VARIoT IoT vulnerabilities database

Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic.". An attacker can exploit this issue by enticing an unsuspecting user to process a malicious XML file with an application that uses the 'NSXML' API. This can allow arbitrary code to run with the privileges of the user running the application that uses the affected API. Failed attacks will cause denial-of-service conditions. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including AFP Client, AFP Server, AppKit, Application Firewall, CoreFoundation, CoreServices, CUPS, Foundation, Help Viewer, Image Raw, libc, mDNSResponder, notifyd, pax archive utility, Podcast Producer, Preview, Printing, System Configuration, UDF, and Wiki Server. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. These issues affect Apple Mac OS X 10.4.11, 10.4.11 Server, 10.5.2, 10.5.2 Server and earlier. NOTE: This BID is being retired. The following individual records have been created to fully document all the vulnerabilities that were described in this BID: 28320 Apple Mac OS X AFP Client 'afp://' URI Remote Code Execution Vulnerability CVE-2008-0044. 28323 Apple Mac OS X AFP Server Cross-Realm Authentication Bypass Vulnerability CVE-2008-0994 28388 Apple Mac OS X AppKit NSDocument API's Stack Based Buffer Overflow Vulnerability CVE-2008-0048 28340 Apple Mac OS X AppKit Bootstrap Namespace Local Privilege Escalation Vulnerability CVE-2008-0049 28358 Apple Mac OS X AppKit Legacy Serialization Kit Multiple Integer Overflow Vulnerabilities CVE-2008-0057 28364 Apple Mac OS X AppKit PPD File Stack Buffer Overflow Vulnerability CVE-2008-0997 28368 Apple Mac OS X Application Firewall German Translation Insecure Configuration Weakness CVE-2008-0046 28375 Apple Mac OS X CoreFoundation Time Zone Data Local Privilege Escalation Vulnerability CVE-2008-0051 28384 Apple Mac OS X CoreServices '.ief' Files Security Policy Violation Weakness CVE-2008-0052 28334 CUPS Multiple Unspecified Input Validation Vulnerabilities 28341 Apple Mac OS X Foundation 'NSSelectorFromString' Input Validation Vulnerability 28343 Apple Mac OS X Foundation NSFileManager Insecure Directory Local Privilege Escalation Vulnerability 28357 Apple Mac OS X Foundation 'NSFileManager' Stack-Based Buffer Overflow Vulnerability 28359 Apple Mac OS X Foundation 'NSURLConnection' Cache Management Race Condition Security Vulnerability 28363 Apple Mac OS X Image RAW Stack-Based Buffer Overflow Vulnerability 28367 Apple Mac OS X Foundation 'NSXML' XML File Processing Race Condition Security Vulnerability 28371 Apple Mac OS X Help Viewer Remote Applescript Code Execution Vulnerability 28374 Apple Mac OS X libc 'strnstr(3)' Off-By-One Denial of Service Vulnerability 28387 Apple Mac OS X Printing To PDF Insecure Encryption Weakness 28386 Apple Mac OS X Preview PDF Insecure Encryption Weakness 28389 Apple Mac OS X Universal Disc Format Remote Denial of Service Vulnerability 28385 Apple Mac OS X NetCfgTool Local Privilege Escalation Vulnerability 28365 Apple Mac OS X pax Archive Utility Remote Code Execution Vulnerability 28344 Apple Mac OS X Authenticated Print Queue Information Disclosure Vulnerability 28345 Apple Mac OS X 'notifyd' Local Denial of Service Vulnerability 28372 Apple Mac OS X Podcast Producer Podcast Capture Information Disclosure Vulnerability 28339 Apple Mac OS X mDNSResponderHelper Local Format String Vulnerability. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. 1) Multiple boundary errors in AFP client when processing "afp://" URLs can be exploited to cause stack-based buffer overflows when a user connects to a malicious AFP server. Successful exploitation may allow execution of arbitrary code. 2) An error exists in AFP Server when checking Kerberos principal realm names. This can be exploited to make unauthorized connections to the server when cross-realm authentication with AFP Server is used. 3) Multiple vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. For more information: SA18008 SA21197 SA26636 SA27906 SA28046 4) A boundary error within the handling of file names in the NSDocument API in AppKit can be exploited to cause a stack-based buffer overflow. 6) Multiple integer overflow errors exist in the parser for a legacy serialization format. This can be exploited to cause a heap-based buffer overflow when a specially crafted serialized property list is parsed. Successful exploitation may allow execution of arbitrary code. 7) An error in CFNetwork can be exploited to spoof secure websites via 502 Bad Gateway errors from a malicious HTTPS proxy server. 8) Multiple vulnerabilities in ClamAV can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. For more information: SA23347 SA24187 SA24891 SA26038 SA26530 SA28117 SA28907 9) An integer overflow error exists in CoreFoundation when handling time zone data. 10) The problem is that files with names ending in ".ief" can be automatically opened in AppleWorks if "Open 'Safe' files" is enabled in Safari. For more information: SA29431 12) Multiple input validation errors exist in CUPS, which can be exploited to execute arbitrary code with system privileges. 13) A boundary error in curl can be exploited to compromise a user's system. For more information: SA17907 14) A vulnerability in emacs can be exploited by malicious people to compromise a user's system. For more information: SA27508 15) A vulnerability in "file" can be exploited by malicious people to compromise a vulnerable system. For more information: SA24548 16) An input validation error exists in the NSSelectorFromString API, which can potentially be exploited to execute arbitrary code via a malformed selector name. 17) A race condition error in NSFileManager can potentially be exploited to gain escalated privileges. 18) A boundary error in NSFileManager can potentially be exploited to cause a stack-based buffer overflow via an overly long pathname with a specially crafted structure. 19) A race condition error exists in the cache management of NSURLConnection. This can be exploited to cause a DoS or execute arbitrary code in applications using the library (e.g. Safari). 20) A race condition error exists in NSXML. 21) An error in Help Viewer can be exploited to insert arbitrary HTML or JavaScript into the generated topic list page via a specially crafted "help:topic_list" URL and may redirect to a Help Viewer "help:runscript" link that runs Applescript. 22) A boundary error exists in Image Raw within the handling of Adobe Digital Negative (DNG) image files. This can be exploited to cause a stack-based buffer overflow by enticing a user to open a maliciously crafted image file. 23) Multiple vulnerabilities in Kerberos can be exploited to cause a DoS or to compromise a vulnerable system. For more information: SA29428 24) An off-by-one error the "strnstr()" in libc can be exploited to cause a DoS. 25) A format string error exists in mDNSResponderHelper, which can be exploited by a malicious, local user to cause a DoS or execute arbitrary code with privileges of mDNSResponderHelper by setting the local hostname to a specially crafted string. 26) An error in notifyd can be exploited by a malicious, local user to deny access to notifications by sending fake Mach port death notifications to notifyd. 27) An array indexing error in the pax command line tool can be exploited to execute arbitrary code. 28) Multiple vulnerabilities in php can be exploited to bypass certain security restrictions. For more information: SA27648 SA28318 29) A security issue is caused due to the Podcast Capture application providing passwords to a subtask through the arguments. 30) Printing and Preview handle PDF files with weak encryption. 31) An error in Printing in the handling of authenticated print queues can lead to credentials being saved to disk. 33) A null-pointer dereference error exists in the handling of Universal Disc Format (UDF) file systems, which can be exploited to cause a system shutdown by enticing a user to open a maliciously crafted disk image. 35) Some vulnerabilities in X11 can be exploited by malicious, local users to gain escalated privileges. For more information: SA27040 SA28532 36) Some vulnerabilities in libpng can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA22900 SA25292 SA27093 SA27130 SOLUTION: Apply Security Update 2008-002. Security Update 2008-002 v1.0 (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10ppc.html Security Update 2008-002 v1.0 (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10universal.html Security Update 2008-002 v1.0 (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10leopard.html Security Update 2008-002 v1.0 Server (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10serverleopard.html Security Update 2008-002 v1.0 Server (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10serverppc.html Security Update 2008-002 v1.0 Server (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10serveruniversal.html PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Ragnar Sundblad of KTH - Royal Institute of Technology, Stockholm 11) regenrecht via iDefense 19) Daniel Jalkut, Red Sweater Software 22) Brian Mastenbrook 24) Mike Ash, Rogue Amoeba Software 29) Maximilian Reiss, Chair for Applied Software Engineering, TUM 33) Paul Wagland of Redwood Software, and Wayne Linder of Iomega 34) Rodrigo Carvalho CORE Security Technologies ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307562 CORE-2008-0123: http://www.coresecurity.com/?action=item&id=2189 OTHER REFERENCES: SA17907: http://secunia.com/advisories/17907/ SA18008: http://secunia.com/advisories/18008/ SA21187: http://secunia.com/advisories/21197/ SA22900: http://secunia.com/advisories/22900/ SA23347: http://secunia.com/advisories/23347/ SA24187: http://secunia.com/advisories/24187/ SA24548: http://secunia.com/advisories/24548/ SA24891: http://secunia.com/advisories/24891/ SA25292: http://secunia.com/advisories/25292/ SA26038: http://secunia.com/advisories/26038/ SA26530: http://secunia.com/advisories/26530/ SA26636: http://secunia.com/advisories/26636/ SA27040: http://secunia.com/advisories/27040/ SA27093: http://secunia.com/advisories/27093/ SA27130: http://secunia.com/advisories/27130/ SA27648: http://secunia.com/advisories/27648/ SA27508: http://secunia.com/advisories/27508/ SA27906: http://secunia.com/advisories/27906/ SA28046: http://secunia.com/advisories/28046/ SA28117: http://secunia.com/advisories/28117/ SAS28318: http://secunia.com/advisories/28318/ SA28532: http://secunia.com/advisories/28532/ SA28907: http://secunia.com/advisories/28907/ SA29428: http://secunia.com/advisories/29428/ SA29431: http://secunia.com/advisories/29431/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object. An attacker can exploit this issue by enticing an unsuspecting user to visit a malicious webpage with the Safari browser. This can allow arbitrary code to run with the privileges of the user running the browser or an application that uses the affected API. Failed attacks will cause denial-of-service conditions. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including AFP Client, AFP Server, AppKit, Application Firewall, CoreFoundation, CoreServices, CUPS, Foundation, Help Viewer, Image Raw, libc, mDNSResponder, notifyd, pax archive utility, Podcast Producer, Preview, Printing, System Configuration, UDF, and Wiki Server. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. These issues affect Apple Mac OS X 10.4.11, 10.4.11 Server, 10.5.2, 10.5.2 Server and earlier. NOTE: This BID is being retired. The following individual records have been created to fully document all the vulnerabilities that were described in this BID: 28320 Apple Mac OS X AFP Client 'afp://' URI Remote Code Execution Vulnerability CVE-2008-0044. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. 1) Multiple boundary errors in AFP client when processing "afp://" URLs can be exploited to cause stack-based buffer overflows when a user connects to a malicious AFP server. Successful exploitation may allow execution of arbitrary code. 2) An error exists in AFP Server when checking Kerberos principal realm names. This can be exploited to make unauthorized connections to the server when cross-realm authentication with AFP Server is used. 3) Multiple vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. For more information: SA18008 SA21197 SA26636 SA27906 SA28046 4) A boundary error within the handling of file names in the NSDocument API in AppKit can be exploited to cause a stack-based buffer overflow. 6) Multiple integer overflow errors exist in the parser for a legacy serialization format. This can be exploited to cause a heap-based buffer overflow when a specially crafted serialized property list is parsed. Successful exploitation may allow execution of arbitrary code. 7) An error in CFNetwork can be exploited to spoof secure websites via 502 Bad Gateway errors from a malicious HTTPS proxy server. 8) Multiple vulnerabilities in ClamAV can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. For more information: SA23347 SA24187 SA24891 SA26038 SA26530 SA28117 SA28907 9) An integer overflow error exists in CoreFoundation when handling time zone data. 10) The problem is that files with names ending in ".ief" can be automatically opened in AppleWorks if "Open 'Safe' files" is enabled in Safari. For more information: SA29431 12) Multiple input validation errors exist in CUPS, which can be exploited to execute arbitrary code with system privileges. 13) A boundary error in curl can be exploited to compromise a user's system. For more information: SA17907 14) A vulnerability in emacs can be exploited by malicious people to compromise a user's system. For more information: SA27508 15) A vulnerability in "file" can be exploited by malicious people to compromise a vulnerable system. For more information: SA24548 16) An input validation error exists in the NSSelectorFromString API, which can potentially be exploited to execute arbitrary code via a malformed selector name. 17) A race condition error in NSFileManager can potentially be exploited to gain escalated privileges. 18) A boundary error in NSFileManager can potentially be exploited to cause a stack-based buffer overflow via an overly long pathname with a specially crafted structure. 19) A race condition error exists in the cache management of NSURLConnection. This can be exploited to cause a DoS or execute arbitrary code in applications using the library (e.g. Safari). 20) A race condition error exists in NSXML. 21) An error in Help Viewer can be exploited to insert arbitrary HTML or JavaScript into the generated topic list page via a specially crafted "help:topic_list" URL and may redirect to a Help Viewer "help:runscript" link that runs Applescript. 22) A boundary error exists in Image Raw within the handling of Adobe Digital Negative (DNG) image files. This can be exploited to cause a stack-based buffer overflow by enticing a user to open a maliciously crafted image file. 23) Multiple vulnerabilities in Kerberos can be exploited to cause a DoS or to compromise a vulnerable system. For more information: SA29428 24) An off-by-one error the "strnstr()" in libc can be exploited to cause a DoS. 25) A format string error exists in mDNSResponderHelper, which can be exploited by a malicious, local user to cause a DoS or execute arbitrary code with privileges of mDNSResponderHelper by setting the local hostname to a specially crafted string. 26) An error in notifyd can be exploited by a malicious, local user to deny access to notifications by sending fake Mach port death notifications to notifyd. 27) An array indexing error in the pax command line tool can be exploited to execute arbitrary code. 28) Multiple vulnerabilities in php can be exploited to bypass certain security restrictions. For more information: SA27648 SA28318 29) A security issue is caused due to the Podcast Capture application providing passwords to a subtask through the arguments. 30) Printing and Preview handle PDF files with weak encryption. 31) An error in Printing in the handling of authenticated print queues can lead to credentials being saved to disk. 33) A null-pointer dereference error exists in the handling of Universal Disc Format (UDF) file systems, which can be exploited to cause a system shutdown by enticing a user to open a maliciously crafted disk image. 35) Some vulnerabilities in X11 can be exploited by malicious, local users to gain escalated privileges. For more information: SA27040 SA28532 36) Some vulnerabilities in libpng can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA22900 SA25292 SA27093 SA27130 SOLUTION: Apply Security Update 2008-002. Security Update 2008-002 v1.0 (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10ppc.html Security Update 2008-002 v1.0 (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10universal.html Security Update 2008-002 v1.0 (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10leopard.html Security Update 2008-002 v1.0 Server (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10serverleopard.html Security Update 2008-002 v1.0 Server (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10serverppc.html Security Update 2008-002 v1.0 Server (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10serveruniversal.html PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Ragnar Sundblad of KTH - Royal Institute of Technology, Stockholm 11) regenrecht via iDefense 19) Daniel Jalkut, Red Sweater Software 22) Brian Mastenbrook 24) Mike Ash, Rogue Amoeba Software 29) Maximilian Reiss, Chair for Applied Software Engineering, TUM 33) Paul Wagland of Redwood Software, and Wayne Linder of Iomega 34) Rodrigo Carvalho CORE Security Technologies ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307562 CORE-2008-0123: http://www.coresecurity.com/?action=item&id=2189 OTHER REFERENCES: SA17907: http://secunia.com/advisories/17907/ SA18008: http://secunia.com/advisories/18008/ SA21187: http://secunia.com/advisories/21197/ SA22900: http://secunia.com/advisories/22900/ SA23347: http://secunia.com/advisories/23347/ SA24187: http://secunia.com/advisories/24187/ SA24548: http://secunia.com/advisories/24548/ SA24891: http://secunia.com/advisories/24891/ SA25292: http://secunia.com/advisories/25292/ SA26038: http://secunia.com/advisories/26038/ SA26530: http://secunia.com/advisories/26530/ SA26636: http://secunia.com/advisories/26636/ SA27040: http://secunia.com/advisories/27040/ SA27093: http://secunia.com/advisories/27093/ SA27130: http://secunia.com/advisories/27130/ SA27648: http://secunia.com/advisories/27648/ SA27508: http://secunia.com/advisories/27508/ SA27906: http://secunia.com/advisories/27906/ SA28046: http://secunia.com/advisories/28046/ SA28117: http://secunia.com/advisories/28117/ SAS28318: http://secunia.com/advisories/28318/ SA28532: http://secunia.com/advisories/28532/ SA28907: http://secunia.com/advisories/28907/ SA29428: http://secunia.com/advisories/29428/ SA29431: http://secunia.com/advisories/29431/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager. Failed attacks will cause denial-of-service conditions. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including AFP Client, AFP Server, AppKit, Application Firewall, CoreFoundation, CoreServices, CUPS, Foundation, Help Viewer, Image Raw, libc, mDNSResponder, notifyd, pax archive utility, Podcast Producer, Preview, Printing, System Configuration, UDF, and Wiki Server. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. These issues affect Apple Mac OS X 10.4.11, 10.4.11 Server, 10.5.2, 10.5.2 Server and earlier. NOTE: This BID is being retired. 28323 Apple Mac OS X AFP Server Cross-Realm Authentication Bypass Vulnerability CVE-2008-0994 28388 Apple Mac OS X AppKit NSDocument API's Stack Based Buffer Overflow Vulnerability CVE-2008-0048 28340 Apple Mac OS X AppKit Bootstrap Namespace Local Privilege Escalation Vulnerability CVE-2008-0049 28358 Apple Mac OS X AppKit Legacy Serialization Kit Multiple Integer Overflow Vulnerabilities CVE-2008-0057 28364 Apple Mac OS X AppKit PPD File Stack Buffer Overflow Vulnerability CVE-2008-0997 28368 Apple Mac OS X Application Firewall German Translation Insecure Configuration Weakness CVE-2008-0046 28375 Apple Mac OS X CoreFoundation Time Zone Data Local Privilege Escalation Vulnerability CVE-2008-0051 28384 Apple Mac OS X CoreServices '.ief' Files Security Policy Violation Weakness CVE-2008-0052 28334 CUPS Multiple Unspecified Input Validation Vulnerabilities 28341 Apple Mac OS X Foundation 'NSSelectorFromString' Input Validation Vulnerability 28343 Apple Mac OS X Foundation NSFileManager Insecure Directory Local Privilege Escalation Vulnerability 28357 Apple Mac OS X Foundation 'NSFileManager' Stack-Based Buffer Overflow Vulnerability 28359 Apple Mac OS X Foundation 'NSURLConnection' Cache Management Race Condition Security Vulnerability 28363 Apple Mac OS X Image RAW Stack-Based Buffer Overflow Vulnerability 28367 Apple Mac OS X Foundation 'NSXML' XML File Processing Race Condition Security Vulnerability 28371 Apple Mac OS X Help Viewer Remote Applescript Code Execution Vulnerability 28374 Apple Mac OS X libc 'strnstr(3)' Off-By-One Denial of Service Vulnerability 28387 Apple Mac OS X Printing To PDF Insecure Encryption Weakness 28386 Apple Mac OS X Preview PDF Insecure Encryption Weakness 28389 Apple Mac OS X Universal Disc Format Remote Denial of Service Vulnerability 28385 Apple Mac OS X NetCfgTool Local Privilege Escalation Vulnerability 28365 Apple Mac OS X pax Archive Utility Remote Code Execution Vulnerability 28344 Apple Mac OS X Authenticated Print Queue Information Disclosure Vulnerability 28345 Apple Mac OS X 'notifyd' Local Denial of Service Vulnerability 28372 Apple Mac OS X Podcast Producer Podcast Capture Information Disclosure Vulnerability 28339 Apple Mac OS X mDNSResponderHelper Local Format String Vulnerability. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. 1) Multiple boundary errors in AFP client when processing "afp://" URLs can be exploited to cause stack-based buffer overflows when a user connects to a malicious AFP server. Successful exploitation may allow execution of arbitrary code. 2) An error exists in AFP Server when checking Kerberos principal realm names. This can be exploited to make unauthorized connections to the server when cross-realm authentication with AFP Server is used. 3) Multiple vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. For more information: SA18008 SA21197 SA26636 SA27906 SA28046 4) A boundary error within the handling of file names in the NSDocument API in AppKit can be exploited to cause a stack-based buffer overflow. 6) Multiple integer overflow errors exist in the parser for a legacy serialization format. This can be exploited to cause a heap-based buffer overflow when a specially crafted serialized property list is parsed. Successful exploitation may allow execution of arbitrary code. 7) An error in CFNetwork can be exploited to spoof secure websites via 502 Bad Gateway errors from a malicious HTTPS proxy server. 8) Multiple vulnerabilities in ClamAV can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. For more information: SA23347 SA24187 SA24891 SA26038 SA26530 SA28117 SA28907 9) An integer overflow error exists in CoreFoundation when handling time zone data. 10) The problem is that files with names ending in ".ief" can be automatically opened in AppleWorks if "Open 'Safe' files" is enabled in Safari. 13) A boundary error in curl can be exploited to compromise a user's system. For more information: SA17907 14) A vulnerability in emacs can be exploited by malicious people to compromise a user's system. For more information: SA27508 15) A vulnerability in "file" can be exploited by malicious people to compromise a vulnerable system. For more information: SA24548 16) An input validation error exists in the NSSelectorFromString API, which can potentially be exploited to execute arbitrary code via a malformed selector name. 17) A race condition error in NSFileManager can potentially be exploited to gain escalated privileges. 19) A race condition error exists in the cache management of NSURLConnection. Safari). 20) A race condition error exists in NSXML. 21) An error in Help Viewer can be exploited to insert arbitrary HTML or JavaScript into the generated topic list page via a specially crafted "help:topic_list" URL and may redirect to a Help Viewer "help:runscript" link that runs Applescript. 22) A boundary error exists in Image Raw within the handling of Adobe Digital Negative (DNG) image files. This can be exploited to cause a stack-based buffer overflow by enticing a user to open a maliciously crafted image file. 23) Multiple vulnerabilities in Kerberos can be exploited to cause a DoS or to compromise a vulnerable system. For more information: SA29428 24) An off-by-one error the "strnstr()" in libc can be exploited to cause a DoS. 25) A format string error exists in mDNSResponderHelper, which can be exploited by a malicious, local user to cause a DoS or execute arbitrary code with privileges of mDNSResponderHelper by setting the local hostname to a specially crafted string. 26) An error in notifyd can be exploited by a malicious, local user to deny access to notifications by sending fake Mach port death notifications to notifyd. 27) An array indexing error in the pax command line tool can be exploited to execute arbitrary code. 28) Multiple vulnerabilities in php can be exploited to bypass certain security restrictions. For more information: SA27648 SA28318 29) A security issue is caused due to the Podcast Capture application providing passwords to a subtask through the arguments. 30) Printing and Preview handle PDF files with weak encryption. 31) An error in Printing in the handling of authenticated print queues can lead to credentials being saved to disk. 33) A null-pointer dereference error exists in the handling of Universal Disc Format (UDF) file systems, which can be exploited to cause a system shutdown by enticing a user to open a maliciously crafted disk image. 35) Some vulnerabilities in X11 can be exploited by malicious, local users to gain escalated privileges. For more information: SA27040 SA28532 36) Some vulnerabilities in libpng can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA22900 SA25292 SA27093 SA27130 SOLUTION: Apply Security Update 2008-002. Security Update 2008-002 v1.0 (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10ppc.html Security Update 2008-002 v1.0 (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10universal.html Security Update 2008-002 v1.0 (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10leopard.html Security Update 2008-002 v1.0 Server (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10serverleopard.html Security Update 2008-002 v1.0 Server (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10serverppc.html Security Update 2008-002 v1.0 Server (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10serveruniversal.html PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Ragnar Sundblad of KTH - Royal Institute of Technology, Stockholm 11) regenrecht via iDefense 19) Daniel Jalkut, Red Sweater Software 22) Brian Mastenbrook 24) Mike Ash, Rogue Amoeba Software 29) Maximilian Reiss, Chair for Applied Software Engineering, TUM 33) Paul Wagland of Redwood Software, and Wayne Linder of Iomega 34) Rodrigo Carvalho CORE Security Technologies ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307562 CORE-2008-0123: http://www.coresecurity.com/?action=item&id=2189 OTHER REFERENCES: SA17907: http://secunia.com/advisories/17907/ SA18008: http://secunia.com/advisories/18008/ SA21187: http://secunia.com/advisories/21197/ SA22900: http://secunia.com/advisories/22900/ SA23347: http://secunia.com/advisories/23347/ SA24187: http://secunia.com/advisories/24187/ SA24548: http://secunia.com/advisories/24548/ SA24891: http://secunia.com/advisories/24891/ SA25292: http://secunia.com/advisories/25292/ SA26038: http://secunia.com/advisories/26038/ SA26530: http://secunia.com/advisories/26530/ SA26636: http://secunia.com/advisories/26636/ SA27040: http://secunia.com/advisories/27040/ SA27093: http://secunia.com/advisories/27093/ SA27130: http://secunia.com/advisories/27130/ SA27648: http://secunia.com/advisories/27648/ SA27508: http://secunia.com/advisories/27508/ SA27906: http://secunia.com/advisories/27906/ SA28046: http://secunia.com/advisories/28046/ SA28117: http://secunia.com/advisories/28117/ SAS28318: http://secunia.com/advisories/28318/ SA28532: http://secunia.com/advisories/28532/ SA28907: http://secunia.com/advisories/28907/ SA29428: http://secunia.com/advisories/29428/ SA29431: http://secunia.com/advisories/29431/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including AFP Client, AFP Server, AppKit, Application Firewall, CoreFoundation, CoreServices, CUPS, Foundation, Help Viewer, Image Raw, libc, mDNSResponder, notifyd, pax archive utility, Podcast Producer, Preview, Printing, System Configuration, UDF, and Wiki Server. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. These issues affect Apple Mac OS X 10.4.11, 10.4.11 Server, 10.5.2, 10.5.2 Server and earlier. NOTE: This BID is being retired. The following individual records have been created to fully document all the vulnerabilities that were described in this BID: 28320 Apple Mac OS X AFP Client 'afp://' URI Remote Code Execution Vulnerability CVE-2008-0044. 28323 Apple Mac OS X AFP Server Cross-Realm Authentication Bypass Vulnerability CVE-2008-0994 28388 Apple Mac OS X AppKit NSDocument API's Stack Based Buffer Overflow Vulnerability CVE-2008-0048 28340 Apple Mac OS X AppKit Bootstrap Namespace Local Privilege Escalation Vulnerability CVE-2008-0049 28358 Apple Mac OS X AppKit Legacy Serialization Kit Multiple Integer Overflow Vulnerabilities CVE-2008-0057 28364 Apple Mac OS X AppKit PPD File Stack Buffer Overflow Vulnerability CVE-2008-0997 28368 Apple Mac OS X Application Firewall German Translation Insecure Configuration Weakness CVE-2008-0046 28375 Apple Mac OS X CoreFoundation Time Zone Data Local Privilege Escalation Vulnerability CVE-2008-0051 28384 Apple Mac OS X CoreServices '.ief' Files Security Policy Violation Weakness CVE-2008-0052 28334 CUPS Multiple Unspecified Input Validation Vulnerabilities 28341 Apple Mac OS X Foundation 'NSSelectorFromString' Input Validation Vulnerability 28343 Apple Mac OS X Foundation NSFileManager Insecure Directory Local Privilege Escalation Vulnerability 28357 Apple Mac OS X Foundation 'NSFileManager' Stack-Based Buffer Overflow Vulnerability 28359 Apple Mac OS X Foundation 'NSURLConnection' Cache Management Race Condition Security Vulnerability 28363 Apple Mac OS X Image RAW Stack-Based Buffer Overflow Vulnerability 28367 Apple Mac OS X Foundation 'NSXML' XML File Processing Race Condition Security Vulnerability 28371 Apple Mac OS X Help Viewer Remote Applescript Code Execution Vulnerability 28374 Apple Mac OS X libc 'strnstr(3)' Off-By-One Denial of Service Vulnerability 28387 Apple Mac OS X Printing To PDF Insecure Encryption Weakness 28386 Apple Mac OS X Preview PDF Insecure Encryption Weakness 28389 Apple Mac OS X Universal Disc Format Remote Denial of Service Vulnerability 28385 Apple Mac OS X NetCfgTool Local Privilege Escalation Vulnerability 28365 Apple Mac OS X pax Archive Utility Remote Code Execution Vulnerability 28344 Apple Mac OS X Authenticated Print Queue Information Disclosure Vulnerability 28345 Apple Mac OS X 'notifyd' Local Denial of Service Vulnerability 28372 Apple Mac OS X Podcast Producer Podcast Capture Information Disclosure Vulnerability 28339 Apple Mac OS X mDNSResponderHelper Local Format String Vulnerability. An attacker can exploit this issue to manipulate file/directory permissions. This may lead to an escalation in privileges and can aid in launching further attacks. When performing a recursive file copy operation, NSFileManager creates a fully writable directory and then restricts permissions, which creates a race condition where a local user can control the directory and intervene in subsequent operations, resulting in escalation of permissions to the application using the API. authority. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. 1) Multiple boundary errors in AFP client when processing "afp://" URLs can be exploited to cause stack-based buffer overflows when a user connects to a malicious AFP server. Successful exploitation may allow execution of arbitrary code. 2) An error exists in AFP Server when checking Kerberos principal realm names. This can be exploited to make unauthorized connections to the server when cross-realm authentication with AFP Server is used. 3) Multiple vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. For more information: SA18008 SA21197 SA26636 SA27906 SA28046 4) A boundary error within the handling of file names in the NSDocument API in AppKit can be exploited to cause a stack-based buffer overflow. 6) Multiple integer overflow errors exist in the parser for a legacy serialization format. This can be exploited to cause a heap-based buffer overflow when a specially crafted serialized property list is parsed. Successful exploitation may allow execution of arbitrary code. 7) An error in CFNetwork can be exploited to spoof secure websites via 502 Bad Gateway errors from a malicious HTTPS proxy server. 8) Multiple vulnerabilities in ClamAV can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. For more information: SA23347 SA24187 SA24891 SA26038 SA26530 SA28117 SA28907 9) An integer overflow error exists in CoreFoundation when handling time zone data. 10) The problem is that files with names ending in ".ief" can be automatically opened in AppleWorks if "Open 'Safe' files" is enabled in Safari. For more information: SA29431 12) Multiple input validation errors exist in CUPS, which can be exploited to execute arbitrary code with system privileges. 13) A boundary error in curl can be exploited to compromise a user's system. For more information: SA17907 14) A vulnerability in emacs can be exploited by malicious people to compromise a user's system. For more information: SA27508 15) A vulnerability in "file" can be exploited by malicious people to compromise a vulnerable system. For more information: SA24548 16) An input validation error exists in the NSSelectorFromString API, which can potentially be exploited to execute arbitrary code via a malformed selector name. 17) A race condition error in NSFileManager can potentially be exploited to gain escalated privileges. 18) A boundary error in NSFileManager can potentially be exploited to cause a stack-based buffer overflow via an overly long pathname with a specially crafted structure. 19) A race condition error exists in the cache management of NSURLConnection. This can be exploited to cause a DoS or execute arbitrary code in applications using the library (e.g. Safari). 20) A race condition error exists in NSXML. This can be exploited to execute arbitrary code by enticing a user to process an XML file in an application which uses NSXML. 21) An error in Help Viewer can be exploited to insert arbitrary HTML or JavaScript into the generated topic list page via a specially crafted "help:topic_list" URL and may redirect to a Help Viewer "help:runscript" link that runs Applescript. 22) A boundary error exists in Image Raw within the handling of Adobe Digital Negative (DNG) image files. This can be exploited to cause a stack-based buffer overflow by enticing a user to open a maliciously crafted image file. 23) Multiple vulnerabilities in Kerberos can be exploited to cause a DoS or to compromise a vulnerable system. For more information: SA29428 24) An off-by-one error the "strnstr()" in libc can be exploited to cause a DoS. 25) A format string error exists in mDNSResponderHelper, which can be exploited by a malicious, local user to cause a DoS or execute arbitrary code with privileges of mDNSResponderHelper by setting the local hostname to a specially crafted string. 26) An error in notifyd can be exploited by a malicious, local user to deny access to notifications by sending fake Mach port death notifications to notifyd. 27) An array indexing error in the pax command line tool can be exploited to execute arbitrary code. 28) Multiple vulnerabilities in php can be exploited to bypass certain security restrictions. For more information: SA27648 SA28318 29) A security issue is caused due to the Podcast Capture application providing passwords to a subtask through the arguments. 30) Printing and Preview handle PDF files with weak encryption. 31) An error in Printing in the handling of authenticated print queues can lead to credentials being saved to disk. 33) A null-pointer dereference error exists in the handling of Universal Disc Format (UDF) file systems, which can be exploited to cause a system shutdown by enticing a user to open a maliciously crafted disk image. 35) Some vulnerabilities in X11 can be exploited by malicious, local users to gain escalated privileges. For more information: SA27040 SA28532 36) Some vulnerabilities in libpng can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA22900 SA25292 SA27093 SA27130 SOLUTION: Apply Security Update 2008-002. Security Update 2008-002 v1.0 (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10ppc.html Security Update 2008-002 v1.0 (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10universal.html Security Update 2008-002 v1.0 (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10leopard.html Security Update 2008-002 v1.0 Server (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10serverleopard.html Security Update 2008-002 v1.0 Server (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10serverppc.html Security Update 2008-002 v1.0 Server (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10serveruniversal.html PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Ragnar Sundblad of KTH - Royal Institute of Technology, Stockholm 11) regenrecht via iDefense 19) Daniel Jalkut, Red Sweater Software 22) Brian Mastenbrook 24) Mike Ash, Rogue Amoeba Software 29) Maximilian Reiss, Chair for Applied Software Engineering, TUM 33) Paul Wagland of Redwood Software, and Wayne Linder of Iomega 34) Rodrigo Carvalho CORE Security Technologies ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307562 CORE-2008-0123: http://www.coresecurity.com/?action=item&id=2189 OTHER REFERENCES: SA17907: http://secunia.com/advisories/17907/ SA18008: http://secunia.com/advisories/18008/ SA21187: http://secunia.com/advisories/21197/ SA22900: http://secunia.com/advisories/22900/ SA23347: http://secunia.com/advisories/23347/ SA24187: http://secunia.com/advisories/24187/ SA24548: http://secunia.com/advisories/24548/ SA24891: http://secunia.com/advisories/24891/ SA25292: http://secunia.com/advisories/25292/ SA26038: http://secunia.com/advisories/26038/ SA26530: http://secunia.com/advisories/26530/ SA26636: http://secunia.com/advisories/26636/ SA27040: http://secunia.com/advisories/27040/ SA27093: http://secunia.com/advisories/27093/ SA27130: http://secunia.com/advisories/27130/ SA27648: http://secunia.com/advisories/27648/ SA27508: http://secunia.com/advisories/27508/ SA27906: http://secunia.com/advisories/27906/ SA28046: http://secunia.com/advisories/28046/ SA28117: http://secunia.com/advisories/28117/ SAS28318: http://secunia.com/advisories/28318/ SA28532: http://secunia.com/advisories/28532/ SA28907: http://secunia.com/advisories/28907/ SA29428: http://secunia.com/advisories/29428/ SA29431: http://secunia.com/advisories/29431/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including AFP Client, AFP Server, AppKit, Application Firewall, CoreFoundation, CoreServices, CUPS, Foundation, Help Viewer, Image Raw, libc, mDNSResponder, notifyd, pax archive utility, Podcast Producer, Preview, Printing, System Configuration, UDF, and Wiki Server. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. These issues affect Apple Mac OS X 10.4.11, 10.4.11 Server, 10.5.2, 10.5.2 Server and earlier. NOTE: This BID is being retired. The following individual records have been created to fully document all the vulnerabilities that were described in this BID: 28320 Apple Mac OS X AFP Client 'afp://' URI Remote Code Execution Vulnerability CVE-2008-0044. 28323 Apple Mac OS X AFP Server Cross-Realm Authentication Bypass Vulnerability CVE-2008-0994 28388 Apple Mac OS X AppKit NSDocument API's Stack Based Buffer Overflow Vulnerability CVE-2008-0048 28340 Apple Mac OS X AppKit Bootstrap Namespace Local Privilege Escalation Vulnerability CVE-2008-0049 28358 Apple Mac OS X AppKit Legacy Serialization Kit Multiple Integer Overflow Vulnerabilities CVE-2008-0057 28364 Apple Mac OS X AppKit PPD File Stack Buffer Overflow Vulnerability CVE-2008-0997 28368 Apple Mac OS X Application Firewall German Translation Insecure Configuration Weakness CVE-2008-0046 28375 Apple Mac OS X CoreFoundation Time Zone Data Local Privilege Escalation Vulnerability CVE-2008-0051 28384 Apple Mac OS X CoreServices '.ief' Files Security Policy Violation Weakness CVE-2008-0052 28334 CUPS Multiple Unspecified Input Validation Vulnerabilities 28341 Apple Mac OS X Foundation 'NSSelectorFromString' Input Validation Vulnerability 28343 Apple Mac OS X Foundation NSFileManager Insecure Directory Local Privilege Escalation Vulnerability 28357 Apple Mac OS X Foundation 'NSFileManager' Stack-Based Buffer Overflow Vulnerability 28359 Apple Mac OS X Foundation 'NSURLConnection' Cache Management Race Condition Security Vulnerability 28363 Apple Mac OS X Image RAW Stack-Based Buffer Overflow Vulnerability 28367 Apple Mac OS X Foundation 'NSXML' XML File Processing Race Condition Security Vulnerability 28371 Apple Mac OS X Help Viewer Remote Applescript Code Execution Vulnerability 28374 Apple Mac OS X libc 'strnstr(3)' Off-By-One Denial of Service Vulnerability 28387 Apple Mac OS X Printing To PDF Insecure Encryption Weakness 28386 Apple Mac OS X Preview PDF Insecure Encryption Weakness 28389 Apple Mac OS X Universal Disc Format Remote Denial of Service Vulnerability 28385 Apple Mac OS X NetCfgTool Local Privilege Escalation Vulnerability 28365 Apple Mac OS X pax Archive Utility Remote Code Execution Vulnerability 28344 Apple Mac OS X Authenticated Print Queue Information Disclosure Vulnerability 28345 Apple Mac OS X 'notifyd' Local Denial of Service Vulnerability 28372 Apple Mac OS X Podcast Producer Podcast Capture Information Disclosure Vulnerability 28339 Apple Mac OS X mDNSResponderHelper Local Format String Vulnerability. Failed attacks will cause denial-of-service conditions. There is an input validation error in the NSSelectorFromString API. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. 1) Multiple boundary errors in AFP client when processing "afp://" URLs can be exploited to cause stack-based buffer overflows when a user connects to a malicious AFP server. Successful exploitation may allow execution of arbitrary code. 2) An error exists in AFP Server when checking Kerberos principal realm names. This can be exploited to make unauthorized connections to the server when cross-realm authentication with AFP Server is used. 3) Multiple vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. For more information: SA18008 SA21197 SA26636 SA27906 SA28046 4) A boundary error within the handling of file names in the NSDocument API in AppKit can be exploited to cause a stack-based buffer overflow. 6) Multiple integer overflow errors exist in the parser for a legacy serialization format. This can be exploited to cause a heap-based buffer overflow when a specially crafted serialized property list is parsed. Successful exploitation may allow execution of arbitrary code. 7) An error in CFNetwork can be exploited to spoof secure websites via 502 Bad Gateway errors from a malicious HTTPS proxy server. 8) Multiple vulnerabilities in ClamAV can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. For more information: SA23347 SA24187 SA24891 SA26038 SA26530 SA28117 SA28907 9) An integer overflow error exists in CoreFoundation when handling time zone data. 10) The problem is that files with names ending in ".ief" can be automatically opened in AppleWorks if "Open 'Safe' files" is enabled in Safari. 13) A boundary error in curl can be exploited to compromise a user's system. For more information: SA17907 14) A vulnerability in emacs can be exploited by malicious people to compromise a user's system. For more information: SA27508 15) A vulnerability in "file" can be exploited by malicious people to compromise a vulnerable system. 17) A race condition error in NSFileManager can potentially be exploited to gain escalated privileges. 18) A boundary error in NSFileManager can potentially be exploited to cause a stack-based buffer overflow via an overly long pathname with a specially crafted structure. 19) A race condition error exists in the cache management of NSURLConnection. Safari). 20) A race condition error exists in NSXML. 21) An error in Help Viewer can be exploited to insert arbitrary HTML or JavaScript into the generated topic list page via a specially crafted "help:topic_list" URL and may redirect to a Help Viewer "help:runscript" link that runs Applescript. 22) A boundary error exists in Image Raw within the handling of Adobe Digital Negative (DNG) image files. This can be exploited to cause a stack-based buffer overflow by enticing a user to open a maliciously crafted image file. 23) Multiple vulnerabilities in Kerberos can be exploited to cause a DoS or to compromise a vulnerable system. For more information: SA29428 24) An off-by-one error the "strnstr()" in libc can be exploited to cause a DoS. 25) A format string error exists in mDNSResponderHelper, which can be exploited by a malicious, local user to cause a DoS or execute arbitrary code with privileges of mDNSResponderHelper by setting the local hostname to a specially crafted string. 26) An error in notifyd can be exploited by a malicious, local user to deny access to notifications by sending fake Mach port death notifications to notifyd. 27) An array indexing error in the pax command line tool can be exploited to execute arbitrary code. 28) Multiple vulnerabilities in php can be exploited to bypass certain security restrictions. For more information: SA27648 SA28318 29) A security issue is caused due to the Podcast Capture application providing passwords to a subtask through the arguments. 30) Printing and Preview handle PDF files with weak encryption. 