: 907 7f698125814f4ca67a01b0a66d9bcfe9 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5.orig.tar.gz Size/MD5: 1536077 4a5bdbe1ab92f3fe4c4816f9934a5ec2 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_amd64.deb Size/MD5: 694322 c740e1665d09a0c691163a543c8d650b http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_amd64.deb Size/MD5: 362386 5b085e83764fcda129bede2c5c4ca179 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_amd64.deb Size/MD5: 221392 dbebbbaffc086dccf550468fff1daa92 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_amd64.udeb Size/MD5: 258454 f3903d4e43891753f3c6439cd862617f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_i386.deb Size/MD5: 663330 7601af27049730f0f7afcfa30244ae88 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_i386.deb Size/MD5: 347172 de53a441e28e385598d20333ff636026 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_i386.deb Size/MD5: 201266 c9c50bdc87d0a46fc43f3bbca26adec5 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_i386.udeb Size/MD5: 243462 16bb61f604fe48a301f6faeaa094d266 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_lpia.deb Size/MD5: 665120 bf0dcd13b8a171f6a740ca225d943e68 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_lpia.deb Size/MD5: 347512 d2beee3ccf7fe0233825d46cc61ca62d http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_lpia.deb Size/MD5: 205560 7879f630a5356e3d6e9c0609e8008de9 http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_lpia.udeb Size/MD5: 244324 4e10fb5e68a78312eb02c69508120c6a powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_powerpc.deb Size/MD5: 687156 6d36300396fa84d6f889147b0247f385 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_powerpc.deb Size/MD5: 358086 06b9874cc9ba11fdb6feb10b0831e890 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_powerpc.deb Size/MD5: 235578 ce514bab4cbc028a0451742c38c633cd http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_powerpc.udeb Size/MD5: 254526 d50f40a9421b52f4302c4d260170edb3 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_sparc.deb Size/MD5: 658094 184f0f51023baa8ce459fababaa190d9 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_sparc.deb Size/MD5: 332124 5aa036de5269896c893ea8f825329b84 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_sparc.deb Size/MD5: 199782 9323f9209333cf42114e97d3305d901c http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_sparc.udeb Size/MD5: 227810 7657e99ad137ad5ce654b74cfbbfdc10 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.3.diff.gz Size/MD5: 44032 17b27322a6448d40599c55561209c940 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.3.dsc Size/MD5: 1311 5124a4df7016a625a631c1ff4661aae9 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9.orig.tar.gz Size/MD5: 1624314 7b2ab681f1a436876ed888041204e478 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_amd64.deb Size/MD5: 729408 788a2af765a8356c4a7c01e893695b0b http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_amd64.udeb Size/MD5: 272950 a1f9a0ad0d036e5a14b073c139ce5408 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_amd64.deb Size/MD5: 407052 bfd510dc0c46a0f25dd3329693ee66a8 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_amd64.deb Size/MD5: 226474 9b8e6c521d8629b9b1db2760209460a3 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_i386.deb Size/MD5: 697818 9176ee8649b8441333d7c5d9359c53a6 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_i386.udeb Size/MD5: 257896 c26f46491d69a174fa9cad126a3201cf http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_i386.deb Size/MD5: 392692 648d0605a187b74291b3233e5e4930e3 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_i386.deb Size/MD5: 198834 0b41da08de5417a7db21e24e730e03d9 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_lpia.deb Size/MD5: 698682 12c20dd647db986bd87a250d8706e8e8 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_lpia.udeb Size/MD5: 257736 dee60e4b8a1824d2aa13364ec0f01602 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_lpia.deb Size/MD5: 392978 e19bcc3c8c0cec76227c64843b01516a http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_lpia.deb Size/MD5: 201636 a558e986b6c6e878e115126e7d3a28a5 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_powerpc.deb Size/MD5: 720040 70c8792cddd9cfe45480f8d760dd0163 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_powerpc.udeb Size/MD5: 265790 b356a500845d045f431db6ef4db4f811 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_powerpc.deb Size/MD5: 400532 91aa4eea6b8e9b67a721b552caab8468 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_powerpc.deb Size/MD5: 227834 fa22e303b8d06dfb99a8c3c1f2980061 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_sparc.deb Size/MD5: 689244 dff22369b1bb07d4ef7c6d9f474149db http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_sparc.udeb Size/MD5: 238164 cb1e597bd0065d2ffbad763a52088c1d http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_sparc.deb Size/MD5: 372422 c6f36ae3119f8f17368d796943ba9908 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_sparc.deb Size/MD5: 201390 c3f108859375787b11190d3c5a1d966b Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-5ubuntu0.2.diff.gz Size/MD5: 43530 f78681f1641b93f34d41ff4d6f31eb71 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-5ubuntu0.2.dsc Size/MD5: 1311 8a9a302e0a62f2dbe2a62aba456e2108 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9.orig.tar.gz Size/MD5: 1624314 7b2ab681f1a436876ed888041204e478 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_amd64.deb Size/MD5: 731028 3b5ed0ad073cca0c1eee212b0e12f255 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_amd64.udeb Size/MD5: 275110 a23822489a0d7d45152f341b86f0df20 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_amd64.deb Size/MD5: 409362 ba180d650e17df6980ca09b8d1a109e1 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_amd64.deb Size/MD5: 230774 a0a51691eefc0fb6e94d41c3282c3ab2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_i386.deb Size/MD5: 696892 ad2164ed812ccd9cf7829659cff219c7 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_i386.udeb Size/MD5: 258710 c2d256e87eaee83ab83592247588bee7 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_i386.deb Size/MD5: 393912 c8d04b785d17066229bab50a3c13e1af http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_i386.deb Size/MD5: 195702 02aa03f1f62a61383d829b5bf494b7b0 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_lpia.deb Size/MD5: 699382 ff8200917b43322062d2f3b5f3f6bab8 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_lpia.udeb Size/MD5: 259348 0395bdbaf357d161d0f1d3b257ae4732 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_lpia.deb Size/MD5: 394122 8481f2e278a5da28b28ef0fa79207662 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_lpia.deb Size/MD5: 198546 a3f0a848da83a64d14344b6744b33a90 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_powerpc.deb Size/MD5: 719762 bd7185c852b151794c27f8c2ead4da94 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_powerpc.udeb Size/MD5: 264578 58a77cbf2ae4c2a447a81cce72f6b8c5 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_powerpc.deb Size/MD5: 399118 c943fa66513b862ccb6ac99699c9e33c http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_powerpc.deb Size/MD5: 203834 842dd94d9b3fad52c0b1b6489775d2ea sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_sparc.deb Size/MD5: 691054 557de31093ac67c2dedec97e55998295 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_sparc.udeb Size/MD5: 240534 f3c79ed9e84e7169851de3f432b613c3 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_sparc.deb Size/MD5: 374982 e84af1b516f050ee9bdb93c213994943 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_sparc.deb Size/MD5: 195786 599978c8d9cff2525eba228c793833c3 Updated packages for Ubuntu 10.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11-1ubuntu2.2.diff.gz Size/MD5: 41646 9b97425327300eda74c492034fed50ad http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11-1ubuntu2.2.dsc Size/MD5: 1313 b7b625334a0d9c926bf34cc83dcc904c http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11.orig.tar.gz Size/MD5: 1709600 5aa22c0bc6aa3815b40a309ead2b9d1b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_amd64.deb Size/MD5: 739530 db9147ce9477b7ab22374f89d24b24ca http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_amd64.udeb Size/MD5: 277536 35fc46f3c281aee82eeed4e00cfdacdc http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_amd64.deb Size/MD5: 434932 1bf8e620c3008504b87354470e7be9a5 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_amd64.deb Size/MD5: 221434 4b4fcbd633bf1b3c2151617adae44835 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_i386.deb Size/MD5: 704694 f58601afde2b4bc257492762654cbf94 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_i386.udeb Size/MD5: 260916 a540a7f9ae973bce66bbd3fdb9a4f849 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_i386.deb Size/MD5: 419000 d4a78ce7ae146caa59b61f43b27d363c http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_i386.deb Size/MD5: 188710 e94b4202fcfe184fdf81409fe610a42a powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_powerpc.deb Size/MD5: 728090 5f2e98a54cb2a0ac03591c387aacf461 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_powerpc.udeb Size/MD5: 266750 66bf2b146ab219d1b78e1887d0053f2a http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_powerpc.deb Size/MD5: 424614 fd964644b45bbbc79729c9609c4b6bb8 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_powerpc.deb Size/MD5: 196686 b88a8cebff19c95b6c9c161f7d1bb472 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_sparc.deb Size/MD5: 707164 bf26d7cb1aa3f759ca31510f92888053 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_sparc.udeb Size/MD5: 250768 100b4d4b270421fb1dcb503c88b547e8 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_sparc.deb Size/MD5: 408132 b009cd0f1aafa500f8cc16273e9f2ed9 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_sparc.deb Size/MD5: 198302 504ec3da9ee2048391e2c4035d7149fc . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch 1. *Advisory Information* Title: Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch Advisory Id: CORE-2010-0825 Advisory URL: [http://www.coresecurity.com/content/Apple-OSX-ATSServer-CharStrings-Sign-Mismatch] Date published: 2010-11-08 Date of last update: 2010-11-08 Vendors contacted: Apple Release mode: User release 2. *Vulnerability Information* Class: Input validation error [CWE-20] Impact: Code execution Remotely Exploitable: Yes (client-side) Locally Exploitable: No CVE Name: CVE-2010-1797 Bugtraq ID: N/A 3. *Vulnerability Description* The Apple Type Services is prone to memory corruption due a sign mismatch vulnerability when handling the last offset value of the CharStrings INDEX structure. This vulnerability is a variation of the vulnerability labeled as CVE-2010-1797 (FreeType JailbreakMe iPhone exploit variation). 4. *Vulnerable packages* . Apple Mac OS X v10.5.x 5. *Solutions and Workarounds* According to information provided to us by Apple, a patch for this fix has already been developed. Apple provided us a release date for this patch in two opportunities but then failed to meet their our deadlines without giving us any notice or explanation. Apple Mac OSX 10.6 is not affected by this vulnerability, upgrading to this version is highly recommed when possible. 6. *Credits* This vulnerability was discovered and researched by Anibal Sacco [http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=researcher&name=Anibal_Sacco] and Matias Eissler [http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=researcher&name=Matias_Eissler], from Core Security Technologies. Publication was coordinated by Fernando Russ and Pedro Varangot. 7. *Technical Description* When loading a PDF with an embedded CFF font a sign mismatch error exists in ATSServer when handling the last offset value of the CharStrings INDEX structure. This could be triggered in different ways: . When trying to make a thumbnail of the file . When trying to open the file with the Preview app . Serving the file in a web server and tricking the user to click on it. Embedded in an email (if handled by Mail.app) This allows to corrupt the process memory by controlling the size parameter of a memcpy function call allowing an attacker to get code execution. At [00042AFA] we can see how the value obtained from the file is sign extended prior to be passed to the function loc_370F0. Inside this function this value will be used as the size parameter of memcpy: /----- 00042AF2 movsx eax, word ptr [edx+5Eh] 00042AF6 mov [esp+0Ch], eax 00042AFA movsx eax, word ptr [esi+4] 00042AFE mov [esp], edi 00042B01 mov [esp+8], eax 00042B05 mov eax, [ebp-2Ch] 00042B08 mov [esp+4], eax 00042B0C call loc_370F0 - -----/ An attacker could take advantage of this condition by setting a negative offset value (0xfffa) in the file that will be converted to a DWORD without enough validation leading to a memcpy of size 0xfffffffa. This vulnerability results in arbitrary code execution. 