Sign-up

VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-200908-0262 CVE-2009-2195 Apple Safari of WebKit Vulnerable to buffer overflow CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers. WebKit is prone to a remote buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition. Versions prior to Apple Safari 4.0.3 are vulnerable; other applications using WebKit may also be affected. Apple Safari is a WEB browser. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE update for Multiple Packages SECUNIA ADVISORY ID: SA43068 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43068/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43068 RELEASE DATE: 2011-01-25 DISCUSS ADVISORY: http://secunia.com/advisories/43068/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43068/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43068 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for multiple packages, which fixes multiple vulnerabilities. For more information: SA32349 SA33495 SA35095 SA35379 SA35411 SA35449 SA35758 SA36269 SA36677 SA37273 SA37346 SA37769 SA38061 SA38545 SA38932 SA39029 SA39091 SA39384 SA39661 SA39937 SA40002 SA40072 SA40105 SA40112 SA40148 SA40196 SA40257 SA40664 SA40783 SA41014 SA41085 SA41242 SA41328 SA41390 SA41443 SA41535 SA41841 SA41888 SA41968 SA42151 SA42264 SA42290 SA42312 SA42443 SA42461 SA42658 SA42769 SA42886 SA42956 SA43053 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SR:2011:002: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200908-0265 CVE-2009-2199 Apple Safari of WebKit In URL Domain name spoofing vulnerability CVSS V2: 5.8
CVSS V3: -
Severity: MEDIUM
Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs. Apple Safari of WebKit Is URL There are vulnerabilities that make it easier to phishing attacks by spoofing the domain name inside.To a third party URL The domain name inside may be phishing attacks. WebKit is affected by a URI-spoofing vulnerability because it fails to adequately handle specific characters in international domain name (IDN) domains. An attacker may leverage this issue to spoof the source URI of a site presented to an unsuspecting user. This may lead to a false sense of trust because the user may be presented with a source URI of a trusted site while interacting with the attacker's malicious site. Versions prior to Apple Safari 4.0.3 are vulnerable; other applications using WebKit may also be affected. Apple Safari is a WEB browser. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple iPhone / iPod touch Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36677 VERIFY ADVISORY: http://secunia.com/advisories/36677/ DESCRIPTION: Some vulnerabilities, security issues, and weaknesses have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people with physical access to the device to bypass certain security restrictions or disclose sensitive information, and by malicious people to disclose sensitive information, conduct cross-site scripting and spoofing attacks, cause a DoS (Denial of Service), or to compromise a user's system. 1) An error in CoreAudio when processing sample size table entries of AAC and MP3 files can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 2) An error in Exchange Support exists due to the "Require Passcode" setting not being affected by the "Maximum inactivity time lock" setting. This may lead to a time window, regardless of the Maximum inactivity time lock" setting, in which a person with physical access to the device is able to use the Exchange services. 3) A security issue exists in MobileMail due to deleted mails being accessible via Spotlight search. This can be exploited by malicious people with physical access to the device to disclose potentially sensitive information. 4) An unspecified error exists in the Recovery Mode command parsing. This can be exploited by a person with physical access to a device to cause a heap-based buffer overflow and e.g. gain access to a locked device. 5) A NULL pointer dereference error within the handling of SMS arrival notifications can be exploited to cause a service interruption. 6) An error in the handling of passwords in UIKit can be exploited by a person with physical access to a device to disclose a password. 7) Safari includes the user name and password in the "Referer" header, which can lead to the exposure of sensitive information. 8) Two vulnerabilities in WebKit can be exploited by malicious people to conduct cross-site scripting attacks or potentially compromise a user's system. For more information: SA35758 9) A vulnerability in WebKit can be exploited by malicious people to conduct spoofing attacks. For more information see vulnerability #6 in: SA36269 SOLUTION: Update to iPhone OS 3.1 or iPhone OS for iPod touch 3.1.1 (downloadable and installable via iTunes). PROVIDED AND/OR DISCOVERED BY: 1) Tobias Klein, trapkit.de The vendor credits: 2) Allan Steven, Robert Duran, Jeff Beckham of PepsiCo, Joshua Levitsky, Michael Breton of Intel Corporation, Mike Karban of Edward Jones, and Steve Moriarty of Agilent Technologies 3) Clickwise Software and Tony Kavadias 5) Charlie Miller of Independent Security Evaluators and Collin Mulliner of Technical University Berlin 6) Abraham Vegh 7) James A. T. Rice of Jump Networks Ltd ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3860 Tobias Klein: http://trapkit.de/advisories/TKADV2009-007.txt OTHER REFERENCES: SA35758: http://secunia.com/advisories/35758/ SA36269: http://secunia.com/advisories/36269/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE update for Multiple Packages SECUNIA ADVISORY ID: SA43068 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43068/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43068 RELEASE DATE: 2011-01-25 DISCUSS ADVISORY: http://secunia.com/advisories/43068/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43068/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43068 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for multiple packages, which fixes multiple vulnerabilities. For more information: SA32349 SA33495 SA35095 SA35379 SA35411 SA35449 SA35758 SA36269 SA36677 SA37273 SA37346 SA37769 SA38061 SA38545 SA38932 SA39029 SA39091 SA39384 SA39661 SA39937 SA40002 SA40072 SA40105 SA40112 SA40148 SA40196 SA40257 SA40664 SA40783 SA41014 SA41085 SA41242 SA41328 SA41390 SA41443 SA41535 SA41841 SA41888 SA41968 SA42151 SA42264 SA42290 SA42312 SA42443 SA42461 SA42658 SA42769 SA42886 SA42956 SA43053 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server
VAR-200908-0708 CVE-2009-2412 Apache Portable Runtime Digital error vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information. Apache APR (Apache Portable Runtime) and 'APR-util' are prone to multiple integer-overflow vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of an application that uses the affected library. Successful exploits will compromise the affected application and possibly the computer. Failed attacks will cause denial-of-service conditions. =========================================================== Ubuntu Security Notice USN-813-3 August 08, 2009 apr-util vulnerability CVE-2009-2412 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libaprutil1 1.2.12+dfsg-3ubuntu0.2 Ubuntu 8.10: libaprutil1 1.2.12+dfsg-7ubuntu0.3 Ubuntu 9.04: libaprutil1 1.2.12+dfsg-8ubuntu0.3 After a standard system upgrade you need to restart any applications using apr-util, such as Subversion and Apache, to effect the necessary changes. Details follow: USN-813-1 fixed vulnerabilities in apr. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-3ubuntu0.2.diff.gz Size/MD5: 25223 c491683a8eafa49c7405a3f300e65121 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-3ubuntu0.2.dsc Size/MD5: 1324 88ae14ce33166e372cdd6f8bcf613f92 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz Size/MD5: 658687 4ef3e41037fe0cdd3a0d107335a008eb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_amd64.deb Size/MD5: 133304 e29516cb4b454f1c3cd325e5cbe39cb4 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_amd64.deb Size/MD5: 129976 8f85bb63ecb4065a80b1b88ba8d76948 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_amd64.deb Size/MD5: 76016 4e9115941ed9159e504184ca13aa90e4 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_i386.deb Size/MD5: 126510 2da368c73ee8f98b5dab99e1709f1156 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_i386.deb Size/MD5: 119570 3d2ae02052a2b86d26aaf2f33c412a33 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_i386.deb Size/MD5: 70528 388a8676998117644995e177f5936bbe lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_lpia.deb Size/MD5: 128320 dabf57ad0cecb8fcd89fe727ed3dc31b http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_lpia.deb Size/MD5: 119216 45a38f1b5754562d783f75d24210c74d http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_lpia.deb Size/MD5: 69700 4da2de6469a2986eaa1a6a83189424ea powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_powerpc.deb Size/MD5: 134052 317a3362a63bac3e6968793b1bae8772 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_powerpc.deb Size/MD5: 130390 6a22f60dd54ebb4905f32c7e25d016a7 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_powerpc.deb Size/MD5: 80238 46514a01aafcaf4c2f9403aecec2ee67 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-3ubuntu0.2_sparc.deb Size/MD5: 120272 ff0c69402549737e9ded54e1f8121183 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-3ubuntu0.2_sparc.deb Size/MD5: 124284 e4f8d6fb63c40e2c7e1f76c17e731ae7 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-3ubuntu0.2_sparc.deb Size/MD5: 71220 c9e3d018c2c90ff0df35076ce9cc61c9 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-7ubuntu0.3.diff.gz Size/MD5: 26056 681e0a17fbbc73c4df8039af9c9bf39b http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-7ubuntu0.3.dsc Size/MD5: 1632 0b733d35b65cbaa590106f5439a3d60c http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz Size/MD5: 658687 4ef3e41037fe0cdd3a0d107335a008eb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_amd64.deb Size/MD5: 150926 f84b953448992901f397163370ea50cb http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_amd64.deb Size/MD5: 136498 5aacc2b07791b3bd829ac7f86acd339c http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_amd64.deb Size/MD5: 82582 c9026cdd489cd35e370ba77d2340b61a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_i386.deb Size/MD5: 144188 37a2d20a24036401f18fda98f305f707 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_i386.deb Size/MD5: 124918 ab9e5a80eadcc83a56fa79947bcf50d2 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_i386.deb Size/MD5: 75948 f60d59dc4dfae7642759e9e04836a043 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_lpia.deb Size/MD5: 145568 461f743ee035d1c819e999b7fb285e3d http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_lpia.deb Size/MD5: 124706 88715c94e75a9208472f89315a43a191 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_lpia.deb Size/MD5: 75294 75ec0cb0a60394270ed01c624ab2ca45 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_powerpc.deb Size/MD5: 150370 b4ceaab7f90f66cfa7c1f49807392eb3 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_powerpc.deb Size/MD5: 136022 e387a546ebdac695e59c0a9c8e81c317 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_powerpc.deb Size/MD5: 84950 b686d8972716ba63a3d11d814839b9cf sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-7ubuntu0.3_sparc.deb Size/MD5: 135514 9827bf55329a04b17f6a7f84607cf2c2 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-7ubuntu0.3_sparc.deb Size/MD5: 128478 cb3c9c3ed8c65bb4150bb43695c7e100 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-7ubuntu0.3_sparc.deb Size/MD5: 75496 3ea0dff43bb0f651ae0148e448d13ad4 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-8ubuntu0.3.diff.gz Size/MD5: 23312 6585617002ebb7d19e1bda7e099ae282 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg-8ubuntu0.3.dsc Size/MD5: 1630 f7de26eb17fec57fa163e3e4410206ba http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz Size/MD5: 658687 4ef3e41037fe0cdd3a0d107335a008eb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_amd64.deb Size/MD5: 147492 81a39d8f099e1df7ebe44fe183c4b862 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_amd64.deb Size/MD5: 133158 b419556248ef642ba39d885977836d21 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_amd64.deb Size/MD5: 79108 ce8b662218c46553859aa56e62eb7478 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_i386.deb Size/MD5: 140628 652b4cebfd41a022bce97331144cb781 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_i386.deb Size/MD5: 121362 e7116f8304e07bfe3972909d5d3a2527 http://security.ubuntu.com/ubuntu/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_i386.deb Size/MD5: 72564 45123878c4a49deac7b9cd3d2ffc114b lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_lpia.deb Size/MD5: 141900 5ebf828408751090b98f5bcc333091d1 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_lpia.deb Size/MD5: 121152 7966b64663cdb9f2f356bab6bf5497a1 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_lpia.deb Size/MD5: 71974 fa4eecc0e9fbde67202a4d6cb23428a4 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_powerpc.deb Size/MD5: 146736 c24f4e72d8d235ee281c73c0f28ed9d4 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_powerpc.deb Size/MD5: 132578 08e7e684493b5be07caf87ee4a72b794 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_powerpc.deb Size/MD5: 81516 ddccbfd2f3c16afab66d3497e16b0a7b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8ubuntu0.3_sparc.deb Size/MD5: 131528 05cf349f401cadcce9b4f05af60c5a7c http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8ubuntu0.3_sparc.deb Size/MD5: 124898 d558d40964826c4fd4653c31e1df8225 http://ports.ubuntu.com/pool/main/a/apr-util/libaprutil1_1.2.12+dfsg-8ubuntu0.3_sparc.deb Size/MD5: 71818 d0edb0876c741dfddbd063d9d84ea10f . This could cause the library to return a memory area which smaller than requested, resulting a heap overflow and possibly arbitrary code execution. For the old stable distribution (etch), this problem has been fixed in version 1.2.7-9 of the apr package, and version 1.2.7+dfsg-2+etch3 of the apr-util package. For the stable distribution (lenny), this problem has been fixed in version 1.2.12-5+lenny1 of the apr package and version 1.2.12-5+lenny1 of the apr-util package. For the unstable distribution (sid), this problem will be fixed soon. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg.orig.tar.gz Size/MD5 checksum: 643328 a3117be657f99e92316be40add59b9ff http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg-2+etch3.dsc Size/MD5 checksum: 1036 9dc256c005a7f544c4d5c410b226fb74 http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7-9.diff.gz Size/MD5 checksum: 26613 021ef3aa5b3a9fc021779a0b6a6a4ec9 http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg-2+etch3.diff.gz Size/MD5 checksum: 21651 e090ebfd7174c90bae4e4935a3d3db15 http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7.orig.tar.gz Size/MD5 checksum: 1102370 aea926cbe588f844ad9e317157d60175 http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7-9.dsc Size/MD5 checksum: 856 89662625fd7a34ceb514087de869d918 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_alpha.deb Size/MD5 checksum: 121726 df1e2d6e8bf9ed485ad417fe274eb0e3 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_alpha.deb Size/MD5 checksum: 83690 b5873275f420b15f9868ea0dde699c60 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_alpha.deb Size/MD5 checksum: 371668 4e8bd42151f3cdf8cee91c49599aab42 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_alpha.deb Size/MD5 checksum: 129158 5074639b4b0d9877ff29b96540fdfaec http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_alpha.deb Size/MD5 checksum: 185420 ddf84849ff3bee792dc187c6d21958bd http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_alpha.deb Size/MD5 checksum: 148140 079cff06535a7e3f4e9a5d682d80bb1b amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_amd64.deb Size/MD5 checksum: 72946 6b11e4b65bdf67981a091177d9644007 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_amd64.deb Size/MD5 checksum: 126156 b420f555d02504e0497a0ba3c27e0cac http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_amd64.deb Size/MD5 checksum: 127742 1606857f3291ccb10e038219f1f2eab3 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_amd64.deb Size/MD5 checksum: 187302 bb1a4aa5768fa012201ad1e72bc27e93 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_amd64.deb Size/MD5 checksum: 348120 b5d6b4e7c628dffe867159b54b6c82f1 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_amd64.deb Size/MD5 checksum: 111664 6b51dc29ea4defa975902d246188086f arm architecture (ARM) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_arm.deb Size/MD5 checksum: 121504 3ba789c274f2ed7030aa286ea57dbb3d http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_arm.deb Size/MD5 checksum: 175146 86ff258e9181fa424cb043dc22e2c0e0 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_arm.deb Size/MD5 checksum: 117302 97d701c8f9d6746eb14448bfde8e8588 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_arm.deb Size/MD5 checksum: 104934 45a976662beb7ec3b15ee7c7a45f3de7 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_arm.deb Size/MD5 checksum: 66110 09c54142359236f50654bd9c7b375781 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_arm.deb Size/MD5 checksum: 335520 14d06ecfb54247718b780c893df8f4cc hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_hppa.deb Size/MD5 checksum: 126186 9494353aa42e983a245af2890dd2c6d7 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_hppa.deb Size/MD5 checksum: 78668 60c87b0e86c1ed31deecddd88cdf5fa5 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_hppa.deb Size/MD5 checksum: 133918 ae993c733053a326603c5b750505bee9 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_i386.deb Size/MD5 checksum: 116052 6238f10eb5077bb53b9664b82b985c40 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_i386.deb Size/MD5 checksum: 338694 262cec472ec3aaeb1b4d38eebaa940c8 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_i386.deb Size/MD5 checksum: 68854 78ab4f6425153d8b746b99842994d555 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_i386.deb Size/MD5 checksum: 109138 4aa254cacd4e95785ae823cedb1cce2f http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_i386.deb Size/MD5 checksum: 122136 4a16475bb5780625902c79069681ae74 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_i386.deb Size/MD5 checksum: 180654 481471d06045a2e348b55de6dbdf5f94 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_ia64.deb Size/MD5 checksum: 156562 52761fff3e82e21728e0c6a79bf4508f http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_ia64.deb Size/MD5 checksum: 99446 3ad58d882e434e39be525e7aa41d9e93 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_ia64.deb Size/MD5 checksum: 141894 5b7351a6b4c3765e3d76b9d22e04cf0e http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_ia64.deb Size/MD5 checksum: 118716 8c73712293cd4d9a5935aefd18a3e4c9 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_ia64.deb Size/MD5 checksum: 171514 f474001e4f852a44af517b5d6f737a65 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_ia64.deb Size/MD5 checksum: 385514 76d0bbda16c749f6a5b40fd6297a180a mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_mips.deb Size/MD5 checksum: 188816 de1ecb467042d2c1891cc1d2f5db83d9 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_mips.deb Size/MD5 checksum: 130394 fc34d9b137c080b63374d809c1d6bf8b http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_mips.deb Size/MD5 checksum: 130492 4d7cdffabbef214eeea0c02a346d0eb8 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_mips.deb Size/MD5 checksum: 70776 6fe66f5cb81c2a3af2fa0cd64a85cfd8 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_mips.deb Size/MD5 checksum: 357368 aab08f1596aead97cc48924ebf99c80e http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_mips.deb Size/MD5 checksum: 112644 9c6d720999259453daaa13e8ec3c8336 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_mipsel.deb Size/MD5 checksum: 186464 5b2392a143ff8a173a771b819377ab47 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_mipsel.deb Size/MD5 checksum: 128052 02e3c278190e92d7131c275aab5f5c44 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_mipsel.deb Size/MD5 checksum: 358010 480087a77642a8ff99a32bb323b62600 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_mipsel.deb Size/MD5 checksum: 130712 50da703a75deb2ba87d4be171e80bd5b http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_mipsel.deb Size/MD5 checksum: 113352 d363370bcba834268202db5271b20aa3 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_mipsel.deb Size/MD5 checksum: 70794 1f57c4362c286bd0d2df40d775690612 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_powerpc.deb Size/MD5 checksum: 125106 92d5d46effd18aaa8e849254d9da8acd http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_powerpc.deb Size/MD5 checksum: 348504 2f4f96652c28e3f5f1cfae8e5265ec83 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_powerpc.deb Size/MD5 checksum: 130380 dacdce767bcff6b0ecbe66add6838e8b http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_powerpc.deb Size/MD5 checksum: 189780 ae1e23e3080fbfe3ba26b8acf9561d6c http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_powerpc.deb Size/MD5 checksum: 113956 1e2ba4da9ee0775325b351887c182f52 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_powerpc.deb Size/MD5 checksum: 72472 3a47c9eca3ec7b6f4e87609b3aca7f65 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_s390.deb Size/MD5 checksum: 124802 cdd46922b57a51fedb25ae401d8dc753 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_s390.deb Size/MD5 checksum: 121978 71edc1d101933b1a43a9c395427a4aed http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_s390.deb Size/MD5 checksum: 128570 f0f7d5dfecb61c6212e0803a325e8a01 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_s390.deb Size/MD5 checksum: 186320 cca313c55848e6161810ff16fb71390f http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_s390.deb Size/MD5 checksum: 349848 b9cbaa0a70b9bfa28d74ac4a6e107428 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_s390.deb Size/MD5 checksum: 76668 f6b5e093ae1c3c5d4442e223115052de sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_sparc.deb Size/MD5 checksum: 338056 ab06437e18c1cc36dab35779cc4102d8 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_sparc.deb Size/MD5 checksum: 103200 1c6f94d15f4e3052e9ed80fc232f96b5 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_sparc.deb Size/MD5 checksum: 117840 5f0671d301a9e2ea8020d0dcaa71a42b http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_sparc.deb Size/MD5 checksum: 66374 668815a44c99c366ae8e3f624613932e http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_sparc.deb Size/MD5 checksum: 167962 f338f71eeb38be58c67d1ac0fd92d1ff http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_sparc.deb Size/MD5 checksum: 117510 63dd9c471f24472eb46a5fd9dcb92077 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12.orig.tar.gz Size/MD5 checksum: 1127522 020ea947446dca2d1210c099c7a4c837 http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12-5+lenny1.diff.gz Size/MD5 checksum: 12398 b407ff7dac7363278f4f060e121aa611 http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz Size/MD5 checksum: 658687 4ef3e41037fe0cdd3a0d107335a008eb http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny4.dsc Size/MD5 checksum: 1530 dccceaa89d58074be3b7b7738a99756b http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny4.diff.gz Size/MD5 checksum: 23138 a2222477de9ad92015416542a2c250ed http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12-5+lenny1.dsc Size/MD5 checksum: 1284 4330306f892fd7c0950b1ccf2537b38d alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_alpha.deb Size/MD5 checksum: 806236 3689d5ee779d3846fe67c9dad2f213dc http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_alpha.deb Size/MD5 checksum: 53204 92bb2e8a7c48e6f8437680e08607a3f7 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_alpha.deb Size/MD5 checksum: 147658 edba141e93c382fbf0ab2bbec1dba899 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_alpha.deb Size/MD5 checksum: 158060 b80ad32790c6c8d89f0007a69d9ce0b8 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_alpha.deb Size/MD5 checksum: 90740 c715b55d060a2d4e8d7684477d0b9014 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_alpha.deb Size/MD5 checksum: 121774 565a4fdd123d04698907456e40d4df0b amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_amd64.deb Size/MD5 checksum: 54232 3f23cc38f68bbf926b801b82b3fea917 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_amd64.deb Size/MD5 checksum: 80046 f6158018f26ddd6369687b8f9f64aa75 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_amd64.deb Size/MD5 checksum: 114326 851cc08504589c09f08ec9e6efa52ef1 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_amd64.deb Size/MD5 checksum: 147928 136a5a5c0d558d8f252d1ed44efed217 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_amd64.deb Size/MD5 checksum: 133850 6b71ac477650c688863ef33fc58216a0 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_amd64.deb Size/MD5 checksum: 825740 bf80dbc726c5b691b023e96e463ba88c arm architecture (ARM) http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_arm.deb Size/MD5 checksum: 818438 8e6c8a9964650a793e4a0e5ec51a8619 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_arm.deb Size/MD5 checksum: 54912 a853d8175d2bee56c6f37aada02fc2ca http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_arm.deb Size/MD5 checksum: 107790 85e0815ff8f340d99052a9c9f604cccd http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_arm.deb Size/MD5 checksum: 71112 20a4c9fd130c188166c0ebc6ceff5fcf http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_arm.deb Size/MD5 checksum: 138982 c84f95cff9713ed403fae7b712456ade http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_arm.deb Size/MD5 checksum: 124090 c4fc3663255a416725a69818e3523731 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_armel.deb Size/MD5 checksum: 109676 e26ebffcc101ffc87963c9a65b3543f6 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_armel.deb Size/MD5 checksum: 124626 4c34337eb3d1d55900a067f2c8412abc http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_armel.deb Size/MD5 checksum: 821990 19c68f5f904bb3bbdfd44349f8544e83 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_armel.deb Size/MD5 checksum: 55820 f39b0928bc4b91fb60bd6259c6ae6e02 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_armel.deb Size/MD5 checksum: 70086 1d3032e0879ed1ea6fa2f04c34af1782 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_armel.deb Size/MD5 checksum: 139434 e802e42577998c62fadfc335edb3b81a hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_hppa.deb Size/MD5 checksum: 83668 3c8893214d7375303eaf1eec6e27212b http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_hppa.deb Size/MD5 checksum: 827762 2fd0d8dd54c92c828e42100bb8816b00 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_hppa.deb Size/MD5 checksum: 142916 14e1e2f8fa50b0eb1772f1e4bbc26e50 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_hppa.deb Size/MD5 checksum: 140872 7fef63f2cd282e44c51b5e69d94d8706 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_hppa.deb Size/MD5 checksum: 113954 926b8c39fee1787a94b3d6cc1c6d420b http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_hppa.deb Size/MD5 checksum: 54332 18751dc2275828a126b2dbe568678f32 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_i386.deb Size/MD5 checksum: 73814 2ef03972ed5b2232fe5782c4960bc362 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_i386.deb Size/MD5 checksum: 54582 edc98ca59cebd14195602929def1da31 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_i386.deb Size/MD5 checksum: 141438 5a54e1cac30640ca5e9922586d9983a8 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_i386.deb Size/MD5 checksum: 108882 075f37cd43e483d27ff0b94ad01f2d08 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_i386.deb Size/MD5 checksum: 121138 fc2411e049936d12702713c82377c9e5 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_i386.deb Size/MD5 checksum: 809460 a5648e0404f1cb4244c156cf85bfe0f5 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_ia64.deb Size/MD5 checksum: 135404 8f7a4964b22e5e9e5297380c15d8818d http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_ia64.deb Size/MD5 checksum: 170110 412b51e1e3c1ed4e309459dd17844e68 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_ia64.deb Size/MD5 checksum: 154362 2fc1441f28ef4f90446464627c8ef36d http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_ia64.deb Size/MD5 checksum: 837496 6862607faf59e42525f5205d8a967818 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_ia64.deb Size/MD5 checksum: 111140 12f0bf9e6264cc9c170c2b8365428cc0 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_ia64.deb Size/MD5 checksum: 53428 a6a55d644fb58a0f7ea6a9b509cb71d0 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_mips.deb Size/MD5 checksum: 110932 feb666e4f402bcb1954bc194c37496d7 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_mips.deb