31) An error in Printing in the handling of authenticated print queues can lead to credentials being saved to disk. 33) A null-pointer dereference error exists in the handling of Universal Disc Format (UDF) file systems, which can be exploited to cause a system shutdown by enticing a user to open a maliciously crafted disk image. 35) Some vulnerabilities in X11 can be exploited by malicious, local users to gain escalated privileges. For more information: SA27040 SA28532 36) Some vulnerabilities in libpng can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA22900 SA25292 SA27093 SA27130 SOLUTION: Apply Security Update 2008-002. Security Update 2008-002 v1.0 (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10ppc.html Security Update 2008-002 v1.0 (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10universal.html Security Update 2008-002 v1.0 (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10leopard.html Security Update 2008-002 v1.0 Server (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10serverleopard.html Security Update 2008-002 v1.0 Server (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10serverppc.html Security Update 2008-002 v1.0 Server (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10serveruniversal.html PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Ragnar Sundblad of KTH - Royal Institute of Technology, Stockholm 11) regenrecht via iDefense 19) Daniel Jalkut, Red Sweater Software 22) Brian Mastenbrook 24) Mike Ash, Rogue Amoeba Software 29) Maximilian Reiss, Chair for Applied Software Engineering, TUM 33) Paul Wagland of Redwood Software, and Wayne Linder of Iomega 34) Rodrigo Carvalho CORE Security Technologies ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307562 CORE-2008-0123: http://www.coresecurity.com/?action=item&id=2189 OTHER REFERENCES: SA17907: http://secunia.com/advisories/17907/ SA18008: http://secunia.com/advisories/18008/ SA21187: http://secunia.com/advisories/21197/ SA22900: http://secunia.com/advisories/22900/ SA23347: http://secunia.com/advisories/23347/ SA24187: http://secunia.com/advisories/24187/ SA24548: http://secunia.com/advisories/24548/ SA24891: http://secunia.com/advisories/24891/ SA25292: http://secunia.com/advisories/25292/ SA26038: http://secunia.com/advisories/26038/ SA26530: http://secunia.com/advisories/26530/ SA26636: http://secunia.com/advisories/26636/ SA27040: http://secunia.com/advisories/27040/ SA27093: http://secunia.com/advisories/27093/ SA27130: http://secunia.com/advisories/27130/ SA27648: http://secunia.com/advisories/27648/ SA27508: http://secunia.com/advisories/27508/ SA27906: http://secunia.com/advisories/27906/ SA28046: http://secunia.com/advisories/28046/ SA28117: http://secunia.com/advisories/28117/ SAS28318: http://secunia.com/advisories/28318/ SA28532: http://secunia.com/advisories/28532/ SA28907: http://secunia.com/advisories/28907/ SA29428: http://secunia.com/advisories/29428/ SA29431: http://secunia.com/advisories/29431/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set. An attacker can exploit this issue by enticing an unsuspecting to view a malicious webpage. Successfully exploiting this issue will allow attackers to automatically open 'ief' files in AppleWorks. A successful exploit may lead to other attacks. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including AFP Client, AFP Server, AppKit, Application Firewall, CoreFoundation, CoreServices, CUPS, Foundation, Help Viewer, Image Raw, libc, mDNSResponder, notifyd, pax archive utility, Podcast Producer, Preview, Printing, System Configuration, UDF, and Wiki Server. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. These issues affect Apple Mac OS X 10.4.11, 10.4.11 Server, 10.5.2, 10.5.2 Server and earlier. NOTE: This BID is being retired. The following individual records have been created to fully document all the vulnerabilities that were described in this BID: 28320 Apple Mac OS X AFP Client 'afp://' URI Remote Code Execution Vulnerability CVE-2008-0044. 28323 Apple Mac OS X AFP Server Cross-Realm Authentication Bypass Vulnerability CVE-2008-0994 28388 Apple Mac OS X AppKit NSDocument API's Stack Based Buffer Overflow Vulnerability CVE-2008-0048 28340 Apple Mac OS X AppKit Bootstrap Namespace Local Privilege Escalation Vulnerability CVE-2008-0049 28358 Apple Mac OS X AppKit Legacy Serialization Kit Multiple Integer Overflow Vulnerabilities CVE-2008-0057 28364 Apple Mac OS X AppKit PPD File Stack Buffer Overflow Vulnerability CVE-2008-0997 28368 Apple Mac OS X Application Firewall German Translation Insecure Configuration Weakness CVE-2008-0046 28375 Apple Mac OS X CoreFoundation Time Zone Data Local Privilege Escalation Vulnerability CVE-2008-0051 28384 Apple Mac OS X CoreServices '.ief' Files Security Policy Violation Weakness CVE-2008-0052 28334 CUPS Multiple Unspecified Input Validation Vulnerabilities 28341 Apple Mac OS X Foundation 'NSSelectorFromString' Input Validation Vulnerability 28343 Apple Mac OS X Foundation NSFileManager Insecure Directory Local Privilege Escalation Vulnerability 28357 Apple Mac OS X Foundation 'NSFileManager' Stack-Based Buffer Overflow Vulnerability 28359 Apple Mac OS X Foundation 'NSURLConnection' Cache Management Race Condition Security Vulnerability 28363 Apple Mac OS X Image RAW Stack-Based Buffer Overflow Vulnerability 28367 Apple Mac OS X Foundation 'NSXML' XML File Processing Race Condition Security Vulnerability 28371 Apple Mac OS X Help Viewer Remote Applescript Code Execution Vulnerability 28374 Apple Mac OS X libc 'strnstr(3)' Off-By-One Denial of Service Vulnerability 28387 Apple Mac OS X Printing To PDF Insecure Encryption Weakness 28386 Apple Mac OS X Preview PDF Insecure Encryption Weakness 28389 Apple Mac OS X Universal Disc Format Remote Denial of Service Vulnerability 28385 Apple Mac OS X NetCfgTool Local Privilege Escalation Vulnerability 28365 Apple Mac OS X pax Archive Utility Remote Code Execution Vulnerability 28344 Apple Mac OS X Authenticated Print Queue Information Disclosure Vulnerability 28345 Apple Mac OS X 'notifyd' Local Denial of Service Vulnerability 28372 Apple Mac OS X Podcast Producer Podcast Capture Information Disclosure Vulnerability 28339 Apple Mac OS X mDNSResponderHelper Local Format String Vulnerability. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA29420 VERIFY ADVISORY: http://secunia.com/advisories/29420/ CRITICAL: Highly critical IMPACT: Unknown, Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) Multiple boundary errors in AFP client when processing "afp://" URLs can be exploited to cause stack-based buffer overflows when a user connects to a malicious AFP server. Successful exploitation may allow execution of arbitrary code. 2) An error exists in AFP Server when checking Kerberos principal realm names. This can be exploited to make unauthorized connections to the server when cross-realm authentication with AFP Server is used. 3) Multiple vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. For more information: SA18008 SA21197 SA26636 SA27906 SA28046 4) A boundary error within the handling of file names in the NSDocument API in AppKit can be exploited to cause a stack-based buffer overflow. 6) Multiple integer overflow errors exist in the parser for a legacy serialization format. This can be exploited to cause a heap-based buffer overflow when a specially crafted serialized property list is parsed. Successful exploitation may allow execution of arbitrary code. 7) An error in CFNetwork can be exploited to spoof secure websites via 502 Bad Gateway errors from a malicious HTTPS proxy server. 8) Multiple vulnerabilities in ClamAV can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. For more information: SA23347 SA24187 SA24891 SA26038 SA26530 SA28117 SA28907 9) An integer overflow error exists in CoreFoundation when handling time zone data. For more information: SA29431 12) Multiple input validation errors exist in CUPS, which can be exploited to execute arbitrary code with system privileges. 13) A boundary error in curl can be exploited to compromise a user's system. For more information: SA17907 14) A vulnerability in emacs can be exploited by malicious people to compromise a user's system. For more information: SA27508 15) A vulnerability in "file" can be exploited by malicious people to compromise a vulnerable system. For more information: SA24548 16) An input validation error exists in the NSSelectorFromString API, which can potentially be exploited to execute arbitrary code via a malformed selector name. 17) A race condition error in NSFileManager can potentially be exploited to gain escalated privileges. 18) A boundary error in NSFileManager can potentially be exploited to cause a stack-based buffer overflow via an overly long pathname with a specially crafted structure. 19) A race condition error exists in the cache management of NSURLConnection. This can be exploited to cause a DoS or execute arbitrary code in applications using the library (e.g. Safari). 20) A race condition error exists in NSXML. This can be exploited to execute arbitrary code by enticing a user to process an XML file in an application which uses NSXML. 21) An error in Help Viewer can be exploited to insert arbitrary HTML or JavaScript into the generated topic list page via a specially crafted "help:topic_list" URL and may redirect to a Help Viewer "help:runscript" link that runs Applescript. 22) A boundary error exists in Image Raw within the handling of Adobe Digital Negative (DNG) image files. This can be exploited to cause a stack-based buffer overflow by enticing a user to open a maliciously crafted image file. 23) Multiple vulnerabilities in Kerberos can be exploited to cause a DoS or to compromise a vulnerable system. For more information: SA29428 24) An off-by-one error the "strnstr()" in libc can be exploited to cause a DoS. 25) A format string error exists in mDNSResponderHelper, which can be exploited by a malicious, local user to cause a DoS or execute arbitrary code with privileges of mDNSResponderHelper by setting the local hostname to a specially crafted string. 26) An error in notifyd can be exploited by a malicious, local user to deny access to notifications by sending fake Mach port death notifications to notifyd. 27) An array indexing error in the pax command line tool can be exploited to execute arbitrary code. 28) Multiple vulnerabilities in php can be exploited to bypass certain security restrictions. For more information: SA27648 SA28318 29) A security issue is caused due to the Podcast Capture application providing passwords to a subtask through the arguments. 30) Printing and Preview handle PDF files with weak encryption. 31) An error in Printing in the handling of authenticated print queues can lead to credentials being saved to disk. 33) A null-pointer dereference error exists in the handling of Universal Disc Format (UDF) file systems, which can be exploited to cause a system shutdown by enticing a user to open a maliciously crafted disk image. 35) Some vulnerabilities in X11 can be exploited by malicious, local users to gain escalated privileges. For more information: SA27040 SA28532 36) Some vulnerabilities in libpng can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA22900 SA25292 SA27093 SA27130 SOLUTION: Apply Security Update 2008-002. Security Update 2008-002 v1.0 (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10ppc.html Security Update 2008-002 v1.0 (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10universal.html Security Update 2008-002 v1.0 (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10leopard.html Security Update 2008-002 v1.0 Server (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10serverleopard.html Security Update 2008-002 v1.0 Server (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10serverppc.html Security Update 2008-002 v1.0 Server (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10serveruniversal.html PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Ragnar Sundblad of KTH - Royal Institute of Technology, Stockholm 11) regenrecht via iDefense 19) Daniel Jalkut, Red Sweater Software 22) Brian Mastenbrook 24) Mike Ash, Rogue Amoeba Software 29) Maximilian Reiss, Chair for Applied Software Engineering, TUM 33) Paul Wagland of Redwood Software, and Wayne Linder of Iomega 34) Rodrigo Carvalho CORE Security Technologies ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307562 CORE-2008-0123: http://www.coresecurity.com/?action=item&id=2189 OTHER REFERENCES: SA17907: http://secunia.com/advisories/17907/ SA18008: http://secunia.com/advisories/18008/ SA21187: http://secunia.com/advisories/21197/ SA22900: http://secunia.com/advisories/22900/ SA23347: http://secunia.com/advisories/23347/ SA24187: http://secunia.com/advisories/24187/ SA24548: http://secunia.com/advisories/24548/ SA24891: http://secunia.com/advisories/24891/ SA25292: http://secunia.com/advisories/25292/ SA26038: http://secunia.com/advisories/26038/ SA26530: http://secunia.com/advisories/26530/ SA26636: http://secunia.com/advisories/26636/ SA27040: http://secunia.com/advisories/27040/ SA27093: http://secunia.com/advisories/27093/ SA27130: http://secunia.com/advisories/27130/ SA27648: http://secunia.com/advisories/27648/ SA27508: http://secunia.com/advisories/27508/ SA27906: http://secunia.com/advisories/27906/ SA28046: http://secunia.com/advisories/28046/ SA28117: http://secunia.com/advisories/28117/ SAS28318: http://secunia.com/advisories/28318/ SA28532: http://secunia.com/advisories/28532/ SA28907: http://secunia.com/advisories/28907/ SA29428: http://secunia.com/advisories/29428/ SA29431: http://secunia.com/advisories/29431/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list. Failed exploit attempts will result in a denial-of-service condition. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including AFP Client, AFP Server, AppKit, Application Firewall, CoreFoundation, CoreServices, CUPS, Foundation, Help Viewer, Image Raw, libc, mDNSResponder, notifyd, pax archive utility, Podcast Producer, Preview, Printing, System Configuration, UDF, and Wiki Server. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. These issues affect Apple Mac OS X 10.4.11, 10.4.11 Server, 10.5.2, 10.5.2 Server and earlier. NOTE: This BID is being retired. The following individual records have been created to fully document all the vulnerabilities that were described in this BID: 28320 Apple Mac OS X AFP Client 'afp://' URI Remote Code Execution Vulnerability CVE-2008-0044. 28323 Apple Mac OS X AFP Server Cross-Realm Authentication Bypass Vulnerability CVE-2008-0994 28388 Apple Mac OS X AppKit NSDocument API's Stack Based Buffer Overflow Vulnerability CVE-2008-0048 28340 Apple Mac OS X AppKit Bootstrap Namespace Local Privilege Escalation Vulnerability CVE-2008-0049 28358 Apple Mac OS X AppKit Legacy Serialization Kit Multiple Integer Overflow Vulnerabilities CVE-2008-0057 28364 Apple Mac OS X AppKit PPD File Stack Buffer Overflow Vulnerability CVE-2008-0997 28368 Apple Mac OS X Application Firewall German Translation Insecure Configuration Weakness CVE-2008-0046 28375 Apple Mac OS X CoreFoundation Time Zone Data Local Privilege Escalation Vulnerability CVE-2008-0051 28384 Apple Mac OS X CoreServices '.ief' Files Security Policy Violation Weakness CVE-2008-0052 28334 CUPS Multiple Unspecified Input Validation Vulnerabilities 28341 Apple Mac OS X Foundation 'NSSelectorFromString' Input Validation Vulnerability 28343 Apple Mac OS X Foundation NSFileManager Insecure Directory Local Privilege Escalation Vulnerability 28357 Apple Mac OS X Foundation 'NSFileManager' Stack-Based Buffer Overflow Vulnerability 28359 Apple Mac OS X Foundation 'NSURLConnection' Cache Management Race Condition Security Vulnerability 28363 Apple Mac OS X Image RAW Stack-Based Buffer Overflow Vulnerability 28367 Apple Mac OS X Foundation 'NSXML' XML File Processing Race Condition Security Vulnerability 28371 Apple Mac OS X Help Viewer Remote Applescript Code Execution Vulnerability 28374 Apple Mac OS X libc 'strnstr(3)' Off-By-One Denial of Service Vulnerability 28387 Apple Mac OS X Printing To PDF Insecure Encryption Weakness 28386 Apple Mac OS X Preview PDF Insecure Encryption Weakness 28389 Apple Mac OS X Universal Disc Format Remote Denial of Service Vulnerability 28385 Apple Mac OS X NetCfgTool Local Privilege Escalation Vulnerability 28365 Apple Mac OS X pax Archive Utility Remote Code Execution Vulnerability 28344 Apple Mac OS X Authenticated Print Queue Information Disclosure Vulnerability 28345 Apple Mac OS X 'notifyd' Local Denial of Service Vulnerability 28372 Apple Mac OS X Podcast Producer Podcast Capture Information Disclosure Vulnerability 28339 Apple Mac OS X mDNSResponderHelper Local Format String Vulnerability. There are multiple integer overflow vulnerabilities in the parser of the serial number format. If a specially crafted serialized property list is parsed, a heap overflow can be triggered, resulting in the execution of arbitrary instructions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch Processor 720 Advisory ID: cisco-sa-20080326-queue http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml Revision 1.0 For Public Release 2008 March 26 1600 UTC (GMT) Summary ======= Certain Cisco Catalyst 6500 Series and Cisco 7600 Router devices that run branches of Cisco IOS based on 12.2 can be vulnerable to a denial of service vulnerability that can prevent any traffic from entering an affected interface. For a device to be vulnerable, it must be configured for Open Shortest Path First (OSPF) Sham-Link and Multi Protocol Label Switching (MPLS) Virtual Private Networking (VPN). This vulnerability only affects Cisco Catalyst 6500 Series or Catalyst 7600 Series devices with the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720) or Route Switch Processor 720 (RSP720) modules. The Supervisor 32, Supervisor 720, Supervisor 720-3B, Supervisor 720-3BXL, Route Switch Processor 720, Route Switch Processor 720-3C, and Route Switch Processor 720-3CXL are all potentially vulnerable. The OSPF and MPLS VPNs are not enabled by default. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml Note: The March 26, 2008 publication includes five Security Advisories. The Advisories all affect Cisco IOS. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities in all five Advisories. Please reference the following software table to find a release which fixes all published Security Advisories as of March 26th, 2008. * March 26th bundled IOS Advisory Table http://www.cisco.com/warp/public/707/cisco-sa-20080326-bundle.shtml Individual publication links are listed below: * Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability http://www.cisco.com/warp/public/707/cisco-sa-20080326-pptp.shtml * Multiple DLSw Denial of Service Vulnerabilities in Cisco IOS http://www.cisco.com/warp/public/707/cisco-sa-20080326-dlsw.shtml * Cisco IOS User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-stack Routers http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml * Vulnerability in Cisco IOS with OSPF, MPLS VPN, and Supervisor 32, Supervisor 720, or Route Switch Processor 720 http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml * Cisco IOS Multicast Virtual Private Network (MVPN) Data Leak http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml Affected Products ================ Vulnerable Products +------------------ All Cisco products based on the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720) or Route Switch Processor 720 (RSP720) are potentially vulnerable. Cisco Sup720 and RSP720 products have support for daughter cards that enhance their functionality. These daughter cards attach directly to the Sup720 or RSP720 and have names like PFC-3B, PFC-3BXL, PFC-3C, and PFC-3CXL. The product number of the Sup720 or RSP720 can change to reflect the daughter card that is installed, such as RSP720-3CXL. Because the vulnerability affects the Sup720 and RSP720, all versions of the Sup720 or RSP720 are vulnerable, regardless of the daughter card that is installed. * Cisco Catalyst 6500 Series devices with the Sup32, Sup720, Sup720-3B, or Sup720-3BXL * Cisco 7600 Series devices with the Sup32, Sup720, Sup720-3B, or Sup720-3BXL * Cisco 7600 Series devices with the RSP720, RSP720-3C, or RSP720-3CXL * Cisco ME 6524 Ethernet Switch Products Confirmed Not Vulnerable +-------------------------------- No other Cisco products are currently known to be affected by this vulnerability. Cisco Bug ID CSCsf12082 was integrated into additional IOS releases that do not run on the vulnerable hardware, but only the platforms mentioned in the Vulnerable Products section above are affected by this vulnerability. Details ======= Vulnerable Cisco devices, when configured for Multi Protocol Label Switching (MPLS) Virtual Private Networking (VPN) and Open Shortest Path First (OSPF) sham-link, can suffer from a blocked queue, memory leak and/or restart of the device This vulnerability is documented in Cisco bug ID CSCsf12082, and has been assigned CVE ID CVE-2008-0057. The following combination of hardware and software configuration must be present for the device to be vulnerable: * Cisco Catalyst Sup32, Sup720, or RSP720 is present * MPLS VPN is configured * OSPF sham-link is configured In order to determine whether you are running this feature, use the show running-config command and search for the address-family vpnv4 and area sham-link router configuration commands. The following command displays all configuration lines that meet the following criteria: * Begins with the word "router," OR * Includes "address-family vpnv4," OR * Includes "sham-link" Router# show run | include ^router |address-family vpnv4|sham-link router bgp 1 address-family vpnv4 router ospf 1 vrf VRFNAME area 0 sham-link 192.168.1.1 192.168.100.1 Router# For customers that run versions of IOS that support the section modifier, an additional option is available to view the relevant sections of the running configuration: Router# show run | section ^router router bgp 1 [snip] address-family vpnv4 router ospf 1 vrf VRFNAME area 0 sham-link 192.168.1.1 192.168.100.1 [snip] If certain packets are received by a device that meets the above requirements, the input queue of the interface that receives these packets can become blocked, which can prohibit additional traffic from entering the interface and cause a denial of service condition. In addition to a potential blocked interface queue, the device can also suffer a memory leak or restart. In the event of a memory leak, the device is unable to forward traffic once available memory is depleted. For more information on MPLS VPNs, please reference the following document: http://www.cisco.com/en/US/docs/net_mgmt/vpn_solutions_center/1.1/user/guide/VPN_UG1.html For more information on OSPF sham-links, please reference the following document: http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ospfshmk.html Identifying a Memory Leak +------------------------ This vulnerability can manifest as a leak in the I/O memory pool. The following is an example of a system message that indicates an exhaustion of the I/O pool: 006029: Aug 10: %SYS-2-MALLOCFAIL: Memory allocation of 808 bytes failed from 0x41613238, alignment 32 Pool: I/O Free: 176 Cause: Not enough free memory Alternate Pool: None Free: 0 Cause: No Alternate pool Note that in the above output, the affected memory pool is Pool: I/O, and the cause is Cause: Not enough free memory. This output indicates that the I/O memory pool has been exhausted. Additionally, a user with enable-level access can check the device through the show buffers command to identify buffer allocation failures. Router#show buffers Buffer elements: 496 in free list (500 max allowed) 77298300 hits, 0 misses, 0 created Public buffer pools: Small buffers, 104 bytes (total 148654, permanent 1024, peak 148654 @ 1d12h): 0 in free list (128 min, 2048 max allowed) 24688031 hits, 4023203 misses, 0 trims, 147630 created 3243434 failures (3182828 no memory) The above output shows that buffer allocation failed due to insufficient memory. Identifying a Blocked Interface +------------------------------ A symptom of this type of blocked queue is the failure of control-plane protocols such as routing protocols (OSPF, Enhanced Interior Gateway Routing Protocol (EIGRP), Border Gateway Protocol (BGP), Intermediate System to Intermediate System (ISIS), etc.) and MPLS TDP/LDP to properly establish connections over an affected interface. In order to identify a blocked input interface, issue the show interfaces command, and search for the Input Queue line. The size of the input queue can continue to increase. If the current size, which is 76 in the example below, is larger than the maximum size (75), the input queue is blocked. It is possible that a device receives a high rate of traffic destined to the control plane, and the full queue is only a transient event. In order to verify if the interface is actually blocked, shut down the interface with the shutdown interface configuration command and examine the input queue. If the input queue does not display 0 packets, the interface is blocked. Router#show interface ethernet 0/0 Ethernet0/0 is up, line protocol is up Hardware is AmdP2, address is 0050.500e.f1e0 (bia 0050.500e.f1e0) Internet address is 172.16.1.9/24 MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255 Encapsulation ARPA, loopback not set, keepalive set (10 sec) ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:41, output 00:00:07, output hang never Last clearing of "show interface" counters 00:07:18 Input queue: 76/75/1091/0 (size/max/drops/flushes); Total output drops: 0 !--- The 76/75 shows that this is blocked Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS Version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCsf12082 - SUP720 facing small buffer leak and crashes CVSS Base Score - 7.8 Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete CVSS Temporal Score - 6.1 Exploitability: Proof-of-Concept Remediation Level: Official-Fix Report Confidence: Confirmed Impact ====== Exploitation of this vulnerability may result in a blocked interface input queue, memory leak, and/or restart of the device. Repeated exploitation of this vulnerability may result in an extended denial of service. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Each row of the Cisco IOS software table (below) names a Cisco IOS release train. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. +----------------------------------------+ | Major | Availability of Repaired | | Release | Releases | |------------+---------------------------| | Affected | First Fixed | Recommended | | 12.0-Based | Release | Release | | Releases | | | |----------------------------------------| | There are no affected 12.0 based | | releases | |----------------------------------------| | Affected | First Fixed | Recommended | | 12.1-Based | Release | Release | | Releases | | | |----------------------------------------| | There are no affected 12.1 based | | releases | |----------------------------------------| | Affected | First Fixed | Recommended | | 12.2-Based | Release | Release | | Releases | | | |------------+-------------+-------------| | 12.2 | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2B | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2BC | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2BW | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2BY | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2BZ | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2CX | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2CY | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2CZ | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2DA | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2DD | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2DX | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2EU | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2EW | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2EWA | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2EX | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2EY | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2EZ | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2FX | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2FY | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2FZ | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2IXA | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2IXB | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2IXC | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | 12.2IXD | Vulnerable; | | | | contact TAC | | |------------+-------------+-------------| | | Vulnerable; | 12.2(18) | | | migrate to | IXF; | | 12.2IXE | any release | Available | | | in 12.2IXF | on | | | | 31-MAR-2008 | |------------+-------------+-------------| | 12.2JA | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2JK | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2MB | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2MC | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2S | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SB | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SBC | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SCA | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SE | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SEA | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SEB | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SEC | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SED | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SEE | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SEF | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SEG | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SG | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SGA | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SL | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SM | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SO | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SRA | 12.2(33) | 12.2(33) | | | SRA4 | SRA7 | |------------+-------------+-------------| | 12.2SRB | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SRC | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SU | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SV | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SVA | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SVC | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SVD | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SW | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SX | Not | | | | Vulnerable | | |------------+-------------+-------------| | | Vulnerable; | 12.2(18) | | 12.2SXA | first fixed | SXF13 | | | in 12.2SXF | | |------------+-------------+-------------| | | Vulnerable; | 12.2(18) | | 12.2SXB | first fixed | SXF13 | | | in 12.2SXF | | |------------+-------------+-------------| | | Vulnerable; | 12.2(18) | | 12.2SXD | first fixed | SXF13 | | | in 12.2SXF | | |------------+-------------+-------------| | | Vulnerable; | 12.2(18) | | 12.2SXE | first fixed | SXF13 | | | in 12.2SXF | | |------------+-------------+-------------| | 12.2SXF | 12.2(18) | 12.2(18) | | | SXF6 | SXF13 | |------------+-------------+-------------| | 12.2SXH | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SY | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2SZ | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2T | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2TPC | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2UZ | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2XA | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2XB | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2XC | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2XD | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2XE | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2XF | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2XG | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2XH | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2XI | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2XJ | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2XK | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2XL | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2XM | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2XN | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2XO | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2XQ | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2XR | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2XS | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2XT | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2XU | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2XV | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2XW | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YA | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YB | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YC | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YD | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YE | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YF | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YG | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YH | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YJ | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YK | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YL | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YM | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YN | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YO | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YP | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YQ | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YR | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YS | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YT | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YU | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YV | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YW | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YX | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YY | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2YZ | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2ZA | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2ZB | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2ZC | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2ZD | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2ZE | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2ZF | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2ZG | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2ZH | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2ZJ | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2ZL | Not | | | | Vulnerable | | |------------+-------------+-------------| | 12.2ZP | Not | | | | Vulnerable | | |------------+-------------+-------------| | | Vulnerable; | | | 12.2ZU | migrate to | 12.2(33) | | | any release | SXH2 | | | in 12.2SXH | | |------------+-------------+-------------| | 12.2ZY | Not | | | | Vulnerable | | |------------+-------------+-------------| | Affected | First Fixed | Recommended | | 12.3-Based | Release | Release | | Releases | | | |----------------------------------------| | There are no affected 12.3 based | | releases | |----------------------------------------| | Affected | First Fixed | Recommended | | 12.4-Based | Release | Release | | Releases | | | |----------------------------------------| | There are no affected 12.4 based | | releases | +----------------------------------------+ Workarounds =========== Once a device interface queue has been exhausted, only a device restart can clear OSPF packets in the blocked queue. Due to the manner in which these packets are processed, the queue block occurs prior to the OSPF MD5 check. The OSPF MD5 configuration does not protect a device from this vulnerability. Increasing the Selective Packet Discard (SPD) Headroom +----------------------------------------------------- At the most basic level, the Selective Packet Discard (SPD) provides extended buffering for control plane traffic. Known as the SPD headroom, this additional queue depth is typically reserved for traffic with IP Precedence equal to 6 (such as BGP), the Connectionless Network Service (CLNS) based routing protocol Intermediate System-to-Intermediate System (IS-IS), OSPF, and Layer 2 keepalives. Increasing the SPD headroom provides additional buffering for OSPF packets. In the event of a blocked queue, the SPD headroom can be increased to allow more control plane traffic buffer space. More information on SPD can be found in the following white paper: http://www.cisco.com/web/about/security/intelligence/spd.html It is possible to expand the queue size to accommodate more packets, but packets can still accumulate until the expanded queue is exhausted. As a temporary workaround that allows traffic to continue to flow, the input hold queue can be increased. Any additional malformed packets still fill the queue, but increasing the input queue depth can extend the amount of time before the input queue fills and traffic ceases flowing. The following example demonstrates how to set the input queue size from the default of 75 to the maximum of 4096: Router# configure terminal Router(configure)# interface FastEthernet 0/0 Router(config-if)# hold-queue 4096 in Removing OSPF Sham-Link Configuration +------------------------------------ Because OSPF Sham-Link configuration is required for the vulnerability to be present, removing Sham-Link functionality eliminates exposure to this vulnerability. In order to remove the OSPF Sham-Link configuration from a device, the OSPF configuration must be changed on each interface where Sham-Link is configured. For configuration information on OSPF Sham-Link, please consult the following document: http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ospfshmk.html Cisco IOS Embedded Event Manager +------------------------------- Cisco IOS Embedded Event Manager (EEM) provides event detection and reaction capabilities on a Cisco IOS device. It is possible to detect blocked interface queues with an EEM policy. EEM can alert administrators of blocked interfaces with email, a syslog message, or a Simple Network Management Protocol (SNMP) trap. A sample EEM policy that uses syslog to alert administrators of blocked interfaces is available at Cisco Beyond, an online community dedicated to EEM. A sample script is available at the following link: http://forums.cisco.com/eforum/servlet/EEM?page=eem&fn=script&scriptId=981 More information about EEM is available from Cisco.com at the following link: http://www.cisco.com/en/US/products/ps6815/products_ios_protocol_group_home.html Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was reported to Cisco by a customer. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-teams@first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2008-March-26 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAkfqb/IACgkQ86n/Gc8U/uDSVQCcD/eTXkZUyMzZERQXt+d9DhGD dKgAnjQ+Gsmkh4/x1l5K8q2E9QKUJN1d =xTuf -----END PGP SIGNATURE-----

Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including AFP Client, AFP Server, AppKit, Application Firewall, CoreFoundation, CoreServices, CUPS, Foundation, Help Viewer, Image Raw, libc, mDNSResponder, notifyd, pax archive utility, Podcast Producer, Preview, Printing, System Configuration, UDF, and Wiki Server. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. These issues affect Apple Mac OS X 10.4.11, 10.4.11 Server, 10.5.2, 10.5.2 Server and earlier. NOTE: This BID is being retired. The following individual records have been created to fully document all the vulnerabilities that were described in this BID: 28320 Apple Mac OS X AFP Client 'afp://' URI Remote Code Execution Vulnerability CVE-2008-0044. 28323 Apple Mac OS X AFP Server Cross-Realm Authentication Bypass Vulnerability CVE-2008-0994 28388 Apple Mac OS X AppKit NSDocument API's Stack Based Buffer Overflow Vulnerability CVE-2008-0048 28340 Apple Mac OS X AppKit Bootstrap Namespace Local Privilege Escalation Vulnerability CVE-2008-0049 28358 Apple Mac OS X AppKit Legacy Serialization Kit Multiple Integer Overflow Vulnerabilities CVE-2008-0057 28364 Apple Mac OS X AppKit PPD File Stack Buffer Overflow Vulnerability CVE-2008-0997 28368 Apple Mac OS X Application Firewall German Translation Insecure Configuration Weakness CVE-2008-0046 28375 Apple Mac OS X CoreFoundation Time Zone Data Local Privilege Escalation Vulnerability CVE-2008-0051 28384 Apple Mac OS X CoreServices '.ief' Files Security Policy Violation Weakness CVE-2008-0052 28334 CUPS Multiple Unspecified Input Validation Vulnerabilities 28341 Apple Mac OS X Foundation 'NSSelectorFromString' Input Validation Vulnerability 28343 Apple Mac OS X Foundation NSFileManager Insecure Directory Local Privilege Escalation Vulnerability 28357 Apple Mac OS X Foundation 'NSFileManager' Stack-Based Buffer Overflow Vulnerability 28359 Apple Mac OS X Foundation 'NSURLConnection' Cache Management Race Condition Security Vulnerability 28363 Apple Mac OS X Image RAW Stack-Based Buffer Overflow Vulnerability 28367 Apple Mac OS X Foundation 'NSXML' XML File Processing Race Condition Security Vulnerability 28371 Apple Mac OS X Help Viewer Remote Applescript Code Execution Vulnerability 28374 Apple Mac OS X libc 'strnstr(3)' Off-By-One Denial of Service Vulnerability 28387 Apple Mac OS X Printing To PDF Insecure Encryption Weakness 28386 Apple Mac OS X Preview PDF Insecure Encryption Weakness 28389 Apple Mac OS X Universal Disc Format Remote Denial of Service Vulnerability 28385 Apple Mac OS X NetCfgTool Local Privilege Escalation Vulnerability 28365 Apple Mac OS X pax Archive Utility Remote Code Execution Vulnerability 28344 Apple Mac OS X Authenticated Print Queue Information Disclosure Vulnerability 28345 Apple Mac OS X 'notifyd' Local Denial of Service Vulnerability 28372 Apple Mac OS X Podcast Producer Podcast Capture Information Disclosure Vulnerability 28339 Apple Mac OS X mDNSResponderHelper Local Format String Vulnerability. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. 1) Multiple boundary errors in AFP client when processing "afp://" URLs can be exploited to cause stack-based buffer overflows when a user connects to a malicious AFP server. Successful exploitation may allow execution of arbitrary code. 2) An error exists in AFP Server when checking Kerberos principal realm names. This can be exploited to make unauthorized connections to the server when cross-realm authentication with AFP Server is used. 3) Multiple vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. For more information: SA18008 SA21197 SA26636 SA27906 SA28046 4) A boundary error within the handling of file names in the NSDocument API in AppKit can be exploited to cause a stack-based buffer overflow. 6) Multiple integer overflow errors exist in the parser for a legacy serialization format. This can be exploited to cause a heap-based buffer overflow when a specially crafted serialized property list is parsed. Successful exploitation may allow execution of arbitrary code. 7) An error in CFNetwork can be exploited to spoof secure websites via 502 Bad Gateway errors from a malicious HTTPS proxy server. 8) Multiple vulnerabilities in ClamAV can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. 10) The problem is that files with names ending in ".ief" can be automatically opened in AppleWorks if "Open 'Safe' files" is enabled in Safari. 13) A boundary error in curl can be exploited to compromise a user's system. For more information: SA17907 14) A vulnerability in emacs can be exploited by malicious people to compromise a user's system. For more information: SA27508 15) A vulnerability in "file" can be exploited by malicious people to compromise a vulnerable system. For more information: SA24548 16) An input validation error exists in the NSSelectorFromString API, which can potentially be exploited to execute arbitrary code via a malformed selector name. 17) A race condition error in NSFileManager can potentially be exploited to gain escalated privileges. 18) A boundary error in NSFileManager can potentially be exploited to cause a stack-based buffer overflow via an overly long pathname with a specially crafted structure. 19) A race condition error exists in the cache management of NSURLConnection. Safari). 20) A race condition error exists in NSXML. 21) An error in Help Viewer can be exploited to insert arbitrary HTML or JavaScript into the generated topic list page via a specially crafted "help:topic_list" URL and may redirect to a Help Viewer "help:runscript" link that runs Applescript. 22) A boundary error exists in Image Raw within the handling of Adobe Digital Negative (DNG) image files. This can be exploited to cause a stack-based buffer overflow by enticing a user to open a maliciously crafted image file. 23) Multiple vulnerabilities in Kerberos can be exploited to cause a DoS or to compromise a vulnerable system. For more information: SA29428 24) An off-by-one error the "strnstr()" in libc can be exploited to cause a DoS. 26) An error in notifyd can be exploited by a malicious, local user to deny access to notifications by sending fake Mach port death notifications to notifyd. 27) An array indexing error in the pax command line tool can be exploited to execute arbitrary code. 28) Multiple vulnerabilities in php can be exploited to bypass certain security restrictions. For more information: SA27648 SA28318 29) A security issue is caused due to the Podcast Capture application providing passwords to a subtask through the arguments. 30) Printing and Preview handle PDF files with weak encryption. 31) An error in Printing in the handling of authenticated print queues can lead to credentials being saved to disk. 33) A null-pointer dereference error exists in the handling of Universal Disc Format (UDF) file systems, which can be exploited to cause a system shutdown by enticing a user to open a maliciously crafted disk image. 