8. *Report Timeline* . 2010-08-26: Vendor contacted, a draft of this advisory is sent and September 28th is proposed as a coordinated publication date. Core remarks that since this is a variation of a publicly disclossed vulnerability it may have already been discovered by other security researchers like vulnerability research brokers or independent security researchers. 2010-08-28: The Apple Product Security team acknowledges the report, saying that they were able to reproduce the issue in Mac OS X 10.5 but not in Mac OS X 10.6, they also said that the deadline for September 28th will be imposible to meet. 2010-08-30: Core informs Apple that there is no problem changing the publication date for the report, whenever the new publication date remains reasonable. Also, Core asks for a tentive timeframe for the fix, and confirm that Mac OS X 10.6 does not seem to be affected. 2010-08-31: Apple acknowledges the comunication informing the publication timing, and state that they are still trying to determine the most appropiate timeframe. 2010-09-28: Core asks the vendor for an update regarding this issue. Also, Core asks for a specific timeframe for the fix, and sets October 18th as tentative publication date. 2010-09-28: Apple acknowledges the comunication informing that this issue will be fixed in the next security update of Mac OS X 10.5, which is tentatively scheduled for the end of October without a firm date of publication. 2010-08-31: Apple asks Core about credit information for the advisory. 2010-09-28: Core acknowledges the comunication sending the credit information for this report. 2010-10-20: Core asks Apple for a firm date for the release of this securiry issue since the initial propossed timeframe of October 18th is due. 2010-10-22: Apple acknowledges the comunication informing that the publication date is scheduled to the week of October 25th. Also, Apple notifies that the assigned identifier for this vulnerability is CVE-2010-1797. 2010-11-01: Core asks Apple for a new schedule for the publication, since there was no notice of any Apple security update during the week of October 25th. 2010-11-01: Apple acknowledges the communication informing that the publication date was rescheduled to the middle of the week of November 1st. 2010-11-03: Core informs Apple that the publication of this advisory was scheduled to Monday 8th, taking into account the last communication this is a final publication date. Core also informs that the information about how this vulnerability was found and how it can be exploited will be discussed in a small infosec related local event in Buenos Aires city. 2010-11-08: Core publishes advisory CORE-2010-0825. 9. *References* [1] [http://en.wikipedia.org/wiki/PostScript_fonts#Compact_Font_Format] 10. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: [http://corelabs.coresecurity.com]. 11. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at [http://www.coresecurity.com]. 12. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: [http://creativecommons.org/licenses/by-nc-sa/3.0/us/] 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at [http://www.coresecurity.com/files/attachments/core_security_advisories.asc]. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzYayoACgkQyNibggitWa2PMgCfSvLwR5OgWfmFIwpONWL+dMa3 njEAnjIZFF+zG/wWK3IscWx3VyNW5F30 =XULv -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:149 http://www.mandriva.com/security/ _______________________________________________________________________ Package : freetype2 Date : August 12, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been discovered and corrected in freetype2: Multiple stack overflow flaws have been reported in the way FreeType font rendering engine processed certain CFF opcodes. Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1797 https://bugzilla.redhat.com/show_bug.cgi?id=621144 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: e5b2f1ac6039b90de44e4c54a7dc15ad 2008.0/i586/libfreetype6-2.3.5-2.4mdv2008.0.i586.rpm ec559f7f70f91973c7c3337d170c2bf1 2008.0/i586/libfreetype6-devel-2.3.5-2.4mdv2008.0.i586.rpm 0f87bab9e3ba83faf24b13b13e8a16a5 2008.0/i586/libfreetype6-static-devel-2.3.5-2.4mdv2008.0.i586.rpm 0d6118b220d595e52174eb7cc2675980 2008.0/SRPMS/freetype2-2.3.5-2.4mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 5d3a64ac00fb880838ea068bceb28055 2008.0/x86_64/lib64freetype6-2.3.5-2.4mdv2008.0.x86_64.rpm d052dabc9b4f9fa41863eb8ca1fe334b 2008.0/x86_64/lib64freetype6-devel-2.3.5-2.4mdv2008.0.x86_64.rpm 281d278bf445567d29c510d0d27f7489 2008.0/x86_64/lib64freetype6-static-devel-2.3.5-2.4mdv2008.0.x86_64.rpm 0d6118b220d595e52174eb7cc2675980 2008.0/SRPMS/freetype2-2.3.5-2.4mdv2008.0.src.rpm Mandriva Linux 2009.0: ed81cc7ed3660ce94c3c6d00d556ac18 2009.0/i586/libfreetype6-2.3.7-1.3mdv2009.0.i586.rpm 325432a13a72aaf457847f4a205b9823 2009.0/i586/libfreetype6-devel-2.3.7-1.3mdv2009.0.i586.rpm bcd0dbb954f1a4e09d10e03556ea2497 2009.0/i586/libfreetype6-static-devel-2.3.7-1.3mdv2009.0.i586.rpm 373a3d35198adefaabfdb3d75c4359b1 2009.0/SRPMS/freetype2-2.3.7-1.3mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 4af7ec1921662eaa37e6a5b27998cdec 2009.0/x86_64/lib64freetype6-2.3.7-1.3mdv2009.0.x86_64.rpm c53e5285ea05fc68168a800df25a9556 2009.0/x86_64/lib64freetype6-devel-2.3.7-1.3mdv2009.0.x86_64.rpm 3a5b5a4aa2eec538b0479f066fa6e7e7 2009.0/x86_64/lib64freetype6-static-devel-2.3.7-1.3mdv2009.0.x86_64.rpm 373a3d35198adefaabfdb3d75c4359b1 2009.0/SRPMS/freetype2-2.3.7-1.3mdv2009.0.src.rpm Mandriva Linux 2009.1: ce6a11ba3156f8e1ac8339bf3c94f709 2009.1/i586/libfreetype6-2.3.9-1.4mdv2009.1.i586.rpm dc2573dc94973052652f2481651e927a 2009.1/i586/libfreetype6-devel-2.3.9-1.4mdv2009.1.i586.rpm aee56bcfbed1899495f00e87ddaed7ce 2009.1/i586/libfreetype6-static-devel-2.3.9-1.4mdv2009.1.i586.rpm aaa5a09d40624240e901b31d4f0e98c0 2009.1/SRPMS/freetype2-2.3.9-1.4mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 9e51fa000bb7e106189845ca6694ae15 2009.1/x86_64/lib64freetype6-2.3.9-1.4mdv2009.1.x86_64.rpm 2ec9a71562a8d40a8accaf967b3c2a75 2009.1/x86_64/lib64freetype6-devel-2.3.9-1.4mdv2009.1.x86_64.rpm 8e87a5ba6fd376aeceef71fe5b809f86 2009.1/x86_64/lib64freetype6-static-devel-2.3.9-1.4mdv2009.1.x86_64.rpm aaa5a09d40624240e901b31d4f0e98c0 2009.1/SRPMS/freetype2-2.3.9-1.4mdv2009.1.src.rpm Mandriva Linux 2010.0: faf191e76adc0e2f8f4bebfd97f36a49 2010.0/i586/libfreetype6-2.3.11-1.2mdv2010.0.i586.rpm 7202581d10580a63ba28eb4b0dce708c 2010.0/i586/libfreetype6-devel-2.3.11-1.2mdv2010.0.i586.rpm ecaad382e83f7005a1d76a585dfe879c 2010.0/i586/libfreetype6-static-devel-2.3.11-1.2mdv2010.0.i586.rpm 3c34f8f0e0352ef0a11c57d4eadc1ccd 2010.0/SRPMS/freetype2-2.3.11-1.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 9ffe17211ba4e4a6aa67e73e4c22e020 2010.0/x86_64/lib64freetype6-2.3.11-1.2mdv2010.0.x86_64.rpm eebaba0b5509b21da03a432699198342 2010.0/x86_64/lib64freetype6-devel-2.3.11-1.2mdv2010.0.x86_64.rpm 90e215bda5483ee6b5d5ca74bfedf7c0 2010.0/x86_64/lib64freetype6-static-devel-2.3.11-1.2mdv2010.0.x86_64.rpm 3c34f8f0e0352ef0a11c57d4eadc1ccd 2010.0/SRPMS/freetype2-2.3.11-1.2mdv2010.0.src.rpm Mandriva Linux 2010.1: 437be09971963217a5daef5dc04d451b 2010.1/i586/libfreetype6-2.3.12-1.2mdv2010.1.i586.rpm 42f5ddeeb25353a9fa20677112e9ae7c 2010.1/i586/libfreetype6-devel-2.3.12-1.2mdv2010.1.i586.rpm c77ce226104a1febd22c920c73a807f7 2010.1/i586/libfreetype6-static-devel-2.3.12-1.2mdv2010.1.i586.rpm 11f6a185216335c804f0988621dd637c 2010.1/SRPMS/freetype2-2.3.12-1.2mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: a4a5170f277a9654f19b208deab8027c 2010.1/x86_64/lib64freetype6-2.3.12-1.2mdv2010.1.x86_64.rpm 4637ff02b2739b2d29c94333f00ce59e 2010.1/x86_64/lib64freetype6-devel-2.3.12-1.2mdv2010.1.x86_64.rpm 20a9488e5100b9a4f925fb777e00248d 2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.2mdv2010.1.x86_64.rpm 11f6a185216335c804f0988621dd637c 2010.1/SRPMS/freetype2-2.3.12-1.2mdv2010.1.src.rpm Corporate 4.0: 516a71993da7404ae96b14699cb1aa5f corporate/4.0/i586/libfreetype6-2.1.10-9.11.20060mlcs4.i586.rpm 839108110543d3243a725c3c2153ea46 corporate/4.0/i586/libfreetype6-devel-2.1.10-9.11.20060mlcs4.i586.rpm 8c912e309a35917d533fcf3be251f662 corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.11.20060mlcs4.i586.rpm e6e59f81030a80f5a1704f130e34b3ec corporate/4.0/SRPMS/freetype2-2.1.10-9.11.20060mlcs4.src.rpm Corporate 4.0/X86_64: cf591c59af6e46e62609ff34892f52d3 corporate/4.0/x86_64/lib64freetype6-2.1.10-9.11.20060mlcs4.x86_64.rpm 55e0f089dee699185f317e863b12c590 corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.11.20060mlcs4.x86_64.rpm 7eec0361fb43382f4aa9558e2698af89 corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.11.20060mlcs4.x86_64.rpm e6e59f81030a80f5a1704f130e34b3ec corporate/4.0/SRPMS/freetype2-2.1.10-9.11.20060mlcs4.src.rpm Mandriva Enterprise Server 5: cfed1363663ad29113cb1655c3e56429 mes5/i586/libfreetype6-2.3.7-1.3mdvmes5.1.i586.rpm bfc520ee4832553381a304209442dcc1 mes5/i586/libfreetype6-devel-2.3.7-1.3mdvmes5.1.i586.rpm 92f6f546f2dad9a2bf7031261079294a mes5/i586/libfreetype6-static-devel-2.3.7-1.3mdvmes5.1.i586.rpm d32510c26f462ffb120f4c4284f412d4 mes5/SRPMS/freetype2-2.3.7-1.3mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 35c99bfa9c7a0799a4f304d3a2de2f11 mes5/x86_64/lib64freetype6-2.3.7-1.3mdvmes5.1.x86_64.rpm 9dcb3dfb3769618d8b2c93f3f4ba53db mes5/x86_64/lib64freetype6-devel-2.3.7-1.3mdvmes5.1.x86_64.rpm 165edd82ca0492d88d393e8a65ad5869 mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.3mdvmes5.1.x86_64.rpm d32510c26f462ffb120f4c4284f412d4 mes5/SRPMS/freetype2-2.3.7-1.3mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMZBO6mqjQ0CJFipgRAvckAKCpFuRGLxgICBqETRTbXhdZpg8RywCgjKjm 46cbqAt0xVJvR5AdhA3z/FY= =T9it -----END PGP SIGNATURE-----

JP1/Cm2/Network Node Manager is prone to a multiple remote code-execution and denial-of-service vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the affected application or cause denial-of-service conditions. ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Hitachi JP1/Cm2/Network Node Manager Unspecified Vulnerability SECUNIA ADVISORY ID: SA40784 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40784/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40784 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40784/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40784/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40784 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi JP1/Cm2/Network Node Manager, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Please see the vendor's advisory for fix information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-015/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Hitachi HiRDB is a database system developed by Hitachi. Hitachi HiRDB has errors in processing unknown data. Attackers can use the vulnerability to damage the HiRDB process and HiRDB unit. No detailed vulnerability details are provided at this time. Hitachi HiRDB is prone to an unspecified denial-of-service vulnerability because it fails to properly handle unexpected data. Successful exploits may allow attackers to cause the service to stop, effectively denying further service to legitimate users. ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Hitachi HiRDB Denial of Service Vulnerability SECUNIA ADVISORY ID: SA40768 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40768/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40768 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40768/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40768/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40768 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi HiRDB, which can be exploited by malicious people to cause a DoS (Denial of Service). Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Please see the vendor's advisory for fix information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-014/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows local users to obtain sensitive information via vectors involving (1) the mobile device or (2) a synchronized computer

SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. SAP NetWeaver has input validation errors that can be exploited by remote attackers for cross-site scripting attacks. Inputs passed to testsdic via the \"action\" parameter and passed to paramhelp.jsp via the \"helpstring\" parameter in the System Landscape directory component are not filtered before returning to the user, and the attacker can exploit the vulnerability to gain sensitive information or hijack the target user session

Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2) show_details, (3) filter_rst, or (4) txt_select parameters to the triggers page (tr_status.php). NOTE: some of these details are obtained from third party information. Zabbix is a CS network distributed network monitoring system. ZABBIX is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. ZABBIX version 1.8.2 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Zabbix PHP Frontend "formatQuery()" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA40679 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40679/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40679 RELEASE DATE: 2010-07-28 DISCUSS ADVISORY: http://secunia.com/advisories/40679/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40679/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40679 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Zabbix, which can be exploited by malicious people to conduct cross-site scripting attacks. Various input is not properly sanitised by the "formatQuery()" function of the "Curl" class in frontends/php/include/classes/class.curl.php before being returned to the user. SOLUTION: Fixed in version 1.8.3-rc1. PROVIDED AND/OR DISCOVERED BY: Reported as a normal bug by alixen. Later independently reported as cross-site scripting vulnerabilities in frontends/php/tr_status.php by Vupen. ORIGINAL ADVISORY: Zabbix: http://www.zabbix.com/forum/showthread.php?p=68770 https://support.zabbix.com/browse/ZBX-2326 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp. System Landscape Directory is prone to a cross-site scripting vulnerability. ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: SAP NetWeaver System Landscape Directory Component Cross-Site Scripting SECUNIA ADVISORY ID: SA40712 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40712/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40712 RELEASE DATE: 2010-07-28 DISCUSS ADVISORY: http://secunia.com/advisories/40712/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40712/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40712 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in SAP NetWeaver, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "action" parameter to testsdic and via the "helpstring" parameter to paramhelp.jsp in the System Landscape Directory component is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Patches are available via SAP note 1416047. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Alexander Polyakov, Digital Security Research Group [DSecRG] ORIGINAL ADVISORY: SAP (note 1416047): https://service.sap.com/sap/support/notes/1416047 DSecRG-09-068: http://dsecrg.com/pages/vul/show.php?id=168 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. Failed exploit attempts will likely result in denial-of-service conditions. QuickTime 7.6.6 (1671) for Windows is vulnerable; other versions may also be affected. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats

The webdav_mount function in webdav_vfsops.c in the WebDAV kernel extension (aka webdav_fs.kext) for Mac OS X 10.6 allows local users to cause a denial of service (panic) via a mount request with a large integer in the pa_socket_namelen field. Attackers can exploit this issue to trigger a kernel panic resulting in a denial-of-service condition. Mac OS X is a BSD-derived operating system developed and maintained by Apple. ==Notes on Disclosure== My disclosure of this issue prior to an official fix is not meant to be taken as a statement against Apple's management of security issues. Local denial-of-service issues are by nature low impact - many security teams do not regard these as security-relevant at all.\xa0 I believe the chances of exploitation of this in real life are practically non-existent.\xa0 Given that the vulnerability resides in an open source kernel extension, I chose to disclose this issue so that concerned administrators can apply a fix immediately, while the rest of us can benefit from a little increased awareness of potentially unsafe memory allocation situations.\xa0 Apple's security team was contacted prior to disclosure, and I'm sure they'll incorporate a fix in a future release. ==Solution== The WebDAV kernel extension can be obtained online [2].\xa0 The following patch can be applied to this extension, after which it should be recompiled to replace the existing extension at /System/Library/Extensions/webdav_fs.kext: --- webdav_fs.kextproj.orig/webdav_fs.kmodproj/webdav_vfsops.c 2010-07-21 09:51:09.000000000 -0400 +++ webdav_fs.kextproj/webdav_fs.kmodproj/webdav_vfsops.c 2010-07-21 10:32:43.000000000 -0400 @@ -319,6 +319,12 @@ static int webdav_mount(struct mount *mp \xa0\xa0\xa0\xa0 } \xa0\xa0\xa0\xa0 /* Get the server sockaddr from the args */ +\xa0\xa0\xa0 if(args.pa_socket_namelen > NAME_MAX) +\xa0\xa0\xa0 { +\xa0\xa0\xa0 \xa0\xa0\xa0 error = EINVAL; +\xa0\xa0\xa0 \xa0\xa0\xa0 goto bad; +\xa0\xa0\xa0 } + \xa0\xa0\xa0\xa0 MALLOC(fmp->pm_socket_name, struct sockaddr *, args.pa_socket_namelen, M_TEMP, M_WAITOK); \xa0\xa0\xa0\xa0 error = copyin(args.pa_socket_name, fmp->pm_socket_name, args.pa_socket_namelen); \xa0\xa0\xa0\xa0 if (error) ==Credits== This vulnerability was discovered by Dan Rosenberg (dan.j.rosenberg@gmail.com). ==References== CVE identifier CVE-2010-1794 has been assigned to this issue by Apple. [1] http://en.wikipedia.org/wiki/WebDAV [2] http://opensource.apple.com/source/webdavfs/webdavfs-293/webdav_fs.kextproj/webdav_fs.kmodproj/

The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. Apache HTTP Server is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to deny service to legitimate users. Versions prior to Apache 2.2.16 are vulnerable. HP System Management Homepage (SMH) before v7.0 running on Linux and Windows. RESOLUTION HP has provided HP System Management Homepage v7.0 or subsequent to resolve the vulnerabilities. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions (CVE-2010-2791). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. This update fixes this bug. CVE-2010-1452 A vulnerability has been found in mod_dav that allows an attacker to cause a daemon crash, causing a denial of service. This issue only affects the Debian 5.0 oldstable/lenny distribution. The regression has been fixed in the following packages: For the oldstable distribution (lenny), this problem has been fixed in version 2.2.9-10+lenny11. For the stable distribution (squeeze), this problem has been fixed in version 2.2.16-6+squeeze3. For the testing distribution (wheezy), this problem will be fixed in version 2.2.20-1. For the unstable distribution (sid), this problem has been fixed in version 2.2.20-1. We recommend that you upgrade your apache2 packages. This update also contains updated apache2-mpm-itk packages which have been recompiled against the updated apache2 packages. The new version number for the oldstable distribution is 2.2.6-02-1+lenny6. In the stable distribution, apache2-mpm-itk has the same version number as apache2. Release Date: 2010-12-07 Last Updated: 2010-12-06 ------------------------------------------------------------------------------ Potential Security Impact: Local information disclosure, increase of privilege, remote Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Apache-based Web Server. These vulnerabilities could be exploited locally to disclose information, increase privilege or remotely create a Denial of Service (DoS). References: CVE-2010-1452, CVE-2009-1956, CVE-2009-1955, CVE-2009-1891, CVE-2009-1890, CVE-2009-1195, CVE-2009-0023, CVE-2007-6203, CVE-2006-3918 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23 and B.11.31 running Apache-based Web Server prior to v2.0.63.01 Note: HP-UX Apache-based Web Server v2.0.63.01 is contained in HP-UX Web Server Suite v.2.32 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2010-1452 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2009-1956 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2009-1955 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2009-1890 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2009-1195 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9 CVE-2009-0023 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-6203 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following software updates to resolve the vulnerabilities. The updates are available for download from http://software.hp.com Note: HP-UX Web Server Suite v.2.32 contains HP-UX Apache-based Web Server v2.0.63.01 Web Server Suite Version / Apache Depot name HP-UX Web Server Suite v.2.32 HP-UX 11i PA-RISC with IPv6 HP-UX 11i version 2 PA-RISC/IPF 64-bit HP-UX 11i version 2 PA-RISC/IPF 32-bit HP-UX 11i version 3 PA-RISC/IPF 64-bit HP-UX 11i version 3 PA-RISC/IPF 32-bit MANUAL ACTIONS: Yes - Update Install Apache-based Web Server v2.0.63.01 or subsequent. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX Web Server Suite v2.32 HP-UX B.11.11 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.63.01 or subsequent HP-UX B.11.23 ================== hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.63.01 or subsequent HP-UX B.11.31 ================== hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.63.01 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 7 December 2010 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: JBoss Enterprise Web Server 1.0.2 update Advisory ID: RHSA-2011:0897-01 Product: JBoss Enterprise Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0897.html Issue date: 2011-06-22 CVE Names: CVE-2010-1157 CVE-2010-1452 CVE-2010-1623 CVE-2010-3718 CVE-2010-4172 CVE-2011-0013 CVE-2011-0419 ===================================================================== 1. Summary: JBoss Enterprise Web Server 1.0.2 is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: JBoss Enterprise Web Server 1.0 for RHEL 4 AS - i386, noarch, x86_64 JBoss Enterprise Web Server 1.0 for RHEL 4 ES - i386, noarch, x86_64 JBoss Enterprise Web Server 1.0 for RHEL 5 Server - i386, noarch, x86_64 JBoss Enterprise Web Server 1.0 for RHEL 6 Server - i386, noarch, x86_64 3. Description: JBoss Enterprise Web Server is a fully-integrated and certified set of components for hosting Java web applications. This is the first release of JBoss Enterprise Web Server for Red Hat Enterprise Linux 6. For Red Hat Enterprise Linux 4 and 5, this release serves as a replacement for JBoss Enterprise Web Server 1.0.1, and includes a number of bug fixes. Refer to the Release Notes, linked in the References, for more information. This update corrects security flaws in the following components: tomcat6: A cross-site scripting (XSS) flaw was found in the Manager application, used for managing web applications on Apache Tomcat. If a remote attacker could trick a user who is logged into the Manager application into visiting a specially-crafted URL, the attacker could perform Manager application tasks with the privileges of the logged in user. (CVE-2010-4172) tomcat5 and tomcat6: It was found that web applications could modify the location of the Apache Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web application could use this flaw to trick Tomcat into giving it read and write access to an arbitrary directory on the file system. (CVE-2010-3718) A second cross-site scripting (XSS) flaw was found in the Manager application. A malicious web application could use this flaw to conduct an XSS attack, leading to arbitrary web script execution with the privileges of victims who are logged into and viewing Manager application web pages. (CVE-2011-0013) A possible minor information leak was found in the way Apache Tomcat generated HTTP BASIC and DIGEST authentication requests. For configurations where a realm name was not specified and Tomcat was accessed via a proxy, the default generated realm contained the hostname and port used by the proxy to send requests to the Tomcat server. (CVE-2010-1452) apr: It was found that the apr_fnmatch() function used an unconstrained recursion when processing patterns with the '*' wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching (such as an httpd server using the mod_autoindex module), to exhaust all stack memory or use an excessive amount of CPU time when performing matching. (CVE-2011-0419) apr-util: It was found that certain input could cause the apr-util library to allocate more memory than intended in the apr_brigade_split_line() function. An