VARIoT IoT vulnerabilities database
| VAR-200906-0191 | CVE-2009-2062 | Apple Safari In https Any in the site context Web Script execution vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. Multiple browsers are prone to a man-in-the-middle vulnerability.
Attackers may exploit this vulnerability to aid in phishing attacks or to obtain sensitive information. Other attacks are also possible. Note that to take advantage of this issue, an attacker must be able to intercept or control network traffic. This would normally be possible through a man-in-the-middle attack, DNS poisoning, or similar vectors.
The following are vulnerable:
Mozilla Firefox prior to 3.0.10
Apple Safari prior to 3.2.2
Opera prior to 9.25
Additional browsers may also be affected. A man-in-the-middle attacker can modify the content of an http site by modifying the response of the content and causing an attack on any http network site. A 302 redirect message to execute arbitrary web scripts
| VAR-200904-0511 | CVE-2009-1348 | McAfee VirusScan Used in products such as AV Vulnerabilities that can be avoided in the engine |
CVSS V2: 7.6 CVSS V3: - Severity: HIGH |
The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, Internet Security, SecurityShield for Microsoft ISA Server, Security for Microsoft Sharepoint, Security for Email Servers, Email Gateway, and Active Virus Defense allows remote attackers to bypass virus detection via (1) an invalid Headflags field in a malformed RAR archive, (2) an invalid Packsize field in a malformed RAR archive, or (3) an invalid Filelength field in a malformed ZIP archive. Multiple McAfee products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine.
Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect.
The issue affects all McAfee software that uses DAT files. ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Highlights from the 2008 report:
* Vulnerability Research
* Software Inspection Results
* Secunia Research Highlights
* Secunia Advisory Statistics
Request the full 2008 Report here:
http://secunia.com/advisories/try_vi/request_2008_report/
Stay Secure,
Secunia
----------------------------------------------------------------------
TITLE:
McAfee Products Archive Handling Security Bypass
SECUNIA ADVISORY ID:
SA34949
VERIFY ADVISORY:
http://secunia.com/advisories/34949/
DESCRIPTION:
Some weaknesses have been reported in various McAfee products, which
can be exploited by malware to bypass the scanning functionality.
The weaknesses are caused due to errors in the handling of archive
file formats (e.g.
SOLUTION:
Update .DAT files to DAT 5600 or later.
http://www.mcafee.com/apps/downloads/security_updates/dat.asp
PROVIDED AND/OR DISCOVERED BY:
* Thierry Zoller
* The vendor also credits Mickael Roger.
ORIGINAL ADVISORY:
McAfee:
https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT
Thierry Zoller:
http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ________________________________________________________________________
From the low-hanging-fruit-department - Mcafee multiple generic evasions
________________________________________________________________________
Release mode: Coordinated but limited disclosure.
Ref : TZO-182009 - Mcafee multiple generic evasions
WWW : http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html
Vendor : http://www.mcafee.com
Status : Patched
CVE : CVE-2009-1348 (provided by mcafee)
https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT
Security notification reaction rating : very good
Notification to patch window : +-27 days (Eastern holidays in between)
Disclosure Policy :
http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html
Affected products :
- McAfee VirusScan\xae Plus 2009
- McAfee Total Protection\x99 2009
- McAfee Internet Security
- McAfee VirusScan USB
- McAfee VirusScan Enterprise
- McAfee VirusScan Enterprise Linux
- McAfee VirusScan Enterprise for SAP
- McAfee VirusScan Enterprise for Storage
- McAfee VirusScan Commandline
- Mcafee SecurityShield for Microsoft ISA Server
- Mcafee Security for Microsoft Sharepoint
- Mcafee Security for Email Servers
- McAfee Email Gateyway
- McAfee Total Protection for Endpoint
- McAfee Active Virus Defense
- McAfee Active VirusScan
It is unkown whether SaaS were affected (tough likely) :
- McAfee Email Security Service
- McAfee Total Protection Service Advanced
I. Background
~~~~~~~~~~~~~
Quote: "McAfee proactively secures systems and networks from known
and as yet undiscovered threats worldwide. Home users, businesses,
service providers, government agencies, and our partners all trust
our unmatched security expertise and have confidence in our
comprehensive and proven solutions to effectively block attacks
and prevent disruptions."
II. Description
~~~~~~~~~~~~~~~
The parsing engine can be bypassed by a specially crafted and formated
RAR (Headflags and Packsize),ZIP (Filelenght) archive.
III. Impact
~~~~~~~~~~~
A general description of the impact and nature of AV Bypasses/evasions
can be read at :
http://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html
The bug results in denying the engine the possibility to inspect
code within RAR and ZIP archives. There is no inspection of the content
at all and hence the impossibility to detect malicious code.
IV. Disclosure timeline
~~~~~~~~~~~~~~~~~~~~~~~~~
DD/MM/YYYY
04/04/2009 : Send proof of concept RAR I, description the terms under which
I cooperate and the planned disclosure date
06/04/2009 : Send proof of concept RAR II, description the terms under which
I cooperate and the planned disclosure date
06/04/2009 : Mcafee acknowledges receipt and reproduction of RAR I, ack
acknowledges receipt of RARII
10/04/2009 : Send proof of concept ZIP I, description the terms under which
I cooperate and the planned disclosure date
21/04/2009 : Mcafee provides CVE number CVE-2009-1348
28/04/2009 : Mcafee informs me that the patch might be released on the 29th
29/04/2009 : Mcafee confirms patch release and provides URL
https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT
29/04/2009 : Ask for affected versions
29/04/2009 : Mcafee replies " This issue does affect all vs engine products, including
both gateway and endpoint"
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/. Description
~~~~~~~~~~~~~~~
Improper parsing of the PDF structure leads to evasion of detection of
malicious PDF documents at scantime and runtime.
This has been tested with several malicious PDF files and represents
a generic evasion of all PDF signatures and heuristics.
General information about evasion/bypasses can be found at :
http://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html
III. Impact
~~~~~~~~~~~
Known PDF exploits/malware may evade signature detection, 0day exploits
may evade heuristics. Disclosure timeline
~~~~~~~~~~~~~~~~~~~~~~~~~
DD.MM.YYYY
01.06.2009 - Reported
20.10.2009 - McAfee informed us that they published the advisory on their website
< waiting for others vendors to patch >
27.10.2009 - G-SEC releases this advisory
About G-SEC
~~~~~~~~~~~
G-SEC\x99 is a vendor independent luxemburgish led IT security consulting
group. More information available at : http://www.g-sec.lu/
_______________________________________________
Full-Disclosure - We believe in it. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia
| VAR-200905-0194 | CVE-2009-1572 | Quagga of BGP Service disruption in daemon ( crash ) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: Medium |
The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error. Quagga is prone to a remote denial-of-service vulnerability.
Exploiting this issue allows remote attackers to cause the vulnerable process to crash, denying further service to legitimate users.
Quagga 0.99.11 is vulnerable; other versions may also be affected. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
-- Debian GNU/Linux 5.0 alias lenny --
Source archives:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz
Size/MD5 checksum: 2424191 c7a2d92e1c42214afef9b2e1cd4b5d06
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.diff.gz
Size/MD5 checksum: 40070 b72e19ed913b32923cf4ef293c67f71c
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.dsc
Size/MD5 checksum: 1651 a8ef80d57fd5a5a5b08c7ccc70e6a179
Architecture independent packages:
http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny2_all.deb
Size/MD5 checksum: 661226 720947423143cb35eb5c26a0d420066b
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_alpha.deb
Size/MD5 checksum: 1902736 570becd04ecb3dd8a0581010884928df
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_amd64.deb
Size/MD5 checksum: 1748838 f3fcd731d119c422463c36bb4f08be1a
arm architecture (ARM)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_arm.deb
Size/MD5 checksum: 1449222 6b654e2d4e1a4f00169309ebbbd3dbf9
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_hppa.deb
Size/MD5 checksum: 1681872 8894106d57df0a3d92bb84f148150c2d
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_i386.deb
Size/MD5 checksum: 1606310 80046937a2da8a949a8167f753a583ce
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_mipsel.deb
Size/MD5 checksum: 1600660 716f61415932929c2f668f99faea448e
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_powerpc.deb
Size/MD5 checksum: 1715848 995194031d563994b7d77018d8a4ca3e
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_s390.deb
Size/MD5 checksum: 1794568 b1b47e8dae153461f73c98a61c653e1e
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_sparc.deb
Size/MD5 checksum: 1670342 18f98f0978f510ac18636ca1ccc9dfe7
-- Debian GNU/Linux unstable alias sid --
Fixed in version 0.99.11-2.
Updated packages are available that bring Quagga to version 0.99.12
which provides numerous bugfixes over the previous 0.99.9 version,
and also corrects this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1572
_______________________________________________________________________
Updated Packages:
Corporate 4.0:
48c1d2504e08d2a26ac6ace2bc01124d corporate/4.0/i586/libquagga0-0.99.12-0.1.20060mlcs4.i586.rpm
df93a452f47b8926f65a51231dd11f36 corporate/4.0/i586/libquagga0-devel-0.99.12-0.1.20060mlcs4.i586.rpm
d2386e488423fbb81e44cb6dda4de9df corporate/4.0/i586/quagga-0.99.12-0.1.20060mlcs4.i586.rpm
d4b9c5e2cec03ce49a76adcfe0e4a42e corporate/4.0/i586/quagga-contrib-0.99.12-0.1.20060mlcs4.i586.rpm
15e76c29c25f7730eae72c18da15b772 corporate/4.0/SRPMS/quagga-0.99.12-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
afc986d05e0bde73541f0cfe5b147d2c corporate/4.0/x86_64/lib64quagga0-0.99.12-0.1.20060mlcs4.x86_64.rpm
4cc0bec07f2b919abeac75dc06d7f3c0 corporate/4.0/x86_64/lib64quagga0-devel-0.99.12-0.1.20060mlcs4.x86_64.rpm
3d606fef235993483e9a448665e4e377 corporate/4.0/x86_64/quagga-0.99.12-0.1.20060mlcs4.x86_64.rpm
f549ced36115d6609ac835c5aca0863d corporate/4.0/x86_64/quagga-contrib-0.99.12-0.1.20060mlcs4.x86_64.rpm
15e76c29c25f7730eae72c18da15b772 corporate/4.0/SRPMS/quagga-0.99.12-0.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKBsjAmqjQ0CJFipgRAkoyAJ4o+uz6I6p3tycZQfB5GbqTsTL5TwCgjJHK
lIRHZW4+jB0P4UXMSyVUpxo=
=2fxe
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. ===========================================================
Ubuntu Security Notice USN-775-1 May 12, 2009
quagga vulnerability
CVE-2009-1572
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
quagga 0.99.2-1ubuntu3.5
Ubuntu 8.04 LTS:
quagga 0.99.9-2ubuntu1.2
Ubuntu 8.10:
quagga 0.99.9-6ubuntu0.1
Ubuntu 9.04:
quagga 0.99.11-1ubuntu0.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that the BGP service in Quagga did not correctly
handle certain AS paths containing 4-byte ASNs. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
SUSE Update for Multiple Packages
SECUNIA ADVISORY ID:
SA35685
VERIFY ADVISORY:
http://secunia.com/advisories/35685/
DESCRIPTION:
SUSE has issued an update for multiple packages. This fixes some
vulnerabilities, which can be exploited by malicious users to
disclose sensitive information, manipulate certain data, and by
malicious people to disclose sensitive information, cause a DoS
(Denial of Service), and potentially compromise a vulnerable system.
For more information:
SA33338
SA33853
SA33884
SA34035
SA34481
SA34746
SA34797
SA35021
SA35128
SA35216
SA35296
SA35344
SA35422
1) A boundary error exists within the "pg_db_putline()" function in
perl-DBD-Pg's dbdimp.c. This can be exploited to cause a heap-based
buffer overflow if malicious rows are retrieved from the database
using the "pg_getline()" or "getline()" function.
2) A memory leak exists within the function "dequote_bytea()" in
perl-DBD-Pg's quote.c, which can be exploited to cause a memory
exhaustion.
3) Various integer overflow errors exist within the "pdftops"
application. This can be exploited to e.g. cause a crash or
potentially execute arbitrary code by printing a specially crafted
PDF file.
4) A vulnerability is caused due to an assertion error in bgpd when
handling an AS path containing multiple 4 byte AS numbers, which can
be exploited to crash to the daemon by advertising specially crafted
AS paths.
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server.
ORIGINAL ADVISORY:
SUSE-SR:2009:012:
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
OTHER REFERENCES:
SA33338:
http://secunia.com/advisories/33338/
SA33853:
http://secunia.com/advisories/33853/
SA33884:
http://secunia.com/advisories/33884/
SA34035:
http://secunia.com/advisories/34035/
SA34481:
http://secunia.com/advisories/34481/
SA34746:
http://secunia.com/advisories/34746/
SA34797:
http://secunia.com/advisories/34797/
SA35021:
http://secunia.com/advisories/35021/
SA35128:
http://secunia.com/advisories/35128/
SA35216:
http://secunia.com/advisories/35216/
SA35296:
http://secunia.com/advisories/35296/
SA35344:
http://secunia.com/advisories/35344/
SA35422:
http://secunia.com/advisories/35422/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200904-0687 | No CVE | Multiple Trend Micro Products RAR/ZIP/CAB Files Scan Evasion Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Multiple Trend Micro products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine.
Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect.
ServerProtect for Microsoft Windows/Novell NetWare
ServerProtect for EMC Celerra
ServerProtect for NetApp
ServerProtect for Linux
ServerProtect for Network Appliance Filers
Internet Security Pro Internet Security
OfficeScan Component
Worry Free Business Security - Standard
Worry Free Business Security - Advanced
Worry Free Business Security Hosted
Housecall
InterScan Web Security Suite
InterScan Web Protect for ISA
InterScan Messaging Security Appliance
Neatsuite Advanced
ScanMail for Exchange
ScanMail for Domino Suites
| VAR-200907-0162 | CVE-2009-2452 | Citrix Licensing Vulnerabilities in unknown details |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Multiple unspecified vulnerabilities in Citrix Licensing 11.5 have unknown impact and attack vectors, related to "underlying components of the License Management Console.".
The impact of this vulnerability is currently unknown.
Very few details are available regarding this issue. We will update this BID as more information emerges.
Citrix Licensing 11.5 is vulnerable. ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia
report for 2008.