35) Some vulnerabilities in X11 can be exploited by malicious, local users to gain escalated privileges. For more information: SA27040 SA28532 36) Some vulnerabilities in libpng can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA22900 SA25292 SA27093 SA27130 SOLUTION: Apply Security Update 2008-002. Security Update 2008-002 v1.0 (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10ppc.html Security Update 2008-002 v1.0 (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10universal.html Security Update 2008-002 v1.0 (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10leopard.html Security Update 2008-002 v1.0 Server (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10serverleopard.html Security Update 2008-002 v1.0 Server (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10serverppc.html Security Update 2008-002 v1.0 Server (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10serveruniversal.html PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Ragnar Sundblad of KTH - Royal Institute of Technology, Stockholm 11) regenrecht via iDefense 19) Daniel Jalkut, Red Sweater Software 22) Brian Mastenbrook 24) Mike Ash, Rogue Amoeba Software 29) Maximilian Reiss, Chair for Applied Software Engineering, TUM 33) Paul Wagland of Redwood Software, and Wayne Linder of Iomega 34) Rodrigo Carvalho CORE Security Technologies ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307562 CORE-2008-0123: http://www.coresecurity.com/?action=item&id=2189 OTHER REFERENCES: SA17907: http://secunia.com/advisories/17907/ SA18008: http://secunia.com/advisories/18008/ SA21187: http://secunia.com/advisories/21197/ SA22900: http://secunia.com/advisories/22900/ SA23347: http://secunia.com/advisories/23347/ SA24187: http://secunia.com/advisories/24187/ SA24548: http://secunia.com/advisories/24548/ SA24891: http://secunia.com/advisories/24891/ SA25292: http://secunia.com/advisories/25292/ SA26038: http://secunia.com/advisories/26038/ SA26530: http://secunia.com/advisories/26530/ SA26636: http://secunia.com/advisories/26636/ SA27040: http://secunia.com/advisories/27040/ SA27093: http://secunia.com/advisories/27093/ SA27130: http://secunia.com/advisories/27130/ SA27648: http://secunia.com/advisories/27648/ SA27508: http://secunia.com/advisories/27508/ SA27906: http://secunia.com/advisories/27906/ SA28046: http://secunia.com/advisories/28046/ SA28117: http://secunia.com/advisories/28117/ SAS28318: http://secunia.com/advisories/28318/ SA28532: http://secunia.com/advisories/28532/ SA28907: http://secunia.com/advisories/28907/ SA29428: http://secunia.com/advisories/29428/ SA29431: http://secunia.com/advisories/29431/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including AFP Client, AFP Server, AppKit, Application Firewall, CoreFoundation, CoreServices, CUPS, Foundation, Help Viewer, Image Raw, libc, mDNSResponder, notifyd, pax archive utility, Podcast Producer, Preview, Printing, System Configuration, UDF, and Wiki Server. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. These issues affect Apple Mac OS X 10.4.11, 10.4.11 Server, 10.5.2, 10.5.2 Server and earlier. NOTE: This BID is being retired. The following individual records have been created to fully document all the vulnerabilities that were described in this BID: 28320 Apple Mac OS X AFP Client 'afp://' URI Remote Code Execution Vulnerability CVE-2008-0044. 28323 Apple Mac OS X AFP Server Cross-Realm Authentication Bypass Vulnerability CVE-2008-0994 28388 Apple Mac OS X AppKit NSDocument API's Stack Based Buffer Overflow Vulnerability CVE-2008-0048 28340 Apple Mac OS X AppKit Bootstrap Namespace Local Privilege Escalation Vulnerability CVE-2008-0049 28358 Apple Mac OS X AppKit Legacy Serialization Kit Multiple Integer Overflow Vulnerabilities CVE-2008-0057 28364 Apple Mac OS X AppKit PPD File Stack Buffer Overflow Vulnerability CVE-2008-0997 28368 Apple Mac OS X Application Firewall German Translation Insecure Configuration Weakness CVE-2008-0046 28375 Apple Mac OS X CoreFoundation Time Zone Data Local Privilege Escalation Vulnerability CVE-2008-0051 28384 Apple Mac OS X CoreServices '.ief' Files Security Policy Violation Weakness CVE-2008-0052 28334 CUPS Multiple Unspecified Input Validation Vulnerabilities 28341 Apple Mac OS X Foundation 'NSSelectorFromString' Input Validation Vulnerability 28343 Apple Mac OS X Foundation NSFileManager Insecure Directory Local Privilege Escalation Vulnerability 28357 Apple Mac OS X Foundation 'NSFileManager' Stack-Based Buffer Overflow Vulnerability 28359 Apple Mac OS X Foundation 'NSURLConnection' Cache Management Race Condition Security Vulnerability 28363 Apple Mac OS X Image RAW Stack-Based Buffer Overflow Vulnerability 28367 Apple Mac OS X Foundation 'NSXML' XML File Processing Race Condition Security Vulnerability 28371 Apple Mac OS X Help Viewer Remote Applescript Code Execution Vulnerability 28374 Apple Mac OS X libc 'strnstr(3)' Off-By-One Denial of Service Vulnerability 28387 Apple Mac OS X Printing To PDF Insecure Encryption Weakness 28386 Apple Mac OS X Preview PDF Insecure Encryption Weakness 28389 Apple Mac OS X Universal Disc Format Remote Denial of Service Vulnerability 28385 Apple Mac OS X NetCfgTool Local Privilege Escalation Vulnerability 28365 Apple Mac OS X pax Archive Utility Remote Code Execution Vulnerability 28344 Apple Mac OS X Authenticated Print Queue Information Disclosure Vulnerability 28345 Apple Mac OS X 'notifyd' Local Denial of Service Vulnerability 28372 Apple Mac OS X Podcast Producer Podcast Capture Information Disclosure Vulnerability 28339 Apple Mac OS X mDNSResponderHelper Local Format String Vulnerability. The mach port used for inter-thread synchronization in NSApplication is inadvertently provided for inter-process communication. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. 1) Multiple boundary errors in AFP client when processing "afp://" URLs can be exploited to cause stack-based buffer overflows when a user connects to a malicious AFP server. 2) An error exists in AFP Server when checking Kerberos principal realm names. This can be exploited to make unauthorized connections to the server when cross-realm authentication with AFP Server is used. 3) Multiple vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. For more information: SA18008 SA21197 SA26636 SA27906 SA28046 4) A boundary error within the handling of file names in the NSDocument API in AppKit can be exploited to cause a stack-based buffer overflow. 6) Multiple integer overflow errors exist in the parser for a legacy serialization format. This can be exploited to cause a heap-based buffer overflow when a specially crafted serialized property list is parsed. 7) An error in CFNetwork can be exploited to spoof secure websites via 502 Bad Gateway errors from a malicious HTTPS proxy server. 8) Multiple vulnerabilities in ClamAV can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. For more information: SA23347 SA24187 SA24891 SA26038 SA26530 SA28117 SA28907 9) An integer overflow error exists in CoreFoundation when handling time zone data. 10) The problem is that files with names ending in ".ief" can be automatically opened in AppleWorks if "Open 'Safe' files" is enabled in Safari. 13) A boundary error in curl can be exploited to compromise a user's system. For more information: SA17907 14) A vulnerability in emacs can be exploited by malicious people to compromise a user's system. For more information: SA27508 15) A vulnerability in "file" can be exploited by malicious people to compromise a vulnerable system. For more information: SA24548 16) An input validation error exists in the NSSelectorFromString API, which can potentially be exploited to execute arbitrary code via a malformed selector name. 17) A race condition error in NSFileManager can potentially be exploited to gain escalated privileges. 18) A boundary error in NSFileManager can potentially be exploited to cause a stack-based buffer overflow via an overly long pathname with a specially crafted structure. 19) A race condition error exists in the cache management of NSURLConnection. Safari). 20) A race condition error exists in NSXML. 21) An error in Help Viewer can be exploited to insert arbitrary HTML or JavaScript into the generated topic list page via a specially crafted "help:topic_list" URL and may redirect to a Help Viewer "help:runscript" link that runs Applescript. 22) A boundary error exists in Image Raw within the handling of Adobe Digital Negative (DNG) image files. This can be exploited to cause a stack-based buffer overflow by enticing a user to open a maliciously crafted image file. 23) Multiple vulnerabilities in Kerberos can be exploited to cause a DoS or to compromise a vulnerable system. For more information: SA29428 24) An off-by-one error the "strnstr()" in libc can be exploited to cause a DoS. 26) An error in notifyd can be exploited by a malicious, local user to deny access to notifications by sending fake Mach port death notifications to notifyd. 27) An array indexing error in the pax command line tool can be exploited to execute arbitrary code. 28) Multiple vulnerabilities in php can be exploited to bypass certain security restrictions. For more information: SA27648 SA28318 29) A security issue is caused due to the Podcast Capture application providing passwords to a subtask through the arguments. 30) Printing and Preview handle PDF files with weak encryption. 31) An error in Printing in the handling of authenticated print queues can lead to credentials being saved to disk. 33) A null-pointer dereference error exists in the handling of Universal Disc Format (UDF) file systems, which can be exploited to cause a system shutdown by enticing a user to open a maliciously crafted disk image. 35) Some vulnerabilities in X11 can be exploited by malicious, local users to gain escalated privileges. For more information: SA27040 SA28532 36) Some vulnerabilities in libpng can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA22900 SA25292 SA27093 SA27130 SOLUTION: Apply Security Update 2008-002. Security Update 2008-002 v1.0 (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10ppc.html Security Update 2008-002 v1.0 (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10universal.html Security Update 2008-002 v1.0 (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10leopard.html Security Update 2008-002 v1.0 Server (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10serverleopard.html Security Update 2008-002 v1.0 Server (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10serverppc.html Security Update 2008-002 v1.0 Server (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10serveruniversal.html PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Ragnar Sundblad of KTH - Royal Institute of Technology, Stockholm 11) regenrecht via iDefense 19) Daniel Jalkut, Red Sweater Software 22) Brian Mastenbrook 24) Mike Ash, Rogue Amoeba Software 29) Maximilian Reiss, Chair for Applied Software Engineering, TUM 33) Paul Wagland of Redwood Software, and Wayne Linder of Iomega 34) Rodrigo Carvalho CORE Security Technologies ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307562 CORE-2008-0123: http://www.coresecurity.com/?action=item&id=2189 OTHER REFERENCES: SA17907: http://secunia.com/advisories/17907/ SA18008: http://secunia.com/advisories/18008/ SA21187: http://secunia.com/advisories/21197/ SA22900: http://secunia.com/advisories/22900/ SA23347: http://secunia.com/advisories/23347/ SA24187: http://secunia.com/advisories/24187/ SA24548: http://secunia.com/advisories/24548/ SA24891: http://secunia.com/advisories/24891/ SA25292: http://secunia.com/advisories/25292/ SA26038: http://secunia.com/advisories/26038/ SA26530: http://secunia.com/advisories/26530/ SA26636: http://secunia.com/advisories/26636/ SA27040: http://secunia.com/advisories/27040/ SA27093: http://secunia.com/advisories/27093/ SA27130: http://secunia.com/advisories/27130/ SA27648: http://secunia.com/advisories/27648/ SA27508: http://secunia.com/advisories/27508/ SA27906: http://secunia.com/advisories/27906/ SA28046: http://secunia.com/advisories/28046/ SA28117: http://secunia.com/advisories/28117/ SAS28318: http://secunia.com/advisories/28318/ SA28532: http://secunia.com/advisories/28532/ SA28907: http://secunia.com/advisories/28907/ SA29428: http://secunia.com/advisories/29428/ SA29431: http://secunia.com/advisories/29431/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API. Failed attacks will cause denial-of-service conditions. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including AFP Client, AFP Server, AppKit, Application Firewall, CoreFoundation, CoreServices, CUPS, Foundation, Help Viewer, Image Raw, libc, mDNSResponder, notifyd, pax archive utility, Podcast Producer, Preview, Printing, System Configuration, UDF, and Wiki Server. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. These issues affect Apple Mac OS X 10.4.11, 10.4.11 Server, 10.5.2, 10.5.2 Server and earlier. NOTE: This BID is being retired. The following individual records have been created to fully document all the vulnerabilities that were described in this BID: 28320 Apple Mac OS X AFP Client 'afp://' URI Remote Code Execution Vulnerability CVE-2008-0044. There is a stack overflow vulnerability in the way the NSDocument API handles filenames, which is not available on most filesystems. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. 1) Multiple boundary errors in AFP client when processing "afp://" URLs can be exploited to cause stack-based buffer overflows when a user connects to a malicious AFP server. Successful exploitation may allow execution of arbitrary code. 2) An error exists in AFP Server when checking Kerberos principal realm names. This can be exploited to make unauthorized connections to the server when cross-realm authentication with AFP Server is used. 3) Multiple vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. 6) Multiple integer overflow errors exist in the parser for a legacy serialization format. This can be exploited to cause a heap-based buffer overflow when a specially crafted serialized property list is parsed. Successful exploitation may allow execution of arbitrary code. 7) An error in CFNetwork can be exploited to spoof secure websites via 502 Bad Gateway errors from a malicious HTTPS proxy server. 8) Multiple vulnerabilities in ClamAV can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. For more information: SA23347 SA24187 SA24891 SA26038 SA26530 SA28117 SA28907 9) An integer overflow error exists in CoreFoundation when handling time zone data. 10) The problem is that files with names ending in ".ief" can be automatically opened in AppleWorks if "Open 'Safe' files" is enabled in Safari. 13) A boundary error in curl can be exploited to compromise a user's system. For more information: SA17907 14) A vulnerability in emacs can be exploited by malicious people to compromise a user's system. For more information: SA27508 15) A vulnerability in "file" can be exploited by malicious people to compromise a vulnerable system. For more information: SA24548 16) An input validation error exists in the NSSelectorFromString API, which can potentially be exploited to execute arbitrary code via a malformed selector name. 17) A race condition error in NSFileManager can potentially be exploited to gain escalated privileges. 18) A boundary error in NSFileManager can potentially be exploited to cause a stack-based buffer overflow via an overly long pathname with a specially crafted structure. 19) A race condition error exists in the cache management of NSURLConnection. Safari). 20) A race condition error exists in NSXML. 21) An error in Help Viewer can be exploited to insert arbitrary HTML or JavaScript into the generated topic list page via a specially crafted "help:topic_list" URL and may redirect to a Help Viewer "help:runscript" link that runs Applescript. 22) A boundary error exists in Image Raw within the handling of Adobe Digital Negative (DNG) image files. This can be exploited to cause a stack-based buffer overflow by enticing a user to open a maliciously crafted image file. 23) Multiple vulnerabilities in Kerberos can be exploited to cause a DoS or to compromise a vulnerable system. For more information: SA29428 24) An off-by-one error the "strnstr()" in libc can be exploited to cause a DoS. 25) A format string error exists in mDNSResponderHelper, which can be exploited by a malicious, local user to cause a DoS or execute arbitrary code with privileges of mDNSResponderHelper by setting the local hostname to a specially crafted string. 26) An error in notifyd can be exploited by a malicious, local user to deny access to notifications by sending fake Mach port death notifications to notifyd. 27) An array indexing error in the pax command line tool can be exploited to execute arbitrary code. 28) Multiple vulnerabilities in php can be exploited to bypass certain security restrictions. For more information: SA27648 SA28318 29) A security issue is caused due to the Podcast Capture application providing passwords to a subtask through the arguments. 30) Printing and Preview handle PDF files with weak encryption. 31) An error in Printing in the handling of authenticated print queues can lead to credentials being saved to disk. 33) A null-pointer dereference error exists in the handling of Universal Disc Format (UDF) file systems, which can be exploited to cause a system shutdown by enticing a user to open a maliciously crafted disk image. 35) Some vulnerabilities in X11 can be exploited by malicious, local users to gain escalated privileges. For more information: SA27040 SA28532 36) Some vulnerabilities in libpng can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA22900 SA25292 SA27093 SA27130 SOLUTION: Apply Security Update 2008-002. Security Update 2008-002 v1.0 (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10ppc.html Security Update 2008-002 v1.0 (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10universal.html Security Update 2008-002 v1.0 (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10leopard.html Security Update 2008-002 v1.0 Server (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10serverleopard.html Security Update 2008-002 v1.0 Server (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10serverppc.html Security Update 2008-002 v1.0 Server (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10serveruniversal.html PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Ragnar Sundblad of KTH - Royal Institute of Technology, Stockholm 11) regenrecht via iDefense 19) Daniel Jalkut, Red Sweater Software 22) Brian Mastenbrook 24) Mike Ash, Rogue Amoeba Software 29) Maximilian Reiss, Chair for Applied Software Engineering, TUM 33) Paul Wagland of Redwood Software, and Wayne Linder of Iomega 34) Rodrigo Carvalho CORE Security Technologies ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307562 CORE-2008-0123: http://www.coresecurity.com/?action=item&id=2189 OTHER REFERENCES: SA17907: http://secunia.com/advisories/17907/ SA18008: http://secunia.com/advisories/18008/ SA21187: http://secunia.com/advisories/21197/ SA22900: http://secunia.com/advisories/22900/ SA23347: http://secunia.com/advisories/23347/ SA24187: http://secunia.com/advisories/24187/ SA24548: http://secunia.com/advisories/24548/ SA24891: http://secunia.com/advisories/24891/ SA25292: http://secunia.com/advisories/25292/ SA26038: http://secunia.com/advisories/26038/ SA26530: http://secunia.com/advisories/26530/ SA26636: http://secunia.com/advisories/26636/ SA27040: http://secunia.com/advisories/27040/ SA27093: http://secunia.com/advisories/27093/ SA27130: http://secunia.com/advisories/27130/ SA27648: http://secunia.com/advisories/27648/ SA27508: http://secunia.com/advisories/27508/ SA27906: http://secunia.com/advisories/27906/ SA28046: http://secunia.com/advisories/28046/ SA28117: http://secunia.com/advisories/28117/ SAS28318: http://secunia.com/advisories/28318/ SA28532: http://secunia.com/advisories/28532/ SA28907: http://secunia.com/advisories/28907/ SA29428: http://secunia.com/advisories/29428/ SA29431: http://secunia.com/advisories/29431/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions. Successfully exploiting this issue will cause unsuspecting users to establish unsafe firewall configurations, resulting in a false sense of security. This may lead to other attacks. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including AFP Client, AFP Server, AppKit, Application Firewall, CoreFoundation, CoreServices, CUPS, Foundation, Help Viewer, Image Raw, libc, mDNSResponder, notifyd, pax archive utility, Podcast Producer, Preview, Printing, System Configuration, UDF, and Wiki Server. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. These issues affect Apple Mac OS X 10.4.11, 10.4.11 Server, 10.5.2, 10.5.2 Server and earlier. NOTE: This BID is being retired. The following individual records have been created to fully document all the vulnerabilities that were described in this BID: 28320 Apple Mac OS X AFP Client 'afp://' URI Remote Code Execution Vulnerability CVE-2008-0044. 28323 Apple Mac OS X AFP Server Cross-Realm Authentication Bypass Vulnerability CVE-2008-0994 28388 Apple Mac OS X AppKit NSDocument API's Stack Based Buffer Overflow Vulnerability CVE-2008-0048 28340 Apple Mac OS X AppKit Bootstrap Namespace Local Privilege Escalation Vulnerability CVE-2008-0049 28358 Apple Mac OS X AppKit Legacy Serialization Kit Multiple Integer Overflow Vulnerabilities CVE-2008-0057 28364 Apple Mac OS X AppKit PPD File Stack Buffer Overflow Vulnerability CVE-2008-0997 28368 Apple Mac OS X Application Firewall German Translation Insecure Configuration Weakness CVE-2008-0046 28375 Apple Mac OS X CoreFoundation Time Zone Data Local Privilege Escalation Vulnerability CVE-2008-0051 28384 Apple Mac OS X CoreServices '.ief' Files Security Policy Violation Weakness CVE-2008-0052 28334 CUPS Multiple Unspecified Input Validation Vulnerabilities 28341 Apple Mac OS X Foundation 'NSSelectorFromString' Input Validation Vulnerability 28343 Apple Mac OS X Foundation NSFileManager Insecure Directory Local Privilege Escalation Vulnerability 28357 Apple Mac OS X Foundation 'NSFileManager' Stack-Based Buffer Overflow Vulnerability 28359 Apple Mac OS X Foundation 'NSURLConnection' Cache Management Race Condition Security Vulnerability 28363 Apple Mac OS X Image RAW Stack-Based Buffer Overflow Vulnerability 28367 Apple Mac OS X Foundation 'NSXML' XML File Processing Race Condition Security Vulnerability 28371 Apple Mac OS X Help Viewer Remote Applescript Code Execution Vulnerability 28374 Apple Mac OS X libc 'strnstr(3)' Off-By-One Denial of Service Vulnerability 28387 Apple Mac OS X Printing To PDF Insecure Encryption Weakness 28386 Apple Mac OS X Preview PDF Insecure Encryption Weakness 28389 Apple Mac OS X Universal Disc Format Remote Denial of Service Vulnerability 28385 Apple Mac OS X NetCfgTool Local Privilege Escalation Vulnerability 28365 Apple Mac OS X pax Archive Utility Remote Code Execution Vulnerability 28344 Apple Mac OS X Authenticated Print Queue Information Disclosure Vulnerability 28345 Apple Mac OS X 'notifyd' Local Denial of Service Vulnerability 28372 Apple Mac OS X Podcast Producer Podcast Capture Information Disclosure Vulnerability 28339 Apple Mac OS X mDNSResponderHelper Local Format String Vulnerability. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. 1) Multiple boundary errors in AFP client when processing "afp://" URLs can be exploited to cause stack-based buffer overflows when a user connects to a malicious AFP server. Successful exploitation may allow execution of arbitrary code. 2) An error exists in AFP Server when checking Kerberos principal realm names. This can be exploited to make unauthorized connections to the server when cross-realm authentication with AFP Server is used. 3) Multiple vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. For more information: SA18008 SA21197 SA26636 SA27906 SA28046 4) A boundary error within the handling of file names in the NSDocument API in AppKit can be exploited to cause a stack-based buffer overflow. 6) Multiple integer overflow errors exist in the parser for a legacy serialization format. This can be exploited to cause a heap-based buffer overflow when a specially crafted serialized property list is parsed. Successful exploitation may allow execution of arbitrary code. 7) An error in CFNetwork can be exploited to spoof secure websites via 502 Bad Gateway errors from a malicious HTTPS proxy server. 8) Multiple vulnerabilities in ClamAV can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. For more information: SA23347 SA24187 SA24891 SA26038 SA26530 SA28117 SA28907 9) An integer overflow error exists in CoreFoundation when handling time zone data. 10) The problem is that files with names ending in ".ief" can be automatically opened in AppleWorks if "Open 'Safe' files" is enabled in Safari. For more information: SA29431 12) Multiple input validation errors exist in CUPS, which can be exploited to execute arbitrary code with system privileges. 13) A boundary error in curl can be exploited to compromise a user's system. For more information: SA17907 14) A vulnerability in emacs can be exploited by malicious people to compromise a user's system. For more information: SA27508 15) A vulnerability in "file" can be exploited by malicious people to compromise a vulnerable system. For more information: SA24548 16) An input validation error exists in the NSSelectorFromString API, which can potentially be exploited to execute arbitrary code via a malformed selector name. 17) A race condition error in NSFileManager can potentially be exploited to gain escalated privileges. 18) A boundary error in NSFileManager can potentially be exploited to cause a stack-based buffer overflow via an overly long pathname with a specially crafted structure. 19) A race condition error exists in the cache management of NSURLConnection. This can be exploited to cause a DoS or execute arbitrary code in applications using the library (e.g. Safari). 20) A race condition error exists in NSXML. This can be exploited to execute arbitrary code by enticing a user to process an XML file in an application which uses NSXML. 21) An error in Help Viewer can be exploited to insert arbitrary HTML or JavaScript into the generated topic list page via a specially crafted "help:topic_list" URL and may redirect to a Help Viewer "help:runscript" link that runs Applescript. 22) A boundary error exists in Image Raw within the handling of Adobe Digital Negative (DNG) image files. This can be exploited to cause a stack-based buffer overflow by enticing a user to open a maliciously crafted image file. 23) Multiple vulnerabilities in Kerberos can be exploited to cause a DoS or to compromise a vulnerable system. For more information: SA29428 24) An off-by-one error the "strnstr()" in libc can be exploited to cause a DoS. 25) A format string error exists in mDNSResponderHelper, which can be exploited by a malicious, local user to cause a DoS or execute arbitrary code with privileges of mDNSResponderHelper by setting the local hostname to a specially crafted string. 26) An error in notifyd can be exploited by a malicious, local user to deny access to notifications by sending fake Mach port death notifications to notifyd. 27) An array indexing error in the pax command line tool can be exploited to execute arbitrary code. 28) Multiple vulnerabilities in php can be exploited to bypass certain security restrictions. For more information: SA27648 SA28318 29) A security issue is caused due to the Podcast Capture application providing passwords to a subtask through the arguments. 30) Printing and Preview handle PDF files with weak encryption. 31) An error in Printing in the handling of authenticated print queues can lead to credentials being saved to disk. 33) A null-pointer dereference error exists in the handling of Universal Disc Format (UDF) file systems, which can be exploited to cause a system shutdown by enticing a user to open a maliciously crafted disk image. 35) Some vulnerabilities in X11 can be exploited by malicious, local users to gain escalated privileges. For more information: SA27040 SA28532 36) Some vulnerabilities in libpng can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA22900 SA25292 SA27093 SA27130 SOLUTION: Apply Security Update 2008-002. Security Update 2008-002 v1.0 (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10ppc.html Security Update 2008-002 v1.0 (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10universal.html Security Update 2008-002 v1.0 (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10leopard.html Security Update 2008-002 v1.0 Server (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10serverleopard.html Security Update 2008-002 v1.0 Server (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10serverppc.html Security Update 2008-002 v1.0 Server (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10serveruniversal.html PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Ragnar Sundblad of KTH - Royal Institute of Technology, Stockholm 11) regenrecht via iDefense 19) Daniel Jalkut, Red Sweater Software 22) Brian Mastenbrook 24) Mike Ash, Rogue Amoeba Software 29) Maximilian Reiss, Chair for Applied Software Engineering, TUM 33) Paul Wagland of Redwood Software, and Wayne Linder of Iomega 34) Rodrigo Carvalho CORE Security Technologies ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307562 CORE-2008-0123: http://www.coresecurity.com/?action=item&id=2189 OTHER REFERENCES: SA17907: http://secunia.com/advisories/17907/ SA18008: http://secunia.com/advisories/18008/ SA21187: http://secunia.com/advisories/21197/ SA22900: http://secunia.com/advisories/22900/ SA23347: http://secunia.com/advisories/23347/ SA24187: http://secunia.com/advisories/24187/ SA24548: http://secunia.com/advisories/24548/ SA24891: http://secunia.com/advisories/24891/ SA25292: http://secunia.com/advisories/25292/ SA26038: http://secunia.com/advisories/26038/ SA26530: http://secunia.com/advisories/26530/ SA26636: http://secunia.com/advisories/26636/ SA27040: http://secunia.com/advisories/27040/ SA27093: http://secunia.com/advisories/27093/ SA27130: http://secunia.com/advisories/27130/ SA27648: http://secunia.com/advisories/27648/ SA27508: http://secunia.com/advisories/27508/ SA27906: http://secunia.com/advisories/27906/ SA28046: http://secunia.com/advisories/28046/ SA28117: http://secunia.com/advisories/28117/ SAS28318: http://secunia.com/advisories/28318/ SA28532: http://secunia.com/advisories/28532/ SA28907: http://secunia.com/advisories/28907/ SA29428: http://secunia.com/advisories/29428/ SA29431: http://secunia.com/advisories/29431/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file. CUPS Is vulnerable to input validation.Arbitrary code may be executed. CUPS is prone to multiple unspecified input-validation vulnerabilities. An attacker can exploit these issues to execute arbitrary code with SYSTEM-privileges. Failed attacks will cause denial-of-service conditions. Very few technical details are currently available. We will update this BID as more information is disclosed. NOTE: This vulnerability was previously covered in BID 28304 (Apple Mac OS X 2008-002 Multiple Security Vulnerabilities), but has been given its own record to better document the issue. Mac OS X is the operating system used by the Apple family of machines. Multiple input validation errors in CUPS could lead to arbitrary command execution with system privileges in HP-GL/2-to-PostScript. =========================================================== Ubuntu Security Notice USN-598-1 April 02, 2008 cupsys vulnerabilities CVE-2008-0047, CVE-2008-0053, CVE-2008-0882, CVE-2008-1373 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: cupsys 1.2.2-0ubuntu0.6.06.8 Ubuntu 6.10: cupsys 1.2.4-2ubuntu3.3 Ubuntu 7.04: cupsys 1.2.8-0ubuntu8.3 Ubuntu 7.10: cupsys 1.3.2-1ubuntu7.6 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that the CUPS administration interface contained a heap- based overflow flaw. A local attacker, and a remote attacker if printer sharing is enabled, could send a malicious request and possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-0047) It was discovered that the hpgl filter in CUPS did not properly validate its input when parsing parameters. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-0053) It was discovered that CUPS had a flaw in its managing of remote shared printers via IPP. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-0882) It was discovered that CUPS did not properly perform bounds checking in its GIF decoding routines. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-1373) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.8.diff.gz Size/MD5: 97650 b7ac4b760066920314d4596541cf716e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.8.dsc Size/MD5: 1049 26e617c4b5c0848d56f872895e279a86 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.8_all.deb Size/MD5: 998 c7d4013c3b9e3655e2fd2e9719d4d2af amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.8_amd64.deb Size/MD5: 36218 9eff8fd692afe5ae17ca80f269a0ca6b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.8_amd64.deb Size/MD5: 81906 ac05150f42e5671c5cdc73ba8f85cb5b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.8_amd64.deb Size/MD5: 2286026 acd4a48c676556fc7260bbd86db0416b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.8_amd64.deb Size/MD5: 6096 3df7829bfb8766de94a4ef2ff0be824f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.8_amd64.deb Size/MD5: 76654 0d67c8599d4e2accf4f7ee31b498fdc7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.8_amd64.deb Size/MD5: 25758 14617ef9d38146ceaf89b4e9775e2fb4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.8_amd64.deb Size/MD5: 129498 5cd8c821b31dddde0c200a61570d48b6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.8_i386.deb Size/MD5: 34766 88ac5bced1d508f9695b4b4f4ae0f82a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.8_i386.deb Size/MD5: 77988 84db3f3ad17936d5015a26353c55bc6a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.8_i386.deb Size/MD5: 2253492 2cc1ec94caf6344a555ece9f69b51fe2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.8_i386.deb Size/MD5: 6088 00226da0a854f64bd5b18ace219de031 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.8_i386.deb Size/MD5: 75744 73038a225d7301b4b5f8085219c97c81 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.8_i386.deb Size/MD5: 25740 52699a4b9dea621f4332db5856f8b574 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.8_i386.deb Size/MD5: 121718 2e904399c40c9f83e451bb2e964820c1 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.8_powerpc.deb Size/MD5: 40464 7e6bd3ec6312eef104737ffed5e19c3c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.8_powerpc.deb Size/MD5: 89542 8b9353d17d9402495f2404a9ab837b92 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.8_powerpc.deb Size/MD5: 2300680 65597d07917b8753a0af6f6aae1276db http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.8_powerpc.deb Size/MD5: 6096 d6cb4780e6f4545bc8566cce92fb8346 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.8_powerpc.deb Size/MD5: 78442 c75b4f47491227c2504649902a040855 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.8_powerpc.deb Size/MD5: 25742 372a1c972e97e1722a844430780ae6c5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.8_powerpc.deb Size/MD5: 127478 afad79a272bbe434675f24d7a3ca91ef sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.8_sparc.deb Size/MD5: 35396 b44ad7e913ff064d2a3fb73121771686 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.8_sparc.deb Size/MD5: 78724 a8bff0942be4b14ece6dde8fd38b6f5a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.8_sparc.deb Size/MD5: 2287122 2415f6a5410a63b98ba32ecdf8fbcfb7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.8_sparc.deb Size/MD5: 6094 384dc8a7b9c8dfbefa42d7b5fbb836c7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.8_sparc.deb Size/MD5: 75678 6258f4d4c1b55d90b34cee1caa12dc35 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.8_sparc.deb Size/MD5: 25740 ca7f1a4412f42d739d51c1ddbc09045a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.8_sparc.deb Size/MD5: 123214 801292f8a2652b579a82b7a7c52e9ffd Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.3.diff.gz Size/MD5: 111410 fb84af4bcf007f2f7299394e0be32412 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.3.dsc Size/MD5: 1059 430be555857b7aa5cc01431466487aaf http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4.orig.tar.gz Size/MD5: 4091480 46722ad2dc78b12b5c05db2d080fe784 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.2.4-2ubuntu3.3_all.deb Size/MD5: 870052 97e82b21269a8bb5e7ac995cc4cb665d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.3_amd64.deb Size/MD5: 36706 eb308fea40f4b7d159304b4b875b2329 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.3_amd64.deb Size/MD5: 82506 3b04032674acc75d3184f537af144d3a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.3_amd64.deb Size/MD5: 1480680 18b1537c8238b225e6ba2bb51570b942 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.3_amd64.deb Size/MD5: 6122 b324305be458b5207d242efc230d06c1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.3_amd64.deb Size/MD5: 95522 fce843ba1e5c51ec7a8161f0a0828acc http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.3_amd64.deb Size/MD5: 26138 041e52bad239d993b22d65873705a751 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.3_amd64.deb Size/MD5: 172282 cf3fd3c84c83b36aa453ca2e071ab74c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.3_i386.deb Size/MD5: 36260 c2daeb19fee1ebfe794be09ebefef1c7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.3_i386.deb Size/MD5: 80108 c599f739a103867967a78f91569db74e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.3_i386.deb Size/MD5: 1463912 d22879a24e9f1ff1d12e7845ad596cc2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.3_i386.deb Size/MD5: 6124 01628551a9fc66423789f02853d0d9ba http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.3_i386.deb Size/MD5: 95352 b6084c36087da3aa1a3c8d44f9a9d0a7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.3_i386.deb Size/MD5: 26142 838499ddbf886c5514ef11c6e4bdeda9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.3_i386.deb Size/MD5: 169404 8262471b1cdb9991fbde554a31c74508 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.3_powerpc.deb Size/MD5: 41802 b703ca8629e5df46fc1f1d45acd20581 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.3_powerpc.deb Size/MD5: 91148 caca2486db7794b133539af9b939a607 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.3_powerpc.deb Size/MD5: 1498496 0662d077dfae2d1b6b00db7a0966366b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.3_powerpc.deb Size/MD5: 6128 792c5ee645b0f7a7e1d63d9206348c52 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.3_powerpc.deb Size/MD5: 97682 b37660eb88a487e5f7c49b9ed6f1c937 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.3_powerpc.deb Size/MD5: 26144 b834556e6374093f5652754dd8c0ff6a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.3_powerpc.deb Size/MD5: 172694 3174ff36eaa0bc4ac7f4df02299413ca sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.3_sparc.deb Size/MD5: 36292 2cd1ea5a42eff193ca8a4c2ec53aefa1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.3_sparc.deb Size/MD5: 80238 10b95fff38cb0436cf30a30e683cc27d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.3_sparc.deb Size/MD5: 1489214 119f077088e3b2009c896fd395448717 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.3_sparc.deb Size/MD5: 6128 204a14898a9508a980e71d33792cfb59 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.3_sparc.deb Size/MD5: 94574 a87580c3fd22da592dd5496190afb871 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.3_sparc.deb Size/MD5: 26142 e7b959209cad884220bb1cacb2cd0555 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.3_sparc.deb Size/MD5: 168700 1f717ec06409999b5a40bb89dcedb5b0 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.3.diff.gz Size/MD5: 156263 0147ec4c77b27e20df2a3ad514c2dd8e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.3.dsc Size/MD5: 1143 7fb2ad1b1c8e57b09805fc9d6c1e027d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8.orig.tar.gz Size/MD5: 4293194 107affe95fcf1cd4aaed4a5c73f4b91f Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.2.8-0ubuntu8.3_all.deb Size/MD5: 926414 97df229c931f7eb05af5a5cb623635ae amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.3_amd64.deb Size/MD5: 37412 20fb406aae21e63dc8c9723e178505af http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.3_amd64.deb Size/MD5: 83238 9aa9eb876585e32757c83783d79b0a02 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.3_amd64.deb Size/MD5: 1638304 7673386b3a9d63c09bd3647cf5dad877 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.3_amd64.deb Size/MD5: 56378 32e2acb4fe5ef7aab8b8896a8d40166c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.3_amd64.deb Size/MD5: 104324 649109ddb522145730c67b93a870eefe http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.3_amd64.deb Size/MD5: 144860 c0fb60ebae640e565607f0cdfd7094b7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.3_amd64.deb Size/MD5: 182344 204887dda2791a61417415c4466a51d7 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.3_i386.deb Size/MD5: 36722 22030307f71a44ca7b30921aef0bf46a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.3_i386.deb Size/MD5: 80738 c92706978d65b9a409d93e704c5662b4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.3_i386.deb Size/MD5: 1620944 bc9a1e338567e27aee10cded16abbcc2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.3_i386.deb Size/MD5: 55472 15cd34697cca79ee83498691da531d37 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.3_i386.deb Size/MD5: 104028 3d13c92bf5f0c9a26f3a8ba534dc6dec http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.3_i386.deb Size/MD5: 139332 c33597e3bbce0d41df0efe84c2b59377 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.3_i386.deb Size/MD5: 178604 a93713bb9b422a0460d42dc35eb7f8b3 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.3_powerpc.deb Size/MD5: 46768 682b1e104c73d8820a5b39ba79de7883 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.3_powerpc.deb Size/MD5: 101104 78dcf70528f5682b2499efa0b03f6a42 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.3_powerpc.deb Size/MD5: 1695542 06c8b6b43afa525b07718d410eed6438 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.3_powerpc.deb Size/MD5: 56226 27ce8328e4cfc184ef64fdfe5bcf1b45 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.3_powerpc.deb Size/MD5: 109886 607c9d1bdc4eaf3627031f98f59948be http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.3_powerpc.deb Size/MD5: 141172 501aee8031dd71ce2166e79bfca04129 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.3_powerpc.deb Size/MD5: 188236 ccbcdb277477728c10dac36435924085 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.3_sparc.deb Size/MD5: 37788 7da1fb58e7d4b6bfd71ed47b1ba5d201 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.3_sparc.deb Size/MD5: 83750 69a59033ea6458f3f82046aee46ba4bb http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.3_sparc.deb Size/MD5: 1658908 b35167112445c8bc3c1281604412f534 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.3_sparc.deb Size/MD5: 54756 b877de97919e00870c84850b1e074555 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.3_sparc.deb Size/MD5: 103574 204efb55b2d46f00cd4f8ddc429d805f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.3_sparc.deb Size/MD5: 141742 5e411c3199e1a1296dbd7cd7c6958e1a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.3_sparc.deb Size/MD5: 177884 4e1b218fd113193e4cf149aea90ec6c7 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.6.diff.gz Size/MD5: 125298 81ae6b42c7dd12a1797a63d19c644a8c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.6.dsc Size/MD5: 1218 c56faedc440fc2b16f9a1f396a607d1e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2.orig.tar.gz Size/MD5: 4848424 9e3e1dee4d872fdff0682041198d3d73 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.2-1ubuntu7.6_all.deb Size/MD5: 1080444 5d01f105292a526744e5622a14a9aed4 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.6_amd64.deb Size/MD5: 37204 c3425972caa02e7a25321f49d47c6f9b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.6_amd64.deb Size/MD5: 89504 5411f2454e0d2a0323e9951cb15a534d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.6_amd64.deb Size/MD5: 2034570 c8d6548bd1ba7cb841b196e762da492c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.6_amd64.deb Size/MD5: 59890 150d59889adc8fd0cb185989876a355d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.6_amd64.deb Size/MD5: 46780 e15952781e93e862194d453320605bbc http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.6_amd64.deb Size/MD5: 152020 32c671873dfad4e39104da5c3a6e935e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.6_amd64.deb Size/MD5: 186028 1a1404a7d67078e31c8819bf3d8d4dae i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.6_i386.deb Size/MD5: 36476 a982fce3918a91c74e92fb515f1c6d65 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.6_i386.deb Size/MD5: 86484 0e4d80917e070f7b2f109de81f96bc4d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.6_i386.deb Size/MD5: 2018116 cff3abb1b69d797d616e73c93885de3a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.6_i386.deb Size/MD5: 58634 6d2590c49af04215519a87e857463652 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.6_i386.deb Size/MD5: 46140 0ebe76bdf799336e0b2d01d0a0eca72c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.6_i386.deb Size/MD5: 145694 6766e6515de26b782e211840f330b93e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.6_i386.deb Size/MD5: 182802 c62bc1107e748c200e6969a239ae8b9b powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.6_powerpc.deb Size/MD5: 46498 044a54c557dd4006bb40a13dd2c2b156 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.6_powerpc.deb Size/MD5: 107752 76e4020feb1778e713389fc6bdb86ea9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.6_powerpc.deb Size/MD5: 2099222 73d517a40d877a238856a232e6be64c9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.6_powerpc.deb Size/MD5: 59342 8530840cf85bf44c8803fd064b61e1f7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.6_powerpc.deb Size/MD5: 51716 9d30c790a4b94ac07670d7e15c2e41ab http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.6_powerpc.deb Size/MD5: 146948 f73327e30e2778bdcf4543c04855e6a1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.6_powerpc.deb Size/MD5: 191752 46d534c4c477657ab03419d18f91728f sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.6_sparc.deb Size/MD5: 37564 1771f3f6f2ceb1864696801f7f420e93 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.6_sparc.deb Size/MD5: 89606 69149447dbd4e3b36185bd977202f837 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.6_sparc.deb Size/MD5: 2060610 ed932d7ee05e745bc0af647d361e7d99 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.6_sparc.deb Size/MD5: 57900 7369866ac9adb6abd966e2d1e2f95b42 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.6_sparc.deb Size/MD5: 45440 60eda5d4cc12eb2c35817d6c0d4ef43a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.6_sparc.deb Size/MD5: 148476 8e1d119a91b8c6d8d15032b27a498235 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.6_sparc.deb Size/MD5: 181842 8283739361474f00d65f9bf52d7c0e3d . Finally, a vulnerability in how CUPS handled GIF files was found by Tomas Hoger of Red Hat, similar to previous issues corrected in PHP, gd, tk, netpbm, and SDL_image (CVE-2008-1373). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1373 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 4ecbfe664ba6820bf06dc406133e265c 2007.0/i586/cups-1.2.4-1.8mdv2007.0.i586.rpm 6d51733a95884e36cca9570738537ff6 2007.0/i586/cups-common-1.2.4-1.8mdv2007.0.i586.rpm abe0591d8b2b390a82dffcd2fed43b14 2007.0/i586/cups-serial-1.2.4-1.8mdv2007.0.i586.rpm 91ffe19d342810de71e056e213056552 2007.0/i586/libcups2-1.2.4-1.8mdv2007.0.i586.rpm 71fd9246da1e48b2dc6a60ceeae41e48 2007.0/i586/libcups2-devel-1.2.4-1.8mdv2007.0.i586.rpm bd0f3b69fe5dc7bddd6c121200db014d 2007.0/i586/php-cups-1.2.4-1.8mdv2007.0.i586.rpm cb50a10a1096424175c1a49e8e22a8a1 2007.0/SRPMS/cups-1.2.4-1.8mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: d9423a942f4f779959cfe489866b52f5 2007.0/x86_64/cups-1.2.4-1.8mdv2007.0.x86_64.rpm 8b13ba591a7dc53c658876dae447ce17 2007.0/x86_64/cups-common-1.2.4-1.8mdv2007.0.x86_64.rpm 9e434edde16c05fded1b706adaae859d 2007.0/x86_64/cups-serial-1.2.4-1.8mdv2007.0.x86_64.rpm 9733f3116c8488148471af3d5bdafd16 2007.0/x86_64/lib64cups2-1.2.4-1.8mdv2007.0.x86_64.rpm fbb5010088c23aa2cf635875179adc3c 2007.0/x86_64/lib64cups2-devel-1.2.4-1.8mdv2007.0.x86_64.rpm 00e05d49f33ef5d0067287ef1a27246c 2007.0/x86_64/php-cups-1.2.4-1.8mdv2007.0.x86_64.rpm cb50a10a1096424175c1a49e8e22a8a1 2007.0/SRPMS/cups-1.2.4-1.8mdv2007.0.src.rpm Mandriva Linux 2007.1: dc81f96bd48732eed770b0090b333695 2007.1/i586/cups-1.2.10-2.6mdv2007.1.i586.rpm 3545d312400a8f5aad55e323d2ff3543 2007.1/i586/cups-common-1.2.10-2.6mdv2007.1.i586.rpm f4656b26df51f63813a49006415a783b 2007.1/i586/cups-serial-1.2.10-2.6mdv2007.1.i586.rpm ab1869c8ddeda927fdfbc49c386756f1 2007.1/i586/libcups2-1.2.10-2.6mdv2007.1.i586.rpm 5de192ed26380212896fcd376a1b3e23 2007.1/i586/libcups2-devel-1.2.10-2.6mdv2007.1.i586.rpm a347c58fc3e76e064cabf8425d0245ab 2007.1/i586/php-cups-1.2.10-2.6mdv2007.1.i586.rpm 15c9274e61f9dbe98150fa1ae58ef7bc 2007.1/SRPMS/cups-1.2.10-2.6mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 1faa57f00d0577f6d25cddf7fccd7edb 2007.1/x86_64/cups-1.2.10-2.6mdv2007.1.x86_64.rpm 26a14fabfef38f2fd4ab88c6184d4e2f 2007.1/x86_64/cups-common-1.2.10-2.6mdv2007.1.x86_64.rpm b5a49bfbeb004af58e1e5f9c1660dece 2007.1/x86_64/cups-serial-1.2.10-2.6mdv2007.1.x86_64.rpm 6b81f4e888dec6e94231b01fd5d162bf 2007.1/x86_64/lib64cups2-1.2.10-2.6mdv2007.1.x86_64.rpm 256313a9ac10203a7d59deb6ff0a3da0 2007.1/x86_64/lib64cups2-devel-1.2.10-2.6mdv2007.1.x86_64.rpm 41e268b0e9e8a5e256c9af6192dfcae0 2007.1/x86_64/php-cups-1.2.10-2.6mdv2007.1.x86_64.rpm 15c9274e61f9dbe98150fa1ae58ef7bc 2007.1/SRPMS/cups-1.2.10-2.6mdv2007.1.src.rpm Mandriva Linux 2008.0: 27ee99856a1c4448cdee618f2db8ae52 2008.0/i586/cups-1.3.6-1.1mdv2008.0.i586.rpm 09a6026a683b1ea029b63b0480aa2d4b 2008.0/i586/cups-common-1.3.6-1.1mdv2008.0.i586.rpm 7974c9c3a572a389fea83250cd57c8e1 2008.0/i586/cups-serial-1.3.6-1.1mdv2008.0.i586.rpm a6432e417d401b7900113763255bf8c3 2008.0/i586/libcups2-1.3.6-1.1mdv2008.0.i586.rpm cfb0fd68a1d60f1dfa985da0bb79190f 2008.0/i586/libcups2-devel-1.3.6-1.1mdv2008.0.i586.rpm aba1862f9db0e18f09d581ef0a95fde8 2008.0/i586/php-cups-1.3.6-1.1mdv2008.0.i586.rpm e034c775d5b04fffb14cb441b8174a55 2008.0/SRPMS/cups-1.3.6-1.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: b18f356dc9fc5cda784e576e3f20a801 2008.0/x86_64/cups-1.3.6-1.1mdv2008.0.x86_64.rpm bccc98b2ad3205d2c301036ba9d28f61 2008.0/x86_64/cups-common-1.3.6-1.1mdv2008.0.x86_64.rpm 1c1837c8a8eb04609daa405553ab7fe8 2008.0/x86_64/cups-serial-1.3.6-1.1mdv2008.0.x86_64.rpm 5748bf84c1239e2b4255446cbf6c8285 2008.0/x86_64/lib64cups2-1.3.6-1.1mdv2008.0.x86_64.rpm bd593d10e724d5fcb41a474ceb985996 2008.0/x86_64/lib64cups2-devel-1.3.6-1.1mdv2008.0.x86_64.rpm f2db5dfbb8dc8327965a45a5d88e0b6d 2008.0/x86_64/php-cups-1.3.6-1.1mdv2008.0.x86_64.rpm e034c775d5b04fffb14cb441b8174a55 2008.0/SRPMS/cups-1.3.6-1.1mdv2008.0.src.rpm Corporate 3.0: 21bb1e12de3ad442d1abcf6b748e4612 corporate/3.0/i586/cups-1.1.20-5.17.C30mdk.i586.rpm 0b98a618d204f1cb5d93cfc8bc17ce04 corporate/3.0/i586/cups-common-1.1.20-5.17.C30mdk.i586.rpm b4d7d4823f4a052f1b88de95c15fdd35 corporate/3.0/i586/cups-serial-1.1.20-5.17.C30mdk.i586.rpm 15ff4fca1070bde09536ef5c152f93fa corporate/3.0/i586/libcups2-1.1.20-5.17.C30mdk.i586.rpm 29a49e9cd1dab4afc7d4b45f756db2ec corporate/3.0/i586/libcups2-devel-1.1.20-5.17.C30mdk.i586.rpm 2d3ba4ca7a10c5842f6eeb6a7f847e86 corporate/3.0/SRPMS/cups-1.1.20-5.17.C30mdk.src.rpm Corporate 3.0/X86_64: f977134efb9f309911bfc1b4850e82f0 corporate/3.0/x86_64/cups-1.1.20-5.17.C30mdk.x86_64.rpm 36fff0b8424e4f651e6f055c70008521 corporate/3.0/x86_64/cups-common-1.1.20-5.17.C30mdk.x86_64.rpm 696c4e4cc405b9ca56f22819fa2f818b corporate/3.0/x86_64/cups-serial-1.1.20-5.17.C30mdk.x86_64.rpm 942d626665fe5a05f879411e7ca80030 corporate/3.0/x86_64/lib64cups2-1.1.20-5.17.C30mdk.x86_64.rpm e191a6945b87e3b33617a3de06561d3e corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.17.C30mdk.x86_64.rpm 2d3ba4ca7a10c5842f6eeb6a7f847e86 corporate/3.0/SRPMS/cups-1.1.20-5.17.C30mdk.src.rpm Corporate 4.0: a091b07a3a414304cf24e76ab99d3afe corporate/4.0/i586/cups-1.2.4-0.8.20060mlcs4.i586.rpm 4cabdbd655b65028ee5bdfb3452f4506 corporate/4.0/i586/cups-common-1.2.4-0.8.20060mlcs4.i586.rpm 534437dd5a286f0484df0e2cdfd9e636 corporate/4.0/i586/cups-serial-1.2.4-0.8.20060mlcs4.i586.rpm 0dd449c47be977964034d699749738f7 corporate/4.0/i586/libcups2-1.2.4-0.8.20060mlcs4.i586.rpm 6aad89786cfec35bc5e81eb3a1dc8cd4 corporate/4.0/i586/libcups2-devel-1.2.4-0.8.20060mlcs4.i586.rpm fc46181aa746a4f637d66681fb975560 corporate/4.0/i586/php-cups-1.2.4-0.8.20060mlcs4.i586.rpm 83a55c89caf98419e9f76b58c6bee2e5 corporate/4.0/SRPMS/cups-1.2.4-0.8.20060mlcs4.src.rpm Corporate 4.0/X86_64: 7c7624e35383c614691e4063215f8d65 corporate/4.0/x86_64/cups-1.2.4-0.8.20060mlcs4.x86_64.rpm 17f29e8614a988900a09305adfd1c85b corporate/4.0/x86_64/cups-common-1.2.4-0.8.20060mlcs4.x86_64.rpm 773484820406d7285608081cb7e262d2 corporate/4.0/x86_64/cups-serial-1.2.4-0.8.20060mlcs4.x86_64.rpm a53e7a817a42ccc1ac5a5daa7602c4d8 corporate/4.0/x86_64/lib64cups2-1.2.4-0.8.20060mlcs4.x86_64.rpm ad933e76d237bbb83bf568071566ba37 corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.8.20060mlcs4.x86_64.rpm 4c6d20646db4de2ab03907c9b6705067 corporate/4.0/x86_64/php-cups-1.2.4-0.8.20060mlcs4.x86_64.rpm 83a55c89caf98419e9f76b58c6bee2e5 corporate/4.0/SRPMS/cups-1.2.4-0.8.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH88NLmqjQ0CJFipgRAvgQAJ9PyMfRvtdcft3hCuqCnGg+4dLucQCgrz1i QDjzjtxa/ZH8ibtkLnEJNvQ= =7iZK -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1625-1 security@debian.org http://www.debian.org/security/ Thijs Kinkhorst August 01, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : cupsys Vulnerability : buffer overflows Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-0053 CVE-2008-1373 CVE-2008-1722 Debian Bug : 476305 Several remote vulnerabilities have been discovered in the Common Unix Printing System (CUPS). For the stable distribution (etch), these problems have been fixed in version 1.2.7-4etch4 of package cupsys. For the testing (lenny) and unstable distribution (sid), these problems have been fixed in version 1.3.7-2 of package cups. We recommend that you upgrade your cupsys package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4.diff.gz Size/MD5 checksum: 107641 b1ae0953050580975ef0c6ff495e912d http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4.dsc Size/MD5 checksum: 1376 4f8938f4dac4a9732efd621f4aabb63a Architecture independent packages: http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch4_all.deb Size/MD5 checksum: 45758 fbb5c3eaf74a1207d887e12bb75f6182 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch4_all.deb Size/MD5 checksum: 924012 43e775475535e31f2f6963947c03525d amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_amd64.deb Size/MD5 checksum: 1087542 cb6a29323e4cd1069b669c89963a1fac http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_amd64.deb Size/MD5 checksum: 53024 090d638da135798424a129257b51b157 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_amd64.deb Size/MD5 checksum: 142544 0d446b8acb588ec2b1c8c22067aa2364 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_amd64.deb Size/MD5 checksum: 1574904 cdd7afb0953a56cf8d213778cbe1773e http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_amd64.deb Size/MD5 checksum: 80706 687de2f8bf779ca898863fb94a07a12b http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_amd64.deb Size/MD5 checksum: 85968 8d69f2ac63f2d4fbd923c2caa33c604d http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_amd64.deb Size/MD5 checksum: 36352 02c24a715c2f06dd8bc62a851591948e http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_amd64.deb Size/MD5 checksum: 162230 0e2325c67bf23841038be68557ba8758 arm architecture (ARM) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_arm.deb Size/MD5 checksum: 48718 28a8ac4acad82bd582358e38c0c23013 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_arm.deb Size/MD5 checksum: 78910 6566d320a557b02cf94f379b84f0dba9 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_arm.deb Size/MD5 checksum: 35936 6ae06d35d6c40084adfd8bfd65866174 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_arm.deb Size/MD5 checksum: 1025732 5c3e851e94f3a41216d7a7149839c8d4 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_arm.deb Size/MD5 checksum: 132040 3eb0b900c59ea118d768b1459898ea90 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_arm.deb Size/MD5 checksum: 154878 02d749b77969111a813a4cba408bd74d http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_arm.deb Size/MD5 checksum: 1568968 5c60803b01b551503017f750bea5526e http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_arm.deb Size/MD5 checksum: 85168 5b2a0162f00efdcc8cd1d93e0bc7486b hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_hppa.deb Size/MD5 checksum: 172120 3b9de8875c9be02866143463b0c919f0 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_hppa.deb Size/MD5 checksum: 91152 ab272c582600f995706b46709c510f32 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_hppa.deb Size/MD5 checksum: 1022644 b587ee12458f80bd76a1d7b84869b741 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_hppa.deb Size/MD5 checksum: 57192 4e117dab53e958404f958b99b08da4c1 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_hppa.deb Size/MD5 checksum: 154086 2a27882b763ce10df0fd172cfa8d22bb http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_hppa.deb Size/MD5 checksum: 86898 aebbadb4ddb70dde9a524fd56b7bfb46 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_hppa.deb Size/MD5 checksum: 1624440 67216c81ae5f4d2f1d8b571f7099492e http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_hppa.deb Size/MD5 checksum: 39270 1bbd6351cb6cd5f686faaddbeb731c4f i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_i386.deb Size/MD5 checksum: 86844 5dd05c3c3f08b1e2a60405bcaef83146 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_i386.deb Size/MD5 checksum: 79334 2002dc686f12bb5250d9fafb9b63a268 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_i386.deb Size/MD5 checksum: 53272 1723eb6d5f00ce02702b52b60610c586 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_i386.deb Size/MD5 checksum: 36230 cda0348c0c9b6dbd145e3c02e0c44fd2 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_i386.deb Size/MD5 checksum: 1004104 10a43e1b53f782d065362e92ff0998f9 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_i386.deb Size/MD5 checksum: 137972 203602cf657f98ee38a372c3922b7ae1 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_i386.deb Size/MD5 checksum: 160382 2fa7444168c9f43a22eb776bd9638827 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_i386.deb Size/MD5 checksum: 1559230 dfca65e3edd6f0fb4bdc18973efef89a ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_ia64.deb Size/MD5 checksum: 203930 b457e7ae7fb11f876225150e559a4272 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_ia64.deb Size/MD5 checksum: 46330 922f2bd1d98fcbb40badcebd7c0cc07c http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_ia64.deb Size/MD5 checksum: 106642 b61d48e93e413245d3fd5ebe47c31243 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_ia64.deb Size/MD5 checksum: 1107892 65945b9397a13a31fb8646cb71ef7794 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_ia64.deb Size/MD5 checksum: 192372 eea62b30397305acdf6f98a6df50cf8e http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_ia64.deb Size/MD5 checksum: 1770682 398872427b493f8206c38a3504fc1904 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_ia64.deb Size/MD5 checksum: 74158 e1f00e7e8be7549ac2b58adaeba0f5b2 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_ia64.deb Size/MD5 checksum: 106226 fb838547edf473df7efaa8fe41cf42f1 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_mips.deb Size/MD5 checksum: 86546 02bd3a3bb274f21179f65edfb28c1f7e http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_mips.deb Size/MD5 checksum: 76158 53a90a54e6cf7418b81e0b40db39566b http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_mips.deb Size/MD5 checksum: 36116 8d78c13d605160ee0caa835961667913 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_mips.deb Size/MD5 checksum: 150982 b48a8bcf9dbff3e842f83f4ca05e0421 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_mips.deb Size/MD5 checksum: 1097820 db2ff50e5555b022b54252f07b442992 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_mips.deb Size/MD5 checksum: 157742 94a7c2d49b7234c0a54291446c5ba06d http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_mips.deb Size/MD5 checksum: 1567460 dffd05c006a78e53bc8c03dc8beaa4ea http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_mips.deb Size/MD5 checksum: 57688 cbce6e984252bef94c0bd7ace9afdcdf mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_mipsel.deb Size/MD5 checksum: 86688 7c91af84b2fab2419fa4939bb8080097 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_mipsel.deb Size/MD5 checksum: 1552918 7d7af09023892fdd9e862ddcbb590fb3 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_mipsel.deb Size/MD5 checksum: 150896 ba6b2f7c16957759b63e20d66d5964f2 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_mipsel.deb Size/MD5 checksum: 36064 702ec7fbc7b2716e10a97f7b7c11e75a http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_mipsel.deb Size/MD5 checksum: 158270 0354f63d7126c3775cc74a95426052d4 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_mipsel.deb Size/MD5 checksum: 57846 2ee768d4dc5f9c8cbd046a801f154ef8 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_mipsel.deb Size/MD5 checksum: 1084676 bb31572c9939fe22762ceef59550b25e http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_mipsel.deb Size/MD5 checksum: 77456 5884939dabb325cda97351bafdb62cfe powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_powerpc.deb Size/MD5 checksum: 162918 05df3db670b3f2a4dbb9d8a2d666eaca http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_powerpc.deb Size/MD5 checksum: 88204 4546a01b202669d3ffa97dca5b93bf03 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_powerpc.deb Size/MD5 checksum: 1576028 67c38bd81585274c0844efeedca40153 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_powerpc.deb Size/MD5 checksum: 51894 321b1c0c9d59643294a87b00f81f7895 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_powerpc.deb Size/MD5 checksum: 41310 45f55f0797900433a145028d63f6a6ef http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_powerpc.deb Size/MD5 checksum: 90004 61698739b3b436e6d1651dc388a89575 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_powerpc.deb Size/MD5 checksum: 1142660 10680b3b7efdeb10e9d834e869944206 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_powerpc.deb Size/MD5 checksum: 136880 e5c2d81190a9233eb291b519c3b83de6 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_s390.deb Size/MD5 checksum: 166424 a2a07e7c586a10000b519c6f6c2ec4e2 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_s390.deb Size/MD5 checksum: 1586828 1e581be3892b978e7284de896c3121de http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_s390.deb Size/MD5 checksum: 87588 b3d0d3e7dbb84414f606b4670c6e2692 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_s390.deb Size/MD5 checksum: 1036620 bd1b35bd24260dfb340e0a3173a811a2 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_s390.deb Size/MD5 checksum: 37430 622787f6d8b910f3657f98e0f5bf97bc http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_s390.deb Size/MD5 checksum: 82342 40a55f0afa5b2fa03285fd4d4cd8666c http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_s390.deb Size/MD5 checksum: 52468 470a81c78c7ececae0569e75bfab9ca7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_s390.deb Size/MD5 checksum: 144932 9ab43b87566469af9e4a79c9c1fae493 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_sparc.deb Size/MD5 checksum: 139570 5f5faa6504275ed43f4a55787519fdfe http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_sparc.deb Size/MD5 checksum: 78516 7066d103f739cd570fd141aa4fa780f6 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_sparc.deb Size/MD5 checksum: 36032 c4e4289091dc19e5fbf7a6937ffb36f7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_sparc.deb Size/MD5 checksum: 158816 f33bda24ec7774227b3bdb3dddcf1c46 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_sparc.deb Size/MD5 checksum: 51754 47ce5271662e6b980e34badfc9689009 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_sparc.deb Size/MD5 checksum: 84956 96aa28ac50548723754274f30db15379 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_sparc.deb Size/MD5 checksum: 991408 13a41c49f94085ca6a7f74a030506d3c http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_sparc.deb Size/MD5 checksum: 1562092 2bfd90bca7dbac40df73303f8e1e4b6f These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSJK+8mz0hbPcukPfAQL+2ggArkU0cevHFbynnNIAPflbwBMYNLW4GvDB IDgHshZ4efGYsnfrEl57h/8GoteXN2c3LWNaI2enBtIRfgpyavHRYqX+Vl+7JjJr +8SxXjqxTnJ+6b7iFQVD5UQlrw77vTVBLA4qVdn/+dMKVKZPKTaozjBzxm3cjzrQ owqSLI+l8MJrsY4Et7ajEUJWOJ0meXY2xIgE32hat5prH7vGJUKab5gxwl96oIyi LPaGSpANk4GJCMAV5YtSpY4zxr3WGrJOQVLrqYmdN0/jrLVuGoNyoy2jy/1k+yT7 QIqV4J748E+ftsMvX/4QxPigIpSqQxVXgXZS52YN/OxJLzUBapskpg== =SW1E -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/ ---------------------------------------------------------------------- TITLE: CUPS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA32226 VERIFY ADVISORY: http://secunia.com/advisories/32226/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From local network REVISION: 1.1 originally posted 2008-10-10 SOFTWARE: CUPS 1.x http://secunia.com/advisories/product/921/ DESCRIPTION: Some vulnerabilities have been reported in CUPS, which potentially can be exploited by malicious people to compromise a vulnerable system. 1) Two boundary errors exist in the implementation of the HP-GL/2 filter. These can be exploited to cause buffer overflows via HP-GL/2 files containing overly large pen numbers. 2) A boundary error exists within the "read_rle16()" function when processing SGI (Silicon Graphics Image) files. This can be exploited to cause a heap-based buffer overflow via a specially crafted SGI file. 3) An integer overflow error exists within the "WriteProlog()" function included in the "texttops" utility. This can be exploited to cause a heap-based buffer overflow via a specially crafted file. The vulnerabilities are reported in versions prior to 1.3.9. SOLUTION: Update to version 1.3.9. PROVIDED AND/OR DISCOVERED BY: 1) regenrecht, reported via ZDI 2, 3) regenrecht, reported via iDefense CHANGELOG: 2008-10-10: Updated CVE reference list. ORIGINAL ADVISORY: CUPS: http://www.cups.org/relnotes.php#010123 http://www.cups.org/str.php?L2911 http://www.cups.org/str.php?L2918 http://www.cups.org/str.php?L2919 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-08-067/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: CUPS: Multiple vulnerabilities Date: April 01, 2008 Bugs: #211449, #212364, #214068 ID: 200804-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in CUPS, allowing for the remote execution of arbitrary code and a Denial of Service. Background ========== CUPS provides a portable printing layer for UNIX-based operating systems. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-print/cups < 1.2.12-r7 >= 1.2.12-r7 Description =========== Multiple vulnerabilities have been reported in CUPS: * regenrecht (VeriSign iDefense) discovered that the cgiCompileSearch() function used in several CGI scripts in CUPS' administration interface does not correctly calculate boundaries when processing a user-provided regular expression, leading to a heap-based buffer overflow (CVE-2008-0047). * Tomas Hoger (Red Hat) reported that the gif_read_lzw() function uses the code_size value from GIF images without properly checking it, leading to a buffer overflow (CVE-2008-1373). Workaround ========== There is no known workaround at this time. Resolution ========== All CUPS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.2.12-r7" References ========== [ 1 ] CVE-2008-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0047 [ 2 ] CVE-2008-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0053 [ 3 ] CVE-2008-0882 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0882 [ 4 ] CVE-2008-1373 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1373 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names. Successfully exploiting this issue will allow attackers to perform unauthorized connections to the AFP Server. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including AFP Client, AFP Server, AppKit, Application Firewall, CoreFoundation, CoreServices, CUPS, Foundation, Help Viewer, Image Raw, libc, mDNSResponder, notifyd, pax archive utility, Podcast Producer, Preview, Printing, System Configuration, UDF, and Wiki Server. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. These issues affect Apple Mac OS X 10.4.11, 10.4.11 Server, 10.5.2, 10.5.2 Server and earlier. NOTE: This BID is being retired. 28323 Apple Mac OS X AFP Server Cross-Realm Authentication Bypass Vulnerability CVE-2008-0994 28388 Apple Mac OS X AppKit NSDocument API's Stack Based Buffer Overflow Vulnerability CVE-2008-0048 28340 Apple Mac OS X AppKit Bootstrap Namespace Local Privilege Escalation Vulnerability CVE-2008-0049 28358 Apple Mac OS X AppKit Legacy Serialization Kit Multiple Integer Overflow Vulnerabilities CVE-2008-0057 28364 Apple Mac OS X AppKit PPD File Stack Buffer Overflow Vulnerability CVE-2008-0997 28368 Apple Mac OS X Application Firewall German Translation Insecure Configuration Weakness CVE-2008-0046 28375 Apple Mac OS X CoreFoundation Time Zone Data Local Privilege Escalation Vulnerability CVE-2008-0051 28384 Apple Mac OS X CoreServices '.ief' Files Security Policy Violation Weakness CVE-2008-0052 28334 CUPS Multiple Unspecified Input Validation Vulnerabilities 28341 Apple Mac OS X Foundation 'NSSelectorFromString' Input Validation Vulnerability 28343 Apple Mac OS X Foundation NSFileManager Insecure Directory Local Privilege Escalation Vulnerability 28357 Apple Mac OS X Foundation 'NSFileManager' Stack-Based Buffer Overflow Vulnerability 28359 Apple Mac OS X Foundation 'NSURLConnection' Cache Management Race Condition Security Vulnerability 28363 Apple Mac OS X Image RAW Stack-Based Buffer Overflow Vulnerability 28367 Apple Mac OS X Foundation 'NSXML' XML File Processing Race Condition Security Vulnerability 28371 Apple Mac OS X Help Viewer Remote Applescript Code Execution Vulnerability 28374 Apple Mac OS X libc 'strnstr(3)' Off-By-One Denial of Service Vulnerability 28387 Apple Mac OS X Printing To PDF Insecure Encryption Weakness 28386 Apple Mac OS X Preview PDF Insecure Encryption Weakness 28389 Apple Mac OS X Universal Disc Format Remote Denial of Service Vulnerability 28385 Apple Mac OS X NetCfgTool Local Privilege Escalation Vulnerability 28365 Apple Mac OS X pax Archive Utility Remote Code Execution Vulnerability 28344 Apple Mac OS X Authenticated Print Queue Information Disclosure Vulnerability 28345 Apple Mac OS X 'notifyd' Local Denial of Service Vulnerability 28372 Apple Mac OS X Podcast Producer Podcast Capture Information Disclosure Vulnerability 28339 Apple Mac OS X mDNSResponderHelper Local Format String Vulnerability. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. 1) Multiple boundary errors in AFP client when processing "afp://" URLs can be exploited to cause stack-based buffer overflows when a user connects to a malicious AFP server. Successful exploitation may allow execution of arbitrary code. 3) Multiple vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. For more information: SA18008 SA21197 SA26636 SA27906 SA28046 4) A boundary error within the handling of file names in the NSDocument API in AppKit can be exploited to cause a stack-based buffer overflow. 6) Multiple integer overflow errors exist in the parser for a legacy serialization format. This can be exploited to cause a heap-based buffer overflow when a specially crafted serialized property list is parsed. Successful exploitation may allow execution of arbitrary code. 7) An error in CFNetwork can be exploited to spoof secure websites via 502 Bad Gateway errors from a malicious HTTPS proxy server. 8) Multiple vulnerabilities in ClamAV can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. For more information: SA23347 SA24187 SA24891 SA26038 SA26530 SA28117 SA28907 9) An integer overflow error exists in CoreFoundation when handling time zone data. 10) The problem is that files with names ending in ".ief" can be automatically opened in AppleWorks if "Open 'Safe' files" is enabled in Safari. For more information: SA29431 12) Multiple input validation errors exist in CUPS, which can be exploited to execute arbitrary code with system privileges. 13) A boundary error in curl can be exploited to compromise a user's system. For more information: SA17907 14) A vulnerability in emacs can be exploited by malicious people to compromise a user's system. For more information: SA27508 15) A vulnerability in "file" can be exploited by malicious people to compromise a vulnerable system. For more information: SA24548 16) An input validation error exists in the NSSelectorFromString API, which can potentially be exploited to execute arbitrary code via a malformed selector name. 17) A race condition error in NSFileManager can potentially be exploited to gain escalated privileges. 18) A boundary error in NSFileManager can potentially be exploited to cause a stack-based buffer overflow via an overly long pathname with a specially crafted structure. 19) A race condition error exists in the cache management of NSURLConnection. This can be exploited to cause a DoS or execute arbitrary code in applications using the library (e.g. Safari). 20) A race condition error exists in NSXML. This can be exploited to execute arbitrary code by enticing a user to process an XML file in an application which uses NSXML. 21) An error in Help Viewer can be exploited to insert arbitrary HTML or JavaScript into the generated topic list page via a specially crafted "help:topic_list" URL and may redirect to a Help Viewer "help:runscript" link that runs Applescript. 22) A boundary error exists in Image Raw within the handling of Adobe Digital Negative (DNG) image files. This can be exploited to cause a stack-based buffer overflow by enticing a user to open a maliciously crafted image file. 23) Multiple vulnerabilities in Kerberos can be exploited to cause a DoS or to compromise a vulnerable system. For more information: SA29428 24) An off-by-one error the "strnstr()" in libc can be exploited to cause a DoS. 25) A format string error exists in mDNSResponderHelper, which can be exploited by a malicious, local user to cause a DoS or execute arbitrary code with privileges of mDNSResponderHelper by setting the local hostname to a specially crafted string. 26) An error in notifyd can be exploited by a malicious, local user to deny access to notifications by sending fake Mach port death notifications to notifyd. 27) An array indexing error in the pax command line tool can be exploited to execute arbitrary code. 28) Multiple vulnerabilities in php can be exploited to bypass certain security restrictions. For more information: SA27648 SA28318 29) A security issue is caused due to the Podcast Capture application providing passwords to a subtask through the arguments. 30) Printing and Preview handle PDF files with weak encryption. 31) An error in Printing in the handling of authenticated print queues can lead to credentials being saved to disk. 33) A null-pointer dereference error exists in the handling of Universal Disc Format (UDF) file systems, which can be exploited to cause a system shutdown by enticing a user to open a maliciously crafted disk image. 35) Some vulnerabilities in X11 can be exploited by malicious, local users to gain escalated privileges. For more information: SA27040 SA28532 36) Some vulnerabilities in libpng can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA22900 SA25292 SA27093 SA27130 SOLUTION: Apply Security Update 2008-002. Security Update 2008-002 v1.0 (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10ppc.html Security Update 2008-002 v1.0 (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10universal.html Security Update 2008-002 v1.0 (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10leopard.html Security Update 2008-002 v1.0 Server (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10serverleopard.html Security Update 2008-002 v1.0 Server (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10serverppc.html Security Update 2008-002 v1.0 Server (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10serveruniversal.html PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Ragnar Sundblad of KTH - Royal Institute of Technology, Stockholm 11) regenrecht via iDefense 19) Daniel Jalkut, Red Sweater Software 22) Brian Mastenbrook 24) Mike Ash, Rogue Amoeba Software 29) Maximilian Reiss, Chair for Applied Software Engineering, TUM 33) Paul Wagland of Redwood Software, and Wayne Linder of Iomega 34) Rodrigo Carvalho CORE Security Technologies ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307562 CORE-2008-0123: http://www.coresecurity.com/?action=item&id=2189 OTHER REFERENCES: SA17907: http://secunia.com/advisories/17907/ SA18008: http://secunia.com/advisories/18008/ SA21187: http://secunia.com/advisories/21197/ SA22900: http://secunia.com/advisories/22900/ SA23347: http://secunia.com/advisories/23347/ SA24187: http://secunia.com/advisories/24187/ SA24548: http://secunia.com/advisories/24548/ SA24891: http://secunia.com/advisories/24891/ SA25292: http://secunia.com/advisories/25292/ SA26038: http://secunia.com/advisories/26038/ SA26530: http://secunia.com/advisories/26530/ SA26636: http://secunia.com/advisories/26636/ SA27040: http://secunia.com/advisories/27040/ SA27093: http://secunia.com/advisories/27093/ SA27130: http://secunia.com/advisories/27130/ SA27648: http://secunia.com/advisories/27648/ SA27508: http://secunia.com/advisories/27508/ SA27906: http://secunia.com/advisories/27906/ SA28046: http://secunia.com/advisories/28046/ SA28117: http://secunia.com/advisories/28117/ SAS28318: http://secunia.com/advisories/28318/ SA28532: http://secunia.com/advisories/28532/ SA28907: http://secunia.com/advisories/28907/ SA29428: http://secunia.com/advisories/29428/ SA29431: http://secunia.com/advisories/29431/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL. This will facilitate the remote compromise of affected computers. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including AFP Client, AFP Server, AppKit, Application Firewall, CoreFoundation, CoreServices, CUPS, Foundation, Help Viewer, Image Raw, libc, mDNSResponder, notifyd, pax archive utility, Podcast Producer, Preview, Printing, System Configuration, UDF, and Wiki Server. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. These issues affect Apple Mac OS X 10.4.11, 10.4.11 Server, 10.5.2, 10.5.2 Server and earlier. NOTE: This BID is being retired. 28323 Apple Mac OS X AFP Server Cross-Realm Authentication Bypass Vulnerability CVE-2008-0994 28388 Apple Mac OS X AppKit NSDocument API's Stack Based Buffer Overflow Vulnerability CVE-2008-0048 28340 Apple Mac OS X AppKit Bootstrap Namespace Local Privilege Escalation Vulnerability CVE-2008-0049 28358 Apple Mac OS X AppKit Legacy Serialization Kit Multiple Integer Overflow Vulnerabilities CVE-2008-0057 28364 Apple Mac OS X AppKit PPD File Stack Buffer Overflow Vulnerability CVE-2008-0997 28368 Apple Mac OS X Application Firewall German Translation Insecure Configuration Weakness CVE-2008-0046 28375 Apple Mac OS X CoreFoundation Time Zone Data Local Privilege Escalation Vulnerability CVE-2008-0051 28384 Apple Mac OS X CoreServices '.ief' Files Security Policy Violation Weakness CVE-2008-0052 28334 CUPS Multiple Unspecified Input Validation Vulnerabilities 28341 Apple Mac OS X Foundation 'NSSelectorFromString' Input Validation Vulnerability 28343 Apple Mac OS X Foundation NSFileManager Insecure Directory Local Privilege Escalation Vulnerability 28357 Apple Mac OS X Foundation 'NSFileManager' Stack-Based Buffer Overflow Vulnerability 28359 Apple Mac OS X Foundation 'NSURLConnection' Cache Management Race Condition Security Vulnerability 28363 Apple Mac OS X Image RAW Stack-Based Buffer Overflow Vulnerability 28367 Apple Mac OS X Foundation 'NSXML' XML File Processing Race Condition Security Vulnerability 28371 Apple Mac OS X Help Viewer Remote Applescript Code Execution Vulnerability 28374 Apple Mac OS X libc 'strnstr(3)' Off-By-One Denial of Service Vulnerability 28387 Apple Mac OS X Printing To PDF Insecure Encryption Weakness 28386 Apple Mac OS X Preview PDF Insecure Encryption Weakness 28389 Apple Mac OS X Universal Disc Format Remote Denial of Service Vulnerability 28385 Apple Mac OS X NetCfgTool Local Privilege Escalation Vulnerability 28365 Apple Mac OS X pax Archive Utility Remote Code Execution Vulnerability 28344 Apple Mac OS X Authenticated Print Queue Information Disclosure Vulnerability 28345 Apple Mac OS X 'notifyd' Local Denial of Service Vulnerability 28372 Apple Mac OS X Podcast Producer Podcast Capture Information Disclosure Vulnerability 28339 Apple Mac OS X mDNSResponderHelper Local Format String Vulnerability. There is a stack overflow vulnerability when the AFP client processes the afp:// URL. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Successful exploitation may allow execution of arbitrary code. 2) An error exists in AFP Server when checking Kerberos principal realm names. This can be exploited to make unauthorized connections to the server when cross-realm authentication with AFP Server is used. 3) Multiple vulnerabilities in Apache can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. For more information: SA18008 SA21197 SA26636 SA27906 SA28046 4) A boundary error within the handling of file names in the NSDocument API in AppKit can be exploited to cause a stack-based buffer overflow. 6) Multiple integer overflow errors exist in the parser for a legacy serialization format. This can be exploited to cause a heap-based buffer overflow when a specially crafted serialized property list is parsed. Successful exploitation may allow execution of arbitrary code. 7) An error in CFNetwork can be exploited to spoof secure websites via 502 Bad Gateway errors from a malicious HTTPS proxy server. 8) Multiple vulnerabilities in ClamAV can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. For more information: SA23347 SA24187 SA24891 SA26038 SA26530 SA28117 SA28907 9) An integer overflow error exists in CoreFoundation when handling time zone data. 10) The problem is that files with names ending in ".ief" can be automatically opened in AppleWorks if "Open 'Safe' files" is enabled in Safari. 13) A boundary error in curl can be exploited to compromise a user's system. For more information: SA17907 14) A vulnerability in emacs can be exploited by malicious people to compromise a user's system. For more information: SA27508 15) A vulnerability in "file" can be exploited by malicious people to compromise a vulnerable system. For more information: SA24548 16) An input validation error exists in the NSSelectorFromString API, which can potentially be exploited to execute arbitrary code via a malformed selector name. 17) A race condition error in NSFileManager can potentially be exploited to gain escalated privileges. 18) A boundary error in NSFileManager can potentially be exploited to cause a stack-based buffer overflow via an overly long pathname with a specially crafted structure. 19) A race condition error exists in the cache management of NSURLConnection. This can be exploited to cause a DoS or execute arbitrary code in applications using the library (e.g. Safari). 20) A race condition error exists in NSXML. 21) An error in Help Viewer can be exploited to insert arbitrary HTML or JavaScript into the generated topic list page via a specially crafted "help:topic_list" URL and may redirect to a Help Viewer "help:runscript" link that runs Applescript. 22) A boundary error exists in Image Raw within the handling of Adobe Digital Negative (DNG) image files. This can be exploited to cause a stack-based buffer overflow by enticing a user to open a maliciously crafted image file. 23) Multiple vulnerabilities in Kerberos can be exploited to cause a DoS or to compromise a vulnerable system. For more information: SA29428 24) An off-by-one error the "strnstr()" in libc can be exploited to cause a DoS. 25) A format string error exists in mDNSResponderHelper, which can be exploited by a malicious, local user to cause a DoS or execute arbitrary code with privileges of mDNSResponderHelper by setting the local hostname to a specially crafted string. 26) An error in notifyd can be exploited by a malicious, local user to deny access to notifications by sending fake Mach port death notifications to notifyd. 27) An array indexing error in the pax command line tool can be exploited to execute arbitrary code. 28) Multiple vulnerabilities in php can be exploited to bypass certain security restrictions. For more information: SA27648 SA28318 29) A security issue is caused due to the Podcast Capture application providing passwords to a subtask through the arguments. 30) Printing and Preview handle PDF files with weak encryption. 31) An error in Printing in the handling of authenticated print queues can lead to credentials being saved to disk. 33) A null-pointer dereference error exists in the handling of Universal Disc Format (UDF) file systems, which can be exploited to cause a system shutdown by enticing a user to open a maliciously crafted disk image. 35) Some vulnerabilities in X11 can be exploited by malicious, local users to gain escalated privileges. For more information: SA27040 SA28532 36) Some vulnerabilities in libpng can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA22900 SA25292 SA27093 SA27130 SOLUTION: Apply Security Update 2008-002. Security Update 2008-002 v1.0 (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10ppc.html Security Update 2008-002 v1.0 (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10universal.html Security Update 2008-002 v1.0 (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10leopard.html Security Update 2008-002 v1.0 Server (Leopard): http://www.apple.com/support/downloads/securityupdate2008002v10serverleopard.html Security Update 2008-002 v1.0 Server (PPC): http://www.apple.com/support/downloads/securityupdate2008002v10serverppc.html Security Update 2008-002 v1.0 Server (Universal): http://www.apple.com/support/downloads/securityupdate2008002v10serveruniversal.html PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Ragnar Sundblad of KTH - Royal Institute of Technology, Stockholm 11) regenrecht via iDefense 19) Daniel Jalkut, Red Sweater Software 22) Brian Mastenbrook 24) Mike Ash, Rogue Amoeba Software 29) Maximilian Reiss, Chair for Applied Software Engineering, TUM 33) Paul Wagland of Redwood Software, and Wayne Linder of Iomega 34) Rodrigo Carvalho CORE Security Technologies ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307562 CORE-2008-0123: http://www.coresecurity.com/?action=item&id=2189 OTHER REFERENCES: SA17907: http://secunia.com/advisories/17907/ SA18008: http://secunia.com/advisories/18008/ SA21187: http://secunia.com/advisories/21197/ SA22900: http://secunia.com/advisories/22900/ SA23347: http://secunia.com/advisories/23347/ SA24187: http://secunia.com/advisories/24187/ SA24548: http://secunia.com/advisories/24548/ SA24891: http://secunia.com/advisories/24891/ SA25292: http://secunia.com/advisories/25292/ SA26038: http://secunia.com/advisories/26038/ SA26530: http://secunia.com/advisories/26530/ SA26636: http://secunia.com/advisories/26636/ SA27040: http://secunia.com/advisories/27040/ SA27093: http://secunia.com/advisories/27093/ SA27130: http://secunia.com/advisories/27130/ SA27648: http://secunia.com/advisories/27648/ SA27508: http://secunia.com/advisories/27508/ SA27906: http://secunia.com/advisories/27906/ SA28046: http://secunia.com/advisories/28046/ SA28117: http://secunia.com/advisories/28117/ SAS28318: http://secunia.com/advisories/28318/ SA28532: http://secunia.com/advisories/28532/ SA28907: http://secunia.com/advisories/28907/ SA29428: http://secunia.com/advisories/29428/ SA29431: http://secunia.com/advisories/29431/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values.". Vulnerabilities in the MIT Kerberos libgssrpc library may allow an attacker to cause a denial of service or potentially execute arbitrary code. MIT Kerberos 5 KDC is prone to multiple information-disclosure vulnerabilities resulting from memory corruption. These issues occur when KDC is configured to support Kerberos 4 and processes malformed krb4 messages. An attacker can exploit these issues to obtain potentially sensitive information that will aid in further attacks. Failed exploit attempts will likely result in denial-of-service conditions. MIT Kerberos 5 version 1.6.3 KDC is vulnerable; other versions may also be affected. Kerberos is a set of network authentication protocols developed by the Massachusetts Institute of Technology (MIT). It adopts a client/server structure, and both the client and the server can authenticate each other (that is, double verification), which can prevent eavesdropping and replay attack, etc. ), which can prevent eavesdropping, prevent replay attacks, etc. If a Kerberos 4 message is truncated, the missing part of the message is replaced with what was previously on the stack, and some parts of the principal name are read from the string in the message. These strings are limited to 40 bytes or the next ASCII NUL found in the buffer. If the KDC returns an error message indicating that the master name was not found in the database, it will include the master name in the error message, which may contain previous stack contents. =========================================================== Ubuntu Security Notice USN-587-1 March 19, 2008 krb5 vulnerabilities CVE-2008-0062, CVE-2008-0063, CVE-2008-0947 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libkadm55 1.4.3-5ubuntu0.7 libkrb53 1.4.3-5ubuntu0.7 Ubuntu 6.10: libkadm55 1.4.3-9ubuntu1.6 libkrb53 1.4.3-9ubuntu1.6 Ubuntu 7.04: libkadm55 1.4.4-5ubuntu3.4 libkrb53 1.4.4-5ubuntu3.4 Ubuntu 7.10: libkadm55 1.6.dfsg.1-7ubuntu0.1 libkrb53 1.6.dfsg.1-7ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that krb5 did not correctly handle certain krb4 requests. (CVE-2008-0947) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-5ubuntu0.7.diff.gz Size/MD5: 1460317 0090e30287f3448ed9babac78c39d5ca http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-5ubuntu0.7.dsc Size/MD5: 848 237125b6b35a1a059e5573d10fd7c18e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3.orig.tar.gz Size/MD5: 7279788 43fe621ecb849a83ee014dfb856c54af Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.3-5ubuntu0.7_all.deb Size/MD5: 853222 dfd657a08b13ce0f3916e49ab8e3ce28 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.7_amd64.deb Size/MD5: 190904 e9e05267f551177f3c7cae46fdda9565 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.7_amd64.deb Size/MD5: 768706 79270ab27ac164fc4c76822e1dc0be2c http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.7_amd64.deb Size/MD5: 425714 d8467d288bf46cdfa35ba74e6aa0ff02 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.7_amd64.deb Size/MD5: 80378 b2d795bc82f8f962ceff0afdd11060da http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.7_amd64.deb Size/MD5: 223230 73161771034af58dc6d0cd0c4be72fa8 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.7_amd64.deb Size/MD5: 60376 f0712ab86caf1d9d9e52ff3750afeddd http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.7_amd64.deb Size/MD5: 135158 34b51b738a69c2aeb9df20e0af93e9bc http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.7_amd64.deb Size/MD5: 85274 265b8ad9968001e5c984743650d635ac http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.7_amd64.deb Size/MD5: 67600 bd5c7020310f1bd70f8dc98864c2961c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.7_amd64.deb Size/MD5: 129906 0f0383de4d51d8581a260021c3332f72 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.7_i386.deb Size/MD5: 165730 8128a78d17cd98c4ccfa086b390af167 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.7_i386.deb Size/MD5: 647222 96672590753337d39b1aadc24dac0531 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.7_i386.deb Size/MD5: 381120 af9c45400c55b68778f3b769c238548d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.7_i386.deb Size/MD5: 72298 754b91046e7e47bb0f2aa58cd2ca3797 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.7_i386.deb Size/MD5: 187240 d7e5a8b1a077776309282bc328aab885 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.7_i386.deb Size/MD5: 54326 1137dd0e4209cf7edb38ff327feb342d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.7_i386.deb Size/MD5: 121564 9e36fe3a9567176b2e224a45e55017a0 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.7_i386.deb Size/MD5: 75920 cd8854a9ae911eaa1c82eaa945b3d175 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.7_i386.deb