attacker able to provide input in small chunks to an application using the apr-util library (such as httpd) could possibly use this flaw to trigger high memory consumption. Note: This issue only affected the JBoss Enterprise Web Server packages on Red Hat Enterprise Linux 4. (CVE-2010-1623) All users of JBoss Enterprise Web Server 1.0.1 are advised to upgrade to JBoss Enterprise Web Server 1.0.2, which corrects these issues. After installing this update, the relevant Apache Tomcat service ("tomcat5" or "tomcat6") and the Apache HTTP Server ("httpd") must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 585331 - CVE-2010-1157 tomcat: information disclosure in authentication headers 618189 - CVE-2010-1452 httpd mod_cache, mod_dav: DoS (httpd child process crash) by parsing URI structure with missing path segments 640281 - CVE-2010-1623 apr-util: high memory consumption in apr_brigade_split_line() 656246 - CVE-2010-4172 tomcat: cross-site-scripting vulnerability in the manager application 675786 - CVE-2011-0013 tomcat: XSS vulnerability in HTML Manager interface 675792 - CVE-2010-3718 tomcat: file permission bypass flaw 677655 - JBEWS 1.0.2 release tracker bug for RHEL 4 677657 - JBEWS 1.0.2 release tracker bug for RHEL-5 677659 - JBEWS 1.0.2 release tracker bug for RHEL-6 703390 - CVE-2011-0419 apr: unconstrained recursion in apr_fnmatch 6. Package List: JBoss Enterprise Web Server 1.0 for RHEL 4 AS: Source: ant-1.7.1-13.jdk6.ep5.el4.src.rpm antlr-2.7.7-7.ep5.el4.src.rpm bcel-5.2-8.1.ep5.el4.src.rpm cglib-2.2-5.1.1.jdk6.ep5.el4.src.rpm dom4j-1.6.1-11.ep5.el4.src.rpm ecj-3.3.1.1-3.2.2.jdk6.ep5.el4.src.rpm glassfish-jaf-1.1.0-6.1.1.jdk6.ep5.el4.src.rpm glassfish-javamail-1.4.2-0.4.ep5.el4.src.rpm glassfish-jsf-1.2_13-2.2.1.jdk6.ep5.el4.src.rpm hibernate3-3.3.2-1.5.GA_CP04.ep5.el4.src.rpm hibernate3-annotations-3.4.0-3.3.GA_CP04.ep5.el4.src.rpm hibernate3-commons-annotations-3.1.0-1.8.ep5.el4.src.rpm hibernate3-ejb-persistence-3.0-api-1.0.2-3.jdk6.ep5.el4.src.rpm hibernate3-entitymanager-3.4.0-4.3.GA_CP04.ep5.el4.src.rpm httpd22-2.2.17-14.ep5.el4.src.rpm jakarta-commons-beanutils-1.8.0-4.1.1.jdk6.ep5.el4.src.rpm jakarta-commons-chain-1.2-2.2.ep5.el4.src.rpm jakarta-commons-codec-1.3-9.1.1.jdk6.ep5.el4.src.rpm jakarta-commons-collections-3.2.1-4.ep5.el4.src.rpm jakarta-commons-daemon-1.0.5-1.ep5.el4.src.rpm jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el4.src.rpm jakarta-commons-dbcp-1.2.1-16.4.ep5.el4.src.rpm jakarta-commons-digester-1.8.1-8.1.jdk6.ep5.el4.src.rpm jakarta-commons-el-1.0-19.2.jdk6.ep5.el4.src.rpm jakarta-commons-fileupload-1.1.1-7.4.ep5.el4.src.rpm jakarta-commons-httpclient-3.1-1.1.1.jdk6.ep5.el4.src.rpm jakarta-commons-io-1.4-1.3.1.jdk6.ep5.el4.src.rpm jakarta-commons-launcher-1.1-4.6.1.ep5.el4.src.rpm jakarta-commons-logging-1.1.1-0.4.1.jdk6.ep5.el4.src.rpm jakarta-commons-logging-jboss-1.1-10.2.1.jdk6.ep5.el4.src.rpm jakarta-commons-modeler-2.0-4.ep5.el4.src.rpm jakarta-commons-pool-1.3-11.2.1.jdk6.ep5.el4.src.rpm jakarta-commons-validator-1.3.1-7.5.1.ep5.el4.src.rpm jakarta-oro-2.0.8-3.3.2.1.jdk6.ep5.el4.src.rpm jakarta-taglibs-standard-1.1.1-9.ep5.el4.src.rpm javassist-3.12.0-1.jdk6.ep5.el4.src.rpm jboss-common-core-2.2.17-1.ep5.el4.src.rpm jboss-common-logging-jdk-2.1.2-1.ep5.el4.src.rpm jboss-common-logging-spi-2.1.2-1.ep5.el4.src.rpm jboss-javaee-5.0.1-2.9.ep5.el4.src.rpm jcommon-1.0.16-1.2.1.jdk6.ep5.el4.src.rpm jfreechart-1.0.13-2.3.2.1.jdk6.ep5.el4.src.rpm log4j-1.2.14-18.1.jdk6.ep5.el4.src.rpm mod_cluster-1.0.10-2.GA_CP01.ep5.el4.src.rpm mod_cluster-native-1.0.10-2.GA_CP01.ep5.el4.src.rpm mod_jk-1.2.31-1.ep5.el4.src.rpm mx4j-3.0.1-9.3.4.ep5.el4.src.rpm objectweb-asm-3.1-5.3.1.jdk6.ep5.el4.src.rpm regexp-1.5-1.2.1.jdk6.ep5.el4.src.rpm struts12-1.2.9-3.ep5.el4.src.rpm tomcat-jkstatus-ant-1.2.31-2.ep5.el4.src.rpm tomcat-native-1.1.20-2.0.ep5.el4.src.rpm tomcat5-5.5.33-14_patch_04.ep5.el4.src.rpm tomcat6-6.0.32-15_patch_03.ep5.el4.src.rpm xalan-j2-2.7.1-5.3_patch_04.ep5.el4.src.rpm xerces-j2-2.9.1-3.patch01.1.ep5.el4.src.rpm xml-commons-1.3.04-7.12.ep5.el4.src.rpm i386: httpd22-2.2.17-14.ep5.el4.i386.rpm httpd22-apr-2.2.17-14.ep5.el4.i386.rpm httpd22-apr-devel-2.2.17-14.ep5.el4.i386.rpm httpd22-apr-util-2.2.17-14.ep5.el4.i386.rpm httpd22-apr-util-devel-2.2.17-14.ep5.el4.i386.rpm httpd22-debuginfo-2.2.17-14.ep5.el4.i386.rpm httpd22-devel-2.2.17-14.ep5.el4.i386.rpm httpd22-manual-2.2.17-14.ep5.el4.i386.rpm jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el4.i386.rpm jakarta-commons-daemon-jsvc-debuginfo-1.0.5-1.4.ep5.el4.i386.rpm mod_cluster-native-1.0.10-2.GA_CP01.ep5.el4.i386.rpm mod_cluster-native-debuginfo-1.0.10-2.GA_CP01.ep5.el4.i386.rpm mod_jk-ap20-1.2.31-1.ep5.el4.i386.rpm mod_jk-debuginfo-1.2.31-1.ep5.el4.i386.rpm mod_jk-manual-1.2.31-1.ep5.el4.i386.rpm mod_ssl22-2.2.17-14.ep5.el4.i386.rpm tomcat-native-1.1.20-2.0.ep5.el4.i386.rpm tomcat-native-debuginfo-1.1.20-2.0.ep5.el4.i386.rpm noarch: ant-1.7.1-13.jdk6.ep5.el4.noarch.rpm antlr-2.7.7-7.ep5.el4.noarch.rpm bcel-5.2-8.1.ep5.el4.noarch.rpm cglib-2.2-5.1.1.jdk6.ep5.el4.noarch.rpm dom4j-1.6.1-11.ep5.el4.noarch.rpm ecj-3.3.1.1-3.2.2.jdk6.ep5.el4.noarch.rpm glassfish-jaf-1.1.0-6.1.1.jdk6.ep5.el4.noarch.rpm glassfish-javamail-1.4.2-0.4.ep5.el4.noarch.rpm glassfish-jsf-1.2_13-2.2.1.jdk6.ep5.el4.noarch.rpm hibernate3-3.3.2-1.5.GA_CP04.ep5.el4.noarch.rpm hibernate3-annotations-3.4.0-3.3.GA_CP04.ep5.el4.noarch.rpm hibernate3-annotations-javadoc-3.4.0-3.3.GA_CP04.ep5.el4.noarch.rpm hibernate3-commons-annotations-3.1.0-1.8.ep5.el4.noarch.rpm hibernate3-commons-annotations-javadoc-3.1.0-1.8.ep5.el4.noarch.rpm hibernate3-ejb-persistence-3.0-api-1.0.2-3.jdk6.ep5.el4.noarch.rpm hibernate3-ejb-persistence-3.0-api-javadoc-1.0.2-3.jdk6.ep5.el4.noarch.rpm hibernate3-entitymanager-3.4.0-4.3.GA_CP04.ep5.el4.noarch.rpm hibernate3-entitymanager-javadoc-3.4.0-4.3.GA_CP04.ep5.el4.noarch.rpm hibernate3-javadoc-3.3.2-1.5.GA_CP04.ep5.el4.noarch.rpm jakarta-commons-beanutils-1.8.0-4.1.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-chain-1.2-2.2.ep5.el4.noarch.rpm jakarta-commons-codec-1.3-9.1.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-collections-3.2.1-4.ep5.el4.noarch.rpm jakarta-commons-collections-tomcat5-3.2.1-4.ep5.el4.noarch.rpm jakarta-commons-daemon-1.0.5-1.ep5.el4.noarch.rpm jakarta-commons-dbcp-1.2.1-16.4.ep5.el4.noarch.rpm jakarta-commons-dbcp-tomcat5-1.2.1-16.4.ep5.el4.noarch.rpm jakarta-commons-digester-1.8.1-8.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-el-1.0-19.2.jdk6.ep5.el4.noarch.rpm jakarta-commons-fileupload-1.1.1-7.4.ep5.el4.noarch.rpm jakarta-commons-httpclient-3.1-1.1.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-io-1.4-1.3.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-launcher-1.1-4.6.1.ep5.el4.noarch.rpm jakarta-commons-logging-1.1.1-0.4.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-logging-jboss-1.1-10.2.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-logging-tomcat6-1.1.1-0.4.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-modeler-2.0-4.ep5.el4.noarch.rpm jakarta-commons-pool-1.3-11.2.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-pool-tomcat5-1.3-11.2.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-validator-1.3.1-7.5.1.ep5.el4.noarch.rpm jakarta-oro-2.0.8-3.3.2.1.jdk6.ep5.el4.noarch.rpm jakarta-taglibs-standard-1.1.1-9.ep5.el4.noarch.rpm javassist-3.12.0-1.jdk6.ep5.el4.noarch.rpm jboss-common-core-2.2.17-1.ep5.el4.noarch.rpm jboss-common-logging-jdk-2.1.2-1.ep5.el4.noarch.rpm jboss-common-logging-spi-2.1.2-1.ep5.el4.noarch.rpm jboss-javaee-poms-5.0.1-2.9.ep5.el4.noarch.rpm jboss-jms-1.1-api-5.0.1-2.9.ep5.el4.noarch.rpm jboss-transaction-1.0.1-api-5.0.1-2.9.ep5.el4.noarch.rpm jcommon-1.0.16-1.2.1.jdk6.ep5.el4.noarch.rpm jfreechart-1.0.13-2.3.2.1.jdk6.ep5.el4.noarch.rpm log4j-1.2.14-18.1.jdk6.ep5.el4.noarch.rpm mod_cluster-demo-1.0.10-2.GA_CP01.ep5.el4.noarch.rpm mod_cluster-jbossas-1.0.10-2.GA_CP01.ep5.el4.noarch.rpm mod_cluster-jbossweb2-1.0.10-2.GA_CP01.ep5.el4.noarch.rpm mod_cluster-tomcat6-1.0.10-2.GA_CP01.ep5.el4.noarch.rpm mx4j-3.0.1-9.3.4.ep5.el4.noarch.rpm objectweb-asm-3.1-5.3.1.jdk6.ep5.el4.noarch.rpm regexp-1.5-1.2.1.jdk6.ep5.el4.noarch.rpm struts12-1.2.9-3.ep5.el4.noarch.rpm tomcat-jkstatus-ant-1.2.31-2.ep5.el4.noarch.rpm tomcat5-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-admin-webapps-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-common-lib-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-jasper-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-jasper-eclipse-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-jasper-javadoc-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-jsp-2.0-api-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-jsp-2.0-api-javadoc-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-parent-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-server-lib-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-servlet-2.4-api-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-servlet-2.4-api-javadoc-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-webapps-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat6-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-admin-webapps-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-docs-webapp-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-el-1.0-api-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-javadoc-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-jsp-2.1-api-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-lib-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-log4j-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-servlet-2.5-api-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-webapps-6.0.32-15_patch_03.ep5.el4.noarch.rpm xalan-j2-2.7.1-5.3_patch_04.ep5.el4.noarch.rpm xerces-j2-2.9.1-3.patch01.1.ep5.el4.noarch.rpm xml-commons-1.3.04-7.12.ep5.el4.noarch.rpm xml-commons-jaxp-1.2-apis-1.3.04-7.12.ep5.el4.noarch.rpm xml-commons-jaxp-1.3-apis-1.3.04-7.12.ep5.el4.noarch.rpm xml-commons-resolver12-1.3.04-7.12.ep5.el4.noarch.rpm x86_64: httpd22-2.2.17-14.ep5.el4.x86_64.rpm httpd22-apr-2.2.17-14.ep5.el4.x86_64.rpm httpd22-apr-devel-2.2.17-14.ep5.el4.x86_64.rpm httpd22-apr-util-2.2.17-14.ep5.el4.x86_64.rpm httpd22-apr-util-devel-2.2.17-14.ep5.el4.x86_64.rpm httpd22-debuginfo-2.2.17-14.ep5.el4.x86_64.rpm httpd22-devel-2.2.17-14.ep5.el4.x86_64.rpm httpd22-manual-2.2.17-14.ep5.el4.x86_64.rpm jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el4.x86_64.rpm jakarta-commons-daemon-jsvc-debuginfo-1.0.5-1.4.ep5.el4.x86_64.rpm mod_cluster-native-1.0.10-2.GA_CP01.ep5.el4.x86_64.rpm mod_cluster-native-debuginfo-1.0.10-2.GA_CP01.ep5.el4.x86_64.rpm mod_jk-ap20-1.2.31-1.ep5.el4.x86_64.rpm mod_jk-debuginfo-1.2.31-1.ep5.el4.x86_64.rpm mod_jk-manual-1.2.31-1.ep5.el4.x86_64.rpm mod_ssl22-2.2.17-14.ep5.el4.x86_64.rpm tomcat-native-1.1.20-2.0.ep5.el4.x86_64.rpm tomcat-native-debuginfo-1.1.20-2.0.ep5.el4.x86_64.rpm JBoss Enterprise Web Server 1.0 for RHEL 4 ES: Source: ant-1.7.1-13.jdk6.ep5.el4.src.rpm antlr-2.7.7-7.ep5.el4.src.rpm bcel-5.2-8.1.ep5.el4.src.rpm cglib-2.2-5.1.1.jdk6.ep5.el4.src.rpm dom4j-1.6.1-11.ep5.el4.src.rpm ecj-3.3.1.1-3.2.2.jdk6.ep5.el4.src.rpm glassfish-jaf-1.1.0-6.1.1.jdk6.ep5.el4.src.rpm glassfish-javamail-1.4.2-0.4.ep5.el4.src.rpm glassfish-jsf-1.2_13-2.2.1.jdk6.ep5.el4.src.rpm hibernate3-3.3.2-1.5.GA_CP04.ep5.el4.src.rpm hibernate3-annotations-3.4.0-3.3.GA_CP04.ep5.el4.src.rpm hibernate3-commons-annotations-3.1.0-1.8.ep5.el4.src.rpm hibernate3-ejb-persistence-3.0-api-1.0.2-3.jdk6.ep5.el4.src.rpm hibernate3-entitymanager-3.4.0-4.3.GA_CP04.ep5.el4.src.rpm httpd22-2.2.17-14.ep5.el4.src.rpm jakarta-commons-beanutils-1.8.0-4.1.1.jdk6.ep5.el4.src.rpm jakarta-commons-chain-1.2-2.2.ep5.el4.src.rpm jakarta-commons-codec-1.3-9.1.1.jdk6.ep5.el4.src.rpm jakarta-commons-collections-3.2.1-4.ep5.el4.src.rpm jakarta-commons-daemon-1.0.5-1.ep5.el4.src.rpm jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el4.src.rpm jakarta-commons-dbcp-1.2.1-16.4.ep5.el4.src.rpm jakarta-commons-digester-1.8.1-8.1.jdk6.ep5.el4.src.rpm jakarta-commons-el-1.0-19.2.jdk6.ep5.el4.src.rpm jakarta-commons-fileupload-1.1.1-7.4.ep5.el4.src.rpm jakarta-commons-httpclient-3.1-1.1.1.jdk6.ep5.el4.src.rpm jakarta-commons-io-1.4-1.3.1.jdk6.ep5.el4.src.rpm jakarta-commons-launcher-1.1-4.6.1.ep5.el4.src.rpm jakarta-commons-logging-1.1.1-0.4.1.jdk6.ep5.el4.src.rpm jakarta-commons-logging-jboss-1.1-10.2.1.jdk6.ep5.el4.src.rpm jakarta-commons-modeler-2.0-4.ep5.el4.src.rpm jakarta-commons-pool-1.3-11.2.1.jdk6.ep5.el4.src.rpm jakarta-commons-validator-1.3.1-7.5.1.ep5.el4.src.rpm jakarta-oro-2.0.8-3.3.2.1.jdk6.ep5.el4.src.rpm jakarta-taglibs-standard-1.1.1-9.ep5.el4.src.rpm