Size/MD5 checksum: 147482 e2508cc75520518ccbe4c3a5cf0cc50c http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_mips.deb Size/MD5 checksum: 56582 5134a012017e629239cc543fedf4edf3 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_mips.deb Size/MD5 checksum: 74584 2fbb1b76079126fd701f32e45a9cf7f0 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_mips.deb Size/MD5 checksum: 792650 126585d9fe0def77f7632f9d098eb11d http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_mips.deb Size/MD5 checksum: 136438 ae62dc1d5a32fac11615f4b67cfa4a6b mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_mipsel.deb Size/MD5 checksum: 56414 ecca7e3643ccb91fc962b886bdddbc0e http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_mipsel.deb Size/MD5 checksum: 136390 d45f956c14ea9fe22b77bce3810c32b7 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_mipsel.deb Size/MD5 checksum: 144740 05411f88615592531468cdd89bb4b5d0 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_mipsel.deb Size/MD5 checksum: 74366 a15e15331a62f33d33481b7e53f07b48 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_mipsel.deb Size/MD5 checksum: 792762 dc1e4748e106c82e9f8bf6c3ecce4a38 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_mipsel.deb Size/MD5 checksum: 110974 a5dd28b5c9b3106da8e4c81abea6777d powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_powerpc.deb Size/MD5 checksum: 82512 f8a18fb94a4ef3cabec01c288a26eef5 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_powerpc.deb Size/MD5 checksum: 55708 555d64273f15c6ebd503b7cb84f0fb29 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_powerpc.deb Size/MD5 checksum: 132338 66e77820b5b9d2a05d6df5c4ec2c76b0 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_powerpc.deb Size/MD5 checksum: 116238 1a291989c32ea21ac8eef9ca51831fc5 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_powerpc.deb Size/MD5 checksum: 147180 cc9f274b349dbbb9ce9b69b0d0edf493 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_powerpc.deb Size/MD5 checksum: 821948 fc3acf3dec16223caf6f932e8b7c0c01 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_s390.deb Size/MD5 checksum: 126058 474bddd0f3c5a69cc21fc2d403fe90f6 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_s390.deb Size/MD5 checksum: 148614 89cc7bb2619f28e5e6e9d0042050a924 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_s390.deb Size/MD5 checksum: 133044 fb35625937e6fae551d97df283a32dd9 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_s390.deb Size/MD5 checksum: 787872 2dc32425bfbd17b841218064599d80ed http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_s390.deb Size/MD5 checksum: 85496 c41f2fdebd22ec066815211768dcdc3a http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_s390.deb Size/MD5 checksum: 54414 c36fa2538d8077a8ef09842e07bd989a sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_sparc.deb Size/MD5 checksum: 814624 613a70f3443404f5939e91e229d01d25 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_sparc.deb Size/MD5 checksum: 54370 4c12839718c73a2b96b607d77fcbc583 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_sparc.deb Size/MD5 checksum: 131706 5c2ad3da38aaaab8ac2c14656602c532 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_sparc.deb Size/MD5 checksum: 108712 c1f66be9c2daa447d5bfbd1f7639aada http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_sparc.deb Size/MD5 checksum: 72738 ec558ed4277ca676f07e3181ffad0335 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_sparc.deb Size/MD5 checksum: 124976 22385c13d934c3877ce2f9eeaa4584e3 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJKfcqtAAoJEL97/wQC1SS+6T4IAJxpIZ7AUOwmDtuOk/WQzlzv U1nz6YhC9nhf/QdjbmAe0+ClaGwP5FZOacfEK6t64DBJ/81qgLtHlh6hlbm2+9wD vIddGlXmdKjEcHXVbt5rwEoc9pk6ma954Fziu2yUVxhP40SBLWlfEQ5w1LxjNHAI UKokX2+4C3Lk+6hJd8AqnvyfqP8h990HzFqT11hh8OlKVrvHmAiZWbSMmLvkKsPf F5mNDGVKluNfpAhwo6eLN2ayRDEKAeuejF2jQtb/MXQN3kJpPri2JhalhMra371l RmpmVNUOtKKJz/3gHSLjQNh6D5G4kj/I9RcHFA68Pv14kXh0xgtQlKGGLaPo/3M= =704P -----END PGP SIGNATURE----- . This update provides fixes for these vulnerabilities. Update: apr-util packages were missing for Mandriva Enterprise Server 5 i586, this has been adressed with this update. (CVE-2009-0023). The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564 (CVE-2009-1955). Packages for 2008.0 are being provided due to extended support for Corporate products. The updated packages have been patched to prevent this. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: d55d5dd456de0c7977f93bff217406d7 2008.0/i586/apr-util-dbd-mysql-1.2.10-1.1mdv2008.0.i586.rpm bd02eb2233dcc07aadd7e5eb84df9ce8 2008.0/i586/apr-util-dbd-pgsql-1.2.10-1.1mdv2008.0.i586.rpm 334e127fb8ac03379c8a5f2ee7c144b6 2008.0/i586/apr-util-dbd-sqlite3-1.2.10-1.1mdv2008.0.i586.rpm 4307983fb3d21ab0f9955711e116f92e 2008.0/i586/libapr1-1.2.11-1.1mdv2008.0.i586.rpm ff24f1e1587f2210346ea134d4a2053e 2008.0/i586/libapr-devel-1.2.11-1.1mdv2008.0.i586.rpm 3d50a85109e011ced9e36f1565e9bc69 2008.0/i586/libapr-util1-1.2.10-1.1mdv2008.0.i586.rpm b786e2329fc63d459b841bf001261543 2008.0/i586/libapr-util-devel-1.2.10-1.1mdv2008.0.i586.rpm 6ef7669ea3d0db3dbaed35f35ae2dbdc 2008.0/SRPMS/apr-1.2.11-1.1mdv2008.0.src.rpm 1a923fc9c2f912ef339b942a59bff4e6 2008.0/SRPMS/apr-util-1.2.10-1.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 91588bbcf3940cd106b0fe458be6d4b9 2008.0/x86_64/apr-util-dbd-mysql-1.2.10-1.1mdv2008.0.x86_64.rpm b71d8b14cc536cf8a2448b353d2b4047 2008.0/x86_64/apr-util-dbd-pgsql-1.2.10-1.1mdv2008.0.x86_64.rpm 10b889bb625dbae01711ed7e8e101744 2008.0/x86_64/apr-util-dbd-sqlite3-1.2.10-1.1mdv2008.0.x86_64.rpm 068334fc392c68f9b29e629dd3776f83 2008.0/x86_64/lib64apr1-1.2.11-1.1mdv2008.0.x86_64.rpm a9ed011d8b421e8604e66a87a4972477 2008.0/x86_64/lib64apr-devel-1.2.11-1.1mdv2008.0.x86_64.rpm c08da53c4c88464249f46c6577f3c2a8 2008.0/x86_64/lib64apr-util1-1.2.10-1.1mdv2008.0.x86_64.rpm 4b1b86a3e07f4b87a1a53f0dbaaa3aff 2008.0/x86_64/lib64apr-util-devel-1.2.10-1.1mdv2008.0.x86_64.rpm 6ef7669ea3d0db3dbaed35f35ae2dbdc 2008.0/SRPMS/apr-1.2.11-1.1mdv2008.0.src.rpm 1a923fc9c2f912ef339b942a59bff4e6 2008.0/SRPMS/apr-util-1.2.10-1.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGEWRmqjQ0CJFipgRAsWiAJ9LbNZNAkUIxWbq84aERpTacFEJPACg0xgy wuYdtSQeV/bOOP7w17qo2V0= =V8dA -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Subversion clients and servers, versions 1.6.0 - 1.6.3 and all versions < 1.5.7, are vulnerable to several heap overflow problems which may lead to remote code execution. The official advisory (mirrored at http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt) follows: Subversion clients and servers up to 1.6.3 (inclusive) have heap overflow issues in the parsing of binary deltas. Summary: ======== Subversion clients and servers have multiple heap overflow issues in the parsing of binary deltas. This is related to an allocation vulnerability in the APR library used by Subversion. Clients with commit access to a vulnerable server can cause a remote heap overflow; servers can cause a heap overflow on vulnerable clients that try to do a checkout or update. This can lead to a DoS (an exploit has been tested) and to arbitrary code execution (no exploit tested, but the possibility is clear). Known vulnerable: ================= Subversion clients and servers <= 1.5.6. Subversion clients and servers 1.6.0 through 1.6.3 (inclusive). Known fixed: ============ Subversion 1.6.4 Subversion 1.5.7 (Search for "Patch" below to see the patches from 1.6.3 -> 1.6.4 and 1.5.6 -> 1.5.7. Search for "Recommendations" to get URLs for the 1.6.4 release and associated APR library patch.) Details: ======== The libsvn_delta library does not contain sufficient input validation of svndiff streams. If a stream with large windows is processed, one of several integer overflows may lead to some boundary checks incorrectly passing, which in turn can lead to a heap overflow. Severity: ========= A remote attacker with commit access to repository may be able to execute code on a Subversion server. A malicious server may be able to execute code on a Subversion client. Recommendations: ================ We recommend all users to upgrade to Subversion 1.6.4. We recommend all users to upgrade to the latest versions of APR and APR-UTIL, or apply the CVE-2009-2412 patch appropriate to their APR installation from <http://www.apache.org/dist/apr/patches/>. New Subversion packages can be found at: http://subversion.tigris.org/project_packages.html References: =========== CVE-2009-2411 (Subversion) CVE-2009-2412 (APR) Reported by: ============ Matt Lewis, Google. Patches: ======== This patch applies to Subversion 1.6.x (apply with patch -p0 < patchfile): [[[ Index: subversion/libsvn_delta/svndiff.c =================================================================== --- subversion/libsvn_delta/svndiff.c (revision 38519) +++ subversion/libsvn_delta/svndiff.c (working copy) @@ -60,10 +60,23 @@ struct encoder_baton { apr_pool_t *pool; }; +/* This is at least as big as the largest size of an integer that + encode_int can generate; it is sufficient for creating buffers for + it to write into. This assumes that integers are at most 64 bits, + and so 10 bytes (with 7 bits of information each) are sufficient to + represent them. */ +#define MAX_ENCODED_INT_LEN 10 +/* This is at least as big as the largest size for a single instruction. */ +#define MAX_INSTRUCTION_LEN (2*MAX_ENCODED_INT_LEN+1) +/* This is at least as big as the largest possible instructions + section: in theory, the instructions could be SVN_DELTA_WINDOW_SIZE + 1-byte copy-from-source instructions (though this is very unlikely). */ +#define MAX_INSTRUCTION_SECTION_LEN (SVN_DELTA_WINDOW_SIZE*MAX_INSTRUCTION_LEN) /* Encode VAL into the buffer P using the variable-length svndiff integer format. Return the incremented value of P after the - encoded bytes have been written. + encoded bytes have been written. P must point to a buffer of size + at least MAX_ENCODED_INT_LEN. This encoding uses the high bit of each byte as a continuation bit and the other seven bits as data bits. High-order data bits are @@ -85,7 +98,7 @@ encode_int(char *p, svn_filesize_t val) svn_filesize_t v; unsigned char cont; - assert(val >= 0); + SVN_ERR_ASSERT_NO_RETURN(val >= 0); /* Figure out how many bytes we'll need. */ v = val >> 7; @@ -96,6 +109,8 @@ encode_int(char *p, svn_filesize_t val) n++; } + SVN_ERR_ASSERT_NO_RETURN(n <= MAX_ENCODED_INT_LEN); + /* Encode the remaining bytes; n is always the number of bytes coming after the one we're encoding. */ while (--n >= 0) @@ -112,7 +127,7 @@ encode_int(char *p, svn_filesize_t val) static void append_encoded_int(svn_stringbuf_t *header, svn_filesize_t val) { - char buf[128], *p; + char buf[MAX_ENCODED_INT_LEN], *p; p = encode_int(buf, val); svn_stringbuf_appendbytes(header, buf, p - buf); @@ -168,7 +183,7 @@ window_handler(svn_txdelta_window_t *window, void svn_stringbuf_t *i1 = svn_stringbuf_create("", pool); svn_stringbuf_t *header = svn_stringbuf_create("", pool); const svn_string_t *newdata; - char ibuf[128], *ip; + char ibuf[MAX_INSTRUCTION_LEN], *ip; const svn_txdelta_op_t *op; apr_size_t len; @@ -346,6 +361,8 @@ decode_file_offset(svn_filesize_t *val, const unsigned char *p, const unsigned char *end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; /* Decode bytes until we're done. */ *val = 0; while (p < end) @@ -365,6 +382,8 @@ decode_size(apr_size_t *val, const unsigned char *p, const unsigned char *end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; /* Decode bytes until we're done. */ *val = 0; while (p < end) @@ -382,7 +401,7 @@ decode_size(apr_size_t *val, data is not compressed. */ static svn_error_t * -zlib_decode(svn_stringbuf_t *in, svn_stringbuf_t *out) +zlib_decode(svn_stringbuf_t *in, svn_stringbuf_t *out, apr_size_t limit) { apr_size_t len; char *oldplace = in->data; @@ -390,6 +409,13 @@ static svn_error_t * /* First thing in the string is the original length. */ in->data = (char *)decode_size(&len, (unsigned char *)in->data, (unsigned char *)in->data+in->len); + if (in->data == NULL) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + _("Decompression of svndiff data failed: no size")); + if (len > limit) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + _("Decompression of svndiff data failed: " + "size too large")); /* We need to subtract the size of the encoded original length off the * still remaining input length. */ in->len -= (in->data - oldplace); @@ -487,10 +513,10 @@ count_and_verify_instructions(int *ninst, return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, _("Invalid diff stream: insn %d cannot be decoded"), n); - else if (op.length <= 0) + else if (op.length == 0) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, - _("Invalid diff stream: insn %d has non-positive length"), n); + _("Invalid diff stream: insn %d has length zero"), n); else if (op.length > tview_len - tpos) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, @@ -499,7 +525,8 @@ count_and_verify_instructions(int *ninst, switch (op.action_code) { case svn_txdelta_source: - if (op.length > sview_len - op.offset) + if (op.length > sview_len - op.offset || + op.offset > sview_len) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, _("Invalid diff stream: " @@ -565,11 +592,11 @@ decode_window(svn_txdelta_window_t *window, svn_fi instin = svn_stringbuf_ncreate((const char *)data, insend - data, pool); instout = svn_stringbuf_create("", pool); - SVN_ERR(zlib_decode(instin, instout)); + SVN_ERR(zlib_decode(instin, instout, MAX_INSTRUCTION_SECTION_LEN)); ndin = svn_stringbuf_ncreate((const char *)insend, newlen, pool); ndout = svn_stringbuf_create("", pool); - SVN_ERR(zlib_decode(ndin, ndout)); + SVN_ERR(zlib_decode(ndin, ndout, SVN_DELTA_WINDOW_SIZE)); newlen = ndout->len; data = (unsigned char *)instout->data; @@ -685,6 +712,14 @@ write_handler(void *baton, if (p == NULL) return SVN_NO_ERROR; + if (tview_len > SVN_DELTA_WINDOW_SIZE || + sview_len > SVN_DELTA_WINDOW_SIZE || + /* for svndiff1, newlen includes the original length */ + newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN || + inslen > MAX_INSTRUCTION_SECTION_LEN) + return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL, + _("Svndiff contains a too-large window")); + /* Check for integer overflow. */ if (sview_offset < 0 || inslen + newlen < inslen || sview_len + tview_len < sview_len @@ -841,6 +876,14 @@ read_window_header(svn_stream_t *stream, svn_files SVN_ERR(read_one_size(inslen, stream)); SVN_ERR(read_one_size(newlen, stream)); + if (*tview_len > SVN_DELTA_WINDOW_SIZE || + *sview_len > SVN_DELTA_WINDOW_SIZE || + /* for svndiff1, newlen includes the original length */ + *newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN || + *inslen > MAX_INSTRUCTION_SECTION_LEN) + return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL, + _("Svndiff contains a too-large window")); + /* Check for integer overflow. */ if (*sview_offset < 0 || *inslen + *newlen < *inslen || *sview_len + *tview_len < *sview_len Index: subversion/libsvn_delta/text_delta.c =================================================================== --- subversion/libsvn_delta/text_delta.c (revision 38519) +++ subversion/libsvn_delta/text_delta.c (working copy) @@ -548,7 +548,7 @@ svn_txdelta_target_push(svn_txdelta_window_handler /* Functions for applying deltas. */ /* Ensure that BUF has enough space for VIEW_LEN bytes. */ -static APR_INLINE void +static APR_INLINE svn_error_t * size_buffer(char **buf, apr_size_t *buf_size, apr_size_t view_len, apr_pool_t *pool) { @@ -557,8 +557,11 @@ size_buffer(char **buf, apr_size_t *buf_size, *buf_size *= 2; if (*buf_size < view_len) *buf_size = view_len; + SVN_ERR_ASSERT(APR_ALIGN_DEFAULT(*buf_size) >= *buf_size); *buf = apr_palloc(pool, *buf_size); } + + return SVN_NO_ERROR; } @@ -659,7 +662,7 @@ apply_window(svn_txdelta_window_t *window, void *b >= ab->sbuf_offset + ab->sbuf_len))); /* Make sure there's enough room in the target buffer. */ - size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool); + SVN_ERR(size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool)); /* Prepare the source buffer for reading from the input stream. */ if (window->sview_offset != ab->sbuf_offset @@ -668,7 +671,8 @@ apply_window(svn_txdelta_window_t *window, void *b char *old_sbuf = ab->sbuf; /* Make sure there's enough room. */ - size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len, ab->pool); + SVN_ERR(size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len, + ab->pool)); /* If the existing view overlaps with the new view, copy the * overlap to the beginning of the new buffer. */ ]]] This patch applies to Subversion 1.5.x: [[[ Index: subversion/libsvn_delta/svndiff.c =================================================================== --- subversion/libsvn_delta/svndiff.c (revision 38498) +++ subversion/libsvn_delta/svndiff.c (working copy) @@ -55,10 +55,23 @@ struct encoder_baton { apr_pool_t *pool; }; +/* This is at least as big as the largest size of an integer that + encode_int can generate; it is sufficient for creating buffers for + it to write into. This assumes that integers are at most 64 bits, + and so 10 bytes (with 7 bits of information each) are sufficient to + represent them. */ +#define MAX_ENCODED_INT_LEN 10 +/* This is at least as big as the largest size for a single instruction. */ +#define MAX_INSTRUCTION_LEN (2*MAX_ENCODED_INT_LEN+1) +/* This is at least as big as the largest possible instructions + section: in theory, the instructions could be SVN_DELTA_WINDOW_SIZE + 1-byte copy-from-source instructions (though this is very unlikely). */ +#define MAX_INSTRUCTION_SECTION_LEN (SVN_DELTA_WINDOW_SIZE*MAX_INSTRUCTION_LEN) /* Encode VAL into the buffer P using the variable-length svndiff integer format. Return the incremented value of P after the - encoded bytes have been written. + encoded bytes have been written. P must point to a buffer of size + at least MAX_ENCODED_INT_LEN. This encoding uses the high bit of each byte as a continuation bit and the other seven bits as data bits. High-order data bits are @@ -91,6 +104,8 @@ encode_int(char *p, svn_filesize_t val) n++; } + assert(n <= MAX_ENCODED_INT_LEN); + /* Encode the remaining bytes; n is always the number of bytes coming after the one we're encoding. */ while (--n >= 0) @@ -107,7 +122,7 @@ encode_int(char *p, svn_filesize_t val) static void append_encoded_int(svn_stringbuf_t *header, svn_filesize_t val) { - char buf[128], *p; + char buf[MAX_ENCODED_INT_LEN], *p; p = encode_int(buf, val); svn_stringbuf_appendbytes(header, buf, p - buf); @@ -163,7 +178,7 @@ window_handler(svn_txdelta_window_t *window, void svn_stringbuf_t *i1 = svn_stringbuf_create("", pool); svn_stringbuf_t *header = svn_stringbuf_create("", pool); const svn_string_t *newdata; - char ibuf[128], *ip; + char ibuf[MAX_INSTRUCTION_LEN], *ip; const svn_txdelta_op_t *op; apr_size_t len; @@ -341,6 +356,8 @@ decode_file_offset(svn_filesize_t *val, const unsigned char *p, const unsigned char *end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; /* Decode bytes until we're done. */ *val = 0; while (p < end) @@ -360,6 +377,8 @@ decode_size(apr_size_t *val, const unsigned char *p, const unsigned char *end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; /* Decode bytes until we're done. */ *val = 0; while (p < end) @@ -377,7 +396,7 @@ decode_size(apr_size_t *val, data is not compressed. */ static svn_error_t * -zlib_decode(svn_stringbuf_t *in, svn_stringbuf_t *out) +zlib_decode(svn_stringbuf_t *in, svn_stringbuf_t *out, apr_size_t limit) { apr_size_t len; char *oldplace = in->data; @@ -385,6 +404,13 @@ static svn_error_t * /* First thing in the string is the original length. */ in->data = (char *)decode_size(&len, (unsigned char *)in->data, (unsigned char *)in->data+in->len); + if (in->data == NULL) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + _("Decompression of svndiff data failed: no size")); + if (len > limit) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + _("Decompression of svndiff data failed: " + "size too large")); /* We need to subtract the size of the encoded original length off the * still remaining input length. */ in->len -= (in->data - oldplace); @@ -482,10 +508,10 @@ count_and_verify_instructions(int *ninst, return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, _("Invalid diff stream: insn %d cannot be decoded"), n); - else if (op.length <= 0) + else if (op.length == 0) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, - _("Invalid diff stream: insn %d has non-positive length"), n); + _("Invalid diff stream: insn %d has length zero"), n); else if (op.length > tview_len - tpos) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, @@ -494,7 +520,8 @@ count_and_verify_instructions(int *ninst, switch (op.action_code) { case svn_txdelta_source: - if (op.length > sview_len - op.offset) + if (op.length > sview_len - op.offset || + op.offset > sview_len) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, _("Invalid diff stream: " @@ -560,11 +587,11 @@ decode_window(svn_txdelta_window_t *window, svn_fi instin = svn_stringbuf_ncreate((const char *)data, insend - data, pool); instout = svn_stringbuf_create("", pool); - SVN_ERR(zlib_decode(instin, instout)); + SVN_ERR(zlib_decode(instin, instout, MAX_INSTRUCTION_SECTION_LEN)); ndin = svn_stringbuf_ncreate((const char *)insend, newlen, pool); ndout = svn_stringbuf_create("", pool); - SVN_ERR(zlib_decode(ndin, ndout)); + SVN_ERR(zlib_decode(ndin, ndout, SVN_DELTA_WINDOW_SIZE)); newlen = ndout->len; data = (unsigned char *)instout->data; @@ -680,6 +707,14 @@ write_handler(void *baton, if (p == NULL) return SVN_NO_ERROR; + if (tview_len > SVN_DELTA_WINDOW_SIZE || + sview_len > SVN_DELTA_WINDOW_SIZE || + /* for svndiff1, newlen includes the original length */ + newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN || + inslen > MAX_INSTRUCTION_SECTION_LEN) + return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL, + _("Svndiff contains a too-large window")); + /* Check for integer overflow. */ if (sview_offset < 0 || inslen + newlen < inslen || sview_len + tview_len < sview_len @@ -836,6 +871,14 @@ read_window_header(svn_stream_t *stream, svn_files SVN_ERR(read_one_size(inslen, stream)); SVN_ERR(read_one_size(newlen, stream)); + if (*tview_len > SVN_DELTA_WINDOW_SIZE || + *sview_len > SVN_DELTA_WINDOW_SIZE || + /* for svndiff1, newlen includes the original length */ + *newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN || + *inslen > MAX_INSTRUCTION_SECTION_LEN) + return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL, + _("Svndiff contains a too-large window")); + /* Check for integer overflow. */ if (*sview_offset < 0 || *inslen + *newlen < *inslen || *sview_len + *tview_len < *sview_len Index: subversion/libsvn_delta/text_delta.c =================================================================== --- subversion/libsvn_delta/text_delta.c (revision 38498) +++ subversion/libsvn_delta/text_delta.c (working copy) @@ -498,7 +498,7 @@ svn_txdelta_target_push(svn_txdelta_window_handler /* Functions for applying deltas. */ /* Ensure that BUF has enough space for VIEW_LEN bytes. */ -static APR_INLINE void +static APR_INLINE svn_error_t * size_buffer(char **buf, apr_size_t *buf_size, apr_size_t view_len, apr_pool_t *pool) { @@ -507,8 +507,13 @@ size_buffer(char **buf, apr_size_t *buf_size, *buf_size *= 2; if (*buf_size < view_len) *buf_size = view_len; + if (APR_ALIGN_DEFAULT(*buf_size) < *buf_size) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_OPS, NULL, + "Diff stream resulted in invalid buffer size."); *buf = apr_palloc(pool, *buf_size); } + + return SVN_NO_ERROR; } @@ -609,7 +614,7 @@ apply_window(svn_txdelta_window_t *window, void *b >= ab->sbuf_offset + ab->sbuf_len))); /* Make sure there's enough room in the target buffer. */ - size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool); + SVN_ERR(size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool)); /* Prepare the source buffer for reading from the input stream. */ if (window->sview_offset != ab->sbuf_offset @@ -618,7 +623,8 @@ apply_window(svn_txdelta_window_t *window, void *b char *old_sbuf = ab->sbuf; /* Make sure there's enough room. */ - size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len, ab->pool); + SVN_ERR(size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len, + ab->pool)); /* If the existing view overlaps with the new view, copy the * overlap to the beginning of the new buffer. */ ]]] . The Apache Portable Runtime Utility Library (aka APR-Util) provides an interface to functionality such as XML parsing, string matching and databases connections. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/apr < 1.3.8 >= 1.3.8 2 dev-libs/apr-util < 1.3.9 >= 1.3.9 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description =========== Matt Lewis reported multiple Integer overflows in the apr_rmm_malloc(), apr_rmm_calloc(), and apr_rmm_realloc() functions in misc/apr_rmm.c of APR-Util and in memory/unix/apr_pools.c of APR, both occurring when aligning memory blocks. Impact ====== A remote attacker could entice a user to connect to a malicious server with software that uses the APR or act as a malicious client to a server that uses the APR (such as Subversion or Apache servers), possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache Portable Runtime users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/apr-1.3.8 All APR Utility Library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-libs/apr-util-1.3.9 References ========== [ 1 ] CVE-2009-2412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200909-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