Size/MD5: 58720 eaf05e05f40183c066e294bec431bc61 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.7_i386.deb Size/MD5: 119078 67a73b248bf33afee23ffb885f5d2e18 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.7_powerpc.deb Size/MD5: 177716 b834ad9d37a2e3dfa44d086c6dcbfbc9 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.7_powerpc.deb Size/MD5: 752002 22dd063609b942c4996c56a3f74b266c http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.7_powerpc.deb Size/MD5: 395914 b4fde9f81a08aa112f48b38f1d7faf9c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.7_powerpc.deb Size/MD5: 80530 7e55073ee6b67ba12f0ed48d0137e73c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.7_powerpc.deb Size/MD5: 220582 482d21e5007a1876bf6af64e434b4942 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.7_powerpc.deb Size/MD5: 59574 4f47514f7992a292c162f40f8a174ee6 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.7_powerpc.deb Size/MD5: 135962 0e23ea255a84c3a580e0d7e6b0da9546 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.7_powerpc.deb Size/MD5: 85120 e07cf29268ba053833122cca9ed79d8d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.7_powerpc.deb Size/MD5: 65990 3c4f25017e0760f4dd10404e604087a8 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.7_powerpc.deb Size/MD5: 134952 7096226ce8ce15dd20c6ed933888d56e sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.7_sparc.deb Size/MD5: 165278 5c8580725c8a200f24173d38dfce388e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.7_sparc.deb Size/MD5: 678538 4002d8655a43f5784d5e9c95bc5b4f76 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.7_sparc.deb Size/MD5: 368726 5ee45e24f0ac54d79a55c20674b2887f http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.7_sparc.deb Size/MD5: 73042 672530bb7218c04a67e23d1053757050 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.7_sparc.deb Size/MD5: 197404 ea257178102f6b7732ef12538ead3e24 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.7_sparc.deb Size/MD5: 56304 855c59021874c714bd4e2605de10d5a6 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.7_sparc.deb Size/MD5: 124374 7d8f7f84b2c1648b63129ba342389d75 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.7_sparc.deb Size/MD5: 76922 142ed0e2c119d596c5437ac8f9042064 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.7_sparc.deb Size/MD5: 62350 db681a03624a21a34425fea9f6fa9ade http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.7_sparc.deb Size/MD5: 120620 ebe2ddf8dc131cf6e3322e1cb125f2f3 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-9ubuntu1.6.diff.gz Size/MD5: 1481707 dc6dd5cd6d4a125e2fa70b9ebc3f8b12 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-9ubuntu1.6.dsc Size/MD5: 883 8fdcf0af1cc631c882a44ae0214e0b6f http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3.orig.tar.gz Size/MD5: 7279788 43fe621ecb849a83ee014dfb856c54af Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.3-9ubuntu1.6_all.deb Size/MD5: 853934 f3a7a044bedb974b32a46708774ec894 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.6_amd64.deb Size/MD5: 190826 7772b734a889ea97cf052de39072cead http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.6_amd64.deb Size/MD5: 1073390 bedf0987fe159bc38c30663ad966d0ac http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.6_amd64.deb Size/MD5: 772708 5cc8e489a0f6fcca17c3e0d8b9588879 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.6_amd64.deb Size/MD5: 428050 11b4c2211b18453bd2a662a297569f49 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.6_amd64.deb Size/MD5: 81790 06f349106755cc19cfb3f29fcc7228f8 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.6_amd64.deb Size/MD5: 224408 59491e595a544a84463a6deec8305f66 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.6_amd64.deb Size/MD5: 61620 f58dcb4c09e4c96f3db5bfc8172fdffa http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.6_amd64.deb Size/MD5: 139116 31943a9766f657fd47ac1aded48d49d6 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.6_amd64.deb Size/MD5: 87426 1033408d2692b38926947f8ae85e1515 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.6_amd64.deb Size/MD5: 68116 291db335b868748c933a7c67e6add6a7 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.6_amd64.deb Size/MD5: 130628 a2cb3cd3ee9ede8c3c10e695fd8148af i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.6_i386.deb Size/MD5: 173062 e15aa9368fc4e4ef4562a23cc1780484 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.6_i386.deb Size/MD5: 1024998 798f81a00c59842cbc2c8ea8cd4b9a5e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.6_i386.deb Size/MD5: 673152 671e72c1eb7645dfda924c77949610dd http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.6_i386.deb Size/MD5: 404172 445f952e23f810f6de10773a01fd68ae http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.6_i386.deb Size/MD5: 75380 0b3cd4b087f56ebdd527d61194cf7fc0 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.6_i386.deb Size/MD5: 196506 bff3435e0da9aecff7a26d73e712937f http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.6_i386.deb Size/MD5: 57136 3fafa3cd2cd2792e740c4d6976a881de http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.6_i386.deb Size/MD5: 129352 7e190df154981717bf711697c5042cd4 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.6_i386.deb Size/MD5: 80102 94a76cc7807e9d6598b4a452a7fbb738 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.6_i386.deb Size/MD5: 61928 b7fdd344e683ce45be88f8fa43290175 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.6_i386.deb Size/MD5: 122208 eb1ec6653d6d790e23dbcc14cd98f5f7 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.6_powerpc.deb Size/MD5: 180126 f8e5d077ee06234bbb9881beb9d49f36 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.6_powerpc.deb Size/MD5: 1076974 4752e5e87fdcd67fcb0f1ee2c35ddf80 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.6_powerpc.deb Size/MD5: 758400 73ed6c35fbdcf1866a65a6198df8ca82 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.6_powerpc.deb Size/MD5: 399112 1fdd3a0a2a45bd410a1f4e72713a0e1e http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.6_powerpc.deb Size/MD5: 82420 446cda40d1590c088e2fc83118a58e13 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.6_powerpc.deb Size/MD5: 223182 8e6f5f3062fe3cfb113db73bc8a1a89e http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.6_powerpc.deb Size/MD5: 61826 b4ad931a1a1d48b668a972893502cd67 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.6_powerpc.deb Size/MD5: 141210 8892626a667e0010a0cba8fe19df958f http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.6_powerpc.deb Size/MD5: 87318 c7306114bbb195c221962abc469a1d42 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.6_powerpc.deb Size/MD5: 67222 b99ea3def960bdc849376c508e263f0d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.6_powerpc.deb Size/MD5: 136888 1c651e27011fa9c25ea87960b40ffe1b sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-9ubuntu1.6_sparc.deb Size/MD5: 167176 0f2f57754f3e012257a6fef890a23767 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.3-9ubuntu1.6_sparc.deb Size/MD5: 957816 2ef6010c70801e7b0dd5e633a08e3fac http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-9ubuntu1.6_sparc.deb Size/MD5: 685238 a68016ffc9abcd0eab3f7f1ae323e83e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-9ubuntu1.6_sparc.deb Size/MD5: 374074 d5ff62adb392f5be8b29c2e1056f6f92 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-9ubuntu1.6_sparc.deb Size/MD5: 75210 9611a07b489b518605a9550b27b3dd7c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-9ubuntu1.6_sparc.deb Size/MD5: 203684 89d989c5db437eba6e9e56fc9bf7dc93 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-9ubuntu1.6_sparc.deb Size/MD5: 58980 b9d7f11d5c491595c90006ae7c039935 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-9ubuntu1.6_sparc.deb Size/MD5: 129664 acf15ad70331066092154952cbd7754a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-9ubuntu1.6_sparc.deb Size/MD5: 80428 8409c34ee32612d48e8936618118bab7 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-9ubuntu1.6_sparc.deb Size/MD5: 63612 64b2987c2aee57159bc092c5fe37a25b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-9ubuntu1.6_sparc.deb Size/MD5: 122730 95db549e03f3bc30995d566f8ea7edac Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.4-5ubuntu3.4.diff.gz Size/MD5: 1589880 e20eef948656a29a255b557af6e7817b http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.4-5ubuntu3.4.dsc Size/MD5: 968 971223b33ae8631f013c20a3c8867805 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.4.orig.tar.gz Size/MD5: 11017910 a675e5953bb8a29b5c6eb6f4ab0bb32a Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.4-5ubuntu3.4_all.deb Size/MD5: 1806176 c34d13b6877a21c426a85719a6ecf6a0 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.4-5ubuntu3.4_amd64.deb Size/MD5: 194368 2b6345b614c38e353a3ec4abd2957e6d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.4-5ubuntu3.4_amd64.deb Size/MD5: 1076886 d4e2d9d77afd78df99d96a6541730527 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.4-5ubuntu3.4_amd64.deb Size/MD5: 772608 c3f93d5b94e84df6faac86b701f9836c http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.4-5ubuntu3.4_amd64.deb Size/MD5: 436580 f7e6430bf6f628592596b44e7341af30 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.4-5ubuntu3.4_amd64.deb Size/MD5: 83772 ad232225b5bbc88f1e0f5bd55916de24 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.4-5ubuntu3.4_amd64.deb Size/MD5: 226770 34e47342c392be9006254e15fc0258e3 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.4-5ubuntu3.4_amd64.deb Size/MD5: 62258 c71fecc4d7bd6e3191c08a19cbf07aa5 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.4-5ubuntu3.4_amd64.deb Size/MD5: 141840 33ec180078e9b8e1f80fca5f26c1d558 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.4-5ubuntu3.4_amd64.deb Size/MD5: 88380 64572d633f1a84999b2205bd6958206c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.4-5ubuntu3.4_amd64.deb Size/MD5: 68890 dcabc2bcaac75b7e226c9090a82207a0 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.4-5ubuntu3.4_amd64.deb Size/MD5: 132614 f129069e4dd68ccf7801c717603713ef i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.4-5ubuntu3.4_i386.deb Size/MD5: 176870 9e0e200bdff3119ef8488f9a5bf62e7c http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.4-5ubuntu3.4_i386.deb Size/MD5: 1031008 8a80209f195b2eb787236e0dcd8aaa23 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.4-5ubuntu3.4_i386.deb Size/MD5: 672020 7b5b4e1643b5802b2bbfab006d0e6d7a http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.4-5ubuntu3.4_i386.deb Size/MD5: 412036 213c308bef9eaa6762ab755da6e7442a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.4-5ubuntu3.4_i386.deb Size/MD5: 77328 295e5ed2c0c2366fc6b3d343607ae431 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.4-5ubuntu3.4_i386.deb Size/MD5: 199040 1b0a50f1bf8e421d9838acea254c6c26 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.4-5ubuntu3.4_i386.deb Size/MD5: 57780 96ae66401532d513b4333c3429f6e2eb http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.4-5ubuntu3.4_i386.deb Size/MD5: 131900 fc29493488e6311a94cfa5ec2c5ac7a8 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.4-5ubuntu3.4_i386.deb Size/MD5: 81008 0c2bd14ee6534cad097d5d80200cc94a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.4-5ubuntu3.4_i386.deb Size/MD5: 62650 8d1f1316f52fe066626f0fde07f8b990 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.4-5ubuntu3.4_i386.deb Size/MD5: 124088 de985ccf04486e2043c2324affbb18af powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.4-5ubuntu3.4_powerpc.deb Size/MD5: 194590 f63db5ccc5825220d5014b1d7eda0ebe http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.4-5ubuntu3.4_powerpc.deb Size/MD5: 1082008 3501eca4bc0d14b39fbc662ee20ab7cb http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.4-5ubuntu3.4_powerpc.deb Size/MD5: 757006 169816425e730c69266d39518fb718f8 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.4-5ubuntu3.4_powerpc.deb Size/MD5: 429982 24a79674c75e6f9731d34468ad86e27c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.4-5ubuntu3.4_powerpc.deb Size/MD5: 90254 936f19b572498c2de200fd3e323657de http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.4-5ubuntu3.4_powerpc.deb Size/MD5: 240274 eb844e20839937a3ccad330429ba1840 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.4-5ubuntu3.4_powerpc.deb Size/MD5: 65452 dffc482a088d83a0100e78e69f332bb8 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.4-5ubuntu3.4_powerpc.deb Size/MD5: 153794 308fc25b452cb374f7b45a472784761b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.4-5ubuntu3.4_powerpc.deb Size/MD5: 96692 9566a692d6f8a6d47e9f60e25d13927d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.4-5ubuntu3.4_powerpc.deb Size/MD5: 70680 4949b60728fc08134113f744738a293c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.4-5ubuntu3.4_powerpc.deb Size/MD5: 150262 dbf317c0added0c3faae6710b8026fc8 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.4-5ubuntu3.4_sparc.deb Size/MD5: 170940 967a1344994914065dc904da571a2aef http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.4.4-5ubuntu3.4_sparc.deb Size/MD5: 965784 bd503df54b8c9afcb4e5a6a375ce7fa8 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.4-5ubuntu3.4_sparc.deb Size/MD5: 683396 939cb2731116dc8718ea4ebc996b5c7e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.4-5ubuntu3.4_sparc.deb Size/MD5: 380910 5b46d8169ecc2409caad5dd4feacdc2b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.4-5ubuntu3.4_sparc.deb Size/MD5: 79084 e3da961bcea67ff2c217008d141075cf http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.4-5ubuntu3.4_sparc.deb Size/MD5: 210904 688aeb4162f4dcf86768ddd299cf6625 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.4-5ubuntu3.4_sparc.deb Size/MD5: 60996 e20fcf5e2b4bab548fe8e0836aff86eb http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.4-5ubuntu3.4_sparc.deb Size/MD5: 135846 55612458a19bd82331991bbb672f74e9 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.4-5ubuntu3.4_sparc.deb Size/MD5: 84546 f1fc527ed376549516113ae94ca7d0fb http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.4-5ubuntu3.4_sparc.deb Size/MD5: 65282 7726043628cc103faccb839be0def042 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.4-5ubuntu3.4_sparc.deb Size/MD5: 127130 edddba0066c5bab862847c750a231a51 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.1-7ubuntu0.1.diff.gz Size/MD5: 1674637 40fa0c4bdf307c7e5d9509be9870434e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.1-7ubuntu0.1.dsc Size/MD5: 1044 2c6766c8721cf2e3caa259cdb5badf10 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.1.orig.tar.gz Size/MD5: 14474321 8f8d6a494380f01a7a0a9236162afa52 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.6.dfsg.1-7ubuntu0.1_all.deb Size/MD5: 2076606 1c021446b5f479717a4998df0f87f205 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.1-7ubuntu0.1_amd64.deb Size/MD5: 165034 78f040deebe1683f8966347e9896fce8 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.1-7ubuntu0.1_amd64.deb Size/MD5: 1308970 04db0004a99e7e0d01b37d922f47df1e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.1-7ubuntu0.1_amd64.deb Size/MD5: 88606 6509d222135bfaa05ebf79db1f63c2a7 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.1-7ubuntu0.1_amd64.deb Size/MD5: 493016 54a329e5f8464d5f519ac225f4d5d778 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.1-7ubuntu0.1_amd64.deb Size/MD5: 87824 cac8d5d1297bb71c52a877cf0b85c393 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.1-7ubuntu0.1_amd64.deb Size/MD5: 228534 d6c15467cf49d74831ac0ea494eec6f9 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.1-7ubuntu0.1_amd64.deb Size/MD5: 65864 563aaa90bffe6ff07ff8db56cff826f8 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.1-7ubuntu0.1_amd64.deb Size/MD5: 185182 e1f4910f7b6fca6655696a0bb7169d7b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.1-7ubuntu0.1_amd64.deb Size/MD5: 91334 c1c20f704f98f19212cfa70ac9edf193 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.1-7ubuntu0.1_amd64.deb Size/MD5: 72950 de7748ddb5f7cd3f0744eb77770fa3e0 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.6.dfsg.1-7ubuntu0.1_amd64.deb Size/MD5: 137592 99c3b6d671ae7f0439f379d5b2688659 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.1-7ubuntu0.1_i386.deb Size/MD5: 148364 a3e27e81c7e81f627d05c708faae402d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.1-7ubuntu0.1_i386.deb Size/MD5: 1266912 2696e89ea8cf6e857e36ee740fb65ea0 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.1-7ubuntu0.1_i386.deb Size/MD5: 88624 9970f2076c76427dd0cbf217b6a6bba0 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.1-7ubuntu0.1_i386.deb Size/MD5: 462068 bd3623332d7737858d0fe5918ef8838d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.1-7ubuntu0.1_i386.deb Size/MD5: 81192 d4a4e0e7358f626abc0dbb81575071f6 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.1-7ubuntu0.1_i386.deb Size/MD5: 199624 5a24164123aaea818f2d40c41186fdf7 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.1-7ubuntu0.1_i386.deb Size/MD5: 61098 8cc21c42ff5dd534f7158c4c750a498e http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.1-7ubuntu0.1_i386.deb Size/MD5: 172178 319f2ba5ea41bb97a125049f17154ac4 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.1-7ubuntu0.1_i386.deb Size/MD5: 83634 049a305ea62a45ec23b65dbcd04e85fb http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.1-7ubuntu0.1_i386.deb Size/MD5: 66538 a0c51897ca2c55ee7ec2447465121f5e http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.6.dfsg.1-7ubuntu0.1_i386.deb Size/MD5: 128624 df48b843cf7ab20fc4696d36bba2fe6e powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.1-7ubuntu0.1_powerpc.deb Size/MD5: 162676 0c11613a3d49190eb92074c27833f4c6 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.1-7ubuntu0.1_powerpc.deb Size/MD5: 1320150 c2a537a9acf0ebf7b08764506136d37e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.1-7ubuntu0.1_powerpc.deb Size/MD5: 88634 eedc4522ba18dfed6fd2483cf8dd0379 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.1-7ubuntu0.1_powerpc.deb Size/MD5: 482868 4d015493346726e61cd0cf9525e2b1e5 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.1-7ubuntu0.1_powerpc.deb Size/MD5: 94492 50526cbb8952316a7b9195edcf148fd3 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.1-7ubuntu0.1_powerpc.deb Size/MD5: 241802 99608692096cfa0e88372013a1b41517 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.1-7ubuntu0.1_powerpc.deb Size/MD5: 68960 fc1d60376ba03106488b098f4b5ea624 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.1-7ubuntu0.1_powerpc.deb Size/MD5: 198522 24b5f7bb74e3d978888dd1cdd065f881 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.1-7ubuntu0.1_powerpc.deb Size/MD5: 99412 ca441f559a1e11b55c3ef52c54ede8ca http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.1-7ubuntu0.1_powerpc.deb Size/MD5: 74666 0657bf76d80f969330c5391d65291baa http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.6.dfsg.1-7ubuntu0.1_powerpc.deb Size/MD5: 155750 967a3ce3bc4fe5383a2a4f6a54ac686a sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.1-7ubuntu0.1_sparc.deb Size/MD5: 145672 b78635a0dbdb4d4d76c7e6d7ee4cb2fa http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.1-7ubuntu0.1_sparc.deb Size/MD5: 1200060 c280c5257a62a657ba79ac09ed62e4ff http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.1-7ubuntu0.1_sparc.deb Size/MD5: 88620 9b75ff80509a5b3435f7d6f30b19ac9b http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.1-7ubuntu0.1_sparc.deb Size/MD5: 431168 3c7606d6ced441110ab47b16de3542fc http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.1-7ubuntu0.1_sparc.deb Size/MD5: 83030 cc47e0b9c435c5802a2352cb203c435c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.1-7ubuntu0.1_sparc.deb Size/MD5: 211104 bed40b53469b42c5a65a1f0640ae4d2f http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.1-7ubuntu0.1_sparc.deb Size/MD5: 64404 13877024ad747d0ce0a696210217f170 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.1-7ubuntu0.1_sparc.deb Size/MD5: 172948 8fd8903c9b1caa12ebe73c7c6f86de98 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.1-7ubuntu0.1_sparc.deb Size/MD5: 87474 c3f94c62f987a7a6d50f9d5344e59cff http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.1-7ubuntu0.1_sparc.deb Size/MD5: 69196 97040973c460c004ee83b7ba19ddfc88 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.6.dfsg.1-7ubuntu0.1_sparc.deb Size/MD5: 131692 c12abe7485457bcd0ebe5cf3ecfcc850 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1524-1 security@debian.org http://www.debian.org/security/ Noah Meyerhans March 18, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : krb5 Vulnerability : several Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-0062 CVE-2008-0063 CVE-2008-0947 Several remote vulnerabilities have been discovered in the kdc component of the krb5, a system for authenticating users and services on a network. It is theoretically possible for the exposed information to include secret key data on some platforms. It is at least theoretically possible for such corruption to result in database corruption or arbitrary code execution, though we have no such exploit and are not aware of any such exploits in use in the wild. In versions of MIT Kerberos shipped by Debian, this bug can only be triggered in configurations that allow large numbers of open file descriptors in a process. For the stable distribution (etch), these problems have been fixed in version 1.4.4-7etch5. For the old stable distribution (sarge), these problems have been fixed in version krb5 1.3.6-2sarge6. We recommend that you upgrade your krb5 packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 3.1 (oldstable) - ---------------------- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6.orig.tar.gz Size/MD5 checksum: 6526510 7974d0fc413802712998d5fc5eec2919 http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge6.diff.gz Size/MD5 checksum: 673705 93382126a3c73ac44ed7daa7d85f166d http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge6.dsc Size/MD5 checksum: 782 0391aaf485ef1636ef18c6ba183c3fbe Architecture independent packages: http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.3.6-2sarge6_all.deb Size/MD5 checksum: 718916 ca2fb37b53a19207f1e1f1de90c4c1f3 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 137834 d43e9d3f3ef65fe8c8cbbb7b5dcbd144 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 177730 947fb82dd795f9272935ea4cb027e543 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 124864 4f1d0aa9d18013023f4a9f2b9a10db65 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 104886 15037693de0d9dc27460d713b547872a http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 63606 c4cfe2b01bfe0b579b216210817c4fa3 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 369420 c8d1eaf98400880ff82f727fe20f90cd http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 82806 30230dfe2605b88fdeac8811d408acdb http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 57048 741292984684fddae11e130dcd388161 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 652378 d8f3493f4354e0b3717ffc72d6592b88 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 216990 0df13c59411cf57b86bd94e250cf458e arm architecture (ARM) http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 115684 ef39b71c5ecf4187e24d27c1111c9a54 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 633330 08566aa29ab8d56e26070137a16731a4 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 158874 4f60129aa092ea3d750deb168299abe7 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 54134 e23173f4ad3a59af03fbab0369a714a9 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 58252 255394fcc06d13b6dabc2e87c91dac02 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 198848 aaba0529c817ff11728515f5a116f71b http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 126814 85d31333aa01c4ab1f7b14ffaaa4c08b http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 74940 706b7cbfb01d66cbdb371a9019b3f725 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 329190 a661364db9bd2d5c5340a0c6a5c939f4 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 93938 04dc96993c79d0113a0626a4439c8cbf hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 125154 afd4a9608fff5b1b3e793881bb2c9c2c http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 64286 b85cf8b5680c12c093ff34150623a3a0 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 59368 3df43bbb40e060d0522495ff3e78412d http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 669644 50027bd1d314e911c4a91647989fad1e http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 104948 a013d1818ed8d6dd7d75a8ac11e795f9 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 187304 401a8e21722c104f3d3aae86cf3640e9 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 383876 d50afad26c9a0416fe47dfdf5ff649f4 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 81992 b6c84f121f66616f578b13a3f0c654ca http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 139202 4972377b638f980ad757128f14132874 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 224154 8a8436e210dd8892487ea482a1de6522 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 116324 445bced4eb764a78e51b68e4d7558363 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 574784 40fa136876b3219e55de089340c0c85e http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 52890 a6ae74be5b338ab7f215d0846353833e http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 165726 4b2485d3b8a50cd61ffcd2e0748d70fe http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 349416 2f33d4592484a2adf276fd29cfe9d728 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 127878 7232e14b8bc1d78fa4346b4ed393a3b9 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 95656 00f7666dac13adf2a7bfc81c9d801f2f http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 191526 d8613e5a3d87838ee7155f54c1c12f3d http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 57762 2baa509aad5f6b837753e5a3e65e63f1 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 75890 5e52830c36794bb8ed2cdd14611ec690 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 134332 473be671406f747295c4a94d3f2ca3c5 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 289396 c95c79f18a2a8cb78131a35073c09ebe http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 890018 a9ca82650f5f96ac66d2b4436b0d1345 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 167350 f448dced91316668c1d33d6a0776eb2c http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 240384 5dc95c9ea35a7b052041e177114c5acf http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 79982 8980a39a06eeca5ef5adb623786742a2 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 73692 039a88dc8793fa4de6e461408cde62bd http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 105008 273a9dbaf7a4882f39ebd9de527f76fb http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 502382 97f1d32991c1778752bad887f4029990 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 165288 7d2e3c354cc50db22fc34a396902690f m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 71116 2f35c57d9f24856b013e27b0eef24a25 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 516020 203205bb2e6f66161c2aa98746687190 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 49768 39d4529ec4e27e2fdc75de762c5643fa http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 107660 0659ab018fbf062504348fc63ef97cc6 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 147864 b86ebef3ec1541aeabc20be31e503049 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 305872 1fc4f6385b5196c1c892731eac06f5b3 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 122106 c60b71edc9196adda91d40c4b84a908e http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 174180 6d750c072a8d641bd661ea5c688199f3 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 53478 74055ea66e27e24d79c824691da8fe0f http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 88692 074a5c747c652e7ce8d911077ca5586c mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 145108 f432457761497dcfd8e1ba6fe7ac43fa http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 164386 512e3b183ffc5f121f82981f32235377 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 57750 d827cf9980ed4eba196dedf93e7d9b5d http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 680860 b4718176172f14d54d2a4662ae28e534 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 128738 a9592a522e7cc0f6db4c121ac04db438 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 65060 9b5613121aff8f341cb2dc3786b28d78 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 103404 eb3ca8cddb900bd4dfdb10b67ca9622c http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 225708 d09d386a5705b48584ffd51b0127883d http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 355178 359ca6a220b6a9e7af7b949e7a64fb5d http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 80956 407fec89580608afebb4ff89d95bdf72 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 146678 76f8820a81a1c068ab60348f1302d087 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 103808 db8b0c06f58646093ca80554061cc0d1 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 65266 c27b18832cafb60109ba97e529706a53 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 226540 0ddfa3be4f63eeb0066682928c193996 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 82060 2479f67cadc3533fb499507fc1977b5d http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 355120 d1644230bb4cc0788a04f5f0c8eb961c http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 58164 5dcd7db602701983272b2fbb0db88864 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 130098 472042e34a7ac48352205df510767ddd http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 165632 3074194d27a16bd4e737a9462d6a217a http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 682776 b0046283d8860fc6c8fe968b335ff463 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 61758 9496fefe85772ad549b84ae523c56e77 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 217812 c5aa73b8513a3698002cc3cedfeff012 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 105320 3677c003bd4c271bbe3daef5cf8f52df http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 143838 61244dbf640bd19ee1cc738ee7b44b34 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 57018 9afa2ba534be545b9d76d1f69c8e5468 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 165746 74c29add119101782727226dc9200db0 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 634906 93dd67378ead6cb763cc304516cbf632 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 353104 c5b16a1f26d01435b2bcb540b5b97730 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 82702 f728717a6a25b233526ad69934e376f4 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 126246 da0e3adca803929ae44fad884949cbe2 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 214176 9c4b2684ce790d6544d078efde32f5d3 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 132996 1ed627f09d5b25bb3eaaaa4148207d7f http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 63428 332d6f0c94eabdca1df666a3ec0c6184 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 57214 f518a8dd4336c3916bb8c533bd8b6301 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 624898 27ed5f1406b97c3a429ed6cc41a5421a http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 99652 0e49258823390960faaf06522ab8f1cc http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 376188 ec0fdc218fbe9c53fa5aaec87667b5a7 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 82370 3a26a1e22c24add8b16498a641444a77 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 180336 34967e4eb80a75b18a23a9f3bf05bb5f http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 121318 883136f99bce1a8f9f413dc3d68f5762 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 576786 3c142ce93bd9b408ea9a6d6046e3d067 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 58950 91be8dfc1160f334f0ed514eaeddb3c4 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 53520 89ceeef920ad596b129365a1f6876818 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 73596 cca4a24557097c3be9dc611d686d0688 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 93348 0a954f5b7f637eeaea3b656699314b99 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 114068 e7a1986874465f458987516f27a705d1 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 157712 2c8a0b75fc4982ee9265d2dd8cab2cc4 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 126780 d6faa238b06d1ff65c6b20b54c7b4fac http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 194584 39322280b333988d5cce973c7c00cdad http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 330436 27d8b24e5a2bbb57d8078c7b1d391d53 Debian 4.0 (stable) - --------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch5.dsc Size/MD5 checksum: 876 e8f30ac6b710091985a2b669632ca174 http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4.orig.tar.gz Size/MD5 checksum: 11017910 a675e5953bb8a29b5c6eb6f4ab0bb32a http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch5.diff.gz Size/MD5 checksum: 1590551 c7d7bfb6aa34876ec8b5d0767ed65c2d Architecture independent packages: http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.4.4-7etch5_all.deb Size/MD5 checksum: 1806352 0e3b03d93b1a62a41f9d004d3f6a69eb alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 76136 61c8f8b99cd2c5e08fe20121d5a33119 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 461032 12fe64d352941f674f01b875532ec91f http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 91648 ee8cf04beb8687f4afc0684fbed232e9 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 1087614 dc627be2679028513f541ab0db184758 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 245650 57d128cab47e74d75ad56da8b81866fe http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 154868 4cac528d66a64df26a385bb15552061c http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 136110 a0d904994baba8064c640014e238020c http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 216328 7e96a8117e5397282f9027dc99fee308 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 89690 a14489d539fc5274175e92b8c1f99cc4 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 65866 c153e17e3514e566d1b719bd4941c3f2 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 1017046 543b2403aee468ad0a1692708de9a587 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 83852 4e7e51683f130dfdbaaaa2b6bbdfd70b http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 61474 5ed45d3180ad5cda0839f53d8d9fc716 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 768634 4f227f866f481d0a11a90b1a41d14bbb http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 141926 5944b339ff70c630a2d04026dc8a436c http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 68170 d5b5cc9a99c26889dcf685f88cc92a9a http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 129822 8f01b6b85827382fcb2ac54b561a1ec0 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 222262 b16ea5bddeb302c73844a465d5b27020 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 1072208 5458abcef1aa9174a703a51d9910bf42 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 190378 b663d232374d5d8ea6a1aeb6596e1e66 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 426424 39665f5600ac062e43d78823f79016a6 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 86108 786e35f5915b137445eb034ef1f53eee arm architecture (ARM) http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_arm.deb Size/MD5 checksum: 1013602 3087dae461053141fd9099ba1bf1f520 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_arm.deb Size/MD5 checksum: 63418 6d76005bc5336972fff07aa9961bcbca http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_arm.deb Size/MD5 checksum: 682712 20f548e7e7fe59ffc450c46c58b73fd1 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_arm.deb Size/MD5 checksum: 136110 b1774fea7cea371790dc1d7b9a293395 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_arm.deb Size/MD5 checksum: 173154 785af0fd07d78658edb4a4c25082ca22 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_arm.deb Size/MD5 checksum: 59834 e369f2b68c8090e91191718d207da76d http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_arm.deb Size/MD5 checksum: 206238 c69f58637e68a2d455750e32b5b770c0 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_arm.deb Size/MD5 checksum: 390054 b972d264ad97b69120ee4e4d898f3055 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_arm.deb Size/MD5 checksum: 81426 82979ab1f34edf407dc1a32f4be2a911 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_arm.deb Size/MD5 checksum: 123540 f9534a82bfa054018029c9a3934fc121 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_arm.deb Size/MD5 checksum: 78826 62163e751d27902012a16758fbbf67e0 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 1050680 8ea8f26032837464c794e615623ac59e http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 87564 ec92090e89dc2c03500c52cbd188e4c3 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 441724 6cc26ce6c3e4fa233222786b15bc08ac http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 64206 fa4e68946117f10d2dbbcea75fabe5d0 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 132802 23e6e453b5943c8df76fd87a18fe2182 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 85370 9011819683422a091d363e0d0064e82e http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 815220 652f24a16193c3d8bf9f128000888850 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 145028 88cb8fd42c037cca495bb200a8d5bacd http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 69692 0ce8e82456cc62420ba31f7ce0aa3a39 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 201216 b7aa6c970117a632b2e60d14829ba7b7 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 232082 7a823371e31f4b3e937a4e9d7a83d09b i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_i386.deb Size/MD5 checksum: 80306 8c8461beb8bd866080134bf1a25ef557 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_i386.deb Size/MD5 checksum: 62446 22a83f7567df841b9f34ffc133534a64 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_i386.deb Size/MD5 checksum: 133360 5e72e490c20ac03f49b7fd6921047048 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_i386.deb Size/MD5 checksum: 680166 991c24aa3b8e2d82f07e49865d70119b http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_i386.deb Size/MD5 checksum: 408376 f375a2157e2b1de2eadecbb2f03c8637 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_i386.deb Size/MD5 checksum: 174112 f9efe4ee2c52dba6806f548d778e0f53 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_i386.deb Size/MD5 checksum: 58050 b99734e1b92043a8cc816c588b04fce5 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_i386.deb Size/MD5 checksum: 196558 0b03b5d3920efa1c5efbf8cbe3901f15 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_i386.deb Size/MD5 checksum: 124206 21cc6d63e1eeaeb9deb70e227d61d84b http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_i386.deb Size/MD5 checksum: 1037936 a1a2470171c5403563ed285be9caaa9a http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_i386.deb Size/MD5 checksum: 78598 80b9f57c39a90e17b67480271ec8cc2a ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 305920 940370e13598d9c00b123f97aa3f09ad http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 164602 6dd81cf1a5487ad63e2ab3cf1ce342f1 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 112994 4ccb79847d301064e5e6496f2577b5e5 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 80324 88cc01f93ed8fe3b9c9861176050f004 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 105592 8745ddb42d7cb7afb95ef4f946a26c60 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 1088562 0d2cdc97965b7827a78bca972aed38fd http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 91338 40c9d44d05f3262c1a5d6950c4255e16 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 269600 4acf36a3831bd4d2bb0af4d9130d0f27 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 1043576 6e487c186d462bc98b8ccdfbb5891324 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 190500 4cc37a9cd6bb13da4ca73f87b60738d3 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 592208 ac3bd63fc244d99757d33c8b8fa8f745 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_mips.deb Size/MD5 checksum: 71184 99f78076e71ddc74b7809de695945048 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_mips.deb Size/MD5 checksum: 128534 d08156f659ccfaa953e612ab0f1be1e0 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_mips.deb Size/MD5 checksum: 86416 a0ccc69288f43974099646a0b4df2702 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_mips.deb Size/MD5 checksum: 807408 caa736a161edf63d4b7b0200642293cc http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_mips.deb Size/MD5 checksum: 81794 820abd7cda885cfbcd651eeb819b6ea2 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_mips.deb Size/MD5 checksum: 176908 eb82211002e6f5fa451b8c6fc72cd8c5 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_mips.deb Size/MD5 checksum: 230468 6498dab212c73d4c618a77b105d40302 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_mips.deb Size/MD5 checksum: 389766 cb2be7e8aa8890f3011c7721474048cb http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_mips.deb Size/MD5 checksum: 145004 1d8436cb03bf8df56127ab37a1787096 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_mips.deb Size/MD5 checksum: 62920 610d234fcd0e209b0d2e6c0f3be39f6b http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_mips.deb Size/MD5 checksum: 1112710 5b98f43fa267c04b32bc96927ad868a2 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 87478 dce62567d27548de56ad38615fd5a8fe http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 71596 8cfffdf23386228753133a6d675a75dc http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 131106 22011c6b9dfeaf6318baffbb40b4b005 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 63834 9a2e78369d8fa1d0d8688eb48e443518 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 810348 c36eb2099ac9fd31e57d5693ec8eb92b http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 82652 3699856d5fe3d28c74e0e66469d05859 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 1087382 a5cac22f1da48cbb4c80f7f736b70b2f http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 179494 4a1d3e8cc558c330b9f4a6bded87913b http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 145716 1f45bb37dd7e13ea4c6b21f52c43c657 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 232788 88bc4c67b09b541769a7a00abc5d2688 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 391848 05272bb8eb78e5e3fa374c9cb6597403 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 222776 d87408739c95de5b207a88550278a0d0 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 1083104 a5a89067cd381199a75e9751be977884 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 143844 488e4411a9d507c14961e8c1a867a18b http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 84364 fd1d52f855615c98fc8d207dcea36d2f http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 137308 16ac4ae9b3a4eec6e584d4b9902771ed http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 399370 2c4951062f1fa124af1a36a8b0c1e761 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 86864 33e72918f1ae2f968537d4e3328237b8 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 67384 3547b618672d7e775018128fa421551d http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 753506 cdc2c41be06d280160c3f7ee8b7f3417 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 61930 dad1ac368a357004137a4beaf0a4f8ba http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 179574 499b4b287b5726f7a8afea620d5606c5 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_s390.deb Size/MD5 checksum: 63392 7e446e33886543cc1432026dbde49ea8 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_s390.deb Size/MD5 checksum: 87886 02735411cb4acaa71b8aa72bf7d9683d http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_s390.deb Size/MD5 checksum: 438990 5aacff7c6ec54f708cb98fa0718bfcc0 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_s390.deb Size/MD5 checksum: 129266 31c153db1328ee93b97e64bdb01a3cc3 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_s390.deb Size/MD5 checksum: 195506 d3175c75393ac80363919b170e1446e0 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_s390.deb Size/MD5 checksum: 1073530 ac4c767b43f20d304e9683ebfddf3a68 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_s390.deb Size/MD5 checksum: 224438 5a59744997773137c0409af842e7fdf0 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_s390.deb Size/MD5 checksum: 68782 57ed0962a4cf4f2f7c7d60edf52449ed http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_s390.deb Size/MD5 checksum: 140470 8fd23a0ec4c4b5c81c48d7b0228a5fa8 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_s390.deb Size/MD5 checksum: 82118 7a84a0ceeb5110380a231be90d6f36ce http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_s390.deb Size/MD5 checksum: 733368 6a3ea5e404cebc11888aaad6fdc2cedd sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 131724 561314d157da780fc7de7c06524e8a3c http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 77124 6de298978f0404514a0b16d863efa276 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 961534 754258b22c1eaf83c3167775c3138a58 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 372674 20c48448253a262988a3ca876cfb2931 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 123040 00e2f8c76353547804f9ff516de1f65d http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 680434 6bf7c8d82d481a8d6d9d784f5ed617ec http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 58242 f7e89e959e30e2bd36ac3ce1191a7711 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 63800 21beab0b247e7bdeea2004876f388c59 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 166710 b5127d835935bee8ce49a1154e5fa2eb http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 200282 49524ee10fb4d4e7be223a1f25dffba7 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 78204 2462352e5493e856bd8a784ca49f95f0 These files will probably be moved into the stable distribution on its next update. A flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4 protocol packets. This issue only affects krb5kdc when it has Kerberos v4 protocol compatibility enabled, which is a compiled-in default in all Kerberos versions that Mandriva Linux ships prior to Mandriva Linux 2008.0. Kerberos v4 protocol support can be disabled by adding v4_mode=none (without quotes) to the [kdcdefaults] section of /etc/kerberos/krb5kdc/kdc.conf. A flaw in the RPC library as used in Kerberos' kadmind was discovered by Jeff Altman of Secure Endpoints. The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 64c3f5c31177dcacc99b021ec6ed1271 2007.1/i586/ftp-client-krb5-1.5.2-6.6mdv2007.1.i586.rpm 11b4194bc9edba8c0951e44660ba9955 2007.1/i586/ftp-server-krb5-1.5.2-6.6mdv2007.1.i586.rpm 23794e6e0cb1d46a329c42a04f672c5f 2007.1/i586/krb5-server-1.5.2-6.6mdv2007.1.i586.rpm 0fbb29bd81c8452d937d30fbbda62242 2007.1/i586/krb5-workstation-1.5.2-6.6mdv2007.1.i586.rpm 8f4eea60bf4ea3bfc776f1c117ceb26d 2007.1/i586/libkrb53-1.5.2-6.6mdv2007.1.i586.rpm fd5b1da0a056d995011d2b1a692e4292 2007.1/i586/libkrb53-devel-1.5.2-6.6mdv2007.1.i586.rpm ca79ccbe3f286b9069f0ae028d9816f7 2007.1/i586/telnet-client-krb5-1.5.2-6.6mdv2007.1.i586.rpm 8a7c84f1fe1bbb5338723f28d12a9f21 2007.1/i586/telnet-server-krb5-1.5.2-6.6mdv2007.1.i586.rpm 22830790ad7715479b7d4fbecc6c1e7f 2007.1/SRPMS/krb5-1.5.2-6.6mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: fc02060b7c1da08c33952e6c14fb5627 2007.1/x86_64/ftp-client-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 513fca34bdd1f2a5643a8e6adeb62e0e 2007.1/x86_64/ftp-server-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 4f42d639753a885212e6d62bfe84a121 2007.1/x86_64/krb5-server-1.5.2-6.6mdv2007.1.x86_64.rpm 6b2ca028321fb08199be20a4aedef4a0 2007.1/x86_64/krb5-workstation-1.5.2-6.6mdv2007.1.x86_64.rpm 4d453dc2a579e74e29dfc052197fedc1 2007.1/x86_64/lib64krb53-1.5.2-6.6mdv2007.1.x86_64.rpm b22d9f1b515df1a5270d2d4c373b7dd3 2007.1/x86_64/lib64krb53-devel-1.5.2-6.6mdv2007.1.x86_64.rpm 21b245649de9e38e43782bd1a18922a7 2007.1/x86_64/telnet-client-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 1322374ab1c15b5c1392ee4ae5f915e7 2007.1/x86_64/telnet-server-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 22830790ad7715479b7d4fbecc6c1e7f 2007.1/SRPMS/krb5-1.5.2-6.6mdv2007.1.src.rpm Mandriva Linux 2008.0: 3ee5a309927b830bf8559a872161384b 2008.0/i586/ftp-client-krb5-1.6.2-7.1mdv2008.0.i586.rpm 1835baa43ab27aac2493dc7821bafa8a 2008.0/i586/ftp-server-krb5-1.6.2-7.1mdv2008.0.i586.rpm 5e8369c201ac4678a7bc46590107e45f 2008.0/i586/krb5-1.6.2-7.1mdv2008.0.i586.rpm 94277e76faf2b75553c2e6250e428a43 2008.0/i586/krb5-server-1.6.2-7.1mdv2008.0.i586.rpm 695d5b85347b906401433fa55177be1a 2008.0/i586/krb5-workstation-1.6.2-7.1mdv2008.0.i586.rpm 4696cbae0ce644c265b74ff4ce59a865 2008.0/i586/libkrb53-1.6.2-7.1mdv2008.0.i586.rpm cc8122a1c6a3449fc41d3022bbdffeb2 2008.0/i586/libkrb53-devel-1.6.2-7.1mdv2008.0.i586.rpm d5e75835b35e81a3f7d038e501dabd1c 2008.0/i586/telnet-client-krb5-1.6.2-7.1mdv2008.0.i586.rpm 072b5ba782fbd1659ed8bde15bd11b5a 2008.0/i586/telnet-server-krb5-1.6.2-7.1mdv2008.0.i586.rpm cfd133fde8cc72b038ea61dc94405701 2008.0/SRPMS/krb5-1.6.2-7.