SOLUTION:
Update to the latest version of the Licensing Server.
https://www.citrix.com/site/SS/downloads/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://support.citrix.com/article/CTX120742
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200904-0554 | CVE-2009-1480 | index.php Pragyan CMS In SQL Injection vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors. Pragyan CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Pragyan CMS 2.6.4 is vulnerable; other versions may also be affected
| VAR-200905-0178 | CVE-2009-1605 | SumatraPDF Heap-based buffer overflow vulnerability |
CVSS V2: 9.3 CVSS V3: 5.4 Severity: HIGH |
Heap-based buffer overflow in the loadexponentialfunc function in mupdf/pdf_function.c in MuPDF in the mupdf-20090223-win32 package, as used in SumatraPDF 0.9.3 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: some of these details are obtained from third party information. MuPDF is prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application or crash the application, denying service to legitimate users. ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Highlights from the 2008 report:
* Vulnerability Research
* Software Inspection Results
* Secunia Research Highlights
* Secunia Advisory Statistics
Request the full 2008 Report here:
http://secunia.com/advisories/try_vi/request_2008_report/
Stay Secure,
Secunia
----------------------------------------------------------------------
TITLE:
MuPDF "loadexponentialfunc()" Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA34916
VERIFY ADVISORY:
http://secunia.com/advisories/34916/
DESCRIPTION:
c has discovered a vulnerability in MuPDF, which can be exploited by
malicious people to potentially compromise an application using the
library.
The vulnerability is caused due to a boundary error within the
"loadexponentialfunc()" function in pdf_function.c.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is confirmed in the MuPDF library included in the
mupdf-20090223-win32 package. Other versions may also be affected.
SOLUTION:
Do not process untrusted PDF files using the library.
PROVIDED AND/OR DISCOVERED BY:
c
ORIGINAL ADVISORY:
http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0258.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200905-0190 | CVE-2009-1558 | Cisco Linksys WVC54GCA Wireless camcorder adm/file.cgi Vulnerable to directory traversal |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter. Linksys WVC54GCA Wireless-G Internet Home Monitoring Camera is prone to multiple directory-traversal vulnerabilities because the software fails to sufficiently sanitize user-supplied input.
An attacker can exploit these issues using directory-traversal strings ('../') to download arbitrary files with the privileges of the server process. Information obtained may aid in further attacks.
Linksys WVC54GCA Wireless-G Internet Home Monitoring Camera firmware 1.00R22 and 1.00R24 are affected; other versions may also be vulnerable. The Linksys WVC54GCA is a wireless network camera
| VAR-200904-0218 | CVE-2009-0064 | Symantec Brightmail Gateway Appliance of Control Center Vulnerability gained in |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
Multiple unspecified vulnerabilities in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allow remote authenticated users to gain privileges, and possibly obtain sensitive information or hijack sessions of arbitrary users, via vectors involving (1) administrative scripts or (2) console functions. Symantec Brightmail Gateway is prone to a remote privilege-escalation vulnerability.
Remote authorized attackers who have access to the targeted host's local network can exploit this issue to gain elevated access. Successful exploits may compromise the affected computer and may aid in other attacks.
Versions prior to Brightmail Gateway 8.0.1 are vulnerable. Brightmail Gateway is Symantec's information security management platform. ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Highlights from the 2008 report:
* Vulnerability Research
* Software Inspection Results
* Secunia Research Highlights
* Secunia Advisory Statistics
Request the full 2008 Report here:
http://secunia.com/advisories/try_vi/request_2008_report/
Stay Secure,
Secunia
----------------------------------------------------------------------
TITLE:
Symantec Brightmail Gateway Control Center Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA34885
VERIFY ADVISORY:
http://secunia.com/advisories/34885/
DESCRIPTION:
Some vulnerabilities have been reported in Symantec Brightmail
Gateway, which can be exploited by malicious people to conduct
cross-site scripting attacks and by malicious users to bypass certain
security restrictions.
1) Certain unspecified input passed to the Control Center is not
properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.
SOLUTION:
Update to version 8.0.1 or later.
PROVIDED AND/OR DISCOVERED BY:
Marian Ventuneac, Perot Systems
ORIGINAL ADVISORY:
SYM09-005:
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200905-0191 | CVE-2009-1559 | Cisco Linksys WVC54GCA On wireless camcorder adm/file.cgi Vulnerable to absolute path traversal |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Absolute path traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R24 and possibly 1.00R22 allows remote attackers to read arbitrary files via an absolute pathname in the this_file parameter. NOTE: traversal via a .. (dot dot) is probably also possible. Wvc54gca is prone to a directory traversal vulnerability. Linksys WVC54GCA Wireless-G Internet Home Monitoring Camera is prone to multiple directory-traversal vulnerabilities because the software fails to sufficiently sanitize user-supplied input.
An attacker can exploit these issues using directory-traversal strings ('../') to download arbitrary files with the privileges of the server process. Information obtained may aid in further attacks.
Linksys WVC54GCA Wireless-G Internet Home Monitoring Camera firmware 1.00R22 and 1.00R24 are affected; other versions may also be vulnerable. The Linksys WVC54GCA is a wireless network camera
| VAR-200905-0155 | CVE-2009-1632 |
Ipsec-tools Certificate validation and NAT-Traversal Service disruption in (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-200904-0796, VAR-E-200904-0795 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c. IPsec-Tools is affected by multiple remote denial-of-service vulnerabilities because the software fails to properly handle certain network packets.
A successful attack allows a remote attacker to cause the application to crash or to consume excessive memory, denying further service to legitimate users.
Versions prior to IPsec-Tools 0.7.2 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200905-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: IPSec Tools: Denial of Service
Date: May 24, 2009
Bugs: #267135
ID: 200905-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple errors in the IPSec Tools racoon daemon might allow remote
attackers to cause a Denial of Service.
Background
==========
The IPSec Tools are a port of KAME's IPsec utilities to the Linux-2.6
IPsec implementation. They include racoon, an Internet Key Exchange
daemon for automatically keying IPsec connections.
Impact
======
A remote attacker could send specially crafted fragmented ISAKMP
packets without a payload or exploit vectors related to X.509
certificate authentication and NAT traversal, possibly resulting in a
crash of the racoon daemon.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All IPSec Tools users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-firewall/ipsec-tools-0.7.2"
References
==========
[ 1 ] CVE-2009-1574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1574
[ 2 ] CVE-2009-1632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1632
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200905-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA-1804-1 security@debian.org
http://www.debian.org/security/ Nico Golde
May 20th, 2009 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : ipsec-tools
Vulnerability : null pointer dereference, memory leaks
Problem type : remote
Debian-specific: no
Debian bug : 527634 528933
CVE ID : CVE-2009-1574 CVE-2009-1632
Several remote vulnerabilities have been discovered in racoon, the Internet Key
Exchange daemon of ipsec-tools. The The Common Vulnerabilities and Exposures
project identified the following problems:
Neil Kettle discovered a NULL pointer dereference on crafted fragmented packets
that contain no payload. This results in the daemon crashing which can be used
for denial of service attacks (CVE-2009-1574).
For the oldstable distribution (etch), this problem has been fixed in
version 0.6.6-3.1etch3.
For the stable distribution (lenny), this problem has been fixed in
version 0.7.1-1.3+lenny2.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 1:0.7.1-1.5.
We recommend that you upgrade your ipsec-tools packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3.dsc
Size/MD5 checksum: 722 8b561cf84ac9c46ec07b037ce3ad06f1
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3.diff.gz
Size/MD5 checksum: 49875 7444fb4ad448ccfffe878801a2b88d2e
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_amd64.deb
Size/MD5 checksum: 343790 9cee9f8c479a3a2952d2913d7bdc4c5d
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_amd64.deb
Size/MD5 checksum: 89184 5ccd4554eec28da6d933dc20a8a39393
arm architecture (ARM)
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_arm.deb
Size/MD5 checksum: 325706 9ce7988b74bccee252be7dac7ac8b5f7
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_arm.deb
Size/MD5 checksum: 89748 513ded0e4a33200710444e1bf4ab67d8
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_hppa.deb
Size/MD5 checksum: 353066 c56644b426ae945ca420d4ca37fc3f2a
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_hppa.deb
Size/MD5 checksum: 94092 80b46b6fd60e857c84c588432b098957
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_i386.deb
Size/MD5 checksum: 330258 b905d30958bd5c51d355f286f81b8be1
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_i386.deb
Size/MD5 checksum: 85046 294ccbc4b51e4942edaeec7cd746dfa3
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_ia64.deb
Size/MD5 checksum: 113356 111f0daa2075584c100efc9c11ecef73
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_ia64.deb
Size/MD5 checksum: 468296 bd4d69b5e0d4ee39ec564e1304f7649c
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_mips.deb
Size/MD5 checksum: 89018 b6af57d65d43a7433132bee9657ba608
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_mips.deb
Size/MD5 checksum: 344558 aba2d85d5196c2a46555ad9e478d338a
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_mipsel.deb
Size/MD5 checksum: 346856 97e04d97bdd55f852392d7461bad7f4d
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_mipsel.deb
Size/MD5 checksum: 90308 9e780cda3df3384d0f1e33637d003f21
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_powerpc.deb
Size/MD5 checksum: 91048 98174626d8ad1fba940c81001c337a4f
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_powerpc.deb
Size/MD5 checksum: 337266 9f636e6d8904103b0096a4eed99e9cae
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_s390.deb
Size/MD5 checksum: 341586 b42ddbad323dcdbd775d502f786ab449
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_s390.deb
Size/MD5 checksum: 90750 62d4c3e618a6c69d532b8d8d33bb27b9
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_sparc.deb
Size/MD5 checksum: 85710 9f1f526be4f2df4eb64d46023d87c6b3
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_sparc.deb
Size/MD5 checksum: 317136 38e50e9d97b46b51d12429b9ea727858
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2.diff.gz
Size/MD5 checksum: 49472 4bc8ba2bd520a7514f2c33021c64e8ce
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1.orig.tar.gz
Size/MD5 checksum: 1039057 ddff5ec5a06b804ca23dc41268368853
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2.dsc
Size/MD5 checksum: 1144 46d3f28156ee183512a451588ef414e4
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_alpha.deb
Size/MD5 checksum: 428532 052c13540da3fab19fdca83e9a389a39
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_alpha.deb
Size/MD5 checksum: 114088 78065dd99d3732291e8d499383af17d9
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_amd64.deb
Size/MD5 checksum: 409514 a421f12270f5b22639d67be8d2cc8b4e
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_amd64.deb
Size/MD5 checksum: 104612 9ec93c697cf64232728d0dd5658efac8
arm architecture (ARM)
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_arm.deb
Size/MD5 checksum: 104604 78fa45a7e0503e4ee87e7508294cb0b0
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_arm.deb
Size/MD5 checksum: 381692 f1943edf9599189d16a2f936fa971abc
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_armel.deb
Size/MD5 checksum: 387510 63ebe895d019d2362a0a11a0de0842c6
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_armel.deb
Size/MD5 checksum: 104268 6c224349c910ffce5bb892f2a06dc243
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_i386.deb
Size/MD5 checksum: 375004 5a43cbb6106d576ab686e9e4eb78c245
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_i386.deb
Size/MD5 checksum: 99098 6c81df8c4653265f10ad6abf68091329
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_ia64.deb
Size/MD5 checksum: 131288 dfa8646655028ae53bddad7f41e9f3a4
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_ia64.deb
Size/MD5 checksum: 544150 8e274b6b73125efe0fa8392398e0c5ea
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_mips.deb
Size/MD5 checksum: 103502 5bd00dfdef0862a63bb666ed949e26ef
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_mips.deb
Size/MD5 checksum: 388820 46fc10315192943b912126fe68ffeea9
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_mipsel.deb
Size/MD5 checksum: 104216 a271cb33c891084479ed441945672f14
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_mipsel.deb
Size/MD5 checksum: 390562 352f78906e08ddb861053dfed30640bf
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_powerpc.deb
Size/MD5 checksum: 403162 0210fa37088d78ee9aa53395aa0148e8
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_powerpc.deb
Size/MD5 checksum: 109438 26f043be5fb248d33b605d1987fa472a
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_s390.deb
Size/MD5 checksum: 107474 aa6203b0e9e6dacbe39520be6b849eea
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_s390.deb
Size/MD5 checksum: 399386 e965abdcf32838fff7753e789e703205
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_sparc.deb
Size/MD5 checksum: 102486 57b2e115a15e08518f00158c1fe36cf2
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_sparc.deb
Size/MD5 checksum: 373916 7e2278ac7b4f0b352814ad2f55b1213a
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoUDnMACgkQHYflSXNkfP8LtgCdF9LmW/TOn9JDPTVGlt+7dccI
3MYAoJVcwmqHztsGgCgBps9hyqzrQJ5l
=84V/
-----END PGP SIGNATURE-----
.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1632
_______________________________________________________________________
Updated Packages:
Corporate 4.0:
4ccc0eafc222a8a5976a0e9eebbc7499 corporate/4.0/i586/ipsec-tools-0.6.5-2.4.20060mlcs4.i586.rpm
f244df60a927a7aa4a539c2e8d9c699a corporate/4.0/i586/libipsec0-0.6.5-2.4.20060mlcs4.i586.rpm
95443caad35eb54d1f291f7368aac511 corporate/4.0/i586/libipsec0-devel-0.6.5-2.4.20060mlcs4.i586.rpm
0e9a4820ef81a4917d9c0a9c5befa27b corporate/4.0/SRPMS/ipsec-tools-0.6.5-2.4.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
a1ccfd8a891340f52aa2f64d69e46e47 corporate/4.0/x86_64/ipsec-tools-0.6.5-2.4.20060mlcs4.x86_64.rpm
44ed76407c8633fcea7f4a3ab94f1842 corporate/4.0/x86_64/lib64ipsec0-0.6.5-2.4.20060mlcs4.x86_64.rpm
d7a3ecf831ecfcbc1319558303a1be17 corporate/4.0/x86_64/lib64ipsec0-devel-0.6.5-2.4.20060mlcs4.x86_64.rpm
0e9a4820ef81a4917d9c0a9c5befa27b corporate/4.0/SRPMS/ipsec-tools-0.6.5-2.4.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
f43aaba27d5ff88b38db39ebeaaaf5cd mnf/2.0/i586/ipsec-tools-0.2.5-0.7.M20mdk.i586.rpm
fb19d1e75fd8f08ce9dc1586cdf9fa3b mnf/2.0/i586/libipsec-tools0-0.2.5-0.7.M20mdk.i586.rpm
2db168e39d44b361bab9ada981edaa90 mnf/2.0/SRPMS/ipsec-tools-0.2.5-0.7.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKETmdmqjQ0CJFipgRAloWAJ9wHsc3F9b0lI8E87n8+gT7j4t+jACg8OD2
obN0TVwX9QBtElK0wQeibi8=
=dlxS
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
SUSE Update for Multiple Packages
SECUNIA ADVISORY ID:
SA35685
VERIFY ADVISORY:
http://secunia.com/advisories/35685/
DESCRIPTION:
SUSE has issued an update for multiple packages. This fixes some
vulnerabilities, which can be exploited by malicious users to
disclose sensitive information, manipulate certain data, and by
malicious people to disclose sensitive information, cause a DoS
(Denial of Service), and potentially compromise a vulnerable system.