VAR-200908-0404 CVE-2009-1723 Apple Mac OS of CFNetwork In any HTTPS Web Vulnerability that can be disguised as visiting a site CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062. This vulnerability CVE-2009-2062 Is a different vulnerability.Optional to a third party HTTPS Web You may be disguised as visiting the site. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003. The update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel, and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues. I. II. Impact The impact of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 06, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8 jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH 3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w== =A6S1 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An error in bzip2 can be exploited to terminate an application using the library via a specially crafted archive. For more information: SA29410 2) An error in CFNetwork can be exploited by a malicious website to control the URL displayed in a certificate warning when Safari follows a redirect from a trusted website. 3) An error when processing ColorSync profiles embedded in a specially crafted image can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 4) An error when handling unsafe content types can be exploited to execute a malicious JavaScript payload when a specially crafted file is manually opened. 5) An error when processing four-finger Multi-Touch gestures can be exploited by a person with physical access to a locked system to manage applications or use Expose. NOTE: This vulnerability only affects system having a Multi-Touch trackpad. 6) An error when processing Canon RAW images can be exploited to cause a stack-based buffer overflow and potentially execute arbitrary code. 7) An error in ImageIO when processing OpenEXR images can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 8) Multiple errors in ImageIO when processing OpenEXR images can be exploited to corrupt memory and potentially execute arbitrary code. For more information: SA36030 9) A boundary error in ImageIO when processing EXIF metadata can be exploited to cause a buffer overflow and potentially execute arbitrary code via a specially crafted image. 10) An error in ImageIO when processing PNG images can be exploited to dereference an uninitialised pointer and potentially execute arbitrary code. 11) An error in the "fcntl()" kernel implementation can be exploited to corrupt kernel memory and execute arbitrary code with system privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call. 12) An error in launchd when servicing via inetd can be exploited to cause a service hang by opening an overly large number of connections. 13) A format string error in Login Window when handling application names can be exploited to potentially execute arbitrary code. 14) The MobileMe preference pane fails to properly delete all credentials when signing out. This can be exploited to access previously signed in systems from the same local user account. 15) An error in the kernel when processing AppleTalk response packets can be exploited to cause a buffer overflow and potentially execute arbitrary code with system privileges. 16) A synchronization error when sharing file descriptors over local sockets can be exploited to cause an unexpected system shutdown. 17) A boundary error in the PCRE library used by XQuery can be exploited to cause a buffer overflow and potentially execute arbitrary code. of Johns Hopkins University, HiNRG The vendor also credits: 2) Kevin Day of Your.Org and Jason Mueller of Indiana University 4) Brian Mastenbrook, and Clint Ruoho of Laconic Security 6) Chris Ries of Carnegie Mellon University Computing Services 7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie Mellon University Computing Services 10) Tavis Ormandy of the Google Security Team 13) Alfredo Pesoli of 0xcafebabe.it 15) Ilja van Sprundel from IOActive 16) Bennet Yee of Google Inc. CHANGELOG: 2009-08-06: Added link to "Original Advisory". ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3757 Chris Evans: http://scary.beasts.org/security/CESA-2009-011.html OTHER REFERENCES: SA28923: http://secunia.com/advisories/28923/ SA29410: http://secunia.com/advisories/29410/ SA36030: http://secunia.com/advisories/36030/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200908-0403 CVE-2009-1728 Apple Mac OS of image RAW Vulnerable to arbitrary code execution CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003. The update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel, and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues. I. II. Impact The impact of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 06, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8 jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH 3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w== =A6S1 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An error in bzip2 can be exploited to terminate an application using the library via a specially crafted archive. For more information: SA29410 2) An error in CFNetwork can be exploited by a malicious website to control the URL displayed in a certificate warning when Safari follows a redirect from a trusted website. 4) An error when handling unsafe content types can be exploited to execute a malicious JavaScript payload when a specially crafted file is manually opened. 5) An error when processing four-finger Multi-Touch gestures can be exploited by a person with physical access to a locked system to manage applications or use Expose. NOTE: This vulnerability only affects system having a Multi-Touch trackpad. 7) An error in ImageIO when processing OpenEXR images can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 8) Multiple errors in ImageIO when processing OpenEXR images can be exploited to corrupt memory and potentially execute arbitrary code. For more information: SA36030 9) A boundary error in ImageIO when processing EXIF metadata can be exploited to cause a buffer overflow and potentially execute arbitrary code via a specially crafted image. 10) An error in ImageIO when processing PNG images can be exploited to dereference an uninitialised pointer and potentially execute arbitrary code. 11) An error in the "fcntl()" kernel implementation can be exploited to corrupt kernel memory and execute arbitrary code with system privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call. 12) An error in launchd when servicing via inetd can be exploited to cause a service hang by opening an overly large number of connections. 13) A format string error in Login Window when handling application names can be exploited to potentially execute arbitrary code. 14) The MobileMe preference pane fails to properly delete all credentials when signing out. This can be exploited to access previously signed in systems from the same local user account. 15) An error in the kernel when processing AppleTalk response packets can be exploited to cause a buffer overflow and potentially execute arbitrary code with system privileges. 16) A synchronization error when sharing file descriptors over local sockets can be exploited to cause an unexpected system shutdown. 17) A boundary error in the PCRE library used by XQuery can be exploited to cause a buffer overflow and potentially execute arbitrary code. of Johns Hopkins University, HiNRG The vendor also credits: 2) Kevin Day of Your.Org and Jason Mueller of Indiana University 4) Brian Mastenbrook, and Clint Ruoho of Laconic Security 6) Chris Ries of Carnegie Mellon University Computing Services 7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie Mellon University Computing Services 10) Tavis Ormandy of the Google Security Team 13) Alfredo Pesoli of 0xcafebabe.it 15) Ilja van Sprundel from IOActive 16) Bennet Yee of Google Inc. CHANGELOG: 2009-08-06: Added link to "Original Advisory". ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3757 Chris Evans: http://scary.beasts.org/security/CESA-2009-011.html OTHER REFERENCES: SA28923: http://secunia.com/advisories/28923/ SA29410: http://secunia.com/advisories/29410/ SA36030: http://secunia.com/advisories/36030/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200908-0402 CVE-2009-1727 Apple Mac OS of CoreTypes Any of the blacklists in JavaScript Vulnerability to be executed CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003. The update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel, and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues. A list of system content types that will be marked as unsafe in certain circumstances (such as when downloading from a web page). I. II. Impact The impact of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 06, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8 jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH 3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w== =A6S1 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An error in bzip2 can be exploited to terminate an application using the library via a specially crafted archive. For more information: SA29410 2) An error in CFNetwork can be exploited by a malicious website to control the URL displayed in a certificate warning when Safari follows a redirect from a trusted website. 3) An error when processing ColorSync profiles embedded in a specially crafted image can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 4) An error when handling unsafe content types can be exploited to execute a malicious JavaScript payload when a specially crafted file is manually opened. 5) An error when processing four-finger Multi-Touch gestures can be exploited by a person with physical access to a locked system to manage applications or use Expose. NOTE: This vulnerability only affects system having a Multi-Touch trackpad. 6) An error when processing Canon RAW images can be exploited to cause a stack-based buffer overflow and potentially execute arbitrary code. 7) An error in ImageIO when processing OpenEXR images can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 8) Multiple errors in ImageIO when processing OpenEXR images can be exploited to corrupt memory and potentially execute arbitrary code. For more information: SA36030 9) A boundary error in ImageIO when processing EXIF metadata can be exploited to cause a buffer overflow and potentially execute arbitrary code via a specially crafted image. 10) An error in ImageIO when processing PNG images can be exploited to dereference an uninitialised pointer and potentially execute arbitrary code. 11) An error in the "fcntl()" kernel implementation can be exploited to corrupt kernel memory and execute arbitrary code with system privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call. 12) An error in launchd when servicing via inetd can be exploited to cause a service hang by opening an overly large number of connections. 13) A format string error in Login Window when handling application names can be exploited to potentially execute arbitrary code. 14) The MobileMe preference pane fails to properly delete all credentials when signing out. This can be exploited to access previously signed in systems from the same local user account. 15) An error in the kernel when processing AppleTalk response packets can be exploited to cause a buffer overflow and potentially execute arbitrary code with system privileges. 16) A synchronization error when sharing file descriptors over local sockets can be exploited to cause an unexpected system shutdown. 17) A boundary error in the PCRE library used by XQuery can be exploited to cause a buffer overflow and potentially execute arbitrary code. of Johns Hopkins University, HiNRG The vendor also credits: 2) Kevin Day of Your.Org and Jason Mueller of Indiana University 4) Brian Mastenbrook, and Clint Ruoho of Laconic Security 6) Chris Ries of Carnegie Mellon University Computing Services 7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie Mellon University Computing Services 10) Tavis Ormandy of the Google Security Team 13) Alfredo Pesoli of 0xcafebabe.it 15) Ilja van Sprundel from IOActive 16) Bennet Yee of Google Inc. CHANGELOG: 2009-08-06: Added link to "Original Advisory". ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3757 Chris Evans: http://scary.beasts.org/security/CESA-2009-011.html OTHER REFERENCES: SA28923: http://secunia.com/advisories/28923/ SA29410: http://secunia.com/advisories/29410/ SA36030: http://secunia.com/advisories/36030/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200908-0401 CVE-2009-1726 Apple Mac OS of ColorSync Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003. The update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel, and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues. A heap overflow exists when handling graphics embedded with ColorSync configuration files, opening malicious graphics may lead to unexpected application termination or arbitrary code execution. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40105 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40105/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40105 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40105/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40105/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40105 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct spoofing or cross-site scripting attacks, and potentially compromise a user's system. 1) An error when processing ColorSync profiles embedded in a specially crafted image can be exploited to potentially execute arbitrary code. This is related to vulnerability #2 in: SA36096 2) The browser follows links containing arbitrary user information without warning, which can be exploited to facilitate phishing attacks via specially crafted URLs. 3) A use-after-free error when handling PDF files can be exploited to potentially execute arbitrary code. 4) An error in WebKit when handling clipboard URLs can be exploited to disclose sensitive files if a user is tricked into dragging or pasting links or images to a malicious website. 5) An error in WebKit when a selection from a website is dragged or pasted into another website can be exploited to potentially execute arbitrary JavaScript code in the context of the destination website. 6) An error in WebKit when handling UTF-7 encoded text can be exploited to leave an HTML quoted string unterminated and facilitate cross-site scripting attacks. 7) An input sanitation error in WebKit when handling Local Storage and Web SQL databases can be exploited to create database files in arbitrary directories via directory traversal attacks. 8) A use-after-free error in WebKit when rendering HTML buttons can be exploited to potentially execute arbitrary code. 9) A use-after-free error in WebKit when handling attribute manipulations can be exploited to potentially execute arbitrary code. 10) An error in WebKit when handling HTML document fragments can be exploited to execute arbitrary JavaScript code in a legitimate context processing foreign HTML fragments. 11) An error in WebKit when handling keyboard focus can be exploited to deliver key press events intended for a different frame. 12) An error in WebKit when handling DOM constructor objects can be exploited to conduct cross-site scripting attacks. 13) A use-after-free error in WebKit when handling the removal of container elements can be exploited to potentially execute arbitrary code. 14) A use-after-free error in WebKit when rendering a selection at the time of a layout change can be exploited to potentially execute arbitrary code. 15) An error in WebKit when handling ordered list insertions can be exploited to corrupt memory and potentially execute arbitrary code. 16) An uninitialised memory access error in WebKit when handling selection changes on form input elements can be exploited to potentially execute arbitrary code. 17) A use-after-free error in WebKit when handling caption elements can be exploited to potentially execute arbitrary code. 18) A use-after-free error in WebKit when handling the ":first-letter" pseudo-element in cascading stylesheets can be exploited to potentially execute arbitrary code. 19) A double-free error in WebKit when handling event listeners in SVG documents can be exploited to potentially execute arbitrary code. 20) An uninitialised memory access error in WebKit when handling "use" elements in SVG documents can be exploited to potentially execute arbitrary code. 21) A use-after-free error in WebKit when handling SVG documents with multiple "use" elements can be exploited to potentially execute arbitrary code. 22) An error in WebKit when handling nested "use" elements in SVG documents can be exploited to corrupt memory and potentially execute arbitrary code. 23) A use-after-free error in WebKit when handling CSS run-ins can be exploited to potentially execute arbitrary code. 24) A use-after-free error in WebKit when handling HTML elements with custom vertical positioning can be exploited to potentially execute arbitrary code. 25) An error exists in WebKit when visiting HTTPS websites redirecting to HTTP websites. This can be exploited to disclose potentially sensitive information contained in the HTTPS URL by reading the "Referer" header. 26) An integer truncation error in WebKit when handling TCP requests can be exploited to pass arbitrary data to arbitrary TCP ports. 27) An error in WebKit when processing connections to IRC ports can be exploited to send arbitrary data to arbitrary IRC servers. 28) A use-after-free error in WebKit when handling hover events can be exploited to potentially execute arbitrary code. 29) An error in WebKit can be exploited to read NTLM credentials that are incorrectly transmitted in plain-text via Man-in-the-Middle (MitM) attacks. 30) A use-after-free error in WebKit when handling the "removeChild" DOM method can be exploited to potentially execute arbitrary code. 31) An error in WebKit when handling libxml contexts can be exploited to potentially execute arbitrary code. 32) An error in WebKit when handling a canvas with an SVG image pattern can be exploited to load and capture an image from another website. 33) An error in WebKit when rendering CSS-styled HTML content with multiple ":after" pseudo-selectors can be exploited to corrupt memory and potentially execute arbitrary code. 34) An error in WebKit when handling the "src" attribute of a frame element can be exploited to facilitate cross-site scripting attacks. 35) A use-after-free error in WebKit when handling drag and drop operations can be exploited to potentially execute arbitrary code. 36) An error in the implementation of the JavaScript "execCommand" function can be exploited to modify the contents of the clipboard. 37) An error when handling malformed URLs can be exploited to bypass the same-origin policy and execute arbitrary script code in the context of a different domain. 38) A use-after-free error in WebKit when handling DOM "Range" objects can be exploited to potentially execute arbitrary code. 39) A use-after-free error in WebKit when handling the "Node.normalize()" method can be exploited to potentially execute arbitrary code. 40) A use-after-free error in WebKit when rendering HTML document subtrees can be exploited to potentially execute arbitrary code. 41) An error in WebKit when handling HTML content in "textarea" elements can be exploited to conduct cross-site scripting attacks. 42) An error in WebKit when visiting a website which redirects form submissions to a redirecting website can be exploited disclose submitted data. 43) A type checking error in WebKit when handling text nodes can be exploited to potentially execute arbitrary code. 44) A use-after-free error in WebKit when handling fonts can be exploited to potentially execute arbitrary code. 45) An error in WebKit when handling HTML tables can be exploited to trigger an out-of-bounds memory access and potentially execute arbitrary code. 46) An error in WebKit when handling the CSS ":visited" pseudo-class can be exploited to disclose visited websites. PROVIDED AND/OR DISCOVERED BY: 37) Michal Zalewski The vendor also credits: 1) Chris Evans of the Google Security Team, and Andrzej Dyjak 2) Abhishek Arya of Google 3) Borja Marcos of Sarenet 4) Eric Seidel of Google 5) Paul Stone of Context Information Security 6) Masahiro Yamada 8) Matthieu Bonetti of Vupen 9) Ralf Philipp Weinmann working with TippingPoint's Zero Day Initiative 10, 41) Eduardo Vela Nava (sirdarckcat) of Google 11) Michal Zalewski of Google 12) Gianni "gf3" Chiappetta of Runlevel6 13, 15, 16, 18, 19, 20, 21, 23, 43) wushi of team509, working with TippingPoint's Zero Day Initiative 14) wushi and Z of team509, working with TippingPoint's Zero Day Initiative 17) regenrecht working with iDefense 22, 31) Aki Helin of OUSPG 24) Ojan Vafai of Google 25) Colin Percival of Tarsnap 28) Dave Bowker 30) Mark Dowd of Azimuth Security 32) Chris Evans of Google 33, 45) wushi of team509 34) Sergey Glazunov 35) kuzzcc, and Skylined of Google Chrome Security Team 38) Yaar Schnitman of Google 39) Mark Dowd 40) James Robinson of Google 42) Marc Worrell of WhatWebWhat ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4196 Michal Zalewski: http://lcamtuf.blogspot.com/2010/06/safari-tale-of-betrayal-and-revenge.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . I. II. Impact The impact of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 06, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8 jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH 3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w== =A6S1 -----END PGP SIGNATURE----- . Some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, or compromise a user's system. For more information: SA37931 SA40105 4) One unspecified vulnerability with an unknown impact has been reported in WebKit included in iTunes. No further information is currently available. 5) Two vulnerabilities in WebKit can be exploited by malicious people to compromise a user's system. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Chris Evans of the Google Security Team and Andrzej Dyjak. 2) The vendor credits Kevin Finisterre, digitalmunition.com. 4) Reported by the vendor. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. NOTE: This vulnerability only affects system having a Multi-Touch trackpad. a specially crafted TIOCGWINSZ "fnctl()" call. 12) An error in launchd when servicing via inetd can be exploited to cause a service hang by opening an overly large number of connections. 14) The MobileMe preference pane fails to properly delete all credentials when signing out. This can be exploited to access previously signed in systems from the same local user account. 16) A synchronization error when sharing file descriptors over local sockets can be exploited to cause an unexpected system shutdown. of Johns Hopkins University, HiNRG The vendor also credits: 2) Kevin Day of Your.Org and Jason Mueller of Indiana University 4) Brian Mastenbrook, and Clint Ruoho of Laconic Security 6) Chris Ries of Carnegie Mellon University Computing Services 7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie Mellon University Computing Services 10) Tavis Ormandy of the Google Security Team 13) Alfredo Pesoli of 0xcafebabe.it 15) Ilja van Sprundel from IOActive 16) Bennet Yee of Google Inc. CHANGELOG: 2009-08-06: Added link to "Original Advisory". ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3757 Chris Evans: http://scary.beasts.org/security/CESA-2009-011.html OTHER REFERENCES: SA28923: http://secunia.com/advisories/28923/ SA29410: http://secunia.com/advisories/29410/ SA36030: http://secunia.com/advisories/36030/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities
VAR-200908-0272 CVE-2009-2194 Apple Mac OS Service disruption related to file descriptor sharing (DoS) Vulnerabilities CVSS V2: 4.9
CVSS V3: -
Severity: MEDIUM
Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue.". Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003. The update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel, and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues. I. II. Impact The impact of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 06, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8 jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH 3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w== =A6S1 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An error in bzip2 can be exploited to terminate an application using the library via a specially crafted archive. For more information: SA29410 2) An error in CFNetwork can be exploited by a malicious website to control the URL displayed in a certificate warning when Safari follows a redirect from a trusted website. 3) An error when processing ColorSync profiles embedded in a specially crafted image can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 4) An error when handling unsafe content types can be exploited to execute a malicious JavaScript payload when a specially crafted file is manually opened. 5) An error when processing four-finger Multi-Touch gestures can be exploited by a person with physical access to a locked system to manage applications or use Expose. NOTE: This vulnerability only affects system having a Multi-Touch trackpad. 6) An error when processing Canon RAW images can be exploited to cause a stack-based buffer overflow and potentially execute arbitrary code. 7) An error in ImageIO when processing OpenEXR images can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 8) Multiple errors in ImageIO when processing OpenEXR images can be exploited to corrupt memory and potentially execute arbitrary code. For more information: SA36030 9) A boundary error in ImageIO when processing EXIF metadata can be exploited to cause a buffer overflow and potentially execute arbitrary code via a specially crafted image. 10) An error in ImageIO when processing PNG images can be exploited to dereference an uninitialised pointer and potentially execute arbitrary code. 11) An error in the "fcntl()" kernel implementation can be exploited to corrupt kernel memory and execute arbitrary code with system privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call. 12) An error in launchd when servicing via inetd can be exploited to cause a service hang by opening an overly large number of connections. 13) A format string error in Login Window when handling application names can be exploited to potentially execute arbitrary code. 14) The MobileMe preference pane fails to properly delete all credentials when signing out. This can be exploited to access previously signed in systems from the same local user account. 15) An error in the kernel when processing AppleTalk response packets can be exploited to cause a buffer overflow and potentially execute arbitrary code with system privileges. 17) A boundary error in the PCRE library used by XQuery can be exploited to cause a buffer overflow and potentially execute arbitrary code. of Johns Hopkins University, HiNRG The vendor also credits: 2) Kevin Day of Your.Org and Jason Mueller of Indiana University 4) Brian Mastenbrook, and Clint Ruoho of Laconic Security 6) Chris Ries of Carnegie Mellon University Computing Services 7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie Mellon University Computing Services 10) Tavis Ormandy of the Google Security Team 13) Alfredo Pesoli of 0xcafebabe.it 15) Ilja van Sprundel from IOActive 16) Bennet Yee of Google Inc. CHANGELOG: 2009-08-06: Added link to "Original Advisory". ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3757 Chris Evans: http://scary.beasts.org/security/CESA-2009-011.html OTHER REFERENCES: SA28923: http://secunia.com/advisories/28923/ SA29410: http://secunia.com/advisories/29410/ SA36030: http://secunia.com/advisories/36030/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200908-0270 CVE-2009-2192 Apple Mac OS of MobileMe Vulnerable to session hijacking CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue.". Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003. The update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel, and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues. I. II. Impact The impact of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 06, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8 jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH 3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w== =A6S1 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An error in bzip2 can be exploited to terminate an application using the library via a specially crafted archive. For more information: SA29410 2) An error in CFNetwork can be exploited by a malicious website to control the URL displayed in a certificate warning when Safari follows a redirect from a trusted website. 3) An error when processing ColorSync profiles embedded in a specially crafted image can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 4) An error when handling unsafe content types can be exploited to execute a malicious JavaScript payload when a specially crafted file is manually opened. 5) An error when processing four-finger Multi-Touch gestures can be exploited by a person with physical access to a locked system to manage applications or use Expose. NOTE: This vulnerability only affects system having a Multi-Touch trackpad. 6) An error when processing Canon RAW images can be exploited to cause a stack-based buffer overflow and potentially execute arbitrary code. 7) An error in ImageIO when processing OpenEXR images can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 8) Multiple errors in ImageIO when processing OpenEXR images can be exploited to corrupt memory and potentially execute arbitrary code. For more information: SA36030 9) A boundary error in ImageIO when processing EXIF metadata can be exploited to cause a buffer overflow and potentially execute arbitrary code via a specially crafted image. 10) An error in ImageIO when processing PNG images can be exploited to dereference an uninitialised pointer and potentially execute arbitrary code. 11) An error in the "fcntl()" kernel implementation can be exploited to corrupt kernel memory and execute arbitrary code with system privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call. 12) An error in launchd when servicing via inetd can be exploited to cause a service hang by opening an overly large number of connections. 13) A format string error in Login Window when handling application names can be exploited to potentially execute arbitrary code. 14) The MobileMe preference pane fails to properly delete all credentials when signing out. This can be exploited to access previously signed in systems from the same local user account. 15) An error in the kernel when processing AppleTalk response packets can be exploited to cause a buffer overflow and potentially execute arbitrary code with system privileges. 16) A synchronization error when sharing file descriptors over local sockets can be exploited to cause an unexpected system shutdown. 17) A boundary error in the PCRE library used by XQuery can be exploited to cause a buffer overflow and potentially execute arbitrary code. of Johns Hopkins University, HiNRG The vendor also credits: 2) Kevin Day of Your.Org and Jason Mueller of Indiana University 4) Brian Mastenbrook, and Clint Ruoho of Laconic Security 6) Chris Ries of Carnegie Mellon University Computing Services 7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie Mellon University Computing Services 10) Tavis Ormandy of the Google Security Team 13) Alfredo Pesoli of 0xcafebabe.it 15) Ilja van Sprundel from IOActive 16) Bennet Yee of Google Inc. CHANGELOG: 2009-08-06: Added link to "Original Advisory". ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3757 Chris Evans: http://scary.beasts.org/security/CESA-2009-011.html OTHER REFERENCES: SA28923: http://secunia.com/advisories/28923/ SA29410: http://secunia.com/advisories/29410/ SA36030: http://secunia.com/advisories/36030/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200908-0271 CVE-2009-2193 Apple Mac OS of kernel Vulnerable to buffer overflow CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003. The update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel, and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues. I. II. Impact The impact of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 06, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8 jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH 3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w== =A6S1 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An error in bzip2 can be exploited to terminate an application using the library via a specially crafted archive. For more information: SA29410 2) An error in CFNetwork can be exploited by a malicious website to control the URL displayed in a certificate warning when Safari follows a redirect from a trusted website. 4) An error when handling unsafe content types can be exploited to execute a malicious JavaScript payload when a specially crafted file is manually opened. 5) An error when processing four-finger Multi-Touch gestures can be exploited by a person with physical access to a locked system to manage applications or use Expose. NOTE: This vulnerability only affects system having a Multi-Touch trackpad. 6) An error when processing Canon RAW images can be exploited to cause a stack-based buffer overflow and potentially execute arbitrary code. 7) An error in ImageIO when processing OpenEXR images can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 8) Multiple errors in ImageIO when processing OpenEXR images can be exploited to corrupt memory and potentially execute arbitrary code. 10) An error in ImageIO when processing PNG images can be exploited to dereference an uninitialised pointer and potentially execute arbitrary code. 11) An error in the "fcntl()" kernel implementation can be exploited to corrupt kernel memory and execute arbitrary code with system privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call. 12) An error in launchd when servicing via inetd can be exploited to cause a service hang by opening an overly large number of connections. 13) A format string error in Login Window when handling application names can be exploited to potentially execute arbitrary code. 14) The MobileMe preference pane fails to properly delete all credentials when signing out. This can be exploited to access previously signed in systems from the same local user account. 16) A synchronization error when sharing file descriptors over local sockets can be exploited to cause an unexpected system shutdown. 17) A boundary error in the PCRE library used by XQuery can be exploited to cause a buffer overflow and potentially execute arbitrary code. of Johns Hopkins University, HiNRG The vendor also credits: 2) Kevin Day of Your.Org and Jason Mueller of Indiana University 4) Brian Mastenbrook, and Clint Ruoho of Laconic Security 6) Chris Ries of Carnegie Mellon University Computing Services 7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie Mellon University Computing Services 10) Tavis Ormandy of the Google Security Team 13) Alfredo Pesoli of 0xcafebabe.it 15) Ilja van Sprundel from IOActive 16) Bennet Yee of Google Inc. CHANGELOG: 2009-08-06: Added link to "Original Advisory". ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3757 Chris Evans: http://scary.beasts.org/security/CESA-2009-011.html OTHER REFERENCES: SA28923: http://secunia.com/advisories/28923/ SA29410: http://secunia.com/advisories/29410/ SA36030: http://secunia.com/advisories/36030/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200908-0268 CVE-2009-2190 Apple Mac OS of launchd Service disruption in (DoS) Vulnerabilities CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003. The update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel, and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues. I. II. Impact The impact of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 06, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8 jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH 3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w== =A6S1 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An error in bzip2 can be exploited to terminate an application using the library via a specially crafted archive. For more information: SA29410 2) An error in CFNetwork can be exploited by a malicious website to control the URL displayed in a certificate warning when Safari follows a redirect from a trusted website. 3) An error when processing ColorSync profiles embedded in a specially crafted image can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 4) An error when handling unsafe content types can be exploited to execute a malicious JavaScript payload when a specially crafted file is manually opened. 5) An error when processing four-finger Multi-Touch gestures can be exploited by a person with physical access to a locked system to manage applications or use Expose. NOTE: This vulnerability only affects system having a Multi-Touch trackpad. 6) An error when processing Canon RAW images can be exploited to cause a stack-based buffer overflow and potentially execute arbitrary code. 7) An error in ImageIO when processing OpenEXR images can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 8) Multiple errors in ImageIO when processing OpenEXR images can be exploited to corrupt memory and potentially execute arbitrary code. For more information: SA36030 9) A boundary error in ImageIO when processing EXIF metadata can be exploited to cause a buffer overflow and potentially execute arbitrary code via a specially crafted image. 10) An error in ImageIO when processing PNG images can be exploited to dereference an uninitialised pointer and potentially execute arbitrary code. 11) An error in the "fcntl()" kernel implementation can be exploited to corrupt kernel memory and execute arbitrary code with system privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call. 12) An error in launchd when servicing via inetd can be exploited to cause a service hang by opening an overly large number of connections. 13) A format string error in Login Window when handling application names can be exploited to potentially execute arbitrary code. 14) The MobileMe preference pane fails to properly delete all credentials when signing out. This can be exploited to access previously signed in systems from the same local user account. 15) An error in the kernel when processing AppleTalk response packets can be exploited to cause a buffer overflow and potentially execute arbitrary code with system privileges. 16) A synchronization error when sharing file descriptors over local sockets can be exploited to cause an unexpected system shutdown. 17) A boundary error in the PCRE library used by XQuery can be exploited to cause a buffer overflow and potentially execute arbitrary code. of Johns Hopkins University, HiNRG The vendor also credits: 2) Kevin Day of Your.Org and Jason Mueller of Indiana University 4) Brian Mastenbrook, and Clint Ruoho of Laconic Security 6) Chris Ries of Carnegie Mellon University Computing Services 7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie Mellon University Computing Services 10) Tavis Ormandy of the Google Security Team 13) Alfredo Pesoli of 0xcafebabe.it 15) Ilja van Sprundel from IOActive 16) Bennet Yee of Google Inc. CHANGELOG: 2009-08-06: Added link to "Original Advisory". ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3757 Chris Evans: http://scary.beasts.org/security/CESA-2009-011.html OTHER REFERENCES: SA28923: http://secunia.com/advisories/28923/ SA29410: http://secunia.com/advisories/29410/ SA36030: http://secunia.com/advisories/36030/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200908-0269 CVE-2009-2191 Apple Mac OS Arbitrary login window execution vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003. The update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel, and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues. I. II. Impact The impact of these vulnerabilities vary. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 06, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8 jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH 3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w== =A6S1 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An error in bzip2 can be exploited to terminate an application using the library via a specially crafted archive. For more information: SA29410 2) An error in CFNetwork can be exploited by a malicious website to control the URL displayed in a certificate warning when Safari follows a redirect from a trusted website. 3) An error when processing ColorSync profiles embedded in a specially crafted image can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 4) An error when handling unsafe content types can be exploited to execute a malicious JavaScript payload when a specially crafted file is manually opened. 5) An error when processing four-finger Multi-Touch gestures can be exploited by a person with physical access to a locked system to manage applications or use Expose. NOTE: This vulnerability only affects system having a Multi-Touch trackpad. 6) An error when processing Canon RAW images can be exploited to cause a stack-based buffer overflow and potentially execute arbitrary code. 8) Multiple errors in ImageIO when processing OpenEXR images can be exploited to corrupt memory and potentially execute arbitrary code. For more information: SA36030 9) A boundary error in ImageIO when processing EXIF metadata can be exploited to cause a buffer overflow and potentially execute arbitrary code via a specially crafted image. 10) An error in ImageIO when processing PNG images can be exploited to dereference an uninitialised pointer and potentially execute arbitrary code. 11) An error in the "fcntl()" kernel implementation can be exploited to corrupt kernel memory and execute arbitrary code with system privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call. 12) An error in launchd when servicing via inetd can be exploited to cause a service hang by opening an overly large number of connections. 14) The MobileMe preference pane fails to properly delete all credentials when signing out. This can be exploited to access previously signed in systems from the same local user account. 15) An error in the kernel when processing AppleTalk response packets can be exploited to cause a buffer overflow and potentially execute arbitrary code with system privileges. 16) A synchronization error when sharing file descriptors over local sockets can be exploited to cause an unexpected system shutdown. of Johns Hopkins University, HiNRG The vendor also credits: 2) Kevin Day of Your.Org and Jason Mueller of Indiana University 4) Brian Mastenbrook, and Clint Ruoho of Laconic Security 6) Chris Ries of Carnegie Mellon University Computing Services 7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie Mellon University Computing Services 10) Tavis Ormandy of the Google Security Team 13) Alfredo Pesoli of 0xcafebabe.it 15) Ilja van Sprundel from IOActive 16) Bennet Yee of Google Inc. CHANGELOG: 2009-08-06: Added link to "Original Advisory". ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3757 Chris Evans: http://scary.beasts.org/security/CESA-2009-011.html OTHER REFERENCES: SA28923: http://secunia.com/advisories/28923/ SA29410: http://secunia.com/advisories/29410/ SA36030: http://secunia.com/advisories/36030/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200908-0267 CVE-2009-2188 Apple Mac OS of ImageIO and Safari Vulnerable to arbitrary code execution CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata. Apple's ImageIO component is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data. Successful exploits will allow an attacker to run arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. This issue affects Mac OS X 10.5 through 10.5.7, Mac OS X Server 10.5 through 10.5.7, and Apple Safari prior to 4.0.3. NOTE: This vulnerability was previously documented in BID 35954 (Apple Mac OS X 2009-003 Multiple Security Vulnerabilities) but has been given its own record to better document the issue. I. II. Impact The impact of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 06, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8 jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH 3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w== =A6S1 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An error in bzip2 can be exploited to terminate an application using the library via a specially crafted archive. For more information: SA29410 2) An error in CFNetwork can be exploited by a malicious website to control the URL displayed in a certificate warning when Safari follows a redirect from a trusted website. 4) An error when handling unsafe content types can be exploited to execute a malicious JavaScript payload when a specially crafted file is manually opened. 5) An error when processing four-finger Multi-Touch gestures can be exploited by a person with physical access to a locked system to manage applications or use Expose. NOTE: This vulnerability only affects system having a Multi-Touch trackpad. 6) An error when processing Canon RAW images can be exploited to cause a stack-based buffer overflow and potentially execute arbitrary code. 7) An error in ImageIO when processing OpenEXR images can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 8) Multiple errors in ImageIO when processing OpenEXR images can be exploited to corrupt memory and potentially execute arbitrary code. 10) An error in ImageIO when processing PNG images can be exploited to dereference an uninitialised pointer and potentially execute arbitrary code. 11) An error in the "fcntl()" kernel implementation can be exploited to corrupt kernel memory and execute arbitrary code with system privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call. 12) An error in launchd when servicing via inetd can be exploited to cause a service hang by opening an overly large number of connections. 13) A format string error in Login Window when handling application names can be exploited to potentially execute arbitrary code. 14) The MobileMe preference pane fails to properly delete all credentials when signing out. This can be exploited to access previously signed in systems from the same local user account. 15) An error in the kernel when processing AppleTalk response packets can be exploited to cause a buffer overflow and potentially execute arbitrary code with system privileges. 16) A synchronization error when sharing file descriptors over local sockets can be exploited to cause an unexpected system shutdown. 17) A boundary error in the PCRE library used by XQuery can be exploited to cause a buffer overflow and potentially execute arbitrary code. For more information: SA28923 SOLUTION: Update to Mac OS X v10.5.8 or apply Security Update 2009-003. of Johns Hopkins University, HiNRG The vendor also credits: 2) Kevin Day of Your.Org and Jason Mueller of Indiana University 4) Brian Mastenbrook, and Clint Ruoho of Laconic Security 6) Chris Ries of Carnegie Mellon University Computing Services 7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie Mellon University Computing Services 10) Tavis Ormandy of the Google Security Team 13) Alfredo Pesoli of 0xcafebabe.it 15) Ilja van Sprundel from IOActive 16) Bennet Yee of Google Inc. CHANGELOG: 2009-08-06: Added link to "Original Advisory". ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3757 Chris Evans: http://scary.beasts.org/security/CESA-2009-011.html OTHER REFERENCES: SA28923: http://secunia.com/advisories/28923/ SA29410: http://secunia.com/advisories/29410/ SA36030: http://secunia.com/advisories/36030/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200908-0247 CVE-2009-0151 Apple Mac OS of Dock Vulnerability that can prevent locks in screen savers inside CVSS V2: 7.2
CVSS V3: -
Severity: HIGH
The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors. Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2009-003. The update addresses new vulnerabilities that affect the CFNetwork, ColorSync, CoreTypes, Dock, Image RAW, ImageIO, launchd, Login Window, MobileMe, Kernel, and XQuery components of Mac OS X. The advisory also contains security updates for seven previously reported issues. I. II. Impact The impact of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation. III. These and other updates are available via Software Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA09-218A Feedback VU#426517" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 06, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSnsainIHljM+H4irAQLe2wgAg9ZJq3PGtU+CYHa6+n9Gli9l/NeIXQBb JhKvrXwFYp1uCCs5bVlZ/80Wuq6BJgkv1kojnV6zhqZA7VkPQEhjGofvcUs9MsO8 jXQ6JPdZRd6jWmB4pFHPAD5NOpBV2fJN+JQQuep9xwlap/hITfZfj24+nVFciwXo PdsptiEvpPcfsdan5ScQB+36MC4fRixUAgV+oWHDTgZJEaO1J2/5QiMK7+jWanXH 3jD6FIVdbJQcUmMDGle7RvURSuiX4jFq3D+lweDCtLwX576qx9m6QRbvnxaX8bfU HFcStLJRmi2kFEMiqga83lIyhSB1g1t+rWy5MBH+xml0MSYO7V7z6w== =A6S1 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An error in bzip2 can be exploited to terminate an application using the library via a specially crafted archive. For more information: SA29410 2) An error in CFNetwork can be exploited by a malicious website to control the URL displayed in a certificate warning when Safari follows a redirect from a trusted website. 3) An error when processing ColorSync profiles embedded in a specially crafted image can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 4) An error when handling unsafe content types can be exploited to execute a malicious JavaScript payload when a specially crafted file is manually opened. NOTE: This vulnerability only affects system having a Multi-Touch trackpad. 6) An error when processing Canon RAW images can be exploited to cause a stack-based buffer overflow and potentially execute arbitrary code. 7) An error in ImageIO when processing OpenEXR images can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 8) Multiple errors in ImageIO when processing OpenEXR images can be exploited to corrupt memory and potentially execute arbitrary code. For more information: SA36030 9) A boundary error in ImageIO when processing EXIF metadata can be exploited to cause a buffer overflow and potentially execute arbitrary code via a specially crafted image. 10) An error in ImageIO when processing PNG images can be exploited to dereference an uninitialised pointer and potentially execute arbitrary code. 11) An error in the "fcntl()" kernel implementation can be exploited to corrupt kernel memory and execute arbitrary code with system privileges via e.g. a specially crafted TIOCGWINSZ "fnctl()" call. 12) An error in launchd when servicing via inetd can be exploited to cause a service hang by opening an overly large number of connections. 13) A format string error in Login Window when handling application names can be exploited to potentially execute arbitrary code. 14) The MobileMe preference pane fails to properly delete all credentials when signing out. This can be exploited to access previously signed in systems from the same local user account. 15) An error in the kernel when processing AppleTalk response packets can be exploited to cause a buffer overflow and potentially execute arbitrary code with system privileges. 16) A synchronization error when sharing file descriptors over local sockets can be exploited to cause an unexpected system shutdown. 17) A boundary error in the PCRE library used by XQuery can be exploited to cause a buffer overflow and potentially execute arbitrary code. of Johns Hopkins University, HiNRG The vendor also credits: 2) Kevin Day of Your.Org and Jason Mueller of Indiana University 4) Brian Mastenbrook, and Clint Ruoho of Laconic Security 6) Chris Ries of Carnegie Mellon University Computing Services 7) Lurene Grenier of Sourcefire VRT, and Chris Ries of Carnegie Mellon University Computing Services 10) Tavis Ormandy of the Google Security Team 13) Alfredo Pesoli of 0xcafebabe.it 15) Ilja van Sprundel from IOActive 16) Bennet Yee of Google Inc. CHANGELOG: 2009-08-06: Added link to "Original Advisory". ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT3757 Chris Evans: http://scary.beasts.org/security/CESA-2009-011.html OTHER REFERENCES: SA28923: http://secunia.com/advisories/28923/ SA29410: http://secunia.com/advisories/29410/ SA36030: http://secunia.com/advisories/36030/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200908-0264 CVE-2009-2198 Apple GarageBand Information Disclosure Vulnerability CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users. Apple GarageBand is prone to an information-disclosure vulnerability. Exploiting the issue may allow an attacker to obtain sensitive information that could aid in tracking a user's web activities. This issue affects versions prior to GarageBand 5.1 for Mac OS X 10.5.7. Apple GarageBand is a set of music production software from Apple (Apple). ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Apple GarageBand Web Activity Tracking Disclosure SECUNIA ADVISORY ID: SA36114 VERIFY ADVISORY: http://secunia.com/advisories/36114/ DESCRIPTION: A security issue has been reported in GarageBand, which can be exploited by malicious people to gain knowledge of sensitive information. The problem is caused due to Safari's preferences being changed to always accept cookies when opening GarageBand. This could allow third parties and advertisers to track a user's web activity. SOLUTION: Update to version 5.1. http://support.apple.com/downloads/GarageBand_5_1 NOTE: Users of previous versions should also check that their Safari preferences are set as desired. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://support.apple.com/kb/HT3732 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200909-0290 CVE-2009-3455 Apple Safari In any SSL Vulnerability impersonating a server CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. SSL A vulnerability that impersonates a server exists. The problem is CVE-2009-2408 The problem is related to.By attackers, through a crafted certificate SSL There is a possibility of impersonating a server. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. UPDATE (October 5, 2009): The vendor states that Safari on Mac OS X is not affected by this issue. This vulnerability is related to CVE-2009-2408
VAR-200907-0748 CVE-2009-2408 Mozilla NSS Null character CA SSL Certificate Verification Bypass Security Restriction Vulnerability CVSS V2: 6.8
CVSS V3: 5.9
Severity: MEDIUM
Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. The NSS library is used by a number of applications, including Mozilla Firefox, Thunderbird, and SeaMonkey. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. NOTE (August 6, 2009): This BID had included a similar issue in Fetchmail, but that issue is now documented in BID 35951 (Fetchmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability). The product provides cross-platform support for SSL, S/MIME and other Internet security standards. If a malicious user requests a certificate from a hostname with an invalid null character, most CAs will issue a certificate as long as the requester has the domain specified after the null character, but most SSL clients (browsers) will ignore this part of the name, Using a null character before the portion of validation allows an attacker to use a fake certificate in a man-in-the-middle attack to establish a false trust relationship. =========================================================== Ubuntu Security Notice USN-810-1 August 04, 2009 nss vulnerabilities CVE-2009-2404, CVE-2009-2408, CVE-2009-2409 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libnss3-1d 3.12.3.1-0ubuntu0.8.04.1 Ubuntu 8.10: libnss3-1d 3.12.3.1-0ubuntu0.8.10.1 Ubuntu 9.04: libnss3-1d 3.12.3.1-0ubuntu0.9.04.1 After a standard system upgrade you need to restart an applications that use NSS, such as Firefox, to effect the necessary changes. (CVE-2009-2408) Dan Kaminsky discovered NSS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. (CVE-2009-2409) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.1.diff.gz Size/MD5: 37286 f4041d128d758f5506197b1cf0f1214f http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.04.1.dsc Size/MD5: 2012 401475ce9f7efa228d7b61671aa69c11 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 18232 49a5581a19be7771ecdc65fb943e86d7 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 3166090 074734f6e0fd51257999bdc0e38010f3 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 1147016 ddc8dfd4f0cc77c129c5bb4b18b6612c http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 257780 f6d735c7c95478fe2992178e0d7781d4 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_amd64.deb Size/MD5: 312528 05d78cad52b8c5464350c9b191528e0e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 18200 2c088a165372b431416a5b6d9f54b80b http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 3012554 50978f6f10b9f4c3918822d864d41aed http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 1040016 f0a52f96bd4f7bb7d8001b7ca5ace8d0 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 254880 c2151ff8a86f4119fcefa1f6c9ee7add http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_i386.deb Size/MD5: 295096 f6fde2292ca35df9e6cac822d158e512 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 18190 cbc624cedbae82a39d3c47aaa8ffee38 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 3041822 533fda14ea785417cababc58419a8fec http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 1016224 1ed477ec2ffe3ac642cb7c29413842ab http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 253574 b9756509dcdeea8433a0f6bbe2dc27b7 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_lpia.deb Size/MD5: 292466 55f2cf8c33f19f17cae613aca3ce71c1 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 20678 a26907dda711e1d13e8d597bee4689e0 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 3125800 102117180150342cecff38e653963f66 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 1143852 f96cab41f4bf24cf4fa4686b3a963464 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 256600 e19a891112bea8df4f27fe569da9c951 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_powerpc.deb Size/MD5: 324934 9aaac74bc3f6ec7f990f78d556c5ec09 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 18292 7e17d87ea08f93759ed7784705d82453 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 2834720 02b6284e651dcf2e6556378dcb730689 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 1019944 ee1829f9195609b3912994fc76788243 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 251578 09583a51b0814b53959af6d79a1b4f8c http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.04.1_sparc.deb Size/MD5: 299484 0d12ed86aae10c56300bd7cefb2884ef Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.1.diff.gz Size/MD5: 32769 d4e1fb5ca38687ad1e7532c457febc11 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.8.10.1.dsc Size/MD5: 2012 f98ccd513ae480ac7b56d7a4793758d3 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 3310610 9f8e4b95d1019e3956a88745ce3888c4 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 1195070 21daa67a1f51cc4a942e41beb2da001f http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 257586 89d972c2b67679eca265abac76d0687d http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 18296 8c1d95902c4f0e85c47a3ca941f0b48a http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_amd64.deb Size/MD5: 317026 11f10cc940951638cf5cac0e6e2f7ded i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 3137262 2ae6e2fa5e934a5fa27e14cedcdc74b6 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 1076898 59318f3e92b12686695704ef33074dc0 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 254686 b0dc3ec378ea87afff4a6d46fafca34f http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 18248 7a86d451f0cc722f66ca51f9894c81e2 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_i386.deb Size/MD5: 300214 88f4442427f4ad5b1e507f24a872d7d5 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 3173686 65714f22fc4908727cd58fa917cff249 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 1050748 c55a36fa65b311364ddfc5f9bcacc3e9 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 253226 0b49775e55163a5c6fa22fba288eded7 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 18220 8fd881d7744299014a919437d9edaf87 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_lpia.deb Size/MD5: 296154 fce2927b08d43ba6d2188bf927dfb4d6 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 3284430 e411ebc5e3848a9a28fdb7bcf55af833 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 1165792 f6a9ba644f3fb0cd888bf4b425522633 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 256434 19a95ab61e462058ecaf05cbebd11c8a http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 20666 abe014ba1940180af1051006e4d293fd http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_powerpc.deb Size/MD5: 320710 0f3c730279a7e731e72986d15fa2fcc2 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 2942578 3d396922de5283db749fd41036403ead http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 1038356 9d291947a8ef7d02c8c1a9746c1309d4 