javassist-3.12.0-1.jdk6.ep5.el4.src.rpm jboss-common-core-2.2.17-1.ep5.el4.src.rpm jboss-common-logging-jdk-2.1.2-1.ep5.el4.src.rpm jboss-common-logging-spi-2.1.2-1.ep5.el4.src.rpm jboss-javaee-5.0.1-2.9.ep5.el4.src.rpm jcommon-1.0.16-1.2.1.jdk6.ep5.el4.src.rpm jfreechart-1.0.13-2.3.2.1.jdk6.ep5.el4.src.rpm log4j-1.2.14-18.1.jdk6.ep5.el4.src.rpm mod_cluster-1.0.10-2.GA_CP01.ep5.el4.src.rpm mod_cluster-native-1.0.10-2.GA_CP01.ep5.el4.src.rpm mod_jk-1.2.31-1.ep5.el4.src.rpm mx4j-3.0.1-9.3.4.ep5.el4.src.rpm objectweb-asm-3.1-5.3.1.jdk6.ep5.el4.src.rpm regexp-1.5-1.2.1.jdk6.ep5.el4.src.rpm struts12-1.2.9-3.ep5.el4.src.rpm tomcat-jkstatus-ant-1.2.31-2.ep5.el4.src.rpm tomcat-native-1.1.20-2.0.ep5.el4.src.rpm tomcat5-5.5.33-14_patch_04.ep5.el4.src.rpm tomcat6-6.0.32-15_patch_03.ep5.el4.src.rpm xalan-j2-2.7.1-5.3_patch_04.ep5.el4.src.rpm xerces-j2-2.9.1-3.patch01.1.ep5.el4.src.rpm xml-commons-1.3.04-7.12.ep5.el4.src.rpm i386: httpd22-2.2.17-14.ep5.el4.i386.rpm httpd22-apr-2.2.17-14.ep5.el4.i386.rpm httpd22-apr-devel-2.2.17-14.ep5.el4.i386.rpm httpd22-apr-util-2.2.17-14.ep5.el4.i386.rpm httpd22-apr-util-devel-2.2.17-14.ep5.el4.i386.rpm httpd22-debuginfo-2.2.17-14.ep5.el4.i386.rpm httpd22-devel-2.2.17-14.ep5.el4.i386.rpm httpd22-manual-2.2.17-14.ep5.el4.i386.rpm jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el4.i386.rpm jakarta-commons-daemon-jsvc-debuginfo-1.0.5-1.4.ep5.el4.i386.rpm mod_cluster-native-1.0.10-2.GA_CP01.ep5.el4.i386.rpm mod_cluster-native-debuginfo-1.0.10-2.GA_CP01.ep5.el4.i386.rpm mod_jk-ap20-1.2.31-1.ep5.el4.i386.rpm mod_jk-debuginfo-1.2.31-1.ep5.el4.i386.rpm mod_jk-manual-1.2.31-1.ep5.el4.i386.rpm mod_ssl22-2.2.17-14.ep5.el4.i386.rpm tomcat-native-1.1.20-2.0.ep5.el4.i386.rpm tomcat-native-debuginfo-1.1.20-2.0.ep5.el4.i386.rpm noarch: ant-1.7.1-13.jdk6.ep5.el4.noarch.rpm antlr-2.7.7-7.ep5.el4.noarch.rpm bcel-5.2-8.1.ep5.el4.noarch.rpm cglib-2.2-5.1.1.jdk6.ep5.el4.noarch.rpm dom4j-1.6.1-11.ep5.el4.noarch.rpm ecj-3.3.1.1-3.2.2.jdk6.ep5.el4.noarch.rpm glassfish-jaf-1.1.0-6.1.1.jdk6.ep5.el4.noarch.rpm glassfish-javamail-1.4.2-0.4.ep5.el4.noarch.rpm glassfish-jsf-1.2_13-2.2.1.jdk6.ep5.el4.noarch.rpm hibernate3-3.3.2-1.5.GA_CP04.ep5.el4.noarch.rpm hibernate3-annotations-3.4.0-3.3.GA_CP04.ep5.el4.noarch.rpm hibernate3-annotations-javadoc-3.4.0-3.3.GA_CP04.ep5.el4.noarch.rpm hibernate3-commons-annotations-3.1.0-1.8.ep5.el4.noarch.rpm hibernate3-commons-annotations-javadoc-3.1.0-1.8.ep5.el4.noarch.rpm hibernate3-ejb-persistence-3.0-api-1.0.2-3.jdk6.ep5.el4.noarch.rpm hibernate3-ejb-persistence-3.0-api-javadoc-1.0.2-3.jdk6.ep5.el4.noarch.rpm hibernate3-entitymanager-3.4.0-4.3.GA_CP04.ep5.el4.noarch.rpm hibernate3-entitymanager-javadoc-3.4.0-4.3.GA_CP04.ep5.el4.noarch.rpm hibernate3-javadoc-3.3.2-1.5.GA_CP04.ep5.el4.noarch.rpm jakarta-commons-beanutils-1.8.0-4.1.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-chain-1.2-2.2.ep5.el4.noarch.rpm jakarta-commons-codec-1.3-9.1.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-collections-3.2.1-4.ep5.el4.noarch.rpm jakarta-commons-collections-tomcat5-3.2.1-4.ep5.el4.noarch.rpm jakarta-commons-daemon-1.0.5-1.ep5.el4.noarch.rpm jakarta-commons-dbcp-1.2.1-16.4.ep5.el4.noarch.rpm jakarta-commons-dbcp-tomcat5-1.2.1-16.4.ep5.el4.noarch.rpm jakarta-commons-digester-1.8.1-8.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-el-1.0-19.2.jdk6.ep5.el4.noarch.rpm jakarta-commons-fileupload-1.1.1-7.4.ep5.el4.noarch.rpm jakarta-commons-httpclient-3.1-1.1.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-io-1.4-1.3.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-launcher-1.1-4.6.1.ep5.el4.noarch.rpm jakarta-commons-logging-1.1.1-0.4.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-logging-jboss-1.1-10.2.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-logging-tomcat6-1.1.1-0.4.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-modeler-2.0-4.ep5.el4.noarch.rpm jakarta-commons-pool-1.3-11.2.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-pool-tomcat5-1.3-11.2.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-validator-1.3.1-7.5.1.ep5.el4.noarch.rpm jakarta-oro-2.0.8-3.3.2.1.jdk6.ep5.el4.noarch.rpm jakarta-taglibs-standard-1.1.1-9.ep5.el4.noarch.rpm javassist-3.12.0-1.jdk6.ep5.el4.noarch.rpm jboss-common-core-2.2.17-1.ep5.el4.noarch.rpm jboss-common-logging-jdk-2.1.2-1.ep5.el4.noarch.rpm jboss-common-logging-spi-2.1.2-1.ep5.el4.noarch.rpm jboss-javaee-poms-5.0.1-2.9.ep5.el4.noarch.rpm jboss-jms-1.1-api-5.0.1-2.9.ep5.el4.noarch.rpm jboss-transaction-1.0.1-api-5.0.1-2.9.ep5.el4.noarch.rpm jcommon-1.0.16-1.2.1.jdk6.ep5.el4.noarch.rpm jfreechart-1.0.13-2.3.2.1.jdk6.ep5.el4.noarch.rpm log4j-1.2.14-18.1.jdk6.ep5.el4.noarch.rpm mod_cluster-demo-1.0.10-2.GA_CP01.ep5.el4.noarch.rpm mod_cluster-jbossas-1.0.10-2.GA_CP01.ep5.el4.noarch.rpm mod_cluster-jbossweb2-1.0.10-2.GA_CP01.ep5.el4.noarch.rpm mod_cluster-tomcat6-1.0.10-2.GA_CP01.ep5.el4.noarch.rpm mx4j-3.0.1-9.3.4.ep5.el4.noarch.rpm objectweb-asm-3.1-5.3.1.jdk6.ep5.el4.noarch.rpm regexp-1.5-1.2.1.jdk6.ep5.el4.noarch.rpm struts12-1.2.9-3.ep5.el4.noarch.rpm tomcat-jkstatus-ant-1.2.31-2.ep5.el4.noarch.rpm tomcat5-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-admin-webapps-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-common-lib-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-jasper-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-jasper-eclipse-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-jasper-javadoc-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-jsp-2.0-api-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-jsp-2.0-api-javadoc-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-parent-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-server-lib-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-servlet-2.4-api-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-servlet-2.4-api-javadoc-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-webapps-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat6-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-admin-webapps-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-docs-webapp-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-el-1.0-api-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-javadoc-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-jsp-2.1-api-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-lib-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-log4j-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-servlet-2.5-api-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-webapps-6.0.32-15_patch_03.ep5.el4.noarch.rpm xalan-j2-2.7.1-5.3_patch_04.ep5.el4.noarch.rpm xerces-j2-2.9.1-3.patch01.1.ep5.el4.noarch.rpm xml-commons-1.3.04-7.12.ep5.el4.noarch.rpm xml-commons-jaxp-1.2-apis-1.3.04-7.12.ep5.el4.noarch.rpm xml-commons-jaxp-1.3-apis-1.3.04-7.12.ep5.el4.noarch.rpm xml-commons-resolver12-1.3.04-7.12.ep5.el4.noarch.rpm x86_64: httpd22-2.2.17-14.ep5.el4.x86_64.rpm httpd22-apr-2.2.17-14.ep5.el4.x86_64.rpm httpd22-apr-devel-2.2.17-14.ep5.el4.x86_64.rpm httpd22-apr-util-2.2.17-14.ep5.el4.x86_64.rpm httpd22-apr-util-devel-2.2.17-14.ep5.el4.x86_64.rpm httpd22-debuginfo-2.2.17-14.ep5.el4.x86_64.rpm httpd22-devel-2.2.17-14.ep5.el4.x86_64.rpm httpd22-manual-2.2.17-14.ep5.el4.x86_64.rpm jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el4.x86_64.rpm jakarta-commons-daemon-jsvc-debuginfo-1.0.5-1.4.ep5.el4.x86_64.rpm mod_cluster-native-1.0.10-2.GA_CP01.ep5.el4.x86_64.rpm mod_cluster-native-debuginfo-1.0.10-2.GA_CP01.ep5.el4.x86_64.rpm mod_jk-ap20-1.2.31-1.ep5.el4.x86_64.rpm mod_jk-debuginfo-1.2.31-1.ep5.el4.x86_64.rpm mod_jk-manual-1.2.31-1.ep5.el4.x86_64.rpm mod_ssl22-2.2.17-14.ep5.el4.x86_64.rpm tomcat-native-1.1.20-2.0.ep5.el4.x86_64.rpm tomcat-native-debuginfo-1.1.20-2.0.ep5.el4.x86_64.rpm JBoss Enterprise Web Server 1.0 for RHEL 5 Server: Source: ant-1.7.1-13.jdk6.ep5.el5.src.rpm antlr-2.7.7-7.ep5.el5.src.rpm cglib-2.2-5.1.1.1.jdk6.ep5.el5.src.rpm dom4j-1.6.1-11.ep5.el5.src.rpm ecj3-3.3.1.1-3.1.1.1.jdk6.ep5.el5.src.rpm glassfish-jsf-1.2_13-3.1.1.jdk6.ep5.el5.src.rpm hibernate3-3.3.2-1.4.GA_CP04.ep5.el5.src.rpm hibernate3-annotations-3.4.0-3.2.GA_CP04.ep5.el5.src.rpm hibernate3-commons-annotations-3.1.0-1.8.ep5.el5.src.rpm hibernate3-ejb-persistence-3.0-api-1.0.2-3.1.jdk6.ep5.el5.src.rpm hibernate3-entitymanager-3.4.0-4.3.GA_CP04.ep5.el5.src.rpm httpd-2.2.17-11.1.ep5.el5.src.rpm jakarta-commons-beanutils-1.8.0-4.1.2.1.jdk6.ep5.el5.src.rpm jakarta-commons-chain-1.2-2.2.1.ep5.el5.src.rpm jakarta-commons-codec-1.3-9.2.1.1.jdk6.ep5.el5.src.rpm jakarta-commons-collections-3.2.1-4.1.ep5.el5.src.rpm jakarta-commons-daemon-1.0.5-1.ep5.el5.src.rpm jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el5.src.rpm jakarta-commons-dbcp-1.2.1-16.4.ep5.el5.src.rpm jakarta-commons-digester-1.8.1-8.1.jdk6.ep5.el5.src.rpm jakarta-commons-fileupload-1.1.1-7.4.ep5.el5.src.rpm jakarta-commons-httpclient-3.1-1.2.1.jdk6.ep5.el5.src.rpm jakarta-commons-io-1.4-1.3.1.jdk6.ep5.el5.src.rpm jakarta-commons-logging-1.1.1-0.4.1.jdk6.ep5.el5.src.rpm jakarta-commons-logging-jboss-1.1-10.2.1.jdk6.ep5.el5.src.rpm jakarta-commons-pool-1.3-11.2.1.jdk6.ep5.el5.src.rpm jakarta-commons-validator-1.3.1-7.5.2.ep5.el5.src.rpm jakarta-oro-2.0.8-3.3.2.1.1.1.jdk6.ep5.el5.src.rpm jakarta-taglibs-standard-1.1.1-9.1.ep5.el5.src.rpm javassist-3.12.0-1.jdk6.ep5.el5.src.rpm jboss-common-core-2.2.17-1.ep5.el5.src.rpm jboss-common-logging-jdk-2.1.2-1.ep5.el5.src.rpm jboss-common-logging-spi-2.1.2-1.ep5.el5.src.rpm jboss-javaee-5.0.1-2.9.ep5.el5.src.rpm jcommon-1.0.16-1.2.1.jdk6.ep5.el5.src.rpm jfreechart-1.0.13-2.3.2.1.jdk6.ep5.el5.src.rpm mod_cluster-1.0.10-2.1.GA_CP01.ep5.el5.src.rpm mod_cluster-native-1.0.10-2.1.GA_CP01.ep5.el5.src.rpm mod_jk-1.2.31-1.1.ep5.el5.src.rpm objectweb-asm-3.1-5.3.1.jdk6.ep5.el5.src.rpm struts12-1.2.9-3.1.ep5.el5.src.rpm tomcat-jkstatus-ant-1.2.31-2.ep5.el5.src.rpm tomcat-native-1.1.20-2.1.ep5.el5.src.rpm tomcat5-5.5.33-16_patch_04.ep5.el5.src.rpm tomcat6-6.0.32-15.1_patch_03.ep5.el5.src.rpm xalan-j2-2.7.1-5.3_patch_04.ep5.el5.src.rpm xerces-j2-2.9.1-3.patch01.1.ep5.el5.src.rpm xml-commons-1.3.04-7.10.jdk6.ep5.el5.src.rpm i386: httpd-2.2.17-11.1.ep5.el5.i386.rpm httpd-debuginfo-2.2.17-11.1.ep5.el5.i386.rpm httpd-devel-2.2.17-11.1.ep5.el5.i386.rpm httpd-manual-2.2.17-11.1.ep5.el5.i386.rpm jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el5.i386.rpm jakarta-commons-daemon-jsvc-debuginfo-1.0.5-1.4.ep5.el5.i386.rpm mod_cluster-native-1.0.10-2.1.GA_CP01.ep5.el5.i386.rpm mod_cluster-native-debuginfo-1.0.10-2.1.GA_CP01.ep5.el5.i386.rpm mod_jk-ap20-1.2.31-1.1.ep5.el5.i386.rpm mod_jk-debuginfo-1.2.31-1.1.ep5.el5.i386.rpm mod_jk-manual-1.2.31-1.1.ep5.el5.i386.rpm mod_ssl-2.2.17-11.1.ep5.el5.i386.rpm tomcat-native-1.1.20-2.1.ep5.el5.i386.rpm tomcat-native-debuginfo-1.1.20-2.1.ep5.el5.i386.rpm noarch: ant-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-antlr-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-apache-bcel-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-apache-bsf-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-apache-log4j-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-apache-oro-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-apache-regexp-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-apache-resolver-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-commons-logging-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-javamail-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-jdepend-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-jmf-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-jsch-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-junit-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-nodeps-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-scripts-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-swing-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-trax-1.7.1-13.jdk6.ep5.el5.noarch.rpm antlr-2.7.7-7.ep5.el5.noarch.rpm cglib-2.2-5.1.1.1.jdk6.ep5.el5.noarch.rpm dom4j-1.6.1-11.ep5.el5.noarch.rpm ecj3-3.3.1.1-3.1.1.1.jdk6.ep5.el5.noarch.rpm glassfish-jsf-1.2_13-3.1.1.jdk6.ep5.el5.noarch.rpm hibernate3-3.3.2-1.4.GA_CP04.ep5.el5.noarch.rpm hibernate3-annotations-3.4.0-3.2.GA_CP04.ep5.el5.noarch.rpm hibernate3-annotations-javadoc-3.4.0-3.2.GA_CP04.ep5.el5.noarch.rpm hibernate3-commons-annotations-3.1.0-1.8.ep5.el5.noarch.rpm hibernate3-commons-annotations-javadoc-3.1.0-1.8.ep5.el5.noarch.rpm hibernate3-ejb-persistence-3.0-api-1.0.2-3.1.jdk6.ep5.el5.noarch.rpm hibernate3-ejb-persistence-3.0-api-javadoc-1.0.2-3.1.jdk6.ep5.el5.noarch.rpm hibernate3-entitymanager-3.4.0-4.3.GA_CP04.ep5.el5.noarch.rpm