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 7a8c1c390b1d1a0b2a8fe28e8fb6a458 2008.0/x86_64/ftp-client-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm 9b312bd49bd858d00d00ec299866a275 2008.0/x86_64/ftp-server-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm 19f7d0590227c4cc636ee5528db8027a 2008.0/x86_64/krb5-1.6.2-7.1mdv2008.0.x86_64.rpm 6a84bc19cb8e32f7331ce4c1ed36dc9d 2008.0/x86_64/krb5-server-1.6.2-7.1mdv2008.0.x86_64.rpm dabaf97b9b36316dc2b69e9edc953793 2008.0/x86_64/krb5-workstation-1.6.2-7.1mdv2008.0.x86_64.rpm 2810bbed78b7480ff48b021a798cb5a1 2008.0/x86_64/lib64krb53-1.6.2-7.1mdv2008.0.x86_64.rpm 734b018e6b05204767d07a7d53ef2c3c 2008.0/x86_64/lib64krb53-devel-1.6.2-7.1mdv2008.0.x86_64.rpm 787fb5ea70eff84b91eea5d68c1e956d 2008.0/x86_64/telnet-client-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm d6224c005bc7c818c117e3fc61643840 2008.0/x86_64/telnet-server-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm cfd133fde8cc72b038ea61dc94405701 2008.0/SRPMS/krb5-1.6.2-7.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFH4WG/mqjQ0CJFipgRAom/AKDt3NL//QdT6Aw4zm4Ok/TlQjpNLQCeJ2qJ Hsy0RD3h2ilxoUTodKz7J5k= =y37y -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2008-0009 Synopsis: Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues Issue date: 2008-06-04 Updated on: 2008-06-04 (initial release of advisory) CVE numbers: CVE-2007-5671 CVE-2008-0967 CVE-2008-2097 CVE-2008-2100 CVE-2006-1721 CVE-2008-0553 CVE-2007-5378 CVE-2007-4772 CVE-2008-0888 CVE-2008-0062 CVE-2008-0063 CVE-2008-0948 - ------------------------------------------------------------------- 1. Summary: Several critical security vulnerabilities have been addressed in patches in ESX and in the newest releases of VMware's hosted product line. 2. Relevant releases: VMware Workstation 6.0.3 and earlier, VMware Workstation 5.5.6 and earlier, VMware Player 2.0.3 and earlier, VMware Player 1.0.6 and earlier, VMware ACE 2.0.3 and earlier, VMware ACE 1.0.5 and earlier, VMware Server 1.0.5 and earlier, VMware Fusion 1.1.1 and earlier VMware ESXi 3.5 without patches ESXe350-200805501-I-SG, ESXe350-200805502-T-SG, ESXe350-200805503-C-SG VMware ESX 3.5 without patches ESX350-200805515-SG, ESX350-200805508-SG, ESX350-200805501-BG, ESX350-200805504-SG, ESX350-200805506-SG, ESX350-200805505-SG, ESX350-200805507-SG VMware ESX 3.0.2 without patches ESX-1004727, ESX-1004821, ESX-1004216, ESX-1004726, ESX-1004722, ESX-1004724, ESX-1004719, ESX-1004219 VMware ESX 3.0.1 without patches ESX-1004186, ESX-1004728, ESX-1004725, ESX-1004721, ESX-1004723, ESX-1004190, ESX-1004189 VMware ESX 2.5.5 without update patch 8 VMware ESX 2.5.4 without update patch 19 NOTES: Hosted products VMware Workstation 5.x, VMware Player 1.x, and VMware ACE 1.x will reach end of general support 2008-11-09. Customers should plan to upgrade to the latest version of their respective products. ESX 3.0.1 is in Extended Support and its end of extended support (Security and Bug fixes) is 2008-07-31. Users should plan to upgrade to at least 3.0.2 update 1 and preferably the newest release available before the end of extended support. ESX 2.5.4 is in Extended Support and its end of extended support (Security and Bug fixes) is 2008-10-08. Users should plan to upgrade to at least 2.5.5 and preferably the newest release available before the end of extended support. 3. Problem description: a. VMware Tools Local Privilege Escalation on Windows-based guest OS The VMware Tools Package provides support required for shared folders (HGFS) and other features. An input validation error is present in the Windows-based VMware HGFS.sys driver. Exploitation of this flaw might result in arbitrary code execution on the guest system by an unprivileged guest user. It doesn't matter on what host the Windows guest OS is running, as this is a guest driver vulnerability and not a vulnerability on the host. The HGFS.sys driver is present in the guest operating system if the VMware Tools package is loaded. Even if the host has HGFS disabled and has no shared folders, Windows-based guests may be affected. This is regardless if a host supports HGFS. This issue could be mitigated by removing the VMware Tools package from Windows based guests. However this is not recommended as it would impact usability of the product. NOTE: Installing the new hosted release or ESX patches will not remediate the issue. The VMware Tools packages will need to be updated on each Windows-based guest followed by a reboot of the guest system. VMware would like to thank iDefense and Stephen Fewer of Harmony Security for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5671 to this issue. VMware Product Running Replace with/ Product Version on Apply Patch ============ ======== ======= ================= Workstation 6.x Windows not affected Workstation 6.x Linux not affected Workstation 5.x Windows 5.5.6 build 80404 or later Workstation 5.x Linux 5.5.6 build 80404 or later Player 2.x Windows not affected Player 2.x Linux not affected Player 1.x Windows 1.0.6 build 80404 or later Player 1.x Linux 1.0.6 build 80404 or later ACE 2.x Windows not affected ACE 1.x Windows 1.0.5 build 79846 or later Server 1.x Windows 1.0.5 build 80187 or later Server 1.x Linux 1.0.5 build 80187 or later Fusion 1.x Mac OS/X not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX not affected ESX 3.0.2 ESX ESX-1004727 ESX 3.0.1 ESX ESX-1004186 ESX 2.5.5 ESX ESX 2.5.5 upgrade patch 5 or later ESX 2.5.4 ESX ESX 2.5.4 upgrade patch 16 or later b. Privilege escalation on ESX or Linux based hosted operating systems This update fixes a security issue related to local exploitation of an untrusted library path vulnerability in vmware-authd. In order to exploit this vulnerability, an attacker must have local access and the ability to execute the set-uid vmware-authd binary on an affected system. Exploitation of this flaw might result in arbitrary code execution on the Linux host system by an unprivileged user. VMware would like to thank iDefense for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0967 to this issue. VMware Product Running Replace with/ Product Version on Apply Patch ============ ======== ======= ================= Workstation 6.x Windows not affected Workstation 6.x Linux 6.0.4 build 93057 Workstation 5.x Windows not affected Workstation 5.x Linux 5.5.7 build 91707 Player 2.x Windows not affected Player 2.x Linux 2.0.4 build 93057 Player 1.x Windows not affected Player 1.x Linux 1.0.7 build 91707 ACE 2.x Windows not affected ACE 1.x Windows not affected Server 1.x Windows not affected Server 1.x Linux 1.0.6 build 91891 Fusion 1.x Mac OS/X not affected ESXi 3.5 ESXi ESXe350-200805501-I-SG ESX 3.5 ESX ESX350-200805515-SG ESX 3.0.2 ESX ESX-1004821 ESX 3.0.1 ESX ESX-1004728 ESX 2.5.5 ESX ESX 2.5.5 update patch 8 ESX 2.5.4 ESX ESX 2.5.4 update patch 19 c. Openwsman Invalid Content-Length Vulnerability Openwsman is a system management platform that implements the Web Services Management protocol (WS-Management). It is installed and running by default. It is used in the VMware Management Service Console and in ESXi. The openwsman management service on ESX 3.5 and ESXi 3.5 is vulnerable to a privilege escalation vulnerability, which may allow users with non-privileged ESX or Virtual Center accounts to gain root privileges. To exploit this vulnerability, an attacker would need a local ESX account or a VirtualCenter account with the Host.Cim.CimInteraction permission. Systems with no local ESX accounts and no VirtualCenter accounts with the Host.Cim.CimInteraction permission are not vulnerable. This vulnerability cannot be exploited by users without valid login credentials. Discovery: Alexander Sotirov, VMware Security Research The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2097 to this issue. VMware Product Running Replace with/ Product Version on Apply Patch ============ ======== ======= ================= hosted any any not affected ESXi 3.5 ESXi ESXe350-200805501-I-SG ESX 3.5 ESX ESX350-200805508-SG ESX 3.0.2 ESX not affected ESX 3.0.1 ESX not affected ESX 2.5.5 ESX not affected ESX 2.5.4 ESX not affected NOTE: VMware hosted products are not affected by this issue. d. VMware VIX Application Programming Interface (API) Memory Overflow Vulnerabilities The VIX API (also known as "Vix") is an API that lets users write scripts and programs to manipulate virtual machines. Multiple buffer overflow vulnerabilities are present in the VIX API. Exploitation of these vulnerabilities might result in code execution on the host system or on the service console in ESX Server from the guest operating system. The VIX API can be enabled and disabled using the "vix.inGuest.enable" setting in the VMware configuration file. This default value for this setting is "disabled". This configuration setting is present in the following products: VMware Workstation 6.0.2 and higher VMware ACE 6.0.2 and higher VMware Server 1.06 and higher VMware Fusion 1.1.2 and higher ESX Server 3.0 and higher ESX Server 3.5 and higher In previous versions of VMware products where the VIX API was introduced, the VIX API couldn't be disabled. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2100 to this issue. VMware Product Running Replace with/ Product Version on Apply Patch ============ ======== ======= ================= VIX API 1.1.x Windows VMware-vix-1.1.4-93057.exe VIX API 1.1.x Linux VMware-vix-1.1.4-93057.i386.tar.gz VIX API 1.1.x Linux64 VMware-vix-1.1.4-93057.x86_64.tar.gz Workstation 6.x Windows 6.0.4 build 93057 Workstation 6.x Linux 6.0.4 build 93057 Workstation 5.x Windows 5.5.7 build 91707 Workstation 5.x Linux 5.5.7 build 91707 Player 2.x Windows 2.0.4 build 93057 Player 2.x Linux 2.0.4 build 93057 Player 1.x Windows 1.0.6 build 91707 Player 1.x Linux 1.0.6 build 91707 ACE 2.x Windows 2.0.4 build 93057 ACE 1.x Windows not affected Server 1.x Windows 1.0.6 build 91891 Server 1.x Linux 1.0.6 build 91891 Fusion 1.x Mac OS/X 1.1.2 build 87978 or later ESXi 3.5 ESXi ESXe350-200805501-I-SG, ESXe350-200805502-T-SG ESX 3.5 ESX ESX350-200805501-BG ESX 3.0.2 ESX ESX-1004216, ESX-1004726, ESX-1004727 ESX 3.0.1 ESX ESX-1004186, ESX-1004725 ESX 2.5.5 ESX not affected ESX 2.5.4 ESX not affected II Service Console rpm updates NOTE: ESXi and hosted products are not affected by any service console security updates a. Security update for cyrus-sasl Updated cyrus-sasl package for the ESX Service Console corrects a security issue found in the DIGEST-MD5 authentication mechanism of Cyrus' implementation of Simple Authentication and Security Layer (SASL). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-1721 to this issue. RPMs Updated: cyrus-sasl-2.1.15-15.i386.rpm cyrus-sasl-md5-2.1.15-1.i386.rpm VMware Product Running Replace with/ Product Version on Apply Patch ============ ======== ======= ================= hosted any any not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX ESX350-200805504-SG ESX 3.0.2 ESX ESX-1004722 ESX 3.0.1 ESX ESX-1004721 ESX 2.5.5 ESX not affected ESX 2.5.4 ESX not affected b. Security update for tcltk An input validation flaw was discovered in Tk's GIF image handling. A code-size value read from a GIF image was not properly validated before being used, leading to a buffer overflow. A specially crafted GIF file could use this to cause a crash or, potentially, execute code with the privileges of the application using the Tk graphical toolkit. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0553 to this issue. A buffer overflow flaw was discovered in Tk's animated GIF image handling. An animated GIF containing an initial image smaller than subsequent images could cause a crash or, potentially, execute code with the privileges of the application using the Tk library. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5378 to this issue. A flaw first discovered in the Tcl regular expression engine used in the PostgreSQL database server, resulted in an infinite loop when processing certain regular expressions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4772 to this issue. RPM Updated: tcl-8.3.5-92.8.i386.rpm VMware Product Running Replace with/ Product Version on Apply Patch ============ ======== ======= ================= hosted any any not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX ESX350-200805506-SG ESX 3.0.2 ESX ESX-1004724 ESX 3.0.1 ESX ESX-1004723 ESX 2.5.5 ESX ESX 2.5.5 Upgrade Patch 8 ESX 2.5.4 ESX ESX 2.5.4 Upgrade Patch 19 c. Security update for unzip This patch includes a moderate security update to the service console that fixes a flaw in unzip. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0888 to this issue. RPM Updated: Unzip-5.50-36.EL3.i386.rpm VMware Product Running Replace with/ Product Version on Apply Patch ============ ======== ======= ================= hosted any any not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX ESX350-200805505-SG ESX 3.0.2 ESX ESX-1004719 ESX 3.0.1 ESX ESX-1004190 ESX 2.5.5 ESX ESX 2.5.5 Upgrade Patch 8 ESX 2.5.4 ESX ESX 2.5.4 Upgrade Patch 19 d. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0062 to this issue. NOTE: ESX doesn't contain the krb5kdc binary and is not vulnerable to this issue. NOTE: ESX doesn't contain the krb5kdc binary and is not vulnerable to this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0948 to this issue. RPM Updated: krb5-libs-1.2.7-68.i386.rpm VMware Product Running Replace with/ Product Version on Apply Patch ============ ======== ======= ================= hosted any any not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX ESX350-200805507-SG ESX 3.0.2 ESX ESX-1004219 ESX 3.0.1 ESX ESX-1004189 ESX 2.5.5 ESX ESX 2.5.5 Upgrade Patch 8 ESX 2.5.4 ESX ESX 2.5.4 Upgrade Patch 19 4. Solution: Please review the release notes for your product and version and verify the md5sum of your downloaded file. VMware Workstation 6.0.4 ------------------------ http://www.vmware.com/download/ws/ Release notes: http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html Windows binary md5sum: f50a05831e94c19d98f363c752fca5f9 RPM Installation file for 32-bit Linux md5sum: e7793b14b995d3b505f093c84e849421 tar Installation file for 32-bit Linux md5sum: a0a8e1d8188f4be03357872a57a767ab RPM Installation file for 64-bit Linux md5sum: 960d753038a268b8f101f4b853c0257e tar Installation file for 64-bit Linux md5sum: 4697ec8a9d6c1152d785f3b77db9d539 VMware Workstation 5.5.7 ------------------------ http://www.vmware.com/download/ws/ws5.html Release notes: http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html Windows binary: md5sum: 4c6a6653b7296240197aac048591c659 Compressed Tar archive for 32-bit Linux md5sum: 8fc15d72031489cf5cd5d47b966787e6 Linux RPM version for 32-bit Linux md5sum: f0872fe447ac654a583af16b2f4bba3f VMware Player 2.0.4 and 1.0.7 ----------------------------- http://www.vmware.com/download/player/ Release notes Player 1.x: http://www.vmware.com/support/player/doc/releasenotes_player.html Release notes Player 2.0 http://www.vmware.com/support/player2/doc/releasenotes_player2.html 2.0.4 Windows binary md5sum: a117664a8bfa7336b846117e5fc048dd VMware Player 2.0.4 for Linux (.rpm) md5sum: de6ab6364a0966b68eadda2003561cd2 VMware Player 2.0.4 for Linux (.tar) md5sum: 9e1c2bfda6b22a3fc195a86aec11903a VMware Player 2.0.4 - 64-bit (.rpm) md5sum: 997e5ceffe72f9ce9146071144dacafa VMware Player 2.0.4 - 64-bit (.tar) md5sum: 18eb4ee49dd7e33ec155ef69d7d259ef 1.0.7 Windows binary md5sum: 51114b3b433dc1b3bf3e434aebbf2b9c Player 1.0.7 for Linux (.rpm) md5sum: 3b5f97a37df3b984297fa595a5cdba9c Player 1.0.7 for Linux (.tar) md5sum: b755739144944071492a16fa20f86a51 VMware ACE ---------- http://www.vmware.com/download/ace/ Release notes 2.0: http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html VMware-workstation-6.0.4-93057.exe md5sum: f50a05831e94c19d98f363c752fca5f9 VMware-ACE-Management-Server-Appliance-2.0.4-93057.zip md5sum: d2ae2246f3d87268cf84c1421d94e86c VMware-ACE-Management-Server-2.0.4-93057.exe md5sum: 41b31b3392d5da2cef77a7bb28654dbf VMware-ACE-Management-Server-2.0.4-93057.i386-rhel4.rpm md5sum: 9920be4c33773df53a1728b41af4b109 VMware-ACE-Management-Server-2.0.4-93057.i386-sles9.rpm md5sum: 4ec4c37203db863e8844460b5e80920b Release notes 1.x: http://www.vmware.com/support/ace/doc/releasenotes_ace.html VMware-ACE-1.0.6-89199.exe md5sum: 110f6e24842a0d154d9ec55ef9225f4f VMware Server 1.0.6 ------------------- http://www.vmware.com/download/server/ Release notes: http://www.vmware.com/support/server/doc/releasenotes_server.html VMware Server for Windows 32-bit and 64-bit md5sum: 3e00d5cfae123d875e4298bddabf12f5 VMware Server Windows client package md5sum: 64f3fc1b4520626ae465237d7ec4773e VMware Server for Linux md5sum: 46ea876bfb018edb6602a921f6597245 VMware Server for Linux rpm md5sum: 9d2f0af908aba443ef80bec8f7ef3485 Management Interface md5sum: 1b3daabbbb49a036fe49f53f812ef64b VMware Server Linux client package md5sum: 185e5b174659f366fcb38b1c4ad8d3c6 VMware Fusion 1.1.3 -------------- http://www.vmware.com/download/fusion/ Release notes: http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html md5sum: D15A3DFD3E7B11FC37AC684586086D VMware VIX 1.1.4 ---------------- http://www.vmware.com/support/developer/vix-api/ Release notes: http://www.vmware.com/support/pubs/vix-api/VIXAPI-1.1.4-Release-Notes.html VMware-vix-1.1.4-93057.exe md5sum: 2efb74618c7ead627ecb3b3033e3f9f6 VMware-vix-1.1.4-93057.i386.tar.gz md5sum: 988df2b2bbc975a6fc11f27ad1519832 VMware-vix-1.1.4-93057.x86_64.tar.gz md5sum: a64f951c6fb5b2795a29a5a7607059c0 ESXi ---- VMware ESXi 3.5 patch ESXe350-200805501-O-SG (authd, openwsman, VIX) http://download3.vmware.com/software/esx/ESXe350-200805501-O-SG.zip md5sum: 4ce06985d520e94243db1e0504a56d8c http://kb.vmware.com/kb/1005073 http://kb.vmware.com/kb/1004173 http://kb.vmware.com/kb/1004172 NOTE: ESXe350-200805501-O-SG contains the following patch bundles: ESXe350-200805501-I-SG, ESXe350-200805502-T-SG, ESXe350-200805503-C-SG ESX --- VMware ESX 3.5 patch ESX350-200805515-SG (authd) http://download3.vmware.com/software/esx/ESX350-200805515-SG.zip md5sum: 324b50ade230bcd5079a76e3636163c5 http://kb.vmware.com/kb/1004170 VMware ESX 3.5 patch ESX350-200805508-SG (openwsman) http://download3.vmware.com/software/esx/ESX350-200805508-SG.zip md5sum: 3ff8c06d4a9dd406f64f89c51bf26d12 http://kb.vmware.com/kb/1004644 VMware ESX 3.5 patch ESX350-200805501-BG (VIX) http://download3.vmware.com/software/esx/ESX350-200805501-BG.zip md5sum: 31a620aa249c593c30015b5b6f8c8650 http://kb.vmware.com/kb/1004637 VMware ESX 3.5 patch ESX350-200805504-SG (cyrus-sasl) http://download3.vmware.com/software/esx/ESX350-200805504-SG.zip md5sum: 4c1b1a8dcb09a636b55c64c290f7de51 http://kb.vmware.com/kb/1004640 VMware ESX 3.5 patch ESX350-200805506-SG (tcltk) http://download3.vmware.com/software/esx/ESX350-200805506-SG.zip md5sum: af279eef8fdeddb7808630da1ae717b1 http://kb.vmware.com/kb/1004642 VMware ESX 3.5 patch ESX350-200805505-SG (unzip) http://download3.vmware.com/software/esx/ESX350-200805505-SG.zip md5sum: 07af82d9fd97cccb89d9b90c6ecc41c6 http://kb.vmware.com/kb/1004641 VMware ESX 3.5 patch ESX350-200805507-SG (krb5) http://download3.vmware.com/software/esx/ESX350-200805507-SG.zip md5sum: 5d35a1c470daf13c9f4df5bdc9438748 http://kb.vmware.com/kb/1004643 VMware ESX 3.0.2 patch ESX-1004727 (HGFS,VIX) http://download3.vmware.com/software/vi/ESX-1004727.tgz md5sum: 31a67b0fa3449747887945f8d370f19e http://kb.vmware.com/kb/1004727 VMware ESX 3.0.2 patch ESX-1004821 (authd) http://download3.vmware.com/software/vi/ESX-1004821.tgz md5sum: 5c147bedd07245c903d44257522aeba1 http://kb.vmware.com/kb/1004821 VMware ESX 3.0.2 patch ESX-1004216 (VIX) http://download3.vmware.com/software/vi/ESX-1004216.tgz md5sum: 0784ef70420d28a9a5d6113769f6669a http://kb.vmware.com/kb/1004216 VMware ESX 3.0.2 patch ESX-1004726 (VIX) http://download3.vmware.com/software/vi/ESX-1004726.tgz md5sum: 44f03b274867b534cd274ccdf4630b86 http://kb.vmware.com/kb/1004726 VMware ESX 3.0.2 patch ESX-1004722 (cyrus-sasl) http://download3.vmware.com/software/vi/ESX-1004722.tgz md5sum: 99dc71aed5bab7711f573b6d322123d6 http://kb.vmware.com/kb/1004722 VMware ESX 3.0.2 patch ESX-1004724 (tcltk) http://download3.vmware.com/software/vi/ESX-1004724.tgz md5sum: fd9a160ca7baa5fc443f2adc8120ecf7 http://kb.vmware.com/kb/1004724 VMware ESX 3.0.2 patch ESX-1004719 (unzip) http://download3.vmware.com/software/vi/ESX-1004719.tgz md5sum: f0c37b9f6be3399536d60f6c6944de82 http://kb.vmware.com/kb/1004719 VMware ESX 3.0.2 patch ESX-1004219 (krb5) http://download3.vmware.com/software/vi/ESX-1004219.tgz md5sum: 7c68279762f407a7a5ee151a650ebfd4 http://kb.vmware.com/kb/1004219 VMware ESX 3.0.1 patch ESX-1004186 (HGFS,VIX) http://download3.vmware.com/software/vi/ESX-1004186.tgz md5sum: f64389a8b97718eccefadce1a14d1198 http://kb.vmware.com/kb/1004186 VMware ESX 3.0.1 patch ESX-1004728 (authd) http://download3.vmware.com/software/vi/ESX-1004728.tgz md5sum: 1f01bb819805b855ffa2ec1040eff5ca http://kb.vmware.com/kb/1004728 VMware ESX 3.0.1 patch ESX-1004725 (VIX) http://download3.vmware.com/software/vi/ESX-1004725.tgz md5sum: 9fafb04c6d3f6959e623832f539d2dc8 http://kb.vmware.com/kb/1004725 VMware ESX 3.0.1 patch ESX-1004721 (cyrus-sasl) http://download3.vmware.com/software/vi/ESX-1004721.tgz md5sum: 48190819b0f5afddefcb8d209d12b585 http://kb.vmware.com/kb/1004721 VMware ESX 3.0.1 patch ESX-1004723 (tcltk) http://download3.vmware.com/software/vi/ESX-1004723.tgz md5sum: c34ca0a5886e0c0917a93a97c331fd7d http://kb.vmware.com/kb/1004723 VMware ESX 3.0.1 patch ESX-1004190 (unzip) http://download3.vmware.com/software/vi/ESX-1004190.tgz md5sum: 05187b9f534048c79c62741367cc0dd2 http://kb.vmware.com/kb/1004190 VMware ESX 3.0.1 patch ESX-1004189 (krb5) http://download3.vmware.com/software/vi/ESX-1004189.tgz md5sum: 21b620530b99009f469c872e73a439e8 http://kb.vmware.com/kb/1004189 VMware ESX 2.5.5 Upgrade Patch 8 http://download3.vmware.com/software/esx/esx-2.5.5-90521-upgrade.tar.gz md5sum: 392b6947fc3600ca0e8e7788cd5bbb6e http://vmware.com/support/esx25/doc/esx-255-200805-patch.html VMware ESX 2.5.4 Upgrade Patch 19 http://download3.vmware.com/software/esx/esx-2.5.4-90520-upgrade.tar.gz md5sum: 442788fd0bccb0d994c75b268bd12760 http://vmware.com/support/esx25/doc/esx-254-200805-patch.html 5. References: CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5671 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0967 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0948 6. Change log: 2008-06-04 VMSA-2008-0009 Initial release - ------------------------------------------------------------------- 7. Contact: E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce@lists.vmware.com * bugtraq@securityfocus.com * full-disclosure@lists.grok.org.uk E-mail: security@vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2008 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIRs08S2KysvBH1xkRCMxFAJ0WJX76quFzCV+avwupq3Lu72UKigCfRftj CZvxoXw/sZxDCSDjVzYAhrA= =s04s -----END PGP SIGNATURE----- . More information about these vulnerabilities can be found in VU#895609 and VU#374121. II. III. Solution Install updates from your vendor Check with your vendors for patches or updates. For information about a vendor, please see the systems affected section in vulnerability notes VU#895609 and VU#374121 or contact your vendor directly. Administrators who compile MIT Kerberos from source should refer to MIT Security Advisory 2008-002 for more information. IV. References * US-CERT Vulnerability Note VU#895609 - <http://www.kb.cert.org/vuls/id/895609> * US-CERT Vulnerability Note VU#374121 - <http://www.kb.cert.org/vuls/id/374121> * MIT krb5 Security Advisory 2008-002 - <http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt2> _________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA08-079B.html> _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA08-079B Feedback VU#895609" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. _________________________________________________________________ Produced 2008 by US-CERT, a government organization

Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions. CUPS is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Failed exploit attempts will result in a denial of service. CUPS 1.3.5 is reported vulnerable; other versions may be affected as well. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including AFP Client, AFP Server, AppKit, Application Firewall, CoreFoundation, CoreServices, CUPS, Foundation, Help Viewer, Image Raw, libc, mDNSResponder, notifyd, pax archive utility, Podcast Producer, Preview, Printing, System Configuration, UDF, and Wiki Server. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. These issues affect Apple Mac OS X 10.4.11, 10.4.11 Server, 10.5.2, 10.5.2 Server and earlier. NOTE: This BID is being retired. The following individual records have been created to fully document all the vulnerabilities that were described in this BID: 28320 Apple Mac OS X AFP Client 'afp://' URI Remote Code Execution Vulnerability CVE-2008-0044. 28323 Apple Mac OS X AFP Server Cross-Realm Authentication Bypass Vulnerability CVE-2008-0994 28388 Apple Mac OS X AppKit NSDocument API's Stack Based Buffer Overflow Vulnerability CVE-2008-0048 28340 Apple Mac OS X AppKit Bootstrap Namespace Local Privilege Escalation Vulnerability CVE-2008-0049 28358 Apple Mac OS X AppKit Legacy Serialization Kit Multiple Integer Overflow Vulnerabilities CVE-2008-0057 28364 Apple Mac OS X AppKit PPD File Stack Buffer Overflow Vulnerability CVE-2008-0997 28368 Apple Mac OS X Application Firewall German Translation Insecure Configuration Weakness CVE-2008-0046 28375 Apple Mac OS X CoreFoundation Time Zone Data Local Privilege Escalation Vulnerability CVE-2008-0051 28384 Apple Mac OS X CoreServices '.ief' Files Security Policy Violation Weakness CVE-2008-0052 28334 CUPS Multiple Unspecified Input Validation Vulnerabilities 28341 Apple Mac OS X Foundation 'NSSelectorFromString' Input Validation Vulnerability 28343 Apple Mac OS X Foundation NSFileManager Insecure Directory Local Privilege Escalation Vulnerability 28357 Apple Mac OS X Foundation 'NSFileManager' Stack-Based Buffer Overflow Vulnerability 28359 Apple Mac OS X Foundation 'NSURLConnection' Cache Management Race Condition Security Vulnerability 28363 Apple Mac OS X Image RAW Stack-Based Buffer Overflow Vulnerability 28367 Apple Mac OS X Foundation 'NSXML' XML File Processing Race Condition Security Vulnerability 28371 Apple Mac OS X Help Viewer Remote Applescript Code Execution Vulnerability 28374 Apple Mac OS X libc 'strnstr(3)' Off-By-One Denial of Service Vulnerability 28387 Apple Mac OS X Printing To PDF Insecure Encryption Weakness 28386 Apple Mac OS X Preview PDF Insecure Encryption Weakness 28389 Apple Mac OS X Universal Disc Format Remote Denial of Service Vulnerability 28385 Apple Mac OS X NetCfgTool Local Privilege Escalation Vulnerability 28365 Apple Mac OS X pax Archive Utility Remote Code Execution Vulnerability 28344 Apple Mac OS X Authenticated Print Queue Information Disclosure Vulnerability 28345 Apple Mac OS X 'notifyd' Local Denial of Service Vulnerability 28372 Apple Mac OS X Podcast Producer Podcast Capture Information Disclosure Vulnerability 28339 Apple Mac OS X mDNSResponderHelper Local Format String Vulnerability. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1530-1 security@debian.org http://www.debian.org/security/ Noah Meyerhans March 25, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : cupsys Vulnerability : multiple Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-0047 CVE-2008-0882 Debian Bug : 472105 467653 Several local/remote vulnerabilities have been discovered in cupsys, the Common Unix Printing System. For the stable distribution (etch), these problems have been fixed in version 1.2.7-4etch3 We recommend that you upgrade your cupsys packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - - ------------------------------- Stable updates are available for alpha, amd64, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3.diff.gz Size/MD5 checksum: 104776 b684811e24921a7574798108ac6988d7 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3.dsc Size/MD5 checksum: 1084 0276f8e59e00181d39d204a28494d18c http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498 Architecture independent packages: http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch3_all.deb Size/MD5 checksum: 927322 65b1ff3cb7b8bbbe3b334ee43875aac4 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch3_all.deb Size/MD5 checksum: 45654 0b4ce3e9c2af460c5b694b906f450b12 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_alpha.deb Size/MD5 checksum: 1097006 45800a6b2c1dd7068843ade84480259d http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_alpha.deb Size/MD5 checksum: 39262 4f645e439999611b07348ad50e4da57d http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_alpha.deb Size/MD5 checksum: 174890 9affa7a1f2dc6548fcffb9a456181a3a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_alpha.deb Size/MD5 checksum: 86292 23431d4bfae9599caba759d4b0a3a8c0 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_alpha.deb Size/MD5 checksum: 94814 6be946280a3c9fadfd070f7284255df0 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_alpha.deb Size/MD5 checksum: 1609104 ecdd9f65f8799605a1efeac0d4eae774 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_alpha.deb Size/MD5 checksum: 184372 7720c886672d63cdeb501314beacc4b5 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_alpha.deb Size/MD5 checksum: 72428 2b4ed65a0a33b7cf32756c2b0cd925de amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_amd64.deb Size/MD5 checksum: 52858 badd0d21043714aa2c612b45323890a1 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_amd64.deb Size/MD5 checksum: 1574654 cf1c04e898f7380fdd338ecafb69185e http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_amd64.deb Size/MD5 checksum: 85652 24c3d3e054306785ccc958f1894a2b18 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_amd64.deb Size/MD5 checksum: 142534 7ad95206e0e450f8df27c9d858809ddb http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_amd64.deb Size/MD5 checksum: 162008 44f8d076b07194023c8ef4348a56e97a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_amd64.deb Size/MD5 checksum: 36352 5a4f9dc02fa0f8fb6936859c0fb1bd61 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_amd64.deb Size/MD5 checksum: 1086740 d466f2f5d8cb17ae0013dd99db5bcbb0 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_amd64.deb Size/MD5 checksum: 80704 d45a4a7461defd4c6b96bbfc292e3183 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_i386.deb Size/MD5 checksum: 1565044 7c19a56cb4a782487e104a01f31e0b47 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_i386.deb Size/MD5 checksum: 37600 fa90419b34b6733ef32f13797e4606f3 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_i386.deb Size/MD5 checksum: 79892 7460f7b76d597bcb02bdc0fe5897a32a http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_i386.deb Size/MD5 checksum: 86674 aebef9f4a309afdff01a7cce17b6f57b http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_i386.deb Size/MD5 checksum: 997608 e754dc8df237302fac7019754e42352b http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_i386.deb Size/MD5 checksum: 53418 b45cf2a324d52524244351d213c8be41 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_i386.deb Size/MD5 checksum: 137686 b726701fdb3e8948e5111e2e831bf853 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_i386.deb Size/MD5 checksum: 160080 c029e686ec624c2fdf156f885d1daf5c ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_ia64.deb Size/MD5 checksum: 1770478 73e7565983c31c3e651dd55acb38c0c7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_ia64.deb Size/MD5 checksum: 203722 9d2b9b9d1c3999a3f4ccf7e5e446bd1a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_ia64.deb Size/MD5 checksum: 1107480 d0898394febd60b7bf80e1e4ff335a39 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_ia64.deb Size/MD5 checksum: 73934 5156c8db255299aa66053bb4415cde19 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_ia64.deb Size/MD5 checksum: 106208 db2ad0519d15ee795758f72b3c093068 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_ia64.deb Size/MD5 checksum: 106220 8228fb0ccf8cc888973731f2aa72c8c4 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_ia64.deb Size/MD5 checksum: 192358 c1ee340a3e893b3f22adb138923167c2 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_ia64.deb Size/MD5 checksum: 46324 771aaa1b244d01eacdd62e8e963d434f mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_mips.deb Size/MD5 checksum: 86208 03d9d365f1c41e2efc36fc1a19dcb813 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_mips.deb Size/MD5 checksum: 1096636 65217c4fc57a23e065c9da14dfad6c9d http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_mips.deb Size/MD5 checksum: 1567240 46f2194418cb1d5800c44ae13bcd51ee http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_mips.deb Size/MD5 checksum: 57520 02e313bad869d4c50a6dde506765633b http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_mips.deb Size/MD5 checksum: 157528 f42c10ade950e4faa4403da4e8d740c4 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_mips.deb Size/MD5 checksum: 76156 d4778055a8900dcb6eaf2100a8172b63 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_mips.deb Size/MD5 checksum: 150976 5c00fd263eb81453450af5d5e79fe5b4 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_mips.deb Size/MD5 checksum: 36114 4ba209d715050a942d0c9025869378fe mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_mipsel.deb Size/MD5 checksum: 86404 41a26e5e4196385e67dddee0337c0ade http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_mipsel.deb Size/MD5 checksum: 158050 1b5af4a50dcfe41ec2b35af9a47d40b3 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_mipsel.deb Size/MD5 checksum: 36060 09d1cfdfb2e925b3f846d22cf760ba11 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_mipsel.deb Size/MD5 checksum: 1552652 67cf88cac0c510bec526c49025d7cbe0 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_mipsel.deb Size/MD5 checksum: 1084290 082931629866ea5a6aba940997698af7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_mipsel.deb Size/MD5 checksum: 57694 6e120d7fc4a6643eb208333b30e7c5c9 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_mipsel.deb Size/MD5 checksum: 77448 f411d88639ee78a68d46ece45e91368f http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_mipsel.deb Size/MD5 checksum: 150900 09be1543e6cd767098a3af2a70791036 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_powerpc.deb Size/MD5 checksum: 136866 623ea75ab7f6603f9ddc9276389c90ea http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_powerpc.deb Size/MD5 checksum: 162686 5766c22ea9cad4f8e5acbf8dd6ad48f6 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_powerpc.deb Size/MD5 checksum: 87910 767921a7b2ed329a3107da1f0dbb7dda http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_powerpc.deb Size/MD5 checksum: 41298 875908633ca26db04739a334b03c42c2 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_powerpc.deb Size/MD5 checksum: 89998 0c81d4c99f07d7b0cdcd91a2a9a6ad28 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_powerpc.deb Size/MD5 checksum: 51788 87423f593d57c4c9d0cc80cfafa28f87 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_powerpc.deb Size/MD5 checksum: 1142146 6c4479057269b64596d123d5cf859747 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_powerpc.deb Size/MD5 checksum: 1575696 eb08aafdd1c60d707b874a31dcab67b4 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_s390.deb Size/MD5 checksum: 166184 d748308d0a477ad16a42e25671f49dd9 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_s390.deb Size/MD5 checksum: 37422 6a3f5390f4ff82bd1c8ef4d64f0fcc46 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_s390.deb Size/MD5 checksum: 1036106 08ad799adaeb1ccd9538048e685d69d6 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_s390.deb Size/MD5 checksum: 87194 e881e70f5b31b800989f14fd4e97368f http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_s390.deb Size/MD5 checksum: 52256 ec508d448806c889b0c79aed8d95cc3e http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_s390.deb Size/MD5 checksum: 82340 c9ab3bc26da68abdde50d365b4224434 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_s390.deb Size/MD5 checksum: 144934 61cf1f32851be64340ffb36b266ee0a7 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_s390.deb Size/MD5 checksum: 1586624 1921d0bc3b7b03d4ed952ecb4b0b561b sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_sparc.deb Size/MD5 checksum: 78500 74d7872d04914d26d5a4baa768437603 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_sparc.deb Size/MD5 checksum: 51572 93fd782dbbc7148c9f96b18ad7ebe111 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_sparc.deb Size/MD5 checksum: 84622 6eb7012156c87266af9802d38f1dd366 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_sparc.deb Size/MD5 checksum: 158596 68ca94de2c329c162ae40ac5b79af29b http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_sparc.deb Size/MD5 checksum: 36018 61ffbfc960bea5c6fda52ffefa8886b7 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_sparc.deb Size/MD5 checksum: 991000 3135666aadf8d4f4cd273fbd7d50cfca http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_sparc.deb Size/MD5 checksum: 139570 e281ec84c08bcac3f54d5017b6917e0b http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_sparc.deb Size/MD5 checksum: 1561792 21cd9a3e1e89ba96aa11890858194b82 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFH6RVAYrVLjBFATsMRAozSAJ9kTMEJ+adGZ1Sn0N6kOyhCmJU0HACeK7Xp 2NTRUT1F1Cu9Xrm9EGvmg3M= =Fgu/ -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-598-1 April 02, 2008 cupsys vulnerabilities CVE-2008-0047, CVE-2008-0053, CVE-2008-0882, CVE-2008-1373 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: cupsys 1.2.2-0ubuntu0.6.06.8 Ubuntu 6.10: cupsys 1.2.4-2ubuntu3.3 Ubuntu 7.04: cupsys 1.2.8-0ubuntu8.3 Ubuntu 7.10: cupsys 1.3.2-1ubuntu7.6 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that the CUPS administration interface contained a heap- based overflow flaw. A local attacker, and a remote attacker if printer sharing is enabled, could send a malicious request and possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-0047) It was discovered that the hpgl filter in CUPS did not properly validate its input when parsing parameters. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-0053) It was discovered that CUPS had a flaw in its managing of remote shared printers via IPP. A remote attacker could send a crafted UDP packet and cause a denial of service or possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-0882) It was discovered that CUPS did not properly perform bounds checking in its GIF decoding routines. If a crafted GIF file were printed, an attacker could possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-1373) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.8.diff.gz Size/MD5: 97650 b7ac4b760066920314d4596541cf716e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.8.dsc Size/MD5: 1049 26e617c4b5c0848d56f872895e279a86 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.8_all.deb Size/MD5: 998 c7d4013c3b9e3655e2fd2e9719d4d2af amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.8_amd64.deb Size/MD5: 36218 9eff8fd692afe5ae17ca80f269a0ca6b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.8_amd64.deb Size/MD5: 81906 ac05150f42e5671c5cdc73ba8f85cb5b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.8_amd64.deb Size/MD5: 2286026 acd4a48c676556fc7260bbd86db0416b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.8_amd64.deb Size/MD5: 6096 3df7829bfb8766de94a4ef2ff0be824f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.8_amd64.deb Size/MD5: 76654 0d67c8599d4e2accf4f7ee31b498fdc7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.8_amd64.deb Size/MD5: 25758 14617ef9d38146ceaf89b4e9775e2fb4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.8_amd64.deb Size/MD5: 129498 5cd8c821b31dddde0c200a61570d48b6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.8_i386.deb Size/MD5: 34766 88ac5bced1d508f9695b4b4f4ae0f82a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.8_i386.deb Size/MD5: 77988 84db3f3ad17936d5015a26353c55bc6a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.8_i386.deb Size/MD5: 2253492 2cc1ec94caf6344a555ece9f69b51fe2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.8_i386.deb Size/MD5: 6088 00226da0a854f64bd5b18ace219de031 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.8_i386.deb Size/MD5: 75744 73038a225d7301b4b5f8085219c97c81 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.8_i386.deb Size/MD5: 25740 52699a4b9dea621f4332db5856f8b574 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.8_i386.deb Size/MD5: 121718 2e904399c40c9f83e451bb2e964820c1 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.8_powerpc.deb Size/MD5: 40464 7e6bd3ec6312eef104737ffed5e19c3c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.8_powerpc.deb Size/MD5: 89542 8b9353d17d9402495f2404a9ab837b92 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.8_powerpc.deb Size/MD5: 2300680 65597d07917b8753a0af6f6aae1276db http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.8_powerpc.deb Size/MD5: 6096 d6cb4780e6f4545bc8566cce92fb8346 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.8_powerpc.deb Size/MD5: 78442 c75b4f47491227c2504649902a040855 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.8_powerpc.deb Size/MD5: 25742 372a1c972e97e1722a844430780ae6c5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.8_powerpc.deb Size/MD5: 127478 afad79a272bbe434675f24d7a3ca91ef sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.8_sparc.deb Size/MD5: 35396 b44ad7e913ff064d2a3fb73121771686 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.8_sparc.deb Size/MD5: 78724 a8bff0942be4b14ece6dde8fd38b6f5a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.8_sparc.deb Size/MD5: 2287122 2415f6a5410a63b98ba32ecdf8fbcfb7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.8_sparc.deb Size/MD5: 6094 384dc8a7b9c8dfbefa42d7b5fbb836c7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.8_sparc.deb Size/MD5: 75678 6258f4d4c1b55d90b34cee1caa12dc35 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.8_sparc.deb Size/MD5: 25740 ca7f1a4412f42d739d51c1ddbc09045a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.8_sparc.deb Size/MD5: 123214 801292f8a2652b579a82b7a7c52e9ffd Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.3.diff.gz Size/MD5: 111410 fb84af4bcf007f2f7299394e0be32412 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.3.dsc Size/MD5: 1059 430be555857b7aa5cc01431466487aaf http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4.orig.tar.gz Size/MD5: 4091480 46722ad2dc78b12b5c05db2d080fe784 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.2.4-2ubuntu3.3_all.deb Size/MD5: 870052 97e82b21269a8bb5e7ac995cc4cb665d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.3_amd64.deb Size/MD5: 36706 eb308fea40f4b7d159304b4b875b2329 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.3_amd64.deb Size/MD5: 82506 3b04032674acc75d3184f537af144d3a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.3_amd64.deb Size/MD5: 1480680 18b1537c8238b225e6ba2bb51570b942 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.3_amd64.deb Size/MD5: 6122 b324305be458b5207d242efc230d06c1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.3_amd64.deb Size/MD5: 95522 fce843ba1e5c51ec7a8161f0a0828acc http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.3_amd64.deb Size/MD5: 26138 041e52bad239d993b22d65873705a751 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.3_amd64.deb Size/MD5: 172282 cf3fd3c84c83b36aa453ca2e071ab74c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.3_i386.deb Size/MD5: 36260 c2daeb19fee1ebfe794be09ebefef1c7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.3_i386.deb Size/MD5: 80108 c599f739a103867967a78f91569db74e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.3_i386.deb Size/MD5: 1463912 d22879a24e9f1ff1d12e7845ad596cc2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.3_i386.deb Size/MD5: 6124 01628551a9fc66423789f02853d0d9ba http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.3_i386.deb Size/MD5: 95352 b6084c36087da3aa1a3c8d44f9a9d0a7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.3_i386.deb Size/MD5: 26142 838499ddbf886c5514ef11c6e4bdeda9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.3_i386.deb Size/MD5: 169404 8262471b1cdb9991fbde554a31c74508 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.3_powerpc.deb Size/MD5: 41802 b703ca8629e5df46fc1f1d45acd20581 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.3_powerpc.deb Size/MD5: 91148 caca2486db7794b133539af9b939a607 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.3_powerpc.deb Size/MD5: 1498496 0662d077dfae2d1b6b00db7a0966366b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.3_powerpc.deb Size/MD5: 6128 792c5ee645b0f7a7e1d63d9206348c52 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.3_powerpc.deb Size/MD5: 97682 b37660eb88a487e5f7c49b9ed6f1c937 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.3_powerpc.deb Size/MD5: 26144 b834556e6374093f5652754dd8c0ff6a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.3_powerpc.deb Size/MD5: 172694 3174ff36eaa0bc4ac7f4df02299413ca sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.3_sparc.deb Size/MD5: 36292 2cd1ea5a42eff193ca8a4c2ec53aefa1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.3_sparc.deb Size/MD5: 80238 10b95fff38cb0436cf30a30e683cc27d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.3_sparc.deb Size/MD5: 1489214 119f077088e3b2009c896fd395448717 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.3_sparc.deb Size/MD5: 6128 204a14898a9508a980e71d33792cfb59 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.3_sparc.deb Size/MD5: 94574 a87580c3fd22da592dd5496190afb871 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.3_sparc.deb Size/MD5: 26142 e7b959209cad884220bb1cacb2cd0555 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.3_sparc.deb Size/MD5: 168700 1f717ec06409999b5a40bb89dcedb5b0 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.3.diff.gz Size/MD5: 156263 0147ec4c77b27e20df2a3ad514c2dd8e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.3.dsc Size/MD5: 1143 7fb2ad1b1c8e57b09805fc9d6c1e027d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8.orig.tar.gz Size/MD5: 4293194 107affe95fcf1cd4aaed4a5c73f4b91f Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.2.8-0ubuntu8.3_all.deb Size/MD5: 926414 97df229c931f7eb05af5a5cb623635ae amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.3_amd64.deb Size/MD5: 37412 20fb406aae21e63dc8c9723e178505af http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.3_amd64.deb Size/MD5: 83238 9aa9eb876585e32757c83783d79b0a02 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.3_amd64.deb Size/MD5: 1638304 7673386b3a9d63c09bd3647cf5dad877 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.3_amd64.deb Size/MD5: 56378 32e2acb4fe5ef7aab8b8896a8d40166c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.3_amd64.deb Size/MD5: 104324 649109ddb522145730c67b93a870eefe http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.3_amd64.deb Size/MD5: 144860 c0fb60ebae640e565607f0cdfd7094b7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.3_amd64.deb Size/MD5: 182344 204887dda2791a61417415c4466a51d7 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.3_i386.deb Size/MD5: 36722 22030307f71a44ca7b30921aef0bf46a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.3_i386.deb Size/MD5: 80738 c92706978d65b9a409d93e704c5662b4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.3_i386.deb Size/MD5: 1620944 bc9a1e338567e27aee10cded16abbcc2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.3_i386.deb Size/MD5: 55472 15cd34697cca79ee83498691da531d37 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.3_i386.deb Size/MD5: 104028 3d13c92bf5f0c9a26f3a8ba534dc6dec http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.3_i386.deb Size/MD5: 139332 c33597e3bbce0d41df0efe84c2b59377 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.3_i386.deb Size/MD5: 178604 a93713bb9b422a0460d42dc35eb7f8b3 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.3_powerpc.deb Size/MD5: 46768 682b1e104c73d8820a5b39ba79de7883 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.3_powerpc.deb Size/MD5: 101104 78dcf70528f5682b2499efa0b03f6a42 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.3_powerpc.deb Size/MD5: 1695542 06c8b6b43afa525b07718d410eed6438 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.3_powerpc.deb Size/MD5: 56226 27ce8328e4cfc184ef64fdfe5bcf1b45 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.3_powerpc.deb Size/MD5: 109886 607c9d1bdc4eaf3627031f98f59948be http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.3_powerpc.deb Size/MD5: 141172 501aee8031dd71ce2166e79bfca04129 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.3_powerpc.deb Size/MD5: 188236 ccbcdb277477728c10dac36435924085 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.3_sparc.deb Size/MD5: 37788 7da1fb58e7d4b6bfd71ed47b1ba5d201 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.3_sparc.deb Size/MD5: 83750 69a59033ea6458f3f82046aee46ba4bb http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.3_sparc.deb Size/MD5: 1658908 b35167112445c8bc3c1281604412f534 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.3_sparc.deb Size/MD5: 54756 b877de97919e00870c84850b1e074555 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.3_sparc.deb Size/MD5: 103574 204efb55b2d46f00cd4f8ddc429d805f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.3_sparc.deb Size/MD5: 141742 5e411c3199e1a1296dbd7cd7c6958e1a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.3_sparc.deb Size/MD5: 177884 4e1b218fd113193e4cf149aea90ec6c7 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.6.diff.gz Size/MD5: 125298 81ae6b42c7dd12a1797a63d19c644a8c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.6.dsc Size/MD5: 1218 c56faedc440fc2b16f9a1f396a607d1e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2.orig.tar.gz Size/MD5: 4848424 9e3e1dee4d872fdff0682041198d3d73 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.2-1ubuntu7.6_all.deb Size/MD5: 1080444 5d01f105292a526744e5622a14a9aed4 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.6_amd64.deb Size/MD5: 37204 c3425972caa02e7a25321f49d47c6f9b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.6_amd64.deb Size/MD5: 89504 5411f2454e0d2a0323e9951cb15a534d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.6_amd64.deb Size/MD5: 2034570 c8d6548bd1ba7cb841b196e762da492c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.6_amd64.deb Size/MD5: 59890 150d59889adc8fd0cb185989876a355d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.6_amd64.deb Size/MD5: 46780 e15952781e93e862194d453320605bbc http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.6_amd64.deb Size/MD5: 152020 32c671873dfad4e39104da5c3a6e935e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.6_amd64.deb Size/MD5: 186028 1a1404a7d67078e31c8819bf3d8d4dae i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.6_i386.deb Size/MD5: 36476 a982fce3918a91c74e92fb515f1c6d65 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.6_i386.deb Size/MD5: 86484 0e4d80917e070f7b2f109de81f96bc4d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.6_i386.deb Size/MD5: 2018116 cff3abb1b69d797d616e73c93885de3a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.6_i386.deb Size/MD5: 58634 6d2590c49af04215519a87e857463652 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.6_i386.deb Size/MD5: 46140 0ebe76bdf799336e0b2d01d0a0eca72c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.6_i386.deb Size/MD5: 145694 6766e6515de26b782e211840f330b93e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.6_i386.deb Size/MD5: 182802 c62bc1107e748c200e6969a239ae8b9b powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.6_powerpc.deb Size/MD5: 46498 044a54c557dd4006bb40a13dd2c2b156 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.6_powerpc.deb Size/MD5: 107752 76e4020feb1778e713389fc6bdb86ea9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.6_powerpc.deb Size/MD5: 2099222 73d517a40d877a238856a232e6be64c9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.6_powerpc.deb Size/MD5: 59342 8530840cf85bf44c8803fd064b61e1f7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.6_powerpc.deb Size/MD5: 51716 9d30c790a4b94ac07670d7e15c2e41ab http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.6_powerpc.deb Size/MD5: 146948 f73327e30e2778bdcf4543c04855e6a1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.6_powerpc.deb Size/MD5: 191752 46d534c4c477657ab03419d18f91728f sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.6_sparc.deb Size/MD5: 37564 1771f3f6f2ceb1864696801f7f420e93 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.6_sparc.deb Size/MD5: 89606 69149447dbd4e3b36185bd977202f837 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.6_sparc.deb Size/MD5: 2060610 ed932d7ee05e745bc0af647d361e7d99 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.6_sparc.deb Size/MD5: 57900 7369866ac9adb6abd966e2d1e2f95b42 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.6_sparc.deb Size/MD5: 45440 60eda5d4cc12eb2c35817d6c0d4ef43a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.6_sparc.deb Size/MD5: 148476 8e1d119a91b8c6d8d15032b27a498235 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.6_sparc.deb Size/MD5: 181842 8283739361474f00d65f9bf52d7c0e3d . Finally, a vulnerability in how CUPS handled GIF files was found by Tomas Hoger of Red Hat, similar to previous issues corrected in PHP, gd, tk, netpbm, and SDL_image (CVE-2008-1373). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1373 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 4ecbfe664ba6820bf06dc406133e265c 2007.0/i586/cups-1.2.4-1.8mdv2007.0.i586.rpm 6d51733a95884e36cca9570738537ff6 2007.0/i586/cups-common-1.2.4-1.8mdv2007.0.i586.rpm abe0591d8b2b390a82dffcd2fed43b14 2007.0/i586/cups-serial-1.2.4-1.8mdv2007.0.i586.rpm 91ffe19d342810de71e056e213056552 2007.0/i586/libcups2-1.2.4-1.8mdv2007.0.i586.rpm 71fd9246da1e48b2dc6a60ceeae41e48 2007.0/i586/libcups2-devel-1.2.4-1.8mdv2007.0.i586.rpm bd0f3b69fe5dc7bddd6c121200db014d 2007.0/i586/php-cups-1.2.4-1.8mdv2007.0.i586.rpm cb50a10a1096424175c1a49e8e22a8a1 2007.0/SRPMS/cups-1.2.4-1.8mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: d9423a942f4f779959cfe489866b52f5 2007.0/x86_64/cups-1.2.4-1.8mdv2007.0.x86_64.rpm 8b13ba591a7dc53c658876dae447ce17 2007.0/x86_64/cups-common-1.2.4-1.8mdv2007.0.x86_64.rpm 9e434edde16c05fded1b706adaae859d 2007.0/x86_64/cups-serial-1.2.4-1.8mdv2007.0.x86_64.rpm 9733f3116c8488148471af3d5bdafd16 2007.0/x86_64/lib64cups2-1.2.4-1.8mdv2007.0.x86_64.rpm fbb5010088c23aa2cf635875179adc3c 2007.0/x86_64/lib64cups2-devel-1.2.4-1.8mdv2007.0.x86_64.rpm 00e05d49f33ef5d0067287ef1a27246c 2007.0/x86_64/php-cups-1.2.4-1.8mdv2007.0.x86_64.rpm cb50a10a1096424175c1a49e8e22a8a1 2007.0/SRPMS/cups-1.2.4-1.8mdv2007.0.src.rpm Mandriva Linux 2007.1: dc81f96bd48732eed770b0090b333695 2007.1/i586/cups-1.2.10-2.6mdv2007.1.i586.rpm 3545d312400a8f5aad55e323d2ff3543 2007.1/i586/cups-common-1.2.10-2.6mdv2007.1.i586.rpm f4656b26df51f63813a49006415a783b 2007.1/i586/cups-serial-1.2.10-2.6mdv2007.1.i586.rpm ab1869c8ddeda927fdfbc49c386756f1 2007.1/i586/libcups2-1.2.10-2.6mdv2007.1.i586.rpm 5de192ed26380212896fcd376a1b3e23 2007.1/i586/libcups2-devel-1.2.10-2.6mdv2007.1.i586.rpm a347c58fc3e76e064cabf8425d0245ab 2007.1/i586/php-cups-1.2.10-2.6mdv2007.1.i586.rpm 15c9274e61f9dbe98150fa1ae58ef7bc 2007.1/SRPMS/cups-1.2.10-2.6mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 1faa57f00d0577f6d25cddf7fccd7edb 2007.1/x86_64/cups-1.2.10-2.6mdv2007.1.x86_64.rpm 26a14fabfef38f2fd4ab88c6184d4e2f 2007.1/x86_64/cups-common-1.2.10-2.6mdv2007.1.x86_64.rpm b5a49bfbeb004af58e1e5f9c1660dece 2007.1/x86_64/cups-serial-1.2.10-2.6mdv2007.1.x86_64.rpm 6b81f4e888dec6e94231b01fd5d162bf 2007.1/x86_64/lib64cups2-1.2.10-2.6mdv2007.1.x86_64.rpm 256313a9ac10203a7d59deb6ff0a3da0 2007.1/x86_64/lib64cups2-devel-1.2.10-2.6mdv2007.1.x86_64.rpm 41e268b0e9e8a5e256c9af6192dfcae0 2007.1/x86_64/php-cups-1.2.10-2.6mdv2007.1.x86_64.rpm 15c9274e61f9dbe98150fa1ae58ef7bc 2007.1/SRPMS/cups-1.2.10-2.6mdv2007.1.src.rpm Mandriva Linux 2008.0: 27ee99856a1c4448cdee618f2db8ae52 2008.0/i586/cups-1.3.6-1.1mdv2008.0.i586.rpm 09a6026a683b1ea029b63b0480aa2d4b 2008.0/i586/cups-common-1.3.6-1.1mdv2008.0.i586.rpm 7974c9c3a572a389fea83250cd57c8e1 2008.0/i586/cups-serial-1.3.6-1.1mdv2008.0.i586.rpm a6432e417d401b7900113763255bf8c3 2008.0/i586/libcups2-1.3.6-1.1mdv2008.0.i586.rpm cfb0fd68a1d60f1dfa985da0bb79190f 2008.0/i586/libcups2-devel-1.3.6-1.1mdv2008.0.i586.rpm aba1862f9db0e18f09d581ef0a95fde8 2008.0/i586/php-cups-1.3.6-1.1mdv2008.0.i586.rpm e034c775d5b04fffb14cb441b8174a55 2008.0/SRPMS/cups-1.3.6-1.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: b18f356dc9fc5cda784e576e3f20a801 2008.0/x86_64/cups-1.3.6-1.1mdv2008.0.x86_64.rpm bccc98b2ad3205d2c301036ba9d28f61 2008.0/x86_64/cups-common-1.3.6-1.1mdv2008.0.x86_64.rpm 1c1837c8a8eb04609daa405553ab7fe8 2008.0/x86_64/cups-serial-1.3.6-1.1mdv2008.0.x86_64.rpm 5748bf84c1239e2b4255446cbf6c8285 2008.0/x86_64/lib64cups2-1.3.6-1.1mdv2008.0.x86_64.rpm bd593d10e724d5fcb41a474ceb985996 2008.0/x86_64/lib64cups2-devel-1.3.6-1.1mdv2008.0.x86_64.rpm f2db5dfbb8dc8327965a45a5d88e0b6d 2008.0/x86_64/php-cups-1.3.6-1.1mdv2008.0.x86_64.rpm e034c775d5b04fffb14cb441b8174a55 2008.0/SRPMS/cups-1.3.6-1.1mdv2008.0.src.rpm Corporate 3.0: 21bb1e12de3ad442d1abcf6b748e4612 corporate/3.0/i586/cups-1.1.20-5.17.C30mdk.i586.rpm 0b98a618d204f1cb5d93cfc8bc17ce04 corporate/3.0/i586/cups-common-1.1.20-5.17.C30mdk.i586.rpm b4d7d4823f4a052f1b88de95c15fdd35 corporate/3.0/i586/cups-serial-1.1.20-5.17.C30mdk.i586.rpm 15ff4fca1070bde09536ef5c152f93fa corporate/3.0/i586/libcups2-1.1.20-5.17.C30mdk.i586.rpm 29a49e9cd1dab4afc7d4b45f756db2ec corporate/3.0/i586/libcups2-devel-1.1.20-5.17.C30mdk.i586.rpm 2d3ba4ca7a10c5842f6eeb6a7f847e86 corporate/3.0/SRPMS/cups-1.1.20-5.17.C30mdk.src.rpm Corporate 3.0/X86_64: f977134efb9f309911bfc1b4850e82f0 corporate/3.0/x86_64/cups-1.1.20-5.17.C30mdk.x86_64.rpm 36fff0b8424e4f651e6f055c70008521 corporate/3.0/x86_64/cups-common-1.1.20-5.17.C30mdk.x86_64.rpm 696c4e4cc405b9ca56f22819fa2f818b corporate/3.0/x86_64/cups-serial-1.1.20-5.17.C30mdk.x86_64.rpm 942d626665fe5a05f879411e7ca80030 corporate/3.0/x86_64/lib64cups2-1.1.20-5.17.C30mdk.x86_64.rpm e191a6945b87e3b33617a3de06561d3e corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.17.C30mdk.x86_64.rpm 2d3ba4ca7a10c5842f6eeb6a7f847e86 corporate/3.0/SRPMS/cups-1.1.20-5.17.C30mdk.src.rpm Corporate 4.0: a091b07a3a414304cf24e76ab99d3afe corporate/4.0/i586/cups-1.2.4-0.8.20060mlcs4.i586.rpm 4cabdbd655b65028ee5bdfb3452f4506 corporate/4.0/i586/cups-common-1.2.4-0.8.20060mlcs4.i586.rpm 534437dd5a286f0484df0e2cdfd9e636 corporate/4.0/i586/cups-serial-1.2.4-0.8.20060mlcs4.i586.rpm 0dd449c47be977964034d699749738f7 corporate/4.0/i586/libcups2-1.2.4-0.8.20060mlcs4.i586.rpm 6aad89786cfec35bc5e81eb3a1dc8cd4 corporate/4.0/i586/libcups2-devel-1.2.4-0.8.20060mlcs4.i586.rpm fc46181aa746a4f637d66681fb975560 corporate/4.0/i586/php-cups-1.2.4-0.8.20060mlcs4.i586.rpm 83a55c89caf98419e9f76b58c6bee2e5 corporate/4.0/SRPMS/cups-1.2.4-0.8.20060mlcs4.src.rpm Corporate 4.0/X86_64: 7c7624e35383c614691e4063215f8d65 corporate/4.0/x86_64/cups-1.2.4-0.8.20060mlcs4.x86_64.rpm 17f29e8614a988900a09305adfd1c85b corporate/4.0/x86_64/cups-common-1.2.4-0.8.20060mlcs4.x86_64.rpm 773484820406d7285608081cb7e262d2 corporate/4.0/x86_64/cups-serial-1.2.4-0.8.20060mlcs4.x86_64.rpm a53e7a817a42ccc1ac5a5daa7602c4d8 corporate/4.0/x86_64/lib64cups2-1.2.4-0.8.20060mlcs4.x86_64.rpm ad933e76d237bbb83bf568071566ba37 corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.8.20060mlcs4.x86_64.rpm 4c6d20646db4de2ab03907c9b6705067 corporate/4.0/x86_64/php-cups-1.2.4-0.8.20060mlcs4.x86_64.rpm 83a55c89caf98419e9f76b58c6bee2e5 corporate/4.0/SRPMS/cups-1.2.4-0.8.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH88NLmqjQ0CJFipgRAvgQAJ9PyMfRvtdcft3hCuqCnGg+4dLucQCgrz1i QDjzjtxa/ZH8ibtkLnEJNvQ= =7iZK -----END PGP SIGNATURE----- . iDefense Security Advisory 03.18.08 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 18, 2008 I. BACKGROUND The Common UNIX Printing System, more commonly referred to as CUPS, provides a standard printer interface for various Unix based operating systems. For more information, visit the vendor's website at the following URL. http://www.cups.org/ II. CUPS listens on TCP port 631 for requests. This interface provides access to several CGI applications used to administer CUPS and provide information about print jobs. By passing a specially crafted request, an attacker can trigger a heap based buffer overflow. III. Depending on the underlying operating system and distribution, CUPS may run as the lp, daemon, or a different user. In order to exploit this vulnerability remotely, the targeted host must be sharing a printer(s) on the network. If a printer is not being shared, where CUPS only listens on the local interface, this vulnerability could only be used to elevate privileges locally. IV. V. WORKAROUND Disabling printer sharing will prevent this vulnerability from being exploited remotely. However, local users will still be able to obtain the privileges of the CUPS service user. VI. VENDOR RESPONSE Apple Inc. has addressed this vulnerability within Security Update 2008-002. For more information, visit the following URL. http://docs.info.apple.com/article.html?artnum=307562 VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-0047 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 02/26/2008 Initial vendor notification 02/26/2008 Initial vendor response 03/18/2008 Coordinated public disclosure IX. CREDIT This vulnerability was reported to iDefense by regenrecht. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright \xa9 2008 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200804-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: CUPS: Multiple vulnerabilities Date: April 01, 2008 Bugs: #211449, #212364, #214068 ID: 200804-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in CUPS, allowing for the remote execution of arbitrary code and a Denial of Service. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-print/cups < 1.2.12-r7 >= 1.2.12-r7 Description =========== Multiple vulnerabilities have been reported in CUPS: * regenrecht (VeriSign iDefense) discovered that the cgiCompileSearch() function used in several CGI scripts in CUPS' administration interface does not correctly calculate boundaries when processing a user-provided regular expression, leading to a heap-based buffer overflow (CVE-2008-0047). * Tomas Hoger (Red Hat) reported that the gif_read_lzw() function uses the code_size value from GIF images without properly checking it, leading to a buffer overflow (CVE-2008-1373). Workaround ========== There is no known workaround at this time. Resolution ========== All CUPS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.2.12-r7" References ========== [ 1 ] CVE-2008-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0047 [ 2 ] CVE-2008-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0053 [ 3 ] CVE-2008-0882 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0882 [ 4 ] CVE-2008-1373 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1373 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200804-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. Vulnerabilities in the MIT Kerberos Key Distribution Center server could allow a remote attacker to compromise the key database, gain access to sensitive information, or cause a denial of service. MIT Kerberos 5 KDC is prone to multiple information-disclosure vulnerabilities resulting from memory corruption. These issues occur when KDC is configured to support Kerberos 4 and processes malformed krb4 messages. An attacker can exploit these issues to obtain potentially sensitive information that will aid in further attacks. Failed exploit attempts will likely result in denial-of-service conditions. Given the nature of these vulnerabilities, the attacker could leverage these issues to execute arbitrary code, but this has not been confirmed. MIT Kerberos 5 version 1.6.3 KDC is vulnerable; other versions may also be affected. Kerberos is a set of network authentication protocols developed by the Massachusetts Institute of Technology (MIT). It adopts a client/server structure, and both the client and the server can authenticate each other (that is, double verification), which can prevent eavesdropping and replay attack, etc. MIT Kerberos 5 (also known as krb5) is a set of network authentication protocols developed by the Massachusetts Institute of Technology (MIT). ), which can prevent eavesdropping, prevent replay attacks, etc. If the KDC receives a malformed Kerberos 4 message, and there was no previous Kerberos 4 communication, a null pointer dereference will be triggered, causing the KDC to crash. If there is valid Kerberos 4 communication, messages sent to the client are locked using a null pointer; the pointer may resend a previously generated response, send some arbitrary block of process memory (which may contain key data), or due to an attempt to Accessing an invalid address crashes the process. If the process does not crash, a random address is passed to free(), which may corrupt the release pool, causing a crash, data corruption, or a jump to an arbitrary address in process memory. It is theoretically possible for the exposed information to include secret key data on some platforms. It is at least theoretically possible for such corruption to result in database corruption or arbitrary code execution, though we have no such exploit and are not aware of any such exploits in use in the wild. In versions of MIT Kerberos shipped by Debian, this bug can only be triggered in configurations that allow large numbers of open file descriptors in a process. For the stable distribution (etch), these problems have been fixed in version 1.4.4-7etch5. For the old stable distribution (sarge), these problems have been fixed in version krb5 1.3.6-2sarge6. We recommend that you upgrade your krb5 packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 3.1 (oldstable) - ---------------------- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6.orig.tar.gz Size/MD5 checksum: 6526510 7974d0fc413802712998d5fc5eec2919 http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge6.diff.gz Size/MD5 checksum: 673705 93382126a3c73ac44ed7daa7d85f166d http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge6.dsc Size/MD5 checksum: 782 0391aaf485ef1636ef18c6ba183c3fbe Architecture independent packages: http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.3.6-2sarge6_all.deb Size/MD5 checksum: 718916 ca2fb37b53a19207f1e1f1de90c4c1f3 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 137834 d43e9d3f3ef65fe8c8cbbb7b5dcbd144 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 177730 947fb82dd795f9272935ea4cb027e543 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 124864 4f1d0aa9d18013023f4a9f2b9a10db65 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 104886 15037693de0d9dc27460d713b547872a http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 63606 c4cfe2b01bfe0b579b216210817c4fa3 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 369420 c8d1eaf98400880ff82f727fe20f90cd http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 82806 30230dfe2605b88fdeac8811d408acdb http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 57048 741292984684fddae11e130dcd388161 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 652378 d8f3493f4354e0b3717ffc72d6592b88 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_amd64.deb Size/MD5 checksum: 216990 0df13c59411cf57b86bd94e250cf458e arm architecture (ARM) http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 115684 ef39b71c5ecf4187e24d27c1111c9a54 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 633330 08566aa29ab8d56e26070137a16731a4 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 158874 4f60129aa092ea3d750deb168299abe7 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 54134 e23173f4ad3a59af03fbab0369a714a9 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 58252 255394fcc06d13b6dabc2e87c91dac02 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 198848 aaba0529c817ff11728515f5a116f71b http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 126814 85d31333aa01c4ab1f7b14ffaaa4c08b http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 74940 706b7cbfb01d66cbdb371a9019b3f725 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 329190 a661364db9bd2d5c5340a0c6a5c939f4 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_arm.deb Size/MD5 checksum: 93938 04dc96993c79d0113a0626a4439c8cbf hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 125154 afd4a9608fff5b1b3e793881bb2c9c2c http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 64286 b85cf8b5680c12c093ff34150623a3a0 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 59368 3df43bbb40e060d0522495ff3e78412d http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 669644 50027bd1d314e911c4a91647989fad1e http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 104948 a013d1818ed8d6dd7d75a8ac11e795f9 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 187304 401a8e21722c104f3d3aae86cf3640e9 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 383876 d50afad26c9a0416fe47dfdf5ff649f4 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 81992 b6c84f121f66616f578b13a3f0c654ca http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 139202 4972377b638f980ad757128f14132874 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_hppa.deb Size/MD5 checksum: 224154 8a8436e210dd8892487ea482a1de6522 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 116324 445bced4eb764a78e51b68e4d7558363 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 574784 40fa136876b3219e55de089340c0c85e http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 52890 a6ae74be5b338ab7f215d0846353833e http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 165726 4b2485d3b8a50cd61ffcd2e0748d70fe http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 349416 2f33d4592484a2adf276fd29cfe9d728 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 127878 7232e14b8bc1d78fa4346b4ed393a3b9 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 95656 00f7666dac13adf2a7bfc81c9d801f2f http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 191526 d8613e5a3d87838ee7155f54c1c12f3d http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 57762 2baa509aad5f6b837753e5a3e65e63f1 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_i386.deb Size/MD5 checksum: 75890 5e52830c36794bb8ed2cdd14611ec690 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 134332 473be671406f747295c4a94d3f2ca3c5 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 289396 c95c79f18a2a8cb78131a35073c09ebe http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 890018 a9ca82650f5f96ac66d2b4436b0d1345 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 167350 f448dced91316668c1d33d6a0776eb2c http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 240384 5dc95c9ea35a7b052041e177114c5acf http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 79982 8980a39a06eeca5ef5adb623786742a2 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 73692 039a88dc8793fa4de6e461408cde62bd http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 105008 273a9dbaf7a4882f39ebd9de527f76fb http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 502382 97f1d32991c1778752bad887f4029990 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_ia64.deb Size/MD5 checksum: 165288 7d2e3c354cc50db22fc34a396902690f m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 71116 2f35c57d9f24856b013e27b0eef24a25 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 516020 203205bb2e6f66161c2aa98746687190 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 49768 39d4529ec4e27e2fdc75de762c5643fa http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 107660 0659ab018fbf062504348fc63ef97cc6 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 147864 b86ebef3ec1541aeabc20be31e503049 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 305872 1fc4f6385b5196c1c892731eac06f5b3 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 122106 c60b71edc9196adda91d40c4b84a908e http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 174180 6d750c072a8d641bd661ea5c688199f3 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 53478 74055ea66e27e24d79c824691da8fe0f http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_m68k.deb Size/MD5 checksum: 88692 074a5c747c652e7ce8d911077ca5586c mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 145108 f432457761497dcfd8e1ba6fe7ac43fa http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 164386 512e3b183ffc5f121f82981f32235377 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 57750 d827cf9980ed4eba196dedf93e7d9b5d http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 680860 b4718176172f14d54d2a4662ae28e534 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 128738 a9592a522e7cc0f6db4c121ac04db438 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 65060 9b5613121aff8f341cb2dc3786b28d78 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 103404 eb3ca8cddb900bd4dfdb10b67ca9622c http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 225708 d09d386a5705b48584ffd51b0127883d http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 355178 359ca6a220b6a9e7af7b949e7a64fb5d http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_mips.deb Size/MD5 checksum: 80956 407fec89580608afebb4ff89d95bdf72 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 146678 76f8820a81a1c068ab60348f1302d087 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 103808 db8b0c06f58646093ca80554061cc0d1 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 65266 c27b18832cafb60109ba97e529706a53 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 226540 0ddfa3be4f63eeb0066682928c193996 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 82060 2479f67cadc3533fb499507fc1977b5d http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 355120 d1644230bb4cc0788a04f5f0c8eb961c http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 58164 5dcd7db602701983272b2fbb0db88864 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 130098 472042e34a7ac48352205df510767ddd http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 165632 3074194d27a16bd4e737a9462d6a217a http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_mipsel.deb Size/MD5 checksum: 682776 b0046283d8860fc6c8fe968b335ff463 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 61758 9496fefe85772ad549b84ae523c56e77 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 217812 c5aa73b8513a3698002cc3cedfeff012 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 105320 3677c003bd4c271bbe3daef5cf8f52df http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 143838 61244dbf640bd19ee1cc738ee7b44b34 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 57018 9afa2ba534be545b9d76d1f69c8e5468 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 165746 74c29add119101782727226dc9200db0 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 634906 93dd67378ead6cb763cc304516cbf632 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 353104 c5b16a1f26d01435b2bcb540b5b97730 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 82702 f728717a6a25b233526ad69934e376f4 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_powerpc.deb Size/MD5 checksum: 126246 da0e3adca803929ae44fad884949cbe2 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 214176 9c4b2684ce790d6544d078efde32f5d3 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 132996 1ed627f09d5b25bb3eaaaa4148207d7f http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 63428 332d6f0c94eabdca1df666a3ec0c6184 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 57214 f518a8dd4336c3916bb8c533bd8b6301 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 624898 27ed5f1406b97c3a429ed6cc41a5421a http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 99652 0e49258823390960faaf06522ab8f1cc http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 376188 ec0fdc218fbe9c53fa5aaec87667b5a7 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 82370 3a26a1e22c24add8b16498a641444a77 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 180336 34967e4eb80a75b18a23a9f3bf05bb5f http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_s390.deb Size/MD5 checksum: 121318 883136f99bce1a8f9f413dc3d68f5762 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 576786 3c142ce93bd9b408ea9a6d6046e3d067 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 58950 91be8dfc1160f334f0ed514eaeddb3c4 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 53520 89ceeef920ad596b129365a1f6876818 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 73596 cca4a24557097c3be9dc611d686d0688 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 93348 0a954f5b7f637eeaea3b656699314b99 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 114068 e7a1986874465f458987516f27a705d1 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 157712 2c8a0b75fc4982ee9265d2dd8cab2cc4 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 126780 d6faa238b06d1ff65c6b20b54c7b4fac http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 194584 39322280b333988d5cce973c7c00cdad http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_sparc.deb Size/MD5 checksum: 330436 27d8b24e5a2bbb57d8078c7b1d391d53 Debian 4.0 (stable) - --------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch5.dsc Size/MD5 checksum: 876 e8f30ac6b710091985a2b669632ca174 http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4.orig.tar.gz Size/MD5 checksum: 11017910 a675e5953bb8a29b5c6eb6f4ab0bb32a http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch5.diff.gz Size/MD5 checksum: 1590551 c7d7bfb6aa34876ec8b5d0767ed65c2d Architecture independent packages: http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.4.4-7etch5_all.deb Size/MD5 checksum: 1806352 0e3b03d93b1a62a41f9d004d3f6a69eb alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 76136 61c8f8b99cd2c5e08fe20121d5a33119 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 461032 12fe64d352941f674f01b875532ec91f http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 91648 ee8cf04beb8687f4afc0684fbed232e9 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 1087614 dc627be2679028513f541ab0db184758 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 245650 57d128cab47e74d75ad56da8b81866fe http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 154868 4cac528d66a64df26a385bb15552061c http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 136110 a0d904994baba8064c640014e238020c http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 216328 7e96a8117e5397282f9027dc99fee308 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 89690 a14489d539fc5274175e92b8c1f99cc4 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 65866 c153e17e3514e566d1b719bd4941c3f2 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_alpha.deb Size/MD5 checksum: 1017046 543b2403aee468ad0a1692708de9a587 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 83852 4e7e51683f130dfdbaaaa2b6bbdfd70b http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 61474 5ed45d3180ad5cda0839f53d8d9fc716 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 768634 4f227f866f481d0a11a90b1a41d14bbb http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 141926 5944b339ff70c630a2d04026dc8a436c http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 68170 d5b5cc9a99c26889dcf685f88cc92a9a http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 129822 8f01b6b85827382fcb2ac54b561a1ec0 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 222262 b16ea5bddeb302c73844a465d5b27020 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 1072208 5458abcef1aa9174a703a51d9910bf42 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 190378 b663d232374d5d8ea6a1aeb6596e1e66 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 426424 39665f5600ac062e43d78823f79016a6 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_amd64.deb Size/MD5 checksum: 86108 786e35f5915b137445eb034ef1f53eee arm architecture (ARM) http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_arm.deb Size/MD5 checksum: 1013602 3087dae461053141fd9099ba1bf1f520 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_arm.deb Size/MD5 checksum: 63418 6d76005bc5336972fff07aa9961bcbca http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_arm.deb Size/MD5 checksum: 682712 20f548e7e7fe59ffc450c46c58b73fd1 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_arm.deb Size/MD5 checksum: 136110 b1774fea7cea371790dc1d7b9a293395 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_arm.deb Size/MD5 checksum: 173154 785af0fd07d78658edb4a4c25082ca22 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_arm.deb Size/MD5 checksum: 59834 e369f2b68c8090e91191718d207da76d http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_arm.deb Size/MD5 checksum: 206238 c69f58637e68a2d455750e32b5b770c0 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_arm.deb Size/MD5 checksum: 390054 b972d264ad97b69120ee4e4d898f3055 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_arm.deb Size/MD5 checksum: 81426 82979ab1f34edf407dc1a32f4be2a911 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_arm.deb Size/MD5 checksum: 123540 f9534a82bfa054018029c9a3934fc121 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_arm.deb Size/MD5 checksum: 78826 62163e751d27902012a16758fbbf67e0 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 1050680 8ea8f26032837464c794e615623ac59e http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 87564 ec92090e89dc2c03500c52cbd188e4c3 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 441724 6cc26ce6c3e4fa233222786b15bc08ac http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 64206 fa4e68946117f10d2dbbcea75fabe5d0 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 132802 23e6e453b5943c8df76fd87a18fe2182 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 85370 9011819683422a091d363e0d0064e82e http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 815220 652f24a16193c3d8bf9f128000888850 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 145028 88cb8fd42c037cca495bb200a8d5bacd http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 69692 0ce8e82456cc62420ba31f7ce0aa3a39 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 201216 b7aa6c970117a632b2e60d14829ba7b7 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_hppa.deb Size/MD5 checksum: 232082 7a823371e31f4b3e937a4e9d7a83d09b i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_i386.deb Size/MD5 checksum: 80306 8c8461beb8bd866080134bf1a25ef557 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_i386.deb Size/MD5 checksum: 62446 22a83f7567df841b9f34ffc133534a64 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_i386.deb Size/MD5 checksum: 133360 5e72e490c20ac03f49b7fd6921047048 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_i386.deb Size/MD5 checksum: 680166 991c24aa3b8e2d82f07e49865d70119b http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_i386.deb Size/MD5 checksum: 408376 f375a2157e2b1de2eadecbb2f03c8637 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_i386.deb Size/MD5 checksum: 174112 f9efe4ee2c52dba6806f548d778e0f53 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_i386.deb Size/MD5 checksum: 58050 b99734e1b92043a8cc816c588b04fce5 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_i386.deb Size/MD5 checksum: 196558 0b03b5d3920efa1c5efbf8cbe3901f15 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_i386.deb Size/MD5 checksum: 124206 21cc6d63e1eeaeb9deb70e227d61d84b http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_i386.deb Size/MD5 checksum: 1037936 a1a2470171c5403563ed285be9caaa9a http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_i386.deb Size/MD5 checksum: 78598 80b9f57c39a90e17b67480271ec8cc2a ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 305920 940370e13598d9c00b123f97aa3f09ad http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 164602 6dd81cf1a5487ad63e2ab3cf1ce342f1 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 112994 4ccb79847d301064e5e6496f2577b5e5 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 80324 88cc01f93ed8fe3b9c9861176050f004 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 105592 8745ddb42d7cb7afb95ef4f946a26c60 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 1088562 0d2cdc97965b7827a78bca972aed38fd http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 91338 40c9d44d05f3262c1a5d6950c4255e16 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 269600 4acf36a3831bd4d2bb0af4d9130d0f27 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 1043576 6e487c186d462bc98b8ccdfbb5891324 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 190500 4cc37a9cd6bb13da4ca73f87b60738d3 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_ia64.deb Size/MD5 checksum: 592208 ac3bd63fc244d99757d33c8b8fa8f745 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_mips.deb Size/MD5 checksum: 71184 99f78076e71ddc74b7809de695945048 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_mips.deb Size/MD5 checksum: 128534 d08156f659ccfaa953e612ab0f1be1e0 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_mips.deb Size/MD5 checksum: 86416 a0ccc69288f43974099646a0b4df2702 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_mips.deb Size/MD5 checksum: 807408 caa736a161edf63d4b7b0200642293cc http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_mips.deb Size/MD5 checksum: 81794 820abd7cda885cfbcd651eeb819b6ea2 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_mips.deb Size/MD5 checksum: 176908 eb82211002e6f5fa451b8c6fc72cd8c5 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_mips.deb Size/MD5 checksum: 230468 6498dab212c73d4c618a77b105d40302 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_mips.deb Size/MD5 checksum: 389766 cb2be7e8aa8890f3011c7721474048cb http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_mips.deb Size/MD5 checksum: 145004 1d8436cb03bf8df56127ab37a1787096 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_mips.deb Size/MD5 checksum: 62920 610d234fcd0e209b0d2e6c0f3be39f6b http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_mips.deb Size/MD5 checksum: 1112710 5b98f43fa267c04b32bc96927ad868a2 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 87478 dce62567d27548de56ad38615fd5a8fe http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 71596 8cfffdf23386228753133a6d675a75dc http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 131106 22011c6b9dfeaf6318baffbb40b4b005 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 63834 9a2e78369d8fa1d0d8688eb48e443518 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 810348 c36eb2099ac9fd31e57d5693ec8eb92b http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 82652 3699856d5fe3d28c74e0e66469d05859 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 1087382 a5cac22f1da48cbb4c80f7f736b70b2f http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 179494 4a1d3e8cc558c330b9f4a6bded87913b http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 145716 1f45bb37dd7e13ea4c6b21f52c43c657 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 232788 88bc4c67b09b541769a7a00abc5d2688 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_mipsel.deb Size/MD5 checksum: 391848 05272bb8eb78e5e3fa374c9cb6597403 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 222776 d87408739c95de5b207a88550278a0d0 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 1083104 a5a89067cd381199a75e9751be977884 http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 143844 488e4411a9d507c14961e8c1a867a18b http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 84364 fd1d52f855615c98fc8d207dcea36d2f http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 137308 16ac4ae9b3a4eec6e584d4b9902771ed http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 399370 2c4951062f1fa124af1a36a8b0c1e761 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 86864 33e72918f1ae2f968537d4e3328237b8 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 67384 3547b618672d7e775018128fa421551d http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 753506 cdc2c41be06d280160c3f7ee8b7f3417 http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 61930 dad1ac368a357004137a4beaf0a4f8ba http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_powerpc.deb Size/MD5 checksum: 179574 499b4b287b5726f7a8afea620d5606c5 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_s390.deb Size/MD5 checksum: 63392 7e446e33886543cc1432026dbde49ea8 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_s390.deb Size/MD5 checksum: 87886 02735411cb4acaa71b8aa72bf7d9683d http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_s390.deb Size/MD5 checksum: 438990 5aacff7c6ec54f708cb98fa0718bfcc0 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_s390.deb Size/MD5 checksum: 129266 31c153db1328ee93b97e64bdb01a3cc3 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_s390.deb Size/MD5 checksum: 195506 d3175c75393ac80363919b170e1446e0 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_s390.deb Size/MD5 checksum: 1073530 ac4c767b43f20d304e9683ebfddf3a68 http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_s390.deb Size/MD5 checksum: 224438 5a59744997773137c0409af842e7fdf0 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_s390.deb Size/MD5 checksum: 68782 57ed0962a4cf4f2f7c7d60edf52449ed http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_s390.deb Size/MD5 checksum: 140470 8fd23a0ec4c4b5c81c48d7b0228a5fa8 http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_s390.deb Size/MD5 checksum: 82118 7a84a0ceeb5110380a231be90d6f36ce http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_s390.deb Size/MD5 checksum: 733368 6a3ea5e404cebc11888aaad6fdc2cedd sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 131724 561314d157da780fc7de7c06524e8a3c http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 77124 6de298978f0404514a0b16d863efa276 http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 961534 754258b22c1eaf83c3167775c3138a58 http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 372674 20c48448253a262988a3ca876cfb2931 http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 123040 00e2f8c76353547804f9ff516de1f65d http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 680434 6bf7c8d82d481a8d6d9d784f5ed617ec http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 58242 f7e89e959e30e2bd36ac3ce1191a7711 http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 63800 21beab0b247e7bdeea2004876f388c59 http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 166710 b5127d835935bee8ce49a1154e5fa2eb http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 200282 49524ee10fb4d4e7be223a1f25dffba7 http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_sparc.deb Size/MD5 checksum: 78204 2462352e5493e856bd8a784ca49f95f0 These files will probably be moved into the stable distribution on its next update. A flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4 protocol packets. This issue only affects krb5kdc when it has Kerberos v4 protocol compatibility enabled, which is a compiled-in default in all Kerberos versions that Mandriva Linux ships prior to Mandriva Linux 2008.0. Kerberos v4 protocol support can be disabled by adding v4_mode=none (without quotes) to the [kdcdefaults] section of /etc/kerberos/krb5kdc/kdc.conf. A flaw in the RPC library as used in Kerberos' kadmind was discovered by Jeff Altman of Secure Endpoints. The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 64c3f5c31177dcacc99b021ec6ed1271 2007.1/i586/ftp-client-krb5-1.5.2-6.6mdv2007.1.i586.rpm 11b4194bc9edba8c0951e44660ba9955 2007.1/i586/ftp-server-krb5-1.5.2-6.6mdv2007.1.i586.rpm 23794e6e0cb1d46a329c42a04f672c5f 2007.1/i586/krb5-server-1.5.2-6.6mdv2007.1.i586.rpm 0fbb29bd81c8452d937d30fbbda62242 2007.1/i586/krb5-workstation-1.5.2-6.6mdv2007.1.i586.rpm 8f4eea60bf4ea3bfc776f1c117ceb26d 2007.1/i586/libkrb53-1.5.2-6.6mdv2007.1.i586.rpm fd5b1da0a056d995011d2b1a692e4292 2007.1/i586/libkrb53-devel-1.5.2-6.6mdv2007.1.i586.rpm ca79ccbe3f286b9069f0ae028d9816f7 2007.1/i586/telnet-client-krb5-1.5.2-6.6mdv2007.1.i586.rpm 8a7c84f1fe1bbb5338723f28d12a9f21 2007.1/i586/telnet-server-krb5-1.5.2-6.6mdv2007.1.i586.rpm 22830790ad7715479b7d4fbecc6c1e7f 2007.1/SRPMS/krb5-1.5.2-6.6mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: fc02060b7c1da08c33952e6c14fb5627 2007.1/x86_64/ftp-client-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 513fca34bdd1f2a5643a8e6adeb62e0e 2007.1/x86_64/ftp-server-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 4f42d639753a885212e6d62bfe84a121 2007.1/x86_64/krb5-server-1.5.2-6.6mdv2007.1.x86_64.rpm 6b2ca028321fb08199be20a4aedef4a0 2007.1/x86_64/krb5-workstation-1.5.2-6.6mdv2007.1.x86_64.rpm 4d453dc2a579e74e29dfc052197fedc1 2007.1/x86_64/lib64krb53-1.5.2-6.6mdv2007.1.x86_64.rpm b22d9f1b515df1a5270d2d4c373b7dd3 2007.1/x86_64/lib64krb53-devel-1.5.2-6.6mdv2007.1.x86_64.rpm 21b245649de9e38e43782bd1a18922a7 2007.1/x86_64/telnet-client-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 1322374ab1c15b5c1392ee4ae5f915e7 2007.1/x86_64/telnet-server-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 22830790ad7715479b7d4fbecc6c1e7f 2007.1/SRPMS/krb5-1.5.2-6.6mdv2007.1.src.rpm Mandriva Linux 2008.0: 3ee5a309927b830bf8559a872161384b 2008.0/i586/ftp-client-krb5-1.6.2-7.1mdv2008.0.i586.rpm 1835baa43ab27aac2493dc7821bafa8a 2008.0/i586/ftp-server-krb5-1.6.2-7.1mdv2008.0.i586.rpm 5e8369c201ac4678a7bc46590107e45f 2008.0/i586/krb5-1.6.2-7.1mdv2008.0.i586.rpm 94277e76faf2b75553c2e6250e428a43 2008.0/i586/krb5-server-1.6.2-7.1mdv2008.0.i586.rpm 695d5b85347b906401433fa55177be1a 2008.0/i586/krb5-workstation-1.6.2-7.1mdv2008.0.i586.rpm 4696cbae0ce644c265b74ff4ce59a865 2008.0/i586/libkrb53-1.6.2-7.1mdv2008.0.i586.rpm cc8122a1c6a3449fc41d3022bbdffeb2 2008.0/i586/libkrb53-devel-1.6.2-7.1mdv2008.0.i586.rpm d5e75835b35e81a3f7d038e501dabd1c 2008.0/i586/telnet-client-krb5-1.6.2-7.1mdv2008.0.i586.rpm 072b5ba782fbd1659ed8bde15bd11b5a 2008.0/i586/telnet-server-krb5-1.6.2-7.1mdv2008.0.i586.rpm cfd133fde8cc72b038ea61dc94405701 2008.0/SRPMS/krb5-1.6.2-7.