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 251226 c09de8036a434e93488b5c1b77108246 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 18380 0d18623f50973af22fd4e44e0d042bf4 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.8.10.1_sparc.deb Size/MD5: 301438 430f4a9aef7a540fac80629656572ea9 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.1.diff.gz Size/MD5: 35980 b64ec10add3d7fbbc7335b0f85b9fb00 http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1-0ubuntu0.9.04.1.dsc Size/MD5: 2012 a889688996d5530e8bf1eb181683137e http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.3.1.orig.tar.gz Size/MD5: 5316068 cc5607243fdfdbc80ebbbf6dbb33f784 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 3309788 d48afcfa4139fe94b4c0af67c8d9c850 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 1196740 7ace44202680241529edaeb226d0dec1 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 258240 54d581c61ba7608526790263545e1b1c http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 17404 bfbb39c275bb15dcef644991c6af7e7b http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_amd64.deb Size/MD5: 317668 9d55ed9607359667cf963e04ccb834d5 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 3137602 af5d5d420c440bf53de79f8952ee17d0 http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 1078336 706162a5436e733e4ce57d51baf163fb http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 255338 140b54235689f93baa3971add5401a42 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 17412 fb6ca266988f45378c41455fa5207a85 http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_i386.deb Size/MD5: 300808 7b06b74c327641634d4f8f1f61b7d432 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 3171676 ad44dc80ef0066d3da2edede234b0210 http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 1052136 727ab68dd03bec2ae01b4611c5f98309 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 253840 15198ca066b229b42ced8cb5f4307a53 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 17408 fdf85ab9c62a3d3999d4f49bf0172243 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_lpia.deb Size/MD5: 296796 ecc392b5e6b2b2b5b5ef6d9f93f3ad30 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 3282216 5399927c4f40c9369fcb58d3038cc3ec http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 1167866 477cd3a3cb2ec7c5cf791208e096de93 http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 257080 85844f856588609fba74ec37044f9c35 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 17410 98059af1adbd24026a4dab4faa27ddd1 http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_powerpc.deb Size/MD5: 321372 b7afef4b3c7dc27dceb12668458629d8 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 2942004 2e8c7c62ef1119b9326564fe50389b8d http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 1039416 ad6d7c7f3a2301c7e46a1102098fdbaf http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 251874 4a70da68d8ae2e444b7aaf6836d50eba http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 17410 9921067423eeb95bea428bf9f471559c http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.3.1-0ubuntu0.9.04.1_sparc.deb Size/MD5: 301814 302527f9bbcb164d12b13d25719a9ab9 . The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2408 Dan Kaminsky and Moxie Marlinspike discovered that icedove does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate (MFSA 2009-42). CVE-2009-2404 Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names (MFSA 2009-43). CVE-2009-2463 monarch2020 discovered an integer overflow n a base64 decoding function (MFSA 2010-07). CVE-2009-3072 Josh Soref discovered a crash in the BinHex decoder (MFSA 2010-07). CVE-2009-3075 Carsten Book reported a crash in the JavaScript engine (MFSA 2010-07). CVE-2010-0163 Ludovic Hirlimann reported a crash indexing some messages with attachments, which could lead to the execution of arbitrary code (MFSA 2010-07). For the stable distribution (lenny), these problems have been fixed in version 2.0.0.24-0lenny1. Due to a problem with the archive system it is not possible to release all architectures. The missing architectures will be installed into the archive once they become available. For the testing distribution squeeze and the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your icedove packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24.orig.tar.gz Size/MD5 checksum: 35856543 3bf6e40cddf593ddc1a66b9e721f12b9 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.dsc Size/MD5 checksum: 1668 111c1a93c1ce498715e231272123f841 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.diff.gz Size/MD5 checksum: 103260 4661b0c8c170d58f844337699cb8ca1a alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_alpha.deb Size/MD5 checksum: 3723382 12c7fe63b0a5c59680ca36200a6f7d20 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_alpha.deb Size/MD5 checksum: 61132 c0f96569d4ea0f01cff3950572b3dda9 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_alpha.deb Size/MD5 checksum: 57375560 95a614e1cb620fad510eb51ae5cb37c5 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_alpha.deb Size/MD5 checksum: 13468190 03a629abf18130605927f5817b097bac amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_amd64.deb Size/MD5 checksum: 57584134 7d909c9f1b67d4758e290dc2c1dc01f2 http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_amd64.deb Size/MD5 checksum: 3937168 de9dda16f94e696de897bec6c8d45f90 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_amd64.deb Size/MD5 checksum: 12384488 8d1632f7511c711a1d2ea940f7e451a2 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_amd64.deb Size/MD5 checksum: 59114 fae947071c0de6ebce316decbce61f9a arm architecture (ARM) http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_arm.deb Size/MD5 checksum: 3929902 5ab6f673b34770278270fb7862986b0b http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_arm.deb Size/MD5 checksum: 53746 c9c53e8a42d85fe5f4fa8e2a85e55629 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_arm.deb Size/MD5 checksum: 56491578 8eb38c6f99c501556506ac6790833941 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_arm.deb Size/MD5 checksum: 10943350 d7c0badfe9210ce5341eb17ab7e71ca2 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_hppa.deb Size/MD5 checksum: 3944678 2a9dc50b61420b4fdf8f3a4d378bb484 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_hppa.deb Size/MD5 checksum: 60554 7dcd739363cff3cc4bda659b82856536 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_hppa.deb Size/MD5 checksum: 58523174 6780e8f9de0f2ed0c3bd533d03853d85 http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_hppa.deb Size/MD5 checksum: 13952170 88674f31191b07cd76ea5d366c545f1d i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_i386.deb Size/MD5 checksum: 10951904 52ce1587c6eb95b7f8b63ccedf224d88 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_i386.deb Size/MD5 checksum: 54838 101de9e837bea9391461074481bf770f http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_i386.deb Size/MD5 checksum: 3924810 6ecf3693cce2ae97fd0bbdafc1ff06f6 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_i386.deb Size/MD5 checksum: 56543048 73d1684cf69bed0441393abb46610433 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_ia64.deb Size/MD5 checksum: 3756914 615afd30bf893d2d32bbacedf1f7ff8e http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_ia64.deb Size/MD5 checksum: 16545566 0444c7198e94ab59e103e60bf86a2aa2 http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_ia64.deb Size/MD5 checksum: 66302 f8800140b3797d4a4267a5dac0043995 http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_ia64.deb Size/MD5 checksum: 57199564 5df5808f91ecdf6ac49f0e922b1a0234 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_powerpc.deb Size/MD5 checksum: 12112586 4b40106b68670c726624348c0cb8bd1f http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_powerpc.deb Size/MD5 checksum: 59511730 226cdd43af9dffb4132002044120769c http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_powerpc.deb Size/MD5 checksum: 56670 72e58731ac68f2c599704a3e7ca45d4c http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_powerpc.deb Size/MD5 checksum: 3942470 e8454d41a095226a2d252f10da795d96 These files will probably be moved into the stable distribution on its next update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2010-0001 Synopsis: ESX Service Console updates for nss and nspr Issue date: 2010-01-06 Updated on: 2010-01-06 (initial release of advisory) CVE numbers: CVE-2009-2409 CVE-2009-2408 CVE-2009-2404 CVE-2009-1563 CVE-2009-3274 CVE-2009-3370 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3380 CVE-2009-3382 - ----------------------------------------------------------------------- 1. Summary Update for Service Console packages nss and nspr 2. Relevant releases VMware ESX 4.0 without patch ESX400-200912403-SG 3. Problem Description a. Update for Service Console packages nss and nspr Service console packages for Network Security Services (NSS) and NetScape Portable Runtime (NSPR) are updated to versions nss-3.12.3.99.3-1.2157 and nspr-4.7.6-1.2213 respectively. This patch fixes several security issues in the service console packages for NSS and NSPR. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-2409, CVE-2009-2408, CVE-2009-2404, CVE-2009-1563, CVE-2009-3274, CVE-2009-3370, CVE-2009-3372, CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376, CVE-2009-3380, and CVE-2009-3382 to these issues. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.0 ESX ESX400-200912403-SG ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 3.0.2 ESX not affected ESX 2.5.5 ESX not affected vMA 4.0 RHEL5 affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file. ESX 4.0 ------- ESX400-200912403-SG https://hostupdate.vmware.com/software/VUM/OFFLINE/release-181-20091231-153046/ESX400-200912001.zip md5sum: 78c6cf139b7941dc736c9d3a41deae77 sha1sum: 36df3a675fbd3c8c8830f00637e37ee716bdac59 http://kb.vmware.com/kb/1016293 To install an individual bulletin use esxupdate with the -b option. esxupdate --bundle=ESX400-200912001.zip -b ESX400-200912403-SG update 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1563 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3372 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3373 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3374 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3375 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3376 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3380 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3382 - ------------------------------------------------------------------------ 6. Change log 2010-01-06 VMSA-2010-0001 Initial security advisory after release of patch ESX400-200912403-SG for ESX 4.0 on 2010-01-06. - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2010 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) iD8DBQFLRYwLS2KysvBH1xkRArmBAJoDcO5waCyCE+lfmEwuILVjcqeLngCcCzNo HgNlBjOx5iQw7etlwwpbyuo= =bIJJ -----END PGP SIGNATURE----- . Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Network Security Services Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36093 VERIFY ADVISORY: http://secunia.com/advisories/36093/ DESCRIPTION: Some vulnerabilities have been reported in Network Security Services, which can potentially be exploited by malicious people to bypass certain security restrictions or to compromise a vulnerable system. 1) An error in the regular expression parser when matching common names in certificates can be exploited to cause a heap-based buffer overflow, e.g. via a specially crafted certificate signed by a trusted CA or when a user accepts a specially crafted certificate. 2) An error exists in the parsing of certain certificate fields, which can be exploited to e.g. get a client to accept a specially crafted certificate by mistake. SOLUTION: Update to version 3.12.3 or later. PROVIDED AND/OR DISCOVERED BY: Red Hat credits: 1) Moxie Marlinspike 2) Dan Kaminsky ORIGINAL ADVISORY: https://bugzilla.redhat.com/show_bug.cgi?id=512912 https://bugzilla.redhat.com/show_bug.cgi?id=510251 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:198 http://www.mandriva.com/security/ _______________________________________________________________________ Package : firefox Date : August 7, 2009 Affected: 2009.0, 2009.1, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Security issues were identified and fixed in firefox 3.0.x: Security researcher Juan Pablo Lopez Yacubian reported that an attacker could call window.open() on an invalid URL which looks similar to a legitimate URL and then use document.write() to place content within the new document, appearing to have come from the spoofed location (CVE-2009-2654). IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions (CVE-2009-2408). This update provides the latest Mozilla Firefox 3.0.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.13 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: a6822ef829b5dc2a49155770fc10cc20 2009.0/i586/beagle-0.3.8-13.14mdv2009.0.i586.rpm 2db822d3c7e73ac60ad781499e6ec251 2009.0/i586/beagle-crawl-system-0.3.8-13.14mdv2009.0.i586.rpm b0441b626197cb5d6e3444a3d482e79a 2009.0/i586/beagle-doc-0.3.8-13.14mdv2009.0.i586.rpm 5672bbd66911b997af8c84dbf7751bb5 2009.0/i586/beagle-epiphany-0.3.8-13.14mdv2009.0.i586.rpm e45dce0afc5f79b3744923edbb45d527 2009.0/i586/beagle-evolution-0.3.8-13.14mdv2009.0.i586.rpm 15b7970e50d9f5c47ddbf6e21f2bd782 2009.0/i586/beagle-gui-0.3.8-13.14mdv2009.0.i586.rpm a23bca93271243b989ea7afa3e898aca 2009.0/i586/beagle-gui-qt-0.3.8-13.14mdv2009.0.i586.rpm 9be046a4ddc0162ba1511715e08802ff 2009.0/i586/beagle-libs-0.3.8-13.14mdv2009.0.i586.rpm 2d60bf05386502d9fbb550f0bac1331b 2009.0/i586/devhelp-0.21-3.9mdv2009.0.i586.rpm 6bb27bb53d3bda021ceed7710d195338 2009.0/i586/devhelp-plugins-0.21-3.9mdv2009.0.i586.rpm 96e1d0f9d5c46a61a69c8a160285c92f 2009.0/i586/epiphany-2.24.0.1-3.11mdv2009.0.i586.rpm 36a0963341309cf3d0decf116c1a2668 2009.0/i586/epiphany-devel-2.24.0.1-3.11mdv2009.0.i586.rpm fef5d1610ade943011b36a0482e9043d 2009.0/i586/firefox-3.0.13-0.1mdv2009.0.i586.rpm 374b38801f273b8714be2782ac2e37c1 2009.0/i586/firefox-af-3.0.13-0.1mdv2009.0.i586.rpm f981898248d140a9b91619a690055c6f 2009.0/i586/firefox-ar-3.0.13-0.1mdv2009.0.i586.rpm cf01b3a96527899aad4f323c042c3ade 2009.0/i586/firefox-be-3.0.13-0.1mdv2009.0.i586.rpm 6fa86a03cb638ff49a28ac1073917df1 2009.0/i586/firefox-bg-3.0.13-0.1mdv2009.0.i586.rpm 089fda6b705c8a9abd994c819058f1c8 2009.0/i586/firefox-bn-3.0.13-0.1mdv2009.0.i586.rpm 8543e4eae4ce95e6eb32813bc1bc01fc 2009.0/i586/firefox-ca-3.0.13-0.1mdv2009.0.i586.rpm 4722b78b978a9f82de71d56fa0274ad4 2009.0/i586/firefox-cs-3.0.13-0.1mdv2009.0.i586.rpm 595d817763c4901c47b0ef479bd01bcc 2009.0/i586/firefox-cy-3.0.13-0.1mdv2009.0.i586.rpm 9bc25a5210fe99d2ba4d4b85e9018213 2009.0/i586/firefox-da-3.0.13-0.1mdv2009.0.i586.rpm e6fc11edfe7b86f04455b3dc7e4bd65e 2009.0/i586/firefox-de-3.0.13-0.1mdv2009.0.i586.rpm 9afa4c1062e91163756ef5109ff51187 2009.0/i586/firefox-el-3.0.13-0.1mdv2009.0.i586.rpm f75831ec921046c0dca1e13e34780c83 2009.0/i586/firefox-en_GB-3.0.13-0.1mdv2009.0.i586.rpm c58608f0789bdef53d1e89395fedf49f 2009.0/i586/firefox-eo-3.0.13-0.1mdv2009.0.i586.rpm 214574c3c5d82fe477ba0f50f63fd9fa 2009.0/i586/firefox-es_AR-3.0.13-0.1mdv2009.0.i586.rpm 658464fc37af0c06fffa759d037baceb 2009.0/i586/firefox-es_ES-3.0.13-0.1mdv2009.0.i586.rpm c5e764ad2738116d30343c0b38a962fa 2009.0/i586/firefox-et-3.0.13-0.1mdv2009.0.i586.rpm 8fb89898a68072bf7265c69d43410493 2009.0/i586/firefox-eu-3.0.13-0.1mdv2009.0.i586.rpm 3f361372c29fe95009dbd1078db64f65 2009.0/i586/firefox-ext-beagle-0.3.8-13.14mdv2009.0.i586.rpm 91464a6f25b8ea8c0d48de5cb0416740 2009.0/i586/firefox-ext-mozvoikko-0.9.5-4.9mdv2009.0.i586.rpm 9bc38cbec9d19bf568e6e9a89830a28f 2009.0/i586/firefox-fi-3.0.13-0.1mdv2009.0.i586.rpm 6dd78364bea9831ef0b3aa14f2d0118c 2009.0/i586/firefox-fr-3.0.13-0.1mdv2009.0.i586.rpm 180d5bfe08d234f02b1de34ca5654958 2009.0/i586/firefox-fy-3.0.13-0.1mdv2009.0.i586.rpm e4c18944adb12682655a90ee2faad97b 2009.0/i586/firefox-ga_IE-3.0.13-0.1mdv2009.0.i586.rpm 90b228a4010794165de329652ebbee25 2009.0/i586/firefox-gl-3.0.13-0.1mdv2009.0.i586.rpm f0586fdecb33249427065357a6e92d60 2009.0/i586/firefox-gu_IN-3.0.13-0.1mdv2009.0.i586.rpm 7bfc4a6196e2969a1cbae8d0f17f6ad1 2009.0/i586/firefox-he-3.0.13-0.1mdv2009.0.i586.rpm cca307fc57f277189b4d2bd8d7368abb 2009.0/i586/firefox-hi-3.0.13-0.1mdv2009.0.i586.rpm 052636e93f9576602a6d8876d19d8fc4 2009.0/i586/firefox-hu-3.0.13-0.1mdv2009.0.i586.rpm 899eeeca6c5305ce42fac890ae25acf4 2009.0/i586/firefox-id-3.0.13-0.1mdv2009.0.i586.rpm 876435ef3c302f94c8ce1cab6ec54e3e 2009.0/i586/firefox-is-3.0.13-0.1mdv2009.0.i586.rpm 9a663ac414779e841fa9e0b0de849e33 2009.0/i586/firefox-it-3.0.13-0.1mdv2009.0.i586.rpm 408453053f2dd0d238af016cb4e77237 2009.0/i586/firefox-ja-3.0.13-0.1mdv2009.0.i586.rpm cb0ab9447c1a5c439d1ede480c0f7835 2009.0/i586/firefox-ka-3.0.13-0.1mdv2009.0.i586.rpm 8fc83bc333676e38e3efd9b609fd674b 2009.0/i586/firefox-kn-3.0.13-0.1mdv2009.0.i586.rpm 612bb5fb598e61fb5802ff85708e6a5a 2009.0/i586/firefox-ko-3.0.13-0.1mdv2009.0.i586.rpm ac2312f1d74c268a72a4b4d3a4219ef1 2009.0/i586/firefox-ku-3.0.13-0.1mdv2009.0.i586.rpm 154dbc2ba6e46f5aa3ef99b66ec36a51 2009.0/i586/firefox-lt-3.0.13-0.1mdv2009.0.i586.rpm ecd25bc2d1e9cde62e0be85071c64529 2009.0/i586/firefox-lv-3.0.13-0.1mdv2009.0.i586.rpm 15f3d5c9a3a73a982c0c6351bb110271 2009.0/i586/firefox-mk-3.0.13-0.1mdv2009.0.i586.rpm 2b558113cd766e13056b99c48201f89b 2009.0/i586/firefox-mn-3.0.13-0.1mdv2009.0.i586.rpm 79f2fa3996f7b4f1779c6fa8f1a4543c 2009.0/i586/firefox-mr-3.0.13-0.1mdv2009.0.i586.rpm 8e73487dad85ffa6be02c17cc828beaa 2009.0/i586/firefox-nb_NO-3.0.13-0.1mdv2009.0.i586.rpm 366f85aa9ea20fcec1fef63b5a1f1df1 2009.0/i586/firefox-nl-3.0.13-0.1mdv2009.0.i586.rpm 43dca1cbb4ab3691cabf5cd74ffaf2b3 2009.0/i586/firefox-nn_NO-3.0.13-0.1mdv2009.0.i586.rpm 213f3e46bcfec9f7765569f4d004364a 2009.0/i586/firefox-oc-3.0.13-0.1mdv2009.0.i586.rpm d619b6e5f78f7f4bb0c60d19ceb7e876 2009.0/i586/firefox-pa_IN-3.0.13-0.1mdv2009.0.i586.rpm faf4b1e079c68e5697292fbdba30ebf1 2009.0/i586/firefox-pl-3.0.13-0.1mdv2009.0.i586.rpm 7d15b1990732f451bcfac1c1a7b77978 2009.0/i586/firefox-pt_BR-3.0.13-0.1mdv2009.0.i586.rpm c8b133b74d0eb2d3dec671a0c1f6bc86 2009.0/i586/firefox-pt_PT-3.0.13-0.1mdv2009.0.i586.rpm 4ece2c2e4e9fc0b25c8fb3287ec0b9af 2009.0/i586/firefox-ro-3.0.13-0.1mdv2009.0.i586.rpm f5ecba21ec0b359c057f378583b4279f 2009.0/i586/firefox-ru-3.0.13-0.1mdv2009.0.i586.rpm 4e64f4151cbcae1f498538d193cece9a 2009.0/i586/firefox-si-3.0.13-0.1mdv2009.0.i586.rpm 7989e3ec7fe2878ce4c334562aff9767 2009.0/i586/firefox-sk-3.0.13-0.1mdv2009.0.i586.rpm 7a117b88ad2206d9eda81ca884cbb385 2009.0/i586/firefox-sl-3.0.13-0.1mdv2009.0.i586.rpm 2d4d85a8e07af571c9c7e331de3be317 2009.0/i586/firefox-sq-3.0.13-0.1mdv2009.0.i586.rpm afc3cae145b8a5bce558aacbc0fdbfd1 2009.0/i586/firefox-sr-3.0.13-0.1mdv2009.0.i586.rpm a41f83c5f17482e24d113d7bee667984 2009.0/i586/firefox-sv_SE-3.0.13-0.1mdv2009.0.i586.rpm dc28d7e7746f1e95a25cb1e450c9619b 2009.0/i586/firefox-te-3.0.13-0.1mdv2009.0.i586.rpm f84f2d826d15843192a0f4b98e064547 2009.0/i586/firefox-th-3.0.13-0.1mdv2009.0.i586.rpm 1142168ff446e1a5f89be897815678b4 2009.0/i586/firefox-theme-kde4ff-0.14-4.9mdv2009.0.i586.rpm 0f8593cacdb0c3ee674c95ffcbc330fe 2009.0/i586/firefox-tr-3.0.13-0.1mdv2009.0.i586.rpm 69b5d73b3809140ab15c884cd75fc98f 2009.0/i586/firefox-uk-3.0.13-0.1mdv2009.0.i586.rpm e334049f5692cabfaedbe2c194b51202 2009.0/i586/firefox-zh_CN-3.0.13-0.1mdv2009.0.i586.rpm 2958cb63c8593fd8b8f1f68c8dde0905 2009.0/i586/firefox-zh_TW-3.0.13-0.1mdv2009.0.i586.rpm 7cda89f8cc627a59b61b976717be30d6 2009.0/i586/gnome-python-extras-2.19.1-20.9mdv2009.0.i586.rpm 576557a3a514f71933cb8a9c707ceb30 2009.0/i586/gnome-python-gda-2.19.1-20.9mdv2009.0.i586.rpm 976a8cff0d00126d7e4a807a8f879a54 2009.0/i586/gnome-python-gda-devel-2.19.1-20.9mdv2009.0.i586.rpm 3d2424b8c8cab0668d691ebd947dd605 2009.0/i586/gnome-python-gdl-2.19.1-20.9mdv2009.0.i586.rpm 2e71485c4eca0038d61f4508926f7fa4 2009.0/i586/gnome-python-gtkhtml2-2.19.1-20.9mdv2009.0.i586.rpm 5c1f92354d07da9682210eeb87825eb5 2009.0/i586/gnome-python-gtkmozembed-2.19.1-20.9mdv2009.0.i586.rpm f04444a67896b048d7a84ed20357feed 2009.0/i586/gnome-python-gtkspell-2.19.1-20.9mdv2009.0.i586.rpm 016f5cc2ec1a06598277a5b6be5efa2c 2009.0/i586/libdevhelp-1_0-0.21-3.9mdv2009.0.i586.rpm 1142e65abf94dac2b1b318bcea82bf5c 2009.0/i586/libdevhelp-1-devel-0.21-3.9mdv2009.0.i586.rpm 67d3d4ac04921885af224a9c70e87ae8 2009.0/i586/libxulrunner1.9-1.9.0.13-0.1mdv2009.0.i586.rpm af1331867d259d913a07f862a4079ee2 2009.0/i586/libxulrunner-devel-1.9.0.13-0.1mdv2009.0.i586.rpm 0bd0a103a85b8e8d4eaaac6dc5397867 2009.0/i586/libxulrunner-unstable-devel-1.9.0.13-0.1mdv2009.0.i586.rpm 0ec2c94351bc2f0c510721f09ea461b7 2009.0/i586/mozilla-firefox-ext-blogrovr-1.1.779-5.9mdv2009.0.i586.rpm 37647fc015fa5559d6c77bb9e7321bfb 2009.0/i586/mozilla-firefox-ext-foxmarks-2.1.0.12-2.9mdv2009.0.i586.rpm 2a89f46e141a1bc4218ce5f2dde00c1e 2009.0/i586/mozilla-firefox-ext-scribefire-2.3.1-2.9mdv2009.0.i586.rpm 914bcd8fb4c05239c2bdd162232a6ba3 2009.0/i586/mozilla-thunderbird-beagle-0.3.8-13.14mdv2009.0.i586.rpm 88e16f7cb5be2fc9fa83902ecafa19a6 2009.0/i586/xulrunner-1.9.0.13-0.1mdv2009.0.i586.rpm 4356ef867793688f2fde896a9d542057 2009.0/i586/yelp-2.24.0-3.9mdv2009.0.i586.rpm 4878f8a0366b18e8a8744eb21db1a2b7 2009.0/SRPMS/beagle-0.3.8-13.14mdv2009.0.src.rpm 08aea1f09ea4ad62af093a52b708a9ce 2009.0/SRPMS/devhelp-0.21-3.9mdv2009.0.src.rpm 25baa2313d08362d5e5187f5e6d7e3f7 2009.0/SRPMS/epiphany-2.24.0.1-3.11mdv2009.0.src.rpm ce2aec03351fffffc8362873bdac68a4 2009.0/SRPMS/firefox-3.0.13-0.1mdv2009.0.src.rpm b14c2fc2c59f7a0a8583f7239a9103cb 2009.0/SRPMS/firefox-ext-mozvoikko-0.9.5-4.9mdv2009.0.src.rpm 11abbad498571ed3951c668da59f2c91 2009.0/SRPMS/firefox-l10n-3.0.13-0.1mdv2009.0.src.rpm 8ada83f445f97ebb7951236b59541cbe 2009.0/SRPMS/firefox-theme-kde4ff-0.14-4.9mdv2009.0.src.rpm 1d8d443e6063def0818214d0ce315bcd 2009.0/SRPMS/gnome-python-extras-2.19.1-20.9mdv2009.0.src.rpm 18e8a4e1f7d1fca89cb6be0d21c1016f 2009.0/SRPMS/mozilla-firefox-ext-blogrovr-1.1.779-5.9mdv2009.0.src.rpm 3b194e6cc23a43e9f324f37f9a820e4e 2009.0/SRPMS/mozilla-firefox-ext-foxmarks-2.1.0.12-2.9mdv2009.0.src.rpm 6b8e5bee3849011f725248817b501706 2009.0/SRPMS/mozilla-firefox-ext-scribefire-2.3.1-2.9mdv2009.0.src.rpm 34efe4f4d585db58b769de32eed31b14 2009.0/SRPMS/xulrunner-1.9.0.13-0.1mdv2009.0.src.rpm cafe5ac9664e7f54035fed9d17921c94 2009.0/SRPMS/yelp-2.24.0-3.9mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: fd2a9ff60f4e68f4a481a5fe4a98c73a 2009.0/x86_64/beagle-0.3.8-13.14mdv2009.0.x86_64.rpm 9b1d89b08f16e56768fd9542079f350d 2009.0/x86_64/beagle-crawl-system-0.3.8-13.14mdv2009.0.x86_64.rpm 6373aacafa1057af4684db790962e7ae 2009.0/x86_64/beagle-doc-0.3.8-13.14mdv2009.0.x86_64.rpm 4192fedb81ce69831e74fe6d3d93959f 2009.0/x86_64/beagle-epiphany-0.3.8-13.14mdv2009.0.x86_64.rpm 24e885319c5d9dfc9184d087dffc3f99 2009.0/x86_64/beagle-evolution-0.3.8-13.14mdv2009.0.x86_64.rpm 852adea7f93e3199a0f0c8843e7c55a8 2009.0/x86_64/beagle-gui-0.3.8-13.14mdv2009.0.x86_64.rpm fc485f7767ad85e2c026c404075d9229 2009.0/x86_64/beagle-gui-qt-0.3.8-13.14mdv2009.0.x86_64.rpm 07bb1b9c24c9f88ff8437d2c1b75878b 2009.0/x86_64/beagle-libs-0.3.8-13.14mdv2009.0.x86_64.rpm 092f8d36c077ff5d697d217156aca03a 2009.0/x86_64/devhelp-0.21-3.9mdv2009.0.x86_64.rpm a5101c919b946b770d14a049d788e8d9 2009.0/x86_64/devhelp-plugins-0.21-3.9mdv2009.0.x86_64.rpm 3d37811d58eabd343432f0bd79da93f9 2009.0/x86_64/epiphany-2.24.0.1-3.11mdv2009.0.x86_64.rpm 8bf41b3ccff1bbf6b517ddb43c65f3d4 2009.0/x86_64/epiphany-devel-2.24.0.1-3.11mdv2009.0.x86_64.rpm 90b2602358cda40b9b77ecf43d8a5813 2009.0/x86_64/firefox-3.0.13-0.1mdv2009.0.x86_64.rpm c802e7ce61f1c6db1861e1ad8625db58 2009.0/x86_64/firefox-af-3.0.13-0.1mdv2009.0.x86_64.rpm 26efc3eb99d920565bbecc31c5b29d2c 2009.0/x86_64/firefox-ar-3.0.13-0.1mdv2009.0.x86_64.rpm 5da83501fc42740dfca0a6b362e8e332 2009.0/x86_64/firefox-be-3.0.13-0.1mdv2009.0.x86_64.rpm 51267ac84ea3a0745f0229d4c379e591 2009.0/x86_64/firefox-bg-3.0.13-0.1mdv2009.0.x86_64.rpm 6ddce5aa96b508a7241526e00e78e393 2009.0/x86_64/firefox-bn-3.0.13-0.1mdv2009.0.x86_64.rpm 10c1b53854b08c634e853b8fc4fbbe74 2009.0/x86_64/firefox-ca-3.0.13-0.1mdv2009.0.x86_64.rpm 6f12ccc92981d70dbedeb8f99ac552e1 2009.0/x86_64/firefox-cs-3.0.13-0.1mdv2009.0.x86_64.rpm a0a79dd3c0984ee03834e06e44c6b632 2009.0/x86_64/firefox-cy-3.0.13-0.1mdv2009.0.x86_64.rpm 4fafa1c0616047cd355e9ce4621b964b 2009.0/x86_64/firefox-da-3.0.13-0.1mdv2009.0.x86_64.rpm 8b89533b107bcac1454e636d4bfdbb01 2009.0/x86_64/firefox-de-3.0.13-0.1mdv2009.0.x86_64.rpm 60ed34b007aef6983f7567df8e5aa360 2009.0/x86_64/firefox-el-3.0.13-0.1mdv2009.0.x86_64.rpm ae965aac1eaaecd6642a5926c221bcde 2009.0/x86_64/firefox-en_GB-3.0.13-0.1mdv2009.0.x86_64.rpm 6df13fe269bc57cc42c94da2401def6d 2009.0/x86_64/firefox-eo-3.0.13-0.1mdv2009.0.x86_64.rpm 9d39eed36e33728f5a4d1cd629fcdc22 2009.0/x86_64/firefox-es_AR-3.0.13-0.1mdv2009.0.x86_64.rpm f1f19bb222e2d5b2343535eab2beb94e 2009.0/x86_64/firefox-es_ES-3.0.13-0.1mdv2009.0.x86_64.rpm 68eef6bc4021590584cb6fb1e137b1bd 2009.0/x86_64/firefox-et-3.0.13-0.1mdv2009.0.x86_64.rpm 54bc429f2eb350b2c94b4ecc776bfb8f 2009.0/x86_64/firefox-eu-3.0.13-0.1mdv2009.0.x86_64.rpm a4477742a5a74668cc72c9eda39ababa 2009.0/x86_64/firefox-ext-beagle-0.3.8-13.14mdv2009.0.x86_64.rpm 6fdda4fcd02eff82a5fedbc0e7db4a89 2009.0/x86_64/firefox-ext-mozvoikko-0.9.5-4.9mdv2009.0.x86_64.rpm 9138b808592bcf06e9cd6f0a58676c24 2009.0/x86_64/firefox-fi-3.0.13-0.1mdv2009.0.x86_64.rpm e8f9c8ea5248d400af9be21771195b66 2009.0/x86_64/firefox-fr-3.0.13-0.1mdv2009.0.x86_64.rpm 226c770c9eb371a9cd66747b3cad6828 2009.0/x86_64/firefox-fy-3.0.13-0.1mdv2009.0.x86_64.rpm 2260fcea15a9cc49b347390cadc71599 2009.0/x86_64/firefox-ga_IE-3.0.13-0.1mdv2009.0.x86_64.rpm f7a0c391873545dbb25c810ba12fe164 2009.0/x86_64/firefox-gl-3.0.13-0.1mdv2009.0.x86_64.rpm 32f993a35c46dcf8e25e39929b1ced2a 2009.0/x86_64/firefox-gu_IN-3.0.13-0.1mdv2009.0.x86_64.rpm 2e4a73d19ccfcb20092160a6d5941e97 2009.0/x86_64/firefox-he-3.0.13-0.1mdv2009.0.x86_64.rpm 160666a1e608cff7401b43eed7f90535 2009.0/x86_64/firefox-hi-3.0.13-0.1mdv2009.0.x86_64.rpm b70b2c5f7af2cc81174f91cd31a1493c 2009.0/x86_64/firefox-hu-3.0.13-0.1mdv2009.0.x86_64.rpm 74fca931bba785ac47b7aa181494cdbb 2009.0/x86_64/firefox-id-3.0.13-0.1mdv2009.0.x86_64.rpm 3fe8638b5170b72917e4e8ea1174e17b 2009.0/x86_64/firefox-is-3.0.13-0.1mdv2009.0.x86_64.rpm 3f139ac3e9c365c8f693aba837e2a042 2009.0/x86_64/firefox-it-3.0.13-0.1mdv2009.0.x86_64.rpm f7b678a1bfbefda814fa83306222cc41 2009.0/x86_64/firefox-ja-3.0.13-0.1mdv2009.0.x86_64.rpm 7e939898258c08a317a36e07273ea209 2009.0/x86_64/firefox-ka-3.0.13-0.1mdv2009.0.x86_64.rpm 8882bfae1b24b58ff494f82415681987 2009.0/x86_64/firefox-kn-3.0.13-0.1mdv2009.0.x86_64.rpm 44fa31c02c81eaa8ae61bdcfbae64367 2009.0/x86_64/firefox-ko-3.0.13-0.1mdv2009.0.x86_64.rpm 2e072ba6d9650eea364a31eda816f11d 2009.0/x86_64/firefox-ku-3.0.13-0.1mdv2009.0.x86_64.rpm 36430330e9038c09c8d43c4cb448371e 2009.0/x86_64/firefox-lt-3.0.13-0.1mdv2009.0.x86_64.rpm 3ab6cc70b68e10bfd62cdfa896099eba 2009.0/x86_64/firefox-lv-3.0.13-0.1mdv2009.0.x86_64.rpm 3ed08b83e37d5b6e504dff1f8f716225 2009.0/x86_64/firefox-mk-3.0.13-0.1mdv2009.0.x86_64.rpm 7c392f1ece949f2cb44f980bd01e7f05 2009.0/x86_64/firefox-mn-3.0.13-0.1mdv2009.0.x86_64.rpm de1dff9b9089b68d57a98ddd4980b0a2 2009.0/x86_64/firefox-mr-3.0.13-0.1mdv2009.0.x86_64.rpm 05944f1a699c48a0ed982ec3d3f393c4 2009.0/x86_64/firefox-nb_NO-3.0.13-0.1mdv2009.0.x86_64.rpm f0cdec74711099dea77e948d5e41049e 2009.0/x86_64/firefox-nl-3.0.13-0.1mdv2009.0.x86_64.rpm f4a14720d7a2aea5cfd72fc6730d2434 2009.0/x86_64/firefox-nn_NO-3.0.13-0.1mdv2009.0.x86_64.rpm 16d2232a8ea403853c98628d15f6cb56 2009.0/x86_64/firefox-oc-3.0.13-0.1mdv2009.0.x86_64.rpm 80887101785cce0cc2e6a27b20b41f60 2009.0/x86_64/firefox-pa_IN-3.0.13-0.1mdv2009.0.x86_64.rpm 701e26b5086b1d7d7e48e9c331ea9089 2009.0/x86_64/firefox-pl-3.0.13-0.1mdv2009.0.x86_64.rpm 6488b668d9adf9838ed5f99008bd1b4a 2009.0/x86_64/firefox-pt_BR-3.0.13-0.1mdv2009.0.x86_64.rpm 6c84cd88d4a0cef254c31f976a800935 2009.0/x86_64/firefox-pt_PT-3.0.13-0.1mdv2009.0.x86_64.rpm 636373ef3a086dab553648f83d482279 2009.0/x86_64/firefox-ro-3.0.13-0.1mdv2009.0.x86_64.rpm d6c65eba5659c9d149fb74aecd0811e3 2009.0/x86_64/firefox-ru-3.0.13-0.1mdv2009.0.x86_64.rpm 59499f35ccbf4fbc6e30b4b543808591 2009.0/x86_64/firefox-si-3.0.13-0.1mdv2009.0.x86_64.rpm 4055dc544ead5676a9f2722cc7de0194 2009.0/x86_64/firefox-sk-3.0.13-0.1mdv2009.0.x86_64.rpm caeb6cab946ba48c1a20a78f037ef2a4 2009.0/x86_64/firefox-sl-3.0.13-0.1mdv2009.0.x86_64.rpm 0bd2025f89f1a9f0f3ad440301b97e8e 2009.0/x86_64/firefox-sq-3.0.13-0.1mdv2009.0.x86_64.rpm 8fb7c0a27aad0d260dc578d5bb1edc12 2009.0/x86_64/firefox-sr-3.0.13-0.1mdv2009.0.x86_64.rpm 86cee077f57a2d01f82a57f0551fdaa9 2009.0/x86_64/firefox-sv_SE-3.0.13-0.1mdv2009.0.x86_64.rpm 197fb3cce50e96251dd25343c702e672 2009.0/x86_64/firefox-te-3.0.13-0.1mdv2009.0.x86_64.rpm 55de6243da14129f9c1920d1c10899c4 2009.0/x86_64/firefox-th-3.0.13-0.1mdv2009.0.x86_64.rpm 56e8da997a82e1e372f90a3e98223cc4 