hibernate3-entitymanager-javadoc-3.4.0-4.3.GA_CP04.ep5.el5.noarch.rpm hibernate3-javadoc-3.3.2-1.4.GA_CP04.ep5.el5.noarch.rpm jakarta-commons-beanutils-1.8.0-4.1.2.1.jdk6.ep5.el5.noarch.rpm jakarta-commons-chain-1.2-2.2.1.ep5.el5.noarch.rpm jakarta-commons-codec-1.3-9.2.1.1.jdk6.ep5.el5.noarch.rpm jakarta-commons-collections-3.2.1-4.1.ep5.el5.noarch.rpm jakarta-commons-collections-tomcat5-3.2.1-4.1.ep5.el5.noarch.rpm jakarta-commons-daemon-1.0.5-1.ep5.el5.noarch.rpm jakarta-commons-dbcp-1.2.1-16.4.ep5.el5.noarch.rpm jakarta-commons-dbcp-tomcat5-1.2.1-16.4.ep5.el5.noarch.rpm jakarta-commons-digester-1.8.1-8.1.jdk6.ep5.el5.noarch.rpm jakarta-commons-fileupload-1.1.1-7.4.ep5.el5.noarch.rpm jakarta-commons-httpclient-3.1-1.2.1.jdk6.ep5.el5.noarch.rpm jakarta-commons-io-1.4-1.3.1.jdk6.ep5.el5.noarch.rpm jakarta-commons-logging-1.1.1-0.4.1.jdk6.ep5.el5.noarch.rpm jakarta-commons-logging-jboss-1.1-10.2.1.jdk6.ep5.el5.noarch.rpm jakarta-commons-logging-tomcat6-1.1.1-0.4.1.jdk6.ep5.el5.noarch.rpm jakarta-commons-pool-1.3-11.2.1.jdk6.ep5.el5.noarch.rpm jakarta-commons-pool-tomcat5-1.3-11.2.1.jdk6.ep5.el5.noarch.rpm jakarta-commons-validator-1.3.1-7.5.2.ep5.el5.noarch.rpm jakarta-oro-2.0.8-3.3.2.1.1.1.jdk6.ep5.el5.noarch.rpm jakarta-taglibs-standard-1.1.1-9.1.ep5.el5.noarch.rpm javassist-3.12.0-1.jdk6.ep5.el5.noarch.rpm jboss-common-core-2.2.17-1.ep5.el5.noarch.rpm jboss-common-logging-jdk-2.1.2-1.ep5.el5.noarch.rpm jboss-common-logging-spi-2.1.2-1.ep5.el5.noarch.rpm jboss-javaee-5.0.1-2.9.ep5.el5.noarch.rpm jboss-javaee-poms-5.0.1-2.9.ep5.el5.noarch.rpm jboss-jms-1.1-api-5.0.1-2.9.ep5.el5.noarch.rpm jboss-transaction-1.0.1-api-5.0.1-2.9.ep5.el5.noarch.rpm jcommon-1.0.16-1.2.1.jdk6.ep5.el5.noarch.rpm jfreechart-1.0.13-2.3.2.1.jdk6.ep5.el5.noarch.rpm mod_cluster-demo-1.0.10-2.1.GA_CP01.ep5.el5.noarch.rpm mod_cluster-jbossas-1.0.10-2.1.GA_CP01.ep5.el5.noarch.rpm mod_cluster-jbossweb2-1.0.10-2.1.GA_CP01.ep5.el5.noarch.rpm mod_cluster-tomcat6-1.0.10-2.1.GA_CP01.ep5.el5.noarch.rpm objectweb-asm-3.1-5.3.1.jdk6.ep5.el5.noarch.rpm struts12-1.2.9-3.1.ep5.el5.noarch.rpm tomcat-jkstatus-ant-1.2.31-2.ep5.el5.noarch.rpm tomcat5-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat5-admin-webapps-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat5-common-lib-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat5-jasper-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat5-jasper-eclipse-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat5-jasper-javadoc-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat5-jsp-2.0-api-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat5-jsp-2.0-api-javadoc-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat5-parent-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat5-server-lib-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat5-servlet-2.4-api-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat5-servlet-2.4-api-javadoc-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat5-webapps-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat6-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm tomcat6-admin-webapps-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm tomcat6-docs-webapp-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm tomcat6-el-1.0-api-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm tomcat6-javadoc-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm tomcat6-jsp-2.1-api-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm tomcat6-lib-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm tomcat6-log4j-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm tomcat6-servlet-2.5-api-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm tomcat6-webapps-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm xalan-j2-2.7.1-5.3_patch_04.ep5.el5.noarch.rpm xerces-j2-2.9.1-3.patch01.1.ep5.el5.noarch.rpm xml-commons-1.3.04-7.10.jdk6.ep5.el5.noarch.rpm xml-commons-jaxp-1.2-apis-1.3.04-7.10.jdk6.ep5.el5.noarch.rpm xml-commons-jaxp-1.3-apis-1.3.04-7.10.jdk6.ep5.el5.noarch.rpm xml-commons-resolver12-1.3.04-7.10.jdk6.ep5.el5.noarch.rpm x86_64: httpd-2.2.17-11.1.ep5.el5.x86_64.rpm httpd-debuginfo-2.2.17-11.1.ep5.el5.x86_64.rpm httpd-devel-2.2.17-11.1.ep5.el5.x86_64.rpm httpd-manual-2.2.17-11.1.ep5.el5.x86_64.rpm jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el5.x86_64.rpm jakarta-commons-daemon-jsvc-debuginfo-1.0.5-1.4.ep5.el5.x86_64.rpm mod_cluster-native-1.0.10-2.1.GA_CP01.ep5.el5.x86_64.rpm mod_cluster-native-debuginfo-1.0.10-2.1.GA_CP01.ep5.el5.x86_64.rpm mod_jk-ap20-1.2.31-1.1.ep5.el5.x86_64.rpm mod_jk-debuginfo-1.2.31-1.1.ep5.el5.x86_64.rpm mod_jk-manual-1.2.31-1.1.ep5.el5.x86_64.rpm mod_ssl-2.2.17-11.1.ep5.el5.x86_64.rpm tomcat-native-1.1.20-2.1.ep5.el5.x86_64.rpm tomcat-native-debuginfo-1.1.20-2.1.ep5.el5.x86_64.rpm JBoss Enterprise Web Server 1.0 for RHEL 6 Server: Source: ant-1.7.1-14.ep5.el6.src.rpm antlr-2.7.7-7.ep5.el6.src.rpm cglib-2.2-5.4.ep5.el6.src.rpm dom4j-1.6.1-11.1.ep5.el6.src.rpm ecj3-3.3.1.1-4.ep5.el6.src.rpm glassfish-jsf-1.2_13-3.1.4.ep5.el6.src.rpm hibernate3-3.3.2-1.8.GA_CP04.ep5.el6.src.rpm hibernate3-annotations-3.4.0-3.5.GA_CP04.ep5.el6.src.rpm hibernate3-commons-annotations-3.1.0-1.8.ep5.el6.src.rpm hibernate3-ejb-persistence-3.0-api-1.0.2-3.3.ep5.el6.src.rpm hibernate3-entitymanager-3.4.0-4.4.GA_CP04.ep5.el6.src.rpm httpd-2.2.17-11.2.ep5.el6.src.rpm jakarta-commons-beanutils-1.8.0-9.ep5.el6.src.rpm jakarta-commons-chain-1.2-2.2.2.ep5.el6.src.rpm jakarta-commons-codec-1.3-12.1.ep5.el6.src.rpm jakarta-commons-collections-3.2.1-4.ep5.el6.src.rpm jakarta-commons-daemon-1.0.5-1.1.ep5.el6.src.rpm jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el6.src.rpm jakarta-commons-dbcp-1.2.1-16.2.ep5.el6.src.rpm jakarta-commons-digester-1.8.1-8.1.1.1.ep5.el6.src.rpm jakarta-commons-fileupload-1.1.1-7.5.ep5.el6.src.rpm jakarta-commons-httpclient-3.1-1.2.2.ep5.el6.src.rpm jakarta-commons-io-1.4-4.ep5.el6.src.rpm jakarta-commons-logging-1.1.1-1.ep5.el6.src.rpm jakarta-commons-logging-jboss-1.1-10.2.2.1.ep5.el6.src.rpm jakarta-commons-pool-1.3-15.ep5.el6.src.rpm jakarta-commons-validator-1.3.1-7.5.2.ep5.el6.src.rpm jakarta-oro-2.0.8-7.ep5.el6.src.rpm jakarta-taglibs-standard-1.1.1-12.ep5.el6.src.rpm javassist-3.12.0-3.ep5.el6.src.rpm jboss-common-core-2.2.17-1.2.ep5.el6.src.rpm jboss-common-logging-jdk-2.1.2-1.2.ep5.el6.src.rpm jboss-common-logging-spi-2.1.2-1.ep5.el6.src.rpm jboss-javaee-5.0.1-2.9.ep5.el6.src.rpm jcommon-1.0.16-1.2.2.ep5.el6.src.rpm jfreechart-1.0.13-2.3.2.1.2.ep5.el6.src.rpm mod_cluster-1.0.10-2.2.GA_CP01.ep5.el6.src.rpm mod_cluster-native-1.0.10-2.1.1.GA_CP01.ep5.el6.src.rpm mod_jk-1.2.31-1.1.2.ep5.el6.src.rpm objectweb-asm31-3.1-12.1.ep5.el6.src.rpm struts12-1.2.9-3.1.ep5.el6.src.rpm tomcat-jkstatus-ant-1.2.31-2.1.ep5.el6.src.rpm tomcat-native-1.1.20-2.1.2.ep5.el6.src.rpm tomcat5-5.5.33-15_patch_04.ep5.el6.src.rpm tomcat6-6.0.32-14_patch_03.ep5.el6.src.rpm xalan-j2-2.7.1-5.3_patch_04.ep5.el6.src.rpm xerces-j2-2.9.1-8.patch01.1.ep5.el6.src.rpm xml-commons-1.3.04-7.14.ep5.el6.src.rpm i386: httpd-2.2.17-11.2.ep5.el6.i386.rpm httpd-debuginfo-2.2.17-11.2.ep5.el6.i386.rpm httpd-devel-2.2.17-11.2.ep5.el6.i386.rpm httpd-manual-2.2.17-11.2.ep5.el6.i386.rpm httpd-tools-2.2.17-11.2.ep5.el6.i386.rpm jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el6.i386.rpm jakarta-commons-daemon-jsvc-debuginfo-1.0.5-1.4.ep5.el6.i386.rpm mod_cluster-native-1.0.10-2.1.1.GA_CP01.ep5.el6.i386.rpm mod_cluster-native-debuginfo-1.0.10-2.1.1.GA_CP01.ep5.el6.i386.rpm mod_jk-ap20-1.2.31-1.1.2.ep5.el6.i386.rpm mod_jk-debuginfo-1.2.31-1.1.2.ep5.el6.i386.rpm mod_jk-manual-1.2.31-1.1.2.ep5.el6.i386.rpm mod_ssl-2.2.17-11.2.ep5.el6.i386.rpm tomcat-native-1.1.20-2.1.2.ep5.el6.i386.rpm tomcat-native-debuginfo-1.1.20-2.1.2.ep5.el6.i386.rpm noarch: ant-1.7.1-14.ep5.el6.noarch.rpm ant-antlr-1.7.1-14.ep5.el6.noarch.rpm ant-apache-bcel-1.7.1-14.ep5.el6.noarch.rpm ant-apache-bsf-1.7.1-14.ep5.el6.noarch.rpm ant-apache-log4j-1.7.1-14.ep5.el6.noarch.rpm ant-apache-oro-1.7.1-14.ep5.el6.noarch.rpm ant-apache-regexp-1.7.1-14.ep5.el6.noarch.rpm ant-apache-resolver-1.7.1-14.ep5.el6.noarch.rpm ant-commons-logging-1.7.1-14.ep5.el6.noarch.rpm ant-commons-net-1.7.1-14.ep5.el6.noarch.rpm ant-javamail-1.7.1-14.ep5.el6.noarch.rpm ant-jdepend-1.7.1-14.ep5.el6.noarch.rpm ant-jmf-1.7.1-14.ep5.el6.noarch.rpm ant-jsch-1.7.1-14.ep5.el6.noarch.rpm ant-junit-1.7.1-14.ep5.el6.noarch.rpm ant-nodeps-1.7.1-14.ep5.el6.noarch.rpm ant-scripts-1.7.1-14.ep5.el6.noarch.rpm ant-swing-1.7.1-14.ep5.el6.noarch.rpm ant-trax-1.7.1-14.ep5.el6.noarch.rpm antlr-2.7.7-7.ep5.el6.noarch.rpm cglib-2.2-5.4.ep5.el6.noarch.rpm dom4j-1.6.1-11.1.ep5.el6.noarch.rpm ecj3-3.3.1.1-4.ep5.el6.noarch.rpm glassfish-jsf-1.2_13-3.1.4.ep5.el6.noarch.rpm hibernate3-3.3.2-1.8.GA_CP04.ep5.el6.noarch.rpm hibernate3-annotations-3.4.0-3.5.GA_CP04.ep5.el6.noarch.rpm hibernate3-annotations-javadoc-3.4.0-3.5.GA_CP04.ep5.el6.noarch.rpm hibernate3-commons-annotations-3.1.0-1.8.ep5.el6.noarch.rpm hibernate3-commons-annotations-javadoc-3.1.0-1.8.ep5.el6.noarch.rpm hibernate3-ejb-persistence-3.0-api-1.0.2-3.3.ep5.el6.noarch.rpm hibernate3-ejb-persistence-3.0-api-javadoc-1.0.2-3.3.ep5.el6.noarch.rpm hibernate3-entitymanager-3.4.0-4.4.GA_CP04.ep5.el6.noarch.rpm hibernate3-entitymanager-javadoc-3.4.0-4.4.GA_CP04.ep5.el6.noarch.rpm hibernate3-javadoc-3.3.2-1.8.GA_CP04.ep5.el6.noarch.rpm jakarta-commons-beanutils-1.8.0-9.ep5.el6.noarch.rpm jakarta-commons-chain-1.2-2.2.2.ep5.el6.noarch.rpm jakarta-commons-codec-1.3-12.1.ep5.el6.noarch.rpm jakarta-commons-collections-3.2.1-4.ep5.el6.noarch.rpm jakarta-commons-collections-tomcat5-3.2.1-4.ep5.el6.noarch.rpm jakarta-commons-daemon-1.0.5-1.1.ep5.el6.noarch.rpm jakarta-commons-dbcp-1.2.1-16.2.ep5.el6.noarch.rpm jakarta-commons-dbcp-tomcat5-1.2.1-16.2.ep5.el6.noarch.rpm jakarta-commons-digester-1.8.1-8.1.1.1.ep5.el6.noarch.rpm jakarta-commons-fileupload-1.1.1-7.5.ep5.el6.noarch.rpm jakarta-commons-httpclient-3.1-1.2.2.ep5.el6.noarch.rpm jakarta-commons-io-1.4-4.ep5.el6.noarch.rpm jakarta-commons-logging-1.1.1-1.ep5.el6.noarch.rpm jakarta-commons-logging-jboss-1.1-10.2.2.1.ep5.el6.noarch.rpm jakarta-commons-logging-tomcat6-1.1.1-1.ep5.el6.noarch.rpm jakarta-commons-pool-1.3-15.ep5.el6.noarch.rpm jakarta-commons-pool-tomcat5-1.3-15.ep5.el6.noarch.rpm jakarta-commons-validator-1.3.1-7.5.2.ep5.el6.noarch.rpm jakarta-oro-2.0.8-7.ep5.el6.noarch.rpm jakarta-taglibs-standard-1.1.1-12.ep5.el6.noarch.rpm javassist-3.12.0-3.ep5.el6.noarch.rpm jboss-common-core-2.2.17-1.2.ep5.el6.noarch.rpm jboss-common-logging-jdk-2.1.2-1.2.ep5.el6.noarch.rpm jboss-common-logging-spi-2.1.2-1.ep5.el6.noarch.rpm jboss-javaee-5.0.1-2.9.ep5.el6.noarch.rpm jboss-javaee-poms-5.0.1-2.9.ep5.el6.noarch.rpm jboss-jms-1.1-api-5.0.1-2.9.ep5.el6.noarch.rpm jboss-transaction-1.0.1-api-5.0.1-2.9.ep5.el6.noarch.rpm jcommon-1.0.16-1.2.2.ep5.el6.noarch.rpm jfreechart-1.0.13-2.3.2.1.2.ep5.el6.noarch.rpm mod_cluster-demo-1.0.10-2.2.GA_CP01.ep5.el6.noarch.rpm mod_cluster-jbossas-1.0.10-2.2.GA_CP01.ep5.el6.noarch.rpm mod_cluster-jbossweb2-1.0.10-2.2.GA_CP01.ep5.el6.noarch.rpm mod_cluster-tomcat6-1.0.10-2.2.GA_CP01.ep5.el6.noarch.rpm objectweb-asm31-3.1-12.1.ep5.el6.noarch.rpm struts12-1.2.9-3.1.ep5.el6.noarch.rpm tomcat-jkstatus-ant-1.2.31-2.1.ep5.el6.noarch.rpm tomcat5-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat5-admin-webapps-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat5-common-lib-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat5-jasper-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat5-jasper-eclipse-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat5-jasper-javadoc-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat5-jsp-2.0-api-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat5-jsp-2.0-api-javadoc-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat5-parent-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat5-server-lib-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat5-servlet-2.4-api-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat5-servlet-2.4-api-javadoc-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat5-webapps-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat6-6.0.32-14_patch_03.ep5.el6.noarch.rpm tomcat6-admin-webapps-6.0.32-14_patch_03.ep5.el6.noarch.rpm tomcat6-docs-webapp-6.0.32-14_patch_03.ep5.el6.noarch.rpm tomcat6-el-1.0-api-6.0.32-14_patch_03.ep5.el6.noarch.rpm tomcat6-javadoc-6.0.32-14_patch_03.ep5.el6.noarch.rpm tomcat6-jsp-2.1-api-6.0.32-14_patch_03.ep5.el6.noarch.rpm tomcat6-lib-6.0.32-14_patch_03.ep5.el6.noarch.rpm tomcat6-log4j-6.0.32-14_patch_03.ep5.el6.noarch.rpm tomcat6-servlet-2.5-api-6.0.32-14_patch_03.ep5.el6.noarch.rpm tomcat6-webapps-6.0.32-14_patch_03.ep5.el6.noarch.rpm xalan-j2-2.7.1-5.3_patch_04.ep5.el6.noarch.rpm xerces-j2-2.9.1-8.patch01.1.ep5.el6.noarch.rpm xml-commons-1.3.04-7.14.ep5.el6.noarch.rpm xml-commons-jaxp-1.1-apis-1.3.04-7.14.ep5.el6.noarch.rpm xml-commons-jaxp-1.2-apis-1.3.04-7.14.ep5.el6.noarch.rpm xml-commons-jaxp-1.3-apis-1.3.04-7.14.ep5.el6.noarch.rpm xml-commons-resolver10-1.3.04-7.14.ep5.el6.noarch.rpm xml-commons-resolver11-1.3.04-7.14.ep5.el6.noarch.rpm xml-commons-resolver12-1.3.04-7.14.ep5.el6.noarch.rpm xml-commons-which10-1.3.04-7.14.ep5.el6.noarch.rpm xml-commons-which11-1.3.04-7.14.ep5.el6.noarch.rpm x86_64: httpd-2.2.17-11.2.ep5.el6.x86_64.rpm httpd-debuginfo-2.2.17-11.2.ep5.el6.x86_64.rpm httpd-devel-2.2.17-11.2.ep5.el6.x86_64.rpm httpd-manual-2.2.17-11.2.ep5.el6.x86_64.rpm httpd-tools-2.2.17-11.2.ep5.el6.x86_64.rpm jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el6.x86_64.rpm jakarta-commons-daemon-jsvc-debuginfo-1.0.5-1.4.ep5.el6.x86_64.rpm mod_cluster-native-1.0.10-2.1.1.GA_CP01.ep5.el6.x86_64.rpm mod_cluster-native-debuginfo-1.0.10-2.1.1.GA_CP01.ep5.el6.x86_64.rpm mod_jk-ap20-1.2.31-1.1.2.ep5.el6.x86_64.rpm mod_jk-debuginfo-1.2.31-1.1.2.ep5.el6.x86_64.rpm mod_jk-manual-1.2.31-1.1.2.ep5.el6.x86_64.rpm mod_ssl-2.2.17-11.2.ep5.el6.x86_64.rpm tomcat-native-1.1.20-2.1.2.ep5.el6.x86_64.rpm tomcat-native-debuginfo-1.1.20-2.1.2.ep5.