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 7a8c1c390b1d1a0b2a8fe28e8fb6a458 2008.0/x86_64/ftp-client-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm 9b312bd49bd858d00d00ec299866a275 2008.0/x86_64/ftp-server-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm 19f7d0590227c4cc636ee5528db8027a 2008.0/x86_64/krb5-1.6.2-7.1mdv2008.0.x86_64.rpm 6a84bc19cb8e32f7331ce4c1ed36dc9d 2008.0/x86_64/krb5-server-1.6.2-7.1mdv2008.0.x86_64.rpm dabaf97b9b36316dc2b69e9edc953793 2008.0/x86_64/krb5-workstation-1.6.2-7.1mdv2008.0.x86_64.rpm 2810bbed78b7480ff48b021a798cb5a1 2008.0/x86_64/lib64krb53-1.6.2-7.1mdv2008.0.x86_64.rpm 734b018e6b05204767d07a7d53ef2c3c 2008.0/x86_64/lib64krb53-devel-1.6.2-7.1mdv2008.0.x86_64.rpm 787fb5ea70eff84b91eea5d68c1e956d 2008.0/x86_64/telnet-client-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm d6224c005bc7c818c117e3fc61643840 2008.0/x86_64/telnet-server-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm cfd133fde8cc72b038ea61dc94405701 2008.0/SRPMS/krb5-1.6.2-7.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: krb5 Announcement ID: SUSE-SA:2008:016 Date: Wed, 19 Mar 2008 10:00:00 +0000 Affected Products: SUSE LINUX 10.1 openSUSE 10.2 openSUSE 10.3 SUSE Linux Enterprise Desktop 10 SP1 SLE SDK 10 SP1 SUSE Linux Enterprise Server 10 SP1 Vulnerability Type: remote code execution Severity (1-10): 7 SUSE Default Package: no Cross-References: CVE-2008-0062 CVE-2008-0063 CVE-2008-0947 CVE-2008-0948 Content of This Advisory: 1) Security Vulnerability Resolved: Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion The krb5 package is the implementation of the Kerberos protocol suite from MIT. This update fixes three vulnerabilities, two of them are only possible if krb4 support is enabled: - CVE-2008-0062: null/dangling pointer (krb4) - CVE-2008-0063: operations on uninitialized buffer content, possible information leak (krb4) - CVE-2008-0947/8: out-of-bound array access in kadmind's RPC lib 2) Solution or Work-Around Please install the new packages. 3) Special Instructions and Notes Please restart the kerberos services. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv <file.rpm> to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package. x86 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/krb5-1.6.2-22.4.i586.rpm 53f6c9b454e27c47ec4cb32679757c48 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/krb5-apps-clients-1.6.2-22.4.i586.rpm 66ee0e785595b000842c5cd2c9162c55 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/krb5-apps-servers-1.6.2-22.4.i586.rpm f3fba89b56860b8f46691c69bba8b3c7 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/krb5-client-1.6.2-22.4.i586.rpm 193a8298aa8bb866e19e0c48f23e523e http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/krb5-devel-1.6.2-22.4.i586.rpm a9b01b5c846e02c588664cddcae4c5c6 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/krb5-server-1.6.2-22.4.i586.rpm ff536136c01b5f900aebe6fdc1ec62e6 openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-1.5.1-23.14.i586.rpm 5764e87b834c6a5b8a467fa6aa8ec40e ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-apps-clients-1.5.1-23.14.i586.rpm 94db70009c4c6e099a9807584c701686 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-apps-servers-1.5.1-23.14.i586.rpm 5881c8be92dc3eb215a1e837b6468922 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-client-1.5.1-23.14.i586.rpm c45980b430614c2371dd1ad4f8d21a34 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-devel-1.5.1-23.14.i586.rpm 1c6a45d60e5eabffedc2c1e3e755ac73 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/krb5-server-1.5.1-23.14.i586.rpm 03793b23aced1c01d9e2817648d7c777 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-1.4.3-19.30.6.i586.rpm 51d1c53aaf25a36dd1e2e74662cbabd9 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-apps-clients-1.4.3-19.30.6.i586.rpm 6b4d89a932988685993dba1e87aea95f ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-apps-servers-1.4.3-19.30.6.i586.rpm c7ff44ef5a8453d5223da71d670fdea4 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-client-1.4.3-19.30.6.i586.rpm bc0456ed7708ee3ffdc2501e849e9dbe ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-devel-1.4.3-19.30.6.i586.rpm 9942cbbfd032ea80d8a20daa34ce5374 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/krb5-server-1.4.3-19.30.6.i586.rpm d4596d47caafa6ea4ee4b4f4e218f831 Power PC Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/krb5-1.6.2-22.4.ppc.rpm f0d1399edebb3e1d715d84568065130a http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/krb5-apps-clients-1.6.2-22.4.ppc.rpm 8e444214994c1e7297b5332d96967ec0 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/krb5-apps-servers-1.6.2-22.4.ppc.rpm 2eecfe960c969bf3a3dcce2fcab010f0 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/krb5-client-1.6.2-22.4.ppc.rpm 8052a7d7a942545a46fa5e962c562ab8 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/krb5-devel-1.6.2-22.4.ppc.rpm 6a118f48123ebfc23715bf797bf8b7d0 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/krb5-server-1.6.2-22.4.ppc.rpm fd8f73d6d8757d9ce3dea43997b56b0c openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/krb5-1.5.1-23.14.ppc.rpm 04289bb24041d226f27eb92025b25463 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/krb5-apps-clients-1.5.1-23.14.ppc.rpm 731ea1ef473c0d1c8990a8045a9fe587 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/krb5-apps-servers-1.5.1-23.14.ppc.rpm f911f86a0d2e8c9da16930525bd8b163 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/krb5-client-1.5.1-23.14.ppc.rpm a4c560015bbaddcbc88603e1e194146e ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/krb5-devel-1.5.1-23.14.ppc.rpm 64d0f163ebff972f2e70c6cc4d760555 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/krb5-server-1.5.1-23.14.ppc.rpm 8b06dc5e5ac5b3fa410559017403378a SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/krb5-1.4.3-19.30.6.ppc.rpm ae1652f3ea622c5c91b0fd1d47b066ef ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/krb5-apps-clients-1.4.3-19.30.6.ppc.rpm a389841f387e37732c80d9d5095f9ae6 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/krb5-apps-servers-1.4.3-19.30.6.ppc.rpm cb6b4e402570e45767c5ae7a5c26e34c ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/krb5-client-1.4.3-19.30.6.ppc.rpm 3a2c13bc932e84f7a451f3a2c77c99f0 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/krb5-devel-1.4.3-19.30.6.ppc.rpm b34f9511e269e0dfc2896ac88cf41cce ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/krb5-server-1.4.3-19.30.6.ppc.rpm 0263cbb8f0f41e50dacfed082eca0835 x86-64 Platform: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/krb5-1.6.2-22.4.x86_64.rpm 6df39c9ddfb04cd4889b5f4bb271213a http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/krb5-32bit-1.6.2-22.4.x86_64.rpm 77ba221640964cc90ad8e0010ad5c07e http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/krb5-apps-clients-1.6.2-22.4.x86_64.rpm fccb50e18045baa2c78165f20eb13eec http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/krb5-apps-servers-1.6.2-22.4.x86_64.rpm 3bfd6270a31f2a6a35728bcd274ae327 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/krb5-client-1.6.2-22.4.x86_64.rpm 53b3634e9e92255b62a932ed6d30742d http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/krb5-devel-1.6.2-22.4.x86_64.rpm 54071b2e12004117b0599f53c4a6027b http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/krb5-devel-32bit-1.6.2-22.4.x86_64.rpm 07069062d1e7b140c6774cc2aaa821d5 http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/krb5-server-1.6.2-22.4.x86_64.rpm b07d395220662db193b6f54753931ccc openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-1.5.1-23.14.x86_64.rpm 3f2d8918cf5da2cab839bf2c72af1495 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-32bit-1.5.1-23.14.x86_64.rpm 4348a17ec69b6c64c69e11f74fa88a08 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-apps-clients-1.5.1-23.14.x86_64.rpm 433ffcced3ede0163628854ae3296baf ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-apps-servers-1.5.1-23.14.x86_64.rpm c24ab880f1314c1d25f3e9561b204c10 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-client-1.5.1-23.14.x86_64.rpm 6022c2534c50718a2a4fd18fde346daf ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-devel-1.5.1-23.14.x86_64.rpm d82a0204e6e0f5e9d6bcd8f60aa4fbde ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-devel-32bit-1.5.1-23.14.x86_64.rpm 17dc2896ebc7f252e39fc8e23a41abc1 ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/krb5-server-1.5.1-23.14.x86_64.rpm 45596c22ec6d0c1eebf42f683e4e0cd4 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-1.4.3-19.30.6.x86_64.rpm 684c7d1363494a7854afd3755bdb2a20 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-32bit-1.4.3-19.30.6.x86_64.rpm b8552a99f0785f1eee434f6d7293731a ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-apps-clients-1.4.3-19.30.6.x86_64.rpm 060fac873ba1bc13e4b5b813ae6a6cd2 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-apps-servers-1.4.3-19.30.6.x86_64.rpm 28235a5328a8a982e2a1784793a17863 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-client-1.4.3-19.30.6.x86_64.rpm 056f5e479561d2b831e3dd969261f8de ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-devel-1.4.3-19.30.6.x86_64.rpm d81c85af0ca1812c273bbd1c6ddf3cb1 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-devel-32bit-1.4.3-19.30.6.x86_64.rpm d17b2d40649a83e28afd6a7a3dec96d6 ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/krb5-server-1.4.3-19.30.6.x86_64.rpm dd8096c153fb51bdd67352cbe8a51953 Sources: openSUSE 10.3: http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/krb5-1.6.2-22.4.src.rpm 6ead1c530f58e6255b1c9ba1b78eb3ae openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/krb5-1.5.1-23.14.src.rpm add4417c6743a6dd26f35182e85ee956 SUSE LINUX 10.1: ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/krb5-1.4.3-19.30.6.src.rpm 2185d5b60fe733640f16a3a561ec6888 Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE Linux Enterprise Server 10 SP1 http://support.novell.com/techcenter/psdb/a1cba9b24d53ae5d2b80a81acd449edb.html SLE SDK 10 SP1 http://support.novell.com/techcenter/psdb/a1cba9b24d53ae5d2b80a81acd449edb.html SUSE Linux Enterprise Desktop 10 SP1 http://support.novell.com/techcenter/psdb/a1cba9b24d53ae5d2b80a81acd449edb.html ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: Please read our weekly security report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify <file> replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security@suse.de>" where <DATE> is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig <file.rpm> to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum <filename.rpm> after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security@suse.de), the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security+subscribe@opensuse.org>. opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to <opensuse-security-announce+subscribe@opensuse.org>. ===================================================================== SUSE's security contact is <security@suse.com> or <security@suse.de>. The <security@suse.de> public key is listed below. ===================================================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text. SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2008-0009 Synopsis: Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues Issue date: 2008-06-04 Updated on: 2008-06-04 (initial release of advisory) CVE numbers: CVE-2007-5671 CVE-2008-0967 CVE-2008-2097 CVE-2008-2100 CVE-2006-1721 CVE-2008-0553 CVE-2007-5378 CVE-2007-4772 CVE-2008-0888 CVE-2008-0062 CVE-2008-0063 CVE-2008-0948 - ------------------------------------------------------------------- 1. Summary: Several critical security vulnerabilities have been addressed in patches in ESX and in the newest releases of VMware's hosted product line. 2. Relevant releases: VMware Workstation 6.0.3 and earlier, VMware Workstation 5.5.6 and earlier, VMware Player 2.0.3 and earlier, VMware Player 1.0.6 and earlier, VMware ACE 2.0.3 and earlier, VMware ACE 1.0.5 and earlier, VMware Server 1.0.5 and earlier, VMware Fusion 1.1.1 and earlier VMware ESXi 3.5 without patches ESXe350-200805501-I-SG, ESXe350-200805502-T-SG, ESXe350-200805503-C-SG VMware ESX 3.5 without patches ESX350-200805515-SG, ESX350-200805508-SG, ESX350-200805501-BG, ESX350-200805504-SG, ESX350-200805506-SG, ESX350-200805505-SG, ESX350-200805507-SG VMware ESX 3.0.2 without patches ESX-1004727, ESX-1004821, ESX-1004216, ESX-1004726, ESX-1004722, ESX-1004724, ESX-1004719, ESX-1004219 VMware ESX 3.0.1 without patches ESX-1004186, ESX-1004728, ESX-1004725, ESX-1004721, ESX-1004723, ESX-1004190, ESX-1004189 VMware ESX 2.5.5 without update patch 8 VMware ESX 2.5.4 without update patch 19 NOTES: Hosted products VMware Workstation 5.x, VMware Player 1.x, and VMware ACE 1.x will reach end of general support 2008-11-09. Customers should plan to upgrade to the latest version of their respective products. ESX 3.0.1 is in Extended Support and its end of extended support (Security and Bug fixes) is 2008-07-31. Users should plan to upgrade to at least 3.0.2 update 1 and preferably the newest release available before the end of extended support. ESX 2.5.4 is in Extended Support and its end of extended support (Security and Bug fixes) is 2008-10-08. Users should plan to upgrade to at least 2.5.5 and preferably the newest release available before the end of extended support. 3. Problem description: a. VMware Tools Local Privilege Escalation on Windows-based guest OS The VMware Tools Package provides support required for shared folders (HGFS) and other features. An input validation error is present in the Windows-based VMware HGFS.sys driver. Exploitation of this flaw might result in arbitrary code execution on the guest system by an unprivileged guest user. It doesn't matter on what host the Windows guest OS is running, as this is a guest driver vulnerability and not a vulnerability on the host. The HGFS.sys driver is present in the guest operating system if the VMware Tools package is loaded. Even if the host has HGFS disabled and has no shared folders, Windows-based guests may be affected. This is regardless if a host supports HGFS. This issue could be mitigated by removing the VMware Tools package from Windows based guests. However this is not recommended as it would impact usability of the product. NOTE: Installing the new hosted release or ESX patches will not remediate the issue. The VMware Tools packages will need to be updated on each Windows-based guest followed by a reboot of the guest system. VMware would like to thank iDefense and Stephen Fewer of Harmony Security for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5671 to this issue. VMware Product Running Replace with/ Product Version on Apply Patch ============ ======== ======= ================= Workstation 6.x Windows not affected Workstation 6.x Linux not affected Workstation 5.x Windows 5.5.6 build 80404 or later Workstation 5.x Linux 5.5.6 build 80404 or later Player 2.x Windows not affected Player 2.x Linux not affected Player 1.x Windows 1.0.6 build 80404 or later Player 1.x Linux 1.0.6 build 80404 or later ACE 2.x Windows not affected ACE 1.x Windows 1.0.5 build 79846 or later Server 1.x Windows 1.0.5 build 80187 or later Server 1.x Linux 1.0.5 build 80187 or later Fusion 1.x Mac OS/X not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX not affected ESX 3.0.2 ESX ESX-1004727 ESX 3.0.1 ESX ESX-1004186 ESX 2.5.5 ESX ESX 2.5.5 upgrade patch 5 or later ESX 2.5.4 ESX ESX 2.5.4 upgrade patch 16 or later b. Privilege escalation on ESX or Linux based hosted operating systems This update fixes a security issue related to local exploitation of an untrusted library path vulnerability in vmware-authd. In order to exploit this vulnerability, an attacker must have local access and the ability to execute the set-uid vmware-authd binary on an affected system. Exploitation of this flaw might result in arbitrary code execution on the Linux host system by an unprivileged user. VMware would like to thank iDefense for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0967 to this issue. VMware Product Running Replace with/ Product Version on Apply Patch ============ ======== ======= ================= Workstation 6.x Windows not affected Workstation 6.x Linux 6.0.4 build 93057 Workstation 5.x Windows not affected Workstation 5.x Linux 5.5.7 build 91707 Player 2.x Windows not affected Player 2.x Linux 2.0.4 build 93057 Player 1.x Windows not affected Player 1.x Linux 1.0.7 build 91707 ACE 2.x Windows not affected ACE 1.x Windows not affected Server 1.x Windows not affected Server 1.x Linux 1.0.6 build 91891 Fusion 1.x Mac OS/X not affected ESXi 3.5 ESXi ESXe350-200805501-I-SG ESX 3.5 ESX ESX350-200805515-SG ESX 3.0.2 ESX ESX-1004821 ESX 3.0.1 ESX ESX-1004728 ESX 2.5.5 ESX ESX 2.5.5 update patch 8 ESX 2.5.4 ESX ESX 2.5.4 update patch 19 c. Openwsman Invalid Content-Length Vulnerability Openwsman is a system management platform that implements the Web Services Management protocol (WS-Management). It is installed and running by default. It is used in the VMware Management Service Console and in ESXi. The openwsman management service on ESX 3.5 and ESXi 3.5 is vulnerable to a privilege escalation vulnerability, which may allow users with non-privileged ESX or Virtual Center accounts to gain root privileges. To exploit this vulnerability, an attacker would need a local ESX account or a VirtualCenter account with the Host.Cim.CimInteraction permission. Systems with no local ESX accounts and no VirtualCenter accounts with the Host.Cim.CimInteraction permission are not vulnerable. This vulnerability cannot be exploited by users without valid login credentials. Discovery: Alexander Sotirov, VMware Security Research The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2097 to this issue. VMware Product Running Replace with/ Product Version on Apply Patch ============ ======== ======= ================= hosted any any not affected ESXi 3.5 ESXi ESXe350-200805501-I-SG ESX 3.5 ESX ESX350-200805508-SG ESX 3.0.2 ESX not affected ESX 3.0.1 ESX not affected ESX 2.5.5 ESX not affected ESX 2.5.4 ESX not affected NOTE: VMware hosted products are not affected by this issue. d. VMware VIX Application Programming Interface (API) Memory Overflow Vulnerabilities The VIX API (also known as "Vix") is an API that lets users write scripts and programs to manipulate virtual machines. Multiple buffer overflow vulnerabilities are present in the VIX API. Exploitation of these vulnerabilities might result in code execution on the host system or on the service console in ESX Server from the guest operating system. The VIX API can be enabled and disabled using the "vix.inGuest.enable" setting in the VMware configuration file. This default value for this setting is "disabled". This configuration setting is present in the following products: VMware Workstation 6.0.2 and higher VMware ACE 6.0.2 and higher VMware Server 1.06 and higher VMware Fusion 1.1.2 and higher ESX Server 3.0 and higher ESX Server 3.5 and higher In previous versions of VMware products where the VIX API was introduced, the VIX API couldn't be disabled. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2100 to this issue. VMware Product Running Replace with/ Product Version on Apply Patch ============ ======== ======= ================= VIX API 1.1.x Windows VMware-vix-1.1.4-93057.exe VIX API 1.1.x Linux VMware-vix-1.1.4-93057.i386.tar.gz VIX API 1.1.x Linux64 VMware-vix-1.1.4-93057.x86_64.tar.gz Workstation 6.x Windows 6.0.4 build 93057 Workstation 6.x Linux 6.0.4 build 93057 Workstation 5.x Windows 5.5.7 build 91707 Workstation 5.x Linux 5.5.7 build 91707 Player 2.x Windows 2.0.4 build 93057 Player 2.x Linux 2.0.4 build 93057 Player 1.x Windows 1.0.6 build 91707 Player 1.x Linux 1.0.6 build 91707 ACE 2.x Windows 2.0.4 build 93057 ACE 1.x Windows not affected Server 1.x Windows 1.0.6 build 91891 Server 1.x Linux 1.0.6 build 91891 Fusion 1.x Mac OS/X 1.1.2 build 87978 or later ESXi 3.5 ESXi ESXe350-200805501-I-SG, ESXe350-200805502-T-SG ESX 3.5 ESX ESX350-200805501-BG ESX 3.0.2 ESX ESX-1004216, ESX-1004726, ESX-1004727 ESX 3.0.1 ESX ESX-1004186, ESX-1004725 ESX 2.5.5 ESX not affected ESX 2.5.4 ESX not affected II Service Console rpm updates NOTE: ESXi and hosted products are not affected by any service console security updates a. Security update for cyrus-sasl Updated cyrus-sasl package for the ESX Service Console corrects a security issue found in the DIGEST-MD5 authentication mechanism of Cyrus' implementation of Simple Authentication and Security Layer (SASL). As a result of this issue in the authentication mechanism, a remote unauthenticated attacker might be able to cause a denial of service error on the service console. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-1721 to this issue. RPMs Updated: cyrus-sasl-2.1.15-15.i386.rpm cyrus-sasl-md5-2.1.15-1.i386.rpm VMware Product Running Replace with/ Product Version on Apply Patch ============ ======== ======= ================= hosted any any not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX ESX350-200805504-SG ESX 3.0.2 ESX ESX-1004722 ESX 3.0.1 ESX ESX-1004721 ESX 2.5.5 ESX not affected ESX 2.5.4 ESX not affected b. Security update for tcltk An input validation flaw was discovered in Tk's GIF image handling. A code-size value read from a GIF image was not properly validated before being used, leading to a buffer overflow. A specially crafted GIF file could use this to cause a crash or, potentially, execute code with the privileges of the application using the Tk graphical toolkit. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0553 to this issue. A buffer overflow flaw was discovered in Tk's animated GIF image handling. An animated GIF containing an initial image smaller than subsequent images could cause a crash or, potentially, execute code with the privileges of the application using the Tk library. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5378 to this issue. A flaw first discovered in the Tcl regular expression engine used in the PostgreSQL database server, resulted in an infinite loop when processing certain regular expressions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4772 to this issue. RPM Updated: tcl-8.3.5-92.8.i386.rpm VMware Product Running Replace with/ Product Version on Apply Patch ============ ======== ======= ================= hosted any any not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX ESX350-200805506-SG ESX 3.0.2 ESX ESX-1004724 ESX 3.0.1 ESX ESX-1004723 ESX 2.5.5 ESX ESX 2.5.5 Upgrade Patch 8 ESX 2.5.4 ESX ESX 2.5.4 Upgrade Patch 19 c. Security update for unzip This patch includes a moderate security update to the service console that fixes a flaw in unzip. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0888 to this issue. RPM Updated: Unzip-5.50-36.EL3.i386.rpm VMware Product Running Replace with/ Product Version on Apply Patch ============ ======== ======= ================= hosted any any not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX ESX350-200805505-SG ESX 3.0.2 ESX ESX-1004719 ESX 3.0.1 ESX ESX-1004190 ESX 2.5.5 ESX ESX 2.5.5 Upgrade Patch 8 ESX 2.5.4 ESX ESX 2.5.4 Upgrade Patch 19 d. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0062 to this issue. NOTE: ESX doesn't contain the krb5kdc binary and is not vulnerable to this issue. NOTE: ESX doesn't contain the krb5kdc binary and is not vulnerable to this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-0948 to this issue. RPM Updated: krb5-libs-1.2.7-68.i386.rpm VMware Product Running Replace with/ Product Version on Apply Patch ============ ======== ======= ================= hosted any any not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX ESX350-200805507-SG ESX 3.0.2 ESX ESX-1004219 ESX 3.0.1 ESX ESX-1004189 ESX 2.5.5 ESX ESX 2.5.5 Upgrade Patch 8 ESX 2.5.4 ESX ESX 2.5.4 Upgrade Patch 19 4. Solution: Please review the release notes for your product and version and verify the md5sum of your downloaded file. VMware Workstation 6.0.4 ------------------------ http://www.vmware.com/download/ws/ Release notes: http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html Windows binary md5sum: f50a05831e94c19d98f363c752fca5f9 RPM Installation file for 32-bit Linux md5sum: e7793b14b995d3b505f093c84e849421 tar Installation file for 32-bit Linux md5sum: a0a8e1d8188f4be03357872a57a767ab RPM Installation file for 64-bit Linux md5sum: 960d753038a268b8f101f4b853c0257e tar Installation file for 64-bit Linux md5sum: 4697ec8a9d6c1152d785f3b77db9d539 VMware Workstation 5.5.7 ------------------------ http://www.vmware.com/download/ws/ws5.html Release notes: http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html Windows binary: md5sum: 4c6a6653b7296240197aac048591c659 Compressed Tar archive for 32-bit Linux md5sum: 8fc15d72031489cf5cd5d47b966787e6 Linux RPM version for 32-bit Linux md5sum: f0872fe447ac654a583af16b2f4bba3f VMware Player 2.0.4 and 1.0.7 ----------------------------- http://www.vmware.com/download/player/ Release notes Player 1.x: http://www.vmware.com/support/player/doc/releasenotes_player.html Release notes Player 2.0 http://www.vmware.com/support/player2/doc/releasenotes_player2.html 2.0.4 Windows binary md5sum: a117664a8bfa7336b846117e5fc048dd VMware Player 2.0.4 for Linux (.rpm) md5sum: de6ab6364a0966b68eadda2003561cd2 VMware Player 2.0.4 for Linux (.tar) md5sum: 9e1c2bfda6b22a3fc195a86aec11903a VMware Player 2.0.4 - 64-bit (.rpm) md5sum: 997e5ceffe72f9ce9146071144dacafa VMware Player 2.0.4 - 64-bit (.tar) md5sum: 18eb4ee49dd7e33ec155ef69d7d259ef 1.0.7 Windows binary md5sum: 51114b3b433dc1b3bf3e434aebbf2b9c Player 1.0.7 for Linux (.rpm) md5sum: 3b5f97a37df3b984297fa595a5cdba9c Player 1.0.7 for Linux (.tar) md5sum: b755739144944071492a16fa20f86a51 VMware ACE ---------- http://www.vmware.com/download/ace/ Release notes 2.0: http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html VMware-workstation-6.0.4-93057.exe md5sum: f50a05831e94c19d98f363c752fca5f9 VMware-ACE-Management-Server-Appliance-2.0.4-93057.zip md5sum: d2ae2246f3d87268cf84c1421d94e86c VMware-ACE-Management-Server-2.0.4-93057.exe md5sum: 41b31b3392d5da2cef77a7bb28654dbf VMware-ACE-Management-Server-2.0.4-93057.i386-rhel4.rpm md5sum: 9920be4c33773df53a1728b41af4b109 VMware-ACE-Management-Server-2.0.4-93057.i386-sles9.rpm md5sum: 4ec4c37203db863e8844460b5e80920b Release notes 1.x: http://www.vmware.com/support/ace/doc/releasenotes_ace.html VMware-ACE-1.0.6-89199.exe md5sum: 110f6e24842a0d154d9ec55ef9225f4f VMware Server 1.0.6 ------------------- http://www.vmware.com/download/server/ Release notes: http://www.vmware.com/support/server/doc/releasenotes_server.html VMware Server for Windows 32-bit and 64-bit md5sum: 3e00d5cfae123d875e4298bddabf12f5 VMware Server Windows client package md5sum: 64f3fc1b4520626ae465237d7ec4773e VMware Server for Linux md5sum: 46ea876bfb018edb6602a921f6597245 VMware Server for Linux rpm md5sum: 9d2f0af908aba443ef80bec8f7ef3485 Management Interface md5sum: 1b3daabbbb49a036fe49f53f812ef64b VMware Server Linux client package md5sum: 185e5b174659f366fcb38b1c4ad8d3c6 VMware Fusion 1.1.3 -------------- http://www.vmware.com/download/fusion/ Release notes: http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html md5sum: D15A3DFD3E7B11FC37AC684586086D VMware VIX 1.1.4 ---------------- http://www.vmware.com/support/developer/vix-api/ Release notes: http://www.vmware.com/support/pubs/vix-api/VIXAPI-1.1.4-Release-Notes.html VMware-vix-1.1.4-93057.exe md5sum: 2efb74618c7ead627ecb3b3033e3f9f6 VMware-vix-1.1.4-93057.i386.tar.gz md5sum: 988df2b2bbc975a6fc11f27ad1519832 VMware-vix-1.1.4-93057.x86_64.tar.gz md5sum: a64f951c6fb5b2795a29a5a7607059c0 ESXi ---- VMware ESXi 3.5 patch ESXe350-200805501-O-SG (authd, openwsman, VIX) http://download3.vmware.com/software/esx/ESXe350-200805501-O-SG.zip md5sum: 4ce06985d520e94243db1e0504a56d8c http://kb.vmware.com/kb/1005073 http://kb.vmware.com/kb/1004173 http://kb.vmware.com/kb/1004172 NOTE: ESXe350-200805501-O-SG contains the following patch bundles: ESXe350-200805501-I-SG, ESXe350-200805502-T-SG, ESXe350-200805503-C-SG ESX --- VMware ESX 3.5 patch ESX350-200805515-SG (authd) http://download3.vmware.com/software/esx/ESX350-200805515-SG.zip md5sum: 324b50ade230bcd5079a76e3636163c5 http://kb.vmware.com/kb/1004170 VMware ESX 3.5 patch ESX350-200805508-SG (openwsman) http://download3.vmware.com/software/esx/ESX350-200805508-SG.zip md5sum: 3ff8c06d4a9dd406f64f89c51bf26d12 http://kb.vmware.com/kb/1004644 VMware ESX 3.5 patch ESX350-200805501-BG (VIX) http://download3.vmware.com/software/esx/ESX350-200805501-BG.zip md5sum: 31a620aa249c593c30015b5b6f8c8650 http://kb.vmware.com/kb/1004637 VMware ESX 3.5 patch ESX350-200805504-SG (cyrus-sasl) http://download3.vmware.com/software/esx/ESX350-200805504-SG.zip md5sum: 4c1b1a8dcb09a636b55c64c290f7de51 http://kb.vmware.com/kb/1004640 VMware ESX 3.5 patch ESX350-200805506-SG (tcltk) http://download3.vmware.com/software/esx/ESX350-200805506-SG.zip md5sum: af279eef8fdeddb7808630da1ae717b1 http://kb.vmware.com/kb/1004642 VMware ESX 3.5 patch ESX350-200805505-SG (unzip) http://download3.vmware.com/software/esx/ESX350-200805505-SG.zip md5sum: 07af82d9fd97cccb89d9b90c6ecc41c6 http://kb.vmware.com/kb/1004641 VMware ESX 3.5 patch ESX350-200805507-SG (krb5) http://download3.vmware.com/software/esx/ESX350-200805507-SG.zip md5sum: 5d35a1c470daf13c9f4df5bdc9438748 http://kb.vmware.com/kb/1004643 VMware ESX 3.0.2 patch ESX-1004727 (HGFS,VIX) http://download3.vmware.com/software/vi/ESX-1004727.tgz md5sum: 31a67b0fa3449747887945f8d370f19e http://kb.vmware.com/kb/1004727 VMware ESX 3.0.2 patch ESX-1004821 (authd) http://download3.vmware.com/software/vi/ESX-1004821.tgz md5sum: 5c147bedd07245c903d44257522aeba1 http://kb.vmware.com/kb/1004821 VMware ESX 3.0.2 patch ESX-1004216 (VIX) http://download3.vmware.com/software/vi/ESX-1004216.tgz md5sum: 0784ef70420d28a9a5d6113769f6669a http://kb.vmware.com/kb/1004216 VMware ESX 3.0.2 patch ESX-1004726 (VIX) http://download3.vmware.com/software/vi/ESX-1004726.tgz md5sum: 44f03b274867b534cd274ccdf4630b86 http://kb.vmware.com/kb/1004726 VMware ESX 3.0.2 patch ESX-1004722 (cyrus-sasl) http://download3.vmware.com/software/vi/ESX-1004722.tgz md5sum: 99dc71aed5bab7711f573b6d322123d6 http://kb.vmware.com/kb/1004722 VMware ESX 3.0.2 patch ESX-1004724 (tcltk) http://download3.vmware.com/software/vi/ESX-1004724.tgz md5sum: fd9a160ca7baa5fc443f2adc8120ecf7 http://kb.vmware.com/kb/1004724 VMware ESX 3.0.2 patch ESX-1004719 (unzip) http://download3.vmware.com/software/vi/ESX-1004719.tgz md5sum: f0c37b9f6be3399536d60f6c6944de82 http://kb.vmware.com/kb/1004719 VMware ESX 3.0.2 patch ESX-1004219 (krb5) http://download3.vmware.com/software/vi/ESX-1004219.tgz md5sum: 7c68279762f407a7a5ee151a650ebfd4 http://kb.vmware.com/kb/1004219 VMware ESX 3.0.1 patch ESX-1004186 (HGFS,VIX) http://download3.vmware.com/software/vi/ESX-1004186.tgz md5sum: f64389a8b97718eccefadce1a14d1198 http://kb.vmware.com/kb/1004186 VMware ESX 3.0.1 patch ESX-1004728 (authd) http://download3.vmware.com/software/vi/ESX-1004728.tgz md5sum: 1f01bb819805b855ffa2ec1040eff5ca http://kb.vmware.com/kb/1004728 VMware ESX 3.0.1 patch ESX-1004725 (VIX) http://download3.vmware.com/software/vi/ESX-1004725.tgz md5sum: 9fafb04c6d3f6959e623832f539d2dc8 http://kb.vmware.com/kb/1004725 VMware ESX 3.0.1 patch ESX-1004721 (cyrus-sasl) http://download3.vmware.com/software/vi/ESX-1004721.tgz md5sum: 48190819b0f5afddefcb8d209d12b585 http://kb.vmware.com/kb/1004721 VMware ESX 3.0.1 patch ESX-1004723 (tcltk) http://download3.vmware.com/software/vi/ESX-1004723.tgz md5sum: c34ca0a5886e0c0917a93a97c331fd7d http://kb.vmware.com/kb/1004723 VMware ESX 3.0.1 patch ESX-1004190 (unzip) http://download3.vmware.com/software/vi/ESX-1004190.tgz md5sum: 05187b9f534048c79c62741367cc0dd2 http://kb.vmware.com/kb/1004190 VMware ESX 3.0.1 patch ESX-1004189 (krb5) http://download3.vmware.com/software/vi/ESX-1004189.tgz md5sum: 21b620530b99009f469c872e73a439e8 http://kb.vmware.com/kb/1004189 VMware ESX 2.5.5 Upgrade Patch 8 http://download3.vmware.com/software/esx/esx-2.5.5-90521-upgrade.tar.gz md5sum: 392b6947fc3600ca0e8e7788cd5bbb6e http://vmware.com/support/esx25/doc/esx-255-200805-patch.html VMware ESX 2.5.4 Upgrade Patch 19 http://download3.vmware.com/software/esx/esx-2.5.4-90520-upgrade.tar.gz md5sum: 442788fd0bccb0d994c75b268bd12760 http://vmware.com/support/esx25/doc/esx-254-200805-patch.html 5. References: CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5671 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0967 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0948 6. Change log: 2008-06-04 VMSA-2008-0009 Initial release - ------------------------------------------------------------------- 7. Contact: E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce@lists.vmware.com * bugtraq@securityfocus.com * full-disclosure@lists.grok.org.uk E-mail: security@vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2008 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIRs08S2KysvBH1xkRCMxFAJ0WJX76quFzCV+avwupq3Lu72UKigCfRftj CZvxoXw/sZxDCSDjVzYAhrA= =s04s -----END PGP SIGNATURE-----

RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key. RaidSonic NAS-4220-B is prone to a vulnerability that can compromise encrypted data. This issue occurs because the key used by the device to encrypt hard-drive data is stored insecurely in the configuration partitions of each drive. Attackers with physical access to the NAS can exploit this issue to decrypt potentially sensitive information stored on the hard disks. This issue affects NAS-4220-B running firmware 2.6.0-n(2007-10-11). Other devices and firmware versions may also be affected. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: RaidSonic ICY BOX NAS-4220-B Insecure Storage of Encryption Key SECUNIA ADVISORY ID: SA29401 VERIFY ADVISORY: http://secunia.com/advisories/29401/ CRITICAL: Not critical IMPACT: Exposure of sensitive information WHERE: Local system OPERATING SYSTEM: RaidSonic ICY BOX NAS-4220-B http://secunia.com/product/17944/ DESCRIPTION: Collin Mulliner has reported a security issue in RaidSonic NAS-4220-B, which can be exploited by malicious people with physical access to the device to disclose potentially sensitive information. SOLUTION: Do not rely on the disk encryption feature. PROVIDED AND/OR DISCOVERED BY: Collin Mulliner ORIGINAL ADVISORY: http://www.mulliner.org/security/advisories/raidsonic_nas4220_crypt_disk_key_leak_09Mar2008.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, allows remote attackers to execute arbitrary code or cause a denial of service (hang or crash) via a malformed archive that triggers an unhandled exception, as demonstrated by the PROTOS GENOME test suite for Archive Formats. Multiple F-Secure products are prone to multiple remote archive-handling vulnerabilities because the applications fails to properly handle malformed archive files. Successfully exploiting these issues allows remote attackers to trigger unhandled exceptions. Various unspecified effects (potentially including denial of service or remote code execution) are possible. The malformed archive triggers an exception that cannot be handled, such as the PROTOS GENOME test that matches the Archive format. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: F-Secure Archives Handling Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA29397 VERIFY ADVISORY: http://secunia.com/advisories/29397/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: F-Secure Messaging Security Gateway X-Series http://secunia.com/product/8997/ F-Secure Messaging Security Gateway P-Series http://secunia.com/product/8998/ SOFTWARE: F-Secure Internet Security 2006 http://secunia.com/product/6883/ F-Secure Internet Security 2007 http://secunia.com/product/14375/ F-Secure Internet Security 2008 http://secunia.com/product/17555/ F-Secure Anti-Virus 2006 http://secunia.com/product/6882/ F-Secure Anti-Virus 2007 http://secunia.com/product/14374/ F-Secure Anti-Virus 2008 http://secunia.com/product/17554/ F-Secure Anti-Virus Client Security 7.x http://secunia.com/product/14381/ F-Secure Anti-Virus Client Security 6.x http://secunia.com/product/5786/ F-Secure Anti-Virus for Workstations 7.x http://secunia.com/product/14226/ F-Secure Anti-Virus Linux Client Security 5.x http://secunia.com/product/14377/ F-Secure Anti-Virus for Linux 4.x http://secunia.com/product/3165/ F-Secure Anti-Virus for Windows Servers 7.x http://secunia.com/product/14382/ F-Secure Anti-Virus for Windows Servers 5.x http://secunia.com/product/452/ F-Secure Anti-Virus Client Security 5.x http://secunia.com/product/2718/ F-Secure Anti-Virus for Workstations 5.x http://secunia.com/product/457/ F-Secure Anti-Virus for Citrix Servers 5.x http://secunia.com/product/5198/ F-Secure Anti-Virus Linux Server Security 5.x http://secunia.com/product/14376/ F-Secure Anti-Virus for Microsoft Exchange 7.x http://secunia.com/product/14551/ F-Secure Anti-Virus for Microsoft Exchange 6.x http://secunia.com/product/454/ F-Secure Internet Gatekeeper 6.x http://secunia.com/product/3339/ F-Secure Internet Gatekeeper for Linux 2.x http://secunia.com/product/4635/ F-Secure Anti-Virus for MIMEsweeper 5.x http://secunia.com/product/455/ DESCRIPTION: Some vulnerabilities have been reported in various F-Secure products, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. The vulnerabilities are caused due to unspecified errors within the handling of archives. The vulnerabilities affect the following products: * F-Secure Internet Security 2006, 2007, 2007 Second Edition, and 2008 * F-Secure Anti-Virus 2006, 2007, 2007 Second Edition, and 2008 * F-Secure Client Security 7.11 and earlier * F-Secure Anti-Virus Client Security 6.04 and earlier * F-Secure Anti-Virus for Workstations 7.11 and earlier * F-Secure Anti-Virus Linux Client Security 5.54 and earlier * F-Secure Anti-Virus for Linux 4.65 and earlier * Solutions based on F-Secure Protection Service for Consumers version 7.00 and earlier * Solutions based on F-Secure Protection Service for Business version 3.10 and earlier * F-Secure Mobile Anti-Virus\x99 for S60 2nd edition * F-Secure Mobile Anti-Virus\x99 for Windows Mobile 2003/5.0/6 * F-Secure Mobile Security\x99 for Series 80 * F-Secure Anti-Virus for Windows Servers 7.01 and earlier * F-Secure Anti-Virus for Citrix Servers 7.00 and earlier * F-Secure Anti-Virus Linux Server Security 5.54 and earlier * F-Secure Anti-Virus for Microsoft Exchange 7.10 and earlier * F-Secure Internet Gatekeeper 6.61, Windows and earlier * F-Secure Internet Gatekeeper for Linux 2.16 and earlier * F-Secure Anti-Virus for MIMEsweeper 5.61 and earlier * F-Secure Messaging Security Gateway 4.0.7 and earlier SOLUTION: Apply patches. Please see the vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: The vendor credits University of Oulu. ORIGINAL ADVISORY: http://www.f-secure.com/security/fsc-2008-2.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a process that executes a command shell and listens on a randomly chosen TCP port, which allows remote attackers to execute arbitrary commands. An attacker can exploit this issue to execute arbitrary commands with 'casuser' privileges on Solaris and SYSTEM-level privileges on Windows. Successfully exploiting this issue will result in the complete compromise of affected computers. This issue affects IPM 2.6. There are no workarounds for this vulnerability. Cisco has made free software available to address this issue for affected customers. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080313-ipm.shtml. Affected Products ================= Vulnerable Products +------------------ IPM version 2.6 for Solaris and Windows operating systems is vulnerable. Products Confirmed Not Vulnerable +-------------------------------- IPM versions 2.5 and earlier as well as IPM version 4.0 are not vulnerable. No other Cisco products are known to be vulnerable. Details ======= CiscoWorks IPM is a troubleshooting application that gauges network response time and availability. It is available as a component within the CiscoWorks LAN Management Solution (LMS) bundle. This vulnerability is documented in CVE-2008-1157 and Cisco Bug ID CSCsj06260. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCsj06260 - Remote command execution possible using the Process Mgr CVSS Base Score - 10 Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete CVSS Temporal Score - 8.3 Exploitability: Functional Remediation Level: Official-Fix Report Confidence: Confirmed Impact ====== Successful exploitation of the vulnerability may result in the ability to execute arbitrary commands with the non-privileged casuser user account on Solaris systems and with full administrative SYSTEM privileges on Windows systems. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. This vulnerability is corrected in the IPM version 2.6 CSCsj06260 patch for Solaris and Windows operating systems. Fixed software can be obtained here: http://www.cisco.com/pcgi-bin/tablebuild.pl/ipm-sol?psrtdcat20e2 In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Workarounds =========== There are no workarounds for this vulnerability. It is possible to mitigate this vulnerability by restricting network access to TCP ports on a system running IPM version 2.6 to trusted systems. Administrators are strongly encouraged to upgrade to a fixed version of IPM. Additional mitigation techniques that can be deployed on Cisco devices within the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory: http://www.cisco.com/warp/public/707/cisco-amb-20080313-ipm.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found a http://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was reported to Cisco by a customer. Status of this Notice: FINAL THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20080313-ipm.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-teams@first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2008-March-13 | public | | | | release | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/ products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. -----BEGIN PGP SIGNATURE----- iD8DBQFH2aQ+86n/Gc8U/uARAlfvAKCaLVTnDfeM+enHIlme0307gP/CJACdEjVL y2rrCzoSrxzkrhR0+7anTQk= =udUL -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. The vulnerability is caused due to the application binding a command shell to a random port on the affected system. SOLUTION: Apply vendor patch. IPM version 2.6 CSCsj06260: http://www.cisco.com/pcgi-bin/tablebuild.pl/ipm-sol?psrtdcat20e2 PROVIDED AND/OR DISCOVERED BY: The vendor credits a Cisco customer. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20080313-ipm.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor