VARIoT IoT vulnerabilities database

VAR-200609-1416 | CVE-2006-3738 | OpenSSL SSLv2 client code fails to properly check for NULL |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL Library utility functions 1 First, output a list of encryption algorithms used for communication as a readable character string. SSL_get_shared_ciphers() there is. SSL_get_shared_ciphers() There is a buffer overflow vulnerability in the processing of.OpenSSL Any code may be executed with the privileges of the application that uses it. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application.
Successfully exploiting this issue may result in the execution of arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts may crash applications, denying service to legitimate users. OpenSSL Security Advisory [28th September 2006]
New OpenSSL releases are now available to correct four security
issues.
ASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)
==============================================================
Vulnerability
-------------
Dr. Henson recently developed an ASN.1 test suite for NISCC
(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error
condition is mishandled. This can result in an infinite loop which
consumes system memory (CVE-2006-2937). (This issue did not affect
OpenSSL versions prior to 0.9.7)
2. Certain types of public key can take disproportionate amounts of
time to process. This could be used by an attacker in a denial of
service attack (CVE-2006-2940).
Any code which uses OpenSSL to parse ASN.1 data from untrusted sources
is affected. This includes SSL servers which enable client
authentication and S/MIME applications.
Acknowledgements
----------------
The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC
for funding the ASN.1 test suite project.
Acknowledgements
----------------
The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google
Security Team for reporting this issue.
SSLv2 Client Crash (CVE-2006-4343)
==================================
Vulnerability
-------------
A flaw in the SSLv2 client code was discovered.
Acknowledgements
----------------
The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google
Security Team for reporting this issue.
Recommendations
===============
These vulnerabilities are resolved in the following versions of OpenSSL:
- in the 0.9.7 branch, version 0.9.7l (or later);
- in the 0.9.8 branch, version 0.9.8d (or later).
OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via
HTTP and FTP from the following master locations (you can find the
various FTP mirrors under https://www.openssl.org/source/mirror.html):
o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/
The distribution file names are:
o openssl-0.9.8d.tar.gz
MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2
o openssl-0.9.7l.tar.gz
MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d
The checksums were calculated using the following commands:
openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz
After upgrading make sure to recompile any applications statically
linked to OpenSSL libraries and restart all applications that use
OpenSSL. A flaw has also been reported in the
BN_from_montgomery() function in crypto/bn/bn_mont.c when performing
Montgomery multiplication. A local attacker could
perform a side channel attack to retrieve the RSA private keys. rPath Security Advisory: 2006-0175-2
Published: 2006-09-28
Updated:
2006-09-29 Resolved issue in patch for CVE-2006-2940
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Remote Deterministic Unauthorized Access
Updated Versions:
openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1
openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
http://issues.rpath.com/browse/RPL-613
Description:
Previous versions of the openssl package are vulnerable to multiple
attacks.
In particular, any connection that the mysql daemon will accept
may be vulnerable. In the default configuration of mysql, that
would be a local unauthorized access vulnerability, but mysql can
be configured to listen for network connections from remote hosts,
which would then enable remote unauthorized access. Any program
that calls the SSL_get_shared_ciphers() function may be vulnerable.
29 September 2006 Update: The initial fix for this vulnerability was
incomplete, and the fault in the fix could enable a Denial of Service
attack in some cases of the attack described in CVE-2006-2940.
_______________________________________________
Full-Disclosure - We believe in it.
Update:
There was an error in the original published patches for CVE-2006-2940.
New packages have corrected this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm
f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm
73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm
526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm
441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm
632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm
04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm
5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm
f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm
73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm
ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm
441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm
Mandriva Linux 2007.0:
db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm
26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm
ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm
a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm
78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm
cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm
36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm
db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm
26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm
ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm
e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm
78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm
Corporate 3.0:
7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm
1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm
6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm
c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm
2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm
Corporate 3.0/X86_64:
52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm
258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm
cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm
7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm
492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm
2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm
Corporate 4.0:
76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm
0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm
86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm
daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm
a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm
89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm
cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm
76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm
0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm
86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm
8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm
a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm
11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm
8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm
214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm
bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3
mAaLoEPfjUca1TR98vgpZUU=
=Ff9O
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Corrected: 2007-10-03 21:39:43 UTC (RELENG_6, 6.2-STABLE)
2007-10-03 21:40:35 UTC (RELENG_6_2, 6.2-RELEASE-p8)
2007-10-03 21:41:22 UTC (RELENG_6_1, 6.1-RELEASE-p20)
2007-10-03 21:42:00 UTC (RELENG_5, 5.5-STABLE)
2007-10-03 21:42:32 UTC (RELENG_5_5, 5.5-RELEASE-p16)
CVE Name: CVE-2007-5135
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effort to develop a robust, commercial-grade, full-featured,
and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.
II.
III.
IV. Workaround
No workaround is available, but only applications using the
SSL_get_shared_ciphers() function are affected. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the
RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the
correction date.
2) To patch your present system:
The following patch have been verified to apply to FreeBSD 5.5, 6.1,
and 6.2 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch
# fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch.asc
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/secure/lib/libssl
# make obj && make depend && make && make install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_5
src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.3
RELENG_5_5
src/UPDATING 1.342.2.35.2.16
src/sys/conf/newvers.sh 1.62.2.21.2.18
src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.1.4.2
RELENG_6
src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.2.2
RELENG_6_2
src/UPDATING 1.416.2.29.2.11
src/sys/conf/newvers.sh 1.69.2.13.2.11
src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.2.1.2.1
RELENG_6_1
src/UPDATING 1.416.2.22.2.22
src/sys/conf/newvers.sh 1.69.2.11.2.22
src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.6.2
- -------------------------------------------------------------------------
VII.
________________________________________________________________________
References:
[0] http://www.openssl.org/news/secadv_20060928.txt
[1] http://www.openssl.org/
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
[5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
________________________________________________________________________
For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg@openpkg.org>" (ID 63C4CB9F) of the
OpenPKG project which you can retrieve from http://pgp.openpkg.org and
hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org
for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02824490
Version: 1
HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Apache/PHP, Remote Denial of Service (DoS), Unauthorized Access, Unauthorized Disclosure of Information, Unauthorized Modification
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-05-05
Last Updated: 2011-05-05
Potential Security Impact: Remote Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, unauthorized modification
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications.
References: CVE-2002-0839, CVE-2002-0840, CVE-2003-0542, CVE-2004-0492, CVE-2005-2491, CVE-2005-3352, CVE-2005-3357, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-3918, CVE-2006-4339, CVE-2006-4343, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2009-1891, CVE-2009-3095, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3555, CVE-2010-0010
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2
CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2
CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4
CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8
CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8
CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6
CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1
CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8
CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve these vulnerabilities.
Kit Name
Location
HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers.
http://h71000.www7.hp.com/openvms/products/ips/apache/csws.html
CSWS_PHP V2.2
http://h71000.www7.hp.com/openvms/products/ips/apache/csws_php.html
HISTORY
Version:1 (rev.1) - 5 May 2011 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
-check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
-verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters
of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2011 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.
BACKGROUND
RESOLUTION
HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue.
--WfZ7S8PLGjBY9Voh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200610-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: OpenSSL: Multiple vulnerabilities
Date: October 24, 2006
Bugs: #145510
ID: 200610-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
OpenSSL contains multiple vulnerabilities including the possible remote
execution of arbitrary code. Additionally Dr.
Resolution
==========
All OpenSSL 0.9.8 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"
All OpenSSL 0.9.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"
References
==========
[ 1 ] CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
[ 2 ] CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
[ 3 ] CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
[ 4 ] CVE-2006-4343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200610-11.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2007-0001
Synopsis: VMware ESX server security updates
Issue date: 2007-01-08
Updated on: 2007-01-08
CVE: CVE-2006-3589 CVE-2006-2937 CVE-2006-2940
CVE-2006-3738 CVE-2006-4339 CVE-2006-4343
CVE-2006-4980
- -------------------------------------------------------------------
1. Summary:
Updated ESX Patches address several security issues.
2. Relevant releases:
VMware ESX 3.0.1 without patch ESX-9986131
VMware ESX 3.0.0 without patch ESX-3069097
VMware ESX 2.5.4 prior to upgrade patch 3
VMware ESX 2.5.3 prior to upgrade patch 6
VMware ESX 2.1.3 prior to upgrade patch 4
VMware ESX 2.0.2 prior to upgrade patch 4
3. Problem description:
Problems addressed by these patches:
a. Incorrect permissions on SSL key files generated by vmware-config
(CVE-2006-3589):
ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files. The Common Vulnerabilities and Exposures project
(cve.mitre.org) assigned the name CVE-2006-3589 to this issue.
b. OpenSSL library vulnerabilities:
ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
(CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
allows remote attackers to cause a denial of service (infinite
loop and memory consumption) via malformed ASN.1 structures that
trigger an improperly handled error condition.
(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.
(CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
padding before generating a hash, which allows remote attackers to
forge a PKCS #1 v1.5 signature that is signed by that RSA key and
prevents OpenSSL from correctly verifying X.509 and other
certificates that use PKCS #1.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,
CVE-2006-4339, and CVE-2006-4343 to these issues.
c. Updated OpenSSH package addresses the following possible security issues:
ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems
(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).
(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.
(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.
(CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
SSH protocol, allows remote attackers to cause a denial of service
(CPU consumption) via an SSH packet that contains duplicate blocks,
which is not properly handled by the CRC compensation attack
detector.
NOTE: ESX by default disables version 1 SSH protocol.
(CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4
allows remote attackers to cause a denial of service (crash), and
possibly execute arbitrary code if GSSAPI authentication is enabled,
via unspecified vectors that lead to a double-free.
NOTE: ESX doesn't use GSSAPI by default.
(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.
NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,
CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues.
d. Object reuse problems with newly created virtual disk (.vmdk or .dsk)
files:
ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files. Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.
VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros. NOTE: ESX 3.x defines this option as -w.
e. Buffer overflow in Python function repr():
ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem
A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the name CVE-2006-4980 to this issue.
4. Solution:
Please review the Patch notes for your version of ESX and verify the md5sum.
ESX 3.0.1
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
md5usm: 239375e107fd4c7af57663f023863fcb
ESX 3.0.0
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
md5sum: ca9947239fffda708f2c94f519df33dc
ESX 2.5.4
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
md5sum: 239375e107fd4c7af57663f023863fcb
ESX 2.5.3
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
md5sum: f90fcab28362edbf2311f3ca90cc7739
ESX 2.1.3
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f
ESX 2.0.2
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
md5sum: 925e70f28d17714c53fdbd24de64329f
5. References:
ESX 3.0.0 Patch URL:
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
Knowledge base URL: http://kb.vmware.com/kb/3069097
ESX 3.0.1 Patch URL:
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
Knowledge base URL: http://kb.vmware.com/kb/9986131
ESX 2.5.4 Patch URL:
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
ESX 2.5.3 Patch URL:
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
ESX 2.1.3 Patch URL:
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
ESX 2.0.2 Patch URL:
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980
6. Contact:
http://www.vmware.com/security
VMware Security Response Policy
http://www.vmware.com/vmtn/technology/security/security_response.html
E-mail: security@vmware.com
Copyright 2007 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE
neFG0RikD74TCYeXKW6CBy4=
=9/6k
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
VAR-200609-1445 | CVE-2006-2937 | OpenSSL may fail to properly parse invalid ASN.1 structures |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures.
An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. Henson recently developed an ASN.1 test suite for NISCC
(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error
condition is mishandled. (This issue did not affect
OpenSSL versions prior to 0.9.7)
2. Certain types of public key can take disproportionate amounts of
time to process.
Any code which uses OpenSSL to parse ASN.1 data from untrusted sources
is affected. This includes SSL servers which enable client
authentication and S/MIME applications.
Acknowledgements
----------------
The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC
for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an
application that uses this function and overrun a buffer
(CVE-2006-3738).
SSLv2 Client Crash (CVE-2006-4343)
==================================
Vulnerability
-------------
A flaw in the SSLv2 client code was discovered.
Recommendations
===============
These vulnerabilities are resolved in the following versions of OpenSSL:
- in the 0.9.7 branch, version 0.9.7l (or later);
- in the 0.9.8 branch, version 0.9.8d (or later).
OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via
HTTP and FTP from the following master locations (you can find the
various FTP mirrors under https://www.openssl.org/source/mirror.html):
o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/
The distribution file names are:
o openssl-0.9.8d.tar.gz
MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2
o openssl-0.9.7l.tar.gz
MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d
The checksums were calculated using the following commands:
openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz
After upgrading make sure to recompile any applications statically
linked to OpenSSL libraries and restart all applications that use
OpenSSL. rPath Security Advisory: 2006-0175-2
Published: 2006-09-28
Updated:
2006-09-29 Resolved issue in patch for CVE-2006-2940
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Remote Deterministic Unauthorized Access
Updated Versions:
openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1
openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
http://issues.rpath.com/browse/RPL-613
Description:
Previous versions of the openssl package are vulnerable to multiple
attacks.
In particular, any connection that the mysql daemon will accept
may be vulnerable. In the default configuration of mysql, that
would be a local unauthorized access vulnerability, but mysql can
be configured to listen for network connections from remote hosts,
which would then enable remote unauthorized access. Any program
that calls the SSL_get_shared_ciphers() function may be vulnerable.
29 September 2006 Update: The initial fix for this vulnerability was
incomplete, and the fault in the fix could enable a Denial of Service
attack in some cases of the attack described in CVE-2006-2940.
_______________________________________________
Full-Disclosure - We believe in it.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:172-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : openssl
Date : October 2, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
Dr S N Henson of the OpenSSL core team and Open Network Security
recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk).
Update:
There was an error in the original published patches for CVE-2006-2940.
New packages have corrected this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm
f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm
73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm
526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm
441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm
632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm
04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm
5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm
f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm
73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm
ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm
441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm
Mandriva Linux 2007.0:
db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm
26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm
ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm
a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm
78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm
cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm
36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm
db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm
26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm
ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm
e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm
78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm
Corporate 3.0:
7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm
1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm
6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm
c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm
2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm
Corporate 3.0/X86_64:
52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm
258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm
cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm
7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm
492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm
2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm
Corporate 4.0:
76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm
0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm
86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm
daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm
a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm
89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm
cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm
76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm
0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm
86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm
8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm
a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm
11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm
8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm
214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm
bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3
mAaLoEPfjUca1TR98vgpZUU=
=Ff9O
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------
~ VMware Security Advisory
Advisory ID: VMSA-2008-0005
Synopsis: Updated VMware Workstation, VMware Player, VMware
~ Server, VMware ACE, and VMware Fusion resolve
~ critical security issues
Issue date: 2008-03-17
Updated on: 2008-03-17 (initial release of advisory)
CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361
~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940
~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339
~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363
~ CVE-2008-1340
- -------------------------------------------------------------------
1. Summary:
~ Several critical security vulnerabilities have been addressed
~ in the newest releases of VMware's hosted product line.
2. Relevant releases:
~ VMware Workstation 6.0.2 and earlier
~ VMware Workstation 5.5.4 and earlier
~ VMware Player 2.0.2 and earlier
~ VMware Player 1.0.4 and earlier
~ VMware ACE 2.0.2 and earlier
~ VMware ACE 1.0.2 and earlier
~ VMware Server 1.0.4 and earlier
~ VMware Fusion 1.1 and earlier
3. Problem description:
~ a. Host to guest shared folder (HGFS) traversal vulnerability
~ On Windows hosts, if you have configured a VMware host to guest
~ shared folder (HGFS), it is possible for a program running in the
~ guest to gain access to the host's file system and create or modify
~ executable files in sensitive locations.
NOTE: VMware Server is not affected because it doesn't use host to
~ guest shared folders. No versions of ESX Server, including
~ ESX Server 3i, are affected by this vulnerability. Because
~ ESX Server is based on a bare-metal hypervisor architecture
~ and not a hosted architecture, and it doesn't include any
~ shared folder abilities. Fusion and Linux based hosted
~ products are unaffected.
~ VMware would like to thank CORE Security Technologies for
~ working with us on this issue. This addresses advisory
~ CORE-2007-0930.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2008-0923 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ b. Insecure named pipes
~ An internal security audit determined that a malicious Windows
~ user could attain and exploit LocalSystem privileges by causing
~ the authd process to connect to a named pipe that is opened and
~ controlled by the malicious user.
~ The same internal security audit determined that a malicious
~ Windows user could exploit an insecurely created named pipe
~ object to escalate privileges or create a denial of service
~ attack. In this situation, the malicious user could
~ successfully impersonate authd and attain privileges under
~ which Authd is executing.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these
~ issues.
~ Windows Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ c. Updated libpng library to version 1.2.22 to address various
~ security vulnerabilities
~ Several flaws were discovered in the way libpng handled various PNG
~ image chunks. An attacker could create a carefully crafted PNG
~ image file in such a way that it could cause an application linked
~ with libpng to crash when the file was manipulated.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2007-5269 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ NOTE: Fusion is not affected by this issue.
~ d. Updated OpenSSL library to address various security vulnerabilities
~ Updated OpenSSL fixes several security flaws were discovered
~ in previous versions of OpenSSL.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the following names to these issues: CVE-2006-2940,
~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ NOTE: Fusion is not affected by this issue.
~ e. VIX API default setting changed to a more secure default value
~ Workstation 6.0.2 allowed anonymous console access to the guest by
~ means of the VIX API. This release, Workstation 6.0.3, disables
~ this feature. This means that the Eclipse Integrated Virtual
~ Debugger and the Visual Studio Integrated Virtual Debugger will now
~ prompt for user account credentials to access a guest.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ f. Windows 2000 based hosted products privilege escalation
~ vulnerability
~ This release addresses a potential privilege escalation on
~ Windows 2000 hosted products. Certain services may be improperly
~ registered and present a security vulnerability to Windows 2000
~ machines.
~ VMware would like to thank Ray Hicken for reporting this issue and
~ David Maciejak for originally pointing out these types of
~ vulnerabilities.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2007-5618 to this issue.
~ Windows versions of Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ NOTE: Fusion and Linux based products are not affected by this
~ issue.
~ g. DHCP denial of service vulnerability
~ A potential denial of service issue affects DHCP service running
~ on the host.
~ VMware would like to thank Martin O'Neal for reporting this issue.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2008-1364 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)
~ NOTE: This issue doesn't affect the latest versions of VMware
~ Workstation 6, VMware Player 2, and ACE 2 products.
~ h. Local Privilege Escalation on Windows based platforms by
~ Hijacking VMware VMX configuration file
~ VMware uses a configuration file named "config.ini" which
~ is located in the application data directory of all users.
~ By manipulating this file, a user could gain elevated
~ privileges by hijacking the VMware VMX process.
~ VMware would like to thank Sun Bing for reporting the issue.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2008-1363 to this issue.
~ Windows based Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ i. Virtual Machine Communication Interface (VMCI) memory corruption
~ resulting in denial of service
~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,
~ and VMware ACE 2.0. It is an experimental, optional feature and
~ it may be possible to crash the host system by making specially
~ crafted calls to the VMCI interface. This may result in denial
~ of service via memory exhaustion and memory corruption.
~ VMware would like to thank Andrew Honig of the Department of
~ Defense for reporting this issue.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2008-1340 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
4. Solution:
Please review the Patch notes for your product and version and verify
the md5sum of your downloaded file.
~ VMware Workstation 6.0.3
~ ------------------------
~ http://www.vmware.com/download/ws/
~ Release notes:
~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
~ Windows binary
~ md5sum: 323f054957066fae07735160b73b91e5
~ RPM Installation file for 32-bit Linux
~ md5sum: c44183ad11082f05593359efd220944e
~ tar Installation file for 32-bit Linux
~ md5sum: 57601f238106cb12c1dea303ad1b4820
~ RPM Installation file for 64-bit Linux
~ md5sum: e9ba644be4e39556724fa2901c5e94e9
~ tar Installation file for 64-bit Linux
~ md5sum: d8d423a76f99a94f598077d41685e9a9
~ VMware Workstation 5.5.5
~ ------------------------
~ http://www.vmware.com/download/ws/ws5.html
~ Release notes:
~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
~ Windows binary
~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3
~ Compressed Tar archive for 32-bit Linux
~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb
~ Linux RPM version for 32-bit Linux
~ md5sum: c222b6db934deb9c1bb79b16b25a3202
~ VMware Server 1.0.5
~ -------------------
~ http://www.vmware.com/download/server/
~ Release notes:
~ http://www.vmware.com/support/server/doc/releasenotes_server.html
~ VMware Server for Windows 32-bit and 64-bit
~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc
~ VMware Server Windows client package
~ md5sum: cb3dd2439203dc510f4d95f06ba59d21
~ VMware Server for Linux
~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e
~ VMware Server for Linux rpm
~ md5sum: fc3b81ed18b53eda943a992971e9f84a
~ Management Interface
~ md5sum: dd10d25895d9994bd27ca896152f48ef
~ VMware Server Linux client package
~ md5sum: aae18f1f7b8811b5499e3a358754d4f8
~ VMware ACE 2.0.3 and 1.0.5
~ --------------------------
~ http://www.vmware.com/download/ace/
~ Windows Release notes:
~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
~ VMware Fusion 1.1.1
~ -------------------
~ http://www.vmware.com/download/fusion/
~ Release notes:
~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html
~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0
~ VMware Player 2.0.3 and 1.0.6
~ ----------------------
~ http://www.vmware.com/download/player/
~ Release notes Player 1.x:
~ http://www.vmware.com/support/player/doc/releasenotes_player.html
~ Release notes Player 2.0
~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html
~ 2.0.3 Windows binary
~ md5sum: 0c5009d3b569687ae139e13d24c868d3
~ VMware Player 2.0.3 for Linux (.rpm)
~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2
~ VMware Player 2.0.3 for Linux (.tar)
~ md5sum: 2305fcff49bef6e4ad83742412eac978
~ VMware Player 2.0.3 - 64-bit (.rpm)
~ md5sum: cf945b571c4d96146ede010286fdfca5
~ VMware Player 2.0.3 - 64-bit (.tar)
~ md5sum: f99c5b293eb87c5f918ad24111565b9f
~ 1.0.6 Windows binary
~ md5sum: 895081406c4de5361a1700ec0473e49c
~ Player 1.0.6 for Linux (.rpm)
~ md5sum: 8adb23799dd2014be0b6d77243c76942
~ Player 1.0.6 for Linux (.tar)
~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f
5. References:
~ CVE numbers
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340
- -------------------------------------------------------------------
6. Contact:
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
~ * security-announce@lists.vmware.com
~ * bugtraq@securityfocus.com
~ * full-disclosure@lists.grok.org.uk
E-mail: security@vmware.com
Security web site
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2008 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv
Cv8MnL2bYPyDfYQ3f4IUL+w=
=tFXS
-----END PGP SIGNATURE-----
.
The following supported software versions are affected:
HP Tru64 UNIX v 5.1B-4 (SSL and BIND)
HP Tru64 UNIX v 5.1B-3 (SSL and BIND)
HP Tru64 UNIX v 5.1A PK6 (BIND)
HP Tru64 UNIX v 4.0G PK4 (BIND)
HP Tru64 UNIX v 4.0F PK8 (BIND)
Internet Express (IX) v 6.6 BIND (BIND)
HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)
BACKGROUND
RESOLUTION
HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.
The fixes contained in the ERP kits will be available in the following mainstream releases:
-Targeted for availability in HP Tru64 UNIX v 5.1B-5
-Internet Express (IX) v 6.7
-HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)
HP Tru64 UNIX Version 5.1B-4 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321
Name: T64KIT1001167-V51BB27-ES-20070321
MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd
HP Tru64 UNIX Version 5.1B-3 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315
Name: T64KIT1001163-V51BB26-ES-20070315
MD5 Checksum: d376d403176f0dbe7badd4df4e91c126
HP Tru64 UNIX Version 5.1A PK6 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314
Name: T64KIT1001160-V51AB24-ES-20070314
MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7
HP Tru64 UNIX Version 4.0G PK4 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316
Name: T64KIT1001166-V40GB22-ES-20070316
MD5 Checksum: a446c39169b769c4a03c654844d5ac45
HP Tru64 UNIX Version 4.0F PK8 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316
Name: DUXKIT1001165-V40FB22-ES-20070316
MD5 Checksum: 718148c87a913536b32a47af4c36b04e
HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360)
Location: http://h30097.www3.hp.com/cma/patches.html
Name: CPQIM360.SSL.01.tar.gz
MD5 Checksum: 1001a10ab642461c87540826dfe28652
Internet Express (IX) v 6.6 BIND
Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.
PRODUCT SPECIFIC INFORMATION
The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:
-OpenSSL 0.9.8d
-BIND 9.2.8 built with OpenSSL 0.9.8d
Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d
Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.
The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00849540
Version: 1
HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-01-17
Last Updated: 2007-01-23
Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with Apache running on HP-UX.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01
BACKGROUND
AFFECTED VERSIONS
For IPv4:
HP-UX B.11.00
HP-UX B.11.11
===========
hpuxwsAPACHE
action: install revision A.2.0.58.01 or subsequent
restart Apache
URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
For IPv6:
HP-UX B.11.11
===========
hpuxwsAPACHE,revision=B.1.0.00.01
hpuxwsAPACHE,revision=B.1.0.07.01
hpuxwsAPACHE,revision=B.1.0.08.01
hpuxwsAPACHE,revision=B.1.0.09.01
hpuxwsAPACHE,revision=B.1.0.10.01
hpuxwsAPACHE,revision=B.2.0.48.00
hpuxwsAPACHE,revision=B.2.0.49.00
hpuxwsAPACHE,revision=B.2.0.50.00
hpuxwsAPACHE,revision=B.2.0.51.00
hpuxwsAPACHE,revision=B.2.0.52.00
hpuxwsAPACHE,revision=B.2.0.53.00
hpuxwsAPACHE,revision=B.2.0.54.00
hpuxwsAPACHE,revision=B.2.0.55.00
hpuxwsAPACHE,revision=B.2.0.56.00
hpuxwsAPACHE,revision=B.2.0.58.00
action: install revision B.2.0.58.01 or subsequent
restart Apache
URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
HP-UX B.11.23
===========
hpuxwsAPACHE
action: install revision B.2.0.58.01 or subsequent
restart Apache
URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
END AFFECTED VERSIONS
RESOLUTION
HP has made the following software updates available to resolve the issue.
Software updates for the Apache-based Web Server are available from:
http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.
Apache Update Procedure
Check for Apache Installation
-----------------------------
To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system.
For example, the results of the command swlist -l product | grep -I apache
hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server
Stop Apache
-------------
Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time.
After determining which Apache is installed, stop Apache with the following commands:
for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop
Download and Install Apache
--------------------------
Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
Verify successful download by comparing the cksum with the value specified on the installation web page.
Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.
Removing Apache Installation
---------------------------
The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables.
%ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf
MANUAL ACTIONS: Yes - Update plus other actions
Install the revision of the product.
PRODUCT SPECIFIC INFORMATION
HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system.
For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA
HISTORY: rev.1 - 23 January 2007 Initial Release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
- check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
- verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2
CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2
CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4
CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8
CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8
CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6
CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1
CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8
CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve these vulnerabilities.
Kit Name
Location
HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers.
HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.
BACKGROUND
RESOLUTION
HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue.
--WfZ7S8PLGjBY9Voh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200610-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: OpenSSL: Multiple vulnerabilities
Date: October 24, 2006
Bugs: #145510
ID: 200610-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
OpenSSL contains multiple vulnerabilities including the possible remote
execution of arbitrary code.
Background
==========
OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport
Layer Security protocols and a general-purpose cryptography library. Additionally Dr.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All OpenSSL 0.9.8 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"
All OpenSSL 0.9.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"
References
==========
[ 1 ] CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
[ 2 ] CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
[ 3 ] CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
[ 4 ] CVE-2006-4343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200610-11.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license. Incorrect permissions on SSL key files generated by vmware-config
(CVE-2006-3589):
ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files.
(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.
(CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
padding before generating a hash, which allows remote attackers to
forge a PKCS #1 v1.5 signature that is signed by that RSA key and
prevents OpenSSL from correctly verifying X.509 and other
certificates that use PKCS #1. Updated OpenSSH package addresses the following possible security issues:
ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems
(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).
(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.
(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.
NOTE: ESX by default disables version 1 SSH protocol.
NOTE: ESX doesn't use GSSAPI by default.
(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.
NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk)
files:
ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files. Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.
VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros. NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr():
ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem
A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.
ESX 3.0.1
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
md5usm: 239375e107fd4c7af57663f023863fcb
ESX 3.0.0
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
md5sum: ca9947239fffda708f2c94f519df33dc
ESX 2.5.4
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
md5sum: 239375e107fd4c7af57663f023863fcb
ESX 2.5.3
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
md5sum: f90fcab28362edbf2311f3ca90cc7739
ESX 2.1.3
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f
ESX 2.0.2
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
md5sum: 925e70f28d17714c53fdbd24de64329f
5. References:
ESX 3.0.0 Patch URL:
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
Knowledge base URL: http://kb.vmware.com/kb/3069097
ESX 3.0.1 Patch URL:
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
Knowledge base URL: http://kb.vmware.com/kb/9986131
ESX 2.5.4 Patch URL:
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
ESX 2.5.3 Patch URL:
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
ESX 2.1.3 Patch URL:
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
ESX 2.0.2 Patch URL:
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980
6.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
VAR-200609-1495 | CVE-2006-4400 | OpenSSL SSLv2 client code fails to properly check for NULL |
CVSS V2: 5.1 CVSS V3: - Severity: MEDIUM |
Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Apple Mac OS X is prone to multiple security vulnerabilities.
These issue affect Mac OS X and various applications including Apple Type Services, CFNetwork, Finder, FTPD, Installer, PPP, Security Framework, VPN, and WebKit. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present.
Apple Mac OS X 10.4.8 and prior versions are vulnerable to these issues. A remote attacker could trigger this overflow by tricking a user into opening a specially crafted font file, causing a denial of service or executing arbitrary commands with system privileges
VAR-200609-1521 | CVE-2006-4343 | OpenSSL SSLv2 client code fails to properly check for NULL |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. OpenSSL Security Advisory [28th September 2006]
New OpenSSL releases are now available to correct four security
issues.
ASN.1 Denial of Service Attacks (CVE-2006-2937, CVE-2006-2940)
==============================================================
Vulnerability
-------------
Dr. Henson recently developed an ASN.1 test suite for NISCC
(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error
condition is mishandled. This can result in an infinite loop which
consumes system memory (CVE-2006-2937). (This issue did not affect
OpenSSL versions prior to 0.9.7)
2. Certain types of public key can take disproportionate amounts of
time to process. This could be used by an attacker in a denial of
service attack (CVE-2006-2940).
Any code which uses OpenSSL to parse ASN.1 data from untrusted sources
is affected. This includes SSL servers which enable client
authentication and S/MIME applications.
Acknowledgements
----------------
The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC
for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an
application that uses this function and overrun a buffer
(CVE-2006-3738).
Acknowledgements
----------------
The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google
Security Team for reporting this issue.
SSLv2 Client Crash (CVE-2006-4343)
==================================
Vulnerability
-------------
A flaw in the SSLv2 client code was discovered.
Acknowledgements
----------------
The OpenSSL team thank Tavis Ormandy and Will Drewry of the Google
Security Team for reporting this issue.
Recommendations
===============
These vulnerabilities are resolved in the following versions of OpenSSL:
- in the 0.9.7 branch, version 0.9.7l (or later);
- in the 0.9.8 branch, version 0.9.8d (or later).
OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via
HTTP and FTP from the following master locations (you can find the
various FTP mirrors under https://www.openssl.org/source/mirror.html):
o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/
The distribution file names are:
o openssl-0.9.8d.tar.gz
MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2
o openssl-0.9.7l.tar.gz
MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d
The checksums were calculated using the following commands:
openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz
After upgrading make sure to recompile any applications statically
linked to OpenSSL libraries and restart all applications that use
OpenSSL. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2007-0001
Synopsis: VMware ESX server security updates
Issue date: 2007-01-08
Updated on: 2007-01-08
CVE: CVE-2006-3589 CVE-2006-2937 CVE-2006-2940
CVE-2006-3738 CVE-2006-4339 CVE-2006-4343
CVE-2006-4980
- -------------------------------------------------------------------
1. Summary:
Updated ESX Patches address several security issues.
2. Relevant releases:
VMware ESX 3.0.1 without patch ESX-9986131
VMware ESX 3.0.0 without patch ESX-3069097
VMware ESX 2.5.4 prior to upgrade patch 3
VMware ESX 2.5.3 prior to upgrade patch 6
VMware ESX 2.1.3 prior to upgrade patch 4
VMware ESX 2.0.2 prior to upgrade patch 4
3. Problem description:
Problems addressed by these patches:
a. Incorrect permissions on SSL key files generated by vmware-config
(CVE-2006-3589):
ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
A possible security issue with the configuration program
vmware-config which could set incorrect permissions on SSL key
files. Local users may be able to obtain access to the SSL key
files. The Common Vulnerabilities and Exposures project
(cve.mitre.org) assigned the name CVE-2006-3589 to this issue.
b. OpenSSL library vulnerabilities:
ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
(CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
allows remote attackers to cause a denial of service (infinite
loop and memory consumption) via malformed ASN.1 structures that
trigger an improperly handled error condition.
(CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
and earlier versions allows attackers to cause a denial of service
(CPU consumption) via parasitic public keys with large (1) "public
exponent" or (2) "public modulus" values in X.509 certificates that
require extra time to process when using RSA signature verification.
(CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
padding before generating a hash, which allows remote attackers to
forge a PKCS #1 v1.5 signature that is signed by that RSA key and
prevents OpenSSL from correctly verifying X.509 and other
certificates that use PKCS #1.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,
CVE-2006-4339, and CVE-2006-4343 to these issues.
c. Updated OpenSSH package addresses the following possible security issues:
ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by Patch ESX-3069097
ESX 2.5.4: does not have these problems
ESX 2.5.3: does not have these problems
ESX 2.1.3: does not have these problems
ESX 2.0.2: does not have these problems
(CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
other versions, when using privilege separation, does not properly
signal the non-privileged process when a session has been terminated
after exceeding the LoginGraceTime setting, which leaves the
connection open and allows remote attackers to cause a denial of
service (connection consumption).
(CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters
or spaces, which are expanded twice.
(CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
access by numeric IP addresses and with VerifyReverseMapping
disabled, allows remote attackers to bypass "from=" and "user@host"
address restrictions by connecting to a host from a system whose
reverse DNS hostname contains the numeric IP address.
(CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
SSH protocol, allows remote attackers to cause a denial of service
(CPU consumption) via an SSH packet that contains duplicate blocks,
which is not properly handled by the CRC compensation attack
detector.
NOTE: ESX by default disables version 1 SSH protocol.
NOTE: ESX doesn't use GSSAPI by default.
(CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
Separation Monitor in OpenSSH before 4.5 causes weaker verification
that authentication has been successful, which might allow attackers
to bypass authentication.
NOTE: as of 20061108, it is believed that this issue is only
exploitable by leveraging vulnerabilities in the unprivileged
process, which are not known to exist.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,
CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues.
d. Object reuse problems with newly created virtual disk (.vmdk or .dsk)
files:
ESX 3.0.1: does not have this problem
ESX 3.0.0: does not have this problem
ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)
A possible security issue with virtual disk (.vmdk or .dsk) files
that are newly created, but contain blocks from recently deleted
virtual disk files. Information belonging to the previously
deleted virtual disk files could be revealed in newly created
virtual disk files.
VMware recommends the following workaround: When creating new
virtual machines on an ESX Server that may contain sensitive
data, use vmkfstools with the -W option. This initializes the
virtual disk with zeros. NOTE: ESX 3.x defines this option as -w.
e. Buffer overflow in Python function repr():
ESX 3.0.1: corrected by Patch ESX-9986131
ESX 3.0.0: corrected by ESX-3069097
ESX 2.5.4: does not have this problem
ESX 2.5.3: does not have this problem
ESX 2.1.3: does not have this problem
ESX 2.0.2: does not have this problem
A possible security issue with how the Python function repr()
function handles UTF-32/UCS-4 strings.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the name CVE-2006-4980 to this issue.
4. Solution:
Please review the Patch notes for your version of ESX and verify the md5sum.
ESX 3.0.1
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
md5usm: 239375e107fd4c7af57663f023863fcb
ESX 3.0.0
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
md5sum: ca9947239fffda708f2c94f519df33dc
ESX 2.5.4
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
md5sum: 239375e107fd4c7af57663f023863fcb
ESX 2.5.3
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
md5sum: f90fcab28362edbf2311f3ca90cc7739
ESX 2.1.3
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f
ESX 2.0.2
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
md5sum: 925e70f28d17714c53fdbd24de64329f
5. References:
ESX 3.0.0 Patch URL:
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
Knowledge base URL: http://kb.vmware.com/kb/3069097
ESX 3.0.1 Patch URL:
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
Knowledge base URL: http://kb.vmware.com/kb/9986131
ESX 2.5.4 Patch URL:
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
ESX 2.5.3 Patch URL:
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
ESX 2.1.3 Patch URL:
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
ESX 2.0.2 Patch URL:
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980
6. Contact:
http://www.vmware.com/security
VMware Security Response Policy
http://www.vmware.com/vmtn/technology/security/security_response.html
E-mail: security@vmware.com
Copyright 2007 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE
neFG0RikD74TCYeXKW6CBy4=
=9/6k
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
.
________________________________________________________________________
References:
[0] http://www.openssl.org/news/secadv_20060928.txt
[1] http://www.openssl.org/
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
[5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
________________________________________________________________________
For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg@openpkg.org>" (ID 63C4CB9F) of the
OpenPKG project which you can retrieve from http://pgp.openpkg.org and
hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org
for details on how to verify the integrity of this advisory.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm
8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm
3a68c653ba0339ba99162459385c72e2 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm
8291bde3bd9aa95533aabc07280203b8 2006.0/i586/openssl-0.9.7g-2.4.20060mdk.i586.rpm
52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
b2ce6e6bb7e3114663d3a074d0cc7da5 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mdk.x86_64.rpm
f7c8dbc2eda0c90547d43661454d1068 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mdk.x86_64.rpm
7c9ebd9f9179f4e93627dcf0f3442335 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.x86_64.rpm
17e2d82c3f6c0afbf48eccbfbcc17b55 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mdk.i586.rpm
8c3f89e1900f069d4a4ad3162a9f7d78 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mdk.i586.rpm
3a68c653ba0339ba99162459385c72e2 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mdk.i586.rpm
6ce5832a59b8b67425cb7026ea9dc876 2006.0/x86_64/openssl-0.9.7g-2.4.20060mdk.x86_64.rpm
52b3fbfc1389bcd73e406d6ff741e9dc 2006.0/SRPMS/openssl-0.9.7g-2.4.20060mdk.src.rpm
Mandriva Linux 2007.0:
1bfeff47c8d2f6c020c459881be68207 2007.0/i586/libopenssl0.9.8-0.9.8b-2.1mdv2007.0.i586.rpm
1e1a4db54ddfaedb08a6d847422099ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.1mdv2007.0.i586.rpm
59c80405f33b2e61ffd3cef025635e21 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.i586.rpm
3a6657970a2e7661bd869d221a69c8da 2007.0/i586/openssl-0.9.8b-2.1mdv2007.0.i586.rpm
aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
af679c647d97214244a8423dc1a766b7 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.1mdv2007.0.x86_64.rpm
d7b1ed07df4115b3bcc3907e00d25a89 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm
5bd3ece2c0ec7a3201c29fa84e25a75a 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.1mdv2007.0.x86_64.rpm
9b028020dba009eddbf06eeb8607b87f 2007.0/x86_64/openssl-0.9.8b-2.1mdv2007.0.x86_64.rpm
aad29e57ddceb66105af5d6434de9a62 2007.0/SRPMS/openssl-0.9.8b-2.1mdv2007.0.src.rpm
Corporate 3.0:
c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm
98a925c5ba2ecc9d704b1e730035755e corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.C30mdk.i586.rpm
151493a50693e3b9cc67bfafadb9ce42 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.i586.rpm
82b4709bdbb9128746887013a724356a corporate/3.0/i586/openssl-0.9.7c-3.6.C30mdk.i586.rpm
a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm
Corporate 3.0/X86_64:
01a922d80d6fc9d1b36dde15ee27747e corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.6.C30mdk.x86_64.rpm
30268f0b70862d1f5998694ac8b4addc corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.6.C30mdk.x86_64.rpm
e0388ff1efa34ea55d033e95b4e9bb63 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.6.C30mdk.x86_64.rpm
c99ea58f6f4959a4c36398cc6b2b4ee2 corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.6.C30mdk.i586.rpm
83759622f0cc8ea9c0f6d32671283354 corporate/3.0/x86_64/openssl-0.9.7c-3.6.C30mdk.x86_64.rpm
a5bdbe6afa52005a734dc18aa951677d corporate/3.0/SRPMS/openssl-0.9.7c-3.6.C30mdk.src.rpm
Corporate 4.0:
6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm
22890554d3096ce596eeec7393ee3fcf corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm
679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm
d8477333b67ec3a36ba46c50e6183993 corporate/4.0/i586/openssl-0.9.7g-2.4.20060mlcs4.i586.rpm
b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
746e5e916d1e05379373138a5db20923 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.4.20060mlcs4.x86_64.rpm
a2b1d750075a32fe8badbdf1f7febafe corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm
47c464cf890a004f772c1db3e839fa12 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.x86_64.rpm
6d71d2358738be9967b2dfe19d3642f1 corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.4.20060mlcs4.i586.rpm
22890554d3096ce596eeec7393ee3fcf corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.4.20060mlcs4.i586.rpm
679fe740859fa35b2bb77b19c4a0e787 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.4.20060mlcs4.i586.rpm
1030a6124a9fa4fd5a41bdff077301bf corporate/4.0/x86_64/openssl-0.9.7g-2.4.20060mlcs4.x86_64.rpm
b65dbbd9fb3d74d302478640476a2cd2 corporate/4.0/SRPMS/openssl-0.9.7g-2.4.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
19055eda58e1f75814e594ce7709a710 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.6.M20mdk.i586.rpm
abfe548617969f619aec5b0e807f1f67 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.6.M20mdk.i586.rpm
92e7515c9125367a79fdb490f5b39cd4 mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.6.M20mdk.i586.rpm
847eecb1d07e4cab3d1de1452103c3a0 mnf/2.0/i586/openssl-0.9.7c-3.6.M20mdk.i586.rpm
b6b67fa82d7119cde7ab7816aed17059 mnf/2.0/SRPMS/openssl-0.9.7c-3.6.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFHA4hmqjQ0CJFipgRApknAJ9Ybd8xjfkR+RL1fWEI2Fgn/KIuqACeOH/0
wB09L3fylyiHgrXvSV6VL7A=
=/+dm
-----END PGP SIGNATURE-----
VAR-200609-1549 | CVE-2006-4409 | OpenSSL SSLv2 client code fails to properly check for NULL |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. This vulnerability may result in the use of revoked certificates. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Apple Mac OS X is prone to multiple security vulnerabilities.
These issue affect Mac OS X and various applications including Apple Type Services, CFNetwork, Finder, FTPD, Installer, PPP, Security Framework, VPN, and WebKit. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present.
Apple Mac OS X 10.4.8 and prior versions are vulnerable to these issues
VAR-200110-0367 | CVE-2006-2937 | OpenSSL may fail to properly parse invalid ASN.1 structures |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures.
An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users
VAR-200609-1610 | CVE-2006-4407 | OpenSSL SSLv2 client code fails to properly check for NULL |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. This vulnerability may allow traffic to be weakly encrypted. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present. When making a connection, the best cipher supported by both parties should be used. Due to errors in the priority order of credentials, Secure Transport may use ciphers that do not provide encryption or authentication when better ciphers are available
VAR-200609-1595 | CVE-2006-4406 | OpenSSL SSLv2 client code fails to properly check for NULL |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3.x up to 10.3.9, when PPPoE is enabled, allows remote attackers to execute arbitrary code via unspecified vectors. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The Apple Mac OS X PPP driver fails to properly handle PPPoE Active Discovery Initiation (PADI) packets. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures.
These issue affect Mac OS X and various applications including Apple Type Services, CFNetwork, Finder, FTPD, Installer, PPP, Security Framework, VPN, and WebKit. Both local and remote vulnerabilities are present
VAR-200609-1597 | CVE-2006-2937 | OpenSSL may fail to properly parse invalid ASN.1 structures |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures.
An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------
~ VMware Security Advisory
Advisory ID: VMSA-2008-0005
Synopsis: Updated VMware Workstation, VMware Player, VMware
~ Server, VMware ACE, and VMware Fusion resolve
~ critical security issues
Issue date: 2008-03-17
Updated on: 2008-03-17 (initial release of advisory)
CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361
~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940
~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339
~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363
~ CVE-2008-1340
- -------------------------------------------------------------------
1. Summary:
~ Several critical security vulnerabilities have been addressed
~ in the newest releases of VMware's hosted product line.
2. Relevant releases:
~ VMware Workstation 6.0.2 and earlier
~ VMware Workstation 5.5.4 and earlier
~ VMware Player 2.0.2 and earlier
~ VMware Player 1.0.4 and earlier
~ VMware ACE 2.0.2 and earlier
~ VMware ACE 1.0.2 and earlier
~ VMware Server 1.0.4 and earlier
~ VMware Fusion 1.1 and earlier
3. Problem description:
~ a. Host to guest shared folder (HGFS) traversal vulnerability
~ On Windows hosts, if you have configured a VMware host to guest
~ shared folder (HGFS), it is possible for a program running in the
~ guest to gain access to the host's file system and create or modify
~ executable files in sensitive locations.
NOTE: VMware Server is not affected because it doesn't use host to
~ guest shared folders. No versions of ESX Server, including
~ ESX Server 3i, are affected by this vulnerability. Because
~ ESX Server is based on a bare-metal hypervisor architecture
~ and not a hosted architecture, and it doesn't include any
~ shared folder abilities. Fusion and Linux based hosted
~ products are unaffected.
~ VMware would like to thank CORE Security Technologies for
~ working with us on this issue. This addresses advisory
~ CORE-2007-0930.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2008-0923 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ b. Insecure named pipes
~ An internal security audit determined that a malicious Windows
~ user could attain and exploit LocalSystem privileges by causing
~ the authd process to connect to a named pipe that is opened and
~ controlled by the malicious user.
~ The same internal security audit determined that a malicious
~ Windows user could exploit an insecurely created named pipe
~ object to escalate privileges or create a denial of service
~ attack. In this situation, the malicious user could
~ successfully impersonate authd and attain privileges under
~ which Authd is executing.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these
~ issues.
~ Windows Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ c. Updated libpng library to version 1.2.22 to address various
~ security vulnerabilities
~ Several flaws were discovered in the way libpng handled various PNG
~ image chunks. An attacker could create a carefully crafted PNG
~ image file in such a way that it could cause an application linked
~ with libpng to crash when the file was manipulated.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2007-5269 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ NOTE: Fusion is not affected by this issue.
~ d. Updated OpenSSL library to address various security vulnerabilities
~ Updated OpenSSL fixes several security flaws were discovered
~ in previous versions of OpenSSL.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the following names to these issues: CVE-2006-2940,
~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ NOTE: Fusion is not affected by this issue.
~ e. VIX API default setting changed to a more secure default value
~ Workstation 6.0.2 allowed anonymous console access to the guest by
~ means of the VIX API. This release, Workstation 6.0.3, disables
~ this feature. This means that the Eclipse Integrated Virtual
~ Debugger and the Visual Studio Integrated Virtual Debugger will now
~ prompt for user account credentials to access a guest.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ f. Windows 2000 based hosted products privilege escalation
~ vulnerability
~ This release addresses a potential privilege escalation on
~ Windows 2000 hosted products. Certain services may be improperly
~ registered and present a security vulnerability to Windows 2000
~ machines.
~ VMware would like to thank Ray Hicken for reporting this issue and
~ David Maciejak for originally pointing out these types of
~ vulnerabilities.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2007-5618 to this issue.
~ Windows versions of Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ NOTE: Fusion and Linux based products are not affected by this
~ issue.
~ g. DHCP denial of service vulnerability
~ A potential denial of service issue affects DHCP service running
~ on the host.
~ VMware would like to thank Martin O'Neal for reporting this issue.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2008-1364 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)
~ NOTE: This issue doesn't affect the latest versions of VMware
~ Workstation 6, VMware Player 2, and ACE 2 products.
~ h. Local Privilege Escalation on Windows based platforms by
~ Hijacking VMware VMX configuration file
~ VMware uses a configuration file named "config.ini" which
~ is located in the application data directory of all users.
~ By manipulating this file, a user could gain elevated
~ privileges by hijacking the VMware VMX process.
~ VMware would like to thank Sun Bing for reporting the issue.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2008-1363 to this issue.
~ Windows based Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ i. Virtual Machine Communication Interface (VMCI) memory corruption
~ resulting in denial of service
~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,
~ and VMware ACE 2.0. It is an experimental, optional feature and
~ it may be possible to crash the host system by making specially
~ crafted calls to the VMCI interface. This may result in denial
~ of service via memory exhaustion and memory corruption.
~ VMware would like to thank Andrew Honig of the Department of
~ Defense for reporting this issue.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2008-1340 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
4. Solution:
Please review the Patch notes for your product and version and verify
the md5sum of your downloaded file.
~ VMware Workstation 6.0.3
~ ------------------------
~ http://www.vmware.com/download/ws/
~ Release notes:
~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
~ Windows binary
~ md5sum: 323f054957066fae07735160b73b91e5
~ RPM Installation file for 32-bit Linux
~ md5sum: c44183ad11082f05593359efd220944e
~ tar Installation file for 32-bit Linux
~ md5sum: 57601f238106cb12c1dea303ad1b4820
~ RPM Installation file for 64-bit Linux
~ md5sum: e9ba644be4e39556724fa2901c5e94e9
~ tar Installation file for 64-bit Linux
~ md5sum: d8d423a76f99a94f598077d41685e9a9
~ VMware Workstation 5.5.5
~ ------------------------
~ http://www.vmware.com/download/ws/ws5.html
~ Release notes:
~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
~ Windows binary
~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3
~ Compressed Tar archive for 32-bit Linux
~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb
~ Linux RPM version for 32-bit Linux
~ md5sum: c222b6db934deb9c1bb79b16b25a3202
~ VMware Server 1.0.5
~ -------------------
~ http://www.vmware.com/download/server/
~ Release notes:
~ http://www.vmware.com/support/server/doc/releasenotes_server.html
~ VMware Server for Windows 32-bit and 64-bit
~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc
~ VMware Server Windows client package
~ md5sum: cb3dd2439203dc510f4d95f06ba59d21
~ VMware Server for Linux
~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e
~ VMware Server for Linux rpm
~ md5sum: fc3b81ed18b53eda943a992971e9f84a
~ Management Interface
~ md5sum: dd10d25895d9994bd27ca896152f48ef
~ VMware Server Linux client package
~ md5sum: aae18f1f7b8811b5499e3a358754d4f8
~ VMware ACE 2.0.3 and 1.0.5
~ --------------------------
~ http://www.vmware.com/download/ace/
~ Windows Release notes:
~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
~ VMware Fusion 1.1.1
~ -------------------
~ http://www.vmware.com/download/fusion/
~ Release notes:
~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html
~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0
~ VMware Player 2.0.3 and 1.0.6
~ ----------------------
~ http://www.vmware.com/download/player/
~ Release notes Player 1.x:
~ http://www.vmware.com/support/player/doc/releasenotes_player.html
~ Release notes Player 2.0
~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html
~ 2.0.3 Windows binary
~ md5sum: 0c5009d3b569687ae139e13d24c868d3
~ VMware Player 2.0.3 for Linux (.rpm)
~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2
~ VMware Player 2.0.3 for Linux (.tar)
~ md5sum: 2305fcff49bef6e4ad83742412eac978
~ VMware Player 2.0.3 - 64-bit (.rpm)
~ md5sum: cf945b571c4d96146ede010286fdfca5
~ VMware Player 2.0.3 - 64-bit (.tar)
~ md5sum: f99c5b293eb87c5f918ad24111565b9f
~ 1.0.6 Windows binary
~ md5sum: 895081406c4de5361a1700ec0473e49c
~ Player 1.0.6 for Linux (.rpm)
~ md5sum: 8adb23799dd2014be0b6d77243c76942
~ Player 1.0.6 for Linux (.tar)
~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f
5. References:
~ CVE numbers
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340
- -------------------------------------------------------------------
6. Contact:
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
~ * security-announce@lists.vmware.com
~ * bugtraq@securityfocus.com
~ * full-disclosure@lists.grok.org.uk
E-mail: security@vmware.com
Security web site
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2008 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv
Cv8MnL2bYPyDfYQ3f4IUL+w=
=tFXS
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00967144
Version: 1
HPSBTU02207 SSRT061213, SSRT061239, SSRT071304 rev.1 - HP Tru64 UNIX SSL and BIND Remote Arbitrary Code Execution or Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-04-12
Last Updated: 2007-04-12
Potential Security Impact: Remote unauthenticated arbitrary code execution or Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified on the Secure Sockets Layer (SSL) and BIND running on the HP Tru64 UNIX Operating System that may allow a remote attacker to execute arbitrary code or cause a Denial of Service (DoS).
References: VU#547300, VU#386964, CAN-2006-4339, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 (SSL)
VU#697164, VU#915404, CVE-2007-0493, CVE-2007-0494 (BIND)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
The following supported software versions are affected:
HP Tru64 UNIX v 5.1B-4 (SSL and BIND)
HP Tru64 UNIX v 5.1B-3 (SSL and BIND)
HP Tru64 UNIX v 5.1A PK6 (BIND)
HP Tru64 UNIX v 4.0G PK4 (BIND)
HP Tru64 UNIX v 4.0F PK8 (BIND)
Internet Express (IX) v 6.6 BIND (BIND)
HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL)
BACKGROUND
RESOLUTION
HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities.
The fixes contained in the ERP kits will be available in the following mainstream releases:
-Targeted for availability in HP Tru64 UNIX v 5.1B-5
-Internet Express (IX) v 6.7
-HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available)
HP Tru64 UNIX Version 5.1B-4 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321
Name: T64KIT1001167-V51BB27-ES-20070321
MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd
HP Tru64 UNIX Version 5.1B-3 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315
Name: T64KIT1001163-V51BB26-ES-20070315
MD5 Checksum: d376d403176f0dbe7badd4df4e91c126
HP Tru64 UNIX Version 5.1A PK6 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314
Name: T64KIT1001160-V51AB24-ES-20070314
MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7
HP Tru64 UNIX Version 4.0G PK4 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316
Name: T64KIT1001166-V40GB22-ES-20070316
MD5 Checksum: a446c39169b769c4a03c654844d5ac45
HP Tru64 UNIX Version 4.0F PK8 ERP Kit
Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316
Name: DUXKIT1001165-V40FB22-ES-20070316
MD5 Checksum: 718148c87a913536b32a47af4c36b04e
HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360)
Location: http://h30097.www3.hp.com/cma/patches.html
Name: CPQIM360.SSL.01.tar.gz
MD5 Checksum: 1001a10ab642461c87540826dfe28652
Internet Express (IX) v 6.6 BIND
Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version.
PRODUCT SPECIFIC INFORMATION
The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches:
-OpenSSL 0.9.8d
-BIND 9.2.8 built with OpenSSL 0.9.8d
Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d
Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version.
The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4.
HISTORY
Version:1 (rev.1) - 12 April 2007 Initial release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
- check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
- verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
--WfZ7S8PLGjBY9Voh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200610-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: OpenSSL: Multiple vulnerabilities
Date: October 24, 2006
Bugs: #145510
ID: 200610-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
OpenSSL contains multiple vulnerabilities including the possible remote
execution of arbitrary code.
Background
==========
OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport
Layer Security protocols and a general-purpose cryptography library.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/openssl < 0.9.8d >= 0.9.8d
*>= 0.9.7l
Description
===========
Tavis Ormandy and Will Drewry, both of the Google Security Team,
discovered that the SSL_get_shared_ciphers() function contains a buffer
overflow vulnerability, and that the SSLv2 client code contains a flaw
leading to a crash. Additionally Dr. Stephen N. Henson found that the
ASN.1 handler contains two Denial of Service vulnerabilities: while
parsing an invalid ASN.1 structure and while handling certain types of
public key. Finally a
malicious server could crash a SSLv2 client through the SSLv2
vulnerability.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All OpenSSL 0.9.8 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"
All OpenSSL 0.9.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"
References
==========
[ 1 ] CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
[ 2 ] CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
[ 3 ] CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
[ 4 ] CVE-2006-4343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200610-11.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license
VAR-200609-1614 | CVE-2006-4396 | OpenSSL SSLv2 client code fails to properly check for NULL |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Apple Mac OS X is prone to multiple security vulnerabilities.
These issue affect Mac OS X and various applications including Apple Type Services, CFNetwork, Finder, FTPD, Installer, PPP, Security Framework, VPN, and WebKit. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present.
Apple Mac OS X 10.4.8 and prior versions are vulnerable to these issues
VAR-200609-1606 | CVE-2006-4412 | OpenSSL SSLv2 client code fails to properly check for NULL |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Apple Safari WebKit fails to properly deallocate objects. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Apple Mac OS X is prone to multiple security vulnerabilities.
These issue affect Mac OS X and various applications including Apple Type Services, CFNetwork, Finder, FTPD, Installer, PPP, Security Framework, VPN, and WebKit. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, overwrite files, and access potentially sensitive information. Both local and remote vulnerabilities are present.
Apple Mac OS X 10.4.8 and prior versions are vulnerable to these issues
VAR-200609-1587 | CVE-2006-5710 | OpenSSL SSLv2 client code fails to properly check for NULL |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The Airport driver for certain Orinoco based Airport cards in Darwin kernel 8.8.0 in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via an 802.11 probe response frame without any valid information element (IE) fields after the header, which triggers a heap-based buffer overflow. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects the eMac, iBook, iMac, PowerBook G3, PowerBook G4, and Power Mac G4 computers which were equipped with an original AirPort card. Computers with an AirPort Extreme are not affected. An Apple AirPort device is a wireless access point that provides 802.11 services to network clients. There is a memory corruption vulnerability in Apple AirPort when processing malformed probe response packets
VAR-200609-1634 | CVE-2006-4343 | OpenSSL SSLv2 client code fails to properly check for NULL |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. OpenSSL is prone to a denial-of-service vulnerability. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well.
The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. Henson recently developed an ASN.1 test suite for NISCC
(www.niscc.gov.uk). During the parsing of certain invalid ASN.1 structures an error
condition is mishandled. (This issue did not affect
OpenSSL versions prior to 0.9.7)
2. Certain types of public key can take disproportionate amounts of
time to process.
Any code which uses OpenSSL to parse ASN.1 data from untrusted sources
is affected. This includes SSL servers which enable client
authentication and S/MIME applications.
Acknowledgements
----------------
The OpenSSL team thank Dr S. Henson of Open Network Security and NISCC
for funding the ASN.1 test suite project. An attacker could send a list of ciphers to an
application that uses this function and overrun a buffer
(CVE-2006-3738).
SSLv2 Client Crash (CVE-2006-4343)
==================================
Vulnerability
-------------
A flaw in the SSLv2 client code was discovered.
Recommendations
===============
These vulnerabilities are resolved in the following versions of OpenSSL:
- in the 0.9.7 branch, version 0.9.7l (or later);
- in the 0.9.8 branch, version 0.9.8d (or later).
OpenSSL 0.9.8d and OpenSSL 0.9.7l are available for download via
HTTP and FTP from the following master locations (you can find the
various FTP mirrors under https://www.openssl.org/source/mirror.html):
o https://www.openssl.org/source/
o ftp://ftp.openssl.org/source/
The distribution file names are:
o openssl-0.9.8d.tar.gz
MD5 checksum: 8ed1853538e1d05a1f5ada61ebf8bffa
SHA1 checksum: 4136fba00303a3d319d2052bfa8e1f09a2e12fc2
o openssl-0.9.7l.tar.gz
MD5 checksum: b21d6e10817ddeccf5fbe1379987333e
SHA1 checksum: f0e4136639b10cbd1227c4f7350ff7ad406e575d
The checksums were calculated using the following commands:
openssl md5 openssl-0.9*.tar.gz
openssl sha1 openssl-0.9*.tar.gz
After upgrading make sure to recompile any applications statically
linked to OpenSSL libraries and restart all applications that use
OpenSSL.
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv_20060928.txt
. rPath Security Advisory: 2006-0175-2
Published: 2006-09-28
Updated:
2006-09-29 Resolved issue in patch for CVE-2006-2940
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Remote Deterministic Unauthorized Access
Updated Versions:
openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1
openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
http://issues.rpath.com/browse/RPL-613
Description:
Previous versions of the openssl package are vulnerable to multiple
attacks.
In particular, any connection that the mysql daemon will accept
may be vulnerable. In the default configuration of mysql, that
would be a local unauthorized access vulnerability, but mysql can
be configured to listen for network connections from remote hosts,
which would then enable remote unauthorized access. Any program
that calls the SSL_get_shared_ciphers() function may be vulnerable.
29 September 2006 Update: The initial fix for this vulnerability was
incomplete, and the fault in the fix could enable a Denial of Service
attack in some cases of the attack described in CVE-2006-2940.
_______________________________________________
Full-Disclosure - We believe in it. (CVE-2006-4343)
Updated packages are patched to address these issues.
Update:
There was an error in the original published patches for CVE-2006-2940.
New packages have corrected this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm
f86f3a2efd19ff5fb1600212cbd8e463 2006.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm
73b99c1a8a34fe3c2279c09c4f385804 2006.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm
526fcd69e1a1768c82afd573dc16982f 2006.0/i586/openssl-0.9.7g-2.5.20060mdk.i586.rpm
441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
54ed69fc4976d3c0953eeebd3c10471a 2006.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mdk.x86_64.rpm
632fbe5eaff684ec2f27da4bbe93c4f6 2006.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mdk.x86_64.rpm
04dbe52bda3051101db73fabe687bd7e 2006.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.x86_64.rpm
5e48a8d9a6a03a045b6d0d2b6903dc5b 2006.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mdk.i586.rpm
f86f3a2efd19ff5fb1600212cbd8e463 2006.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mdk.i586.rpm
73b99c1a8a34fe3c2279c09c4f385804 2006.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mdk.i586.rpm
ca169246cc85db55839b265b90e8c842 2006.0/x86_64/openssl-0.9.7g-2.5.20060mdk.x86_64.rpm
441a806fc8a50f74f5b4bcfce1fc8f66 2006.0/SRPMS/openssl-0.9.7g-2.5.20060mdk.src.rpm
Mandriva Linux 2007.0:
db68f8f239604fb76a0a10c70104ef61 2007.0/i586/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm
26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/i586/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm
ab949cf85296ceae864f83fbbac2b55a 2007.0/i586/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm
a97c6033a33fabcd5509568304b7a988 2007.0/i586/openssl-0.9.8b-2.2mdv2007.0.i586.rpm
78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
1895971ef1221056075c4ee3d4aaac72 2007.0/x86_64/lib64openssl0.9.8-0.9.8b-2.2mdv2007.0.x86_64.rpm
cfd59201e5e9c436f42b969b4aa567f1 2007.0/x86_64/lib64openssl0.9.8-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm
36da85c76eddf95feeb3f4b792528483 2007.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.x86_64.rpm
db68f8f239604fb76a0a10c70104ef61 2007.0/x86_64/libopenssl0.9.8-0.9.8b-2.2mdv2007.0.i586.rpm
26a4de823aee08e40d28ed7e6ff5b2ff 2007.0/x86_64/libopenssl0.9.8-devel-0.9.8b-2.2mdv2007.0.i586.rpm
ab949cf85296ceae864f83fbbac2b55a 2007.0/x86_64/libopenssl0.9.8-static-devel-0.9.8b-2.2mdv2007.0.i586.rpm
e3aebeae455a0820c5f28483bd6d3fa5 2007.0/x86_64/openssl-0.9.8b-2.2mdv2007.0.x86_64.rpm
78964615b7bd71028671257640be3bc5 2007.0/SRPMS/openssl-0.9.8b-2.2mdv2007.0.src.rpm
Corporate 3.0:
7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm
1e7834f6f0fe000f8f00ff49ee6f7ea0 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.C30mdk.i586.rpm
6c86220445ef34c2dadadc3e00701885 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.i586.rpm
c25c4042a91b6e7bf9aae1aa2fea32a5 corporate/3.0/i586/openssl-0.9.7c-3.7.C30mdk.i586.rpm
2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm
Corporate 3.0/X86_64:
52dfd4d10e00c9bd0944e4486190de93 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.7.C30mdk.x86_64.rpm
258a19afc44dadfaa00d0ebd8b3c0df4 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.7.C30mdk.x86_64.rpm
cd5cc151e476552be549c6a37b8a71ea corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.7.C30mdk.x86_64.rpm
7f60837e42b45ce50f365ec1372d6aeb corporate/3.0/x86_64/libopenssl0.9.7-0.9.7c-3.7.C30mdk.i586.rpm
492fcc0df9172557a3297d0082321d4d corporate/3.0/x86_64/openssl-0.9.7c-3.7.C30mdk.x86_64.rpm
2c47b1604aa89033799b1ead4bcebe01 corporate/3.0/SRPMS/openssl-0.9.7c-3.7.C30mdk.src.rpm
Corporate 4.0:
76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm
0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm
86dc91f1701293f3319a833746bbe421 corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm
daa6c3473f59405778dedd02de73fcc9 corporate/4.0/i586/openssl-0.9.7g-2.5.20060mlcs4.i586.rpm
a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
b5ae71aacd5b99be9e9327d58da29230 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.5.20060mlcs4.x86_64.rpm
89296e03778a198940c1c413e44b9f45 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm
cb17a0d801c1181ab380472b8ffb085e corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.x86_64.rpm
76b3078e53be2ddc019bee74ccb1f39e corporate/4.0/x86_64/libopenssl0.9.7-0.9.7g-2.5.20060mlcs4.i586.rpm
0aa4ca3b0d2925255650fb90132d7aad corporate/4.0/x86_64/libopenssl0.9.7-devel-0.9.7g-2.5.20060mlcs4.i586.rpm
86dc91f1701293f3319a833746bbe421 corporate/4.0/x86_64/libopenssl0.9.7-static-devel-0.9.7g-2.5.20060mlcs4.i586.rpm
8d9a55afdc6d930916bac00fd4c4739b corporate/4.0/x86_64/openssl-0.9.7g-2.5.20060mlcs4.x86_64.rpm
a8d2a946d266a94c6d46537ad78b18fa corporate/4.0/SRPMS/openssl-0.9.7g-2.5.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
cd7ad7e95ce17995dfa8129ebe517049 mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.7.M20mdk.i586.rpm
11771240baebdc6687af70a8a0f2ffd2 mnf/2.0/i586/libopenssl0.9.7-devel-0.9.7c-3.7.M20mdk.i586.rpm
8f672bc81b9528598a8560d876612bfa mnf/2.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.7.M20mdk.i586.rpm
214f857a36e5c3e600671b7291cd08ae mnf/2.0/i586/openssl-0.9.7c-3.7.M20mdk.i586.rpm
bbb299fd643ccbfbdc1a48b12c7005ce mnf/2.0/SRPMS/openssl-0.9.7c-3.7.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFIU7bmqjQ0CJFipgRAuYAAKCZlwMqJzrVCpKYdEqs+UiyM6WrSQCfeIv3
mAaLoEPfjUca1TR98vgpZUU=
=Ff9O
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
.
________________________________________________________________________
References:
[0] http://www.openssl.org/news/secadv_20060928.txt
[1] http://www.openssl.org/
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
[5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
________________________________________________________________________
For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg@openpkg.org>" (ID 63C4CB9F) of the
OpenPKG project which you can retrieve from http://pgp.openpkg.org and
hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org
for details on how to verify the integrity of this advisory. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00849540
Version: 1
HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2007-01-17
Last Updated: 2007-01-23
Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01
BACKGROUND
AFFECTED VERSIONS
For IPv4:
HP-UX B.11.00
HP-UX B.11.11
===========
hpuxwsAPACHE
action: install revision A.2.0.58.01 or subsequent
restart Apache
URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
For IPv6:
HP-UX B.11.11
===========
hpuxwsAPACHE,revision=B.1.0.00.01
hpuxwsAPACHE,revision=B.1.0.07.01
hpuxwsAPACHE,revision=B.1.0.08.01
hpuxwsAPACHE,revision=B.1.0.09.01
hpuxwsAPACHE,revision=B.1.0.10.01
hpuxwsAPACHE,revision=B.2.0.48.00
hpuxwsAPACHE,revision=B.2.0.49.00
hpuxwsAPACHE,revision=B.2.0.50.00
hpuxwsAPACHE,revision=B.2.0.51.00
hpuxwsAPACHE,revision=B.2.0.52.00
hpuxwsAPACHE,revision=B.2.0.53.00
hpuxwsAPACHE,revision=B.2.0.54.00
hpuxwsAPACHE,revision=B.2.0.55.00
hpuxwsAPACHE,revision=B.2.0.56.00
hpuxwsAPACHE,revision=B.2.0.58.00
action: install revision B.2.0.58.01 or subsequent
restart Apache
URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
HP-UX B.11.23
===========
hpuxwsAPACHE
action: install revision B.2.0.58.01 or subsequent
restart Apache
URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
END AFFECTED VERSIONS
RESOLUTION
HP has made the following software updates available to resolve the issue.
Software updates for the Apache-based Web Server are available from:
http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.
Apache Update Procedure
Check for Apache Installation
-----------------------------
To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system.
For example, the results of the command swlist -l product | grep -I apache
hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server
Stop Apache
-------------
Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time.
After determining which Apache is installed, stop Apache with the following commands:
for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop
Download and Install Apache
--------------------------
Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
Verify successful download by comparing the cksum with the value specified on the installation web page.
Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.
Removing Apache Installation
---------------------------
The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables.
%ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf
MANUAL ACTIONS: Yes - Update plus other actions
Install the revision of the product.
PRODUCT SPECIFIC INFORMATION
HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system.
For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA
HISTORY: rev.1 - 23 January 2007 Initial Release
Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
- check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
- verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2007 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2
CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2
CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4
CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8
CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8
CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6
CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1
CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8
CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve these vulnerabilities.
Kit Name
Location
HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers.
HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows.
BACKGROUND
RESOLUTION
HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue.
--WfZ7S8PLGjBY9Voh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200610-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: OpenSSL: Multiple vulnerabilities
Date: October 24, 2006
Bugs: #145510
ID: 200610-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
OpenSSL contains multiple vulnerabilities including the possible remote
execution of arbitrary code.
Background
==========
OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport
Layer Security protocols and a general-purpose cryptography library. Additionally Dr.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All OpenSSL 0.9.8 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8d"
All OpenSSL 0.9.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7l"
References
==========
[ 1 ] CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
[ 2 ] CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
[ 3 ] CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
[ 4 ] CVE-2006-4343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200610-11.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------
~ VMware Security Advisory
Advisory ID: VMSA-2008-0005
Synopsis: Updated VMware Workstation, VMware Player, VMware
~ Server, VMware ACE, and VMware Fusion resolve
~ critical security issues
Issue date: 2008-03-17
Updated on: 2008-03-17 (initial release of advisory)
CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361
~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940
~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339
~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363
~ CVE-2008-1340
- -------------------------------------------------------------------
1.
2. Relevant releases:
~ VMware Workstation 6.0.2 and earlier
~ VMware Workstation 5.5.4 and earlier
~ VMware Player 2.0.2 and earlier
~ VMware Player 1.0.4 and earlier
~ VMware ACE 2.0.2 and earlier
~ VMware ACE 1.0.2 and earlier
~ VMware Server 1.0.4 and earlier
~ VMware Fusion 1.1 and earlier
3. Problem description:
~ a. Host to guest shared folder (HGFS) traversal vulnerability
~ On Windows hosts, if you have configured a VMware host to guest
~ shared folder (HGFS), it is possible for a program running in the
~ guest to gain access to the host's file system and create or modify
~ executable files in sensitive locations.
NOTE: VMware Server is not affected because it doesn't use host to
~ guest shared folders. No versions of ESX Server, including
~ ESX Server 3i, are affected by this vulnerability. Because
~ ESX Server is based on a bare-metal hypervisor architecture
~ and not a hosted architecture, and it doesn't include any
~ shared folder abilities. Fusion and Linux based hosted
~ products are unaffected.
~ VMware would like to thank CORE Security Technologies for
~ working with us on this issue. This addresses advisory
~ CORE-2007-0930.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2008-0923 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ b. Insecure named pipes
~ An internal security audit determined that a malicious Windows
~ user could attain and exploit LocalSystem privileges by causing
~ the authd process to connect to a named pipe that is opened and
~ controlled by the malicious user.
~ The same internal security audit determined that a malicious
~ Windows user could exploit an insecurely created named pipe
~ object to escalate privileges or create a denial of service
~ attack. In this situation, the malicious user could
~ successfully impersonate authd and attain privileges under
~ which Authd is executing.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these
~ issues.
~ Windows Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ c. Updated libpng library to version 1.2.22 to address various
~ security vulnerabilities
~ Several flaws were discovered in the way libpng handled various PNG
~ image chunks. An attacker could create a carefully crafted PNG
~ image file in such a way that it could cause an application linked
~ with libpng to crash when the file was manipulated.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2007-5269 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ NOTE: Fusion is not affected by this issue.
~ d. Updated OpenSSL library to address various security vulnerabilities
~ Updated OpenSSL fixes several security flaws were discovered
~ in previous versions of OpenSSL.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the following names to these issues: CVE-2006-2940,
~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ NOTE: Fusion is not affected by this issue.
~ e. VIX API default setting changed to a more secure default value
~ Workstation 6.0.2 allowed anonymous console access to the guest by
~ means of the VIX API. This release, Workstation 6.0.3, disables
~ this feature. This means that the Eclipse Integrated Virtual
~ Debugger and the Visual Studio Integrated Virtual Debugger will now
~ prompt for user account credentials to access a guest.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ f. Windows 2000 based hosted products privilege escalation
~ vulnerability
~ This release addresses a potential privilege escalation on
~ Windows 2000 hosted products. Certain services may be improperly
~ registered and present a security vulnerability to Windows 2000
~ machines.
~ VMware would like to thank Ray Hicken for reporting this issue and
~ David Maciejak for originally pointing out these types of
~ vulnerabilities.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2007-5618 to this issue.
~ Windows versions of Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ NOTE: Fusion and Linux based products are not affected by this
~ issue.
~ g. DHCP denial of service vulnerability
~ A potential denial of service issue affects DHCP service running
~ on the host.
~ VMware would like to thank Martin O'Neal for reporting this issue.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2008-1364 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)
~ NOTE: This issue doesn't affect the latest versions of VMware
~ Workstation 6, VMware Player 2, and ACE 2 products.
~ h. Local Privilege Escalation on Windows based platforms by
~ Hijacking VMware VMX configuration file
~ VMware uses a configuration file named "config.ini" which
~ is located in the application data directory of all users.
~ By manipulating this file, a user could gain elevated
~ privileges by hijacking the VMware VMX process.
~ VMware would like to thank Sun Bing for reporting the issue.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2008-1363 to this issue.
~ Windows based Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ i. Virtual Machine Communication Interface (VMCI) memory corruption
~ resulting in denial of service
~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,
~ and VMware ACE 2.0. It is an experimental, optional feature and
~ it may be possible to crash the host system by making specially
~ crafted calls to the VMCI interface. This may result in denial
~ of service via memory exhaustion and memory corruption.
~ VMware would like to thank Andrew Honig of the Department of
~ Defense for reporting this issue.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2008-1340 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
4. Solution:
Please review the Patch notes for your product and version and verify
the md5sum of your downloaded file.
~ VMware Workstation 6.0.3
~ ------------------------
~ http://www.vmware.com/download/ws/
~ Release notes:
~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
~ Windows binary
~ md5sum: 323f054957066fae07735160b73b91e5
~ RPM Installation file for 32-bit Linux
~ md5sum: c44183ad11082f05593359efd220944e
~ tar Installation file for 32-bit Linux
~ md5sum: 57601f238106cb12c1dea303ad1b4820
~ RPM Installation file for 64-bit Linux
~ md5sum: e9ba644be4e39556724fa2901c5e94e9
~ tar Installation file for 64-bit Linux
~ md5sum: d8d423a76f99a94f598077d41685e9a9
~ VMware Workstation 5.5.5
~ ------------------------
~ http://www.vmware.com/download/ws/ws5.html
~ Release notes:
~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
~ Windows binary
~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3
~ Compressed Tar archive for 32-bit Linux
~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb
~ Linux RPM version for 32-bit Linux
~ md5sum: c222b6db934deb9c1bb79b16b25a3202
~ VMware Server 1.0.5
~ -------------------
~ http://www.vmware.com/download/server/
~ Release notes:
~ http://www.vmware.com/support/server/doc/releasenotes_server.html
~ VMware Server for Windows 32-bit and 64-bit
~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc
~ VMware Server Windows client package
~ md5sum: cb3dd2439203dc510f4d95f06ba59d21
~ VMware Server for Linux
~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e
~ VMware Server for Linux rpm
~ md5sum: fc3b81ed18b53eda943a992971e9f84a
~ Management Interface
~ md5sum: dd10d25895d9994bd27ca896152f48ef
~ VMware Server Linux client package
~ md5sum: aae18f1f7b8811b5499e3a358754d4f8
~ VMware ACE 2.0.3 and 1.0.5
~ --------------------------
~ http://www.vmware.com/download/ace/
~ Windows Release notes:
~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
~ VMware Fusion 1.1.1
~ -------------------
~ http://www.vmware.com/download/fusion/
~ Release notes:
~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html
~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0
~ VMware Player 2.0.3 and 1.0.6
~ ----------------------
~ http://www.vmware.com/download/player/
~ Release notes Player 1.x:
~ http://www.vmware.com/support/player/doc/releasenotes_player.html
~ Release notes Player 2.0
~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html
~ 2.0.3 Windows binary
~ md5sum: 0c5009d3b569687ae139e13d24c868d3
~ VMware Player 2.0.3 for Linux (.rpm)
~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2
~ VMware Player 2.0.3 for Linux (.tar)
~ md5sum: 2305fcff49bef6e4ad83742412eac978
~ VMware Player 2.0.3 - 64-bit (.rpm)
~ md5sum: cf945b571c4d96146ede010286fdfca5
~ VMware Player 2.0.3 - 64-bit (.tar)
~ md5sum: f99c5b293eb87c5f918ad24111565b9f
~ 1.0.6 Windows binary
~ md5sum: 895081406c4de5361a1700ec0473e49c
~ Player 1.0.6 for Linux (.rpm)
~ md5sum: 8adb23799dd2014be0b6d77243c76942
~ Player 1.0.6 for Linux (.tar)
~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f
5. References:
~ CVE numbers
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340
- -------------------------------------------------------------------
6. Contact:
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
~ * security-announce@lists.vmware.com
~ * bugtraq@securityfocus.com
~ * full-disclosure@lists.grok.org.uk
E-mail: security@vmware.com
Security web site
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2008 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv
Cv8MnL2bYPyDfYQ3f4IUL+w=
=tFXS
-----END PGP SIGNATURE-----
VAR-200609-0315 | CVE-2006-4389 | Apple QuickTime fails to properly handle SGI images |
CVSS V2: 5.1 CVSS V3: - Severity: MEDIUM |
Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object. Apple QuickTime fails to properly handle SGI images. Apple From, as a countermeasure version Quicktime 7.1.3 Has been released.Arbitrary code or commands can be executed by a remote third party, DoS You can be attacked. Successful exploits may facilitate a remote compromise of affected computers. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats. (CVE-2006-4380)
There is a bug in the MySQL-Max (and MySQL) init script where the
script was not waiting for the mysqld daemon to fully stop. This
impacted the restart beahvior during updates, as well as scripted
setups that temporarily stopped the server to backup the database
files. (Bug #15724)
The Corporate 3 and MNF2 products are not affected by these issues.
Packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389
http://qa.mandriva.com/show_bug.cgi?id=15724
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
493567c0514a9823ff00ad729a8bd465 2006.0/RPMS/libmysql14-4.1.12-4.8.20060mdk.i586.rpm
49e04e83e5494e5e649e347bd1afe926 2006.0/RPMS/libmysql14-devel-4.1.12-4.8.20060mdk.i586.rpm
94d9cd0ba5b17473feeb23d56b90c61b 2006.0/RPMS/MySQL-4.1.12-4.8.20060mdk.i586.rpm
445d926ba55cc764d19aacfd8fffabad 2006.0/RPMS/MySQL-bench-4.1.12-4.8.20060mdk.i586.rpm
0bffe1233e429c393dee9e60cc3e3f84 2006.0/RPMS/MySQL-client-4.1.12-4.8.20060mdk.i586.rpm
064949a85982662857c5f063d20769df 2006.0/RPMS/MySQL-common-4.1.12-4.8.20060mdk.i586.rpm
6bff9b2d2d6c06220eca96b97e63df52 2006.0/RPMS/MySQL-Max-4.1.12-4.8.20060mdk.i586.rpm
7ebcd09dd60b04e988156a241e2d5f18 2006.0/RPMS/MySQL-NDB-4.1.12-4.8.20060mdk.i586.rpm
d009b4c577873cc13f68dbc85bc792cd 2006.0/SRPMS/MySQL-4.1.12-4.8.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
d408fc51953b3aa78388ce09f47a8487 x86_64/2006.0/RPMS/lib64mysql14-4.1.12-4.8.20060mdk.x86_64.rpm
9145678262d216544c814ba7ceedac9d x86_64/2006.0/RPMS/lib64mysql14-devel-4.1.12-4.8.20060mdk.x86_64.rpm
cb98cbb09991b13a1300c0446d8e3764 x86_64/2006.0/RPMS/MySQL-4.1.12-4.8.20060mdk.x86_64.rpm
f5db648daa13716b9ba1d910010a52f4 x86_64/2006.0/RPMS/MySQL-bench-4.1.12-4.8.20060mdk.x86_64.rpm
9cc2996dc0bcf73e054819880d2d780e x86_64/2006.0/RPMS/MySQL-client-4.1.12-4.8.20060mdk.x86_64.rpm
3b79a86727bf12654c541a2c0b9b3d3c x86_64/2006.0/RPMS/MySQL-common-4.1.12-4.8.20060mdk.x86_64.rpm
c8eefc94838cba03c03fd9493718b8bb x86_64/2006.0/RPMS/MySQL-Max-4.1.12-4.8.20060mdk.x86_64.rpm
4f9e728df755920855f2ac93a3d66bfd x86_64/2006.0/RPMS/MySQL-NDB-4.1.12-4.8.20060mdk.x86_64.rpm
d009b4c577873cc13f68dbc85bc792cd x86_64/2006.0/SRPMS/MySQL-4.1.12-4.8.20060mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFE9wsJmqjQ0CJFipgRAuHgAKCSOK9Vj5b0r1iB1x9afdEie0rTNQCgkgp/
1ejA4Amd8JfkWa7DQPpj2Mg=
=aSz3
-----END PGP SIGNATURE-----
.
McAfee, Inc. QuickTime is used by the Mac OS X operating system and
by the QuickTime media player for Microsoft Windows.
Seven code execution vulnerabilities are present in QuickTime support
for various multimedia formats including: MOV, H.264, FLC, FPX and SGI.
Exploitation could lead to execution of arbitrary code. User interaction
is required for an attack to succeed.
The risk rating for these issues is medium.
_________________________________________________
* Vulnerable Systems
QuickTime 7.1.2 and below for Mac OS X
QuickTime for Windows 7.1.2 and below
_________________________________________________
* Vulnerability Information
CVE-2006-4382
Two buffer overflow vulnerabilities are present in QuickTime MOV format
support.
CVE-2006-4384
On heap overflow vulnerability is present in QuickTime FLC format
support.
CVE-2006-4385
One buffer overflow vulnerability is present in QuickTime SGI format
support.
CVE-2006-4386
One buffer overflow vulnerability is present in QuickTime MOV H.264
format support.
CVE-2006-4388
One buffer overflow vulnerability is present in QuickTime FlashPix (FPX)
format support.
CVE-2006-4389
One uninitialized memory access vulnerability is present in QuickTime
FlashPix (FPX) format support.
_________________________________________________
* Resolution
Apple has included fixes for the QuickTime issues in QuickTime version
7.1.3 for Mac OS X and for Microsoft Windows.
Further information is available at:
http://docs.info.apple.com/article.html?artnum=304357
_________________________________________________
* Credits
These vulnerabilities were discovered by Mike Price of McAfee Avert
Labs.
_________________________________________________
* Legal Notice
Copyright (C) 2006 McAfee, Inc.
The information contained within this advisory is provided for the
convenience of McAfee's customers, and may be redistributed provided
that no fee is charged for distribution and that the advisory is not
modified in any way. McAfee makes no representations or warranties
regarding the accuracy of the information referenced in this document,
or the suitability of that information for your purposes.
McAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee,
Inc. and/or its affiliated companies in the United States and/or other
Countries. All other registered and unregistered trademarks in this
document are the sole property of their respective owners.
Best regards,
Dave Marcus, B.A., CCNA, MCSE
Security Research and Communications Manager
McAfee(r) Avert(r) Labs
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200803-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Win32 binary codecs: Multiple vulnerabilities
Date: March 04, 2008
Bugs: #150288
ID: 200803-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities in the Win32 codecs for Linux may result in
the remote execution of arbitrary code.
Background
==========
Win32 binary codecs provide support for video and audio playback.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Win32 binary codecs users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=media-libs/win32codecs-20071007-r2"
Note: Since no updated binary versions have been released, the
Quicktime libraries have been removed from the package. Please use the
free alternative Quicktime implementations within VLC, MPlayer or Xine
for playback.
References
==========
[ 1 ] CVE-2006-4382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4382
[ 2 ] CVE-2006-4384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4384
[ 3 ] CVE-2006-4385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4385
[ 4 ] CVE-2006-4386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4386
[ 5 ] CVE-2006-4388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4388
[ 6 ] CVE-2006-4389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4389
[ 7 ] CVE-2007-4674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4674
[ 8 ] CVE-2007-6166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6166
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200803-08.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHzc+AuhJ+ozIKI5gRAkBQAJ45BLSUrSDb21Ro/ZHEimwyzBpqqQCcD15e
VpxOGmsa3V34PILWdYXqoXE=
=70De
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
VAR-200609-0308 | CVE-2006-4379 | The Ipswitch IMail Server is vulnerable to a buffer overflow |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character. The Ipswitch IMail Server is vulnerable to a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the SMTP daemon. A lack of bounds checking during the parsing of long strings contained within the characters '@' and ':' leads to a stack overflow vulnerability. Exploitation can result in code execution or a denial of service. Ipswitch IMail Server and Collaboration Suite are prone to a stack-overflow vulnerability. Updates are available.
Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure are vulnerable. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
Ipswitch IMail Server SMTP Service Unspecified Vulnerability
SECUNIA ADVISORY ID:
SA21795
VERIFY ADVISORY:
http://secunia.com/advisories/21795/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Ipswitch Collaboration Suite 2006
http://secunia.com/product/8652/
IMail Secure Server 2006
http://secunia.com/product/8651/
IMail Server 2006
http://secunia.com/product/8653/
DESCRIPTION:
A vulnerability has been reported in IMail Server, which can be
exploited by malicious people to compromise a vulnerable system.
ORIGINAL ADVISORY:
http://www.ipswitch.com/support/ics/updates/ics20061.asp
http://www.ipswitch.com/support/imail/releases/im20061.asp
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ZDI-06-028: Ipswitch Collaboration Suite SMTP Server Stack Overflow
http://www.zerodayinitiative.com/advisories/ZDI-06-028.html
September 7, 2006
-- CVE ID:
CVE-2006-4379
-- Affected Vendor:
Ipswitch
-- Affected Products:
ICS/IMail Server 2006
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability since August 31, 2006 by Digital Vaccine protection
filter ID 4496.
-- Vendor Response:
Ipswitch has issued an update, version 2006.1, to correct this
vulnerability. More details can be found at:
http://www.ipswitch.com/support/imail/releases/im20061.asp
-- Disclosure Timeline:
2006.06.22 - Vulnerability reported to vendor
2006.08.31 - Digital Vaccine released to TippingPoint customers
2006.09.07 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by an anonymous researcher.
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, a division of 3Com, The Zero Day Initiative
(ZDI) represents a best-of-breed model for rewarding security
researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used.
3Com does not re-sell the vulnerability details or any exploit code.
Instead, upon notifying the affected product vendor, 3Com provides its
customers with zero day protection through its intrusion prevention
technology. Explicit details regarding the specifics of the
vulnerability are not exposed to any parties until an official vendor
patch is publicly available. Furthermore, with the altruistic aim of
helping to secure a broader user base, 3Com provides this vulnerability
information confidentially to security vendors (including competitors)
who have a vulnerability protection or mitigation product
VAR-200609-0146 | CVE-2006-4650 | Cisco IOS Rogue GRE Vulnerability that bypasses packet access control |
CVSS V2: 2.6 CVSS V3: - Severity: LOW |
Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs. Cisco IOS Contains source routing information GRE Packet Offset A vulnerability exists where the starting position of the source routing information is not properly calculated when releasing an encapsulated packet due to improper checks on the field.Inappropriate areas of the packet may be referred to as source routing information, and packets released from the device may be forwarded. Cisco IOS is prone to multiple vulnerabilities when decapsulating GRE routing packets.
Specifically, these issues present themselves when the device handles malicious GRE packets with oversized header offset values, and also with malicious GRE packets containing modified source-routing data.
A successful attack can allow an attacker to disclose sensitive information in process memory buffers, bypass security restrictions, deny service to legitimate users, or possibly crash the Cisco IOS operating system.
Cisco IOS 12.0, 12.1, and 12.2 based trains are reported vulnerable. All devices running affected versions of Cisco IOS that are configured with GRE IP or GRE IP multipoint tunnels are vulnerable to this issue. Remote attackers may cause errors in device processing packets. If a specially crafted GRE message is received, the IOS device does not verify whether the offset field points to the message. If the offset value is set to a negative value, the IOS directly subtracts the offset from the integer containing the full length of the IP message. shift, resulting in buffer access out-of-bounds overflow. This may lead to interpreting the rest of the memory contents of the ring buffer as payload IP packets and re-injecting them into the routing queue with large length information: GRE decapsulated IP 0.3.74.0->0.0.1.30 (len =65407, ttl=39) GRE decapsulated IP 176.94.8.0- > 0.0.0.0 (len=64904, ttl=0) GRE decapsulated IP 0.15.31.193- > 176.94.8.0 (len=64894, ttl=237) GRE decapsulated IP 128.42.131.220->128.0.3.74 (len=64884, ttl=128) If the ring buffer can be carefully filled with legitimate traffic containing IP headers at the appropriate offsets, an attacker can create many An IP packet with a large length value.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
Cisco IOS GRE Decapsulation Vulnerability
SECUNIA ADVISORY ID:
SA21783
VERIFY ADVISORY:
http://secunia.com/advisories/21783/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
>From local network
OPERATING SYSTEM:
Cisco IOS R12.x
http://secunia.com/product/50/
Cisco IOS 12.x
http://secunia.com/product/182/
DESCRIPTION:
FX has reported a vulnerability in Cisco IOS, which can be exploited
by malicious people to bypass certain security restrictions. This can
potentially be exploited to bypass access control lists on the router
by sending specially crafted packets.
NOTE: Cisco IOS version 12.0S, with a revision later than 12.0(23)S,
with CEF enabled is not affected.
SOLUTION:
Apply patch CSCuk27655, CSCea22552, or CSCei62762.
PROVIDED AND/OR DISCOVERED BY:
FX, Phenoelit.
ORIGINAL ADVISORY:
Phenoelit:
http://www.phenoelit.de/stuff/CiscoGRE.txt
Cisco:
http://www.cisco.com/warp/public/707/cisco-sr-20060906-gre.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200609-0075 | CVE-2006-4617 | vtiger CRM of fileupload.html Vulnerable to uploading arbitrary files |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder
VAR-200609-0040 | CVE-2006-4562 | Symantec Gateway Security Security hole |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on the external interface
VAR-200110-0176 | CVE-2006-5462 | The Mozilla Network Security Services library fails to properly verify RSA signatures |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340. The gzip program contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code or create a denial-of-service condition. This vulnerability may allow an attacker to forge RSA signatures.
An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key.
All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available.
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
gzip Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA21996
VERIFY ADVISORY:
http://secunia.com/advisories/21996/
CRITICAL:
Moderately critical
IMPACT:
DoS, System access
WHERE:
>From remote
SOFTWARE:
gzip 1.x
http://secunia.com/product/4220/
DESCRIPTION:
Tavis Ormandy has reported some vulnerabilities in gzip, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.
1) A boundary error within the "make_table()" function in unlzh.c can
be used to modify certain stack data. tricking
a user or automated system into unpacking a specially crafted archive
file. tricking a user or
automated system into unpacking a specially crafted "pack" archive
file.
3) A buffer overflow within the "make_table()" function of gzip's LZH
support can be exploited to cause a DoS and potentially to compromise
a vulnerable system by e.g. tricking a user or automated system into
unpacking an archive containing a specially crafted decoding table.
4) A NULL pointer dereference within the "huft_build()" function and
an infinite loop within the LZH handling can be exploited to cause a
DoS by e.g. tricking a user or automated system into unpacking a
specially crafted archive file.
The vulnerabilities have been reported in version 1.3.5.
SOLUTION:
Do not unpack untrusted archive files.
PROVIDED AND/OR DISCOVERED BY:
Tavis Ormandy, Google Security Team
ORIGINAL ADVISORY:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676
OTHER REFERENCES:
US-CERT VU#554780:
http://www.kb.cert.org/vuls/id/554780
US-CERT VU#381508:
http://www.kb.cert.org/vuls/id/381508
US-CERT VU#773548:
http://www.kb.cert.org/vuls/id/773548
US-CERT VU#933712:
http://www.kb.cert.org/vuls/id/933712
US-CERT VU#596848
http://www.kb.cert.org/vuls/id/596848
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1225-2 security@debian.org
http://www.debian.org/security/ Martin Schulze
December 3rd, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : mozilla-firefox
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-4310 CVE-2006-5462 CVE-2006-5463 CVE-2006-5464
CVE-2006-5748
CERT advisories: VU#335392 VU#390480 VU#495288 VU#714496
BugTraq IDs : 19678 20957
This update covers packages for the little endian MIPS architecture
missing in the original advisory. The Common Vulnerabilities
and Exposures project identifies the following vulnerabilities:
CVE-2006-4310
Tomas Kempinsky discovered that malformed FTP server responses
could lead to denial of service.
CVE-2006-5462
Ulrich K\xfchn discovered that the correction for a cryptographic
flaw in the handling of PKCS-1 certificates was incomplete, which
allows the forgery of certificates.
CVE-2006-5463
"shutdown" discovered that modification of JavaScript objects
during execution could lead to the execution of arbitrary
JavaScript bytecode.
CVE-2006-5748
Igor Bukanov and Jesse Ruderman discovered several crashes in the
JavaScript engine, which might allow execution of arbitrary code.
This update also adresses several crashes, which could be triggered by
malicious websites and fixes a regression introduced in the previous
Mozilla update.
For the stable distribution (sarge) these problems have been fixed in
version 1.0.4-2sarge13.
For the unstable distribution (sid) these problems have been fixed in
the current iceweasel package 2.0+dfsg-1.
We recommend that you upgrade your mozilla-firefox package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13.dsc
Size/MD5 checksum: 1003 4a8d05c1e9563e6066ca838e7c0b2f53
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13.diff.gz
Size/MD5 checksum: 450265 46d4bedf12a1e0c92a275ae012d92b5a
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_mipsel.deb
Size/MD5 checksum: 9820186 7823ac933179f566597b7bd4e3810fcb
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_mipsel.deb
Size/MD5 checksum: 158272 950a04ca3dfd4870b30d5d8c6ae536ee
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_mipsel.deb
Size/MD5 checksum: 58218 0dad036900c189fc233a5fe25c2edd3a
These files will probably be moved into the stable distribution on
its next update.
This update provides the latest Thunderbird to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5748
http://www.mozilla.org/security/announce/2006/mfsa2006-65.html
http://www.mozilla.org/security/announce/2006/mfsa2006-66.html
http://www.mozilla.org/security/announce/2006/mfsa2006-67.html
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
488e65dfe45ecf7e3a9e1a3dedd5c2ce 2007.0/i586/mozilla-thunderbird-1.5.0.8-1.1mdv2007.0.i586.rpm
5e551ab45061148722dda1d7ce66959e 2007.0/i586/mozilla-thunderbird-bg-1.5.0.8-1.1mdv2007.0.i586.rpm
2149a7fd629b8bc6843c6fdf1bb49efb 2007.0/i586/mozilla-thunderbird-ca-1.5.0.8-1.1mdv2007.0.i586.rpm
0d2315b490e3b8dd2ab791bd6c3ee516 2007.0/i586/mozilla-thunderbird-cs-1.5.0.8-1.1mdv2007.0.i586.rpm
d5583d1b99b948c90e1cad62d753d67d 2007.0/i586/mozilla-thunderbird-da-1.5.0.8-1.1mdv2007.0.i586.rpm
00ec607c39d3de4c589997d6c7ee6679 2007.0/i586/mozilla-thunderbird-de-1.5.0.8-1.1mdv2007.0.i586.rpm
6d1f0f2576362a0bb90b4f9d8c4f2153 2007.0/i586/mozilla-thunderbird-devel-1.5.0.8-1.1mdv2007.0.i586.rpm
2cb0e44d2e3f7fddd60249843204403f 2007.0/i586/mozilla-thunderbird-el-1.5.0.8-1.1mdv2007.0.i586.rpm
0c3c771882698d5651775aeed24bfd73 2007.0/i586/mozilla-thunderbird-enigmail-1.5.0.8-1.1mdv2007.0.i586.rpm
477ca905391c1d555d0136d46d557869 2007.0/i586/mozilla-thunderbird-enigmail-ca-1.5.0.8-1.1mdv2007.0.i586.rpm
741811dd392d942b27e1b3b0de695d4e 2007.0/i586/mozilla-thunderbird-enigmail-cs-1.5.0.8-1.1mdv2007.0.i586.rpm
7c2c4922c6a2c6ce2cb6108a95f7dbfa 2007.0/i586/mozilla-thunderbird-enigmail-de-1.5.0.8-1.1mdv2007.0.i586.rpm
7cbf9f3218d587ef97edf01f2298096b 2007.0/i586/mozilla-thunderbird-enigmail-el-1.5.0.8-1.1mdv2007.0.i586.rpm
7dbd9e4c16db82a761a7b502c1f7f22d 2007.0/i586/mozilla-thunderbird-enigmail-es-1.5.0.8-1.1mdv2007.0.i586.rpm
b6dd6119216f6b748ee7c1570c3b8c37 2007.0/i586/mozilla-thunderbird-enigmail-es_AR-1.5.0.8-1.1mdv2007.0.i586.rpm
1eea732e08ca0ef96796c3f50abb1f77 2007.0/i586/mozilla-thunderbird-enigmail-fi-1.5.0.8-1.1mdv2007.0.i586.rpm
e1cc5cf2496581d776bb43e2f0dbbea6 2007.0/i586/mozilla-thunderbird-enigmail-fr-1.5.0.8-1.1mdv2007.0.i586.rpm
af86ce82ff9053250f82f2215c8dd7e5 2007.0/i586/mozilla-thunderbird-enigmail-hu-1.5.0.8-1.1mdv2007.0.i586.rpm
6319633c561c7f68c6614685126da02b 2007.0/i586/mozilla-thunderbird-enigmail-it-1.5.0.8-1.1mdv2007.0.i586.rpm
56387829c6cc83882246e68e3b8704b0 2007.0/i586/mozilla-thunderbird-enigmail-ja-1.5.0.8-1.1mdv2007.0.i586.rpm
56cb838bb0c375f53d3cff2eb76a1118 2007.0/i586/mozilla-thunderbird-enigmail-nb-1.5.0.8-1.1mdv2007.0.i586.rpm
253500598ff56ab85394e68708ace21d 2007.0/i586/mozilla-thunderbird-enigmail-nl-1.5.0.8-1.1mdv2007.0.i586.rpm
53b4d4f1aa4e8174a33a0ed436ce961a 2007.0/i586/mozilla-thunderbird-enigmail-pl-1.5.0.8-1.1mdv2007.0.i586.rpm
fb9dd6933d27029538cd01a64ec55cee 2007.0/i586/mozilla-thunderbird-enigmail-pt-1.5.0.8-1.1mdv2007.0.i586.rpm
701b9837303a3ed79e6c74c037c28926 2007.0/i586/mozilla-thunderbird-enigmail-pt_BR-1.5.0.8-1.1mdv2007.0.i586.rpm
b3739c1344770e92864c50f131f08884 2007.0/i586/mozilla-thunderbird-enigmail-ru-1.5.0.8-1.1mdv2007.0.i586.rpm
1efe7ebc2a71e2f2d6c2785026a6e7ac 2007.0/i586/mozilla-thunderbird-enigmail-sk-1.5.0.8-1.1mdv2007.0.i586.rpm
6860352b37999652aab785a266673e2f 2007.0/i586/mozilla-thunderbird-enigmail-sl-1.5.0.8-1.1mdv2007.0.i586.rpm
51abe323b14793097935b0c221e64f71 2007.0/i586/mozilla-thunderbird-enigmail-sv-1.5.0.8-1.1mdv2007.0.i586.rpm
b8ec884437a460c9fbb5c71db6a46c31 2007.0/i586/mozilla-thunderbird-enigmail-zh_CN-1.5.0.8-1.1mdv2007.0.i586.rpm
9ae4fb1871ee29f3f7b52210c0cf4e1b 2007.0/i586/mozilla-thunderbird-es-1.5.0.8-1.1mdv2007.0.i586.rpm
e1a31b03ffef8e86df09579296fce3c9 2007.0/i586/mozilla-thunderbird-es_AR-1.5.0.8-1.1mdv2007.0.i586.rpm
6b4bdbb4648231b128655e56015621c7 2007.0/i586/mozilla-thunderbird-eu-1.5.0.8-1.1mdv2007.0.i586.rpm
d333252ee1ba51351762e4050565ecb1 2007.0/i586/mozilla-thunderbird-fi-1.5.0.8-1.1mdv2007.0.i586.rpm
0a2828dbab70a2be0e721cc016f93d7f 2007.0/i586/mozilla-thunderbird-fr-1.5.0.8-1.1mdv2007.0.i586.rpm
defa2ac291c66f693946362bd2501c40 2007.0/i586/mozilla-thunderbird-ga-1.5.0.8-1.1mdv2007.0.i586.rpm
c5540aa8289eefbf3e708e442de77aa8 2007.0/i586/mozilla-thunderbird-gu_IN-1.5.0.8-1.1mdv2007.0.i586.rpm
45da9968c4661ef994ef1dcefd0ad54f 2007.0/i586/mozilla-thunderbird-he-1.5.0.8-1.1mdv2007.0.i586.rpm
df8d2ea1013a65457aa1f2100060d968 2007.0/i586/mozilla-thunderbird-hu-1.5.0.8-1.1mdv2007.0.i586.rpm
f87f2441b2ca36d4f5c3f3f2dd04b3bb 2007.0/i586/mozilla-thunderbird-it-1.5.0.8-1.1mdv2007.0.i586.rpm
bc3a281fbc5c09b7f962dfb1d3b9e517 2007.0/i586/mozilla-thunderbird-ja-1.5.0.8-1.1mdv2007.0.i586.rpm
2563050985477697472069d08e96de0f 2007.0/i586/mozilla-thunderbird-ko-1.5.0.8-1.1mdv2007.0.i586.rpm
e22be985ae58ab3eba5b90aa6a3eb58e 2007.0/i586/mozilla-thunderbird-lt-1.5.0.8-1.1mdv2007.0.i586.rpm
fde0d1b9c4feee3c1e239345f4065090 2007.0/i586/mozilla-thunderbird-mk-1.5.0.8-1.1mdv2007.0.i586.rpm
10be2386887a6c70bc4f9c0453b33072 2007.0/i586/mozilla-thunderbird-nb-1.5.0.8-1.1mdv2007.0.i586.rpm
1c92d5ee79fc52ec1525f3c96dfa1916 2007.0/i586/mozilla-thunderbird-nl-1.5.0.8-1.1mdv2007.0.i586.rpm
42e6ddb4a33a297c71b996bf651a4d69 2007.0/i586/mozilla-thunderbird-pa_IN-1.5.0.8-1.1mdv2007.0.i586.rpm
96394d1245284a886b954bb063c0ab5b 2007.0/i586/mozilla-thunderbird-pl-1.5.0.8-1.1mdv2007.0.i586.rpm
8386317130e064260bd8b114616410ed 2007.0/i586/mozilla-thunderbird-pt_BR-1.5.0.8-1.1mdv2007.0.i586.rpm
eb622e8adc0767e090a608e80a1611b7 2007.0/i586/mozilla-thunderbird-ru-1.5.0.8-1.1mdv2007.0.i586.rpm
3ca6736aaf725851a0be21f0490aeb20 2007.0/i586/mozilla-thunderbird-sk-1.5.0.8-1.1mdv2007.0.i586.rpm
47b16b8c45acc936b62051594ed87c69 2007.0/i586/mozilla-thunderbird-sl-1.5.0.8-1.1mdv2007.0.i586.rpm
c2e742162882c52761040025ff4ddfff 2007.0/i586/mozilla-thunderbird-sv-1.5.0.8-1.1mdv2007.0.i586.rpm
072c5224bd49a45ba7ab0a57f657ec6e 2007.0/i586/mozilla-thunderbird-tr-1.5.0.8-1.1mdv2007.0.i586.rpm
3393e810730d305adc4fe8ecc98b782a 2007.0/i586/mozilla-thunderbird-zh_CN-1.5.0.8-1.1mdv2007.0.i586.rpm
70882501b0fc01a56cee67c2b7c63ac5 2007.0/i586/nsinstall-1.5.0.8-1.1mdv2007.0.i586.rpm
e408368ca02e7efbbece9adbaaea7d56 2007.0/SRPMS/mozilla-thunderbird-1.5.0.8-1.1mdv2007.0.src.rpm
7867a124b85e4a8098ec7b814267c1f5 2007.0/SRPMS/mozilla-thunderbird-enigmail-l10n-1.5.0.8-1.1mdv2007.0.src.rpm
e776e0c4c5a6ff592af0c346bf8b4511 2007.0/SRPMS/mozilla-thunderbird-l10n-1.5.0.8-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
47aa8c7af46ee44f1b51e0f44772beeb 2007.0/x86_64/mozilla-thunderbird-1.5.0.8-1.1mdv2007.0.x86_64.rpm
e284b46733e04ab96cccb612de04e5a8 2007.0/x86_64/mozilla-thunderbird-bg-1.5.0.8-1.1mdv2007.0.x86_64.rpm
e73efd093c48aa82d6f73025f1ade443 2007.0/x86_64/mozilla-thunderbird-ca-1.5.0.8-1.1mdv2007.0.x86_64.rpm
ed790bdd1a45343b427925765f5f2b5c 2007.0/x86_64/mozilla-thunderbird-cs-1.5.0.8-1.1mdv2007.0.x86_64.rpm
61690a97ef04b6083693ffe4a9ab3176 2007.0/x86_64/mozilla-thunderbird-da-1.5.0.8-1.1mdv2007.0.x86_64.rpm
889574eda89385739aad6eda7f3d2604 2007.0/x86_64/mozilla-thunderbird-de-1.5.0.8-1.1mdv2007.0.x86_64.rpm
ef9b59cdd619da74737b5e91e4067386 2007.0/x86_64/mozilla-thunderbird-devel-1.5.0.8-1.1mdv2007.0.x86_64.rpm
e20a88ece32f8ee81aaedd828558d880 2007.0/x86_64/mozilla-thunderbird-el-1.5.0.8-1.1mdv2007.0.x86_64.rpm
250f6f86984922da278774d480ba37a7 2007.0/x86_64/mozilla-thunderbird-enigmail-1.5.0.8-1.1mdv2007.0.x86_64.rpm
f683dba38c9055cbac36f8468e357ebf 2007.0/x86_64/mozilla-thunderbird-enigmail-ca-1.5.0.8-1.1mdv2007.0.x86_64.rpm
6594d0bb3f7770f168728827c1cf9f83 2007.0/x86_64/mozilla-thunderbird-enigmail-cs-1.5.0.8-1.1mdv2007.0.x86_64.rpm
1ee011c3c94c7b081f53b9a55996da0c 2007.0/x86_64/mozilla-thunderbird-enigmail-de-1.5.0.8-1.1mdv2007.0.x86_64.rpm
be24dd32e628b8294c1b87d200cf02dd 2007.0/x86_64/mozilla-thunderbird-enigmail-el-1.5.0.8-1.1mdv2007.0.x86_64.rpm
020acf8e510080a701c6278c6eb862ae 2007.0/x86_64/mozilla-thunderbird-enigmail-es-1.5.0.8-1.1mdv2007.0.x86_64.rpm
af4c92e4f3eaf833111572ead14c8c04 2007.0/x86_64/mozilla-thunderbird-enigmail-es_AR-1.5.0.8-1.1mdv2007.0.x86_64.rpm
7483c3a55198fcbc9be2c9750919a370 2007.0/x86_64/mozilla-thunderbird-enigmail-fi-1.5.0.8-1.1mdv2007.0.x86_64.rpm
753acdb58e6400659dab48ff78f371e7 2007.0/x86_64/mozilla-thunderbird-enigmail-fr-1.5.0.8-1.1mdv2007.0.x86_64.rpm
fb83f542bd12edda5e85d9873a08a938 2007.0/x86_64/mozilla-thunderbird-enigmail-hu-1.5.0.8-1.1mdv2007.0.x86_64.rpm
996bbfb13654cfc2180036ea6b1e61df 2007.0/x86_64/mozilla-thunderbird-enigmail-it-1.5.0.8-1.1mdv2007.0.x86_64.rpm
ff6217b99ab96a1444b6a758bf184ecf 2007.0/x86_64/mozilla-thunderbird-enigmail-ja-1.5.0.8-1.1mdv2007.0.x86_64.rpm
f15d9f053011068deba71fdc05dc6d46 2007.0/x86_64/mozilla-thunderbird-enigmail-nb-1.5.0.8-1.1mdv2007.0.x86_64.rpm
98f63b0dedef781ec16f8bebb6a032cb 2007.0/x86_64/mozilla-thunderbird-enigmail-nl-1.5.0.8-1.1mdv2007.0.x86_64.rpm
e5e42bb849d26a4f59fb6204d6ed9850 2007.0/x86_64/mozilla-thunderbird-enigmail-pl-1.5.0.8-1.1mdv2007.0.x86_64.rpm
8bc9d56d4778baf40b115eb805a506b3 2007.0/x86_64/mozilla-thunderbird-enigmail-pt-1.5.0.8-1.1mdv2007.0.x86_64.rpm
21c7d7ffd14a724e4ce9d96e99d0f3c7 2007.0/x86_64/mozilla-thunderbird-enigmail-pt_BR-1.5.0.8-1.1mdv2007.0.x86_64.rpm
9b115831c8ae36d7141c93a9d867d445 2007.0/x86_64/mozilla-thunderbird-enigmail-ru-1.5.0.8-1.1mdv2007.0.x86_64.rpm
d6efb3cdaba13c17dd31147011796614 2007.0/x86_64/mozilla-thunderbird-enigmail-sk-1.5.0.8-1.1mdv2007.0.x86_64.rpm
4239765036a0bffaa4fcff9fb076a221 2007.0/x86_64/mozilla-thunderbird-enigmail-sl-1.5.0.8-1.1mdv2007.0.x86_64.rpm
be87cc456600cb0dc18730ae3f75af92 2007.0/x86_64/mozilla-thunderbird-enigmail-sv-1.5.0.8-1.1mdv2007.0.x86_64.rpm
459367e42865a1de4374d2a9b8c36232 2007.0/x86_64/mozilla-thunderbird-enigmail-zh_CN-1.5.0.8-1.1mdv2007.0.x86_64.rpm
1e1b30720806b2c6ab650251f9756127 2007.0/x86_64/mozilla-thunderbird-es-1.5.0.8-1.1mdv2007.0.x86_64.rpm
70c5525bea63d291374706abfb4523c4 2007.0/x86_64/mozilla-thunderbird-es_AR-1.5.0.8-1.1mdv2007.0.x86_64.rpm
4addf81f6fdb0fe55d2274ba726d066e 2007.0/x86_64/mozilla-thunderbird-eu-1.5.0.8-1.1mdv2007.0.x86_64.rpm
9c9a1e6a7623a712f40666e77fd3f2b4 2007.0/x86_64/mozilla-thunderbird-fi-1.5.0.8-1.1mdv2007.0.x86_64.rpm
9cd9d0509bbe4d0bc7c092118253c237 2007.0/x86_64/mozilla-thunderbird-fr-1.5.0.8-1.1mdv2007.0.x86_64.rpm
b23236fc11caa38b1354893f1e9863e1 2007.0/x86_64/mozilla-thunderbird-ga-1.5.0.8-1.1mdv2007.0.x86_64.rpm
c5b898d7f04c26a34bb4223ee4547586 2007.0/x86_64/mozilla-thunderbird-gu_IN-1.5.0.8-1.1mdv2007.0.x86_64.rpm
8e114fec014131d472790035a1509783 2007.0/x86_64/mozilla-thunderbird-he-1.5.0.8-1.1mdv2007.0.x86_64.rpm
3eda3b36a83c550a1f52faf6adfb0b10 2007.0/x86_64/mozilla-thunderbird-hu-1.5.0.8-1.1mdv2007.0.x86_64.rpm
c336cc525567465d1649ee55c604d3a3 2007.0/x86_64/mozilla-thunderbird-it-1.5.0.8-1.1mdv2007.0.x86_64.rpm
476f974ea2e3b9ef971231b8b08e62f0 2007.0/x86_64/mozilla-thunderbird-ja-1.5.0.8-1.1mdv2007.0.x86_64.rpm
7878332de8134b9025b924315d6ffbf6 2007.0/x86_64/mozilla-thunderbird-ko-1.5.0.8-1.1mdv2007.0.x86_64.rpm
7602f9099c26d60e934f54918dd38e46 2007.0/x86_64/mozilla-thunderbird-lt-1.5.0.8-1.1mdv2007.0.x86_64.rpm
52ba4b91175db4376fd4c4e9018969c3 2007.0/x86_64/mozilla-thunderbird-mk-1.5.0.8-1.1mdv2007.0.x86_64.rpm
1e2bc31ee83c5c47f06953aba976a27d 2007.0/x86_64/mozilla-thunderbird-nb-1.5.0.8-1.1mdv2007.0.x86_64.rpm
47b180beb65802e89f7e6a8be7f33d15 2007.0/x86_64/mozilla-thunderbird-nl-1.5.0.8-1.1mdv2007.0.x86_64.rpm
6485a71b5d07fef3e337630aa53bb4c6 2007.0/x86_64/mozilla-thunderbird-pa_IN-1.5.0.8-1.1mdv2007.0.x86_64.rpm
6b5df9cad533fc75fc47191df5f3dabf 2007.0/x86_64/mozilla-thunderbird-pl-1.5.0.8-1.1mdv2007.0.x86_64.rpm
99b61d660a72eff639f78ec0422aeaf2 2007.0/x86_64/mozilla-thunderbird-pt_BR-1.5.0.8-1.1mdv2007.0.x86_64.rpm
99cfe247978fe85b5b5186bf12247f3a 2007.0/x86_64/mozilla-thunderbird-ru-1.5.0.8-1.1mdv2007.0.x86_64.rpm
8c393629997cea717c2f1e8d077a9344 2007.0/x86_64/mozilla-thunderbird-sk-1.5.0.8-1.1mdv2007.0.x86_64.rpm
be518e4b4833e6cb9d083871101be35b 2007.0/x86_64/mozilla-thunderbird-sl-1.5.0.8-1.1mdv2007.0.x86_64.rpm
8dedff0ffd0e7b7721b256f01821f188 2007.0/x86_64/mozilla-thunderbird-sv-1.5.0.8-1.1mdv2007.0.x86_64.rpm
05202d61506a60981fb9a317ce6a5d5d 2007.0/x86_64/mozilla-thunderbird-tr-1.5.0.8-1.1mdv2007.0.x86_64.rpm
0deda88ec857fb0c11b57555814a20ec 2007.0/x86_64/mozilla-thunderbird-zh_CN-1.5.0.8-1.1mdv2007.0.x86_64.rpm
0f2f7928b2edfbe0ae5faf127b0ed066 2007.0/x86_64/nsinstall-1.5.0.8-1.1mdv2007.0.x86_64.rpm
e408368ca02e7efbbece9adbaaea7d56 2007.0/SRPMS/mozilla-thunderbird-1.5.0.8-1.1mdv2007.0.src.rpm
7867a124b85e4a8098ec7b814267c1f5 2007.0/SRPMS/mozilla-thunderbird-enigmail-l10n-1.5.0.8-1.1mdv2007.0.src.rpm
e776e0c4c5a6ff592af0c346bf8b4511 2007.0/SRPMS/mozilla-thunderbird-l10n-1.5.0.8-1.1mdv2007.0.src.rpm
Corporate 3.0:
71192ef0a8bd28533718191d287d8158 corporate/3.0/i586/mozilla-thunderbird-1.5.0.8-1.1.C30mdk.i586.rpm
c0121a4a0192d7944b1f8d30c977ab38 corporate/3.0/i586/mozilla-thunderbird-bg-1.5.0.8-1.1.C30mdk.i586.rpm
53c403f48cb8547f0eb646ab1b41b656 corporate/3.0/i586/mozilla-thunderbird-ca-1.5.0.8-1.1.C30mdk.i586.rpm
032ebcc12942292620b05929e0583f3a corporate/3.0/i586/mozilla-thunderbird-cs-1.5.0.8-1.1.C30mdk.i586.rpm
c88d6e26aa75dab433abcf71f2962e5c corporate/3.0/i586/mozilla-thunderbird-da-1.5.0.8-1.1.C30mdk.i586.rpm
dcc54cb45829470f4267806696b46eca corporate/3.0/i586/mozilla-thunderbird-de-1.5.0.8-1.1.C30mdk.i586.rpm
e7ba899422d7cbfd343659b810e4ee52 corporate/3.0/i586/mozilla-thunderbird-devel-1.5.0.8-1.1.C30mdk.i586.rpm
d987b44bd201c2a23b404751e13df538 corporate/3.0/i586/mozilla-thunderbird-el-1.5.0.8-1.1.C30mdk.i586.rpm
9d496fa524a5226676f56ed87d2015ec corporate/3.0/i586/mozilla-thunderbird-enigmail-1.5.0.8-1.1.C30mdk.i586.rpm
eac64993c47963ede70eca5fb62e30b9 corporate/3.0/i586/mozilla-thunderbird-enigmail-ca-1.5.0.8-1.1.C30mdk.i586.rpm
b5523fcbf2370d1805e1f917faaa31c8 corporate/3.0/i586/mozilla-thunderbird-enigmail-cs-1.5.0.8-1.1.C30mdk.i586.rpm
1eb806fe5a429b52f010e16aeed4cb4a corporate/3.0/i586/mozilla-thunderbird-enigmail-de-1.5.0.8-1.1.C30mdk.i586.rpm
1a8da00f3e4033ec813df4548072ac9f corporate/3.0/i586/mozilla-thunderbird-enigmail-el-1.5.0.8-1.1.C30mdk.i586.rpm
3a2434c868a3b5799cb69c31d43f900c corporate/3.0/i586/mozilla-thunderbird-enigmail-es-1.5.0.8-1.1.C30mdk.i586.rpm
a1bb48121d53f83bf0efd303ea477b71 corporate/3.0/i586/mozilla-thunderbird-enigmail-es_AR-1.5.0.8-1.1.C30mdk.i586.rpm
6f9d308c194ae42cfa0787afdebff2cc corporate/3.0/i586/mozilla-thunderbird-enigmail-fi-1.5.0.8-1.1.C30mdk.i586.rpm
bb3c3cf4056814131f8031471c81ac6f corporate/3.0/i586/mozilla-thunderbird-enigmail-fr-1.5.0.8-1.1.C30mdk.i586.rpm
4228aaf098c501a80af97469393482b5 corporate/3.0/i586/mozilla-thunderbird-enigmail-hu-1.5.0.8-1.1.C30mdk.i586.rpm
3a95ad54416e2f002d1aaa32557cf947 corporate/3.0/i586/mozilla-thunderbird-enigmail-it-1.5.0.8-1.1.C30mdk.i586.rpm
19e1eac0351d89760ee31b4c9ee4fcc4 corporate/3.0/i586/mozilla-thunderbird-enigmail-ja-1.5.0.8-1.1.C30mdk.i586.rpm
1c21de0415bd0223237aa82795cc9600 corporate/3.0/i586/mozilla-thunderbird-enigmail-nb-1.5.0.8-1.1.C30mdk.i586.rpm
a11487e4145c294a57a77491f6996748 corporate/3.0/i586/mozilla-thunderbird-enigmail-nl-1.5.0.8-1.1.C30mdk.i586.rpm
31064002ac59d4857c3c45c3161580dc corporate/3.0/i586/mozilla-thunderbird-enigmail-pl-1.5.0.8-1.1.C30mdk.i586.rpm
fc88eeba422b084ffa67b77211248ef0 corporate/3.0/i586/mozilla-thunderbird-enigmail-pt-1.5.0.8-1.1.C30mdk.i586.rpm
4ead83e3405e7469370b4f02a9254ddc corporate/3.0/i586/mozilla-thunderbird-enigmail-pt_BR-1.5.0.8-1.1.C30mdk.i586.rpm
3a15b707a6d7f8e9b25c1ccaea023333 corporate/3.0/i586/mozilla-thunderbird-enigmail-ru-1.5.0.8-1.1.C30mdk.i586.rpm
1a8c565fd3b42069b2e42103d98dfab2 corporate/3.0/i586/mozilla-thunderbird-enigmail-sk-1.5.0.8-1.1.C30mdk.i586.rpm
0040d479d7e55304c06df39b2233d12e corporate/3.0/i586/mozilla-thunderbird-enigmail-sl-1.5.0.8-1.1.C30mdk.i586.rpm
6fab1321b377748e22a6709b772d5159 corporate/3.0/i586/mozilla-thunderbird-enigmail-sv-1.5.0.8-1.1.C30mdk.i586.rpm
1969ec5d6cc27df2f09f9733b5b37c6d corporate/3.0/i586/mozilla-thunderbird-enigmail-zh_CN-1.5.0.8-1.1.C30mdk.i586.rpm
0c34a8e8bd3f9011283fe990771a857a corporate/3.0/i586/mozilla-thunderbird-es-1.5.0.8-1.1.C30mdk.i586.rpm
68781ca20e2232457046bdab86b59462 corporate/3.0/i586/mozilla-thunderbird-es_AR-1.5.0.8-1.1.C30mdk.i586.rpm
37c3909b8feb9a35208519ccf4ec8a46 corporate/3.0/i586/mozilla-thunderbird-eu-1.5.0.8-1.1.C30mdk.i586.rpm
ea2febd0e93d9348fd580452f7adc0be corporate/3.0/i586/mozilla-thunderbird-fi-1.5.0.8-1.1.C30mdk.i586.rpm
2eac2aaeb4fe209f98aa85505f6a9b87 corporate/3.0/i586/mozilla-thunderbird-fr-1.5.0.8-1.1.C30mdk.i586.rpm
d8d8fc30075f0848859cbe96b26404a7 corporate/3.0/i586/mozilla-thunderbird-ga-1.5.0.8-1.1.C30mdk.i586.rpm
3af19a8b01fb316451132e6460c7deb0 corporate/3.0/i586/mozilla-thunderbird-gu_IN-1.5.0.8-1.1.C30mdk.i586.rpm
f7aed893e50dff94f47d658d70093824 corporate/3.0/i586/mozilla-thunderbird-he-1.5.0.8-1.1.C30mdk.i586.rpm
ab6ead860edf6de4935aa3bb4ecf4721 corporate/3.0/i586/mozilla-thunderbird-hu-1.5.0.8-1.1.C30mdk.i586.rpm
a9b0bc2b2bcf186b5a284cba3d6cad19 corporate/3.0/i586/mozilla-thunderbird-it-1.5.0.8-1.1.C30mdk.i586.rpm
373554b2032c20a61c48f4a4e11e5b57 corporate/3.0/i586/mozilla-thunderbird-ja-1.5.0.8-1.1.C30mdk.i586.rpm
1a2efc51627d9f55929e1b33e20f5274 corporate/3.0/i586/mozilla-thunderbird-ko-1.5.0.8-1.1.C30mdk.i586.rpm
27ab1d70b317c477b56df8223a8477b4 corporate/3.0/i586/mozilla-thunderbird-lt-1.5.0.8-1.1.C30mdk.i586.rpm
0bcd50b34bec84016747f4919b43b8e1 corporate/3.0/i586/mozilla-thunderbird-mk-1.5.0.8-1.1.C30mdk.i586.rpm
4b26e1653ccf78604c16b25ed7357dfb corporate/3.0/i586/mozilla-thunderbird-nb-1.5.0.8-1.1.C30mdk.i586.rpm
ea1a0d0349f9a2f26b23c7678d7e5736 corporate/3.0/i586/mozilla-thunderbird-nl-1.5.0.8-1.1.C30mdk.i586.rpm
7d7c13e7a820c069b3c657adf57443d9 corporate/3.0/i586/mozilla-thunderbird-pa_IN-1.5.0.8-1.1.C30mdk.i586.rpm
ef0755e523de702c802890f494ee5ea0 corporate/3.0/i586/mozilla-thunderbird-pl-1.5.0.8-1.1.C30mdk.i586.rpm
f7618d53bff6c0764297f2352c5d0239 corporate/3.0/i586/mozilla-thunderbird-pt_BR-1.5.0.8-1.1.C30mdk.i586.rpm
8df8db645153b5f7539044d5f892ad54 corporate/3.0/i586/mozilla-thunderbird-ru-1.5.0.8-1.1.C30mdk.i586.rpm
d26cb2fbb5301bcf127ea4e4606f52b9 corporate/3.0/i586/mozilla-thunderbird-sk-1.5.0.8-1.1.C30mdk.i586.rpm
f57d3dd11471a798542b87f0a3c68e82 corporate/3.0/i586/mozilla-thunderbird-sl-1.5.0.8-1.1.C30mdk.i586.rpm
f3aede5440aeb78b59350fe56bb221d2 corporate/3.0/i586/mozilla-thunderbird-sv-1.5.0.8-1.1.C30mdk.i586.rpm
bda7588d80565c17190fb407bdc3b1b2 corporate/3.0/i586/mozilla-thunderbird-tr-1.5.0.8-1.1.C30mdk.i586.rpm
5f0764d5685d0836bd718fdc86b8a73a corporate/3.0/i586/mozilla-thunderbird-zh_CN-1.5.0.8-1.1.C30mdk.i586.rpm
2a1892c7e027dba761df43c98bb5e85f corporate/3.0/i586/nsinstall-1.5.0.8-1.1.C30mdk.i586.rpm
04cdbf8cd4c1b9baf1b1c34e0c7bfcb9 corporate/3.0/SRPMS/mozilla-thunderbird-1.5.0.8-1.1.C30mdk.src.rpm
98c5a4c000178cf57677fa6ee70adb71 corporate/3.0/SRPMS/mozilla-thunderbird-enigmail-l10n-1.5.0.8-1.1.C30mdk.src.rpm
124ecce0dd9a26b565eef6c2f7e14401 corporate/3.0/SRPMS/mozilla-thunderbird-l10n-1.5.0.8-1.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
c109965ada094232d0958a8121be977a corporate/3.0/x86_64/mozilla-thunderbird-1.5.0.8-1.1.C30mdk.x86_64.rpm
e50d4054e85e4624b285067c75cfab18 corporate/3.0/x86_64/mozilla-thunderbird-bg-1.5.0.8-1.1.C30mdk.x86_64.rpm
f8cc5e4a36961ef4db2b8632fc6734d9 corporate/3.0/x86_64/mozilla-thunderbird-ca-1.5.0.8-1.1.C30mdk.x86_64.rpm
70e0a1878ce810ee835e7eca08a11e12 corporate/3.0/x86_64/mozilla-thunderbird-cs-1.5.0.8-1.1.C30mdk.x86_64.rpm
50abb11664ca02e6d77cbf30396e5398 corporate/3.0/x86_64/mozilla-thunderbird-da-1.5.0.8-1.1.C30mdk.x86_64.rpm
5565876286c51872fb0ff90df059f052 corporate/3.0/x86_64/mozilla-thunderbird-de-1.5.0.8-1.1.C30mdk.x86_64.rpm
cdd3892a5ba2a7c1ffe29d009e9d23a9 corporate/3.0/x86_64/mozilla-thunderbird-devel-1.5.0.8-1.1.C30mdk.x86_64.rpm
ba3e7a92e79e00cd74b722ab94d832eb corporate/3.0/x86_64/mozilla-thunderbird-el-1.5.0.8-1.1.C30mdk.x86_64.rpm
c11927081645df376c72f27e8ebc6a85 corporate/3.0/x86_64/mozilla-thunderbird-enigmail-1.5.0.8-1.1.C30mdk.x86_64.rpm
448172b7c753b48c81b2a2c5d337b9e5 corporate/3.0/x86_64/mozilla-thunderbird-enigmail-ca-1.5.0.8-1.1.C30mdk.x86_64.rpm
b83c0eb2158672f087fd5754ca27efad corporate/3.0/x86_64/mozilla-thunderbird-enigmail-cs-1.5.0.8-1.1.C30mdk.x86_64.rpm
49b91f3eae7a0773ecce62f635a6dfe9 corporate/3.0/x86_64/mozilla-thunderbird-enigmail-de-1.5.0.8-1.1.C30mdk.x86_64.rpm
3a0cf5325721e29c4eba9ee7cbc7efb7 corporate/3.0/x86_64/mozilla-thunderbird-enigmail-el-1.5.0.8-1.1.C30mdk.x86_64.rpm
cadf1aff1e915adb9e14539eb04521db corporate/3.0/x86_64/mozilla-thunderbird-enigmail-es-1.5.0.8-1.1.C30mdk.x86_64.rpm
8218118b837bf05b3603652f0d4c5690 corporate/3.0/x86_64/mozilla-thunderbird-enigmail-es_AR-1.5.0.8-1.1.C30mdk.x86_64.rpm
7c7190fc9ec1fc5774436ec7b0c92fd5 corporate/3.0/x86_64/mozilla-thunderbird-enigmail-fi-1.5.0.8-1.1.C30mdk.x86_64.rpm
a42f63c64470ba933d6239bdf8b1569c corporate/3.0/x86_64/mozilla-thunderbird-enigmail-fr-1.5.0.8-1.1.C30mdk.x86_64.rpm
af8c5d7e3569278f3e9d364362be25b3 corporate/3.0/x86_64/mozilla-thunderbird-enigmail-hu-1.5.0.8-1.1.C30mdk.x86_64.rpm
c749a5b7ac03ad98919f83425fcbd4c2 corporate/3.0/x86_64/mozilla-thunderbird-enigmail-it-1.5.0.8-1.1.C30mdk.x86_64.rpm
ac82cd1f4fc0c5ed57be5b165cc65be4 corporate/3.0/x86_64/mozilla-thunderbird-enigmail-ja-1.5.0.8-1.1.C30mdk.x86_64.rpm
0fbd67977bdfc1b1f9aa3c846c80c244 corporate/3.0/x86_64/mozilla-thunderbird-enigmail-nb-1.5.0.8-1.1.C30mdk.x86_64.rpm
4d26f0c7b32d3888e1e5c4c14516a4df corporate/3.0/x86_64/mozilla-thunderbird-enigmail-nl-1.5.0.8-1.1.C30mdk.x86_64.rpm
37fbc8358f1f11d5cb9f0e9b2fab3b26 corporate/3.0/x86_64/mozilla-thunderbird-enigmail-pl-1.5.0.8-1.1.C30mdk.x86_64.rpm
6bec775a601e84be547246ae5638d059 corporate/3.0/x86_64/mozilla-thunderbird-enigmail-pt-1.5.0.8-1.1.C30mdk.x86_64.rpm
0dc1c40ef6d1a233661048447db25543 corporate/3.0/x86_64/mozilla-thunderbird-enigmail-pt_BR-1.5.0.8-1.1.C30mdk.x86_64.rpm
7ec948cc8df84aae6b3d660bd4187208 corporate/3.0/x86_64/mozilla-thunderbird-enigmail-ru-1.5.0.8-1.1.C30mdk.x86_64.rpm
4b7ba48ffeff51709b26c8f315a4aaa1 corporate/3.0/x86_64/mozilla-thunderbird-enigmail-sk-1.5.0.8-1.1.C30mdk.x86_64.rpm
94fceae9b7bc6d48fe2677eecaaf11a6 corporate/3.0/x86_64/mozilla-thunderbird-enigmail-sl-1.5.0.8-1.1.C30mdk.x86_64.rpm
d578499c38c981f2b8cc55fc1351efef corporate/3.0/x86_64/mozilla-thunderbird-enigmail-sv-1.5.0.8-1.1.C30mdk.x86_64.rpm
095291274be4a418d05c4e96cb441d90 corporate/3.0/x86_64/mozilla-thunderbird-enigmail-zh_CN-1.5.0.8-1.1.C30mdk.x86_64.rpm
272b554e86966e103d3e7f42b5cba9db corporate/3.0/x86_64/mozilla-thunderbird-es-1.5.0.8-1.1.C30mdk.x86_64.rpm
52bd52c4d5eaad6fa541dd20db5411d0 corporate/3.0/x86_64/mozilla-thunderbird-es_AR-1.5.0.8-1.1.C30mdk.x86_64.rpm
2536b28aa209a912ff74601db4e685b4 corporate/3.0/x86_64/mozilla-thunderbird-eu-1.5.0.8-1.1.C30mdk.x86_64.rpm
484ad35799b9a8cd277754bf1b13d686 corporate/3.0/x86_64/mozilla-thunderbird-fi-1.5.0.8-1.1.C30mdk.x86_64.rpm
42ff5a3a8320c4be3ffb1f1d74912f78 corporate/3.0/x86_64/mozilla-thunderbird-fr-1.5.0.8-1.1.C30mdk.x86_64.rpm
8a46a1d9f9380c205699ce090d749ff2 corporate/3.0/x86_64/mozilla-thunderbird-ga-1.5.0.8-1.1.C30mdk.x86_64.rpm
3c30c5aeee783bfabe34fb1ff7357d38 corporate/3.0/x86_64/mozilla-thunderbird-gu_IN-1.5.0.8-1.1.C30mdk.x86_64.rpm
a90b14f77d6eed2228bfa55457803f6f corporate/3.0/x86_64/mozilla-thunderbird-he-1.5.0.8-1.1.C30mdk.x86_64.rpm
719239492f7d93b04f2c95902fccf94c corporate/3.0/x86_64/mozilla-thunderbird-hu-1.5.0.8-1.1.C30mdk.x86_64.rpm
f52bcdf19f10745e756f0d58616126df corporate/3.0/x86_64/mozilla-thunderbird-it-1.5.0.8-1.1.C30mdk.x86_64.rpm
79826e403152cbe90ddf3bd4d8d64abe corporate/3.0/x86_64/mozilla-thunderbird-ja-1.5.0.8-1.1.C30mdk.x86_64.rpm
18c08993c8f43c976be6cf2e8cfb2c35 corporate/3.0/x86_64/mozilla-thunderbird-ko-1.5.0.8-1.1.C30mdk.x86_64.rpm
b17866029fe4244a77af59fbb55a07b9 corporate/3.0/x86_64/mozilla-thunderbird-lt-1.5.0.8-1.1.C30mdk.x86_64.rpm
878f59fdb3ebb5929fc23437a17fb5ad corporate/3.0/x86_64/mozilla-thunderbird-mk-1.5.0.8-1.1.C30mdk.x86_64.rpm
d62fb25dc173e8b12be8623ae8fbf9bf corporate/3.0/x86_64/mozilla-thunderbird-nb-1.5.0.8-1.1.C30mdk.x86_64.rpm
266322718c7cedd78e89524940f15d55 corporate/3.0/x86_64/mozilla-thunderbird-nl-1.5.0.8-1.1.C30mdk.x86_64.rpm
32c5fcab859aff66aaf704b997a1c625 corporate/3.0/x86_64/mozilla-thunderbird-pa_IN-1.5.0.8-1.1.C30mdk.x86_64.rpm
17d7eeb0fbd25df1f76d5fa875ef7a3d corporate/3.0/x86_64/mozilla-thunderbird-pl-1.5.0.8-1.1.C30mdk.x86_64.rpm
4aabd47a35cb15547ccbe4eda1b521e8 corporate/3.0/x86_64/mozilla-thunderbird-pt_BR-1.5.0.8-1.1.C30mdk.x86_64.rpm
1d8d27be2902605b0eae9dcbd89654cc corporate/3.0/x86_64/mozilla-thunderbird-ru-1.5.0.8-1.1.C30mdk.x86_64.rpm
6c116048a69b3c176831fde5ff0a252a corporate/3.0/x86_64/mozilla-thunderbird-sk-1.5.0.8-1.1.C30mdk.x86_64.rpm
e5bcb8518c5a61e63e62f90c363c67ae corporate/3.0/x86_64/mozilla-thunderbird-sl-1.5.0.8-1.1.C30mdk.x86_64.rpm
5569afdd940d28bdf37a1003d5d5d6b0 corporate/3.0/x86_64/mozilla-thunderbird-sv-1.5.0.8-1.1.C30mdk.x86_64.rpm
d00245da432be7a7d268846891555930 corporate/3.0/x86_64/mozilla-thunderbird-tr-1.5.0.8-1.1.C30mdk.x86_64.rpm
ee130a70f9b1fe5719fea63963f3db6d corporate/3.0/x86_64/mozilla-thunderbird-zh_CN-1.5.0.8-1.1.C30mdk.x86_64.rpm
81f41bebeb9eca34d7c27ab81ca41af6 corporate/3.0/x86_64/nsinstall-1.5.0.8-1.1.C30mdk.x86_64.rpm
04cdbf8cd4c1b9baf1b1c34e0c7bfcb9 corporate/3.0/SRPMS/mozilla-thunderbird-1.5.0.8-1.1.C30mdk.src.rpm
98c5a4c000178cf57677fa6ee70adb71 corporate/3.0/SRPMS/mozilla-thunderbird-enigmail-l10n-1.5.0.8-1.1.C30mdk.src.rpm
124ecce0dd9a26b565eef6c2f7e14401 corporate/3.0/SRPMS/mozilla-thunderbird-l10n-1.5.0.8-1.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFU42GmqjQ0CJFipgRAiJgAKDQ8K7lgpOsNzXOQcSOrfcVrHQ4sACeLaqm
75x+jP9FNzlE7ieAV3r7Czs=
=DdKu
-----END PGP SIGNATURE-----
. ===========================================================
Ubuntu Security Notice USN-382-1 November 16, 2006
mozilla-thunderbird vulnerabilities
CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5747,
CVE-2006-5748
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
mozilla-thunderbird 1.5.0.8-0ubuntu0.5.10
Ubuntu 6.06 LTS:
mozilla-thunderbird 1.5.0.8-0ubuntu0.6.06
Ubuntu 6.10:
mozilla-thunderbird 1.5.0.8-0ubuntu0.6.10
After a standard system upgrade you need to restart Thunderbird to
effect the necessary changes.
Details follow:
USN-352-1 fixed a flaw in the verification of PKCS certificate
signatures. Ulrich Kuehn discovered a variant of the original attack
which the original fix did not cover. Please note that JavaScript is
disabled by default for emails, and it is not recommended to enable it.
(CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10.diff.gz
Size/MD5: 451782 957b1eabbb35c399a9150fc148d2c8a1
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10.dsc
Size/MD5: 960 3352ed8872f185027ac3ee354305eafb
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8.orig.tar.gz
Size/MD5: 35621218 a3b77b068da31275611ef46862c0316a
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.5.10_amd64.deb
Size/MD5: 3523838 b6819a1f54c1c543ae2c6835ba477b6c
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.5.10_amd64.deb
Size/MD5: 190416 761fe8dc15060c09de3013d856b79dd1
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.5.10_amd64.deb
Size/MD5: 55640 617b95dd76853f2bd5d1abd60ad842d7
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10_amd64.deb
Size/MD5: 11981580 188bd293b070ff01101e861eceb690a8
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.5.10_i386.deb
Size/MD5: 3516580 b4c65509f97bea7dc2c207df0559651d
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.5.10_i386.deb
Size/MD5: 183772 f7e72f8793eb681bd521d6963212947c
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.5.10_i386.deb
Size/MD5: 51254 9e1e6d825c46a9831fd4643c846ac861
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10_i386.deb
Size/MD5: 10286996 b1314587b5026e585a1da43c03748076
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.5.10_powerpc.deb
Size/MD5: 3521222 aa373f9cf0e28313312b4d88d34bb2c4
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.5.10_powerpc.deb
Size/MD5: 187110 07ee014b3874b619ab9252292a771d9d
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.5.10_powerpc.deb
Size/MD5: 54826 04072c4224eaa979b52ac0ce1ea2d62d
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10_powerpc.deb
Size/MD5: 11528020 4e67be3b40ef51e8a3a59170a72d51da
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.5.10_sparc.deb
Size/MD5: 3518202 3559d6e77167adf6ad24cf2dc0ea980e
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.5.10_sparc.deb
Size/MD5: 184568 c77f05b16cb004b4b28d08c87c551591
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.5.10_sparc.deb
Size/MD5: 52714 d10e66393f273bd011a4b792aec0e1c6
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10_sparc.deb
Size/MD5: 10768484 49adf33e01df8b16dfae59539a09f6e4
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06.diff.gz
Size/MD5: 454980 86dc6c3f6e7314db7f1862847aab1746
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06.dsc
Size/MD5: 960 2d270b24bbe03fc5b642cac8c4183517
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8.orig.tar.gz
Size/MD5: 35621218 a3b77b068da31275611ef46862c0316a
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.06_amd64.deb
Size/MD5: 3528876 4d58793e693a14af93870581bcf5b7d4
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.06_amd64.deb
Size/MD5: 193880 0c731b9fa2fa5556209ed28fdffd59bb
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.06_amd64.deb
Size/MD5: 59120 ea7b9f02aefd49fc79250683fc277783
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06_amd64.deb
Size/MD5: 11989558 3ffcc3970cae97b55a6b0ddc09e40b9b
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.06_i386.deb
Size/MD5: 3520550 2dc76d9073a712a6da29dbd5e1e80d94
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.06_i386.deb
Size/MD5: 187250 440d25b5232eab1e15929bf62166ee1a
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.06_i386.deb
Size/MD5: 54640 8bfe36c400bca1c5fc6a3d6a079d15e7
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06_i386.deb
Size/MD5: 10287496 c9e8b30b24ee9c1ea938662ec5c5c829
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.06_powerpc.deb
Size/MD5: 3525980 331fb306bd301e6db588e3ae954682ec
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.06_powerpc.deb
Size/MD5: 190586 6b2cd37ce0d4d218192c1701fedf2d35
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.06_powerpc.deb
Size/MD5: 58236 b9adc16444e5f8a4ba184b896feeddbc
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06_powerpc.deb
Size/MD5: 11560520 bf03db104a8a34d7623719d9bd2d78dd
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.06_sparc.deb
Size/MD5: 3522432 9f608db55c878301303f11dda557b659
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.06_sparc.deb
Size/MD5: 188046 80a01d132f407d2cc7bed5fa827f6726
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.06_sparc.deb
Size/MD5: 56134 a9bb35877246b62480313cacdcaaec62
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06_sparc.deb
Size/MD5: 10759610 f8311676b1e447d52a059f673c1c8365
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10.diff.gz
Size/MD5: 454992 495051c8a51c3c76f66110a9cc955da1
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10.dsc
Size/MD5: 960 8de9b896031767eec82c7d4992c6a9ba
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8.orig.tar.gz
Size/MD5: 35621218 a3b77b068da31275611ef46862c0316a
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.10_amd64.deb
Size/MD5: 3528756 59670215a896e4928e90878dc9b04b08
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.10_amd64.deb
Size/MD5: 194002 8c4679532a5a56d9ae9ef85fc10974b5
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.10_amd64.deb
Size/MD5: 59126 7ae8776fabb53abe898c187cd42b3d05
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10_amd64.deb
Size/MD5: 11982018 6b757d203ac93cf892a87ac8ca9a13db
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.10_i386.deb
Size/MD5: 3523844 ec316699b80ad08945c58c3c7427aefa
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.10_i386.deb
Size/MD5: 188658 beae7465832335242d6da367e8a79019
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.10_i386.deb
Size/MD5: 55770 31263c265feb5c09cf2f7a5f692b95e7
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10_i386.deb
Size/MD5: 10743540 60f03ab196fcc5160922386b2e0e27d3
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.10_powerpc.deb
Size/MD5: 3526062 43038d1a52c353ccb64b0553156673b7
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.10_powerpc.deb
Size/MD5: 191106 b8861d5299adce77a280852beffa9e4d
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.10_powerpc.deb
Size/MD5: 58784 8c26c48f8cc8cf38bc6a0b5e8212936b
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10_powerpc.deb
Size/MD5: 11690926 b727068e620efa13b2c0cd1d3899e271
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.10_sparc.deb
Size/MD5: 3522380 3c544b8ac310f5ab3789a9f960a85577
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.10_sparc.deb
Size/MD5: 188512 314b6bcbf287df8eeba2793fb3b2686c
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.10_sparc.deb
Size/MD5: 56190 35ae6cf2ba9e5c68a16c5bfda8b7f0a3
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10_sparc.deb
Size/MD5: 10955658 c847b48dfa1e26d4a2da0d8378127f64
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-333A
Apple Releases Security Update to Address Multiple Vulnerabilities
Original release date: November 29, 2006
Last revised: --
Source: US-CERT
Systems Affected
* Apple Mac OS X version 10.3.x and 10.4.x
* Apple Mac OS X Server version 10.3.x and 10.4.x
* Apple Safari web browser
These vulnerabilities affect both Intel-based and PowerPC-based Apple
systems.
Overview
Apple has released Security Update 2006-007 to correct multiple
vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web
browser. Vulnerabilities in OpenSSL, gzip, and other products are also
addressed. Attackers may take
advantage of the less serious vulnerabilities to bypass security
restrictions or cause a denial of service.
I. Description
Apple Security Update 2006-007 addresses a number of vulnerabilities
affecting Mac OS X, OS X Server, Safari web browser, and other
products. Further details are available in the related vulnerability
notes.
This security update also addresses previously known vulnerabilities
in PHP, Perl, OpenSSL, and gzip, which are shipped with Mac OS X. Information is also available through the OpenSSL
vulnerabilities page. Information about the vulnerabilities in gzip is
available in a series of vulnerability notes.
II. Impact
The impacts of these vulnerabilities vary. For specific details, see
the appropriate vulnerability notes. Potential consequences include
remote execution of arbitrary code or commands, bypass of security
restrictions, and denial of service.
III. Solution
Install updates
Install Apple Security Update 2006-007.
IV. References
* Vulnerability Notes for Apple Security Update 2006-007 -
<http://www.kb.cert.org/vuls/byid?searchview&query=apple-2006-007>
* Vulnerability Notes for OpenSSL Security Advisory [28th September
2006] -
<http://www.kb.cert.org/vuls/byid?searchview&query=openssl_secadv_20060928>
* Vulnerability Note VU#845620 -
<http://www.kb.cert.org/vuls/id/845620>
* Vulnerability Note VU#933712 -
<http://www.kb.cert.org/vuls/id/933712>
* Vulnerability Note VU#381508 -
<http://www.kb.cert.org/vuls/id/381508>
* Vulnerability Note VU#554780 -
<http://www.kb.cert.org/vuls/id/554780>
* Vulnerability Note VU#596848 -
<http://www.kb.cert.org/vuls/id/596848>
* Vulnerability Note VU#773548 -
<http://www.kb.cert.org/vuls/id/773548>
* About the security content of Security Update 2006-007 -
<http://docs.info.apple.com/article.html?artnum=304829>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Apple Downloads - <http://www.apple.com/support/downloads/>
* OpenSSL: OpenSSL vulnerabilities -
<http://www.openssl.org/news/vulnerabilities.html>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/#Safari>
_________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-333A.html>
_________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA06-333A Feedback VU#191336" in the
subject.
_________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
November 29, 2006: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRW33NuxOF3G+ig+rAQJtiggApJKRh7x+z8vp0xb26sE16RUOD3epcrk6
lJZ4rXnqVqoFacAt0Ucb8T43/Uc4N85UMa695YbFspYZum3hcGZo+WnNPolGUeRz
iN/4bfKgzekfpbHxf6T3YvQYp+PVMRfHPUcxfaZDYXhu2813N4SSQpM59KRL5BD7
xr+5VvB09biVKlzpEdgtk2EHcqc+sMF5+o3cCgDJCnJNL+NG4J6d/hsyNP15ekTf
8m0W4rJonUe2gR2Bp7F1Y47KgRr3BT1aH2gxUSim9qEJpPdP/CkmGoFp+BfrFP9q
A580LOrqFK8HIly1fbPKb26p2theUUESnQqM9Ob8xolkCDLy6h7ssg==
=f7N+
-----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200612-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Mozilla Firefox: Multiple vulnerabilities
Date: December 10, 2006
Bugs: #154434
ID: 200612-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Mozilla Firefox.
Background
==========
Mozilla Firefox is a popular open-source web browser from the Mozilla
Project.
-------------------------------------------------------------------
Description
===========
Mozilla Firefox improperly handles Script objects while they are being
executed. Mozilla Firefox has also been found to be vulnerable to
various possible buffer overflows. Lastly, the binary release of
Mozilla Firefox is vulnerable to a low exponent RSA signature forgery
issue because it is bundled with a vulnerable version of NSS.
Impact
======
An attacker could entice a user to view specially crafted JavaScript
and execute arbitrary code with the rights of the user running Mozilla
Firefox. It is also possible for an attacker to make up SSL/TLS
certificates that would not be detected as invalid by the binary
release of Mozilla Firefox, raising the possibility for
Man-in-the-Middle attacks.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.8"
All Mozilla Firefox binary release users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.8"
References
==========
[ 1 ] CVE-2006-5462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5462
[ 2 ] CVE-2006-5463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5463
[ 3 ] CVE-2006-5464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5464
[ 4 ] CVE-2006-5747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5747
[ 5 ] CVE-2006-5748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5748
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200612-07.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
VAR-200609-0995 | CVE-2006-4339 | OpenSSL SSLv2 client code fails to properly check for NULL |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures.
An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key.
All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------
~ VMware Security Advisory
Advisory ID: VMSA-2008-0005
Synopsis: Updated VMware Workstation, VMware Player, VMware
~ Server, VMware ACE, and VMware Fusion resolve
~ critical security issues
Issue date: 2008-03-17
Updated on: 2008-03-17 (initial release of advisory)
CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361
~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940
~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339
~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363
~ CVE-2008-1340
- -------------------------------------------------------------------
1. Summary:
~ Several critical security vulnerabilities have been addressed
~ in the newest releases of VMware's hosted product line.
2. Relevant releases:
~ VMware Workstation 6.0.2 and earlier
~ VMware Workstation 5.5.4 and earlier
~ VMware Player 2.0.2 and earlier
~ VMware Player 1.0.4 and earlier
~ VMware ACE 2.0.2 and earlier
~ VMware ACE 1.0.2 and earlier
~ VMware Server 1.0.4 and earlier
~ VMware Fusion 1.1 and earlier
3. Problem description:
~ a. Host to guest shared folder (HGFS) traversal vulnerability
~ On Windows hosts, if you have configured a VMware host to guest
~ shared folder (HGFS), it is possible for a program running in the
~ guest to gain access to the host's file system and create or modify
~ executable files in sensitive locations.
NOTE: VMware Server is not affected because it doesn't use host to
~ guest shared folders. Because
~ ESX Server is based on a bare-metal hypervisor architecture
~ and not a hosted architecture, and it doesn't include any
~ shared folder abilities. Fusion and Linux based hosted
~ products are unaffected.
~ VMware would like to thank CORE Security Technologies for
~ working with us on this issue. This addresses advisory
~ CORE-2007-0930.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2008-0923 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ b. Insecure named pipes
~ An internal security audit determined that a malicious Windows
~ user could attain and exploit LocalSystem privileges by causing
~ the authd process to connect to a named pipe that is opened and
~ controlled by the malicious user.
~ The same internal security audit determined that a malicious
~ Windows user could exploit an insecurely created named pipe
~ object to escalate privileges or create a denial of service
~ attack. In this situation, the malicious user could
~ successfully impersonate authd and attain privileges under
~ which Authd is executing.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these
~ issues.
~ Windows Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ c. Updated libpng library to version 1.2.22 to address various
~ security vulnerabilities
~ Several flaws were discovered in the way libpng handled various PNG
~ image chunks. An attacker could create a carefully crafted PNG
~ image file in such a way that it could cause an application linked
~ with libpng to crash when the file was manipulated.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ has assigned the name CVE-2007-5269 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ NOTE: Fusion is not affected by this issue.
~ d.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the following names to these issues: CVE-2006-2940,
~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ NOTE: Fusion is not affected by this issue.
~ e. VIX API default setting changed to a more secure default value
~ Workstation 6.0.2 allowed anonymous console access to the guest by
~ means of the VIX API. This release, Workstation 6.0.3, disables
~ this feature. This means that the Eclipse Integrated Virtual
~ Debugger and the Visual Studio Integrated Virtual Debugger will now
~ prompt for user account credentials to access a guest.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ f. Windows 2000 based hosted products privilege escalation
~ vulnerability
~ This release addresses a potential privilege escalation on
~ Windows 2000 hosted products. Certain services may be improperly
~ registered and present a security vulnerability to Windows 2000
~ machines.
~ VMware would like to thank Ray Hicken for reporting this issue and
~ David Maciejak for originally pointing out these types of
~ vulnerabilities.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2007-5618 to this issue.
~ Windows versions of Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ NOTE: Fusion and Linux based products are not affected by this
~ issue.
~ g. DHCP denial of service vulnerability
~ A potential denial of service issue affects DHCP service running
~ on the host.
~ VMware would like to thank Martin O'Neal for reporting this issue.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2008-1364 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241)
~ NOTE: This issue doesn't affect the latest versions of VMware
~ Workstation 6, VMware Player 2, and ACE 2 products.
~ h. Local Privilege Escalation on Windows based platforms by
~ Hijacking VMware VMX configuration file
~ VMware uses a configuration file named "config.ini" which
~ is located in the application data directory of all users.
~ By manipulating this file, a user could gain elevated
~ privileges by hijacking the VMware VMX process.
~ VMware would like to thank Sun Bing for reporting the issue.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2008-1363 to this issue.
~ Windows based Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404)
~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846)
~ i. Virtual Machine Communication Interface (VMCI) memory corruption
~ resulting in denial of service
~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0,
~ and VMware ACE 2.0. It is an experimental, optional feature and
~ it may be possible to crash the host system by making specially
~ crafted calls to the VMCI interface. This may result in denial
~ of service via memory exhaustion and memory corruption.
~ VMware would like to thank Andrew Honig of the Department of
~ Defense for reporting this issue.
~ The Common Vulnerabilities and Exposures project (cve.mitre.org)
~ assigned the name CVE-2008-1340 to this issue.
~ Hosted products
~ ---------------
~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004)
~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004)
~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004)
4. Solution:
Please review the Patch notes for your product and version and verify
the md5sum of your downloaded file.
~ VMware Workstation 6.0.3
~ ------------------------
~ http://www.vmware.com/download/ws/
~ Release notes:
~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
~ Windows binary
~ md5sum: 323f054957066fae07735160b73b91e5
~ RPM Installation file for 32-bit Linux
~ md5sum: c44183ad11082f05593359efd220944e
~ tar Installation file for 32-bit Linux
~ md5sum: 57601f238106cb12c1dea303ad1b4820
~ RPM Installation file for 64-bit Linux
~ md5sum: e9ba644be4e39556724fa2901c5e94e9
~ tar Installation file for 64-bit Linux
~ md5sum: d8d423a76f99a94f598077d41685e9a9
~ VMware Workstation 5.5.5
~ ------------------------
~ http://www.vmware.com/download/ws/ws5.html
~ Release notes:
~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html
~ Windows binary
~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3
~ Compressed Tar archive for 32-bit Linux
~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb
~ Linux RPM version for 32-bit Linux
~ md5sum: c222b6db934deb9c1bb79b16b25a3202
~ VMware Server 1.0.5
~ -------------------
~ http://www.vmware.com/download/server/
~ Release notes:
~ http://www.vmware.com/support/server/doc/releasenotes_server.html
~ VMware Server for Windows 32-bit and 64-bit
~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc
~ VMware Server Windows client package
~ md5sum: cb3dd2439203dc510f4d95f06ba59d21
~ VMware Server for Linux
~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e
~ VMware Server for Linux rpm
~ md5sum: fc3b81ed18b53eda943a992971e9f84a
~ Management Interface
~ md5sum: dd10d25895d9994bd27ca896152f48ef
~ VMware Server Linux client package
~ md5sum: aae18f1f7b8811b5499e3a358754d4f8
~ VMware ACE 2.0.3 and 1.0.5
~ --------------------------
~ http://www.vmware.com/download/ace/
~ Windows Release notes:
~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html
~ VMware Fusion 1.1.1
~ -------------------
~ http://www.vmware.com/download/fusion/
~ Release notes:
~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html
~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0
~ VMware Player 2.0.3 and 1.0.6
~ ----------------------
~ http://www.vmware.com/download/player/
~ Release notes Player 1.x:
~ http://www.vmware.com/support/player/doc/releasenotes_player.html
~ Release notes Player 2.0
~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html
~ 2.0.3 Windows binary
~ md5sum: 0c5009d3b569687ae139e13d24c868d3
~ VMware Player 2.0.3 for Linux (.rpm)
~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2
~ VMware Player 2.0.3 for Linux (.tar)
~ md5sum: 2305fcff49bef6e4ad83742412eac978
~ VMware Player 2.0.3 - 64-bit (.rpm)
~ md5sum: cf945b571c4d96146ede010286fdfca5
~ VMware Player 2.0.3 - 64-bit (.tar)
~ md5sum: f99c5b293eb87c5f918ad24111565b9f
~ 1.0.6 Windows binary
~ md5sum: 895081406c4de5361a1700ec0473e49c
~ Player 1.0.6 for Linux (.rpm)
~ md5sum: 8adb23799dd2014be0b6d77243c76942
~ Player 1.0.6 for Linux (.tar)
~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f
5. References:
~ CVE numbers
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363
~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340
- -------------------------------------------------------------------
6. Contact:
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
~ * security-announce@lists.vmware.com
~ * bugtraq@securityfocus.com
~ * full-disclosure@lists.grok.org.uk
E-mail: security@vmware.com
Security web site
http://www.vmware.com/security
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2008 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv
Cv8MnL2bYPyDfYQ3f4IUL+w=
=tFXS
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Secunia integrated with Microsoft WSUS
http://secunia.com/blog/71/
----------------------------------------------------------------------
TITLE:
OpenOffice.org 3 Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA38568
VERIFY ADVISORY:
http://secunia.com/advisories/38568/
DESCRIPTION:
Some vulnerabilities have been reported in OpenOffice.org, which can
be exploited by malicious people to bypass certain security
restrictions, conduct spoofing attacks, or compromise a user's
system.
1) The included libxml2 library fails to properly verify signatures.
This is related to:
SA21709
2) An error in the included libxmlsec library can be exploited to
potentially forge a valid signature.
For more information:
SA35854
3) An error in the included MSVC Runtime package can be exploited to
bypass certain security features.
For more information see vulnerability #2 in:
SA35967
4) An error in the processing XPM files can be exploited to
potentially execute arbitrary code.
5) An error in the processing GIF files can be exploited to
potentially execute arbitrary code.
6) An error in the processing of Word documents can be exploited to
potentially execute arbitrary code.
SOLUTION:
Update to version 3.2.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
4) Sebastian Apelt of siberas
5) Frank Rei\xdfner and Sebastian Apelt of siberas
6) Nicolas Joly of Vupen
ORIGINAL ADVISORY:
http://www.openoffice.org/security/cves/CVE-2006-4339.html
http://www.openoffice.org/security/cves/CVE-2009-0217.html
http://www.openoffice.org/security/cves/CVE-2009-2493.html
http://www.openoffice.org/security/cves/CVE-2009-2949.html
http://www.openoffice.org/security/cves/CVE-2009-2950.html
http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html
OTHER REFERENCES:
SA21709:
http://secunia.com/advisories/21709/
SA35854:
http://secunia.com/advisories/35854/
SA35967:
http://secunia.com/advisories/35967/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00794048
Version: 1
HPSBUX02165 SSRT061266 rev.1 - HP-UX VirtualVault Remote Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2006-10-31
Last Updated: 2006-10-31
Potential Security Impact: Remote Unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access.
References: CVE-2006-4339
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.04 running Virtualvault 4.7 or Virtualvault 4.6 or Virtualvault 4.5 or HP WebProxy.
BACKGROUND
The OpenSSL community has released OpenSSL 0.9.7.k version superseding the OpenSSL 0.9.7i release that was identified in the CVE report.
Note: To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed.
AFFECTED VERSIONS
HP-UX B.11.04 Virtualvault A.04.70
===========================
VaultWS.WS-CORE
VaultTS.VV-IWS
VaultTS.VV-CORE-CMN
VaultTGP.TGP-CORE
action: install PHSS_35463, PHSS_35460, PHSS_35481 or subsequent
HP-UX B.11.04 Virtualvault A.04.70 (Apache 2.X)
====================================
VaultWS.WS-CORE
action: install PHSS_35436 or subsequent
HP-UX B.11.04 Virtualvault A.04.60
===========================
VaultWS.WS-CORE
VaultTS.VV-IWS
VaultTS.VV-CORE-CMN
VaultTGP.TGP-CORE
action: install PHSS_35462, PHSS_35459, PHSS_35480 or subsequent
HP-UX B.11.04 Virtualvault A.04.50
===========================
VaultWS.WS-CORE
VaultTS.VV-IWS
VaultTS.VV-IWS-JK
VaultTS.VV-CORE-CMN
action: install PHSS_35461, PHSS_35458 or subsequent
HP-UX B.11.04 HP Webproxy A.02.10 (Apache 2.x)
============================
HP_Webproxy.HPWEB-PX-CORE
action: install PHSS_35437 or subsequent
HP-UX B.11.04 HP Webproxy A.02.10 (Apache 1.x)
============================
HP_Webproxy.HPWEB-PX-CORE
action: install PHSS_35111 or subsequent
HP-UX B.11.04 HP Webproxy A.02.00
============================
HP_Webproxy.HPWEB-PX-CORE
action: install PHSS_35110 or subsequent
END AFFECTED VERSIONS
RESOLUTION
HP is making the following patches available to resolve this issue.
The patches are available for download from http://itrc.hp.com
For B.11.04 HP has made the following patches available:
PHSS_35463 Virtualvault 4.7 OWS (Apache 1.x) update
PHSS_35460 Virtualvault 4.7 IWS update
PHSS_35481 Virtualvault 4.7 TGP update
PHSS_35436 Virtualvault 4.7 OWS (Apache 2.x) update
PHSS_35462 Virtualvault 4.6 OWS update
PHSS_35459 Virtualvault 4.6 IWS update
PHSS_35480 Virtualvault 4.6 TGP update
PHSS_35461 Virtualvault 4.5 OWS update
PHSS_35458 Virtualvault 4.5 IWS update
PHSS_35437 Webproxy server 2.1 (Apache 2.x) update
PHSS_35111 Webproxy server 2.1 (Apache 1.x) update
PHSS_35110 Webproxy server 2.0 update
PRODUCT SPECIFIC INFORMATION
HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA
MANUAL ACTIONS: No
HISTORY Version: 1 (rev.1) 31 October 2006 Initial release
Third Party Security Patches: Third Party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services
support channel.
Report: To report a potential security vulnerability with any HP
supported product, send Email to: security-alert@hp.com. It is
strongly recommended that security related information being
communicated to HP be encrypted using PGP, especially exploit
information. To get the security-alert PGP key, please send an
e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP
Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&
langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
- check ALL categories for which alerts are required and
continue.
Under Step2: your ITRC operating systems
- verify your operating system selections are checked and
save.
To update an existing subscription:
http://h30046.www3.hp.com/subSignIn.php
Log in on the web page:
Subscriber's choice for Business: sign-in.
On the web page:
Subscriber's Choice: your profile summary
- use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit:
http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters of the
Bulletin number in the title:
GN = HP General SW,
MA = HP Management Agents,
MI = Misc. 3rd party SW,
MP = HP MPE/iX,
NS = HP NonStop Servers,
OV = HP OpenVMS,
PI = HP Printing & Imaging,
ST = HP Storage SW,
TL = HP Trusted Linux,
TU = HP Tru64 UNIX,
UX = HP-UX,
VV = HP Virtual Vault
System management and security procedures must be reviewed
frequently to maintain system integrity. HP is continually
reviewing and enhancing the security features of software products
to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to
bring to the attention of users of the affected HP products the
important security information contained in this Bulletin. HP
recommends that all users determine the applicability of this
information to their individual situations and take appropriate
action. HP does not warrant that this information is necessarily
accurate or complete for all user situations and, consequently, HP
will not be responsible for any damages resulting from user's use
or disregard of the information provided in this Bulletin. To the
extent permitted by law, HP disclaims all warranties, either
express or implied, including the warranties of merchantability
and fitness for a particular purpose, title and non-infringement."
(c)Copyright 2006 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or
editorial errors or omissions contained herein. The information
provided is provided "as is" without warranty of any kind. To the
extent permitted by law, neither HP nor its affiliates,
subcontractors or suppliers will be liable for incidental, special
or consequential damages including downtime cost; lost profits;
damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration.
The information in this document is subject to change without
notice. Hewlett-Packard Company and the names of Hewlett-Packard
products referenced herein are trademarks of Hewlett-Packard
Company in the United States and other countries. Other product
and company names mentioned herein may be trademarks of their
respective owners