2009.0/x86_64/firefox-theme-kde4ff-0.14-4.9mdv2009.0.x86_64.rpm 6de08168f2bb62e24f8ee8cbebcd1e06 2009.0/x86_64/firefox-tr-3.0.13-0.1mdv2009.0.x86_64.rpm d52c8d02969da364f8863b148e31172d 2009.0/x86_64/firefox-uk-3.0.13-0.1mdv2009.0.x86_64.rpm a69b955bd947ae79203e14f19947a4be 2009.0/x86_64/firefox-zh_CN-3.0.13-0.1mdv2009.0.x86_64.rpm bfa84035e496517b0c750f904896e021 2009.0/x86_64/firefox-zh_TW-3.0.13-0.1mdv2009.0.x86_64.rpm 5f4c007fe54fdd6e306c0bc6a32ce055 2009.0/x86_64/gnome-python-extras-2.19.1-20.9mdv2009.0.x86_64.rpm 17063d1f6fa264a64488e8085ffbfdfd 2009.0/x86_64/gnome-python-gda-2.19.1-20.9mdv2009.0.x86_64.rpm d83b5300a513aa8339ffa20663c8ac42 2009.0/x86_64/gnome-python-gda-devel-2.19.1-20.9mdv2009.0.x86_64.rpm 06d7f3eb117b4d9e4f84b910433325cf 2009.0/x86_64/gnome-python-gdl-2.19.1-20.9mdv2009.0.x86_64.rpm f5307d98cee90a569f425d64050d2dc6 2009.0/x86_64/gnome-python-gtkhtml2-2.19.1-20.9mdv2009.0.x86_64.rpm 233d7ba8094c84e9e9823c960a2fd180 2009.0/x86_64/gnome-python-gtkmozembed-2.19.1-20.9mdv2009.0.x86_64.rpm 897c01afbe582c23762a657f5b51f4f0 2009.0/x86_64/gnome-python-gtkspell-2.19.1-20.9mdv2009.0.x86_64.rpm 7f3c87d9e9252afb547d799d1d6d8842 2009.0/x86_64/lib64devhelp-1_0-0.21-3.9mdv2009.0.x86_64.rpm 93194f771048027535174c69313c2834 2009.0/x86_64/lib64devhelp-1-devel-0.21-3.9mdv2009.0.x86_64.rpm 364b6ddc466dc4ff461226e6294a9228 2009.0/x86_64/lib64xulrunner1.9-1.9.0.13-0.1mdv2009.0.x86_64.rpm bc0d4a706595879f078eb4ec57e83274 2009.0/x86_64/lib64xulrunner-devel-1.9.0.13-0.1mdv2009.0.x86_64.rpm 914a5360230521851d79b1b4014d05b1 2009.0/x86_64/lib64xulrunner-unstable-devel-1.9.0.13-0.1mdv2009.0.x86_64.rpm bc0c7d6fc7cd06f4b360e795ea73e224 2009.0/x86_64/mozilla-firefox-ext-blogrovr-1.1.779-5.9mdv2009.0.x86_64.rpm 49fda0e4fd0db20a19575c267953b0d4 2009.0/x86_64/mozilla-firefox-ext-foxmarks-2.1.0.12-2.9mdv2009.0.x86_64.rpm 21631df420534e57776cce23cbf26720 2009.0/x86_64/mozilla-firefox-ext-scribefire-2.3.1-2.9mdv2009.0.x86_64.rpm aacad587bb5852925be027737a9cbc12 2009.0/x86_64/mozilla-thunderbird-beagle-0.3.8-13.14mdv2009.0.x86_64.rpm ba4ebf98a11a3eac22e137453568c5f9 2009.0/x86_64/xulrunner-1.9.0.13-0.1mdv2009.0.x86_64.rpm c3de98f2e448f2f5020c53309ebef62e 2009.0/x86_64/yelp-2.24.0-3.9mdv2009.0.x86_64.rpm 4878f8a0366b18e8a8744eb21db1a2b7 2009.0/SRPMS/beagle-0.3.8-13.14mdv2009.0.src.rpm 08aea1f09ea4ad62af093a52b708a9ce 2009.0/SRPMS/devhelp-0.21-3.9mdv2009.0.src.rpm 25baa2313d08362d5e5187f5e6d7e3f7 2009.0/SRPMS/epiphany-2.24.0.1-3.11mdv2009.0.src.rpm ce2aec03351fffffc8362873bdac68a4 2009.0/SRPMS/firefox-3.0.13-0.1mdv2009.0.src.rpm b14c2fc2c59f7a0a8583f7239a9103cb 2009.0/SRPMS/firefox-ext-mozvoikko-0.9.5-4.9mdv2009.0.src.rpm 11abbad498571ed3951c668da59f2c91 2009.0/SRPMS/firefox-l10n-3.0.13-0.1mdv2009.0.src.rpm 8ada83f445f97ebb7951236b59541cbe 2009.0/SRPMS/firefox-theme-kde4ff-0.14-4.9mdv2009.0.src.rpm 1d8d443e6063def0818214d0ce315bcd 2009.0/SRPMS/gnome-python-extras-2.19.1-20.9mdv2009.0.src.rpm 18e8a4e1f7d1fca89cb6be0d21c1016f 2009.0/SRPMS/mozilla-firefox-ext-blogrovr-1.1.779-5.9mdv2009.0.src.rpm 3b194e6cc23a43e9f324f37f9a820e4e 2009.0/SRPMS/mozilla-firefox-ext-foxmarks-2.1.0.12-2.9mdv2009.0.src.rpm 6b8e5bee3849011f725248817b501706 2009.0/SRPMS/mozilla-firefox-ext-scribefire-2.3.1-2.9mdv2009.0.src.rpm 34efe4f4d585db58b769de32eed31b14 2009.0/SRPMS/xulrunner-1.9.0.13-0.1mdv2009.0.src.rpm cafe5ac9664e7f54035fed9d17921c94 2009.0/SRPMS/yelp-2.24.0-3.9mdv2009.0.src.rpm Mandriva Linux 2009.1: 02a6e5e75e1f3ecf36a4d11f6dbedba7 2009.1/i586/beagle-0.3.9-9.5mdv2009.1.i586.rpm 482b004f51c7e2ace71be356e0038dc3 2009.1/i586/beagle-crawl-system-0.3.9-9.5mdv2009.1.i586.rpm 35b6c72c66b62354c4242ed5a411ad9c 2009.1/i586/beagle-doc-0.3.9-9.5mdv2009.1.i586.rpm 631ab9fdde431913bef47f7a1cfe648e 2009.1/i586/beagle-epiphany-0.3.9-9.5mdv2009.1.i586.rpm 6b1fb3a5454af591f23b57bbf22b3d0b 2009.1/i586/beagle-evolution-0.3.9-9.5mdv2009.1.i586.rpm 9622cf03e2a45e23db38d67f9fd50053 2009.1/i586/beagle-gui-0.3.9-9.5mdv2009.1.i586.rpm 6e40cf9fc5b65d1248624800389535b0 2009.1/i586/beagle-gui-qt-0.3.9-9.5mdv2009.1.i586.rpm 3b0e739963ac3b55e8707187e11fc279 2009.1/i586/beagle-libs-0.3.9-9.5mdv2009.1.i586.rpm f38430b9d54a355d78c344a815042493 2009.1/i586/epiphany-2.26.1-1.4mdv2009.1.i586.rpm 7464a347d7a112cba33c0451fdf3e494 2009.1/i586/epiphany-devel-2.26.1-1.4mdv2009.1.i586.rpm 35398cd906de679cbe81e39fa62a7bb5 2009.1/i586/firefox-3.0.13-0.1mdv2009.1.i586.rpm 747db0c713e55cc0ca0ecc85559ba20d 2009.1/i586/firefox-af-3.0.13-0.1mdv2009.1.i586.rpm 32b6dcc4dfd6bfb4baa22e2dd1974f05 2009.1/i586/firefox-ar-3.0.13-0.1mdv2009.1.i586.rpm d5ea263e00042a7f289878bad42030c5 2009.1/i586/firefox-be-3.0.13-0.1mdv2009.1.i586.rpm be72d85579f54829a57629e9de32e924 2009.1/i586/firefox-bg-3.0.13-0.1mdv2009.1.i586.rpm e1a249ed0b61d60e54dedd32e0920c88 2009.1/i586/firefox-bn-3.0.13-0.1mdv2009.1.i586.rpm abec705eb193cf54923ce26343093626 2009.1/i586/firefox-ca-3.0.13-0.1mdv2009.1.i586.rpm 9a9981f06f6e2c07c852a840e2e0c4be 2009.1/i586/firefox-cs-3.0.13-0.1mdv2009.1.i586.rpm d0b38d56ab9d0bd7b83294c916d18c22 2009.1/i586/firefox-cy-3.0.13-0.1mdv2009.1.i586.rpm 20762481ab33b7d288100af5d0df4b52 2009.1/i586/firefox-da-3.0.13-0.1mdv2009.1.i586.rpm c678cfa4ab8d7b255b08050fd696f51a 2009.1/i586/firefox-de-3.0.13-0.1mdv2009.1.i586.rpm 55ddb08f5d11860b3d1850644f8391bc 2009.1/i586/firefox-el-3.0.13-0.1mdv2009.1.i586.rpm f0cdc76908594aa02e8ac4426087c49a 2009.1/i586/firefox-en_GB-3.0.13-0.1mdv2009.1.i586.rpm 6d401632ede0e00d1100574ef5c691df 2009.1/i586/firefox-eo-3.0.13-0.1mdv2009.1.i586.rpm 0229797614722f047aab42187348dc23 2009.1/i586/firefox-es_AR-3.0.13-0.1mdv2009.1.i586.rpm f8d8dace13d5a80c7de216ced6f3c704 2009.1/i586/firefox-es_ES-3.0.13-0.1mdv2009.1.i586.rpm 7b5db78f898a0be652771f2a6c279683 2009.1/i586/firefox-et-3.0.13-0.1mdv2009.1.i586.rpm 60c1aaefbd0034c8b43911b1baf5b640 2009.1/i586/firefox-eu-3.0.13-0.1mdv2009.1.i586.rpm b289fd7f57f7186ca12568bf76c61e65 2009.1/i586/firefox-ext-beagle-0.3.9-9.5mdv2009.1.i586.rpm edb6ee195416dadf35cb73f809a5ff16 2009.1/i586/firefox-ext-blogrovr-1.1.798-2.4mdv2009.1.i586.rpm 0630091ee85b88ea38b8c8a9acd155d0 2009.1/i586/firefox-ext-foxmarks-2.7.2-2.4mdv2009.1.i586.rpm ee77467d0ce879427f5b5653401e0ae7 2009.1/i586/firefox-ext-mozvoikko-0.9.6-2.4mdv2009.1.i586.rpm d083b2e25d82ee4a28ee7bffa2fbcd6f 2009.1/i586/firefox-ext-r-kiosk-0.7.2-2.4mdv2009.1.i586.rpm 6df500ba1935b1f75fc6bec70ec9954e 2009.1/i586/firefox-ext-scribefire-3.2.3-2.4mdv2009.1.i586.rpm 5dea4c6d47a5dabb4e5d7ee8247ff5a8 2009.1/i586/firefox-fi-3.0.13-0.1mdv2009.1.i586.rpm 390c5d441455cc6e9c1bcbeda8e7dbca 2009.1/i586/firefox-fr-3.0.13-0.1mdv2009.1.i586.rpm 37f98a861ad4f0a22a85e2bce246c9dc 2009.1/i586/firefox-fy-3.0.13-0.1mdv2009.1.i586.rpm 6c095a6047feeca0daf6e08335aa09b2 2009.1/i586/firefox-ga_IE-3.0.13-0.1mdv2009.1.i586.rpm 73e498eba22675d906a7e0bcd98d8351 2009.1/i586/firefox-gl-3.0.13-0.1mdv2009.1.i586.rpm 5e7afc9a95d9a6aa8bc82eb4273c60ad 2009.1/i586/firefox-gu_IN-3.0.13-0.1mdv2009.1.i586.rpm 0f5f1b9052d09474e3ba239e93ecf6e3 2009.1/i586/firefox-he-3.0.13-0.1mdv2009.1.i586.rpm 43d603f48d2cb2056db51f496b1ec996 2009.1/i586/firefox-hi-3.0.13-0.1mdv2009.1.i586.rpm 5658131cf3843fbfd20259f34b3ba6c4 2009.1/i586/firefox-hu-3.0.13-0.1mdv2009.1.i586.rpm bda18918cf8e13fb5def716abfa954a5 2009.1/i586/firefox-id-3.0.13-0.1mdv2009.1.i586.rpm 1dcaedd447f98fea90da858018077827 2009.1/i586/firefox-is-3.0.13-0.1mdv2009.1.i586.rpm 2e4ff8ea149d58a8e643b1a1bbdd926c 2009.1/i586/firefox-it-3.0.13-0.1mdv2009.1.i586.rpm c19f3ca5d6017568651c8a121dea77f1 2009.1/i586/firefox-ja-3.0.13-0.1mdv2009.1.i586.rpm 38d9ab0a9c2ff15a8611314d22aeb431 2009.1/i586/firefox-ka-3.0.13-0.1mdv2009.1.i586.rpm eeea063ec6c259630ae7c6a101bf2bb0 2009.1/i586/firefox-kn-3.0.13-0.1mdv2009.1.i586.rpm 4af1e9aaecd7fe8f108a6e07e35af683 2009.1/i586/firefox-ko-3.0.13-0.1mdv2009.1.i586.rpm 97c7a6109534ed69ac2a95d46d98c83b 2009.1/i586/firefox-ku-3.0.13-0.1mdv2009.1.i586.rpm fa3c94d85013365ac1de09fba178725e 2009.1/i586/firefox-lt-3.0.13-0.1mdv2009.1.i586.rpm 89b99d16c7696215aa771ccb46b5140f 2009.1/i586/firefox-lv-3.0.13-0.1mdv2009.1.i586.rpm e68aca3813376b9d7ac91ed9e652c86a 2009.1/i586/firefox-mk-3.0.13-0.1mdv2009.1.i586.rpm 1189c9995b70c74ee8d025328926fe86 2009.1/i586/firefox-mn-3.0.13-0.1mdv2009.1.i586.rpm 25d5dc4d46f7519b4f7510b7563204a6 2009.1/i586/firefox-mr-3.0.13-0.1mdv2009.1.i586.rpm b948b123aeae7dd1ff6ceac9fb2fd4fe 2009.1/i586/firefox-nb_NO-3.0.13-0.1mdv2009.1.i586.rpm bd71f911c9c25dc049253388f0e38e27 2009.1/i586/firefox-nl-3.0.13-0.1mdv2009.1.i586.rpm 064243c7004e78e90dd3e95f9bbda10e 2009.1/i586/firefox-nn_NO-3.0.13-0.1mdv2009.1.i586.rpm db787a4f4019793289c643430362d20d 2009.1/i586/firefox-oc-3.0.13-0.1mdv2009.1.i586.rpm 982f104ab8655d4e4a58d2fc977abd0f 2009.1/i586/firefox-pa_IN-3.0.13-0.1mdv2009.1.i586.rpm 1910b94dd2e3b7f1959647608b2eea9f 2009.1/i586/firefox-pl-3.0.13-0.1mdv2009.1.i586.rpm ad497287a8eee4a53a9c73c93a93eb7f 2009.1/i586/firefox-pt_BR-3.0.13-0.1mdv2009.1.i586.rpm b0b38785c4509adeaf90ed00d7555307 2009.1/i586/firefox-pt_PT-3.0.13-0.1mdv2009.1.i586.rpm f48a4f020c694bb337738f073294d7b6 2009.1/i586/firefox-ro-3.0.13-0.1mdv2009.1.i586.rpm 925d46b4f5381b68da420d95707ea126 2009.1/i586/firefox-ru-3.0.13-0.1mdv2009.1.i586.rpm 9b146a4926086398e4d5ab11c699ea43 2009.1/i586/firefox-si-3.0.13-0.1mdv2009.1.i586.rpm ed0f2e95b6583fb3827b318b9a436a7f 2009.1/i586/firefox-sk-3.0.13-0.1mdv2009.1.i586.rpm 4b31198d77d385503ded07c92d5bfa28 2009.1/i586/firefox-sl-3.0.13-0.1mdv2009.1.i586.rpm a6c948af4cca0a6ed8add460614a2f15 2009.1/i586/firefox-sq-3.0.13-0.1mdv2009.1.i586.rpm 843076ec2061c31b5ca1e70b5c5e35bc 2009.1/i586/firefox-sr-3.0.13-0.1mdv2009.1.i586.rpm a27edd893e4de4da213d18ba020be791 2009.1/i586/firefox-sv_SE-3.0.13-0.1mdv2009.1.i586.rpm 4928710100f1cf2c7ef31cc2edf37a9f 2009.1/i586/firefox-te-3.0.13-0.1mdv2009.1.i586.rpm 69e8f023850274da2c755c97475bada0 2009.1/i586/firefox-th-3.0.13-0.1mdv2009.1.i586.rpm 508f99e1c11a9d563752ab846ef13ae6 2009.1/i586/firefox-theme-kde4ff-0.14-9.4mdv2009.1.i586.rpm 6a3c8c3572a54e84f875abd932d1f36a 2009.1/i586/firefox-tr-3.0.13-0.1mdv2009.1.i586.rpm bf9c26e5179d8ab5cab5dfbf3bcdf625 2009.1/i586/firefox-uk-3.0.13-0.1mdv2009.1.i586.rpm edc44052fc7c9f5e622d2c3ee936a15a 2009.1/i586/firefox-zh_CN-3.0.13-0.1mdv2009.1.i586.rpm f4e5ddc6ca4166fc7d9eac145daafa0f 2009.1/i586/firefox-zh_TW-3.0.13-0.1mdv2009.1.i586.rpm 2ec6ee6f4bc479a0df1aed09a14fabd6 2009.1/i586/gnome-python-extras-2.25.3-3.4mdv2009.1.i586.rpm de18a2772218441d111b34f22b167f13 2009.1/i586/gnome-python-gda-2.25.3-3.4mdv2009.1.i586.rpm 127a6a5e43d83d66d0ded5aa584c02c2 2009.1/i586/gnome-python-gda-devel-2.25.3-3.4mdv2009.1.i586.rpm d48dd202de348a94e34a9ceddad39ea3 2009.1/i586/gnome-python-gdl-2.25.3-3.4mdv2009.1.i586.rpm d0385e185a8fdcfceb0b12e247f38a06 2009.1/i586/gnome-python-gtkhtml2-2.25.3-3.4mdv2009.1.i586.rpm 40fabeba612597b0168c90526de831b3 2009.1/i586/gnome-python-gtkmozembed-2.25.3-3.4mdv2009.1.i586.rpm aa828d3d1bdc98a39f9a42912c368c46 2009.1/i586/gnome-python-gtkspell-2.25.3-3.4mdv2009.1.i586.rpm 24defa823e2663746ac1268ac84b6861 2009.1/i586/google-gadgets-common-0.10.5-8.4mdv2009.1.i586.rpm 242a77aebfbc468bfabb0adaff48de3b 2009.1/i586/google-gadgets-gtk-0.10.5-8.4mdv2009.1.i586.rpm fbd62d9e59ce22e981046e152864a145 2009.1/i586/google-gadgets-qt-0.10.5-8.4mdv2009.1.i586.rpm db4bbcef16b4cd0d6c5e2e6f6e3b21b2 2009.1/i586/google-gadgets-xul-0.10.5-8.4mdv2009.1.i586.rpm e01aca911fa6c0b6a65170b837d211b0 2009.1/i586/libggadget1.0_0-0.10.5-8.4mdv2009.1.i586.rpm 453d4660196abc4ba630e8ef69ac155d 2009.1/i586/libggadget-gtk1.0_0-0.10.5-8.4mdv2009.1.i586.rpm 66fe485dc7244284b357002c6da72559 2009.1/i586/libggadget-qt1.0_0-0.10.5-8.4mdv2009.1.i586.rpm 413423499013ae96ad1c291397227090 2009.1/i586/libgoogle-gadgets-devel-0.10.5-8.4mdv2009.1.i586.rpm 6082879c5af962a8474b1073f21eac37 2009.1/i586/libopensc2-0.11.7-1.5mdv2009.1.i586.rpm 3745d1c725f41358d618fb97220aafe9 2009.1/i586/libopensc-devel-0.11.7-1.5mdv2009.1.i586.rpm 9de279ba145068aa78851fd2ebd10f93 2009.1/i586/libxulrunner1.9-1.9.0.13-0.1mdv2009.1.i586.rpm 6a43e8778a0bec902b98a36ff62940f9 2009.1/i586/libxulrunner-devel-1.9.0.13-0.1mdv2009.1.i586.rpm 8388761cf3518803db13cbf028521ce1 2009.1/i586/libxulrunner-unstable-devel-1.9.0.13-0.1mdv2009.1.i586.rpm 24243e8c675f466359226df4c589c903 2009.1/i586/mozilla-plugin-opensc-0.11.7-1.5mdv2009.1.i586.rpm eb3ae0e067ab54672cf2e8892ebefcbf 2009.1/i586/mozilla-thunderbird-beagle-0.3.9-9.5mdv2009.1.i586.rpm 3a91f9218bc8888973d17767555d8aa8 2009.1/i586/opensc-0.11.7-1.5mdv2009.1.i586.rpm 4d47048da6df8491bf219ec1dc2341fb 2009.1/i586/python-xpcom-1.9.0.13-0.1mdv2009.1.i586.rpm fd9a9580bbcf6d01f1fb4eb7ded635d0 2009.1/i586/xulrunner-1.9.0.13-0.1mdv2009.1.i586.rpm 19e0b9f555a7fd853e3e918343f2755d 2009.1/i586/yelp-2.26.0-3.3mdv2009.1.i586.rpm 4b81a86a1e6899c89ae1486fcbb86628 2009.1/SRPMS/beagle-0.3.9-9.5mdv2009.1.src.rpm e7b0518fbe0ac96dd8b2442811e87fb8 2009.1/SRPMS/epiphany-2.26.1-1.4mdv2009.1.src.rpm ab72543a864d87dcdadfaf0735df2ad8 2009.1/SRPMS/firefox-3.0.13-0.1mdv2009.1.src.rpm 803dc5963a371c3cd93d5b041e61517e 2009.1/SRPMS/firefox-ext-blogrovr-1.1.798-2.4mdv2009.1.src.rpm cb312b7248767df895bb1a9799a8b4e5 2009.1/SRPMS/firefox-ext-foxmarks-2.7.2-2.4mdv2009.1.src.rpm 2f5ee33b4f773bf28e6cff4615e8ee99 2009.1/SRPMS/firefox-ext-mozvoikko-0.9.6-2.4mdv2009.1.src.rpm 5bf3c44ddae5c7f7e316c1b79848e467 2009.1/SRPMS/firefox-ext-r-kiosk-0.7.2-2.4mdv2009.1.src.rpm 536db2daa3eefb15ecf3e587b5b28d91 2009.1/SRPMS/firefox-ext-scribefire-3.2.3-2.4mdv2009.1.src.rpm 820ce9b52392e98afefbb32f71c3cb44 2009.1/SRPMS/firefox-l10n-3.0.13-0.1mdv2009.1.src.rpm 59a1a2a272519d64250b6a6b8117288d 2009.1/SRPMS/firefox-theme-kde4ff-0.14-9.4mdv2009.1.src.rpm 349873828757e34b2b879ca615ceb710 2009.1/SRPMS/gnome-python-extras-2.25.3-3.4mdv2009.1.src.rpm e6a69f74f8562a5ed2fadd657f1dbb5f 2009.1/SRPMS/google-gadgets-0.10.5-8.4mdv2009.1.src.rpm 9e70f8d84d73da9179272d73f0ac1c8b 2009.1/SRPMS/opensc-0.11.7-1.5mdv2009.1.src.rpm a63e73d97a4c3ea86a0d976f9ba58d3c 2009.1/SRPMS/xulrunner-1.9.0.13-0.1mdv2009.1.src.rpm dae5e8bda38497ac3ae4f0ced05d7dd6 2009.1/SRPMS/yelp-2.26.0-3.3mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: c36d9f1acf48047279e896bb634d234b 2009.1/x86_64/beagle-0.3.9-9.5mdv2009.1.x86_64.rpm 5c95ae3cbbcf85f090fb9d0c1938d9ed 2009.1/x86_64/beagle-crawl-system-0.3.9-9.5mdv2009.1.x86_64.rpm 1840f428bb5e0dd7838d296efcb71e77 2009.1/x86_64/beagle-doc-0.3.9-9.5mdv2009.1.x86_64.rpm 4c721f370cea219bbe25aa38598c4e69 2009.1/x86_64/beagle-epiphany-0.3.9-9.5mdv2009.1.x86_64.rpm 9599ffa8713db93a3033b679587f3226 2009.1/x86_64/beagle-evolution-0.3.9-9.5mdv2009.1.x86_64.rpm 7482b55f0cad37b471a1cef5bd23c0e3 2009.1/x86_64/beagle-gui-0.3.9-9.5mdv2009.1.x86_64.rpm d050dd673c46bae92e5fec2f1bca03db 2009.1/x86_64/beagle-gui-qt-0.3.9-9.5mdv2009.1.x86_64.rpm bfd296ac1df14f1117709f22255af179 2009.1/x86_64/beagle-libs-0.3.9-9.5mdv2009.1.x86_64.rpm d98c5888135b45e638be7f2023014e1b 2009.1/x86_64/epiphany-2.26.1-1.4mdv2009.1.x86_64.rpm 1133129e7e311d8f17cf5e6a398f2361 2009.1/x86_64/epiphany-devel-2.26.1-1.4mdv2009.1.x86_64.rpm 47ebfc1eaecfb21fb64b76f5cff01bba 2009.1/x86_64/firefox-3.0.13-0.1mdv2009.1.x86_64.rpm 47450b56105eb661b4d5e764b92c4848 2009.1/x86_64/firefox-af-3.0.13-0.1mdv2009.1.x86_64.rpm acc8619b4a5ff7e07ca9e776671ab2df 2009.1/x86_64/firefox-ar-3.0.13-0.1mdv2009.1.x86_64.rpm 5aebde9a362c79ede6fb6d0e1290f61e 2009.1/x86_64/firefox-be-3.0.13-0.1mdv2009.1.x86_64.rpm d9f1967bf000028b89893b6aef966b89 2009.1/x86_64/firefox-bg-3.0.13-0.1mdv2009.1.x86_64.rpm ac21174d256d9d047ba8f76881543bb2 2009.1/x86_64/firefox-bn-3.0.13-0.1mdv2009.1.x86_64.rpm 18b756689eade8271ee8dc7899230a16 2009.1/x86_64/firefox-ca-3.0.13-0.1mdv2009.1.x86_64.rpm 0f57aaff5ccde5dfa661a90813d547db 2009.1/x86_64/firefox-cs-3.0.13-0.1mdv2009.1.x86_64.rpm 2252fa9007f0fc6a94d7a9438872afd3 2009.1/x86_64/firefox-cy-3.0.13-0.1mdv2009.1.x86_64.rpm 44f20e0a30f4cf16236838f9aa1f88d0 2009.1/x86_64/firefox-da-3.0.13-0.1mdv2009.1.x86_64.rpm 59c66733cf61d58d73fb9b5f41b57920 2009.1/x86_64/firefox-de-3.0.13-0.1mdv2009.1.x86_64.rpm 04100565176011d7150d3c087bb215df 2009.1/x86_64/firefox-el-3.0.13-0.1mdv2009.1.x86_64.rpm 5367a69056711c90e873e28472f0b19a 2009.1/x86_64/firefox-en_GB-3.0.13-0.1mdv2009.1.x86_64.rpm 1230d78f22b979b5e7fee7cf4b18fce7 2009.1/x86_64/firefox-eo-3.0.13-0.1mdv2009.1.x86_64.rpm a8db004ce04338e0c8716d1a01ddcbbd 2009.1/x86_64/firefox-es_AR-3.0.13-0.1mdv2009.1.x86_64.rpm ca48f0d5c7707c5ca05b11814d0bbaa0 2009.1/x86_64/firefox-es_ES-3.0.13-0.1mdv2009.1.x86_64.rpm 942cf5ccd3d19a908f4d7da8371687c0 2009.1/x86_64/firefox-et-3.0.13-0.1mdv2009.1.x86_64.rpm 9cd2adde1f16c9c22a9ba8067da07833 2009.1/x86_64/firefox-eu-3.0.13-0.1mdv2009.1.x86_64.rpm 108d71c9ddaffbe3377c8110fd01455a 2009.1/x86_64/firefox-ext-beagle-0.3.9-9.5mdv2009.1.x86_64.rpm 940d1c80f9b8067634b2db20a6b4b442 2009.1/x86_64/firefox-ext-blogrovr-1.1.798-2.4mdv2009.1.x86_64.rpm ea3df4f56d5f7f04ed9bbd152b4b64e5 2009.1/x86_64/firefox-ext-foxmarks-2.7.2-2.4mdv2009.1.x86_64.rpm 2632aec22bb53583910e897e2a1cacb6 2009.1/x86_64/firefox-ext-mozvoikko-0.9.6-2.4mdv2009.1.x86_64.rpm 30a0d66124cd861aa9bad4d4667e2b0a 2009.1/x86_64/firefox-ext-r-kiosk-0.7.2-2.4mdv2009.1.x86_64.rpm d5e04c94a1c8c01b8524e88d1259426d 2009.1/x86_64/firefox-ext-scribefire-3.2.3-2.4mdv2009.1.x86_64.rpm ecfc78bb13ab5ba6cefe133f3af7b241 2009.1/x86_64/firefox-fi-3.0.13-0.1mdv2009.1.x86_64.rpm 744885d5ef6ddffc01cfd649aa78446c 2009.1/x86_64/firefox-fr-3.0.13-0.1mdv2009.1.x86_64.rpm f86420b3088e2f9e831a8f2942c80e20 2009.1/x86_64/firefox-fy-3.0.13-0.1mdv2009.1.x86_64.rpm f1e47c1c525deae51ca515bc54b191d9 2009.1/x86_64/firefox-ga_IE-3.0.13-0.1mdv2009.1.x86_64.rpm 1c9a4cf0086a2a73273dc2527146996b 2009.1/x86_64/firefox-gl-3.0.13-0.1mdv2009.1.x86_64.rpm 02181f2c28803c2f16f1a3e3b7fb02d8 2009.1/x86_64/firefox-gu_IN-3.0.13-0.1mdv2009.1.x86_64.rpm 0d1f95ef27e7e0e4c91de3edf3fca42b 2009.1/x86_64/firefox-he-3.0.13-0.1mdv2009.1.x86_64.rpm cd404a74b0208aa6ed34aa267655909b 2009.1/x86_64/firefox-hi-3.0.13-0.1mdv2009.1.x86_64.rpm a2b6ae88c22fa0c6120fb08181880318 2009.1/x86_64/firefox-hu-3.0.13-0.1mdv2009.1.x86_64.rpm aa85d9b9afa4feddc6af9811caa5fe50 2009.1/x86_64/firefox-id-3.0.13-0.1mdv2009.1.x86_64.rpm e4bcf07136d1d4446dd61696fc639ef6 2009.1/x86_64/firefox-is-3.0.13-0.1mdv2009.1.x86_64.rpm b13bc89dcc3301215f990fafcb90bc32 2009.1/x86_64/firefox-it-3.0.13-0.1mdv2009.1.x86_64.rpm 4f22348d1ea02fb96c2f1cc8ee36e80e 2009.1/x86_64/firefox-ja-3.0.13-0.1mdv2009.1.x86_64.rpm 8a96165ab90b3055d625c95a3ccdc68e 2009.1/x86_64/firefox-ka-3.0.13-0.1mdv2009.1.x86_64.rpm 628bcfa94c5c11aa37a118ef6a3350cc 2009.1/x86_64/firefox-kn-3.0.13-0.1mdv2009.1.x86_64.rpm 7ade9a53e95fd05ce83a284168ce2170 2009.1/x86_64/firefox-ko-3.0.13-0.1mdv2009.1.x86_64.rpm bdfc5c720a9bbb1cb9578359d979465b 2009.1/x86_64/firefox-ku-3.0.13-0.1mdv2009.1.x86_64.rpm bd64b864d9c981c33fcd81c41c91cf7d 2009.1/x86_64/firefox-lt-3.0.13-0.1mdv2009.1.x86_64.rpm f9660b30a3eb579bbd89be4dc71a76a6 2009.1/x86_64/firefox-lv-3.0.13-0.1mdv2009.1.x86_64.rpm 709c8e7f32d9d49f600e5f05c1f87d1a 2009.1/x86_64/firefox-mk-3.0.13-0.1mdv2009.1.x86_64.rpm 0c7a1a138e579900d145b87917f6b2a2 2009.1/x86_64/firefox-mn-3.0.13-0.1mdv2009.1.x86_64.rpm b677a6c74468be431570a44903ee8fa4 2009.1/x86_64/firefox-mr-3.0.13-0.1mdv2009.1.x86_64.rpm daaa3e466eab6167abea639cae3ebce6 2009.1/x86_64/firefox-nb_NO-3.0.13-0.1mdv2009.1.x86_64.rpm 1d964b69189c384f5a3c0960ee18b41e 2009.1/x86_64/firefox-nl-3.0.13-0.1mdv2009.1.x86_64.rpm d8fa342c4dfb6a2722ec9effcdcf3aa9 2009.1/x86_64/firefox-nn_NO-3.0.13-0.1mdv2009.1.x86_64.rpm 4d90ce7edd695f4499767ef71b129299 2009.1/x86_64/firefox-oc-3.0.13-0.1mdv2009.1.x86_64.rpm 0b9c151cd2c230af2bed817e1b644cab 2009.1/x86_64/firefox-pa_IN-3.0.13-0.1mdv2009.1.x86_64.rpm 19a26cf9c2a70c76e05cf8fee3470ba5 2009.1/x86_64/firefox-pl-3.0.13-0.1mdv2009.1.x86_64.rpm fe317964bd37486cd999dd3cfb04c520 2009.1/x86_64/firefox-pt_BR-3.0.13-0.1mdv2009.1.x86_64.rpm e2c5c97577af742a1416831bc43cb8f7 2009.1/x86_64/firefox-pt_PT-3.0.13-0.1mdv2009.1.x86_64.rpm f1f461aec3657b71b9ed4a5b4692b930 2009.1/x86_64/firefox-ro-3.0.13-0.1mdv2009.1.x86_64.rpm 09ecf09a2b59d569ecaaeed9a3146dee 2009.1/x86_64/firefox-ru-3.0.13-0.1mdv2009.1.x86_64.rpm bc2d376efedecbc89074ae581aa87275 2009.1/x86_64/firefox-si-3.0.13-0.1mdv2009.1.x86_64.rpm cec08f9dacf531d7dda18315216db705 2009.1/x86_64/firefox-sk-3.0.13-0.1mdv2009.1.x86_64.rpm 00c555b74e28addb4c5dc3edcfdee68e 2009.1/x86_64/firefox-sl-3.0.13-0.1mdv2009.1.x86_64.rpm 452f32a5e4dc4b3bd170b0fd1f2da034 2009.1/x86_64/firefox-sq-3.0.13-0.1mdv2009.1.x86_64.rpm ff77e5234ba14c18c8cf97b0ce864300 2009.1/x86_64/firefox-sr-3.0.13-0.1mdv2009.1.x86_64.rpm 17ba1ede71f4bb9b12b54a0325207abf 2009.1/x86_64/firefox-sv_SE-3.0.13-0.1mdv2009.1.x86_64.rpm 7ce4fc40ac9f173d156f94fce6e334a4 2009.1/x86_64/firefox-te-3.0.13-0.1mdv2009.1.x86_64.rpm 64495f1b732da002632b16c402c6b289 2009.1/x86_64/firefox-th-3.0.13-0.1mdv2009.1.x86_64.rpm db3a4f8fc0c4b7eab23fa30d92b6b626 2009.1/x86_64/firefox-theme-kde4ff-0.14-9.4mdv2009.1.x86_64.rpm dc2098a10b0fb76849d3127ec5be3fdf 2009.1/x86_64/firefox-tr-3.0.13-0.1mdv2009.1.x86_64.rpm 8060c3319d3ddc294dd23ad96b0dddce 2009.1/x86_64/firefox-uk-3.0.13-0.1mdv2009.1.x86_64.rpm 093a18263fd0b5e8a249ba3ae309d033 2009.1/x86_64/firefox-zh_CN-3.0.13-0.1mdv2009.1.x86_64.rpm 98141646609afd7b4e0d775c6a43c2d6 2009.1/x86_64/firefox-zh_TW-3.0.13-0.1mdv2009.1.x86_64.rpm a1310aa2ad1069c9b334e924856c4aba 2009.1/x86_64/gnome-python-extras-2.25.3-3.4mdv2009.1.x86_64.rpm eaf634e01b450fef9569c5c960b2c95f 2009.1/x86_64/gnome-python-gda-2.25.3-3.4mdv2009.1.x86_64.rpm 2ec8ab29ff1f49582d4f56b8c92440f0 2009.1/x86_64/gnome-python-gda-devel-2.25.3-3.4mdv2009.1.x86_64.rpm acec5c9b14df2b10f9df47df0803c6e8 2009.1/x86_64/gnome-python-gdl-2.25.3-3.4mdv2009.1.x86_64.rpm 68bbcfe7d270dd49b7e550be197c775b 2009.1/x86_64/gnome-python-gtkhtml2-2.25.3-3.4mdv2009.1.x86_64.rpm b9cd18d7efd34c9775be4b742a7e37a2 2009.1/x86_64/gnome-python-gtkmozembed-2.25.3-3.4mdv2009.1.x86_64.rpm 72d4f8e53f8a4cf8ed418e387ab320dd 2009.1/x86_64/gnome-python-gtkspell-2.25.3-3.4mdv2009.1.x86_64.rpm 30d58bb6680778587ee80dcfaa935c20 2009.1/x86_64/google-gadgets-common-0.10.5-8.4mdv2009.1.x86_64.rpm 2185d6144593d136ce92db2435cce190 2009.1/x86_64/google-gadgets-gtk-0.10.5-8.4mdv2009.1.x86_64.rpm 8cbbc63875d035a089fc83e6139fa745 2009.1/x86_64/google-gadgets-qt-0.10.5-8.4mdv2009.1.x86_64.rpm 350d36d5c4dcec349eea1c4babb82075 2009.1/x86_64/google-gadgets-xul-0.10.5-8.4mdv2009.1.x86_64.rpm b154ed291a0d28708d0122953bf6f7c3 2009.1/x86_64/lib64ggadget1.0_0-0.10.5-8.4mdv2009.1.x86_64.rpm 62883fed1843c556659b681ccaedbaf7 2009.1/x86_64/lib64ggadget-gtk1.0_0-0.10.5-8.4mdv2009.1.x86_64.rpm c04399358f39bea011b70516b53c77f3 2009.1/x86_64/lib64ggadget-qt1.0_0-0.10.5-8.4mdv2009.1.x86_64.rpm 681cf0d9f283b53c2d9d2063695d3863 2009.1/x86_64/lib64google-gadgets-devel-0.10.5-8.4mdv2009.1.x86_64.rpm 014d1c2c8f128d9bff62c0dc1950fa6e 2009.1/x86_64/lib64opensc2-0.11.7-1.5mdv2009.1.x86_64.rpm 5833b0c82ae72fa9dd86fae661496fdc 2009.1/x86_64/lib64opensc-devel-0.11.7-1.5mdv2009.1.x86_64.rpm 5860961f66479a8a3d53d25b2f60e92c 2009.1/x86_64/lib64xulrunner1.9-1.9.0.13-0.1mdv2009.1.x86_64.rpm e1e06188cc7a6784d9a2542c21389e44 2009.1/x86_64/lib64xulrunner-devel-1.9.0.13-0.1mdv2009.1.x86_64.rpm c245b2dfa3c671353719224d8ca4529f 2009.1/x86_64/lib64xulrunner-unstable-devel-1.9.0.13-0.1mdv2009.1.x86_64.rpm 06c9d38b4830a69f5396d3bb75132e46 2009.1/x86_64/mozilla-plugin-opensc-0.11.7-1.5mdv2009.1.x86_64.rpm 35b409ded01fb0eb7d025351b9d2bf32 2009.1/x86_64/mozilla-thunderbird-beagle-0.3.9-9.5mdv2009.1.x86_64.rpm ce9a6dd2cb27352e5567f0b07706ec0d 2009.1/x86_64/opensc-0.11.7-1.5mdv2009.1.x86_64.rpm c0a59d0e57cf7d0446b89a7f60053b62 2009.1/x86_64/python-xpcom-1.9.0.13-0.1mdv2009.1.x86_64.rpm e2a2058629df60177dd44c31f01a7610 2009.1/x86_64/xulrunner-1.9.0.13-0.1mdv2009.1.x86_64.rpm 90bc8f01bbb02ea3684fae73d0724cee 2009.1/x86_64/yelp-2.26.0-3.3mdv2009.1.x86_64.rpm 4b81a86a1e6899c89ae1486fcbb86628 2009.1/SRPMS/beagle-0.3.9-9.5mdv2009.1.src.rpm e7b0518fbe0ac96dd8b2442811e87fb8 2009.1/SRPMS/epiphany-2.26.1-1.4mdv2009.1.src.rpm ab72543a864d87dcdadfaf0735df2ad8 2009.1/SRPMS/firefox-3.0.13-0.1mdv2009.1.src.rpm 803dc5963a371c3cd93d5b041e61517e 2009.1/SRPMS/firefox-ext-blogrovr-1.1.798-2.4mdv2009.1.src.rpm cb312b7248767df895bb1a9799a8b4e5 2009.1/SRPMS/firefox-ext-foxmarks-2.7.2-2.4mdv2009.1.src.rpm 2f5ee33b4f773bf28e6cff4615e8ee99 2009.1/SRPMS/firefox-ext-mozvoikko-0.9.6-2.4mdv2009.1.src.rpm 5bf3c44ddae5c7f7e316c1b79848e467 2009.1/SRPMS/firefox-ext-r-kiosk-0.7.2-2.4mdv2009.1.src.rpm 536db2daa3eefb15ecf3e587b5b28d91 2009.1/SRPMS/firefox-ext-scribefire-3.2.3-2.4mdv2009.1.src.rpm 820ce9b52392e98afefbb32f71c3cb44 2009.1/SRPMS/firefox-l10n-3.0.13-0.1mdv2009.1.src.rpm 59a1a2a272519d64250b6a6b8117288d 2009.1/SRPMS/firefox-theme-kde4ff-0.14-9.4mdv2009.1.src.rpm 349873828757e34b2b879ca615ceb710 2009.1/SRPMS/gnome-python-extras-2.25.3-3.4mdv2009.1.src.rpm e6a69f74f8562a5ed2fadd657f1dbb5f 2009.1/SRPMS/google-gadgets-0.10.5-8.4mdv2009.1.src.rpm 9e70f8d84d73da9179272d73f0ac1c8b 2009.1/SRPMS/opensc-0.11.7-1.5mdv2009.1.src.rpm a63e73d97a4c3ea86a0d976f9ba58d3c 2009.1/SRPMS/xulrunner-1.9.0.13-0.1mdv2009.1.src.rpm dae5e8bda38497ac3ae4f0ced05d7dd6 2009.1/SRPMS/yelp-2.26.0-3.3mdv2009.1.src.rpm Mandriva Enterprise Server 5: 68ce74618320a30cfdfe2d4063d5418e mes5/i586/firefox-3.0.13-0.1mdvmes5.i586.rpm 6d43b355dba55dd1af55e9cc713f0605 mes5/i586/firefox-af-3.0.13-0.1mdvmes5.i586.rpm 7d1f2c0b1f9151e2075c0c36d907fa00 mes5/i586/firefox-ar-3.0.13-0.1mdvmes5.i586.rpm 3988712bafbab7d137996404484cde30 mes5/i586/firefox-be-3.0.13-0.1mdvmes5.i586.rpm 593ee45262bec9390b221c02d8ee8864 mes5/i586/firefox-bg-3.0.13-0.1mdvmes5.i586.rpm 3567bb9057794aaf470d5d766a75bae0 mes5/i586/firefox-bn-3.0.13-0.1mdvmes5.i586.rpm 4f694f127521b4cddc19f0f50a3be63d mes5/i586/firefox-ca-3.0.13-0.1mdvmes5.i586.rpm cd04a5a66a2670f908fcb511d9a9821c mes5/i586/firefox-cs-3.0.13-0.1mdvmes5.i586.rpm 44eb4f6361c6645057f941e6e1ca43b4 mes5/i586/firefox-cy-3.0.13-0.1mdvmes5.i586.rpm f748608e0c7e1b5b382889af5a540012 mes5/i586/firefox-da-3.0.13-0.1mdvmes5.i586.rpm c1afbf2462632580e10beedf00ef4e23 mes5/i586/firefox-de-3.0.13-0.1mdvmes5.i586.rpm f55d0c036d9c84a9324ee618946810c0 mes5/i586/firefox-el-3.0.13-0.1mdvmes5.i586.rpm f51244caf9b6b71e6fc3c23cae421abf mes5/i586/firefox-en_GB-3.0.13-0.1mdvmes5.i586.rpm 2a4eccef20f00eceacce64a64327e5c6 mes5/i586/firefox-eo-3.0.13-0.1mdvmes5.i586.rpm 76e3121e28b5b223aaeb314a1bb30d03 mes5/i586/firefox-es_AR-3.0.13-0.1mdvmes5.i586.rpm f6f773cb3c0dfdea56f7cb1d1b02690d mes5/i586/firefox-es_ES-3.0.13-0.1mdvmes5.i586.rpm b41e4d171aba9ee620fe9987fee705f3 mes5/i586/firefox-et-3.0.13-0.1mdvmes5.i586.rpm f608df3e51d71887c42ee383a4a42de6 mes5/i586/firefox-eu-3.0.13-0.1mdvmes5.i586.rpm b246f92f226918d0bdb94cea1eb36040 mes5/i586/firefox-fi-3.0.13-0.1mdvmes5.i586.rpm 0731bc1f06c6d11892dfd0d6390fe2c8 mes5/i586/firefox-fr-3.0.13-0.1mdvmes5.i586.rpm aa6c29bb715d24c7408f9b87cdbb6a8c mes5/i586/firefox-fy-3.0.13-0.1mdvmes5.i586.rpm 748f49cefa5cbad391825aca290d3c66 mes5/i586/firefox-ga_IE-3.0.13-0.1mdvmes5.i586.rpm 372e5844c83e30bd4f7166c43963cc07 mes5/i586/firefox-gl-3.0.13-0.1mdvmes5.i586.rpm a5dd5f6079e40de2c1f802e249d5e591 mes5/i586/firefox-gu_IN-3.0.13-0.1mdvmes5.i586.rpm a35f66c748bc656e3e372eda1b167030 mes5/i586/firefox-he-3.0.13-0.1mdvmes5.i586.rpm 448a23e0530358423527c5b802c6c8ae mes5/i586/firefox-hi-3.0.13-0.1mdvmes5.i586.rpm d387c02975f83f8dfe12eb4c52b0a331 mes5/i586/firefox-hu-3.0.13-0.1mdvmes5.i586.rpm 1cd59afe967658f2b423539334c3ce61 mes5/i586/firefox-id-3.0.13-0.1mdvmes5.i586.rpm 444267bd6f7274c59dd179f59e618753 mes5/i586/firefox-is-3.0.13-0.1mdvmes5.i586.rpm e5879fdc064e5e35eb89514ed3188eb7 mes5/i586/firefox-it-3.0.13-0.1mdvmes5.i586.rpm 022dfc09d80f3faf5557449828e1b15f mes5/i586/firefox-ja-3.0.13-0.1mdvmes5.i586.rpm 49f516c1985e8e177025ab0682bfc2ef mes5/i586/firefox-ka-3.0.13-0.1mdvmes5.i586.rpm c98f30efb698ee50e0754338feced95e mes5/i586/firefox-kn-3.0.13-0.1mdvmes5.i586.rpm 3a3f75d10a4a6149eefa8835e32a548c mes5/i586/firefox-ko-3.0.13-0.1mdvmes5.i586.rpm 53f1afe28e0cdf504819ca0d58bc1b76 mes5/i586/firefox-ku-3.0.13-0.1mdvmes5.i586.rpm b15b9c778a7476304cd9659a3435529e mes5/i586/firefox-lt-3.0.13-0.1mdvmes5.i586.rpm c2a743444a51e06b3aa079c7edc01564 mes5/i586/firefox-lv-3.0.13-0.1mdvmes5.i586.rpm 75bf88f7f10a7a5b893bc3e71da9ca40 mes5/i586/firefox-mk-3.0.13-0.1mdvmes5.i586.rpm b746223c11dde362ae707dc984a7d5b0 mes5/i586/firefox-mn-3.0.13-0.1mdvmes5.i586.rpm 71fb9f66d6eb6bf426c4bdddaa039aa7 mes5/i586/firefox-mr-3.0.13-0.1mdvmes5.i586.rpm dd91665a870035058d8cac9f68b9d0c1 mes5/i586/firefox-nb_NO-3.0.13-0.1mdvmes5.i586.rpm 5ae1128299337783f6f3f29a28cf92a3 mes5/i586/firefox-nl-3.0.13-0.1mdvmes5.i586.rpm 74c75652327d9b02ca55cae7e45552b9 mes5/i586/firefox-nn_NO-3.0.13-0.1mdvmes5.i586.rpm 91abc0e9b5150d18fde15c3dbfda86f4 mes5/i586/firefox-oc-3.0.13-0.1mdvmes5.i586.rpm 1537934527c0ea2bfba002c439406ae8 mes5/i586/firefox-pa_IN-3.0.13-0.1mdvmes5.i586.rpm 2d869ba32910994884254f480b03024f mes5/i586/firefox-pl-3.0.13-0.1mdvmes5.i586.rpm 1ba3ede9924e9dc6a6638392d91f99cc mes5/i586/firefox-pt_BR-3.0.13-0.1mdvmes5.i586.rpm 26afeb86b4504a69f94b94e682f10673 mes5/i586/firefox-pt_PT-3.0.13-0.1mdvmes5.i586.rpm 62d639de32fef65aef8570c51276cb94 mes5/i586/firefox-ro-3.0.13-0.1mdvmes5.i586.rpm 0d3b10dc73e079018344d44832438ea8 mes5/i586/firefox-ru-3.0.13-0.1mdvmes5.i586.rpm 32a5aaeaf848da9aa7faba6f9d9f0289 mes5/i586/firefox-si-3.0.13-0.1mdvmes5.i586.rpm ce70f29874f44b4117a33d57800df5aa mes5/i586/firefox-sk-3.0.13-0.1mdvmes5.i586.rpm e81efac5f94ee35764a11df872d0290c mes5/i586/firefox-sl-3.0.13-0.1mdvmes5.i586.rpm 969c7c1522c5373afb1eecf406d6c260 mes5/i586/firefox-sq-3.0.13-0.1mdvmes5.i586.rpm 4ed22d07ae67fc6485485af042cd8343 mes5/i586/firefox-sr-3.0.13-0.1mdvmes5.i586.rpm c6d4137d25e4fa72095344462a65bdd7 mes5/i586/firefox-sv_SE-3.0.13-0.1mdvmes5.i586.rpm 2341ba79e4cb97d9d60468dbf830d2fb mes5/i586/firefox-te-3.0.13-0.1mdvmes5.i586.rpm f34c9a0a4688eac1cc5751c6cc5cac0d mes5/i586/firefox-th-3.0.13-0.1mdvmes5.i586.rpm 65d9f18cb1102f84c24ae0582cd4fa52 mes5/i586/firefox-tr-3.0.13-0.1mdvmes5.i586.rpm 82d53b480119bd4a7f99c5f15c03021a mes5/i586/firefox-uk-3.0.13-0.1mdvmes5.i586.rpm 942142b433ac41efcfac98a6284b6df1 mes5/i586/firefox-zh_CN-3.0.13-0.1mdvmes5.i586.rpm c13f0e4ff2b0454c0f039fb4d9e1b906 mes5/i586/firefox-zh_TW-3.0.13-0.1mdvmes5.i586.rpm 28a317a81524e49dae66c679e071c7dc mes5/i586/libxulrunner1.9-1.9.0.13-0.1mdvmes5.i586.rpm f2fee170073833e92e05a1773fd7f79a mes5/i586/libxulrunner-devel-1.9.0.13-0.1mdvmes5.i586.rpm ee14bbfaa18e70c6e84ef4ef052f5518 mes5/i586/libxulrunner-unstable-devel-1.9.0.13-0.1mdvmes5.i586.rpm f2cefcf568fb77cd7e9e57dad40643dc mes5/i586/xulrunner-1.9.0.13-0.1mdvmes5.i586.rpm af4d5ee43a7579e733e45b133525e7fe mes5/i586/yelp-2.24.0-3.9mdvmes5.i586.rpm 54c88c47e7001adc96f31678d4ed6d2a mes5/SRPMS/firefox-3.0.13-0.1mdvmes5.src.rpm 421f32b00b863c91540ca210021a9159 mes5/SRPMS/firefox-l10n-3.0.13-0.1mdvmes5.src.rpm d0e69e53f56c4cebca4bb17ef55817f1 mes5/SRPMS/xulrunner-1.9.0.13-0.1mdvmes5.src.rpm f41846dc047367609060a2772bd0d23b mes5/SRPMS/yelp-2.24.0-3.9mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: e03c3478bf344987f76907e81c291569 mes5/x86_64/firefox-3.0.13-0.1mdvmes5.x86_64.rpm 989de385bb476f7522882541aab3e05f mes5/x86_64/firefox-af-3.0.13-0.1mdvmes5.x86_64.rpm 7b84837d2401a0c7cff4f7481d69578e mes5/x86_64/firefox-ar-3.0.13-0.1mdvmes5.x86_64.rpm 51d077dc8a98838525f9c8614caf7811 mes5/x86_64/firefox-be-3.0.13-0.1mdvmes5.x86_64.rpm 6286b0236105ae18397c4a91d33e439b mes5/x86_64/firefox-bg-3.0.13-0.1mdvmes5.x86_64.rpm 2de1a7bcc7261876eff13fae68b08189 mes5/x86_64/firefox-bn-3.0.13-0.1mdvmes5.x86_64.rpm 1e44ba305a7e68d52647450f8777e213 mes5/x86_64/firefox-ca-3.0.13-0.1mdvmes5.x86_64.rpm ea295a97b2fa4b68bb093627a86d64c9 mes5/x86_64/firefox-cs-3.0.13-0.1mdvmes5.x86_64.rpm 137181dc58e872687e07c05961b3e844 mes5/x86_64/firefox-cy-3.0.13-0.1mdvmes5.x86_64.rpm 0e566afa6fc6039453a07774cb2a8afd mes5/x86_64/firefox-da-3.0.13-0.1mdvmes5.x86_64.rpm 9e0adea3596af1f8f95dcfac4a882aed mes5/x86_64/firefox-de-3.0.13-0.1mdvmes5.x86_64.rpm 007ec7d357e3f92cfc2def7390c5de69 mes5/x86_64/firefox-el-3.0.13-0.1mdvmes5.x86_64.rpm b3cb3fec4847f3950df7c8eb63a30654 mes5/x86_64/firefox-en_GB-3.0.13-0.1mdvmes5.x86_64.rpm dcb54c4aaec8489e2e768ecbda74391d mes5/x86_64/firefox-eo-3.0.13-0.1mdvmes5.x86_64.rpm 35985b7b0d0dee31e04608a0290e9ef6 mes5/x86_64/firefox-es_AR-3.0.13-0.1mdvmes5.x86_64.rpm 6154a855d02f202ce2abec4f24857189 mes5/x86_64/firefox-es_ES-3.0.13-0.1mdvmes5.x86_64.rpm f11f06980dc4911bcecc05daecae10c3 mes5/x86_64/firefox-et-3.0.13-0.1mdvmes5.x86_64.rpm 763ce8174c14f409dddfbd1fdb8aa33a mes5/x86_64/firefox-eu-3.0.13-0.1mdvmes5.x86_64.rpm 8e06f6d02f31cd75a5f0adc2c07b5b79 mes5/x86_64/firefox-fi-3.0.13-0.1mdvmes5.x86_64.rpm 91a7e39c750b5f13621a6e28026a9a29 mes5/x86_64/firefox-fr-3.0.13-0.1mdvmes5.x86_64.rpm a42546e8023cc76b9fa20197b4c8d879 mes5/x86_64/firefox-fy-3.0.13-0.1mdvmes5.x86_64.rpm a5c71261c0569a7ac356cd524bcc8e2b mes5/x86_64/firefox-ga_IE-3.0.13-0.1mdvmes5.x86_64.rpm 9c7bdef8c25b9f8bde7fc23330d9ee56 mes5/x86_64/firefox-gl-3.0.13-0.1mdvmes5.x86_64.rpm 57fc2626a71cd7c30b29bf6f657d8b01 mes5/x86_64/firefox-gu_IN-3.0.13-0.1mdvmes5.x86_64.rpm fdcfc85e77649e447205447fe50c5dfd mes5/x86_64/firefox-he-3.0.13-0.1mdvmes5.x86_64.rpm 8362b8bb5dbdcbfb59c4611329d093cd mes5/x86_64/firefox-hi-3.0.13-0.1mdvmes5.x86_64.rpm dcf7d31040980c688857daae110b0f19 mes5/x86_64/firefox-hu-3.0.13-0.1mdvmes5.x86_64.rpm 0d2b895382a88cb60a1bd85f4998ed6a mes5/x86_64/firefox-id-3.0.13-0.1mdvmes5.x86_64.rpm c76cf1e3e063204dbd7b43cbb2057cba mes5/x86_64/firefox-is-3.0.13-0.1mdvmes5.x86_64.rpm 3bb2be5f72710786bb187716cb6574c1 mes5/x86_64/firefox-it-3.0.13-0.1mdvmes5.x86_64.rpm 70c2a50d16cccd9c3cf9fd8d94239594 mes5/x86_64/firefox-ja-3.0.13-0.1mdvmes5.x86_64.rpm bba8deee10fda2787de3ab64fa4d9a7f mes5/x86_64/firefox-ka-3.0.13-0.1mdvmes5.x86_64.rpm 68b364b3b98f289c7a23f53e221d47e8 mes5/x86_64/firefox-kn-3.0.13-0.1mdvmes5.x86_64.rpm a4f1ae70d33196720fdd44e596603655 mes5/x86_64/firefox-ko-3.0.13-0.1mdvmes5.x86_64.rpm 6346cf41df51d14326568731308532bf mes5/x86_64/firefox-ku-3.0.13-0.1mdvmes5.x86_64.rpm d29a7afa66350e378bf5d3de7f76203f mes5/x86_64/firefox-lt-3.0.13-0.1mdvmes5.x86_64.rpm f0c2b91ae52b0fd6309c13c6aa7dae39 mes5/x86_64/firefox-lv-3.0.13-0.1mdvmes5.x86_64.rpm bf856892d6521c21ee75e1319c78dd34 mes5/x86_64/firefox-mk-3.0.13-0.1mdvmes5.x86_64.rpm ef8ab221b17c2da7b78c6055bb560af4 mes5/x86_64/firefox-mn-3.0.13-0.1mdvmes5.x86_64.rpm 5ef379935bc2943e1ee5b18a6447bbbf mes5/x86_64/firefox-mr-3.0.13-0.1mdvmes5.x86_64.rpm a1aaa61a653132105b4b2f40a2625e4b mes5/x86_64/firefox-nb_NO-3.0.13-0.1mdvmes5.x86_64.rpm 339baf16b41ba0660fde271355a3de7d mes5/x86_64/firefox-nl-3.0.13-0.1mdvmes5.x86_64.rpm c650a19b817d2b8cc1662986ffb04e59 mes5/x86_64/firefox-nn_NO-3.0.13-0.1mdvmes5.x86_64.rpm dc4d96fd6075c6a90b66b477510e179d mes5/x86_64/firefox-oc-3.0.13-0.1mdvmes5.x86_64.rpm 1b3dfa583675569048d1edeefe5c57ea mes5/x86_64/firefox-pa_IN-3.0.13-0.1mdvmes5.x86_64.rpm 8afc2ee811699233cd4d14fb0bb1d296 mes5/x86_64/firefox-pl-3.0.13-0.1mdvmes5.x86_64.rpm d79b9366c1e992a712c5a4f91b5dc786 mes5/x86_64/firefox-pt_BR-3.0.13-0.1mdvmes5.x86_64.rpm fa1f52c44c980cbd5dca80493e6675ee mes5/x86_64/firefox-pt_PT-3.0.13-0.1mdvmes5.x86_64.rpm 2a17cc2687a58a08354a5b10d2d3b852 mes5/x86_64/firefox-ro-3.0.13-0.1mdvmes5.x86_64.rpm 8000f1cb87249be3a0349d04cd4a9eb7 mes5/x86_64/firefox-ru-3.0.13-0.1mdvmes5.x86_64.rpm dad9e02f89bbb0854b275a148c66241c mes5/x86_64/firefox-si-3.0.13-0.1mdvmes5.x86_64.rpm c7d158a23a34629f14020eb5efaaf347 mes5/x86_64/firefox-sk-3.0.13-0.1mdvmes5.x86_64.rpm c8292fb404bbc4fc723583f656074fce mes5/x86_64/firefox-sl-3.0.13-0.1mdvmes5.x86_64.rpm 41706d44a8c609ea2ca0911c8216f9c2 mes5/x86_64/firefox-sq-3.0.13-0.1mdvmes5.x86_64.rpm dd036fccfa39a75f5f2d08c3c8e7348a mes5/x86_64/firefox-sr-3.0.13-0.1mdvmes5.x86_64.rpm f03d90e5417feca4d2fc3f03303023e7 mes5/x86_64/firefox-sv_SE-3.0.13-0.1mdvmes5.x86_64.rpm ee392c1fa9a4d6a286daae882fac30dd mes5/x86_64/firefox-te-3.0.13-0.1mdvmes5.x86_64.rpm e7dbf99e35d5709d2ba79997be5a0d8f mes5/x86_64/firefox-th-3.0.13-0.1mdvmes5.x86_64.rpm 4104f247e2eee44420fe588c2dc73f06 mes5/x86_64/firefox-tr-3.0.13-0.1mdvmes5.x86_64.rpm 9376a1d0cb246a9bf3ddde32d6547c3a mes5/x86_64/firefox-uk-3.0.13-0.1mdvmes5.x86_64.rpm 5e17ce5c19b28d4bf91b9ec4583a435b mes5/x86_64/firefox-zh_CN-3.0.13-0.1mdvmes5.x86_64.rpm b75f0b6f95cd8df522663ff5d5247912 mes5/x86_64/firefox-zh_TW-3.0.13-0.1mdvmes5.x86_64.rpm c22b5e430870d9e46ddf2fc49a3f399a mes5/x86_64/lib64xulrunner1.9-1.9.0.13-0.1mdvmes5.x86_64.rpm 99039eb2e0e34653b4f8a702df3eba28 mes5/x86_64/lib64xulrunner-devel-1.9.0.13-0.1mdvmes5.x86_64.rpm 8f8dc6a09f009108d5e58aed35bc3c88 mes5/x86_64/lib64xulrunner-unstable-devel-1.9.0.13-0.1mdvmes5.x86_64.rpm 64c12a8b37ce470ddeca303330fc759d mes5/x86_64/xulrunner-1.9.0.13-0.1mdvmes5.x86_64.rpm 50e336826d9447ee0a11ac696740f78a mes5/x86_64/yelp-2.24.0-3.9mdvmes5.x86_64.rpm 54c88c47e7001adc96f31678d4ed6d2a mes5/SRPMS/firefox-3.0.13-0.1mdvmes5.src.rpm 421f32b00b863c91540ca210021a9159 mes5/SRPMS/firefox-l10n-3.0.13-0.1mdvmes5.src.rpm d0e69e53f56c4cebca4bb17ef55817f1 mes5/SRPMS/xulrunner-1.9.0.13-0.1mdvmes5.src.rpm f41846dc047367609060a2772bd0d23b mes5/SRPMS/yelp-2.24.0-3.9mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKfHuImqjQ0CJFipgRArnYAJwJ+vTi6q/JO7k6XU42/uknW/nuaQCdH6cE IPsXB9VGzG+N6kDjB1qX6x0= =dRCP -----END PGP SIGNATURE-----
VAR-200907-0062 CVE-2009-1168 Cisco IOS In RFC4893 BGP Service disruption related to routing processing (DoS) Vulnerabilities CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (memory corruption and device reload) by using an RFC4271 peer to send an update with a long series of AS numbers, aka Bug ID CSCsy86021. Cisco IOS is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCsy86021. May trigger memory corruption and crash showing %%Software-forced reload error. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An unspecified error exists in the processing of BGP update messages. constructed from more than 1000 autonomous systems. SOLUTION: Update to a fixed version (please see the vendor advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities Advisory ID: cisco-sa-20090729-bgp http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml Revision: 1.0 ========= For Public Release 2009 July 29 1600 UTC (GMT) Summary ======= Recent versions of Cisco IOS Software support RFC4893 ("BGP Support for Four-octet AS Number Space") and contain two remote denial of service (DoS) vulnerabilities when handling specific Border Gateway Protocol (BGP) updates. These vulnerabilities affect only devices running Cisco IOS Software with support for four-octet AS number space (here after referred to as 4-byte AS number) and BGP routing configured. The first vulnerability could cause an affected device to reload when processing a BGP update that contains autonomous system (AS) path segments made up of more than one thousand autonomous systems. Cisco has released free software updates to address these vulnerabilities. No workarounds are available for the first vulnerability. A workaround is available for the second vulnerability. This advisory is posted at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml Affected Products ================= Vulnerable Products +------------------ These vulnerabilities affect only devices running Cisco IOS and Cisco IOS XE Software (here after both referred to as simply Cisco IOS) with support for RFC4893 and that have been configured for BGP routing. The software table in the section "Software Versions and Fixes" of this advisory indicates all affected Cisco IOS Software versions that have support for RFC4893 and are affected by this vulnerability. A Cisco IOS software version that has support for RFC4893 will allow configuration of AS numbers using 4 Bytes. The following example identifies a Cisco device that has 4 byte AS number support: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#router bgp ? <1-65535> Autonomous system number <1.0-XX.YY> 4 Octets Autonomous system number Or: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#router bgp ? <1-4294967295> Autonomous system number <1.0-XX.YY> Autonomous system number The following example identifies a Cisco device that has 2 byte AS number support: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#router bgp ? <1-65535> Autonomous system number A router that is running the BGP process will contain a line in the configuration that defines the autonomous system number (AS number), which can be seen by issuing the command line interface (CLI) command "show running-config". The canonical textual representation of four byte AS Numbers is standardized by the IETF through RFC5396 (Textual Representation of Autonomous System (AS) Numbers). Two major ways for textual representation have been defined as ASDOT and ASPLAIN. Cisco IOS routers support both textual representations of AS numbers. For further information about textual representation of four byte AS numbers in Cisco IOS Software consult the document "Explaining 4-Byte Autonomous System (AS) ASPLAIN and ASDOT Notation for Cisco IOS" at the following link: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/white_paper_c11_516829.html Cisco IOS Software with support for RFC4893 is affected by both vulnerabilities if BGP routing is configured using either ASPLAIN or ASDOT notation. The following example identifies a Cisco device that is configured for BGP using ASPLAIN notation: router bgp 65536 The following example identifies a Cisco device that is configured for BGP using ASDOT notation: router bgp 1.0 To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L: Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 14:39 by dchih !--- output truncated The following example identifies a Cisco product that is running Cisco IOS Software Release 12.4(20)T with an installed image name of C1841-ADVENTERPRISEK9-M: Router#show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 10-Jul-08 20:25 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS Reference Guide" at the following link: http://www.cisco.com/warp/public/620/1.html Products Confirmed Not Vulnerable +-------------------------------- The following Cisco products are confirmed not vulnerable: * Cisco IOS Software not explicitly mentioned in this Advisory * Cisco IOS XR Software * Cisco IOS NX-OS No other Cisco products are currently known to be affected by this vulnerability. Details ======= RFC4271 has defined an AS number as a two-octet entity in BGP. RFC4893 has defined an AS number as a four-octet entity in BGP. The first vulnerability could cause an affected device to reload when processing a BGP update that contains AS path segments made up of more than one thousand autonomous systems. If an affected 4-byte AS number BGP speaker receives a BGP update from a 2-byte AS number BGP speaker that contains AS path segments made up of more than one thousand autonomous systems, the device may crash with memory corruption, and the error "%%Software-forced reload" will be displayed. The following three conditions are required for successful exploitation of this vulnerability: * Affected Cisco IOS Software device is a 4-byte AS number BGP speaker * BGP peering neighbor is a 2-byte AS number BGP speaker * BGP peering neighbor is capable of sending a BGP update with a series of greater than one thousand AS numbers Note: Note: Cisco IOS, Cisco IOS XE, Cisco NX-OS and Cisco IOS XR Software, as a 2 byte AS number BGP speaker send BGP updates with a maximum of 255 AS numbers. The following three conditions are required for successful exploitation of this vulnerability: * Affected Cisco IOS Software device is a 4-byte AS number BGP speaker * BGP peering neighbor is a 2-byte AS number BGP speaker * BGP peering neighbor is capable of sending a non-RFC compliant crafted BGP update message This vulnerability is documented in Cisco Bug ID CSCta33973 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2009-2049. Further information regarding Cisco support for 4-byte AS number is available in "Cisco IOS BGP 4-Byte ASN Support" at the following link: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/data_sheet_C78-521821.html Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCsy86021: Cisco IOS Software BGP Long AS-path Vulnerability CVSS Base Score - 7.1 Access Vector Network Access Complexity Medium Authentication None Confidentiality Impact None Availability Impact Complete CVSS Temporal Score - 6.7 Exploitability Functional Remediation Level Official-Fix Report Confidence Confirmed CSCta33973: Cisco IOS Software Crafted BGP Update Message Vulnerability CVSS Base Score - 5.4 Access Vector Network Access Complexity High Authentication None Confidentiality Impact None Availability Impact Complete CVSS Temporal Score - 4.5 Exploitability Functional Remediation Level Official-Fix Report Confidence Confirmed Impact ====== Successful exploitation of the vulnerabilities described in this document may result in a reload of the device. The issue could result in repeated exploitation to cause an extended DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Each row of the Cisco IOS software table (below) names a Cisco IOS release train. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |----------+--------------------------------------------------------| | Affected | |Recommended | |12.0-Based| First Fixed Release | Release | | Releases | | | |----------+-------------------------------------------+------------| |12.0 |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0DA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0DB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0DC |Not Vulnerable | | |----------+-------------------------------------------+------------| | |Releases up to and including 12.0(32)S11 | | | |are not vulnerable; first fixed in | | |12.0S |12.0(32)S14; | | | | | | | |Releases up to and including 12.0(33)S2 are| | | |not vulnerable; first fixed in 12.0(33)S5 | | |----------+-------------------------------------------+------------| |12.0SC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0SL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0SP |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0ST |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0SX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0SY |Releases up to and including 12.0(32)SY7 |12.0(32)SY10| | |are not vulnerable; first fixed in | | | |12.0(32)SY9a. | | |----------+-------------------------------------------+------------| |12.0SZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0T |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0W |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0WC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0WT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0WX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XI |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XN |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XS |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XW |Not Vulnerable | | |----------+-------------------------------------------+------------| | Affected | |Recommended | |12.1-Based| First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.1 based releases | |-------------------------------------------------------------------| | Affected | |Recommended | |12.2-Based| First Fixed Release | Release | | Releases | | | |----------+-------------------------------------------+------------| |12.2 |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2B |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2CX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2CY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2CZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2DA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2DD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2DX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EWA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2FX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2FY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2FZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IRA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IRB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IRC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2JA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2JK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2MB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2MC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2S |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SBC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SCA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SCB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SED |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SGA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SO |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SRA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SRB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SRC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SRD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2STE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SU |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SVA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SVC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SVD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SVE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXH |Not Vulnerable | | |----------+-------------------------------------------+------------| | |Releases up to and including 12.2(33)SXI | | |12.2SXI |are not vulnerable; CSCsy86021 first fixed | | | |in 12.2(33)SXI2; CSCta33973 first fixed in | | | |12.2(33)SXI3 | | |----------+-------------------------------------------+------------| |12.2SY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2T |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2TPC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XI |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XN |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XNA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XNB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XNC |12.2(33)XNC2 | | |----------+-------------------------------------------+------------| |12.2XND |12.2(33)XND1; available 25th August 2009 | | |----------+-------------------------------------------+------------| |12.2XO |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XS |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XU |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YN |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YO |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YP |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YS |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YU |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZP |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZU |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZYA |Not Vulnerable | | |----------+-------------------------------------------+------------| | Affected | |Recommended | |12.3-Based| First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.3 based releases | |-------------------------------------------------------------------| | Affected | |Recommended | |12.4-Based| First Fixed Release | Release | | Releases | | | |----------+-------------------------------------------+------------| |12.4 |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JDA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JDC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JDD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JMA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JMB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4MD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4MDA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4MR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4SW |Not Vulnerable | | |----------+-------------------------------------------+------------| | |Releases up to 12.4(24)T are not | | |12.4T |vulnerable; first fixed in 12.4(24)T2 | | | |available on 23-Oct-2009 | | |----------+-------------------------------------------+------------| |12.4XA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XN |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XP |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4YA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4YB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4YD |Not Vulnerable | | +-------------------------------------------------------------------+ Cisco IOS XE Release Table +------------------------- +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |----------+--------------------------------------------------------| | Affected | | | 2.1 | There are no affected 2.1 based releases | | Releases | | |----------+--------------------------------------------------------| | Affected | | | 2.2 | There are no affected 2.2 based releases | | Releases | | |----------+--------------------------------------------------------| | Affected | Releases up to and including 2.3.1t are vulnerable; | | 2.3 | First fixed in 2.3.2 | | Releases | | |----------+--------------------------------------------------------+ | Affected | Releases up to and including 2.4.0 are vulnerable; | | 2.4 | First fixed in 2.4.1, available 25th August 2009 | | Releases | | +----------+--------------------------------------------------------+ Workarounds =========== For the first vulnerability, there are no workarounds on the affected device. Neighbors could be configured to discard routes that have more than one thousand AS numbers in the AS-path segments. This configuration will help prevent the further propagation of BGP updates with the AS path segments made up of greater than one thousand AS numbers. Note: Configuring "bgp maxas-limit [value]" on the affected device does not mitigate this vulnerability. For the second vulnerability, configuring "bgp maxas-limit [value]" on the affected device does mitigate this vulnerability. Cisco is recommends using a conservative value of 100 to mitigate this vulnerability. Consult the document "Protecting Border Gateway Protocol for the Enterprise" at the following link for additional best practices on protecting BGP infrastructures: http://www.cisco.com/web/about/security/intelligence/protecting_bgp.html Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of malicious exploitation of either of these vulnerabilities, although we are aware of some customers who have seen the first vulnerability triggered within their infrastructures. Further investigation of those incidents seems to indicate that the vulnerability has been accidentally triggered. These vulnerabilities were discovered via internal product testing. Status of this Notice: FINAL ============================ This information is Cisco Highly Confidential - Do not redistribute. THIS IS A DRAFT VERSION OF A SECURITY NOTICE THAT CONTAINS UNRELEASED INFORMATION ABOUT CISCO PRODUCTS. DISTRIBUTION WITHIN CISCO IS LIMITED TO PERSONNEL WITH A NEED TO KNOW. THIS DRAFT MAY CONTAIN ERRORS OR OMIT IMPORTANT INFORMATION. THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +-------------------------------------------------------------------+ | Revision 1.0 | 2009-July-29 1600 | Initial public release | +-------------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFKcGNc86n/Gc8U/uARAks6AKCCWLTakna/WbNzMuIbeGPJGJHnbQCfbYEi I6XwyRZTnktw7RSnT6Y/N1E= =KmUm -----END PGP SIGNATURE-----
VAR-200907-0096 CVE-2009-2049 Cisco IOS In RFC4893 BGP Service disruption related to routing processing (DoS) Vulnerabilities CVSS V2: 5.4
CVSS V3: -
Severity: MEDIUM
Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1 through 12.2(33)SXI2, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (device reload) by using an RFC4271 peer to send a malformed update, aka Bug ID CSCta33973. Cisco IOS is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCta33973. May trigger memory corruption and crash with \\%\\%Software-forced reload error. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. 1) An unspecified error exists in the processing of BGP update messages. constructed from more than 1000 autonomous systems. SOLUTION: Update to a fixed version (please see the vendor advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities Advisory ID: cisco-sa-20090729-bgp http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml Revision: 1.0 ========= For Public Release 2009 July 29 1600 UTC (GMT) Summary ======= Recent versions of Cisco IOS Software support RFC4893 ("BGP Support for Four-octet AS Number Space") and contain two remote denial of service (DoS) vulnerabilities when handling specific Border Gateway Protocol (BGP) updates. These vulnerabilities affect only devices running Cisco IOS Software with support for four-octet AS number space (here after referred to as 4-byte AS number) and BGP routing configured. The first vulnerability could cause an affected device to reload when processing a BGP update that contains autonomous system (AS) path segments made up of more than one thousand autonomous systems. Cisco has released free software updates to address these vulnerabilities. No workarounds are available for the first vulnerability. A workaround is available for the second vulnerability. This advisory is posted at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml Affected Products ================= Vulnerable Products +------------------ These vulnerabilities affect only devices running Cisco IOS and Cisco IOS XE Software (here after both referred to as simply Cisco IOS) with support for RFC4893 and that have been configured for BGP routing. The software table in the section "Software Versions and Fixes" of this advisory indicates all affected Cisco IOS Software versions that have support for RFC4893 and are affected by this vulnerability. A Cisco IOS software version that has support for RFC4893 will allow configuration of AS numbers using 4 Bytes. The following example identifies a Cisco device that has 4 byte AS number support: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#router bgp ? <1-65535> Autonomous system number <1.0-XX.YY> 4 Octets Autonomous system number Or: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#router bgp ? <1-4294967295> Autonomous system number <1.0-XX.YY> Autonomous system number The following example identifies a Cisco device that has 2 byte AS number support: Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#router bgp ? <1-65535> Autonomous system number A router that is running the BGP process will contain a line in the configuration that defines the autonomous system number (AS number), which can be seen by issuing the command line interface (CLI) command "show running-config". The canonical textual representation of four byte AS Numbers is standardized by the IETF through RFC5396 (Textual Representation of Autonomous System (AS) Numbers). Two major ways for textual representation have been defined as ASDOT and ASPLAIN. Cisco IOS routers support both textual representations of AS numbers. For further information about textual representation of four byte AS numbers in Cisco IOS Software consult the document "Explaining 4-Byte Autonomous System (AS) ASPLAIN and ASDOT Notation for Cisco IOS" at the following link: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/white_paper_c11_516829.html Cisco IOS Software with support for RFC4893 is affected by both vulnerabilities if BGP routing is configured using either ASPLAIN or ASDOT notation. The following example identifies a Cisco device that is configured for BGP using ASPLAIN notation: router bgp 65536 The following example identifies a Cisco device that is configured for BGP using ASDOT notation: router bgp 1.0 To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output. The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L: Router#show version Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by cisco Systems, Inc. Compiled Mon 17-Mar-08 14:39 by dchih !--- output truncated The following example identifies a Cisco product that is running Cisco IOS Software Release 12.4(20)T with an installed image name of C1841-ADVENTERPRISEK9-M: Router#show version Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2008 by Cisco Systems, Inc. Compiled Thu 10-Jul-08 20:25 by prod_rel_team !--- output truncated Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS Reference Guide" at the following link: http://www.cisco.com/warp/public/620/1.html Products Confirmed Not Vulnerable +-------------------------------- The following Cisco products are confirmed not vulnerable: * Cisco IOS Software not explicitly mentioned in this Advisory * Cisco IOS XR Software * Cisco IOS NX-OS No other Cisco products are currently known to be affected by this vulnerability. Details ======= RFC4271 has defined an AS number as a two-octet entity in BGP. RFC4893 has defined an AS number as a four-octet entity in BGP. The first vulnerability could cause an affected device to reload when processing a BGP update that contains AS path segments made up of more than one thousand autonomous systems. If an affected 4-byte AS number BGP speaker receives a BGP update from a 2-byte AS number BGP speaker that contains AS path segments made up of more than one thousand autonomous systems, the device may crash with memory corruption, and the error "%%Software-forced reload" will be displayed. The following three conditions are required for successful exploitation of this vulnerability: * Affected Cisco IOS Software device is a 4-byte AS number BGP speaker * BGP peering neighbor is a 2-byte AS number BGP speaker * BGP peering neighbor is capable of sending a BGP update with a series of greater than one thousand AS numbers Note: Note: Cisco IOS, Cisco IOS XE, Cisco NX-OS and Cisco IOS XR Software, as a 2 byte AS number BGP speaker send BGP updates with a maximum of 255 AS numbers. The following three conditions are required for successful exploitation of this vulnerability: * Affected Cisco IOS Software device is a 4-byte AS number BGP speaker * BGP peering neighbor is a 2-byte AS number BGP speaker * BGP peering neighbor is capable of sending a non-RFC compliant crafted BGP update message This vulnerability is documented in Cisco Bug ID CSCta33973 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2009-2049. Further information regarding Cisco support for 4-byte AS number is available in "Cisco IOS BGP 4-Byte ASN Support" at the following link: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/data_sheet_C78-521821.html Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCsy86021: Cisco IOS Software BGP Long AS-path Vulnerability CVSS Base Score - 7.1 Access Vector Network Access Complexity Medium Authentication None Confidentiality Impact None Availability Impact Complete CVSS Temporal Score - 6.7 Exploitability Functional Remediation Level Official-Fix Report Confidence Confirmed CSCta33973: Cisco IOS Software Crafted BGP Update Message Vulnerability CVSS Base Score - 5.4 Access Vector Network Access Complexity High Authentication None Confidentiality Impact None Availability Impact Complete CVSS Temporal Score - 4.5 Exploitability Functional Remediation Level Official-Fix Report Confidence Confirmed Impact ====== Successful exploitation of the vulnerabilities described in this document may result in a reload of the device. The issue could result in repeated exploitation to cause an extended DoS condition. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. Each row of the Cisco IOS software table (below) names a Cisco IOS release train. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. The "Recommended Release" column indicates the releases which have fixes for all the published vulnerabilities at the time of this Advisory. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release in the "Recommended Releases" column of the table. +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |----------+--------------------------------------------------------| | Affected | |Recommended | |12.0-Based| First Fixed Release | Release | | Releases | | | |----------+-------------------------------------------+------------| |12.0 |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0DA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0DB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0DC |Not Vulnerable | | |----------+-------------------------------------------+------------| | |Releases up to and including 12.0(32)S11 | | | |are not vulnerable; first fixed in | | |12.0S |12.0(32)S14; | | | | | | | |Releases up to and including 12.0(33)S2 are| | | |not vulnerable; first fixed in 12.0(33)S5 | | |----------+-------------------------------------------+------------| |12.0SC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0SL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0SP |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0ST |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0SX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0SY |Releases up to and including 12.0(32)SY7 |12.0(32)SY10| | |are not vulnerable; first fixed in | | | |12.0(32)SY9a. | | |----------+-------------------------------------------+------------| |12.0SZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0T |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0W |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0WC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0WT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0WX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XI |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XN |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XS |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.0XW |Not Vulnerable | | |----------+-------------------------------------------+------------| | Affected | |Recommended | |12.1-Based| First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.1 based releases | |-------------------------------------------------------------------| | Affected | |Recommended | |12.2-Based| First Fixed Release | Release | | Releases | | | |----------+-------------------------------------------+------------| |12.2 |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2B |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2BZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2CX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2CY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2CZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2DA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2DD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2DX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EWA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2EZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2FX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2FY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2FZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IRA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IRB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IRC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2IXH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2JA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2JK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2MB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2MC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2S |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SBC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SCA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SCB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SED |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SEG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SGA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SO |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SRA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SRB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SRC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SRD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2STE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SU |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SVA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SVC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SVD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SVE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SXH |Not Vulnerable | | |----------+-------------------------------------------+------------| | |Releases up to and including 12.2(33)SXI | | |12.2SXI |are not vulnerable; CSCsy86021 first fixed | | | |in 12.2(33)SXI2; CSCta33973 first fixed in | | | |12.2(33)SXI3 | | |----------+-------------------------------------------+------------| |12.2SY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2SZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2T |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2TPC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XI |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XN |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XNA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XNB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XNC |12.2(33)XNC2 | | |----------+-------------------------------------------+------------| |12.2XND |12.2(33)XND1; available 25th August 2009 | | |----------+-------------------------------------------+------------| |12.2XO |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XS |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XU |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2XW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YN |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YO |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YP |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YS |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YU |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2YZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZH |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZP |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZU |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.2ZYA |Not Vulnerable | | |----------+-------------------------------------------+------------| | Affected | |Recommended | |12.3-Based| First Fixed Release | Release | | Releases | | | |-------------------------------------------------------------------| | There are no affected 12.3 based releases | |-------------------------------------------------------------------| | Affected | |Recommended | |12.4-Based| First Fixed Release | Release | | Releases | | | |----------+-------------------------------------------+------------| |12.4 |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JDA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JDC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JDD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JMA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JMB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4JX |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4MD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4MDA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4MR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4SW |Not Vulnerable | | |----------+-------------------------------------------+------------| | |Releases up to 12.4(24)T are not | | |12.4T |vulnerable; first fixed in 12.4(24)T2 | | | |available on 23-Oct-2009 | | |----------+-------------------------------------------+------------| |12.4XA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XC |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XD |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XE |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XF |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XG |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XJ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XK |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XL |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XM |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XN |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XP |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XQ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XR |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XT |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XV |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XW |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XY |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4XZ |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4YA |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4YB |Not Vulnerable | | |----------+-------------------------------------------+------------| |12.4YD |Not Vulnerable | | +-------------------------------------------------------------------+ Cisco IOS XE Release Table +------------------------- +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |----------+--------------------------------------------------------| | Affected | | | 2.1 | There are no affected 2.1 based releases | | Releases | | |----------+--------------------------------------------------------| | Affected | | | 2.2 | There are no affected 2.2 based releases | | Releases | | |----------+--------------------------------------------------------| | Affected | Releases up to and including 2.3.1t are vulnerable; | | 2.3 | First fixed in 2.3.2 | | Releases | | |----------+--------------------------------------------------------+ | Affected | Releases up to and including 2.4.0 are vulnerable; | | 2.4 | First fixed in 2.4.1, available 25th August 2009 | | Releases | | +----------+--------------------------------------------------------+ Workarounds =========== For the first vulnerability, there are no workarounds on the affected device. Neighbors could be configured to discard routes that have more than one thousand AS numbers in the AS-path segments. This configuration will help prevent the further propagation of BGP updates with the AS path segments made up of greater than one thousand AS numbers. Note: Configuring "bgp maxas-limit [value]" on the affected device does not mitigate this vulnerability. For the second vulnerability, configuring "bgp maxas-limit [value]" on the affected device does mitigate this vulnerability. Cisco is recommends using a conservative value of 100 to mitigate this vulnerability. Consult the document "Protecting Border Gateway Protocol for the Enterprise" at the following link for additional best practices on protecting BGP infrastructures: http://www.cisco.com/web/about/security/intelligence/protecting_bgp.html Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of malicious exploitation of either of these vulnerabilities, although we are aware of some customers who have seen the first vulnerability triggered within their infrastructures. Further investigation of those incidents seems to indicate that the vulnerability has been accidentally triggered. These vulnerabilities were discovered via internal product testing. Status of this Notice: FINAL ============================ This information is Cisco Highly Confidential - Do not redistribute. THIS IS A DRAFT VERSION OF A SECURITY NOTICE THAT CONTAINS UNRELEASED INFORMATION ABOUT CISCO PRODUCTS. DISTRIBUTION WITHIN CISCO IS LIMITED TO PERSONNEL WITH A NEED TO KNOW. THIS DRAFT MAY CONTAIN ERRORS OR OMIT IMPORTANT INFORMATION. THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +-------------------------------------------------------------------+ | Revision 1.0 | 2009-July-29 1600 | Initial public release | +-------------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFKcGNc86n/Gc8U/uARAks6AKCCWLTakna/WbNzMuIbeGPJGJHnbQCfbYEi I6XwyRZTnktw7RSnT6Y/N1E= =KmUm -----END PGP SIGNATURE-----
VAR-200907-0059 CVE-2009-1165 Cisco Wireless LAN Controller Memory leak vulnerability CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Memory leak on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0, 5.1 before 5.1.163.0, and 5.0 and 5.2 before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (memory consumption and device reload) via SSH management connections, aka Bug ID CSCsw40789. plural Cisco Used in products Cisco Wireless LAN Controller Contains a memory leak vulnerability. The problem is Bug ID : CSCsw40789 It is a problem.By a third party SSH Service disruption via management connection (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to trigger an affected device to crash and reload, denying service to legitimate users. This issue is being tracked by Cisco BugID CSCsw40789. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers Advisory ID: cisco-sa-20090727-wlc http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml Revision 1.0 For Public Release 2009 July 27 1600 UTC (GMT) - --------------------------------------------------------------------- Summary Multiple vulnerabilities exist in the Cisco Wireless LAN Controller (WLC) platforms. This security advisory outlines the details of the following vulnerabilities: * Malformed HTTP or HTTPS authentication response denial of service vulnerability * SSH connections denial of service vulnerability * Crafted HTTP or HTTPS request denial of service vulnerability * Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability Cisco has released free software updates that address these vulnerabilities. * The SSH connections denial of service vulnerability affects software versions 4.1 and later. * The crafted HTTP or HTTPS request denial of service vulnerability affects software versions 4.1 and later. * The crafted HTTP or HTTPS request unauthorized configuration modification vulnerability affects software versions 4.1 and later. Determination of Software Versions +--------------------------------- To determine the WLC version that is running in a given environment, use one of the following methods: * In the web interface, choose the Monitor tab, click Summary in the left pane, and note the Software Version field. Note: Customers who use a WLC Module in an Integrated Services Router (ISR) will need to issue the service-module wlan-controller 1/0 session command prior to performing the next step on the command line. Customers who use a Cisco Catalyst 3750G Switch with an integrated WLC Module will need to issue the session <Stack-Member-Number> processor 1 session command prior to performing the next step on the command line. * From the command-line interface, type show sysinfo and note the Product Version field, as shown in the following example: (Cisco Controller) >show sysinfo Manufacturer's Name.. Cisco Systems Inc. Product Name......... Cisco Controller Product Version...... 5.1.151.0 RTOS Version......... Linux-2.6.10_mvl401 Bootloader Version... 4.0.207.0 Build Type........... DATA + WPS <output suppressed> Use the show wism module <module number> controller 1 status command on a Cisco Catalyst 6500 Series/7600 Series Switch if you are using a WiSM. Note the software version as demonstrated in the following example, which shows version 5.1.151.0. Router#show wism module 3 controller 1 status WiSM Controller 1 in Slot 3 Operational Status of the Controller : Oper-Up Service VLAN : 192 Service Port : 10 Service Port Mac Address : 0011.92ff.8742 Service IP Address : 192.168.10.1 Management IP Address : 192.168.1.123 Software Version : 5.1.151.0 Port Channel Number : 288 Allowed vlan list : 30,40 Native VLAN ID : 40 WCP Keep Alive Missed : 0 Products Confirmed Not Vulnerable +-------------------------------- The Cisco Wireless Controller 5500 Series is not affected by these vulnerabilities. Details ======= Cisco Wireless LAN Controllers (WLCs) are responsible for system-wide wireless LAN functions, such as security policies, intrusion prevention, RF management, quality of service (QoS), and mobility. These devices communicate with controller-based access points over any Layer 2 (Ethernet) or Layer 3 (IP) infrastructure using the Lightweight Access Point Protocol (LWAPP). This security advisory describes multiple distinct vulnerabilities in the WLC family of devices. * Malformed HTTP or HTTPS authentication response denial of service vulnerability An attacker with access to the administrative web interface via HTTP or HTTPS may cause the device to reload by providing a malformed response to an authentication request. Note: The vulnerability can be exploited only via the administrative web-based interface; Web Authentication features are not affected. This vulnerability is documented in Cisco Bug ID CSCsx03715 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2009-1164. * SSH connections denial of service vulnerability Affected devices may be susceptible to a memory leak when they handle SSH management connections. Note: A three-way handshake is not required to exploit this vulnerability. This vulnerability is documented in Cisco Bug ID CSCsw40789 and has been assigned CVE ID CVE-2009-1165. Note: The vulnerability can be exploited only via the administrative web-based interface; Web Authentication features are not affected. This vulnerability is documented in Cisco Bug ID CSCsy27708 and has been assigned CVE ID CVE-2009-1166. * Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability An unauthorized configuration modification vulnerability exists in all software versions prior to the first fixed release. A remote, unauthenticated attacker who can submit HTTP or HTTPS requests to the WLC directly could gain full control of the affected device. Note: The vulnerability can be exploited only by submitting such a request to an IP address that is bound to an administrative interface or VLAN. The vulnerability is documented by Cisco Bug ID CSCsy44672 and has been assigned CVE ID CVE-2009-1167. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerabilities in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at http://intellishield.cisco.com/security/alertmanager/cvss CSCsx03715 - Malformed HTTP or HTTPS authentication response denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsw40789 - SSH connections denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsy27708 - Crafted HTTP or HTTPS request denial of service vulnerability +----------------------------------------------------- CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - None Integrity Impact - None Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed CSCsy44672 - Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability +----------------------------------------------------- CVSS Base Score - 10 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ===== Successful exploitation of the denial of service (DoS) vulnerabilities may cause the affected device to reload. Repeated exploitation could result in a sustained DoS condition. An unauthenticated, remote attacker may be able to use the unauthorized configuration modification vulnerability to gain full control over the Wireless LAN Controller if the attacker is able to submit a crafted request directly to an administrative interface of the affected device. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.comw/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. +------------------------------------------------------+ | Vulnerability/ | Affected | First | Recommended | | Bug ID | Release | Fixed | Release | | | | Version | | |----------------+----------+------------+-------------| | | 4.1 | Not | Not | | | | Vulnerable | Vulnerable | | |----------+------------+-------------| | | 4.1M | Not | Not | | | | Vulnerable | Vulnerable | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | Malformed HTTP | 4.2M | Not | Not | | or HTTPS | | Vulnerable | Vulnerable | |authentication |----------+------------+-------------| | response | | Migrate to | 5.2.193.0 | | denial of | 5.0 | 5.2 or 6.0 | or | | service | | | 6.0.182.0 | |vulnerability |----------+------------+-------------| | (CSCsx03715) | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.178.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | SSH | 4.2M | Not | Not | | connections | | Vulnerable | Vulnerable | |denial of |----------+------------+-------------| | service | | Migrate to | 5.2.193.0 | | vulnerability | 5.0 | 5.2 or 6.0 | or | | (CSCsw40789) | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.1 | 5.1.163.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.178.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1 M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | | 4.2 | 4.2.205.0 | 4.2.207.0 | | |----------+------------+-------------| | Crafted HTTP | 4.2M | Not | Not | | request may | | Vulnerable | Vulnerable | |cause the WLC |----------+------------+-------------| | to crash | | Migrate to | 5.2.193.0 | | (CSCsy27708) | 5.0 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.191.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | |----------------+----------+------------+-------------| | | 4.1 | Migrate to | 4.2.205.0 | | | | 4.2 | | | |----------+------------+-------------| | | | | 5.2.193.0, | | | | Migrate to | 6.0.182.0 | | | 4.1M | 5.2, 6.0, | or | | | | or 4.2M | 4.2.176.51 | | | | | Mesh | | |----------+------------+-------------| | Crafted HTTP | 4.2 | 4.2.205.0 | 4.2.207.0 | |or HTTPS |----------+------------+-------------| | request | 4.2M | Not | Not | | unauthorized | | Vulnerable | Vulnerable | |configuration |----------+------------+-------------| | modification | 5.0 | Migrate to | 5.2.193.0, | | vulnerability | | 5.2 or 6.0 | 6.0.182.0 | |(CSCsy44672) |----------+------------+-------------| | | | Migrate to | 5.2.193.0 | | | 5.1 | 5.2 or 6.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | | | 5.2.193.0 | | | 5.2 | 5.2.191.0 | or | | | | | 6.0.182.0 | | |----------+------------+-------------| | | 6.0 | Not | Not | | | | Vulnerable | Vulnerable | +------------------------------------------------------+ Workarounds =========== The SSH connections denial of service vulnerability identified by Cisco Bug ID CSCsw40789 may be remediated by disabling SSH on the affected device. This workaround requires subsequent management of the device to be performed using the HTTP/HTTPS web management interface or the serial console of the device. Additional mitigations that can be deployed on Cisco devices in the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: http://www.cisco.com/warp/public/707/cisco-amb-20090727-wlc.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts ================================ Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory at the time of release. The DoS vulnerability documented by CSCsw40789 was discovered during the resolution of customer support cases. The unauthorized configuration modification vulnerability documented by CSCsy44672 was found during internal testing. The DoS vulnerability documented by CSCsx03715 was discovered by Christoph Bott of SySS GmbH. The DoS vulnerability documented by CSCsy27708 was discovered by IBM Research. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at : http://www.cisco.com/warp/public/707/cisco-sa-20090727-wlc.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2009-July-27 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFKbdU786n/Gc8U/uARAkG6AKCKI8yrbakylICPezA8Up2E1t372QCePJmj RTTknUlr0VuKxVZLT0f8+gQ= =x8Ly -----END PGP SIGNATURE-----