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-1157.html https://www.redhat.com/security/data/cve/CVE-2010-1452.html https://www.redhat.com/security/data/cve/CVE-2010-1623.html https://www.redhat.com/security/data/cve/CVE-2010-3718.html https://www.redhat.com/security/data/cve/CVE-2010-4172.html https://www.redhat.com/security/data/cve/CVE-2011-0013.html https://www.redhat.com/security/data/cve/CVE-2011-0419.html https://access.redhat.com/security/updates/classification/#moderate http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Web_Server/1.0/html-single/Release_Notes_1.0.2/index.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOAubvXlSAg2UNWIIRApW6AJ4kvQ3q2boy3UntDB/XSHBuOmN02QCgmLaj NXAWrqe0nO3HRh9R1bnYZR0= =YW2z -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . BAC v8.07 supplies Apache 2.2.17

SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. The SAP NetWeaver wsnavigator component has a cross-site scripting attack that allows an attacker to exploit a vulnerability to gain sensitive information or hijack a target user session. SAP Netweaver is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. SAP Netweaver 6.4 through 7.0 is vulnerable; other versions may also be affected

Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995. libmikmod of loaders/load_it.c Contains a heap-based buffer overflow vulnerability. Libmikmod is a library used by Mikmod to play various types of audio modules. The problem with CVE-2009-3995 is not completely fixed correctly. The following problems exist: - Only volpts are checked, but similar problems affect panpts and pitpts. - Checking is done after calling IT_ProcessEnvelope, the function has modified name##env as the upper bound using name##pts, so an overflow can be triggered between checks. The -name##env information is read from name##tick and name##node, where the value contains ITENVCNT (25), so using sizeof(name##env) == ENVPOINTS (32) can still cause the array to read out of bounds. take. The 'libmikmod' library is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input. Attackers can leverage these issues to execute arbitrary code in the context of an application that uses the affected library. Failed attacks will cause denial-of-service conditions. These issues are due to an incomplete fix for CVE-2009-3995; BID 38114 (libmikmod Multiple Buffer Overflow Vulnerabilities) is related to these issues. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2081-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff August 01, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : libmikmod Vulnerability : buffer overflow Problem type : local(remote) Debian-specific: no CVE Id(s) : CVE-2010-2546 Tomas Hoger discovered that the upstream fix for CVE-2009-3995 was insufficient. This update provides a corrected package. For the unstable distribution (sid), these problems have been fixed in version 3.1.11-6.3. We recommend that you upgrade your libmikmod packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkxVxoUACgkQXm3vHE4uylrhwgCfXeJqgBnpGu10QyEu3DBjwWy/ y0YAoNP/beuWGyzKeCCNXuQwZ23f0oV2 =3XKq -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-995-1 September 29, 2010 libmikmod vulnerabilities CVE-2007-6720, CVE-2009-0179, CVE-2009-3995, CVE-2009-3996, CVE-2010-2546, CVE-2010-2971 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libmikmod2 3.1.11-6ubuntu3.8.04.1 Ubuntu 9.04: libmikmod2 3.1.11-6ubuntu3.9.04.1 Ubuntu 9.10: libmikmod2 3.1.11-6ubuntu4.1 In general, a standard system update will make all the necessary changes. Details follow: It was discovered that libMikMod incorrectly handled songs with different channel counts. (CVE-2007-6720) It was discovered that libMikMod incorrectly handled certain malformed XM files. (CVE-2009-0179) It was discovered that libMikMod incorrectly handled certain malformed Impulse Tracker files. (CVE-2009-3995, CVE-2010-2546, CVE-2010-2971) It was discovered that libMikMod incorrectly handled certain malformed Ultratracker files. (CVE-2009-3996) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu3.8.04.1.diff.gz Size/MD5: 339148 88b89686ec91f5173c6dd8b80ce8e64e http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu3.8.04.1.dsc Size/MD5: 730 9d56dccce0535ee3c48ca642da04705a http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11.orig.tar.gz Size/MD5: 611590 705106da305e8de191549f1e7393185c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.8.04.1_amd64.deb Size/MD5: 266550 9200823b863117753bac8a1aae63c2ca http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.8.04.1_amd64.deb Size/MD5: 155628 cff0d15986f092c78cda7bb3a657e1f6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.8.04.1_i386.deb Size/MD5: 244016 27453dd915f85ccd7dba0710ecab4acc http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.8.04.1_i386.deb Size/MD5: 146476 b67d8d50c02001e45eb618d51f4329a1 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.8.04.1_lpia.deb Size/MD5: 248392 706f9438583e4364b4265ec8d8543bc4 http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.8.04.1_lpia.deb Size/MD5: 148608 5c727d7e661e44044017cb7bd6ab3402 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.8.04.1_powerpc.deb Size/MD5: 285392 c4ebd492d87451cc2979554da7e6fa34 http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.8.04.1_powerpc.deb Size/MD5: 173928 e45de26f887292b7482eca418459e60c sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.8.04.1_sparc.deb Size/MD5: 258120 702fbd120d05a9f1d645f85ec45ea211 http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.8.04.1_sparc.deb Size/MD5: 148446 029492bfe2015986538e1f141ab51f93 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu3.9.04.1.diff.gz Size/MD5: 338916 a771044f7ddf578a1618e1667effd243 http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu3.9.04.1.dsc Size/MD5: 1150 031a6ed819b4e9f59dc4614f42f91109 http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11.orig.tar.gz Size/MD5: 611590 705106da305e8de191549f1e7393185c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.9.04.1_amd64.deb Size/MD5: 265286 5189d1d5a185819b8f0a3860fd3ecc2b http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.9.04.1_amd64.deb Size/MD5: 156988 f76e952924eceebdde01d9671f96b9b9 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.9.04.1_i386.deb Size/MD5: 244312 00502a3a984d2b40bffdf46d016caa20 http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.9.04.1_i386.deb Size/MD5: 147096 8cb46dd80877e60c1300e0b471a42cba lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.9.04.1_lpia.deb Size/MD5: 247818 33fa14fe4ee9a538eb1c998928a302ab http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.9.04.1_lpia.deb Size/MD5: 148464 75e5cde38085b939f4c3ad709f2a6b0d powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.9.04.1_powerpc.deb Size/MD5: 281656 34e746a50fbd0acd34192b9e899e161f http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.9.04.1_powerpc.deb Size/MD5: 172672 69ec0a2145ea106602c2f3fa454bc346 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.9.04.1_sparc.deb Size/MD5: 255260 70cb1b7d5521b00ae993686d9336bb12 http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.9.04.1_sparc.deb Size/MD5: 149422 d9e458beb786bbe71ecbf51f3ba6e758 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu4.1.diff.gz Size/MD5: 338972 b044cd4c0262d4d38fc94de90fb520d4 http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu4.1.dsc Size/MD5: 1130 1feb8d8fcb433337e8ddad65e2076e4a http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11.orig.tar.gz Size/MD5: 611590 705106da305e8de191549f1e7393185c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu4.1_amd64.deb Size/MD5: 267300 627cc54b1a4b2ed57ae5c1de295e614c http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu4.1_amd64.deb Size/MD5: 157340 c36998f34e2807dbb8af42934b8ede5e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu4.1_i386.deb Size/MD5: 244300 063e16e7e89f79a9d8b457a3881b5820 http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu4.1_i386.deb Size/MD5: 148654 615e8ada1a87f7aee7e5ccd51c2dca4e lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu4.1_lpia.deb Size/MD5: 247994 fe717add1af434a346b59982f5e3c7c5 http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu4.1_lpia.deb Size/MD5: 151404 e13a0f651953441fc9cc5958ef874d0d powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu4.1_powerpc.deb Size/MD5: 281960 9199bd4701581881b31df45c5ede258f http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu4.1_powerpc.deb Size/MD5: 174950 ad1450f700117577ddede6fc3755d5da sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu4.1_sparc.deb Size/MD5: 260378 cd74bc83de2b60ed9cf4fc442e0352e1 http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu4.1_sparc.deb Size/MD5: 152910 b684a3227432d45c220bb1378a4ed3d7 . Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3996 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2971 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 3239adc6a61914a960c8bb07ebab58d2 2008.0/i586/libmikmod2-3.1.11a-8.2mdv2008.0.i586.rpm 4a88081c44652b1abbb2168bad46fc17 2008.0/i586/libmikmod-devel-3.1.11a-8.2mdv2008.0.i586.rpm ecdb3414bb5ff4fde670f2983432fe92 2008.0/SRPMS/libmikmod-3.1.11a-8.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 41d721fc0ade6181626d66527e08260f 2008.0/x86_64/lib64mikmod2-3.1.11a-8.2mdv2008.0.x86_64.rpm b9af3c6d02828c7c36f2d47275142a01 2008.0/x86_64/lib64mikmod-devel-3.1.11a-8.2mdv2008.0.x86_64.rpm ecdb3414bb5ff4fde670f2983432fe92 2008.0/SRPMS/libmikmod-3.1.11a-8.2mdv2008.0.src.rpm Mandriva Linux 2009.0: 0c32865a362e5949549bd0597f1c3288 2009.0/i586/libmikmod3-3.2.0-0.beta2.2.2mdv2009.0.i586.rpm 1f0c55a841c82430a4a455b9c0fd185f 2009.0/i586/libmikmod-devel-3.2.0-0.beta2.2.2mdv2009.0.i586.rpm 3b736a5f6560c844e05d797772240ff8 2009.0/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: da510127c478758616146f2069b013ca 2009.0/x86_64/lib64mikmod3-3.2.0-0.beta2.2.2mdv2009.0.x86_64.rpm ce57822efa45f0e36aa1d79f7cc75763 2009.0/x86_64/lib64mikmod-devel-3.2.0-0.beta2.2.2mdv2009.0.x86_64.rpm 3b736a5f6560c844e05d797772240ff8 2009.0/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdv2009.0.src.rpm Mandriva Linux 2009.1: 1987e95ad4486d0d70a5cb3f15462815 2009.1/i586/libmikmod3-3.2.0-0.beta2.3.1mdv2009.1.i586.rpm 7c1d6e99214eca60d5e1b27d742557ac 2009.1/i586/libmikmod-devel-3.2.0-0.beta2.3.1mdv2009.1.i586.rpm 2cf8f0a1794e134bad1f0510a4d4b255 2009.1/SRPMS/libmikmod-3.2.0-0.beta2.3.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 06d66faa37c282dbee789de65dc5b246 2009.1/x86_64/lib64mikmod3-3.2.0-0.beta2.3.1mdv2009.1.x86_64.rpm 5940b272dda3c628bbf27799e43db079 2009.1/x86_64/lib64mikmod-devel-3.2.0-0.beta2.3.1mdv2009.1.x86_64.rpm 2cf8f0a1794e134bad1f0510a4d4b255 2009.1/SRPMS/libmikmod-3.2.0-0.beta2.3.1mdv2009.1.src.rpm Mandriva Linux 2010.0: 754014cea8f3645395151dc2b7a4cc58 2010.0/i586/libmikmod3-3.2.0-0.beta2.6.1mdv2010.0.i586.rpm cd1e7fca287c53499d973478c7813a6f 2010.0/i586/libmikmod-devel-3.2.0-0.beta2.6.1mdv2010.0.i586.rpm 9db426850551cd0d47d49dce62bddf29 2010.0/SRPMS/libmikmod-3.2.0-0.beta2.6.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 477871f309a92d2912811fb31fea0943 2010.0/x86_64/lib64mikmod3-3.2.0-0.beta2.6.1mdv2010.0.x86_64.rpm 4c02e2863a04a2201233ce6f0822fbb5 2010.0/x86_64/lib64mikmod-devel-3.2.0-0.beta2.6.1mdv2010.0.x86_64.rpm 9db426850551cd0d47d49dce62bddf29 2010.0/SRPMS/libmikmod-3.2.0-0.beta2.6.1mdv2010.0.src.rpm Mandriva Linux 2010.1: 5dc9e3bcb87870d04daaeea37c1c7c90 2010.1/i586/libmikmod3-3.2.0-0.beta2.7.1mdv2010.1.i586.rpm 30fd5e1c50381c01c621c67f83e46c53 2010.1/i586/libmikmod-devel-3.2.0-0.beta2.7.1mdv2010.1.i586.rpm a8e35035a0439a36aed7acb4c6cd8c66 2010.1/SRPMS/libmikmod-3.2.0-0.beta2.7.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: c642403d884dcd4aef507757d7688b4a 2010.1/x86_64/lib64mikmod3-3.2.0-0.beta2.7.1mdv2010.1.x86_64.rpm b64cda55aeb0450fea2ad3af07fece31 2010.1/x86_64/lib64mikmod-devel-3.2.0-0.beta2.7.1mdv2010.1.x86_64.rpm a8e35035a0439a36aed7acb4c6cd8c66 2010.1/SRPMS/libmikmod-3.2.0-0.beta2.7.1mdv2010.1.src.rpm Mandriva Enterprise Server 5: 6798c40fffe0cec1532ed4ea2470b041 mes5/i586/libmikmod3-3.2.0-0.beta2.2.2mdvmes5.1.i586.rpm 2b4f452bcfcd7ccbc1f9eea217b3e8ed mes5/i586/libmikmod-devel-3.2.0-0.beta2.2.2mdvmes5.1.i586.rpm 18ee204b5ffc212d4fb027b912a75c0b mes5/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 5e4fb9c93420186fc60c96e38b9ea412 mes5/x86_64/lib64mikmod3-3.2.0-0.beta2.2.2mdvmes5.1.x86_64.rpm e285e5b3413fe8f0de6b71caa903c8f9 mes5/x86_64/lib64mikmod-devel-3.2.0-0.beta2.2.2mdvmes5.1.x86_64.rpm 18ee204b5ffc212d4fb027b912a75c0b mes5/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMaOgMmqjQ0CJFipgRAt6nAKCzxX60CsvAUagtg/MS8MzgHh/84wCfbLXV avaniwZZDpjBYi8uoj21mkM= =KovP -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Gentoo update for libmikmod SECUNIA ADVISORY ID: SA48244 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48244/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48244 RELEASE DATE: 2012-03-06 DISCUSS ADVISORY: http://secunia.com/advisories/48244/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48244/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48244 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for libmikmod. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise a vulnerable system. ORIGINAL ADVISORY: GLSA 201203-10: http://www.gentoo.org/security/en/glsa/glsa-201203-10.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libmikmod: User-assisted execution of arbitrary code Date: March 06, 2012 Bugs: #335892 ID: 201203-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple buffer overflow vulnerabilities in libmikmod may allow an attacker to execute arbitrary code or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All libmikmod 3.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=media-libs/libmikmod-3.2.0_beta2-r3" All libmikmod 3.1 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libmikmod-3.1.12-r1"= Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages. References ========== [ 1 ] CVE-2010-2546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2546 [ 2 ] CVE-2010-2971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2971 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201203-10.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus. WebKit is prone to a remote code-execution vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application. This issue has been addressed in Apple Safari 5.0.1 and 4.1.1. NOTE: This issue was previously covered in BID 42020 (Apple Safari Prior to 5.0.1 and 4.1.1 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. The updated packages have been upgraded to the latest version (1.2.7) to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Multiple packages, Multiple vulnerabilities fixed in 2011 Date: December 11, 2014 Bugs: #194151, #294253, #294256, #334087, #344059, #346897, #350598, #352608, #354209, #355207, #356893, #358611, #358785, #358789, #360891, #361397, #362185, #366697, #366699, #369069, #370839, #372971, #376793, #381169, #386321, #386361 ID: 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information. Background ========== For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 games-sports/racer-bin >= 0.5.0-r1 Vulnerable! 2 media-libs/fmod < 4.38.00 >= 4.38.00 3 dev-php/PEAR-Mail < 1.2.0 >= 1.2.0 4 sys-fs/lvm2 < 2.02.72 >= 2.02.72 5 app-office/gnucash < 2.4.4 >= 2.4.4 6 media-libs/xine-lib < 1.1.19 >= 1.1.19 7 media-sound/lastfmplayer < 1.5.4.26862-r3 >= 1.5.4.26862-r3 8 net-libs/webkit-gtk < 1.2.7 >= 1.2.7 9 sys-apps/shadow < 4.1.4.3 >= 4.1.4.3 10 dev-php/PEAR-PEAR < 1.9.2-r1 >= 1.9.2-r1 11 dev-db/unixODBC < 2.3.0-r1 >= 2.3.0-r1 12 sys-cluster/resource-agents < 1.0.4-r1 >= 1.0.4-r1 13 net-misc/mrouted < 3.9.5 >= 3.9.5 14 net-misc/rsync < 3.0.8 >= 3.0.8 15 dev-libs/xmlsec < 1.2.17 >= 1.2.17 16 x11-apps/xrdb < 1.0.9 >= 1.0.9 17 net-misc/vino < 2.32.2 >= 2.32.2 18 dev-util/oprofile < 0.9.6-r1 >= 0.9.6-r1 19 app-admin/syslog-ng < 3.2.4 >= 3.2.4 20 net-analyzer/sflowtool < 3.20 >= 3.20 21 gnome-base/gdm < 3.8.4-r3 >= 3.8.4-r3 22 net-libs/libsoup < 2.34.3 >= 2.34.3 23 app-misc/ca-certificates < 20110502-r1 >= 20110502-r1 24 dev-vcs/gitolite < 1.5.9.1 >= 1.5.9.1 25 dev-util/qt-creator < 2.1.0 >= 2.1.0 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 25 affected packages Description =========== Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. * FMOD Studio * PEAR Mail * LVM2 * GnuCash * xine-lib * Last.fm Scrobbler * WebKitGTK+ * shadow tool suite * PEAR * unixODBC * Resource Agents * mrouted * rsync * XML Security Library * xrdb * Vino * OProfile * syslog-ng * sFlow Toolkit * GNOME Display Manager * libsoup * CA Certificates * Gitolite * QtCreator * Racer Impact ====== A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround ========== There are no known workarounds at this time. Resolution ========== All FMOD Studio users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/fmod-4.38.00" All PEAR Mail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-Mail-1.2.0" All LVM2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-fs/lvm2-2.02.72" All GnuCash users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-office/gnucash-2.4.4" All xine-lib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.19" All Last.fm Scrobbler users should upgrade to the latest version: # emerge --sync # emerge -a --oneshot -v ">=media-sound/lastfmplayer-1.5.4.26862-r3" All WebKitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-1.2.7" All shadow tool suite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.1.4.3" All PEAR users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-PEAR-1.9.2-r1" All unixODBC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/unixODBC-2.3.0-r1" All Resource Agents users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=sys-cluster/resource-agents-1.0.4-r1" All mrouted users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/mrouted-3.9.5" All rsync users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.0.8" All XML Security Library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/xmlsec-1.2.17" All xrdb users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-apps/xrdb-1.0.9" All Vino users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/vino-2.32.2" All OProfile users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/oprofile-0.9.6-r1" All syslog-ng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-3.2.4" All sFlow Toolkit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/sflowtool-3.20" All GNOME Display Manager users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=gnome-base/gdm-3.8.4-r3" All libsoup users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/libsoup-2.34.3" All CA Certificates users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-misc/ca-certificates-20110502-r1" All Gitolite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/gitolite-1.5.9.1" All QtCreator users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/qt-creator-2.1.0" Gentoo has discontinued support for Racer. We recommend that users unmerge Racer: # emerge --unmerge "games-sports/racer-bin" NOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2012. It is likely that your system is already no longer affected by these issues. References ========== [ 1 ] CVE-2007-4370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4370 [ 2 ] CVE-2009-4023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4023 [ 3 ] CVE-2009-4111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4111 [ 4 ] CVE-2010-0778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0778 [ 5 ] CVE-2010-1780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1780 [ 6 ] CVE-2010-1782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1782 [ 7 ] CVE-2010-1783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1783 [ 8 ] CVE-2010-1784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1784 [ 9 ] CVE-2010-1785 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1785 [ 10 ] CVE-2010-1786 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1786 [ 11 ] CVE-2010-1787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1787 [ 12 ] CVE-2010-1788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1788 [ 13 ] CVE-2010-1790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1790 [ 14 ] CVE-2010-1791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1791 [ 15 ] CVE-2010-1792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1792 [ 16 ] CVE-2010-1793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1793 [ 17 ] CVE-2010-1807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1807 [ 18 ] CVE-2010-1812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1812 [ 19 ] CVE-2010-1814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1814 [ 20 ] CVE-2010-1815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1815 [ 21 ] CVE-2010-2526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2526 [ 22 ] CVE-2010-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2901 [ 23 ] CVE-2010-3255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3255 [ 24 ] CVE-2010-3257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3257 [ 25 ] CVE-2010-3259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3259 [ 26 ] CVE-2010-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3362 [ 27 ] CVE-2010-3374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3374 [ 28 ] CVE-2010-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3389 [ 29 ] CVE-2010-3812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3812 [ 30 ] CVE-2010-3813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3813 [ 31 ] CVE-2010-3999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3999 [ 32 ] CVE-2010-4042 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4042 [ 33 ] CVE-2010-4197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4197 [ 34 ] CVE-2010-4198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4198 [ 35 ] CVE-2010-4204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4204 [ 36 ] CVE-2010-4206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4206 [ 37 ] CVE-2010-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4492 [ 38 ] CVE-2010-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4493 [ 39 ] CVE-2010-4577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4577 [ 40 ] CVE-2010-4578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4578 [ 41 ] CVE-2011-0007 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0007 [ 42 ] CVE-2011-0465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0465 [ 43 ] CVE-2011-0482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0482 [ 44 ] CVE-2011-0721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0721 [ 45 ] CVE-2011-0727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0727 [ 46 ] CVE-2011-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0904 [ 47 ] CVE-2011-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0905 [ 48 ] CVE-2011-1072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1072 [ 49 ] CVE-2011-1097 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1097 [ 50 ] CVE-2011-1144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1144 [ 51 ] CVE-2011-1425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1425 [ 52 ] CVE-2011-1572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1572 [ 53 ] CVE-2011-1760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1760 [ 54 ] CVE-2011-1951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1951 [ 55 ] CVE-2011-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2471 [ 56 ] CVE-2011-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2472 [ 57 ] CVE-2011-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2473 [ 58 ] CVE-2011-2524 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2524 [ 59 ] CVE-2011-3365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3365 [ 60 ] CVE-2011-3366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3366 [ 61 ] CVE-2011-3367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3367 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5