For more information:
SA33338
SA33853
SA33884
SA34035
SA34481
SA34746
SA34797
SA35021
SA35128
SA35216
SA35296
SA35344
SA35422
1) A boundary error exists within the "pg_db_putline()" function in
perl-DBD-Pg's dbdimp.c. This can be exploited to cause a heap-based
buffer overflow if malicious rows are retrieved from the database
using the "pg_getline()" or "getline()" function.
2) A memory leak exists within the function "dequote_bytea()" in
perl-DBD-Pg's quote.c, which can be exploited to cause a memory
exhaustion.
3) Various integer overflow errors exist within the "pdftops"
application. This can be exploited to e.g. cause a crash or
potentially execute arbitrary code by printing a specially crafted
PDF file.
4) A vulnerability is caused due to an assertion error in bgpd when
handling an AS path containing multiple 4 byte AS numbers, which can
be exploited to crash to the daemon by advertising specially crafted
AS paths.
SOLUTION:
Apply updated packages via YaST Online Update or the SUSE FTP server.
ORIGINAL ADVISORY:
SUSE-SR:2009:012:
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
OTHER REFERENCES:
SA33338:
http://secunia.com/advisories/33338/
SA33853:
http://secunia.com/advisories/33853/
SA33884:
http://secunia.com/advisories/33884/
SA34035:
http://secunia.com/advisories/34035/
SA34481:
http://secunia.com/advisories/34481/
SA34746:
http://secunia.com/advisories/34746/
SA34797:
http://secunia.com/advisories/34797/
SA35021:
http://secunia.com/advisories/35021/
SA35128:
http://secunia.com/advisories/35128/
SA35216:
http://secunia.com/advisories/35216/
SA35296:
http://secunia.com/advisories/35296/
SA35344:
http://secunia.com/advisories/35344/
SA35422:
http://secunia.com/advisories/35422/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ===========================================================
Ubuntu Security Notice USN-785-1 June 09, 2009
ipsec-tools vulnerabilities
CVE-2009-1574, CVE-2009-1632
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
racoon 1:0.6.5-4ubuntu1.3
Ubuntu 8.04 LTS:
racoon 1:0.6.7-1.1ubuntu1.2
Ubuntu 8.10:
racoon 1:0.7-2.1ubuntu1.8.10.1
Ubuntu 9.04:
racoon 1:0.7-2.1ubuntu1.9.04.1
In general, a standard system upgrade is sufficient to effect the
necessary changes. (CVE-2009-1574)
It was discovered that ipsec-tools did not properly handle memory usage
when verifying certificate signatures or processing nat-traversal
keep-alive messages. A remote attacker could send specially crafted packets
to the server and exhaust available memory, leading to a denial of service. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions
| VAR-200905-0196 | CVE-2009-1574 |
Ipsec-tools Service disruption in packet processing (DoS) Vulnerabilities
Related entries in the VARIoT exploits database: VAR-E-200904-0796, VAR-E-200904-0795 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference. Ipsec-tools of racoon/isakmp_frag.c Has a deficiency in handling fragmented packets with no payload, resulting in denial of service (DoS) There is a vulnerability that becomes a condition.Service operation disruption to a third party (DoS) There is a possibility of being put into a state. IPsec-Tools is affected by multiple remote denial-of-service vulnerabilities because the software fails to properly handle certain network packets.
Versions prior to IPsec-Tools 0.7.2 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2010-12-16-1 Time Capsule and AirPort Base Station
(802.11n) Firmware 7.5.2
Time Capsule and AirPort Base Station (802.11n) Firmware 7.5.2 is
now available and addresses the following:
CVE-ID: CVE-2008-4309
Available for: AirPort Extreme Base Station with 802.11n,
AirPort Express Base Station with 802.11n, Time Capsule
Impact: A remote attacker may terminate the operation of the SNMP
service
Description: An integer overflow exists in the
netsnmp_create_subtree_cache function. By default, the
'WAN SNMP' configuration option is disabled, and the SNMP service is
accessible only to other devices on the local network. This issue is
addressed by applying the Net-SNMP patches.
CVE-ID: CVE-2009-2189
Available for: AirPort Extreme Base Station with 802.11n,
AirPort Express Base Station with 802.11n, Time Capsule
Impact: Receiving a large number of IPv6 Router Advertisement (RA)
and Neighbor Discovery (ND) packets from a system on the local
network may cause the base station to restart
Description: A resource consumption issue exists in the base
station's handling of Router Advertisement (RA) and Neighbor
Discovery (ND) packets. A system on the local network may send a
large number of RA and ND packets that could exhaust the base
station's resources, causing it to restart unexpectedly. This issue
is addressed by rate limiting incoming ICMPv6 packets. Credit to
Shoichi Sakane of the KAME project, Kanai Akira of Internet Multifeed
Co., Shirahata Shin and Rodney Van Meter of Keio University, and
Tatuya Jinmei of Internet Systems Consortium, Inc. for reporting this
issue.
CVE-ID: CVE-2010-0039
Available for: AirPort Extreme Base Station with 802.11n,
AirPort Express Base Station with 802.11n, Time Capsule
Impact: An attacker may be able to query services behind an AirPort
Base Station or Time Capsule's NAT from the source IP of the router,
if any system behind the NAT has a portmapped FTP server
Description: The AirPort Extreme Base Station and Time Capsule's
Application-Level Gateway (ALG) rewrites incoming FTP traffic,
including PORT commands, to appear as if it is the source. An
attacker with write access to an FTP server inside the NAT may issue
a malicious PORT command, causing the ALG to send attacker-supplied
data to an IP and port behind the NAT. As the data is resent from the
Base Station, it could potentially bypass any IP-based restrictions
for the service. This issue is addressed by not rewriting inbound
PORT commands via the ALG. Credit to Sabahattin Gucukoglu for
reporting this issue. This issue is addressed
through improved validation of fragmented ISAKMP packets.
CVE-ID: CVE-2010-1804
Available for: AirPort Extreme Base Station with 802.11n,
AirPort Express Base Station with 802.11n, Time Capsule
Impact: A remote attacker may cause the device to stop processing
network traffic
Description: An implementation issue exists in the network bridge.
Sending a maliciously crafted DHCP reply to the device may cause it
to stop responding to network traffic. This issue affects devices
that have been configured to act as a bridge, or are configured in
Network Address Translation (NAT) mode with a default host enabled.
By default, the device operates in NAT mode, and no default host is
configured. This update addresses the issue through improved handling
of DHCP packets on the network bridge. Credit to Stefan R. Filipek
for reporting this issue.
Installation note for Firmware version 7.5.2
Firmware version 7.5.2 is installed into Time Capsule or AirPort Base
Station with 802.11n via AirPort Utility, provided with the device.
It is recommended that AirPort Utility 5.5.2 be installed before
upgrading to Firmware version 7.5.2.
AirPort Utility 5.5.2 may be obtained through Apple's Software
Download site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
iQEcBAEBAgAGBQJNCWXyAAoJEGnF2JsdZQeevTQH/0856gTUzzmL371/nSkhn3qq
MCPQVaEMe8O/jy96nlskwzp3X0X0QmXePok1enp6QhDhHm0YL3a4q7YHd4zjm6mM
JUoVR4JJRSKOb1bVdEXqo+qG/PH7/5ywfrGas+MjOshMa3gnhYVee39N7Xtz0pHD
3ZllZRwGwad1sQLL7DhJKZ92z6t2GfHoJyK4LZNemkQAL1HyUu7Hj9SlljcVB+Ub
xNnpmBXJcCZzp4nRQM+fbLf6bdZ1ua5DTc1pXC8vETtxyHc53G/vLCu8SKBnTBlK
JmkpGwG5fXNuYLL8ArFUuEu3zhE7kfdeftUrEez3YeL2DgU9iB8m8RkuuSrVJEY=
=WPH8
-----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200905-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: IPSec Tools: Denial of Service
Date: May 24, 2009
Bugs: #267135
ID: 200905-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple errors in the IPSec Tools racoon daemon might allow remote
attackers to cause a Denial of Service.
Background
==========
The IPSec Tools are a port of KAME's IPsec utilities to the Linux-2.6
IPsec implementation. They include racoon, an Internet Key Exchange
daemon for automatically keying IPsec connections.
* Multiple memory leaks exist in (1) the eay_check_x509sign()
function in racoon/crypto_openssl.c and (2) racoon/nattraversal.c
(CVE-2009-1632).
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All IPSec Tools users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-firewall/ipsec-tools-0.7.2"
References
==========
[ 1 ] CVE-2009-1574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1574
[ 2 ] CVE-2009-1632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1632
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200905-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA-1804-1 security@debian.org
http://www.debian.org/security/ Nico Golde
May 20th, 2009 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : ipsec-tools
Vulnerability : null pointer dereference, memory leaks
Problem type : remote
Debian-specific: no
Debian bug : 527634 528933
CVE ID : CVE-2009-1574 CVE-2009-1632
Several remote vulnerabilities have been discovered in racoon, the Internet Key
Exchange daemon of ipsec-tools. This results in the daemon crashing which can be used
for denial of service attacks (CVE-2009-1574).
Various memory leaks in the X.509 certificate authentication handling and the
NAT-Traversal keepalive implementation can result in memory exhaustion and
thus denial of service (CVE-2009-1632).
For the oldstable distribution (etch), this problem has been fixed in
version 0.6.6-3.1etch3.
For the stable distribution (lenny), this problem has been fixed in
version 0.7.1-1.3+lenny2.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 1:0.7.1-1.5.
We recommend that you upgrade your ipsec-tools packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3.dsc
Size/MD5 checksum: 722 8b561cf84ac9c46ec07b037ce3ad06f1
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3.diff.gz
Size/MD5 checksum: 49875 7444fb4ad448ccfffe878801a2b88d2e
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_amd64.deb
Size/MD5 checksum: 343790 9cee9f8c479a3a2952d2913d7bdc4c5d
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_amd64.deb
Size/MD5 checksum: 89184 5ccd4554eec28da6d933dc20a8a39393
arm architecture (ARM)
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_arm.deb
Size/MD5 checksum: 325706 9ce7988b74bccee252be7dac7ac8b5f7
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_arm.deb
Size/MD5 checksum: 89748 513ded0e4a33200710444e1bf4ab67d8
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_hppa.deb
Size/MD5 checksum: 353066 c56644b426ae945ca420d4ca37fc3f2a
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_hppa.deb
Size/MD5 checksum: 94092 80b46b6fd60e857c84c588432b098957
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_i386.deb
Size/MD5 checksum: 330258 b905d30958bd5c51d355f286f81b8be1
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_i386.deb
Size/MD5 checksum: 85046 294ccbc4b51e4942edaeec7cd746dfa3
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_ia64.deb
Size/MD5 checksum: 113356 111f0daa2075584c100efc9c11ecef73
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_ia64.deb
Size/MD5 checksum: 468296 bd4d69b5e0d4ee39ec564e1304f7649c
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_mips.deb
Size/MD5 checksum: 89018 b6af57d65d43a7433132bee9657ba608
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_mips.deb
Size/MD5 checksum: 344558 aba2d85d5196c2a46555ad9e478d338a
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_mipsel.deb
Size/MD5 checksum: 346856 97e04d97bdd55f852392d7461bad7f4d
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_mipsel.deb
Size/MD5 checksum: 90308 9e780cda3df3384d0f1e33637d003f21
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_powerpc.deb
Size/MD5 checksum: 91048 98174626d8ad1fba940c81001c337a4f
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_powerpc.deb
Size/MD5 checksum: 337266 9f636e6d8904103b0096a4eed99e9cae
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_s390.deb
Size/MD5 checksum: 341586 b42ddbad323dcdbd775d502f786ab449
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_s390.deb
Size/MD5 checksum: 90750 62d4c3e618a6c69d532b8d8d33bb27b9
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_sparc.deb
Size/MD5 checksum: 85710 9f1f526be4f2df4eb64d46023d87c6b3
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_sparc.deb
Size/MD5 checksum: 317136 38e50e9d97b46b51d12429b9ea727858
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2.diff.gz
Size/MD5 checksum: 49472 4bc8ba2bd520a7514f2c33021c64e8ce
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1.orig.tar.gz
Size/MD5 checksum: 1039057 ddff5ec5a06b804ca23dc41268368853
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2.dsc
Size/MD5 checksum: 1144 46d3f28156ee183512a451588ef414e4
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_alpha.deb
Size/MD5 checksum: 428532 052c13540da3fab19fdca83e9a389a39
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_alpha.deb
Size/MD5 checksum: 114088 78065dd99d3732291e8d499383af17d9
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_amd64.deb
Size/MD5 checksum: 409514 a421f12270f5b22639d67be8d2cc8b4e
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_amd64.deb
Size/MD5 checksum: 104612 9ec93c697cf64232728d0dd5658efac8
arm architecture (ARM)
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_arm.deb
Size/MD5 checksum: 104604 78fa45a7e0503e4ee87e7508294cb0b0
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_arm.deb
Size/MD5 checksum: 381692 f1943edf9599189d16a2f936fa971abc
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_armel.deb
Size/MD5 checksum: 387510 63ebe895d019d2362a0a11a0de0842c6
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_armel.deb
Size/MD5 checksum: 104268 6c224349c910ffce5bb892f2a06dc243
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_i386.deb
Size/MD5 checksum: 375004 5a43cbb6106d576ab686e9e4eb78c245
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_i386.deb
Size/MD5 checksum: 99098 6c81df8c4653265f10ad6abf68091329
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_ia64.deb
Size/MD5 checksum: 131288 dfa8646655028ae53bddad7f41e9f3a4
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_ia64.deb
Size/MD5 checksum: 544150 8e274b6b73125efe0fa8392398e0c5ea
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_mips.deb
Size/MD5 checksum: 103502 5bd00dfdef0862a63bb666ed949e26ef
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_mips.deb
Size/MD5 checksum: 388820 46fc10315192943b912126fe68ffeea9
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_mipsel.deb
Size/MD5 checksum: 104216 a271cb33c891084479ed441945672f14
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_mipsel.deb
Size/MD5 checksum: 390562 352f78906e08ddb861053dfed30640bf
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_powerpc.deb
Size/MD5 checksum: 403162 0210fa37088d78ee9aa53395aa0148e8
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_powerpc.deb
Size/MD5 checksum: 109438 26f043be5fb248d33b605d1987fa472a
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_s390.deb
Size/MD5 checksum: 107474 aa6203b0e9e6dacbe39520be6b849eea
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_s390.deb
Size/MD5 checksum: 399386 e965abdcf32838fff7753e789e703205
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_sparc.deb
Size/MD5 checksum: 102486 57b2e115a15e08518f00158c1fe36cf2
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_sparc.deb
Size/MD5 checksum: 373916 7e2278ac7b4f0b352814ad2f55b1213a
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoUDnMACgkQHYflSXNkfP8LtgCdF9LmW/TOn9JDPTVGlt+7dccI
3MYAoJVcwmqHztsGgCgBps9hyqzrQJ5l
=84V/
-----END PGP SIGNATURE-----
.
Updated packages are available that brings ipsec-tools to version
0.7.2 for Mandriva Linux 2008.1/2009.0/2009.1 which provides numerous
bugfixes over the previous 0.7.1 version, and also corrects this
issue. ipsec-tools for Mandriva Linux Corporate Server 4 has been
patched to address this issue.
Additionally the flex package required for building ipsec-tools has
been fixed due to ipsec-tools build problems and is also available
with this update.
Update:
Packages for 2008.0 are being provided due to extended support for
Corporate products.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1574
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
8256debb7fe84394de70499907060de6 2008.0/i586/flex-2.5.33-2.1mdv2008.0.i586.rpm
c03c0f9fe8f564ea777b82789ac95f41 2008.0/i586/ipsec-tools-0.7.2-0.1mdv2008.0.i586.rpm
9da2195c693a7fe40f7afb3c5806aaca 2008.0/i586/libipsec0-0.7.2-0.1mdv2008.0.i586.rpm
29dcc9414a59cba30ce801b9fef416a6 2008.0/i586/libipsec-devel-0.7.2-0.1mdv2008.0.i586.rpm
b3ceeee8a3a36388d02426b77a45d862 2008.0/SRPMS/flex-2.5.33-2.1mdv2008.0.src.rpm
b0cb7993f29eac3d5f170c7cd3cf0cb5 2008.0/SRPMS/ipsec-tools-0.7.2-0.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
36c5d0eb92197c814b90c814d21d3372 2008.0/x86_64/flex-2.5.33-2.1mdv2008.0.x86_64.rpm
7a976c988badcb9fae93509acfe99aa2 2008.0/x86_64/ipsec-tools-0.7.2-0.1mdv2008.0.x86_64.rpm
85b8ed6e328b048c13eb503bfee8dcdc 2008.0/x86_64/lib64ipsec0-0.7.2-0.1mdv2008.0.x86_64.rpm
a22f34f1cfac38c9029eb032e3257285 2008.0/x86_64/lib64ipsec-devel-0.7.2-0.1mdv2008.0.x86_64.rpm
b3ceeee8a3a36388d02426b77a45d862 2008.0/SRPMS/flex-2.5.33-2.1mdv2008.0.src.rpm
b0cb7993f29eac3d5f170c7cd3cf0cb5 2008.0/SRPMS/ipsec-tools-0.7.2-0.1mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. ===========================================================
Ubuntu Security Notice USN-785-1 June 09, 2009
ipsec-tools vulnerabilities
CVE-2009-1574, CVE-2009-1632
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
racoon 1:0.6.5-4ubuntu1.3
Ubuntu 8.04 LTS:
racoon 1:0.6.7-1.1ubuntu1.2
Ubuntu 8.10:
racoon 1:0.7-2.1ubuntu1.8.10.1
Ubuntu 9.04:
racoon 1:0.7-2.1ubuntu1.9.04.1
In general, a standard system upgrade is sufficient to effect the
necessary changes. (CVE-2009-1574)
It was discovered that ipsec-tools did not properly handle memory usage
when verifying certificate signatures or processing nat-traversal
keep-alive messages
| VAR-200904-0235 | CVE-2009-0164 | CUPS In DNS Vulnerabilities that induce rebinding attacks |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks. CUPS is prone to an insufficient 'Host' header validation weakness.
An attacker can use this weakness to carry out certain attacks such as DNS rebinding against the vulnerable server.
I.
II. Impact
The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
denial of service, or privilege escalation.
III. These and other updates are available via Software
Update or via Apple Downloads.
IV. References
* Apple Security Update 2009-002 -
<http://support.apple.com/kb/HT3549>
* Safari 3.2.3 - <http://support.apple.com/kb/HT3550>
* Apple Downloads - <http://support.apple.com/downloads/>
* Software Update -
<https://support.apple.com/kb/HT1338?viewlocale=en_US>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-133A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA09-133A Feedback VU#175188" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 13, 2009: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSgsdiHIHljM+H4irAQIsGAf+IykbS/FD1X/R2ooezndAmZjrcT29XnpV
HO4DiMlKmqW+dUffk4mdJLVR7y8pwUuP4TbjwncoT39SDR9UoEankv7+Dao/qkM/
Jp0flkEpb5qtcIm9VnuWvpCE31OZZgwBwJ7f2WWzbBLqoZ5FIWAhCcW6E5v6mjVy
J+Z4BmHYUIapPLzGzV8+HT6/7LRNpg+mZoldEBUoXXjik8o78v5A7iGyMSXoaBlV
vL8N/3GG9a9xecLqbbv5N6ABsncHA9f/GzBnfJUqVHkUM1xnjqmgd7TZikObw+fJ
xcgWvmYmoRdCMzM3b1jPqWPDGJDbo0oHZM3J3hKE+opsLe9xChM1qA==
=dQ2L
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Are you missing:
SECUNIA ADVISORY ID:
Critical:
Impact:
Where:
within the advisory below?
This is now part of the Secunia commercial solutions.
Click here to learn more about our commercial solutions:
http://secunia.com/advisories/business_solutions/
Click here to trial our solutions:
http://secunia.com/advisories/try_vi/
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA35074
VERIFY ADVISORY:
http://secunia.com/advisories/35074/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) A vulnerability in Apache when handling FTP proxy requests can be
exploited by malicious people to conduct cross-site scripting
attacks.
For more information:
SA31384
2) A boundary error in the handling of Compact Font Format (CFF)
fonts in Apple Type Services can be exploited to cause a heap-based
buffer overflow when specially crafted document is downloaded or
viewed.
Successful exploitation allows execution of arbitrary code.
3) A vulnerability in BIND can potentially be exploited by malicious
people to conduct spoofing attacks.
For more information:
SA33404
4) An error in the parsing of Set-Cookie headers in CFNetwork can
result in applications using CFNetwork sending sensitive information
in unencrypted HTTP requests.
5) An unspecified error in the processing of HTTP headers in
CFNetwork can be exploited to cause a heap-based buffer overflow when
visiting a malicious web site.
Successful exploitation allows execution of arbitrary code.
6) Multiple errors exist in the processing of PDF files in
CoreGraphics, which can be exploited to corrupt memory and execute
arbitrary code via a specially crafted PDF file.
7) An integer underflow error in the processing of PDF files in
CoreGraphics can be exploited to cause a heap-based buffer overflow
when specially crafted PDF files is opened.
Successful exploitation allows execution of arbitrary code.
8) Multiple vulnerabilities in the processing of JBIG2 streams within
PDF files in CoreGraphics can be exploited by malicious people to
compromise a user's system.
For more information:
SA34291
9) Multiple vulnerabilities in cscope can be exploited by malicious
people to compromise a user's system.
For more information:
SA34978:
10) A boundary error in the handling of disk images can be exploited
to cause a stack-based buffer overflow when a specially crafted disk
image is mounted.
11) Multiple unspecified errors in the handling of disk images can be
exploited to cause memory corruptions when a specially crafted disk
image is mounted.
Successful exploitation of vulnerabilities #10 and #11 allows
execution of arbitrary code.
12) Multiple vulnerabilities in enscript can be exploited by
malicious people to compromise a vulnerable system.
For more information:
SA13968
SA32137
13) Multiple vulnerabilities in the Flash Player plugin can be
exploited by malicious people to compromise a user's system.
For more information:
SA34012
14) An error in Help Viewer when loading Cascading Style Sheets
referenced in URL parameters can be exploited to invoke arbitrary
AppleScript files.
15) A vulnerability exists due to Help Viewer not validating that
full paths to HTML documents are within registered help books, which
can be exploited to invoke arbitrary AppleScript files.
Successful exploitation of vulnerabilities #14 and #15 allows
execution of arbitrary code.
16) An error in iChat can result in AIM communication configured for
SSL to be sent in plaintext.
17) An error in the handling of certain character encodings in ICU
can be exploited to bypass filters on websites that attempt to
mitigate cross-site scripting.
18) Some vulnerabilities in IPSec can be exploited by malicious users
and malicious people to cause a DoS (Denial of Service).
For more information:
SA31450
SA31478
19) Multiple vulnerabilities in Kerberos can be exploited by
malicious people to potentially disclose sensitive information, cause
a DoS (Denial of Service), or potentially compromise a vulnerable
system.
For more information:
SA34347
20) An error in the handling of workqueues within the kernel can be
exploited by malicious, local users to cause a DoS or execute
arbitrary code with Kernel privileges.
21) An error in Launch Services can cause Finder to repeatedly
terminate and relaunch when a specially crafted Mach-O is
downloaded.
22) A vulnerability in libxml can be exploited by malicious people to
cause a DoS (Denial of Service) or potentially compromise an
application using the library.
For more information:
SA31558
23) A vulnerability in Net-SNMP can be exploited by malicious people
to cause a DoS (Denial of Service).
For more information:
SA32560
24) A vulnerability in Network Time can be exploited by malicious
people to conduct spoofing attacks.
For more information:
SA33406
25) A vulnerability in Network Time can be exploited by malicious
people to potentially compromise a user's system.
For more information:
SA34608
26) A vulnerability in Networking can be exploited by malicious
people to cause a DoS (Denial of Service).
For more information:
SA31745
27) A vulnerability in OpenSSL can be exploited by malicious people
to conduct spoofing attacks.
For more information:
SA33338
28) Some vulnerabilities in PHP can be exploited by malicious people
to cause a DoS (Denial of Service) or potentially compromise a
vulnerable system, and by malicious, local users to bypass certain
security restrictions.
For more information:
SA32964
29) An unspecified error in QuickDraw Manager can be exploited to
cause a memory corruption and potentially execute arbitrary code via
a specially crafted PICT image.
30) An integer underflow error in the handling of PICT images in
QuickDraw Manager can be exploited to cause a heap-based buffer
overflow via a specially crafted PICT file.
Successful exploitation allows execution of arbitrary code.
31) Multiple vulnerabilities in ruby can be exploited by malicious
people to bypass certain security restrictions, cause a DoS (Denial
of Service), and conduct spoofing attacks.
For more information:
SA31430
SA31602
32) An error in the use of the OpenSSL library in ruby can cause
revoked certificates to be accepted.
33) A vulnerability in Safari when handling "feed:" URLs can be
exploited to compromise a user's system.
For more information:
SA35056
34) Multiple unspecified errors in Spotlight can be exploited to
cause memory corruptions and execute arbitrary code when a specially
crafted Office document is downloaded.
35) An error when invoking the "login" command can result in
unexpected high privileges.
36) A boundary error in telnet can be exploited to cause a
stack-based buffer overflow when connecting to a server with an
overly long canonical name in its DNS address record.
Successful exploitation may allow execution of arbitrary code.
37) A vulnerability in WebKit when handling SVGList objects can be
exploited to corrupt memory and potentially execute arbitrary code.
For more information:
SA35056
38) Multiple vulnerabilities in FreeType can be exploited by
malicious people to cause a DoS (Denial of Service) and potentially
compromise applications using the library.
For more information:
SA20100
SA25350
SA34723
39) A vulnerability in xterm can be exploited by malicious people to
compromise a user's system.
For more information:
SA33318
40) Multiple vulnerabilities in libpng can be exploited by malicious
people to cause a DoS (Denial of Service) or to potentially
compromise an application using the library.
For more information:
SA29792
SA33970
SOLUTION:
Update to Mac OS X v10.5.7 or apply Security Update 2009-002.
Security Update 2009-002 (Server Tiger PPC):
http://support.apple.com/downloads/DL819/SecUpdSrvr2009-002PPC.dmg
Security Update 2009-002 (Tiger Intel):
http://support.apple.com/downloads/DL817/SecUpd2009-002Intel.dmg
Security Update 2009-002 (Server Universal):
http://support.apple.com/downloads/DL816/SecUpdSrvr2009-002Univ.dmg
Mac OS X Server 10.5.7 Update:
http://support.apple.com/downloads/DL828/MacOSXServerUpd10.5.7.dmg
Mac OS X Server Combo 10.5.7:
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dmg
Security Update 2009-002 (Tiger PPC):
http://support.apple.com/downloads/DL818/SecUpd2009-002PPC.dmg
Mac OS X 10.5.7 Update:
http://support.apple.com/downloads/DL826/MacOSXUpd10.5.7.dmg
Mac OS X 10.5.7 Combo Update:
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
2) Charlie Miller of Independent Security Evaluators
4) Andrew Mortensen of the University of Michigan
5) Moritz Jodeit, n.runs AG
7) Barry K. Nathan
8) Alin Rad Pop, Secunia Research and Will Dormann, CERT/CC
10) Tiller Beauchamp, IOActive
14, 15) Brian Mastenbrook
17) Chris Weber of Casaba Security
20) An anonymous researcher working with Verisign iDefense VCP
30) Damian Put and Sebastian Apelt, working with ZDI, and Chris Ries
of Carnegie Mellon University Computing Services
38) Tavis Ormandy of the Google Security Team
OTHER REFERENCES:
SA13968:
http://secunia.com/advisories/13968/
SA20100:
http://secunia.com/advisories/20100/
SA25350:
http://secunia.com/advisories/25350/
SA29792:
http://secunia.com/advisories/29792/
SA31384:
http://secunia.com/advisories/31384/
SA31430:
http://secunia.com/advisories/31430/
SA31450:
http://secunia.com/advisories/31450/
SA31478:
http://secunia.com/advisories/31478/
SA31558:
http://secunia.com/advisories/31558/
SA31602:
http://secunia.com/advisories/31602/
SA31745:
http://secunia.com/advisories/31745/
SA32137:
http://secunia.com/advisories/32137/
SA32560:
http://secunia.com/advisories/32560/
SA32964:
http://secunia.com/advisories/32964/
SA33318:
http://secunia.com/advisories/33318/
SA33338:
http://secunia.com/advisories/33338/
SA33404:
http://secunia.com/advisories/33404/
SA33406:
http://secunia.com/advisories/33406/
SA33970:
http://secunia.com/advisories/33970/
SA34012:
http://secunia.com/advisories/34012/
SA34291:
http://secunia.com/advisories/34291/
SA34347:
http://secunia.com/advisories/34347/
SA34608:
http://secunia.com/advisories/34608/
SA34723:
http://secunia.com/advisories/34723/
SA34978:
http://secunia.com/advisories/34978/
SA35056:
http://secunia.com/advisories/35056/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200904-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: CUPS: Multiple vulnerabilities
Date: April 23, 2009
Bugs: #263070
ID: 200904-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple errors in CUPS might allow for the remote execution of
arbitrary code or DNS rebinding attacks.
Background
==========
CUPS, the Common Unix Printing System, is a full-featured print server.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-print/cups < 1.3.10 >= 1.3.10
Description
===========
The following issues were reported in CUPS:
* iDefense reported an integer overflow in the _cupsImageReadTIFF()
function in the "imagetops" filter, leading to a heap-based buffer
overflow (CVE-2009-0163).
* Braden Thomas and Drew Yao of Apple Product Security reported that
CUPS is vulnerable to CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166,
found earlier in xpdf and poppler.
Impact
======
A remote attacker might send or entice a user to send a specially
crafted print job to CUPS, possibly resulting in the execution of
arbitrary code with the privileges of the configured CUPS user -- by
default this is "lp", or a Denial of Service.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All CUPS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-print/cups-1.3.10"
References
==========
[ 1 ] CVE-2009-0146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
[ 2 ] CVE-2009-0147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
[ 3 ] CVE-2009-0163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163
[ 4 ] CVE-2009-0164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0164
[ 5 ] CVE-2009-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200904-20.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-200904-0217 | CVE-2009-0063 | Symantec Brightmail Gateway Appliance of Control Center Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Symantec Brightmail Gateway is prone to a cross-site scripting vulnerability.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.
Versions prior to Brightmail Gateway 8.0.1 are vulnerable. Brightmail Gateway is Symantec's information security management platform. ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Highlights from the 2008 report:
* Vulnerability Research
* Software Inspection Results
* Secunia Research Highlights
* Secunia Advisory Statistics
Request the full 2008 Report here:
http://secunia.com/advisories/try_vi/request_2008_report/
Stay Secure,
Secunia
----------------------------------------------------------------------
TITLE:
Symantec Brightmail Gateway Control Center Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA34885
VERIFY ADVISORY:
http://secunia.com/advisories/34885/
DESCRIPTION:
Some vulnerabilities have been reported in Symantec Brightmail
Gateway, which can be exploited by malicious people to conduct
cross-site scripting attacks and by malicious users to bypass certain
security restrictions.
1) Certain unspecified input passed to the Control Center is not
properly sanitised before being returned to the user.
2) An error when processing unspecified console functions can be
exploited by a Control Center user to gain administrative
privileges.
SOLUTION:
Update to version 8.0.1 or later.
PROVIDED AND/OR DISCOVERED BY:
Marian Ventuneac, Perot Systems
ORIGINAL ADVISORY:
SYM09-005:
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200904-0571 | No CVE | SAP cFolders Multiple Cross-Site Scripting and HTML Injection Vulnerabilities |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
cFolders (Collaboration Folders) is SAP's web-based information collaboration sharing application. Cfolders does not properly validate the p_current_role parameter submitted by the col_table_filter.htm and me_ov.htm pages, and a remote attacker can perform a cross-site scripting attack by submitting a malicious request to the above page; in addition, if a malicious LINK field is submitted to the hyp_de_create.htm page or Submitting a file with a malicious file name in the document upload area can also result in infusion and execution of malicious code. SAP cFolders is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible
| VAR-200905-0193 | CVE-2009-1561 |
Cisco Linksys WRT54GC Router administration.cgi Vulnerable to cross-site request forgery
Related entries in the VARIoT exploits database: VAR-E-200904-0438 |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Cross-site request forgery (CSRF) vulnerability in administration.cgi on the Cisco Linksys WRT54GC router with firmware 1.05.7 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that change the administrator password via the sysPasswd and sysConfirmPasswd parameters. The Linksys WRT54GC router is prone to an access-validation vulnerability because of a lack of authentication when users access specific administration applications.
Successful attacks will lead to a compromise of the vulnerable device, which may lead to further attacks.
Linksys WRT54GC running firmware 1.05.7 is vulnerable; other versions may also be affected. Cisco Linksys WRT54GC is a small business/home wireless broadband router produced by Cisco. ----------------------------------------------------------------------
Secunia is pleased to announce the release of the annual Secunia
report for 2008.
Highlights from the 2008 report:
* Vulnerability Research
* Software Inspection Results
* Secunia Research Highlights
* Secunia Advisory Statistics
Request the full 2008 Report here:
http://secunia.com/advisories/try_vi/request_2008_report/
Stay Secure,
Secunia
----------------------------------------------------------------------
TITLE:
Linksys WRT54GC "administration.cgi" Security Bypass Vulnerability
SECUNIA ADVISORY ID:
SA34805
VERIFY ADVISORY:
http://secunia.com/advisories/34805/
DESCRIPTION:
Gabriel Lima has reported a vulnerability in Linksys WRT54GC, which
can be exploited by malicious people to bypass certain security
restrictions.
The vulnerability is caused due to the router allowing unrestricted
access to the administration.cgi web interface script. This can be
exploited to change the administrator's password by sending a
specially crafted HTTP request to the affected script.
SOLUTION:
Restrict internal network access to trusted users only.
PROVIDED AND/OR DISCOVERED BY:
Gabriel Lima
ORIGINAL ADVISORY:
http://archives.neohapsis.com/archives/bugtraq/2009-04/0198.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200904-0824 | CVE-2009-0195 | Xpdf and CUPS Vulnerable to buffer overflow |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments. CUPS and Xpdf are prone to a remote buffer-overflow vulnerability because they fail to properly bounds-check user-supplied input before copying it into a finite-sized buffer.
Exploiting this issue may allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions.
The following are vulnerable; other applications or versions may also be affected:
Xpdf 3.02pl2 and earlier
CUPS 1.3.9 and earlier
NOTE: This vulnerability may already be covered in BID 34568 (Xpdf JBIG2 Processing Multiple Security Vulnerabilities). We will update (or possibly retire) this BID as more information emerges. ===========================================================
Ubuntu Security Notice USN-973-1 August 17, 2010
koffice vulnerabilities
CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166,
CVE-2009-0195, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179,
CVE-2009-1180, CVE-2009-1181, CVE-2009-3606, CVE-2009-3608,
CVE-2009-3609
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.04:
kword 1:1.6.3-7ubuntu6.1
In general, a standard system update will make all the necessary changes.
Details follow:
Will Dormann, Alin Rad Pop, Braden Thomas, and Drew Yao discovered that the
Xpdf used in KOffice contained multiple security issues in its JBIG2
decoder. (CVE-2009-0146,
CVE-2009-0147, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179,
CVE-2009-1180, CVE-2009-1181)
It was discovered that the Xpdf used in KOffice contained multiple security
issues when parsing malformed PDF documents. (CVE-2009-3606, CVE-2009-3608, CVE-2009-3609)
KOffice in Ubuntu 9.04 uses a very old version of Xpdf to import PDFs into
KWord. Upstream KDE no longer supports PDF import in KOffice and as a
result it was dropped in Ubuntu 9.10. While an attempt was made to fix the
above issues, the maintenance burden for supporting this very old version
of Xpdf outweighed its utility, and PDF import is now also disabled in
Ubuntu 9.04.
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.6.3-7ubuntu6.1.diff.gz
Size/MD5: 622105 556aa62c50d527e60c1dff7b0f0aa0b1
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.6.3-7ubuntu6.1.dsc
Size/MD5: 2089 d42a7716e78fc690d256f8045017e7fa
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.6.3.orig.tar.gz
Size/MD5: 63221967 497a644adaf5d6531a0e32d14f88e5f5
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio-data_1.6.3-7ubuntu6.1_all.deb
Size/MD5: 682598 78a5406815a35440ac4480c2532f28ef
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-data_1.6.3-7ubuntu6.1_all.deb
Size/MD5: 735930 9d775bfa37c32d0ab934c25c721d6456
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-doc-html_1.6.3-7ubuntu6.1_all.deb
Size/MD5: 519734 7c05c1818b4baaa8167b6f84bbcab085
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-doc_1.6.3-7ubuntu6.1_all.deb
Size/MD5: 18982 465a569fb8bbd06f80e8b19e6acc1695
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.6.3-7ubuntu6.1_all.deb
Size/MD5: 21100 780be3fc6108770d271d89cac4869b10
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter-data_1.6.3-7ubuntu6.1_all.deb
Size/MD5: 1903802 bdb13a770966f7a5b2978f510ba58f10
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita-data_1.6.3-7ubuntu6.1_all.deb
Size/MD5: 28310364 0d115fe0dfc641efe2e04508324bd72a
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword-data_1.6.3-7ubuntu6.1_all.deb
Size/MD5: 1776368 f7781ed87a7c8c5ee1ba7636c519076d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.6.3-7ubuntu6.1_amd64.deb
Size/MD5: 1059936 fa5f33b7cd8d1d291834ad81768a55b3
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.6.3-7ubuntu6.1_amd64.deb
Size/MD5: 1363098 1ea1bd16846af1b718392fcc80f55456
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.6.3-7ubuntu6.1_amd64.deb
Size/MD5: 3634792 de50ca28c4ffe99f5c43369be2c28c53
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.6.3-7ubuntu6.1_amd64.deb
Size/MD5: 1022466 2680eb3b5eb1fe0b939dcc4d8698df93
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.6.3-7ubuntu6.1_amd64.deb
Size/MD5: 586680 af2f128a08ad516dab5e0d9181c8fa05
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.6.3-7ubuntu6.1_amd64.deb
Size/MD5: 54301774 04ffb99c1da2e2d54a0320d4eb23a8bd
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.6.3-7ubuntu6.1_amd64.deb
Size/MD5: 394472 2dd7347dda792d9a1a50831b20861f94
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.6.3-7ubuntu6.1_amd64.deb
Size/MD5: 2614706 1f4f29ae856d74a751d47d6a2c2e6317
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.6.3-7ubuntu6.1_amd64.deb
Size/MD5: 177638 bbcf8e0ef85478569dd212be191cf3d6
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kplato_1.6.3-7ubuntu6.1_amd64.deb
Size/MD5: 939900 81b0c652c71a1cae573a984bc8192e9c
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.6.3-7ubuntu6.1_amd64.deb
Size/MD5: 1332666 2cb497195e47d739e5c73eca50ba7f3a
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.6.3-7ubuntu6.1_amd64.deb
Size/MD5: 3307610 4453ddce6e47950727883a37ed0cb02a
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.6.3-7ubuntu6.1_amd64.deb
Size/MD5: 2750674 14831989300bcb63f368291710a46510
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.6.3-7ubuntu6.1_amd64.deb
Size/MD5: 314700 a68a9a2cc5299b957ef823971226117a
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.6.3-7ubuntu6.1_amd64.deb
Size/MD5: 443182 d7b8296294f89bb2df6c69ac554e9d16
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.6.3-7ubuntu6.1_amd64.deb
Size/MD5: 2504138 0f58ca14ca066713c273c159f6e1295d
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.6.3-7ubuntu6.1_i386.deb
Size/MD5: 975268 1a3b2bb23cdf4fd7ae942e53672706f1
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.6.3-7ubuntu6.1_i386.deb
Size/MD5: 1306222 c812ef558f13e43eb448aa56d6797ed4
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.6.3-7ubuntu6.1_i386.deb
Size/MD5: 3563484 9a47762bf756eef0defe1a690017b361
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.6.3-7ubuntu6.1_i386.deb
Size/MD5: 1015886 5f39c46934ad9dfb55b36acd135d5b59
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.6.3-7ubuntu6.1_i386.deb
Size/MD5: 527296 e4d1682301bf58d5df51792162671e1e
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.6.3-7ubuntu6.1_i386.deb
Size/MD5: 53049888 7baa946b92618169cdee4eab005e2533
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.6.3-7ubuntu6.1_i386.deb
Size/MD5: 409804 ff440307934403aa404a2416a6fc00a2
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.6.3-7ubuntu6.1_i386.deb
Size/MD5: 2423308 2933a46777c6be5dd6e588afb056ce83
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.6.3-7ubuntu6.1_i386.deb
Size/MD5: 174422 65acfb083c6dcde10f29c22d7cb2891d
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kplato_1.6.3-7ubuntu6.1_i386.deb
Size/MD5: 868786 b0f68c2390f2761fed67ed9cee032add
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.6.3-7ubuntu6.1_i386.deb
Size/MD5: 1234468 b6f06fa397725d1b915683aa8850c600
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.6.3-7ubuntu6.1_i386.deb
Size/MD5: 3037920 00a2c6161359ed7a982186ae9f82af06
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.6.3-7ubuntu6.1_i386.deb
Size/MD5: 2634754 9a631d806d414d56e03293e108cdd19a
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.6.3-7ubuntu6.1_i386.deb
Size/MD5: 312056 e51b7691be77c0ee20224ff524f120ac
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.6.3-7ubuntu6.1_i386.deb
Size/MD5: 430552 fe51a92f6d4db43d4c9c12c8ddda16ed
http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.6.3-7ubuntu6.1_i386.deb
Size/MD5: 2362696 92d4dc922ef2a920dd580b41493f7226
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/k/koffice/karbon_1.6.3-7ubuntu6.1_lpia.deb
Size/MD5: 975296 dfe1b44a9c29a543fe6d76b5f0bdfbc2
http://ports.ubuntu.com/pool/main/k/koffice/kchart_1.6.3-7ubuntu6.1_lpia.deb
Size/MD5: 1309438 05e8ca4579040c084f38a5a174055325
http://ports.ubuntu.com/pool/main/k/koffice/kexi_1.6.3-7ubuntu6.1_lpia.deb
Size/MD5: 3579118 2e344131f0aaf4231c21af2fb8298833
http://ports.ubuntu.com/pool/main/k/koffice/kformula_1.6.3-7ubuntu6.1_lpia.deb
Size/MD5: 1014884 c46aad3850fe256baf9ea38262d3a0d4
http://ports.ubuntu.com/pool/main/k/koffice/kivio_1.6.3-7ubuntu6.1_lpia.deb
Size/MD5: 529176 d0ed2edaf57e2e02e73a22f15b86fdc6
http://ports.ubuntu.com/pool/main/k/koffice/koffice-dbg_1.6.3-7ubuntu6.1_lpia.deb
Size/MD5: 53089422 ad89de6273a8f796239423c5b4b478e8
http://ports.ubuntu.com/pool/main/k/koffice/koffice-dev_1.6.3-7ubuntu6.1_lpia.deb
Size/MD5: 394468 c410cb7ac1bfffabf2b2c0b0119e829c
http://ports.ubuntu.com/pool/main/k/koffice/koffice-libs_1.6.3-7ubuntu6.1_lpia.deb
Size/MD5: 2438608 66fd9a1471e34c9a5baac9d6ec2b3bd4
http://ports.ubuntu.com/pool/main/k/koffice/koshell_1.6.3-7ubuntu6.1_lpia.deb
Size/MD5: 174116 1d6410c4f8dddddc24d80666f8278c0c
http://ports.ubuntu.com/pool/main/k/koffice/kplato_1.6.3-7ubuntu6.1_lpia.deb
Size/MD5: 865740 78ffc8a66fe0c555e35c71d4f8734a91
http://ports.ubuntu.com/pool/main/k/koffice/kpresenter_1.6.3-7ubuntu6.1_lpia.deb
Size/MD5: 1240814 1c4d13855664db29a2e1923e929ceecc
http://ports.ubuntu.com/pool/main/k/koffice/krita_1.6.3-7ubuntu6.1_lpia.deb
Size/MD5: 3036992 498218cbda6e3d3abac07ce88c6e0c2c
http://ports.ubuntu.com/pool/main/k/koffice/kspread_1.6.3-7ubuntu6.1_lpia.deb
Size/MD5: 2650892 5950f9bc22ab50db430eac56d9f04697
http://ports.ubuntu.com/pool/main/k/koffice/kthesaurus_1.6.3-7ubuntu6.1_lpia.deb
Size/MD5: 312060 005610b199a0d8ce05d1def703c890bb
http://ports.ubuntu.com/pool/main/k/koffice/kugar_1.6.3-7ubuntu6.1_lpia.deb
Size/MD5: 432602 75b05844e99f7e2ad4ab6e20e5bed539
http://ports.ubuntu.com/pool/main/k/koffice/kword_1.6.3-7ubuntu6.1_lpia.deb
Size/MD5: 2371784 607adbbcfd28fbe1a2750fc004418c14
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/k/koffice/karbon_1.6.3-7ubuntu6.1_powerpc.deb
Size/MD5: 1068778 523593d94079fba3e0364f908a1a1a57
http://ports.ubuntu.com/pool/main/k/koffice/kchart_1.6.3-7ubuntu6.1_powerpc.deb
Size/MD5: 1364554 258dc9b33e6d270ff719c91e3ef37db9
http://ports.ubuntu.com/pool/main/k/koffice/kexi_1.6.3-7ubuntu6.1_powerpc.deb
Size/MD5: 3709952 28d37bcb119b836c3a4e92407738fa7f
http://ports.ubuntu.com/pool/main/k/koffice/kformula_1.6.3-7ubuntu6.1_powerpc.deb
Size/MD5: 1027620 5e2309d118d267e9b692fec5ee16a0db
http://ports.ubuntu.com/pool/main/k/koffice/kivio_1.6.3-7ubuntu6.1_powerpc.deb
Size/MD5: 587256 bead26a9cc80d7bea3c00416b178377c
http://ports.ubuntu.com/pool/main/k/koffice/koffice-dbg_1.6.3-7ubuntu6.1_powerpc.deb
Size/MD5: 55955530 ed06d8fe4737caa802c47e83dbb466e1
http://ports.ubuntu.com/pool/main/k/koffice/koffice-dev_1.6.3-7ubuntu6.1_powerpc.deb
Size/MD5: 394498 c30a126fa23c2506750e211a4b126fa9
http://ports.ubuntu.com/pool/main/k/koffice/koffice-libs_1.6.3-7ubuntu6.1_powerpc.deb
Size/MD5: 2619418 5370a9dcf9f00cc78da20ee4adfb4c8b
http://ports.ubuntu.com/pool/main/k/koffice/koshell_1.6.3-7ubuntu6.1_powerpc.deb
Size/MD5: 180344 141e38c24581f2c8f023e57fca067cb4
http://ports.ubuntu.com/pool/main/k/koffice/kplato_1.6.3-7ubuntu6.1_powerpc.deb
Size/MD5: 903470 8abaab749117c77c22446495e59e309c
http://ports.ubuntu.com/pool/main/k/koffice/kpresenter_1.6.3-7ubuntu6.1_powerpc.deb
Size/MD5: 1321174 cac2871f1847863b4b2ebf565b25df19
http://ports.ubuntu.com/pool/main/k/koffice/krita_1.6.3-7ubuntu6.1_powerpc.deb
Size/MD5: 3394952 44a59865f180b3d5500dc0cd4e0b906e
http://ports.ubuntu.com/pool/main/k/koffice/kspread_1.6.3-7ubuntu6.1_powerpc.deb
Size/MD5: 2718124 479211cb5a9018ba6fa4000a280c77e1
http://ports.ubuntu.com/pool/main/k/koffice/kthesaurus_1.6.3-7ubuntu6.1_powerpc.deb
Size/MD5: 320612 9e2c1960e9fc010e6dcc25a0cb1574b4
http://ports.ubuntu.com/pool/main/k/koffice/kugar_1.6.3-7ubuntu6.1_powerpc.deb
Size/MD5: 454328 61ee3edf596ea67f4faa0974cd46be30
http://ports.ubuntu.com/pool/main/k/koffice/kword_1.6.3-7ubuntu6.1_powerpc.deb
Size/MD5: 2512304 43c6105b4fae1f63b48c449365e95087
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/k/koffice/karbon_1.6.3-7ubuntu6.1_sparc.deb
Size/MD5: 962916 ad7e5830f033940223ed825226496183
http://ports.ubuntu.com/pool/main/k/koffice/kchart_1.6.3-7ubuntu6.1_sparc.deb
Size/MD5: 1304972 050e2196a5c5ccb31c89741a9b0f2b6d
http://ports.ubuntu.com/pool/main/k/koffice/kexi_1.6.3-7ubuntu6.1_sparc.deb
Size/MD5: 3410504 ec1e27da573bd6b2464edc8b45ba0814
http://ports.ubuntu.com/pool/main/k/koffice/kformula_1.6.3-7ubuntu6.1_sparc.deb
Size/MD5: 1013536 ef4bda5f39caed0b5ca4144e49c1097a
http://ports.ubuntu.com/pool/main/k/koffice/kivio_1.6.3-7ubuntu6.1_sparc.deb
Size/MD5: 528266 7d60ee9ce5489fce6aa0f87d8178ca0c
http://ports.ubuntu.com/pool/main/k/koffice/koffice-dbg_1.6.3-7ubuntu6.1_sparc.deb
Size/MD5: 51732154 137a826d403b455408b815aea0f2104a
http://ports.ubuntu.com/pool/main/k/koffice/koffice-dev_1.6.3-7ubuntu6.1_sparc.deb
Size/MD5: 394506 4cfc6172b52148a1f9de20997657c590
http://ports.ubuntu.com/pool/main/k/koffice/koffice-libs_1.6.3-7ubuntu6.1_sparc.deb
Size/MD5: 2354854 8c1e19804067a2aa70409e334917070e
http://ports.ubuntu.com/pool/main/k/koffice/koshell_1.6.3-7ubuntu6.1_sparc.deb
Size/MD5: 172078 77aa57456966572fd5e151fc3fdbf72c
http://ports.ubuntu.com/pool/main/k/koffice/kplato_1.6.3-7ubuntu6.1_sparc.deb
Size/MD5: 855470 aba0765689e839609756f3eb27693058
http://ports.ubuntu.com/pool/main/k/koffice/kpresenter_1.6.3-7ubuntu6.1_sparc.deb
Size/MD5: 1223480 94ba8198733e21a488c0d6da4493b1c2
http://ports.ubuntu.com/pool/main/k/koffice/krita_1.6.3-7ubuntu6.1_sparc.deb
Size/MD5: 3002516 1a884308c7fb75403d49cf1ff73fe79f
http://ports.ubuntu.com/pool/main/k/koffice/kspread_1.6.3-7ubuntu6.1_sparc.deb
Size/MD5: 2565326 1fa53d14437814a657c1fe81d7269a02
http://ports.ubuntu.com/pool/main/k/koffice/kthesaurus_1.6.3-7ubuntu6.1_sparc.deb
Size/MD5: 311270 97d7cca2e2a75f15288e8725fd4b905e
http://ports.ubuntu.com/pool/main/k/koffice/kugar_1.6.3-7ubuntu6.1_sparc.deb
Size/MD5: 426002 0c83afb3dbd67a10c11cc7d310e81511
http://ports.ubuntu.com/pool/main/k/koffice/kword_1.6.3-7ubuntu6.1_sparc.deb
Size/MD5: 2311632 c449bd3fa59e22f9e32a884ffc3f81cf
. NOTE: some of these details are obtained
from third party information. NOTE: this issue reportedly exists
because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603).
Additionally the kdegraphics package was rebuild to make
kdegraphics-kpdf link correctly to the new poppler libraries and are
also provided. (CVE-2009-0163)
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier,
as used in Poppler and other products, when running on Mac OS X,
has unspecified impact, related to g*allocn. NOTE:
the JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0800)
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10
does not properly initialize memory for IPP request packets, which
allows remote attackers to cause a denial of service (NULL pointer
dereference and daemon crash) via a scheduler request with two
consecutive IPP_TAG_UNSUPPORTED tags. (CVE-2009-1183)
Two integer overflow flaws were found in the CUPS pdftops filter. (CVE-2009-3608, CVE-2009-3609)
This update corrects the problems.
Update:
Packages for 2008.0 are being provided due to extended support for
Corporate products.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
6b17f59f63c062c017c78d459dd2d89a 2008.0/i586/cups-1.3.10-0.1mdv2008.0.i586.rpm
9bc5298d9895c356227fdda3a0ddb2c0 2008.0/i586/cups-common-1.3.10-0.1mdv2008.0.i586.rpm
e3583883df8532fc8c496866dac713f8 2008.0/i586/cups-serial-1.3.10-0.1mdv2008.0.i586.rpm
fac1fcb839ad53322a447d4d39f769e3 2008.0/i586/libcups2-1.3.10-0.1mdv2008.0.i586.rpm
3d65afc590fb8520d68b2a3e8e1da696 2008.0/i586/libcups2-devel-1.3.10-0.1mdv2008.0.i586.rpm
9e09ed22a2522ee45e93e0edc146193f 2008.0/i586/libpoppler2-0.6-3.5mdv2008.0.i586.rpm
7427b1f56387e84db5a15aad85b424d2 2008.0/i586/libpoppler-devel-0.6-3.5mdv2008.0.i586.rpm
67937a584d365d6b00ef688c88e8d7c5 2008.0/i586/libpoppler-glib2-0.6-3.5mdv2008.0.i586.rpm
410dc85c2c7b71ab316be5607c556682 2008.0/i586/libpoppler-glib-devel-0.6-3.5mdv2008.0.i586.rpm
64d6e14be8d93c7651ce5dc3e2ebc5bf 2008.0/i586/libpoppler-qt2-0.6-3.5mdv2008.0.i586.rpm
cc9af7e314b6eaa6a8f946fa2c27f298 2008.0/i586/libpoppler-qt4-2-0.6-3.5mdv2008.0.i586.rpm
0c6d3a6b5211e8506a89144b8c3a3cfb 2008.0/i586/libpoppler-qt4-devel-0.6-3.5mdv2008.0.i586.rpm
c985516638ed4d8f792daa13bd506023 2008.0/i586/libpoppler-qt-devel-0.6-3.5mdv2008.0.i586.rpm
8d05619dcef538092696ce70998abd20 2008.0/i586/php-cups-1.3.10-0.1mdv2008.0.i586.rpm
0bae2a3525b796882d2cc87853945e5a 2008.0/i586/poppler-0.6-3.5mdv2008.0.i586.rpm
f3b53f5fafa8af4d754a5985e5f93830 2008.0/SRPMS/cups-1.3.10-0.1mdv2008.0.src.rpm
11b021f4e5d21d199728b9a0a37a8230 2008.0/SRPMS/poppler-0.6-3.5mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
8249475feb3bdc74ea7060944baed6aa 2008.0/x86_64/cups-1.3.10-0.1mdv2008.0.x86_64.rpm
83951504acb783cfdb8ec4fe48d31e1e 2008.0/x86_64/cups-common-1.3.10-0.1mdv2008.0.x86_64.rpm
fa8a91e8e3bc8f11c19ab460d1f690fe 2008.0/x86_64/cups-serial-1.3.10-0.1mdv2008.0.x86_64.rpm
e061fdbeded2d97bb3ca6b34d33cb384 2008.0/x86_64/lib64cups2-1.3.10-0.1mdv2008.0.x86_64.rpm
893235ea8cf23295ae961ea2de0b9903 2008.0/x86_64/lib64cups2-devel-1.3.10-0.1mdv2008.0.x86_64.rpm
9844640563afdef4a870e2ed12e58136 2008.0/x86_64/lib64poppler2-0.6-3.5mdv2008.0.x86_64.rpm
06ea824a6a2cd9360a9e75a14718192a 2008.0/x86_64/lib64poppler-devel-0.6-3.5mdv2008.0.x86_64.rpm
bb0eb04fa906a352e6738d08f116f89b 2008.0/x86_64/lib64poppler-glib2-0.6-3.5mdv2008.0.x86_64.rpm
43d6a85dfdad7e969655ee4e2a377370 2008.0/x86_64/lib64poppler-glib-devel-0.6-3.5mdv2008.0.x86_64.rpm
eef29dde4b9e80d4c360e953cbe9110b 2008.0/x86_64/lib64poppler-qt2-0.6-3.5mdv2008.0.x86_64.rpm
c74dc9f245091f451441d8b88f0beed3 2008.0/x86_64/lib64poppler-qt4-2-0.6-3.5mdv2008.0.x86_64.rpm
60345458274afc6ff480317fc408ec52 2008.0/x86_64/lib64poppler-qt4-devel-0.6-3.5mdv2008.0.x86_64.rpm
0a880b9c0d655c10f5757882e30911f1 2008.0/x86_64/lib64poppler-qt-devel-0.6-3.5mdv2008.0.x86_64.rpm
eb6fde793ac0d7ea86df42aa22637807 2008.0/x86_64/php-cups-1.3.10-0.1mdv2008.0.x86_64.rpm
7f475f07368ed9158008f2891dce2cd6 2008.0/x86_64/poppler-0.6-3.5mdv2008.0.x86_64.rpm
f3b53f5fafa8af4d754a5985e5f93830 2008.0/SRPMS/cups-1.3.10-0.1mdv2008.0.src.rpm
11b021f4e5d21d199728b9a0a37a8230 2008.0/SRPMS/poppler-0.6-3.5mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLHXsgmqjQ0CJFipgRAu1fAKCINX1H5StX89GjMDWzGrEM1UiHeACeMLSY
a3mQtrfvoibfn29OFAfdSn0=
=lTbL
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201310-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Poppler: Multiple vulnerabilities
Date: October 06, 2013
Bugs: #263028, #290430, #290464, #308017, #338878, #352581,
#459866, #480366
ID: 201310-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Poppler, some of which may
allow execution of arbitrary code.
Background
==========
Poppler is a cross-platform PDF rendering library originally based on
Xpdf.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/poppler < 0.22.2-r1 >= 0.22.2-r1
Description
===========
Multiple vulnerabilities have been discovered in Poppler. Please review
the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Poppler users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/poppler-0.22.2-r1"
References
==========
[ 1 ] CVE-2009-0146
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0146
[ 2 ] CVE-2009-0147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0147
[ 3 ] CVE-2009-0165
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0165
[ 4 ] CVE-2009-0166
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0166
[ 5 ] CVE-2009-0195
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0195
[ 6 ] CVE-2009-0799
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0799
[ 7 ] CVE-2009-0800
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0800
[ 8 ] CVE-2009-1179
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1179
[ 9 ] CVE-2009-1180
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1180
[ 10 ] CVE-2009-1181
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1181
[ 11 ] CVE-2009-1182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1182
[ 12 ] CVE-2009-1183
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1183
[ 13 ] CVE-2009-1187
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1187
[ 14 ] CVE-2009-1188
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1188
[ 15 ] CVE-2009-3603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3603
[ 16 ] CVE-2009-3604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3604
[ 17 ] CVE-2009-3605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3605
[ 18 ] CVE-2009-3606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3606
[ 19 ] CVE-2009-3607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3607
[ 20 ] CVE-2009-3608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3608
[ 21 ] CVE-2009-3609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3609
[ 22 ] CVE-2009-3938
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3938
[ 23 ] CVE-2010-3702
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3702
[ 24 ] CVE-2010-3703
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3703
[ 25 ] CVE-2010-3704
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3704
[ 26 ] CVE-2010-4653
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4653
[ 27 ] CVE-2010-4654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4654
[ 28 ] CVE-2012-2142
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2142
[ 29 ] CVE-2013-1788
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1788
[ 30 ] CVE-2013-1789
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1789
[ 31 ] CVE-2013-1790
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1790
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201310-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
======================================================================
2) Severity
Rating: Highly critical
Impact: System access
Where: Remote
======================================================================
3) Vendor's Description of Software
"Xpdf is an open source viewer for Portable Document Format (PDF)
files. (These are also sometimes also called 'Acrobat' files, from the
name of Adobe's PDF software.) The Xpdf project also includes a PDF
text extractor, PDF-to-PostScript converter, and various other
utilities.".
Product Link:
http://www.foolabs.com/xpdf/
======================================================================
4) Description of Vulnerability
Secunia Research has discovered a vulnerability in Xpdf, which can be
exploited by malicious people to potentially compromise a user's
system.
The vulnerability is caused due to a boundary error while decoding
JBIG2 symbol dictionary segments.
======================================================================
5) Solution
Apply xpdf-3.02pl3.patch.
======================================================================
6) Time Table
26/03/2009 - Vendor notified.
26/03/2009 - vendor-sec notified.
27/03/2009 - Vendor response.
17/04/2009 - Public disclosure.
======================================================================
7) Credits
Discovered by Alin Rad Pop, Secunia Research.
======================================================================
8) References
The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2009-0195 for the vulnerability.
======================================================================
9) About Secunia
Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:
http://secunia.com/advisories/business_solutions/
Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.
http://secunia.com/advisories/
Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:
http://secunia.com/secunia_research/
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/corporate/jobs/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/advisories/mailing_lists/
======================================================================
10) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2009-17/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================
_______________________________________________
Full-Disclosure - We believe in it
| VAR-200904-0651 | No CVE | MiniWeb Source Code Information Disclosure Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
MiniWeb is prone to a vulnerability that lets attackers access source code because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable computer in the context of the webserver process. Information obtained may aid in further attacks.
We don't know which versions of MiniWeb are affected. We will update this BID when further details are available.
| VAR-200904-0652 | No CVE | MiniWeb Remote Buffer Overflow Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
MiniWeb is prone to a remote buffer-overflow vulnerability.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
| VAR-200904-0819 | CVE-2009-1182 | Xpdf and poppler contain multiple vulnerabilities in the processing of JBIG2 data |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. Xpdf is prone to multiple security vulnerabilities. Failed exploit attempts will likely cause denial-of-service conditions.
These issues affect multiple applications on multiple platforms that use the affected library. Xpdf is an open source viewer for Portable Document Format (PDF) files.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Announcement
Package: cups
Announcement ID: SUSE-SA:2009:024
Date: Wed, 22 Apr 2009 13:00:00 +0000
Affected Products: openSUSE 10.3
openSUSE 11.0
openSUSE 11.1
SUSE SLES 9
Novell Linux Desktop 9
Open Enterprise Server
Novell Linux POS 9
SUSE Linux Enterprise Desktop 10 SP2
SUSE Linux Enterprise Server 10 SP2
SLE 11
Vulnerability Type: remote code execution
Severity (1-10): 8 (critical)
SUSE Default Package: yes
Cross-References: CVE-2009-0146, CVE-2009-0147, CVE-2009-0163
CVE-2009-0165, CVE-2009-0166, CVE-2009-0799
CVE-2009-0800, CVE-2009-1179, CVE-2009-1180
CVE-2009-1181, CVE-2009-1182, CVE-2009-1183
Content of This Advisory:
1) Security Vulnerability Resolved:
fixed remotely exploitable overflows
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
none
6) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Problem Description and Brief Discussion
The Common Unix Printing System, CUPS, is a printing server for unix-like
operating systems. It allows a local user to print documents as well as
remote users via port 631/tcp.
The first one can be triggered by a specially crafted tiff file. This
file could lead to an integer overflow in the 'imagetops' filter which
caused an heap overflow later.
This bug is probably exploitable remotely by users having remote access
to the CUPS server and allows the execution of arbitrary code with the
privileges of the cupsd process. (CVE-2009-0163)
The second issue affects the JBIG2 decoding of the 'pdftops' filter.
The JBIG2 decoding routines are vulnerable to various software failure
types like integer and buffer overflows and it is believed to be exploit-
able remotely to execute arbitrary code with the privileges of the cupsd
process.
(CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799,
CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182,
CVE-2009-1183)
2) Solution or Work-Around
none
3) Special Instructions and Notes
none
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 11.1:
http://download.opensuse.org/debug/update/11.1/rpm/i586/cups-debuginfo-1.3.9-7.2.1.i586.rpm
http://download.opensuse.org/debug/update/11.1/rpm/i586/cups-debugsource-1.3.9-7.2.1.i586.rpm
http://download.opensuse.org/update/11.1/rpm/i586/cups-1.3.9-7.2.1.i586.rpm
http://download.opensuse.org/update/11.1/rpm/i586/cups-client-1.3.9-7.2.1.i586.rpm
http://download.opensuse.org/update/11.1/rpm/i586/cups-devel-1.3.9-7.2.1.i586.rpm
http://download.opensuse.org/update/11.1/rpm/i586/cups-libs-1.3.9-7.2.1.i586.rpm
openSUSE 11.0:
http://download.opensuse.org/debug/update/11.0/rpm/i586/cups-debuginfo-1.3.7-25.8.i586.rpm
http://download.opensuse.org/debug/update/11.0/rpm/i586/cups-debugsource-1.3.7-25.8.i586.rpm
http://download.opensuse.org/update/11.0/rpm/i586/cups-1.3.7-25.8.i586.rpm
http://download.opensuse.org/update/11.0/rpm/i586/cups-client-1.3.7-25.8.i586.rpm
http://download.opensuse.org/update/11.0/rpm/i586/cups-devel-1.3.7-25.8.i586.rpm
http://download.opensuse.org/update/11.0/rpm/i586/cups-libs-1.3.7-25.8.i586.rpm
openSUSE 10.3:
http://download.opensuse.org/update/10.3/rpm/i586/cups-1.2.12-22.21.i586.rpm
http://download.opensuse.org/update/10.3/rpm/i586/cups-client-1.2.12-22.21.i586.rpm
http://download.opensuse.org/update/10.3/rpm/i586/cups-devel-1.2.12-22.21.i586.rpm
http://download.opensuse.org/update/10.3/rpm/i586/cups-libs-1.2.12-22.21.i586.rpm
Power PC Platform:
openSUSE 11.1:
http://download.opensuse.org/debug/update/11.1/rpm/ppc/cups-debuginfo-1.3.9-7.2.1.ppc.rpm
http://download.opensuse.org/debug/update/11.1/rpm/ppc/cups-debugsource-1.3.9-7.2.1.ppc.rpm
http://download.opensuse.org/update/11.1/rpm/ppc/cups-1.3.9-7.2.1.ppc.rpm
http://download.opensuse.org/update/11.1/rpm/ppc/cups-client-1.3.9-7.2.1.ppc.rpm
http://download.opensuse.org/update/11.1/rpm/ppc/cups-devel-1.3.9-7.2.1.ppc.rpm
http://download.opensuse.org/update/11.1/rpm/ppc/cups-libs-1.3.9-7.2.1.ppc.rpm
http://download.opensuse.org/update/11.1/rpm/ppc/cups-libs-64bit-1.3.9-7.2.1.ppc.rpm
openSUSE 11.0:
http://download.opensuse.org/debug/update/11.0/rpm/ppc/cups-debuginfo-1.3.7-25.8.ppc.rpm
http://download.opensuse.org/debug/update/11.0/rpm/ppc/cups-debugsource-1.3.7-25.8.ppc.rpm
http://download.opensuse.org/update/11.0/rpm/ppc/cups-1.3.7-25.8.ppc.rpm
http://download.opensuse.org/update/11.0/rpm/ppc/cups-client-1.3.7-25.8.ppc.rpm
http://download.opensuse.org/update/11.0/rpm/ppc/cups-devel-1.3.7-25.8.ppc.rpm
http://download.opensuse.org/update/11.0/rpm/ppc/cups-libs-1.3.7-25.8.ppc.rpm
http://download.opensuse.org/update/11.0/rpm/ppc/cups-libs-64bit-1.3.7-25.8.ppc.rpm
openSUSE 10.3:
http://download.opensuse.org/update/10.3/rpm/ppc/cups-1.2.12-22.21.ppc.rpm
http://download.opensuse.org/update/10.3/rpm/ppc/cups-client-1.2.12-22.21.ppc.rpm
http://download.opensuse.org/update/10.3/rpm/ppc/cups-devel-1.2.12-22.21.ppc.rpm
http://download.opensuse.org/update/10.3/rpm/ppc/cups-libs-1.2.12-22.21.ppc.rpm
http://download.opensuse.org/update/10.3/rpm/ppc/cups-libs-64bit-1.2.12-22.21.ppc.rpm
x86-64 Platform:
openSUSE 11.1:
http://download.opensuse.org/debug/update/11.1/rpm/x86_64/cups-debuginfo-1.3.9-7.2.1.x86_64.rpm
http://download.opensuse.org/debug/update/11.1/rpm/x86_64/cups-debugsource-1.3.9-7.2.1.x86_64.rpm
http://download.opensuse.org/update/11.1/rpm/x86_64/cups-1.3.9-7.2.1.x86_64.rpm
http://download.opensuse.org/update/11.1/rpm/x86_64/cups-client-1.3.9-7.2.1.x86_64.rpm
http://download.opensuse.org/update/11.1/rpm/x86_64/cups-devel-1.3.9-7.2.1.x86_64.rpm
http://download.opensuse.org/update/11.1/rpm/x86_64/cups-libs-1.3.9-7.2.1.x86_64.rpm
http://download.opensuse.org/update/11.1/rpm/x86_64/cups-libs-32bit-1.3.9-7.2.1.x86_64.rpm
openSUSE 11.0:
http://download.opensuse.org/debug/update/11.0/rpm/x86_64/cups-debuginfo-1.3.7-25.8.x86_64.rpm
http://download.opensuse.org/debug/update/11.0/rpm/x86_64/cups-debugsource-1.3.7-25.8.x86_64.rpm
http://download.opensuse.org/update/11.0/rpm/x86_64/cups-1.3.7-25.8.x86_64.rpm
http://download.opensuse.org/update/11.0/rpm/x86_64/cups-client-1.3.7-25.8.x86_64.rpm
http://download.opensuse.org/update/11.0/rpm/x86_64/cups-devel-1.3.7-25.8.x86_64.rpm
http://download.opensuse.org/update/11.0/rpm/x86_64/cups-libs-1.3.7-25.8.x86_64.rpm
http://download.opensuse.org/update/11.0/rpm/x86_64/cups-libs-32bit-1.3.7-25.8.x86_64.rpm
openSUSE 10.3:
http://download.opensuse.org/update/10.3/rpm/x86_64/cups-1.2.12-22.21.x86_64.rpm
http://download.opensuse.org/update/10.3/rpm/x86_64/cups-client-1.2.12-22.21.x86_64.rpm
http://download.opensuse.org/update/10.3/rpm/x86_64/cups-devel-1.2.12-22.21.x86_64.rpm
http://download.opensuse.org/update/10.3/rpm/x86_64/cups-libs-1.2.12-22.21.x86_64.rpm
http://download.opensuse.org/update/10.3/rpm/x86_64/cups-libs-32bit-1.2.12-22.21.x86_64.rpm
Sources:
openSUSE 11.1:
http://download.opensuse.org/update/11.1/rpm/src/cups-1.3.9-7.2.1.src.rpm
openSUSE 11.0:
http://download.opensuse.org/update/11.0/rpm/src/cups-1.3.7-25.8.src.rpm
openSUSE 10.3:
http://download.opensuse.org/update/10.3/rpm/src/cups-1.2.12-22.21.src.rpm
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
Open Enterprise Server
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=403675f837530f047eb825dcb7428cf3
Novell Linux POS 9
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=403675f837530f047eb825dcb7428cf3
Novell Linux Desktop 9
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=403675f837530f047eb825dcb7428cf3
SUSE SLES 9
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=403675f837530f047eb825dcb7428cf3
SUSE Linux Enterprise Server 10 SP2
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=a777264f13a7d9d882a7d024d831be1f
SUSE Linux Enterprise Desktop 10 SP2
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=a777264f13a7d9d882a7d024d831be1f
SLES 11
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=22d7a0746f9c204f5ecc1395385739f7
SLED 11
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=22d7a0746f9c204f5ecc1395385739f7
SLE 11
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=22d7a0746f9c204f5ecc1395385739f7
SLES 11 DEBUGINFO
http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=22d7a0746f9c204f5ecc1395385739f7
______________________________________________________________________________
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
none
______________________________________________________________________________
6) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security@suse.de>"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
- Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.
The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build@suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.
- SUSE runs two security mailing lists to which any interested party may
subscribe:
opensuse-security@opensuse.org
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security+subscribe@opensuse.org>.
opensuse-security-announce@opensuse.org
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<opensuse-security-announce+subscribe@opensuse.org>.
=====================================================================
SUSE's security contact is <security@suse.com> or <security@suse.de>.
The <security@suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSe8qrney5gA9JdPZAQI4aQf/e938Hr+O1QYi9y5cm9ycOcaFHWx0oZED
yyOc4lUYZrb7qjmErPHfpoMR9c2XZlmESwKY0RZjddxe+vINDrOcMuI4nrp12ObP
uYvSAAz3xgpXzVtW5B/90ihHJAqHAnwOsdO8adt6PtKCt7T2gMPuQV0RSz3BRy//
qtBHDNyTBRPK7ex/YKUyQAbNENQUa3r9BaHpTHWjscfCoQch4Wz5hmLKv/n7eYdj
CFetsr6zu3hn3isKD8EPTIMbkpaYBMxp53UnNiRmVRy0Gb7zlBz5ByYQaYY+YKf/
OZ+ZHRTuDsNbAT03QtkvML3yqr3Yobb39DFa+cSsH2c9xTdwWdzSAg==
=ZnS5
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. (CVE-2009-0165). (CVE-2009-0163)
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier,
as used in Poppler and other products, when running on Mac OS X,
has unspecified impact, related to g*allocn. NOTE:
the JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0800)
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10
does not properly initialize memory for IPP request packets, which
allows remote attackers to cause a denial of service (NULL pointer
dereference and daemon crash) via a scheduler request with two
consecutive IPP_TAG_UNSUPPORTED tags. An
attacker could create a malicious PDF file that would cause pdftops
to crash or, potentially, execute arbitrary code as the lp user if
the file was printed. (CVE-2009-3608, CVE-2009-3609)
This update corrects the problems.
Update:
Packages for 2008.0 are being provided due to extended support for
Corporate products.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
6b17f59f63c062c017c78d459dd2d89a 2008.0/i586/cups-1.3.10-0.1mdv2008.0.i586.rpm
9bc5298d9895c356227fdda3a0ddb2c0 2008.0/i586/cups-common-1.3.10-0.1mdv2008.0.i586.rpm
e3583883df8532fc8c496866dac713f8 2008.0/i586/cups-serial-1.3.10-0.1mdv2008.0.i586.rpm
fac1fcb839ad53322a447d4d39f769e3 2008.0/i586/libcups2-1.3.10-0.1mdv2008.0.i586.rpm
3d65afc590fb8520d68b2a3e8e1da696 2008.0/i586/libcups2-devel-1.3.10-0.1mdv2008.0.i586.rpm
9e09ed22a2522ee45e93e0edc146193f 2008.0/i586/libpoppler2-0.6-3.5mdv2008.0.i586.rpm
7427b1f56387e84db5a15aad85b424d2 2008.0/i586/libpoppler-devel-0.6-3.5mdv2008.0.i586.rpm
67937a584d365d6b00ef688c88e8d7c5 2008.0/i586/libpoppler-glib2-0.6-3.5mdv2008.0.i586.rpm
410dc85c2c7b71ab316be5607c556682 2008.0/i586/libpoppler-glib-devel-0.6-3.5mdv2008.0.i586.rpm
64d6e14be8d93c7651ce5dc3e2ebc5bf 2008.0/i586/libpoppler-qt2-0.6-3.5mdv2008.0.i586.rpm
cc9af7e314b6eaa6a8f946fa2c27f298 2008.0/i586/libpoppler-qt4-2-0.6-3.5mdv2008.0.i586.rpm
0c6d3a6b5211e8506a89144b8c3a3cfb 2008.0/i586/libpoppler-qt4-devel-0.6-3.5mdv2008.0.i586.rpm
c985516638ed4d8f792daa13bd506023 2008.0/i586/libpoppler-qt-devel-0.6-3.5mdv2008.0.i586.rpm
8d05619dcef538092696ce70998abd20 2008.0/i586/php-cups-1.3.10-0.1mdv2008.0.i586.rpm
0bae2a3525b796882d2cc87853945e5a 2008.0/i586/poppler-0.6-3.5mdv2008.0.i586.rpm
f3b53f5fafa8af4d754a5985e5f93830 2008.0/SRPMS/cups-1.3.10-0.1mdv2008.0.src.rpm
11b021f4e5d21d199728b9a0a37a8230 2008.0/SRPMS/poppler-0.6-3.5mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
8249475feb3bdc74ea7060944baed6aa 2008.0/x86_64/cups-1.3.10-0.1mdv2008.0.x86_64.rpm
83951504acb783cfdb8ec4fe48d31e1e 2008.0/x86_64/cups-common-1.3.10-0.1mdv2008.0.x86_64.rpm
fa8a91e8e3bc8f11c19ab460d1f690fe 2008.0/x86_64/cups-serial-1.3.10-0.1mdv2008.0.x86_64.rpm
e061fdbeded2d97bb3ca6b34d33cb384 2008.0/x86_64/lib64cups2-1.3.10-0.1mdv2008.0.x86_64.rpm
893235ea8cf23295ae961ea2de0b9903 2008.0/x86_64/lib64cups2-devel-1.3.10-0.1mdv2008.0.x86_64.rpm
9844640563afdef4a870e2ed12e58136 2008.0/x86_64/lib64poppler2-0.6-3.5mdv2008.0.x86_64.rpm
06ea824a6a2cd9360a9e75a14718192a 2008.0/x86_64/lib64poppler-devel-0.6-3.5mdv2008.0.x86_64.rpm
bb0eb04fa906a352e6738d08f116f89b 2008.0/x86_64/lib64poppler-glib2-0.6-3.5mdv2008.0.x86_64.rpm
43d6a85dfdad7e969655ee4e2a377370 2008.0/x86_64/lib64poppler-glib-devel-0.6-3.5mdv2008.0.x86_64.rpm
eef29dde4b9e80d4c360e953cbe9110b 2008.0/x86_64/lib64poppler-qt2-0.6-3.5mdv2008.0.x86_64.rpm
c74dc9f245091f451441d8b88f0beed3 2008.0/x86_64/lib64poppler-qt4-2-0.6-3.5mdv2008.0.x86_64.rpm
60345458274afc6ff480317fc408ec52 2008.0/x86_64/lib64poppler-qt4-devel-0.6-3.5mdv2008.0.x86_64.rpm
0a880b9c0d655c10f5757882e30911f1 2008.0/x86_64/lib64poppler-qt-devel-0.6-3.5mdv2008.0.x86_64.rpm
eb6fde793ac0d7ea86df42aa22637807 2008.0/x86_64/php-cups-1.3.10-0.1mdv2008.0.x86_64.rpm
7f475f07368ed9158008f2891dce2cd6 2008.0/x86_64/poppler-0.6-3.5mdv2008.0.x86_64.rpm
f3b53f5fafa8af4d754a5985e5f93830 2008.0/SRPMS/cups-1.3.10-0.1mdv2008.0.src.rpm
11b021f4e5d21d199728b9a0a37a8230 2008.0/SRPMS/poppler-0.6-3.5mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201310-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Poppler: Multiple vulnerabilities
Date: October 06, 2013
Bugs: #263028, #290430, #290464, #308017, #338878, #352581,
#459866, #480366
ID: 201310-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Poppler, some of which may
allow execution of arbitrary code.
Background
==========
Poppler is a cross-platform PDF rendering library originally based on
Xpdf.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/poppler < 0.22.2-r1 >= 0.22.2-r1
Description
===========
Multiple vulnerabilities have been discovered in Poppler. Please review
the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Poppler users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/poppler-0.22.2-r1"
References
==========
[ 1 ] CVE-2009-0146
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0146
[ 2 ] CVE-2009-0147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0147
[ 3 ] CVE-2009-0165
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0165
[ 4 ] CVE-2009-0166
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0166
[ 5 ] CVE-2009-0195
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0195
[ 6 ] CVE-2009-0799
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0799
[ 7 ] CVE-2009-0800
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0800
[ 8 ] CVE-2009-1179
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1179
[ 9 ] CVE-2009-1180
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1180
[ 10 ] CVE-2009-1181
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1181
[ 11 ] CVE-2009-1182
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1182
[ 12 ] CVE-2009-1183
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1183
[ 13 ] CVE-2009-1187
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1187
[ 14 ] CVE-2009-1188
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1188
[ 15 ] CVE-2009-3603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3603
[ 16 ] CVE-2009-3604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3604
[ 17 ] CVE-2009-3605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3605
[ 18 ] CVE-2009-3606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3606
[ 19 ] CVE-2009-3607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3607
[ 20 ] CVE-2009-3608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3608
[ 21 ] CVE-2009-3609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3609
[ 22 ] CVE-2009-3938
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3938
[ 23 ] CVE-2010-3702
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3702
[ 24 ] CVE-2010-3703
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3703
[ 25 ] CVE-2010-3704
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3704
[ 26 ] CVE-2010-4653
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4653
[ 27 ] CVE-2010-4654
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4654
[ 28 ] CVE-2012-2142
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2142
[ 29 ] CVE-2013-1788
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1788
[ 30 ] CVE-2013-1789
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1789
[ 31 ] CVE-2013-1790
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1790
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201310-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
This update upgrades KDE in Mandriva Linux 2008.0 to version 3.5.10,
which brings many bugfixes, overall improvements and many security
fixes.
For the old stable distribution (etch), these problems have been fixed in version
3.01-9.1+etch6.
For the stable distribution (lenny), these problems have been fixed in version
3.02-1.4+lenny1.
For the unstable distribution (sid), these problems will be fixed in a
forthcoming version.
We recommend that you upgrade your xpdf packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch6.dsc
Size/MD5 checksum: 974 9c04059981f8b036d7e6e39c7f0aeb21
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch6.diff.gz
Size/MD5 checksum: 46835 c69a67b9ff487403e7c3ff819c6ff734
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01.orig.tar.gz
Size/MD5 checksum: 599778 e004c69c7dddef165d768b1362b44268
Architecture independent packages:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.01-9.1+etch6_all.deb
Size/MD5 checksum: 62834 dd8f37161c3b2430cb1cd65c911e9f86
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch6_all.deb
Size/MD5 checksum: 1278 d6da8e00b02ab3f17ec44b90fff6bb30
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_alpha.deb
Size/MD5 checksum: 920352 83b7d74d9ebae9b26da91de7c91d3502
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_alpha.deb
Size/MD5 checksum: 1687294 9862913548fff9bfda37a6fe075df5b0
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_amd64.deb
Size/MD5 checksum: 809202 171520d7642019943bfe7166876f5da5
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_amd64.deb
Size/MD5 checksum: 1493308 9575f135e9ec312f9e6d7d2517dd8f5b
arm architecture (ARM)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_arm.deb
Size/MD5 checksum: 803714 6db06ffcba7f6d7576ed356e7989557d
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_arm.deb
Size/MD5 checksum: 1468616 9afde01dda379acd4e7edfbccc7c7b2d
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_hppa.deb
Size/MD5 checksum: 1773794 c9012a9d3919ec40dcea1264ac27a6fe
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_hppa.deb
Size/MD5 checksum: 963060 565daaf6f15ff7593d560ef7a2f94364
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_i386.deb
Size/MD5 checksum: 796992 5270bef04f1c2e924b813dffe6050d89
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_i386.deb
Size/MD5 checksum: 1458826 b2f3cbaac0ffcce0bb8d7e656bf11b02
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_ia64.deb
Size/MD5 checksum: 1217142 afeaf9bfc66ebb69767703bfb30bbd4c
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_ia64.deb
Size/MD5 checksum: 2218472 6545e9b6f58a84c0daa76baa8a0db629
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_mipsel.deb
Size/MD5 checksum: 946638 5323268be89e54c5c8eb7ae13f0eab14
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_mipsel.deb
Size/MD5 checksum: 1721268 0b710c0bcc6ffefe29f683ab09d3cbe8
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_powerpc.deb
Size/MD5 checksum: 1554798 eadd6236b778761086d436dd8db986e4
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_powerpc.deb
Size/MD5 checksum: 849204 d22f5d59f03d6484e149d7536a25a517
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_s390.deb
Size/MD5 checksum: 1401814 0e3f588c64e8fa9a102ebcae29c4d807
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_s390.deb
Size/MD5 checksum: 767392 4b7c1a868f2f909c2dce25087da77817
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_sparc.deb
Size/MD5 checksum: 1394680 8b17e2339e2a908a610271eb678495b1
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_sparc.deb
Size/MD5 checksum: 763618 f3897333018702ee926e41ca5f58dc92
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02-1.4+lenny1.dsc
Size/MD5 checksum: 1266 faeebc4dfc74129ca708a6345bb483f7
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02.orig.tar.gz
Size/MD5 checksum: 674912 599dc4cc65a07ee868cf92a667a913d2
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02-1.4+lenny1.diff.gz
Size/MD5 checksum: 42280 362f72e95494f51a19eeb898b9a527ac
Architecture independent packages:
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.02-1.4+lenny1_all.deb
Size/MD5 checksum: 67664 b5f063bf32cbeaf1aaeec315dc8aff0a
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02-1.4+lenny1_all.deb
Size/MD5 checksum: 1268 f67780458dac3c38cd59bfde186f9a3b
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_alpha.deb
Size/MD5 checksum: 1896344 f65f591413c25a23ea2aaccba2b5b634
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_alpha.deb
Size/MD5 checksum: 1018434 cb679c93bbc428ea852bd4ef3103e42d
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_amd64.deb
Size/MD5 checksum: 1709514 1e1277251a6dd0bb0a551997efd39175
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_amd64.deb
Size/MD5 checksum: 921892 fb7de1db5e3885365c3ad74c3646ab57
arm architecture (ARM)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_arm.deb
Size/MD5 checksum: 1667088 58ddefe40598d6fe4a5016145163ef45
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_arm.deb
Size/MD5 checksum: 907908 881594298fe547cefa3d528c519d369f
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_armel.deb
Size/MD5 checksum: 886242 51d55f7c4de41c5d4051f41fde9b7389
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_armel.deb
Size/MD5 checksum: 1602392 bc996edfad6d1995cb4ef2f4c7760b51
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_hppa.deb
Size/MD5 checksum: 1076286 fa3ac4a1001abf3e892bb1397b06ff17
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_hppa.deb
Size/MD5 checksum: 1985520 e95263d094e2c8d6aa72ee1edb9105f3
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_i386.deb
Size/MD5 checksum: 876656 441042932886fa29adae731338f6b5bd
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_i386.deb
Size/MD5 checksum: 1611730 52516381da25dbb0c1145e2b7cdf692a
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_ia64.deb
Size/MD5 checksum: 1380222 0ffaee560534c9d69df433340679c8fc
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_ia64.deb
Size/MD5 checksum: 2519970 eb4f4e5c173557fa8ae713f123cbb193
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_mips.deb
Size/MD5 checksum: 1894924 58b336b114ef5c8fb9fc6244411b4cf4
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_mips.deb
Size/MD5 checksum: 1040834 ae8ed06ea2ed07e3a064c6bd28e80933
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_mipsel.deb
Size/MD5 checksum: 1026954 eac8167230b8fa208cdbc5b196f0c624
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_mipsel.deb
Size/MD5 checksum: 1872050 8f2e99ce5a102d099ba22543f246d5bd
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_powerpc.deb
Size/MD5 checksum: 1788584 7d1466cc8770bd92f299c1cc772f64e7
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_powerpc.deb
Size/MD5 checksum: 968838 7cc8568d6b74348300066e42b27f90c2
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_s390.deb
Size/MD5 checksum: 871666 1dde93a4cc0a28b90f92c05f0d181079
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_s390.deb
Size/MD5 checksum: 1598270 201ad07e4853843dce22f22daa41fd35
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_sparc.deb
Size/MD5 checksum: 863662 446f2d8fe6483d3741648c4db1ff5b82
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_sparc.deb
Size/MD5 checksum: 1586262 52861c00f406c35db8a6e6f3269cc37d
These files will probably be moved into the stable distribution on
its next update