VARIoT IoT vulnerabilities database

Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Apache is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. This issue affects the following: - The 'mod_imagemap' module in Apache 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, and 2.2.0 - The 'mod_imap' module in Apache 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, and 1.3.0. =========================================================== Ubuntu Security Notice USN-575-1 February 04, 2008 apache2 vulnerabilities CVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: apache2-mpm-perchild 2.0.55-4ubuntu2.3 apache2-mpm-prefork 2.0.55-4ubuntu2.3 apache2-mpm-worker 2.0.55-4ubuntu2.3 Ubuntu 6.10: apache2-mpm-perchild 2.0.55-4ubuntu4.2 apache2-mpm-prefork 2.0.55-4ubuntu4.2 apache2-mpm-worker 2.0.55-4ubuntu4.2 Ubuntu 7.04: apache2-mpm-event 2.2.3-3.2ubuntu2.1 apache2-mpm-perchild 2.2.3-3.2ubuntu2.1 apache2-mpm-prefork 2.2.3-3.2ubuntu2.1 apache2-mpm-worker 2.2.3-3.2ubuntu2.1 Ubuntu 7.10: apache2-mpm-event 2.2.4-3ubuntu0.1 apache2-mpm-perchild 2.2.4-3ubuntu0.1 apache2-mpm-prefork 2.2.4-3ubuntu0.1 apache2-mpm-worker 2.2.4-3ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This was only vulnerable in Ubuntu 6.06. A remote attacker could send Apache crafted date headers and cause a denial of service via application crash. By default, mod_proxy is disabled in Ubuntu. (CVE-2007-3847) It was discovered that mod_autoindex did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2007-4465) It was discovered that mod_imap/mod_imagemap did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000) It was discovered that mod_status when status pages were available, allowed for cross-site scripting attacks. By default, mod_status is disabled in Ubuntu. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6421) It was discovered that mod_proxy_balancer could be made to dereference a NULL pointer. A remote attacker could send a crafted request and cause a denial of service via application crash. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422) It was discovered that mod_proxy_ftp did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.diff.gz Size/MD5: 121305 10359a467847b63f8d6603081450fece http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3.dsc Size/MD5: 1148 923d0e3dcb5afba32a130aed96ac7214 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.3_all.deb Size/MD5: 2124588 2befe634f0a889cc2241772f2a7d7164 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 832842 032c077cfeb6ffbc3989c54c27cb729a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 228206 771457a0b555eef325be270e1c22c0c2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 223236 77988570570b779ebf92fcc3dc7dc198 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 227904 945d30797a27c7ac28a96d9c1793b80d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 171402 3b7567107864cf36953e7911a4851738 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 172186 85a591ea061cbc727fc261b046781502 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 94240 b80027348754c493312269f7410b38fe http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 36228 2821ca9410c9cd287e756f05b0f6930c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 285664 76f4879738a0a788414316581ac2010b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_amd64.deb Size/MD5: 144250 3cd8327429958569a306257da57e8be0 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 786052 7bdddb451607eeb2abb9706641675397 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 202862 a88456a5949fe1da4ad3f6c969d3a886 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 198746 aa72459cae4f5765ccd1b58d275961bc http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 202338 13bbe75f89aeedb6dec9be929528df48 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 171408 34209e19f6ef01cb08aa75c1b3045495 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 172176 4521336ea6f4d87391ee96d70b79f887 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 92182 d8a3310073c017cdc7d3ffd1046a50cf http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 36220 0ae71bd4efdd0fb325864f46ba4f16e7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 261736 476e8d909e279fac698baf9cf0d62300 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_i386.deb Size/MD5: 132160 3efb3c11dd844fbc429eff5818dcdae2 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 859014 a8c42d748bfd616f6a6f1bbbf2224205 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 220254 84f7c2678fbab6b303361d32f1a741a8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 215932 bee4a6e00371117203647fd3a311658a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 219800 aaf4968deba24912e4981f35a367a086 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 171410 a15c13c0a2ec49e805f9ae83e5db4ae7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 172198 4e411b4b16daab9a0ddc9ea3651f448d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 103940 dca02b7f5bc6848fa1dc8aa530f04910 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 36222 619ee3ea1064d11a02de092690bfb1e1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 281280 9325dbc26f57d76254ceca78bee4cff2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_powerpc.deb Size/MD5: 141398 668d7fb9dd196e82601ca6d43a326813 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 803242 120feec10c0dcc370894e2a3bdcd399b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 210668 062841f2fd30c07ff1f5b101a7c1e196 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 206266 35b3b9d4b34844b01576ca7963b5edda http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 209954 4f99e4d02fc93222cb541edb09358b79 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 171404 bd728a86c1a8984d60caeee35da0c451 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 172184 1794886b8aca59cf28cbe28d853f42ae http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 93282 1ae6def788c74750d79055784c0d8006 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 36230 5f1d8e4d19324674a1f5748601431758 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 267832 96c149638daeb993250b18c9f4285abf http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.3_sparc.deb Size/MD5: 130082 7a62f71e679a233ca118cb9813ffd3e3 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.diff.gz Size/MD5: 121671 775c3b2d53630ddfb4386cbfdb954861 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2.dsc Size/MD5: 1148 a5dd357e0bef2dc308656c6c0af5ca1c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu4.2_all.deb Size/MD5: 2124902 baf4147b4e4d939a08f20c8ac987abf7 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 836086 e04fced4fc1efd4a192a4016f679bc38 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 227790 27c558402837f9d4c85315dcdde2f4e1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 222698 a33ef1566dcd4793b0aa633435e8ee44 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 227296 4b3c5e771574d858dd655a9e0a7a5d8c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 171640 bd8fbcd40f5431e6688156ba4b17e960 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 172412 0520836bca78eb64bc97d4a8cc481487 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 94518 8b35759996e50046eca8154ebc63fc1f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 36530 1b08b4418ff0f7ba90940433116cf6d8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 286876 1426b92819b56ff892483acedfdea4c6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_amd64.deb Size/MD5: 145340 109c93408c5197be50960cce80c23b7c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 806640 81e91910683454a4b2444e0ce8e929bc http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 209996 27440ecbe836673f63ae1773e238eb65 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 206098 e77a4b69c1c456f4ca6c03d9105d8552 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 209552 8a23207211e54b138d5a87c15c097908 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 171636 07616e459905bad152a8669c8f670436 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 172408 69300678b2f8b908f90a91de325c7ee2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 93558 d47cdad1593a7332507c7d0388effbf4 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 36532 47800e58ec26a1389005b8120ad3ca3e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 266728 65cd78808f959d9e73a4d5e348bf3e20 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_i386.deb Size/MD5: 137934 1493ea26165b34a841da777ed801ca7a powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 865216 a635390e5772dd30dac70f7aba5e620d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 222022 e37ef7d710800e568d838242d3129725 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 217630 53127602a5df28a5d66fdd11e396c346 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 221782 d3e43cef5b90a7e3aa405a5d167ddfb6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 171632 d9f1c242ffeab1b90850a6ffc78f0148 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 172404 51b40f3e6a486ce372844ad24b83ecf5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 104970 0f281f65023f52f0bea2dc54136b6c57 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 36530 c8c4a7e645fe938da23737602589d08c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 284866 ba3e1b09a14d8e5485561118f6eeefb7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_powerpc.deb Size/MD5: 144554 66d17552fd2385cfdf44c5d55ea583c9 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 811380 c2578ed2a96363e7c5fb268933487ccb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 212602 aab797ade503fec11a36dbf640e1ef08 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 208354 0a571678c269d1da06787dac56567f1c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 212052 90754ccdcd95e652413426376078d223 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 171634 00fbac613f13f1d1e20470ce42703018 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 172414 65e31d4a009a9663212f8cfcfa492c53 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 94100 95bd6b71a6bc1fceeccbc51d2b913bd2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 36532 b4a7ccf0ba37c70b78a950bacbc4a650 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 268776 5b157a4dd55f533a610bc6c111e9d414 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu4.2_sparc.deb Size/MD5: 131000 dda2d34f2e90e0468b02e261ae2c6afe Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.diff.gz Size/MD5: 115896 cbb8201fa61844fe02dcc7c2e1e35cf5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1.dsc Size/MD5: 1128 77143d282e5fc16d3f1dc327b7a4fd87 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3.orig.tar.gz Size/MD5: 6342475 f72ffb176e2dc7b322be16508c09f63c Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.3-3.2ubuntu2.1_all.deb Size/MD5: 2199570 be1a62334680ed00d5f5a4c74113d524 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.3-3.2ubuntu2.1_all.deb Size/MD5: 272460 eb0d9dce34ef9dd4b940fb98c38e529c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.3-3.2ubuntu2.1_all.deb Size/MD5: 6672646 b3d11c9f4451f75e4ff17e663999a579 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.3-3.2ubuntu2.1_all.deb Size/MD5: 39090 d2db3ef69d13b4ed76493e189174c304 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 450016 f2726571f028c6f228a73faa1b620f63 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 445732 2f791f5e207e2ed047c4ed36572cea6d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 449602 a67b291ea2270e9c46f8eaecef65f7c6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 403950 bc7a8419daa6c451decbb5640241df32 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 404518 099bb7f53ae885bd7e8157c781c5b50b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 341726 0aed173b3eb2db83ddd6ddb49bab7c4e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_amd64.deb Size/MD5: 971426 30db1106dfea5106da54d2287c02a380 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 433320 03d3aa003bf777f1f1ae9d8f814caac1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 429248 e49f5accb8764204a2a759ea8b2dea55 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 432706 a3c32680004d3e0b460513d426006bb0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 403964 63c77d5009e715094d21c273b57c04d0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 404530 f4b9eb26fa058eaec8f75ae956cbc852 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 340810 e5d63edb8c0f2baccf9a2b072d1c3d74 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_i386.deb Size/MD5: 929546 828b8224e2540d7bc4e462d5b2b1f8af powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 451914 b1057076382cb22727fa0bcd202c57dd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 447340 44e26684bd3a09f2ed6969d2c540f5ae http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 451324 2c029a48b2242e1fdf137a6cec3af09d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 403974 65a11cfaee921517445cf74ed04df701 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 404538 d27226fdeac7d193651a2cb2bd4b61e8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 360936 058bbb5e05afc0ca08805ca71a713a42 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_powerpc.deb Size/MD5: 1073822 0f9dda867e9131cc5418dd40ec579d38 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 434804 ff6361811108a9be8b45dd255b84c376 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 430968 367e708f82317b657439fc9e70dfb3eb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 434308 2073137bb138dc52bbace666714f4e14 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 403952 f0ed9c92b917d1749825e64be61d8822 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 404520 fa7ce800de2eb5719c479a7506798b88 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 343774 880faca3543426734431c29de77c3048 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.3-3.2ubuntu2.1_sparc.deb Size/MD5: 938534 3e9075d30b9cedd73a936a14b8b84374 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.diff.gz Size/MD5: 121669 dd7399c1dacd25d2153af25d3e9c3ea5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1.dsc Size/MD5: 1241 9b9bd27a1cfe3fc33d63b0b13d345e98 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.1_all.deb Size/MD5: 2211118 6da81663b251e862bb665d9627271b9f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.1_all.deb Size/MD5: 278032 4f8270cff0a532bd059741b366047da9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.1_all.deb Size/MD5: 6700348 b133a1244f39b3f64fdd47cdd4a64480 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.1_all.deb Size/MD5: 42192 3f0351337b9c5d21ceea4b92a3911040 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 456628 d85a3cbc0eef82e845a8327180136469 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 452408 8dd9341af4b538e6c9f8f70faf5fd2f2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 456134 f6bcb10663b0c13cdf68c6d0e83c6342 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 410020 036c44117688999e0eaa7a6cfc1b5a11 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 410604 cbb1e906a74fb2a34f41a3243ffa8010 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 347444 63413a914cb4546704032ab8f7f16a80 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_amd64.deb Size/MD5: 989366 b0c2d84f421fcb331efcec2a7b0711d1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 439730 46888aaf742cdcc30bcf7983d31c0158 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 435354 f3557e1a87154424e9144cf672110e93 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 439062 3469e523d93cfc20b71271b1f24daea1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 410026 fafeb6f9433f595e1a634505f78d2bd1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 410606 29b01db3883e5d12a5992c22cadfbe7a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 346490 6581362eebd73d91d1f74ebd9941c890 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_i386.deb Size/MD5: 944816 a1f598ad168bf49f12f8b0cf08ab7908 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 458126 f08b8b1f2673fdfcbd849bc913006408 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 453546 f52c55b92d5b1c42cb4cfcfee774b1bd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 457466 f7b948be666100a7f5631cbafe2255dd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 410024 3bba352e3a2d8730a23d04fdcea5abd9 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 410606 b95af66f260d1291e92986790b7d2f0f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 366550 c2f8906ce78396a240e37c08aa2cc197 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_powerpc.deb Size/MD5: 1091688 f214016a736f7743a28dfd03e09753e2 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 440954 f1a98acdf576d3e7c9576501f7886d30 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 437166 36b4878e0e9593b5d28c743eb093784a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 440446 46d56f1a8d1b10cc937c8252648a583e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 410028 0c28e9654530a4ecf363d998b78e1fd5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 410608 8e22b403b2315b190263f8ba2c8f98dd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 349678 fe7ce515de30be0ef1ddf865cae5dd49 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.1_sparc.deb Size/MD5: 956316 009e48ea5e94d39830b3e9ba21aa55c8 . The HP Business Availability Center v8.02 kit is available on the HP Software Support Online portal at: http://support.openview.hp.com/support.jsp . Summary Updated VMware Hosted products address security issues in libpng and the Apace HTTP Server. 2. Relevant releases VMware Workstation 6.5.2 and earlier, VMware Player 2.5.2 and earlier, VMware ACE 2.5.2 and earlier 3. Problem Description a. Third Party Library libpng Updated to 1.2.35 Several flaws were discovered in the way third party library libpng handled uninitialized pointers. An attacker could create a PNG image file in such a way, that when loaded by an application linked to libpng, it could cause the application to crash or execute arbitrary code at the privilege level of the user that runs the application. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0040 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 6.5.x any 6.5.3 build 185404 or later Player 2.5.x any 2.5.3 build 185404 or later ACE 2.5.x any 2.5.3 build 185404 or later Server 2.x any patch pending Server 1.x any patch pending Fusion 2.x Mac OS/X not affected Fusion 1.x Mac OS/X not affected ESXi 4.0 ESXi not affected ESXi 3.5 ESXi not affected ESX 4.0 ESX not affected ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 3.0.2 ESX not affected ESX 2.5.5 ESX not affected * * The libpng update for the Service Console of ESX 2.5.5 is documented in VMSA-2009-0007. b. Apache HTTP Server updated to 2.0.63 The new version of ACE updates the Apache HTTP Server on Windows hosts to version 2.0.63 which addresses multiple security issues that existed in the previous versions of this server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-3847, CVE-2007-1863, CVE-2006-5752, CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005 to the issues that have been addressed by this update. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected Workstation 6.5.x any not affected Player 2.5.x any not affected ACE 2.5.x Windows 2.5.3 build 185404 or later ACE 2.5.x Linux update Apache on host system * Server 2.x any not affected Server 1.x any not affected Fusion 2.x Mac OS/X not affected Fusion 1.x Mac OS/X not affected ESXi 4.0 ESXi not affected ESXi 3.5 ESXi not affected ESX 4.0 ESX not affected ESX 3.5 ESX not affected ESX 3.0.3 ESX not affected ESX 3.0.2 ESX not affected ESX 2.5.5 ESX not affected * The Apache HTTP Server is not part of an ACE install on a Linux host. 4. Solution Please review the patch/release notes for your product and version and verify the md5sum and/or the sha1sum of your downloaded file. VMware Workstation 6.5.3 ------------------------ http://www.vmware.com/download/ws/ Release notes: http://www.vmware.com/support/ws65/doc/releasenotes_ws653.html For Windows Workstation for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 7565d16b7d7e0173b90c3b76ca4656bc sha1sum: 9f687afd8b0f39cde40aeceb3213a91be487aad1 For Linux Workstation for Linux 32-bit Linux 32-bit .rpm md5sum: 4d55c491bd008ded0ea19f373d1d1fd4 sha1sum: 1f43131c960e76a530390d3b6984c78dfc2da23e Workstation for Linux 32-bit Linux 32-bit .bundle md5sum: d4a721c1918c0e8a87c6fa4bad49ad35 sha1sum: c0c6f9b56e70bd3ffdb5467ee176110e283a69e5 Workstation for Linux 64-bit Linux 64-bit .rpm md5sum: 72adfdb03de4959f044fcb983412ae7c sha1sum: ba16163c8d9b5aa572526b34a7b63dc6e68f9bbb Workstation for Linux 64-bit Linux 64-bit .bundle md5sum: 83e1f0c94d6974286256c4d3b559e854 sha1sum: 8763f250a3ac5fc4698bd26319b93fecb498d542 VMware Player 2.5.3 ------------------- http://www.vmware.com/download/player/ Release notes: http://www.vmware.com/support/player25/doc/releasenotes_player253.html Player for Windows binary http://download3.vmware.com/software/vmplayer/VMware-player-2.5.3-185404.exe md5sum: fe28f193374c9457752ee16cd6cad4e7 sha1sum: 13bd3ff93c04fa272544d3ef6de5ae746708af04 Player for Linux (.rpm) http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.rpm md5sum: c99cd65f19fdfc7651bcb7f328b73bc2 sha1sum: a33231b26e2358a72d16e1b4e2656a5873fe637e Player for Linux (.bundle) http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.i386.bundle md5sum: 210f4cb5615bd3b2171bc054b9b2bac5 sha1sum: 2f6497890b17b37480165bab9f430e8645edae9b Player for Linux - 64-bit (.rpm) http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.rpm md5sum: f91576ef90b322d83225117ae9335968 sha1sum: f492fa9cf26ee2818f164aac04cde1680c25d974 Player for Linux - 64-bit (.bundle) http://download3.vmware.com/software/vmplayer/VMware-Player-2.5.3-185404.x86_64.bundle md5sum: 595d44d7945c129b1aeb679d2f001b05 sha1sum: acd69fcb0c6bc49fd4af748c65c7fb730ab1e8c4 VMware ACE 2.5.3 ---------------- http://www.vmware.com/download/ace/ Release notes: http://www.vmware.com/support/ace25/doc/releasenotes_ace253.html ACE Management Server Virtual Appliance AMS Virtual Appliance .zip md5sum: 44cc7b86353047f02cf6ea0653e38418 sha1sum: 9f44b15e6681a6e58dd20784f829c68091a62cd1 VMware ACE for Windows 32-bit and 64-bit Windows 32-bit and 64-bit .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef ACE Management Server for Windows Windows .exe md5sum: 0779da73408c5e649e0fd1c62d23820f sha1sum: 2b2e4963adc89f3b642874685f490222523b63ef ACE Management Server for SUSE Enterprise Linux 9 SLES 9 .rpm md5sum: a4fc92d7197f0d569361cdf4b8cca642 sha1sum: af8a135cca398cacaa82c8c3c325011c6cd3ed75 ACE Management Server for Red Hat Enterprise Linux 4 RHEL 4 .rpm md5sum: 841005151338c8b954f08d035815fd58 sha1sum: 67e48624dba20e6be9e41ec9a5aba407dd8cc01e 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005 - ------------------------------------------------------------------------ 6. Change log 2009-08-20 VMSA-2009-0010 Initial security advisory after release of Workstation 6.5.3, Player 2.5.3, and ACE 2.5.3 on 2009-08-20. - ------------------------------------------------------------------------ 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2009 VMware Inc. All rights reserved. The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 912f61ea5210fbb94d71eef7bb634903 2007.0/i586/apache-base-2.2.3-1.3mdv2007.0.i586.rpm cb04a945da63abf56db5b444a3360916 2007.0/i586/apache-devel-2.2.3-1.3mdv2007.0.i586.rpm f4c419b30cd6f6520d9c995b9edf7098 2007.0/i586/apache-htcacheclean-2.2.3-1.3mdv2007.0.i586.rpm 1a40e9af24dce5bec34c4264ae1bdce2 2007.0/i586/apache-mod_authn_dbd-2.2.3-1.3mdv2007.0.i586.rpm 333f116f1036dcc4a95612179f7a34bd 2007.0/i586/apache-mod_cache-2.2.3-1.3mdv2007.0.i586.rpm 717feaa8449934514872fde1dfb26ff8 2007.0/i586/apache-mod_dav-2.2.3-1.3mdv2007.0.i586.rpm 15d3661edb2fa693fcc16e890f2b25a1 2007.0/i586/apache-mod_dbd-2.2.3-1.3mdv2007.0.i586.rpm 90bdaeaea54a973f5e813a495d82b14b 2007.0/i586/apache-mod_deflate-2.2.3-1.3mdv2007.0.i586.rpm 52a5ee95962b1153467443fb608eb3d8 2007.0/i586/apache-mod_disk_cache-2.2.3-1.3mdv2007.0.i586.rpm 8a0a950bfe0ce68ca498761e120d05da 2007.0/i586/apache-mod_file_cache-2.2.3-1.3mdv2007.0.i586.rpm 4f6b84375fd94d4467a3e3088de26a80 2007.0/i586/apache-mod_ldap-2.2.3-1.3mdv2007.0.i586.rpm fa98d84669215b56d3f64450af0d0f5d 2007.0/i586/apache-mod_mem_cache-2.2.3-1.3mdv2007.0.i586.rpm 665f988fa0cc99b4b55b01565a2d3075 2007.0/i586/apache-mod_proxy-2.2.3-1.3mdv2007.0.i586.rpm a22e15e33709ec0fff4c453643094031 2007.0/i586/apache-mod_proxy_ajp-2.2.3-1.3mdv2007.0.i586.rpm cca659746b2601dc61f8382c64d40206 2007.0/i586/apache-mod_ssl-2.2.3-1.3mdv2007.0.i586.rpm 208d8db690290b848c266593324c2a75 2007.0/i586/apache-mod_userdir-2.2.3-1.3mdv2007.0.i586.rpm 92a1be6ec8e7a0b274666ea7b2c8c47f 2007.0/i586/apache-modules-2.2.3-1.3mdv2007.0.i586.rpm 71670f17ade1c090567f4850c796bdef 2007.0/i586/apache-mpm-prefork-2.2.3-1.3mdv2007.0.i586.rpm dd78ed04d011e11e8872c606d4edfa93 2007.0/i586/apache-mpm-worker-2.2.3-1.3mdv2007.0.i586.rpm eb5785a9e04f14ac7788d43d18c39fcc 2007.0/i586/apache-source-2.2.3-1.3mdv2007.0.i586.rpm f066c405e8993de4fa506d8c05d37b9e 2007.0/SRPMS/apache-2.2.3-1.3mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: b25f0ae69e8be8c807afb36a5b58e4a7 2007.0/x86_64/apache-base-2.2.3-1.3mdv2007.0.x86_64.rpm ec93723ef9b7a5e62dc6704461e2b034 2007.0/x86_64/apache-devel-2.2.3-1.3mdv2007.0.x86_64.rpm 200fac36fbd67d6cd1857272aa5147e7 2007.0/x86_64/apache-htcacheclean-2.2.3-1.3mdv2007.0.x86_64.rpm ac7ec3a712d56ce1a076f29439c042d4 2007.0/x86_64/apache-mod_authn_dbd-2.2.3-1.3mdv2007.0.x86_64.rpm 126f880a37723b316f13f01c612883c5 2007.0/x86_64/apache-mod_cache-2.2.3-1.3mdv2007.0.x86_64.rpm 69460daf3173b6c9f0d9f84c3597d81a 2007.0/x86_64/apache-mod_dav-2.2.3-1.3mdv2007.0.x86_64.rpm 52cf72324ae29121fe2e2c955808791f 2007.0/x86_64/apache-mod_dbd-2.2.3-1.3mdv2007.0.x86_64.rpm 17517cc4f69dec1f4ba1c08b242526e4 2007.0/x86_64/apache-mod_deflate-2.2.3-1.3mdv2007.0.x86_64.rpm a5a27827a3f488b9f31a231aad43eae7 2007.0/x86_64/apache-mod_disk_cache-2.2.3-1.3mdv2007.0.x86_64.rpm f413791db00e648dc0fae00336340bf0 2007.0/x86_64/apache-mod_file_cache-2.2.3-1.3mdv2007.0.x86_64.rpm 9d74a9b5ff153557cf361ca1726fd9b1 2007.0/x86_64/apache-mod_ldap-2.2.3-1.3mdv2007.0.x86_64.rpm b8fde6545785d79344d5a85b7bd88903 2007.0/x86_64/apache-mod_mem_cache-2.2.3-1.3mdv2007.0.x86_64.rpm da3a732c1e41e62207085aefcd0fb99c 2007.0/x86_64/apache-mod_proxy-2.2.3-1.3mdv2007.0.x86_64.rpm df716921b9736859a712dea86b22c3f5 2007.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.3mdv2007.0.x86_64.rpm c69fd37756dbe81df897396e6c6413de 2007.0/x86_64/apache-mod_ssl-2.2.3-1.3mdv2007.0.x86_64.rpm a24b51c168be4a5d57a1d1b5a1401f83 2007.0/x86_64/apache-mod_userdir-2.2.3-1.3mdv2007.0.x86_64.rpm e481d9ceb7ffa6a6299417a6f7874c07 2007.0/x86_64/apache-modules-2.2.3-1.3mdv2007.0.x86_64.rpm 0917c7d2edab62a4c62e4dd6136dec93 2007.0/x86_64/apache-mpm-prefork-2.2.3-1.3mdv2007.0.x86_64.rpm a98b13300b903a0219dc9de626ea1bbe 2007.0/x86_64/apache-mpm-worker-2.2.3-1.3mdv2007.0.x86_64.rpm e83551cd2c8365788b767f90c204a13d 2007.0/x86_64/apache-source-2.2.3-1.3mdv2007.0.x86_64.rpm f066c405e8993de4fa506d8c05d37b9e 2007.0/SRPMS/apache-2.2.3-1.3mdv2007.0.src.rpm Mandriva Linux 2007.1: cb95db6136cbe28610e3e9baab45abeb 2007.1/i586/apache-base-2.2.4-6.4mdv2007.1.i586.rpm 6f9a4f9e658d51acdb9b8230a3ff8d10 2007.1/i586/apache-devel-2.2.4-6.4mdv2007.1.i586.rpm 71499b6f32722a7af4b664849eac6320 2007.1/i586/apache-htcacheclean-2.2.4-6.4mdv2007.1.i586.rpm 4c747fdb75063c7bb9bd50c0dbc59a5b 2007.1/i586/apache-mod_authn_dbd-2.2.4-6.4mdv2007.1.i586.rpm a3cae606ac80d807f84177c60e8455c8 2007.1/i586/apache-mod_cache-2.2.4-6.4mdv2007.1.i586.rpm 0f518e3f63d47d1c5a8193d95030f52d 2007.1/i586/apache-mod_dav-2.2.4-6.4mdv2007.1.i586.rpm 3ad5c633a0dcc187aad028f48dfb5b92 2007.1/i586/apache-mod_dbd-2.2.4-6.4mdv2007.1.i586.rpm 5fa41f5ac0caecb71c639f78222d8cee 2007.1/i586/apache-mod_deflate-2.2.4-6.4mdv2007.1.i586.rpm 1b4b5d31d1596eaa30987921d0ab07be 2007.1/i586/apache-mod_disk_cache-2.2.4-6.4mdv2007.1.i586.rpm 597eb4248325c05c1fafae90378425d6 2007.1/i586/apache-mod_file_cache-2.2.4-6.4mdv2007.1.i586.rpm f868cb2c42e06ae77fe349c7d31e0958 2007.1/i586/apache-mod_ldap-2.2.4-6.4mdv2007.1.i586.rpm a8696226c9930799d1fbad199c5e7084 2007.1/i586/apache-mod_mem_cache-2.2.4-6.4mdv2007.1.i586.rpm 2b62f69a3f58f1c572cbd8e961c11043 2007.1/i586/apache-mod_proxy-2.2.4-6.4mdv2007.1.i586.rpm bea2a28dc594b5fb8ef0591a7bb91714 2007.1/i586/apache-mod_proxy_ajp-2.2.4-6.4mdv2007.1.i586.rpm 9719faa4845deef9dc95f4ceeefce0e6 2007.1/i586/apache-mod_ssl-2.2.4-6.4mdv2007.1.i586.rpm 938e503476cac7f68b57322494e8f471 2007.1/i586/apache-mod_userdir-2.2.4-6.4mdv2007.1.i586.rpm cd01ff99ebacfe90c317d253d7ac11c4 2007.1/i586/apache-modules-2.2.4-6.4mdv2007.1.i586.rpm 5d830472142486b008e84851f5befdf9 2007.1/i586/apache-mpm-event-2.2.4-6.4mdv2007.1.i586.rpm 48ec7cbe8edbd745cc8446f2d274d8b7 2007.1/i586/apache-mpm-itk-2.2.4-6.4mdv2007.1.i586.rpm ada3666e18e2c49eb4849afbdad60f75 2007.1/i586/apache-mpm-prefork-2.2.4-6.4mdv2007.1.i586.rpm 7830123c1e76e8d02ca0a140c2b5f6c6 2007.1/i586/apache-mpm-worker-2.2.4-6.4mdv2007.1.i586.rpm 6498cc5113689f513cbdcfae0a2a3ad4 2007.1/i586/apache-source-2.2.4-6.4mdv2007.1.i586.rpm a716565584726e4d2d94ca4796c1d403 2007.1/SRPMS/apache-2.2.4-6.4mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 839816f464191d3aff0882eac70cea40 2007.1/x86_64/apache-base-2.2.4-6.4mdv2007.1.x86_64.rpm ac4910f34cbf168df34cd123604b044b 2007.1/x86_64/apache-devel-2.2.4-6.4mdv2007.1.x86_64.rpm a4b4f9d518ed8621348527938f6a8230 2007.1/x86_64/apache-htcacheclean-2.2.4-6.4mdv2007.1.x86_64.rpm d554aa06a52bd72e20f035beedd50dcf 2007.1/x86_64/apache-mod_authn_dbd-2.2.4-6.4mdv2007.1.x86_64.rpm 68659f413d0b1102c220b1b4824489b6 2007.1/x86_64/apache-mod_cache-2.2.4-6.4mdv2007.1.x86_64.rpm d92ec9a9deb7d188e644075a18951ae6 2007.1/x86_64/apache-mod_dav-2.2.4-6.4mdv2007.1.x86_64.rpm 07b06f6de52f0f107106cead6f47de2c 2007.1/x86_64/apache-mod_dbd-2.2.4-6.4mdv2007.1.x86_64.rpm 6bf077871aa95d08c934eacac7f1291e 2007.1/x86_64/apache-mod_deflate-2.2.4-6.4mdv2007.1.x86_64.rpm b16f793759b09e75b7e162a5d858d835 2007.1/x86_64/apache-mod_disk_cache-2.2.4-6.4mdv2007.1.x86_64.rpm 635452cc08657fa5da5b65dc40bf2c1b 2007.1/x86_64/apache-mod_file_cache-2.2.4-6.4mdv2007.1.x86_64.rpm 7a238972b773975493d8931d573233ec 2007.1/x86_64/apache-mod_ldap-2.2.4-6.4mdv2007.1.x86_64.rpm 46704ca76800a5b967a4dd6e8efef986 2007.1/x86_64/apache-mod_mem_cache-2.2.4-6.4mdv2007.1.x86_64.rpm 3c23cff577f9697b719c90918ef91b44 2007.1/x86_64/apache-mod_proxy-2.2.4-6.4mdv2007.1.x86_64.rpm c4ea096a86cdab894cb59bb868b849f0 2007.1/x86_64/apache-mod_proxy_ajp-2.2.4-6.4mdv2007.1.x86_64.rpm 01f40dde7c3c93606c82681af472815f 2007.1/x86_64/apache-mod_ssl-2.2.4-6.4mdv2007.1.x86_64.rpm 9ade922fc7d52d73a47ca5f3cb2c7525 2007.1/x86_64/apache-mod_userdir-2.2.4-6.4mdv2007.1.x86_64.rpm 5e7e44ef5703f1e4fe5a952e5a3f5239 2007.1/x86_64/apache-modules-2.2.4-6.4mdv2007.1.x86_64.rpm e1b06e559e600461e19f9ab0f21d94be 2007.1/x86_64/apache-mpm-event-2.2.4-6.4mdv2007.1.x86_64.rpm 9903bcc1c12a86a9c2f9483d0ef9685e 2007.1/x86_64/apache-mpm-itk-2.2.4-6.4mdv2007.1.x86_64.rpm ce244cc42b6c411d2e3264c6ac6e1a76 2007.1/x86_64/apache-mpm-prefork-2.2.4-6.4mdv2007.1.x86_64.rpm 5989a935f4a0e20ac2844982e81cda83 2007.1/x86_64/apache-mpm-worker-2.2.4-6.4mdv2007.1.x86_64.rpm 339fccde52210eca1bf7e3cf05b9ce0e 2007.1/x86_64/apache-source-2.2.4-6.4mdv2007.1.x86_64.rpm a716565584726e4d2d94ca4796c1d403 2007.1/SRPMS/apache-2.2.4-6.4mdv2007.1.src.rpm Mandriva Linux 2008.0: cb013d3f4f40e2dfe6a90e0a2a7cdd74 2008.0/i586/apache-base-2.2.6-8.1mdv2008.0.i586.rpm f2e8d6e8191794fac34ddc7fc0f38588 2008.0/i586/apache-devel-2.2.6-8.1mdv2008.0.i586.rpm 8456184db4de115db70e603dbe252456 2008.0/i586/apache-htcacheclean-2.2.6-8.1mdv2008.0.i586.rpm 9e8861daffdf9d6b0ab431b1c3c1fac9 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.1mdv2008.0.i586.rpm de1f407b2eb4d84140686375d3497006 2008.0/i586/apache-mod_cache-2.2.6-8.1mdv2008.0.i586.rpm eaf010272f97a507f37a6145bb9de809 2008.0/i586/apache-mod_dav-2.2.6-8.1mdv2008.0.i586.rpm 4d1073009151607b47ffcedc96cdb834 2008.0/i586/apache-mod_dbd-2.2.6-8.1mdv2008.0.i586.rpm cfc6f2958ef8d117d1070e422078cdfa 2008.0/i586/apache-mod_deflate-2.2.6-8.1mdv2008.0.i586.rpm 3c423e687c0afc1b224e6535e16ec279 2008.0/i586/apache-mod_disk_cache-2.2.6-8.1mdv2008.0.i586.rpm ef790e64feeaf1a9ee5c58fd7e3b359d 2008.0/i586/apache-mod_file_cache-2.2.6-8.1mdv2008.0.i586.rpm 8f86f4c499dfa14fb2daf4f8b578e150 2008.0/i586/apache-mod_ldap-2.2.6-8.1mdv2008.0.i586.rpm 21b1fc690f38b779ee79bed31c5fa3a2 2008.0/i586/apache-mod_mem_cache-2.2.6-8.1mdv2008.0.i586.rpm 0ec954d20d7a080cc9a19c2146480897 2008.0/i586/apache-mod_proxy-2.2.6-8.1mdv2008.0.i586.rpm 50a87c9099f0c094c9fbb763e334fae9 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.1mdv2008.0.i586.rpm 9d4e1c4a6614e70b77cd2e03e3baeaea 2008.0/i586/apache-mod_ssl-2.2.6-8.1mdv2008.0.i586.rpm 29346499f10a850f8011191b0d242709 2008.0/i586/apache-mod_userdir-2.2.6-8.1mdv2008.0.i586.rpm 21c5bc6f2861cc532c8b5dae3f3e1ee2 2008.0/i586/apache-modules-2.2.6-8.1mdv2008.0.i586.rpm 944b6d2f395f4d26deeef93f9ce55c5b 2008.0/i586/apache-mpm-event-2.2.6-8.1mdv2008.0.i586.rpm 0fc46d4eae684b21a9a98a6c876960b3 2008.0/i586/apache-mpm-itk-2.2.6-8.1mdv2008.0.i586.rpm ab00a26cd43e9045e66da620e9678412 2008.0/i586/apache-mpm-prefork-2.2.6-8.1mdv2008.0.i586.rpm 785499e86b70da53c76a7d3321da1b30 2008.0/i586/apache-mpm-worker-2.2.6-8.1mdv2008.0.i586.rpm c1ccaf747ebe4bd71f875f70c969d4e7 2008.0/i586/apache-source-2.2.6-8.1mdv2008.0.i586.rpm 2d535ab37b9a247e827054766219f7e6 2008.0/SRPMS/apache-2.2.6-8.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 56b868f5c7a86b68666af13fe2a5c925 2008.0/x86_64/apache-base-2.2.6-8.1mdv2008.0.x86_64.rpm 16ca885969a1bd9d7f6d4a00a7c33095 2008.0/x86_64/apache-devel-2.2.6-8.1mdv2008.0.x86_64.rpm 76bcdbe509c56ec471ff767f5f7f925f 2008.0/x86_64/apache-htcacheclean-2.2.6-8.1mdv2008.0.x86_64.rpm 36fc978398d6b8f406f0913ecac5576e 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.1mdv2008.0.x86_64.rpm d6644c5729325e3a0f7bda5ffe12523c 2008.0/x86_64/apache-mod_cache-2.2.6-8.1mdv2008.0.x86_64.rpm 98e86f62995310727dc7b7343776c948 2008.0/x86_64/apache-mod_dav-2.2.6-8.1mdv2008.0.x86_64.rpm 7aa7da7cb9fc4f29071535620de42023 2008.0/x86_64/apache-mod_dbd-2.2.6-8.1mdv2008.0.x86_64.rpm 8cb681d914e9619adf261dca86154538 2008.0/x86_64/apache-mod_deflate-2.2.6-8.1mdv2008.0.x86_64.rpm 1ebc35b8050495230d6809f97dd89731 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.1mdv2008.0.x86_64.rpm 7db7d64521dc4253edc59645e79a5e57 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.1mdv2008.0.x86_64.rpm 5624b75d6d1eb311e6332c6a7e10e42f 2008.0/x86_64/apache-mod_ldap-2.2.6-8.1mdv2008.0.x86_64.rpm e7049015c893a5a75d0c4bbc68e18615 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.1mdv2008.0.x86_64.rpm 910e8bcb28e00501ebd39aa9c30e3cad 2008.0/x86_64/apache-mod_proxy-2.2.6-8.1mdv2008.0.x86_64.rpm 2451f7726434398f715bac328422faa8 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.1mdv2008.0.x86_64.rpm c6a102776378eecfbe64f87d2a4f261b 2008.0/x86_64/apache-mod_ssl-2.2.6-8.1mdv2008.0.x86_64.rpm 27a79220cf963ba1dfe6f17d6e66d3f5 2008.0/x86_64/apache-mod_userdir-2.2.6-8.1mdv2008.0.x86_64.rpm e87a2f8d0e8cf23fe0cc3a7a44195f68 2008.0/x86_64/apache-modules-2.2.6-8.1mdv2008.0.x86_64.rpm 6224d03ea5169e71fd588ddff0b95f16 2008.0/x86_64/apache-mpm-event-2.2.6-8.1mdv2008.0.x86_64.rpm e61bcd69bd997a5cddacc2f58dd1f1b9 2008.0/x86_64/apache-mpm-itk-2.2.6-8.1mdv2008.0.x86_64.rpm 304a7257ba0104bb799c3ab6a09cb977 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.1mdv2008.0.x86_64.rpm d19f57238828efc73f24ff69c1dca341 2008.0/x86_64/apache-mpm-worker-2.2.6-8.1mdv2008.0.x86_64.rpm e72351edf865715beac70996ca1ea09b 2008.0/x86_64/apache-source-2.2.6-8.1mdv2008.0.x86_64.rpm 2d535ab37b9a247e827054766219f7e6 2008.0/SRPMS/apache-2.2.6-8.1mdv2008.0.src.rpm Corporate 4.0: 0c36f90139943f6564058fb6c9a0028c corporate/4.0/i586/apache-base-2.2.3-1.3.20060mlcs4.i586.rpm 2c23db7c0c820a6d05cf9e89e10d437b corporate/4.0/i586/apache-devel-2.2.3-1.3.20060mlcs4.i586.rpm 6729c4c238ea40547ca8ad4ad34fac39 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.3.20060mlcs4.i586.rpm 8c6b35f7192abf90e6af6a07c27099d0 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.3.20060mlcs4.i586.rpm 6f3ae30580187b440261747c0f975ec6 corporate/4.0/i586/apache-mod_cache-2.2.3-1.3.20060mlcs4.i586.rpm 56dd118e6e37165e6638baab4e58d08e corporate/4.0/i586/apache-mod_dav-2.2.3-1.3.20060mlcs4.i586.rpm 6e3512489622cf59e0f32458d943f65b corporate/4.0/i586/apache-mod_dbd-2.2.3-1.3.20060mlcs4.i586.rpm 7946432730bdac3ec21ca376f8f8ca12 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.3.20060mlcs4.i586.rpm eeac05dfe0a57512de566f6a2e1e105e corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.3.20060mlcs4.i586.rpm b50af44b3084fcff0bc6cff1ac50023f corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.3.20060mlcs4.i586.rpm a92816a879182cbca50ebace4bb5f193 corporate/4.0/i586/apache-mod_ldap-2.2.3-1.3.20060mlcs4.i586.rpm 2ca6a18de738a817cb346f1eb31bf76a corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.3.20060mlcs4.i586.rpm b984ff19a2458f844f62be84635060d1 corporate/4.0/i586/apache-mod_proxy-2.2.3-1.3.20060mlcs4.i586.rpm b816b9c09345b92da5a0216f5e9db932 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.3.20060mlcs4.i586.rpm 240fb4ea33d91846fc083def26b19465 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.3.20060mlcs4.i586.rpm afcda5d86a48edba71a81a8fda0d0f75 corporate/4.0/i586/apache-mod_userdir-2.2.3-1.3.20060mlcs4.i586.rpm 76705f36eb869b9a1520df0c09a7d1e9 corporate/4.0/i586/apache-modules-2.2.3-1.3.20060mlcs4.i586.rpm eb5bc900fa99aab700c29af7978ca44f corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.3.20060mlcs4.i586.rpm 57a7cb6d3fc97eca6c46685f606a3618 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.3.20060mlcs4.i586.rpm 804752d26fd2db2088cbc73ee9aee8f5 corporate/4.0/i586/apache-source-2.2.3-1.3.20060mlcs4.i586.rpm ece351bfa879df71f200f00d143779b9 corporate/4.0/SRPMS/apache-2.2.3-1.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: 74d411bb422230857a8971a9ce428c0e corporate/4.0/x86_64/apache-base-2.2.3-1.3.20060mlcs4.x86_64.rpm 5ede29fb5e502fdc96dbb4722b69bb26 corporate/4.0/x86_64/apache-devel-2.2.3-1.3.20060mlcs4.x86_64.rpm dcecf6dece1ec0c083f924b8e545b864 corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.3.20060mlcs4.x86_64.rpm b7bf0d94f575d6e1e42296b69e5d056b corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.3.20060mlcs4.x86_64.rpm 6718af7bd108e06d8e6be0046473ce69 corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm fce075627de036b3d71a93ceafa6105e corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.3.20060mlcs4.x86_64.rpm 973a484aed44fd0281c34a0227131400 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.3.20060mlcs4.x86_64.rpm 359ad6bfc294b82d14788ea3f2fb5b1f corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.3.20060mlcs4.x86_64.rpm ce014700683860f81922680ab29d335b corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm b918e9b9eeb06303a8b3f26f63666f74 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm 969c3cf38987f91d576de441e5781b5d corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.3.20060mlcs4.x86_64.rpm e3c4128b336c45e9470e57a1439cead9 corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.3.20060mlcs4.x86_64.rpm e6c07bd0bed38660852db97807e0b3dd corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.3.20060mlcs4.x86_64.rpm d6b2621b48abe4c74ecd5e24e7c3c9f9 corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.3.20060mlcs4.x86_64.rpm 166b443903e18e77afee950f368ae763 corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.3.20060mlcs4.x86_64.rpm bcbd01a168655d57ad7dcbf424b4d91a corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.3.20060mlcs4.x86_64.rpm 3723d163f681e478e677c75a286f352e corporate/4.0/x86_64/apache-modules-2.2.3-1.3.20060mlcs4.x86_64.rpm f17cbd7d765045b30dd43f62efb7cfd3 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.3.20060mlcs4.x86_64.rpm 6e704ce4a8ab0b5817273af16b997ea2 corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.3.20060mlcs4.x86_64.rpm f35f2e3795dba910451ac03ec63f8898 corporate/4.0/x86_64/apache-source-2.2.3-1.3.20060mlcs4.x86_64.rpm ece351bfa879df71f200f00d143779b9 corporate/4.0/SRPMS/apache-2.2.3-1.3.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHjmhKmqjQ0CJFipgRAkyLAJ4jEFMu2rAIE8XH60UDFYapm8fGgwCfaHL0 O/KXRt/gdgAAug5/9/aFGGA= =YkQ1 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . HP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.00.1 or earlier. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01607570 Version: 1 HPSBMA02388 SSRT080059 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Cross Site Scripting (XSS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2008-11-19 Last Updated: 2008-11-19 Potential Security Impact: Remote cross site scripting (XSS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). The vulnerabilities could be exploited remotely to allow cross site scripting (XSS). References: CVE-2007-6388, CVE-2007-5000 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53 running on HP-UX, Linux, and Solaris BACKGROUND CVSS 2.0 Base Metrics =============================================== Reference Base Vector Base Score CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =============================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002. RESOLUTION HP has made patches available to resolve the vulnerabilities. The patches are available from http://itrc.hp.com OV NNM v7.53 =========== Operating_System - HP-UX (IA) Resolved in Patch - PHSS_38148 or subsequent Operating_System - HP-UX (PA) Resolved in Patch - PHSS_38147 or subsequent Operating_System - Linux RedHatAS2.1 Resolved in Patch - LXOV_00085 or subsequent Operating_System - Linux RedHat4AS-x86_64 Resolved in Patch - LXOV_00086 or subsequent Operating_System - Solaris Resolved in Patch - PSOV_03514 or subsequent OV NNM v7.51 =========== Upgrade to NNM v7.53 and install the patches listed above. OV NNM v7.01 =========== Operating_System - HP-UX (PA) Resolved in Patch - PHSS_38761 or subsequent Operating_System - Solaris Resolved in Patch - PSOV_03516 or subsequent MANUAL ACTIONS: Yes - NonUpdate Apply the appropriate file as described in the Resolution. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS (for HP-UX) For HP-UX OV NNM 7.53 HP-UX B.11.31 HP-UX B.11.23 (IA) ============= OVNNMgr.OVNNM-RUN action: install PHSS_38148 or subsequent URL: http://itrc.hp.com HP-UX B.11.23 (PA) HP-UX B.11.11 ============= OVNNMgr.OVNNM-RUN action: install PHSS_38147 or subsequent URL: http://itrc.hp.com For HP-UX OV NNM 7.51 HP-UX B.11.31 HP-UX B.11.23 HP-UX B.11.11 ============= OVNNMgr.OVNNM-RUN action: upgrade NNM v7.51 to NNM v7.53 and apply the appropriate patches For HP-UX OV NNM 7.01 HP-UX B.11.00 HP-UX B.11.11 ============= OVNNMgr.OVNNM-RUN action: install PHSS_38761 or subsequent URL: http://itrc.hp.com END AFFECTED VERSIONS (for HP-UX) HISTORY Version:1 (rev.1) - 19 November 2008 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." \xa9Copyright 2008 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBSSQhVOAfOvwtKn1ZEQIlVQCg4n4fABzC24c9qQ5gz68oPLMVKI0AoMbs A2UIaH3YB7z+o42Tm7Eg7ahn =lskD -----END PGP SIGNATURE-----

Multiple Trend Micro products are prone to a buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, the attacker may also be able to execute arbitrary code, but this has not been confirmed.

SAP MaxDB is prone to an unspecified remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will crash the application. This issue affects MaxDB 7.6.00.37 and 7.4.3.32; other versions may also be affected.

Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. This vulnerability CVE-2006-4190 Is a different vulnerability.By a third party .. Dance Music is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input

Firefly is an open source media server used by Roku SoundBridge and iTunes. There are multiple security vulnerabilities such as information disclosure and denial of service in Firefly: ------------------------------------ -----A] Directory traversal on Windows platform -------------------------------------- --- If you use 3 periods in the HTTP request, you can get the specific file in the parent directory of Firefly's management root folder, that is, the attacker can download all the configuration files of the server or firefly.log and other files. Mt-daapd.conf file. This vulnerability can only be exploited on Windows servers. -----------------------------------B] Windows platform bypasses certification -------- --------------------------- If the server is password protected, an unauthenticated remote attacker can have a \"/\" position before the URI. Use the period (\".\"), backslash (\"\\\"), or blank (GET file.txt HTTP/1.0) to download the files in the management root folder. This vulnerability can only be exploited on Windows servers. ----------------------------------------------C] Copy HTTP Parameter Denial Service --------------------------------------------- Send Two or more HTTP parameters with the same name (such as two Host or User-Agent) can cause the server to terminate. -----------------------------------D] Partial query results in 100% CPU usage ----- ------------------------------ The remote attacker connects to the server and sends the first line of the request (GET/HTTP/1.0) This can cause the server's CPU to reach 100% until it is disconnected from the server. Firefly Media Server is prone to multiple information-disclosure and denial-of-service vulnerabilities because it fails to handle specially crafted HTTP GET requests. Attackers can exploit these issues to access potentially sensitive information, crash the server, or consume excessive resources. Successful exploits could aid in further attacks or deny service to legitimate users

Easy File Sharing Web Server allows visitors to upload/download files via a browser, with FTP and WEB versions. Easy File Sharing Web Server has an input validation vulnerability when processing user requests. Remote attackers may exploit this vulnerability to obtain sensitive information. Easy File Sharing Web Server does not properly filter certain parameters when uploading files, allowing users to upload files to any parent directory through directory traversal attacks; in addition, there is an error in processing file download requests, allowing users to download admin.sdb and user. Any .sdb database file other than sdb; there is an error in processing the username registration request, allowing the user to leak any file content in the user folder by creating an account with the same username and file name

The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwl_get_hw_mode return value without checking for NULL, which might allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors during module initialization. The 'iwlwifi' drive is prone to a NULL-pointer dereference vulnerability because of a flaw in the 'compatible/iwl3945-base.c' file. Attackers can exploit this issue to trigger a kernel panic and cause denial-of-service conditions. Versions prior to iwlwifi 1.1.22 are vulnerable. Wireless WiFi Link is a wireless network card used in many notebooks. There is a loophole in the implementation of the Wireless WiFi Link network card driver, and a remote attacker may use this loophole to make the user's system unavailable. The iwl_set_rate() function of the compatible/iwl3945-base.c file in the iwlwifi driver of the Wireless WiFi Link network card has a null pointer reference vulnerability: static void iwl_set_rate(struct iwl_priv *priv) { const struct ieee80211_hw_mode *hw = NULL; struct ieee80211_rate *rate; int i; (1) hw = iwl_get_hw_mode(priv, priv->phymode); <-- not check ret priv->active_rate = 0; priv->active_rate_basic = 0; IWL_DEBUG_RATE("Setting rates for 802.11%c\n" , hw->mode == MODE_IEEE80211A ? 'a' : ((hw->mode == MODE_IEEE80211B) ? 'b' : 'g')); (2) for (i = 0; i < hw->num_rates; i++) { <-- null deref. (1) does not check the return value of iwl_get_hw_mode, if NULL is returned, it will cause (2) to reference a null pointer. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA29236 VERIFY ADVISORY: http://secunia.com/advisories/29236/ CRITICAL: Less critical IMPACT: Unknown, Security Bypass, DoS WHERE: Local system OPERATING SYSTEM: Red Hat Enterprise Linux Desktop (v. 5 client) http://secunia.com/product/13653/ Red Hat Enterprise Linux (v. 5 server) http://secunia.com/product/13652/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes a security issue and some vulnerabilities, where one has an unknown impact and others can be exploited by malicious, local users to bypass certain security restrictions or cause a DoS (Denial of Service). For more information: SA27842 SA27915 SA28696 SOLUTION: Updated packages are available via Red Hat Network. http://rhn.redhat.com ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2008-0154.html OTHER REFERENCES: SA27842: http://secunia.com/advisories/27842/ SA27915: http://secunia.com/advisories/27915/ SA28696: http://secunia.com/advisories/28696/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459. Cisco 7940型IP电话是一种多功能通讯设备，通过IP网络传递语音信号. Cisco 7940在处理畸形INVITE消息时存在漏洞，远程攻击者可能利用此漏洞导致设备不可用. 如果向Cisco 7940 IP电话发送了一系列SIP INVITE消息的话，就可能导致设备看起来在正常工作而实际上无法接收或发起呼叫，继续发送INVITE消息的话就会导致设备重启. 攻击者所发送的SIP INVITE消息中的Request-URI部分应不包含有用户名，如INVITE sip：XXX.XXX.XXX.XXX SIP/2.0。需要发送6次才能导致设备拒绝服务，如下所示： X ----------------------- INVITE (Call-ID ＃1) -----------------------＞ Cisco 7940 X ＜------------------ 100 Trying (Call-ID ＃1) --------------------- Cisco 7940 .... --------5 New Dialogs like the previous-------- .... X ----------------------- INVITE (Call-ID ＃7) -----------------------＞ Cisco 7940 X ＜------------------ 486 Busy (Call-ID ＃7) --------------------- Cisco 7940 -------- DoS for aproximatly 3 minutes ------ X ＜------------------ 486 Busy (Call-ID ＃1) --------------------- Cisco 7940 X ＜------------------ 486 Busy (Call-ID ＃2) --------------------- Cisco 7940 X ＜------------------ 486 Busy (Call-ID ＃3) --------------------- Cisco 7940 X ＜------------------ 486 Busy (Call-ID ＃4) --------------------- Cisco 7940 X ＜------------------ 486 Busy (Call-ID ＃5) --------------------- Cisco 7940 X ＜------------------ 486 Busy (Call-ID ＃6) --------------------- Cisco 7940. Cisco 7940 SIP phones are prone to a denial-of-service vulnerability because the device fails to handle specially crafted SIP INVITE messages. Exploiting this issue allows remote attackers to cause the device to fail to respond to further call requests and to potentially crash, denying service to legitimate users. This issue affects version P0S3-08-7-00 of Cisco 7940 SIP phones; other versions may also be affected. Cisco 7940 has a loophole when processing malformed INVITE messages. Remote attackers may use this loophole to make the device unavailable. The Request-URI part of the SIP INVITE message sent by the attacker should not contain the user name, such as INVITE sip:XXX.XXX.XXX.XXX SIP/2.0. It needs to be sent 6 times to cause the device to deny service, as follows: X ----------------------- INVITE (Call-ID #1) ---- -------------------> Cisco 7940 X <------------------ 100 Trying (Call-ID #1 ) --------------------- Cisco 7940 ...

Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CiscoWorks is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. CiscoWorks 2.6 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: CiscoWorks Common Services Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA27902 VERIFY ADVISORY: http://secunia.com/advisories/27902/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote SOFTWARE: CiscoWorks Common Services Software 3.x http://secunia.com/product/6330/ DESCRIPTION: Dave Lewis has reported a vulnerability in CiscoWorks Common Services, which can be exploited by malicious people to conduct cross-site scripting attacks. Unspecified input passed to the CiscoWorks Server login page is not properly sanitised before being returned to the user. The vulnerability is reported in CiscoWorks Common Services 3.0.x and 3.1 for both Solaris and Windows systems. SOLUTION: Apply vendor patch (registered customers). http://www.cisco.com/pcgi-bin/tablebuild.pl/cw2000-cd-one PROVIDED AND/OR DISCOVERED BY: Dave Lewis ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml Liquidmatrix: http://www.liquidmatrix.org/blog/2007/12/05/advisory-cross-site-scripting-in-ciscoworks/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unspecified vulnerability in the Sun eXtended System Control Facility (XSCF) Control Package (XCP) firmware before 1050 on SPARC Enterprise M4000, M5000, M8000, and M9000 servers allows remote attackers to cause a denial of service (reboot) via (1) telnet, (2) ssh, or (3) http network traffic that triggers memory exhaustion. (1) telnet Network traffic (2) ssh Network traffic (3) http Network traffic. Sun XSCF Control Package (XCP) firmware for SPARC is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to deny service to legitimate users. Versions prior to XCP 1050 are vulnerable. is an XSCF control software package used in servers such as SPARC Enterprise M4000 by Oracle Corporation of the United States. The following products are affected: Oracle SPARC Enterprise M4000, M5000, M8000, M9000 servers. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. The vulnerabilities are caused due to unspecified errors within telnet, Secure Shell (SSH), and httpd daemons of the firmware, which can be exploited to cause a DoS. SOLUTION: Update to XCP version 1050 or later. http://www.sun.com/download/products.xml?id=46fc425e PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103159-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

HFS HTTP File Server is prone to a vulnerability that lets attackers upload files and place them in arbitrary locations on the server. The issue occurs because the software fails to adequately sanitize user-supplied input. A successful exploit may allow the attacker to upload malicious files and potentially execute them; this may lead to various attacks. This issue affects versions prior to HTTP File Server 2.2b.

Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445. Cisco Security Agent for Microsoft Windows is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data. Remote attackers can exploit this issue to execute arbitrary machine code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions. This issue affects all standalone and managed versions of Cisco Security Agent for Windows. A remote attacker might cause system with CSA installed to restart or BSOD. By sending carefully crafted data an attacker might cause remote code execution, thus gains complete control over the system. By default CSA allows access to TCP ports 139 and 445. After establishing a session to TCP ports 139 and 445, an attacker can complete an exploitation without any authentication simply by sending a single packet. Other Cisco software that uses CSA component is also affected. Workaround ============= * Restrict access to TCP ports 139 and 445. Vendor Status ============== 2007.09.27 Informed the vendor 2007.10.23 Vendor confirmed the vulnerability 2007.12.05 Vendor released a security advisory (cisco-sa-20071205-csa) and related patches. For more details about the Cisco security advisory, please refer to: http://www.cisco.com/warp/public/707/cisco-sa-20071205-csa.shtml Additional Information ======================== The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-5580 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. Candidates may change significantly before they become official CVE entries. Acknowledgment =============== NSFOCUS Security Team DISCLAIMS ========== THE INFORMATION PROVIDED IS RELEASED BY NSFOCUS "AS IS" WITHOUT WARRANTY OF ANY KIND. NSFOCUS DISCLAIMS ALL WARRANTIES, EITHER EXPRESSED OR IMPLIED, EXCEPT FOR THE WARRANTIES OF MERCHANTABILITY. IN NO EVENT SHALL NSFOCUS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF NSFOCUS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. DISTRIBUTION OR REPRODUCTION OF THE INFORMATION IS PROVIDED THAT THE ADVISORY IS NOT MODIFIED IN ANY WAY. Copyright 1999-2007 NSFOCUS. All Rights Reserved. Terms of use. NSFocus Security Team <security@nsfocus.com> NSFOCUS INFORMATION TECHNOLOGY CO.,LTD (http://www.nsfocus.com) . ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. The vulnerability is caused due to a boundary error in an unspecified system driver used by the application and can be exploited to cause a buffer overflow via a specially crafted packet sent to port 139/TCP or 445/TCP. Successful exploitation may allow execution of arbitrary code. Please see the vendor's advisory for a list of Cisco products that include the agent. SOLUTION: Apply updates. http://www.cisco.com/pcgi-bin/tablebuild.pl/csm-app?psrtdcat20e2 PROVIDED AND/OR DISCOVERED BY: The vendor credits NSFocus Security Team. ORIGINAL ADVISORY: Cisco (cisco-sa-20071205-csa): http://www.cisco.com/warp/public/707/cisco-sa-20071205-csa.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request. Kerberos是美国麻省理工学院（MIT）开发的一套网络认证协议，它采用客户端/服务器结构，并且客户端和服务器端均可对对方进行身份认证（即双重验证），可防止窃听、防止replay攻击等。MIT Kerberos 5（又名krb5）是美国麻省理工学院（MIT）开发的一套网络认证协议，它采用客户端/服务器结构，并且客户端和服务器端均可对对方进行身份认证（即双重验证），可防止窃听、防止replay攻击等. Kerberos的实现上存在多个内存破坏漏洞，远程攻击者可能利用这些漏洞导致服务程序崩溃. gssftp的ftpd是Kerberos加密的FTP服务器，可通过Kerberos 5认证。在ftpd.c的reply()函数中存在未初始化的指针： void reply(int n, char *fmt, ...) { ... (1) int length, kerror; ＜---- declared length without initializer if (n) sprintf(in, \"\\%d\\%c\", n, cont_char); else in[0] = \'\'＼0\'\'; strncat(in, buf, sizeof (in) - strlen(in) - 1); ＃ifdef KRB5_KRB4_COMPAT if (strcmp(auth_type, \"KERBEROS_V4\") == 0) { if (clevel == PROT_P) length = krb_mk_priv((unsigned char *)in, (unsigned char *)out, strlen(in), schedule, ＆kdata.session, ＆ctrl_addr, ＆his_addr); else length = krb_mk_safe((unsigned char *)in, (unsigned char *)out, strlen(in), ＆kdata.session, ＆ctrl_addr, ＆his_addr); if (length == -1) { syslog(LOG_ERR, \"krb_mk_\\%s failed for KERBEROS_V4\", clevel == PROT_P ? \"priv\" ： \"safe\"); fputs(in,stdout); } } else ＃endif /* KRB5_KRB4_COMPAT */ ＃ifdef GSSAPI /* reply (based on level) */ if (strcmp(auth_type, \"GSSAPI\") == 0) { gss_buffer_desc in_buf, out_buf; OM_uint32 maj_stat, min_stat; int conf_state; in_buf.value = in; in_buf.length = strlen(in); maj_stat = gss_seal(＆min_stat, gcontext, clevel == PROT_P, /* private */ GSS_C_QOP_DEFAULT, ＆in_buf, ＆conf_state, ＆out_buf); if (maj_stat != GSS_S_COMPLETE) { ＃if 0 /* Don\'\'t setup an infinite loop */ /* generally need to deal */ secure_gss_error(maj_stat, min_stat, (clevel==PROT_P)? \"gss_seal ENC didn\'\'t complete\"： \"gss_seal MIC didn\'\'t complete\"); ＃endif /* 0 */ } else if ((clevel == PROT_P) ＆＆ !conf_state) { ＃if 0 /* Don\'\'t setup an infinite loop */ secure_error(\"GSSAPI didn\'\'t encrypt message\"); ＃endif /* 0 */ } else { memcpy(out, out_buf.value, length=out_buf.length); gss_release_buffer(＆min_stat, ＆out_buf); } } ＃endif /* GSSAPI */ /* Othe. Multiple memory-corruption vulnerabilities with unknown impacts affect MIT Kerberos 5. These issues include a use-after-free vulnerability, an integer-overflow vulnerability, and two double-free vulnerabilities. It adopts a client/server structure, and both the client and the server can authenticate each other (that is, double verification), which can prevent eavesdropping and replay attack, etc. MIT Kerberos 5 (also known as krb5) is a set of network authentication protocols developed by the Massachusetts Institute of Technology (MIT). ), which can prevent eavesdropping, prevent replay attacks, etc. There are multiple memory corruption vulnerabilities in the implementation of Kerberos, and remote attackers may use these vulnerabilities to cause the service program to crash. gssftp's ftpd is a Kerberos-encrypted FTP server that can pass Kerberos 5 authentication. (Only Ubuntu 6.06 LTS was affected.) (CVE-2007-5902, CVE-2007-5971, CVE-2007-5972) Joel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos did not correctly verify certain packet structures. II.DETAILS: ---------- Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Description A uninitialized vulnerability (CVE-2007-5894)in function reply() in ftpd.c. A dereferencing vulnerability(CVE-2007-5901) in gssapi lib in function gss_indicate_mechs(mi norStatus, mechSet) in g_initialize.c and a integer overflow vunerability(CVE-2007-5902) in rpc lib in function svcauth_gss_get_principal in svc_auth_gss.c. A double free vulnerability(CVE-2007-5971) in function gss_krb5int_make_seal_token_v3 in k5sealv3.c and another double free vulnerability(CVE-2007-5972) in function krb5_def_store_mkey in lib/kdb/kdb_default.c. Impact Reading uninitialized variables can result in unpredictable behavior, crashes, or security holes. Dereferencing,integer overflow and double free may cause instability and potentially crash. References ========== [ 1 ] CVE-2007-5894 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894 [ 2 ] CVE-2007-5901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5901 [ 3 ] CVE-2007-5902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5902 [ 4 ] CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 [ 5 ] CVE-2007-5972 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5972 III.CREDIT: ---------- Venustech AD-LAB discovery this vuln. Thank to all Venustech AD-Lab guys. V.DISCLAIMS: ----------- The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Copyright 1996-2007 VENUSTECH. All Rights Reserved. Terms of use. VENUSTECH Security Lab VENUSTECH INFORMATION TECHNOLOGY CO.,LTD(http://www.venustech.com.cn) Security Trusted {Solution} Provider Service _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-924-1 April 07, 2010 krb5 vulnerabilities CVE-2007-5901, CVE-2007-5902, CVE-2007-5971, CVE-2007-5972, CVE-2010-0629 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: krb5-kdc 1.6.dfsg.3~beta1-2ubuntu1.4 libkrb53 1.6.dfsg.3~beta1-2ubuntu1.4 Ubuntu 8.10: krb5-kdc 1.6.dfsg.4~beta1-3ubuntu0.4 Ubuntu 9.04: krb5-kdc 1.6.dfsg.4~beta1-5ubuntu2.3 libkrb53 1.6.dfsg.4~beta1-5ubuntu2.3 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Sol Jerome discovered that the Kerberos kadmind service did not correctly free memory. An unauthenticated remote attacker could send specially crafted traffic to crash the kadmind process, leading to a denial of service. (CVE-2010-0629) It was discovered that Kerberos did not correctly free memory in the GSSAPI library. If a remote attacker were able to manipulate an application using GSSAPI carefully, the service could crash, leading to a denial of service. (Ubuntu 8.10 was not affected.) (CVE-2007-5901, CVE-2007-5971) It was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. If a remote attacker were able to manipulate an application using these libraries carefully, the service could crash, leading to a denial of service. (Only Ubuntu 8.04 LTS was affected.) (CVE-2007-5902, CVE-2007-5972) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.3~beta1-2ubuntu1.4.diff.gz Size/MD5: 1747579 857bc90fe202aacef9aa7ec1915912b0 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.3~beta1-2ubuntu1.4.dsc Size/MD5: 1135 4cacf5667996472a34c29f5db3590a0a http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.3~beta1.orig.tar.gz Size/MD5: 14672599 7a36c3471aa31ffd01d5a020f9d82dff Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.6.dfsg.3~beta1-2ubuntu1.4_all.deb Size/MD5: 2121560 319ec346ce4f7acfcd3f535276b2e7e9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 140892 372ce44cc13bfcea71652553d16ab0f6 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 162164 6b37b079fa1b8fd1d512e8d5a268c6e3 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 1337522 23370d40c101659acb54bd203c263e3d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 89344 02a61de3df97772e9a46ce5f960d392d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 497374 89e647e9beec851c340774d758f6d68c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 88168 6f6c1a76b5fd3f579c26f5438fb04f69 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 230020 ff26ae7c13bedcd6335b36d335357f79 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 65660 6ad8023f8ec936b19046b04c95c948bc http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 186140 af7b0135284c9bffd16a6a03b2c36703 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 64960 abc799e9e887480fc993bdba504af466 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 91866 cfb606d8378283313f5009faa2dec564 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 73208 6ee86c16449e975666de4454ca001fb4 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 131262 a8beec1ae2763a39f4224e6457d79a68 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 146000 ea7aad15118b9e3df627d9e41f641c25 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 1289340 b3f36e7e2fb3fdba00a5af1153c4f407 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 89352 372324ef9477c4a6f3f9bc31ef297a57 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 460514 62959156fab7500c76d9f11ebae51d52 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 81706 fbbc1993212b37307d15fbac473a1568 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 201704 e920981af86ee031bcf12fdf0d58f044 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 60694 c1e8663d26f5090f64350e56967f1b4b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 173246 532692f310673efbd4329d0661811370 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 61726 78e20ba263aad29b73f92ce156ba12a7 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 84298 fe5eceddccc659692e8c95149da13dd9 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 66892 efb07a08a44037d73c7e98525dcbab56 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 131436 e9a07a3d73999fe64e97ec4f15754f00 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 143896 0885dad9ce7cfb900e80f664256ce3c7 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 1318388 8c5fee9fe04a1d4d5cd50e31066c592d http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 89348 f12babd06a10b951388d6618288b081d http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 455898 ceb7713ec70fe69de2e9e675f34162eb http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 82168 603b21fbba3e4092e21e95f7fc79addb http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 200914 066a5fa912c9a64a2a4f4de12326ded2 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 60786 d11c67185932d0b746584e0406294a3e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 172640 2de487fc075709f917b2396a053d8bde http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 61574 394a1d2ee087fb9ed2d8bbdd6b54c1c2 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 84204 1c7cccecf78f77db4073669da9f82ef7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 67206 ce64e680e6c213afea88440bb1d944b6 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 158748 c5daffac1ce8e89ee9002325f63ed078 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 159344 9fb7e6c72d4e07e06e704b127582204a http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 1335326 2e5bf6c9daec4169d467583f70b2652f http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 89362 edd451d9c7efb36480bd396347d33b47 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 482430 c4f6f3ee75b56c4fb436e0a55f008097 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 95278 554caab935dc3d35ed2297dff4b9cd21 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 245012 0a16b0e350544021fd2a3a8879d1372f http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 68806 ea6d4ae9080e63be328418af216cf7fd http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 199412 9063aec6b15eab435032ac249f516a44 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 64060 a367b9c7a4afee60fe4b8e7e98eac1a4 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 100238 e253160984af0fd0f914b453bf604b1d http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 75518 7bfda8e39e560cb747ad8b78ceee7fa8 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 134486 d031b1b700640b4e254e9ba9950c0a9c http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 142010 d0fd459614fb1e4bb411b5ff1220e6a9 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 1213582 cd49f178b2202d58d3eb471a3c791e49 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 89356 8e603c181d789500185720f8e35da971 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 428108 356af6cc775d8bafe2a028c43a33b89c http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 83266 e87d03878c6db3b236edbe0616e1c839 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 211652 121558486b173d309bccbe304b8ec550 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 64092 69c588ea021fc09582f299ec80ce5ebf http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 173032 01fd0f15a60c39f2180c0290b8b4f015 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 58806 e21d86723683a97d0f9812d820b39da7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 87886 eef2eaa5c992cd9849f865c5b88de7aa http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 69614 8f28b615e8a75bb0a6e04da3131c39bb Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1-3ubuntu0.4.diff.gz Size/MD5: 858566 abe6f3bf8714b16dd084cd583b5aa350 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1-3ubuntu0.4.dsc Size/MD5: 1671 e03526558ccf9a954c92a3e257e66351 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1.orig.tar.gz Size/MD5: 11647547 08d6ce311204803acbe878ef0bb23c71 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.6.dfsg.4~beta1-3ubuntu0.4_all.deb Size/MD5: 2148728 a0785e0f46d4268e3906483b821241bb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 146234 7c1e6b679b00982416953a085acb5f39 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 165978 0415c29a760df4dbf38e3b82e93aaf54 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 1474040 289fcb9189903998fe6adb217d111257 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 92554 db275139f0715242c7f339b0005f7f65 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 510612 ad1d674ce1ffc4f39dfc6d75d8c80282 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 92862 99ee34c7a17ce0cb980ba620cbc97e67 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 237266 eb87e828f93d628e7dab9de7a657566d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 68946 43644b68a2aa3219a07dcb85f7a45371 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 107696 5be51db685dc9d9536765a0771e52223 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 196660 e36a1e5bc9fd0b173bbd0fca05b79d0b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 67914 098fd941dbdb7c32ce12f983dbbd6ed9 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 94504 4bbe57034a98573f623870361380055d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 76670 6759a5aad2f5ba13b5b0354dc025aa0c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 136816 71232407545e52025735e7e630496f84 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 150618 e413fd35cb127f765870211bc25a47ec http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 1413034 f1f3fb8a55ee8ba77c9b6aac5ad9aff4 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 92570 98ed6b6053fff58ac3a600f4b51b7cd0 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 472690 7cf30b9521b99808b48879295b579d07 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 86424 76aefeea8bbaecc66933de53158503fe http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 213602 a6d796c92390bc1b9ff794ae4204f974 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 63886 8a7affbe90bd3c31e1bb360f4f93ce90 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 102054 15234247c475c7ac05549b3e0ac04e8a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 183124 34b361091e4883adf77658c04f431edb http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 64676 72cd11a2060ebd4524dfb4345d6ac3b0 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 87766 bd091590f2ebf42a256b00c00ca08704 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 70558 37b76c195ee928457ddb7f859ee19b80 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 136772 173deb07bb07502e6d16adc880d27209 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 148130 beebf3d09c4c0f5b605a1719d87d3f62 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 1443468 4236ad375d51fe23404e21b1979103cf http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 92538 c696e177873d8255183b7cc50576eb48 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 463248 680eff30a2fd36ab52900ad3b7d58192 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 86530 2d5c2d44148bcc30b1fc0862c26bbc88 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 206758 d08cdf41d7ee2bacd847639b5f5b8676 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 63948 c42df041a5ed4079b03fad6d1fd16a5d http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 101826 1bfed64995fab3d278fd7e382be0f207 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 182666 c40bbef2b97460a08eb18a64767c9f8f http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 64188 1421cd4073a447d334eea471a2dd548f http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 86954 b9b8f522b5881cc111124d368dcc0d6f http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 70346 f77d255277ff6ea8964c3992dded5118 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 157076 4501c9b76ba4cd09cce27ef2ce1a74ad http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 161396 9f6134a5f7e29859b46f41fa1f6c23a8 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 1472026 4f1e6fbc7c474bd9ddedce81c307e52f http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 92578 3b7a1d729048d6c66629e03a8230cb8b http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 492848 c791a13ad685af0293c3b8b0397adb25 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 96700 4980c34839066b9866eacb06fb385d23 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 245612 c4f47729971c422bdf47cbc86669999b http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 70360 4904070348252bd4bdd692d85af4249a http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 110768 2c18038848b99c2f90b87a0c8af7a2e5 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 202494 7c9671f7bdb178be8f1bbc8445ab00a9 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 66680 36a33a9765740aa2eab16419017562b0 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 98830 bfafb479fdc24c38cda9ab334c7c059e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 77096 ffc6213bd7623df1b396d14a72d4e830 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 140360 97dcf304de4a27ebac536e0092b7fc1b http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 144848 64545260134ceba4c1fa36bbb5dbb3e7 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 1332818 cfbeb843bc41b29bc39c9f472cc6f388 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 92562 18978f9e7ff1ce581359bffaa3183cae http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 433500 135cfb8e8a08c6086ee81a2401f5caea http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 87970 205855c848f241acd5262a11ca7bbc7a http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 221618 1475ec81f68851111b85bb0bb0ab6fbf http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 67506 5742f0bd5b8775f8aa948f8fda02456b http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 100974 b9c4cb0e343eb63dbda925b29888186d http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 182710 be662df46e52c604f0ef9aee39287bd4 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 60936 d39a4e432ed22e23cc7342986b59cad2 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 91922 62f5f68fe447a9e1367457ba4ac1033e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 72734 e3a771cb836f6fc6b40402befbdfdf20 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1-5ubuntu2.3.diff.gz Size/MD5: 884759 6834e06b9b7420e013639e5f0177dde7 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1-5ubuntu2.3.dsc Size/MD5: 1671 2df8fc05d522a39465b516106eb1c720 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1.orig.tar.gz Size/MD5: 11647547 08d6ce311204803acbe878ef0bb23c71 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.6.dfsg.4~beta1-5ubuntu2.3_all.deb Size/MD5: 2149012 143718b601a3a99b8ebd05937ecaed25 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 146656 2d86ade2be3e079d940e8919217802e7 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 166316 faec7da08e9aa386f72e349c7408bf10 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 1479408 de4a5e28107e556683c959c1a0cfa819 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 93046 a88830b71b66d9071ecf9e43422c1d3e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 512336 6623911d29c86d0da61a57ac3f5443fa http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 93766 c1fe58d664c3021eb0f3b39a21f292f6 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 237514 15434edb948a81df6827c54e7cfc493a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 69208 f38a09c9ce73b663053b0c16e562d53e http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 108010 397c0979124621bde63b49d55df1951b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 198894 971764b78a61757018f675faaf8d13c2 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 68258 7abb3d320bbaac22e6d91c8ddf808ced http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 94832 c3b98b57230bdd7b7f6ebb83418b398f http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 76946 85b0519be431be8228d1b8930ca82032 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 137258 6722093f41aea33c126c60594e91aa89 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 150922 b01712adff6c2dd19bbb578691b55a82 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 1417102 87153ec02650a379e068d91412027243 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 93044 d29e99de8b3cd37a2f66411cb62f69e6 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 473744 d7f752135e4a924139b89e5873901aa1 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 87338 441b4cbdfcf76a714c81f88fc78d45f0 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 213942 12b948c395cf70a2fea94cc8fc195228 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 64306 bab53b895c90f98f7964e66768e8e020 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 102364 0892484a20867e24c567a57fa9bdabbe http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 185436 c7716a56e5e00c6b34c37d619c3e2fd3 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 65034 673f5afa510e0b6c9718ca2b0b1d8634 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 88118 4d16b24b0c8de073394fcd16efbd471b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 70886 7c57638b2967e79f0b35ed27baca2c5c lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 137092 88eac351aa4c04cabeb5004ba0488a89 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 148518 5c4bcb387e8ceae4642e955c9073b936 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 1448176 04dc34d8d656fdd5cabfd522a2862fcb http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 93040 696bfd471bba2b1f3cb7d5c0538068d0 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 464142 11481d506c939a4595c5d235768692e5 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 87422 41b6c7fb1aed7ddfd0732af69c393ee5 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 207106 86e5df0b876d7a0fc53ff75dffcced9e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 64392 783c9e473eb37ca0368c9a52aa92d343 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 102218 548d6f447c103522fa6616dbea42e75a http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 184990 325f5322d631683068bc6ddc6af35940 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 64550 b6b3f9ad2c07f8f7597c484fc14315be http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 87292 bcdb18ceb438927ab77150be9c4176f9 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 70680 eb8483a9164d278a76774413d9660ddb powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 157362 3603a529157befb84af0edad2c3bb7dc http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 161722 7ba5b2cd8023ffb44230d435aad75f4c http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 1476674 1db714f8b53e25bdc2301cdfa99551bf http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 93054 82c6e84e63e5c5a561dfc55a5bbee018 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 494652 9251f6d55d90fbf9bb28ee930cef7aed http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 97626 05a2eef51dafed34f8689bde6d025d51 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 245924 2e85a1edc5ea735861525a91a37bcca6 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 70818 aa62de270b7d513cd8bd5831c63e4d20 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 111146 d4464357b86e371914cc23251c2c1780 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 204756 dd5364842f6604199e2d7698334771ff http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 67072 5144031c10eebd19c85b9bed8186b5a7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 99180 54eca3303b1097ee902e2ef84f0220e7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 77438 a18355513e1155b4dc997881878ce816 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 140558 5c0e1c57333b16f654ed94502e54d354 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 145012 bc16c76d7e202efb7f392185f9a34ecf http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 1337686 00ce5bdd2e53fd6059205375458ba917 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 93054 29490c704727e89faf1079f1b517606e http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 434466 9047f19cc6730c592a0f9ac99abd31e4 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 88702 55bf696f05f0d9b72b630d35422ed905 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 221790 bf2fb8e80cf389bee1a7b9edbcacb3d0 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 67822 4c2219ff77a59d8bcc8c78fb07e5b0e7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 101378 d7720e20362e7870e6d205a924b7e486 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 184808 7d8827058a213b3216c16cfe15d26bf1 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 61274 1b5b021b7e019641010877555e99058d http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 92206 8baa9bba468967c26e6a2c87ffa8dfbb http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 73024 607a1edca12d6130393158fc82b86b28

Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. Vulnerabilities in the MIT Kerberos libgssrpc library may allow an attacker to cause a denial of service or potentially execute arbitrary code. Kerberos是美国麻省理工学院（MIT）开发的一套网络认证协议，它采用客户端/服务器结构，并且客户端和服务器端均可对对方进行身份认证（即双重验证），可防止窃听、防止replay攻击等。MIT Kerberos 5（又名krb5）是美国麻省理工学院（MIT）开发的一套网络认证协议，它采用客户端/服务器结构，并且客户端和服务器端均可对对方进行身份认证（即双重验证），可防止窃听、防止replay攻击等. Kerberos的实现上存在多个内存破坏漏洞，远程攻击者可能利用这些漏洞导致服务程序崩溃. gssftp的ftpd是Kerberos加密的FTP服务器，可通过Kerberos 5认证。在ftpd.c的reply()函数中存在未初始化的指针： void reply(int n, char *fmt, ...) { ... (1) int length, kerror; ＜---- declared length without initializer if (n) sprintf(in, \"\\%d\\%c\", n, cont_char); else in[0] = \'\'＼0\'\'; strncat(in, buf, sizeof (in) - strlen(in) - 1); ＃ifdef KRB5_KRB4_COMPAT if (strcmp(auth_type, \"KERBEROS_V4\") == 0) { if (clevel == PROT_P) length = krb_mk_priv((unsigned char *)in, (unsigned char *)out, strlen(in), schedule, ＆kdata.session, ＆ctrl_addr, ＆his_addr); else length = krb_mk_safe((unsigned char *)in, (unsigned char *)out, strlen(in), ＆kdata.session, ＆ctrl_addr, ＆his_addr); if (length == -1) { syslog(LOG_ERR, \"krb_mk_\\%s failed for KERBEROS_V4\", clevel == PROT_P ? \"priv\" ： \"safe\"); fputs(in,stdout); } } else ＃endif /* KRB5_KRB4_COMPAT */ ＃ifdef GSSAPI /* reply (based on level) */ if (strcmp(auth_type, \"GSSAPI\") == 0) { gss_buffer_desc in_buf, out_buf; OM_uint32 maj_stat, min_stat; int conf_state; in_buf.value = in; in_buf.length = strlen(in); maj_stat = gss_seal(＆min_stat, gcontext, clevel == PROT_P, /* private */ GSS_C_QOP_DEFAULT, ＆in_buf, ＆conf_state, ＆out_buf); if (maj_stat != GSS_S_COMPLETE) { ＃if 0 /* Don\'\'t setup an infinite loop */ /* generally need to deal */ secure_gss_error(maj_stat, min_stat, (clevel==PROT_P)? \"gss_seal ENC didn\'\'t complete\"： \"gss_seal MIC didn\'\'t complete\"); ＃endif /* 0 */ } else if ((clevel == PROT_P) ＆＆ !conf_state) { ＃if 0 /* Don\'\'t setup an infinite loop */ secure_error(\"GSSAPI didn\'\'t encrypt message\"); ＃endif /* 0 */ } else { memcpy(out, out_buf.value, length=out_buf.length); gss_release_buffer(＆min_stat, ＆out_buf); } } ＃endif /* GSSAPI */ /* Othe. These issues include a use-after-free vulnerability, an integer-overflow vulnerability, and two double-free vulnerabilities. It adopts a client/server structure, and both the client and the server can authenticate each other (that is, double verification), which can prevent eavesdropping and replay attack, etc. ), which can prevent eavesdropping, prevent replay attacks, etc. gssftp's ftpd is a Kerberos-encrypted FTP server that can pass Kerberos 5 authentication. A flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4 protocol packets. This issue only affects krb5kdc when it has Kerberos v4 protocol compatibility enabled, which is a compiled-in default in all Kerberos versions that Mandriva Linux ships prior to Mandriva Linux 2008.0. The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 64c3f5c31177dcacc99b021ec6ed1271 2007.1/i586/ftp-client-krb5-1.5.2-6.6mdv2007.1.i586.rpm 11b4194bc9edba8c0951e44660ba9955 2007.1/i586/ftp-server-krb5-1.5.2-6.6mdv2007.1.i586.rpm 23794e6e0cb1d46a329c42a04f672c5f 2007.1/i586/krb5-server-1.5.2-6.6mdv2007.1.i586.rpm 0fbb29bd81c8452d937d30fbbda62242 2007.1/i586/krb5-workstation-1.5.2-6.6mdv2007.1.i586.rpm 8f4eea60bf4ea3bfc776f1c117ceb26d 2007.1/i586/libkrb53-1.5.2-6.6mdv2007.1.i586.rpm fd5b1da0a056d995011d2b1a692e4292 2007.1/i586/libkrb53-devel-1.5.2-6.6mdv2007.1.i586.rpm ca79ccbe3f286b9069f0ae028d9816f7 2007.1/i586/telnet-client-krb5-1.5.2-6.6mdv2007.1.i586.rpm 8a7c84f1fe1bbb5338723f28d12a9f21 2007.1/i586/telnet-server-krb5-1.5.2-6.6mdv2007.1.i586.rpm 22830790ad7715479b7d4fbecc6c1e7f 2007.1/SRPMS/krb5-1.5.2-6.6mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: fc02060b7c1da08c33952e6c14fb5627 2007.1/x86_64/ftp-client-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 513fca34bdd1f2a5643a8e6adeb62e0e 2007.1/x86_64/ftp-server-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 4f42d639753a885212e6d62bfe84a121 2007.1/x86_64/krb5-server-1.5.2-6.6mdv2007.1.x86_64.rpm 6b2ca028321fb08199be20a4aedef4a0 2007.1/x86_64/krb5-workstation-1.5.2-6.6mdv2007.1.x86_64.rpm 4d453dc2a579e74e29dfc052197fedc1 2007.1/x86_64/lib64krb53-1.5.2-6.6mdv2007.1.x86_64.rpm b22d9f1b515df1a5270d2d4c373b7dd3 2007.1/x86_64/lib64krb53-devel-1.5.2-6.6mdv2007.1.x86_64.rpm 21b245649de9e38e43782bd1a18922a7 2007.1/x86_64/telnet-client-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 1322374ab1c15b5c1392ee4ae5f915e7 2007.1/x86_64/telnet-server-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 22830790ad7715479b7d4fbecc6c1e7f 2007.1/SRPMS/krb5-1.5.2-6.6mdv2007.1.src.rpm Mandriva Linux 2008.0: 3ee5a309927b830bf8559a872161384b 2008.0/i586/ftp-client-krb5-1.6.2-7.1mdv2008.0.i586.rpm 1835baa43ab27aac2493dc7821bafa8a 2008.0/i586/ftp-server-krb5-1.6.2-7.1mdv2008.0.i586.rpm 5e8369c201ac4678a7bc46590107e45f 2008.0/i586/krb5-1.6.2-7.1mdv2008.0.i586.rpm 94277e76faf2b75553c2e6250e428a43 2008.0/i586/krb5-server-1.6.2-7.1mdv2008.0.i586.rpm 695d5b85347b906401433fa55177be1a 2008.0/i586/krb5-workstation-1.6.2-7.1mdv2008.0.i586.rpm 4696cbae0ce644c265b74ff4ce59a865 2008.0/i586/libkrb53-1.6.2-7.1mdv2008.0.i586.rpm cc8122a1c6a3449fc41d3022bbdffeb2 2008.0/i586/libkrb53-devel-1.6.2-7.1mdv2008.0.i586.rpm d5e75835b35e81a3f7d038e501dabd1c 2008.0/i586/telnet-client-krb5-1.6.2-7.1mdv2008.0.i586.rpm 072b5ba782fbd1659ed8bde15bd11b5a 2008.0/i586/telnet-server-krb5-1.6.2-7.1mdv2008.0.i586.rpm cfd133fde8cc72b038ea61dc94405701 2008.0/SRPMS/krb5-1.6.2-7.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 7a8c1c390b1d1a0b2a8fe28e8fb6a458 2008.0/x86_64/ftp-client-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm 9b312bd49bd858d00d00ec299866a275 2008.0/x86_64/ftp-server-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm 19f7d0590227c4cc636ee5528db8027a 2008.0/x86_64/krb5-1.6.2-7.1mdv2008.0.x86_64.rpm 6a84bc19cb8e32f7331ce4c1ed36dc9d 2008.0/x86_64/krb5-server-1.6.2-7.1mdv2008.0.x86_64.rpm dabaf97b9b36316dc2b69e9edc953793 2008.0/x86_64/krb5-workstation-1.6.2-7.1mdv2008.0.x86_64.rpm 2810bbed78b7480ff48b021a798cb5a1 2008.0/x86_64/lib64krb53-1.6.2-7.1mdv2008.0.x86_64.rpm 734b018e6b05204767d07a7d53ef2c3c 2008.0/x86_64/lib64krb53-devel-1.6.2-7.1mdv2008.0.x86_64.rpm 787fb5ea70eff84b91eea5d68c1e956d 2008.0/x86_64/telnet-client-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm d6224c005bc7c818c117e3fc61643840 2008.0/x86_64/telnet-server-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm cfd133fde8cc72b038ea61dc94405701 2008.0/SRPMS/krb5-1.6.2-7.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFH4WG/mqjQ0CJFipgRAom/AKDt3NL//QdT6Aw4zm4Ok/TlQjpNLQCeJ2qJ Hsy0RD3h2ilxoUTodKz7J5k= =y37y -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. I. II. III. Solution Install updates from your vendor Check with your vendors for patches or updates. For information about a vendor, please see the systems affected section in vulnerability notes VU#895609 and VU#374121 or contact your vendor directly. Administrators who compile MIT Kerberos from source should refer to MIT Security Advisory 2008-002 for more information. IV. References * US-CERT Vulnerability Note VU#895609 - <http://www.kb.cert.org/vuls/id/895609> * US-CERT Vulnerability Note VU#374121 - <http://www.kb.cert.org/vuls/id/374121> * MIT krb5 Security Advisory 2008-002 - <http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt2> _________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA08-079B.html> _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA08-079B Feedback VU#895609" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. _________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History March 19, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR+E+pPRFkHkM87XOAQK1jwf/ZDEomMLCZvsmN7KVXa0Il5PqXlfRvG2Y jdWPUCi92qmgvm8LdqoNgAUxnUGYzCHLQzw8ebmnz37AMigDNsYIzFHStgnoJDVi iK6UGC6gHLnGJFuG+otEC9jZaVeIiUbKddB2+vzvmDWLnvIsyxzmHf6lJe0IrZlH ho/cCgpfRctgZHM5Ke+pPPqMjZZ7u0OUQnM7MIcSsZbKxw8x2CyUpaSiheMDhf8p 8JGyx+nkyvZoja6Ee4WCRq3xtVaUlp/sg8IZYY5nav2VuSh15rJXLJCWDBXUU+oV aAXPa2JEx5Cn3S0CFz8SIJ4NoLUp09usVMFyeNd57FMBKRjTAC/DBw== =4wkz -----END PGP SIGNATURE----- . Background ========== MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. kadmind is the MIT Kerberos 5 administration daemon, KDC is the Key Distribution Center. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-crypt/mit-krb5 < 1.6.3-r1 >= 1.6.3-r1 Description =========== * Two vulnerabilities were found in the Kerberos 4 support in KDC: A global variable is not set for some incoming message types, leading to a NULL pointer dereference or a double free() (CVE-2008-0062) and unused portions of a buffer are not properly cleared when generating an error message, which results in stack content being contained in a reply (CVE-2008-0063). * Jeff Altman (Secure Endpoints) discovered a buffer overflow in the RPC library server code, used in the kadmin server, caused when too many file descriptors are opened (CVE-2008-0947). These bugs can only be triggered when Kerberos 4 support is enabled. This bug can only be triggered in configurations that allow large numbers of open file descriptors in a process. Workaround ========== Kerberos 4 support can be disabled via disabling the "krb4" USE flag and recompiling the ebuild, or setting "v4_mode=none" in the [kdcdefaults] section of /etc/krb5/kdc.conf. This will only work around the KDC related vulnerabilities. Resolution ========== All MIT Kerberos 5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.6.3-r1" References ========== [ 1 ] CVE-2007-5901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894 [ 2 ] CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 [ 3 ] CVE-2008-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062 [ 4 ] CVE-2008-0063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063 [ 5 ] CVE-2008-0947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-31.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-940-1 May 19, 2010 krb5 vulnerabilities CVE-2007-5902, CVE-2007-5971, CVE-2007-5972, CVE-2010-1320, CVE-2010-1321 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: krb5-kdc 1.4.3-5ubuntu0.11 libkrb53 1.4.3-5ubuntu0.11 Ubuntu 8.04 LTS: krb5-admin-server 1.6.dfsg.3~beta1-2ubuntu1.5 krb5-kdc 1.6.dfsg.3~beta1-2ubuntu1.5 Ubuntu 9.04: krb5-admin-server 1.6.dfsg.4~beta1-5ubuntu2.4 krb5-kdc 1.6.dfsg.4~beta1-5ubuntu2.4 Ubuntu 9.10: krb5-admin-server 1.7dfsg~beta3-1ubuntu0.6 krb5-kdc 1.7dfsg~beta3-1ubuntu0.6 In general, a standard system update will make all the necessary changes. Details follow: It was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. (Only Ubuntu 6.06 LTS was affected.) (CVE-2007-5902, CVE-2007-5971, CVE-2007-5972) Joel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos did not correctly verify certain packet structures. (CVE-2010-1320, CVE-2010-1321) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-5ubuntu0.11.diff.gz Size/MD5: 1472862 20f01fce851894106b24b62c9a572d9a http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3-5ubuntu0.11.dsc Size/MD5: 897 5ef34f5b218cdb9e1363d29a34eb9750 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.4.3.orig.tar.gz Size/MD5: 7279788 43fe621ecb849a83ee014dfb856c54af Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.4.3-5ubuntu0.11_all.deb Size/MD5: 853496 8360bed1ec4b949ab591ad2c88a31fa8 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.11_amd64.deb Size/MD5: 191164 a34d718a7e8633d185d4861912d7c7e9 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.11_amd64.deb Size/MD5: 769090 82f1ba4cf00b94567f7e3392aee19050 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.11_amd64.deb Size/MD5: 425980 2625eb8e283cf3d89f6523e5f33f6d8d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.11_amd64.deb Size/MD5: 80648 cab9bc1928601edb735840b06b5c74a7 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.11_amd64.deb Size/MD5: 223478 2b3a1dfe1ad7b9308f20181ecc68d212 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.11_amd64.deb Size/MD5: 60632 fa7c15e41bcbcd52c5a5c7489cd67738 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.11_amd64.deb Size/MD5: 135446 658e37a342701a49e64b27040b5328f0 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.11_amd64.deb Size/MD5: 85524 e4eed973999603da716645d585c0198f http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.11_amd64.deb Size/MD5: 67858 0f1d1e21fde571ee797c6efb530dc73a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.11_amd64.deb Size/MD5: 130160 093491677c6ebfb9a96ce87576cf9487 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.11_i386.deb Size/MD5: 166008 d29aa6527404cd0d3fbfdd5d6e246763 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.11_i386.deb Size/MD5: 647856 bfc8faafab0d2787ee1f0fcb015d9951 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.11_i386.deb Size/MD5: 381506 a984d7f0a42fa13016d8760708b4d1fc http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.11_i386.deb Size/MD5: 72618 78ab89550588df424162c2cc79c832e3 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.11_i386.deb Size/MD5: 187482 26856d8b278b31ad122ba4c9aaf07289 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.11_i386.deb Size/MD5: 54586 33562435a60c523c7e4cab24b60007fc http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.11_i386.deb Size/MD5: 121812 98c324450604c8e2b6b8d385daa030c3 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.11_i386.deb Size/MD5: 76172 475a41306e31cfc5f51b5fda0f1feaee http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.11_i386.deb Size/MD5: 58976 c14418e37b3fda05573c9c990879b10b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.11_i386.deb Size/MD5: 119320 1be0a92cc8a09ee735541e1bd8a8f883 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.11_powerpc.deb Size/MD5: 178002 aeeac121e378485fe4b9d7efea60379b http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.11_powerpc.deb Size/MD5: 752300 586a6e26e235048c42dcff3c3a987961 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.11_powerpc.deb Size/MD5: 396284 db73a6baa2d2722b5bfb02b5c70469fe http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.11_powerpc.deb Size/MD5: 80792 ceac12f9e7bfb4353523402a532e2cd7 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.11_powerpc.deb Size/MD5: 220842 fcfa7fc5e6969d8c5d149aa719dca025 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.11_powerpc.deb Size/MD5: 59832 4b7de8f01149de5fc94b66729fab87d5 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.11_powerpc.deb Size/MD5: 136244 aaf60d69eaa8a823df917064032b2049 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.11_powerpc.deb Size/MD5: 85380 aad4579b401d1b64b3cac26ca2b85c57 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.11_powerpc.deb Size/MD5: 66256 c508048aa0f3cab11dd822c4a6fb6c1a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.11_powerpc.deb Size/MD5: 135254 15ed32094ebbb9464579d1cdad84245b sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.4.3-5ubuntu0.11_sparc.deb Size/MD5: 165536 40e132eafb5da687d8f9c624664a8cad http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.4.3-5ubuntu0.11_sparc.deb Size/MD5: 678892 4160830ebc69172752bff2aa028a666a http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.4.3-5ubuntu0.11_sparc.deb Size/MD5: 369136 cefbe50a8ea1a6c298e5162241e88a65 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.4.3-5ubuntu0.11_sparc.deb Size/MD5: 73330 c4ef4cafe01fcaa3e4d09e3d422ff826 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.4.3-5ubuntu0.11_sparc.deb Size/MD5: 197676 54845fd28ae6d10b6fc0ff63aa09b60d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.4.3-5ubuntu0.11_sparc.deb Size/MD5: 56560 1be449e95872993cf7244de84f073bfd http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.4.3-5ubuntu0.11_sparc.deb Size/MD5: 124576 85940d514c69c613da3dccbc09131df2 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.4.3-5ubuntu0.11_sparc.deb Size/MD5: 77180 378d26df9b6ac333882c0900ed136ae3 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.4.3-5ubuntu0.11_sparc.deb Size/MD5: 62612 375df5b2ed2ee8187860322a528ea29d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-user_1.4.3-5ubuntu0.11_sparc.deb Size/MD5: 120868 4319c166dfd1b31ae31fa328b4a4411c Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.3~beta1-2ubuntu1.5.diff.gz Size/MD5: 1747831 489157b850fa07456b7613befd3e759a http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.3~beta1-2ubuntu1.5.dsc Size/MD5: 1135 b16f8441c92606e8c3804a3930c2833d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.3~beta1.orig.tar.gz Size/MD5: 14672599 7a36c3471aa31ffd01d5a020f9d82dff Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.6.dfsg.3~beta1-2ubuntu1.5_all.deb Size/MD5: 2121570 0d3193ae097b02e5a77ad87058a86168 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.5_amd64.deb Size/MD5: 140932 863dfd03b07f2e364cc670e864e0b8f6 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.5_amd64.deb Size/MD5: 162184 78af95d0c06d2f8f98877f10a1060aac http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.5_amd64.deb Size/MD5: 1337662 160c59401db541861bc7486707d9fb8e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.5_amd64.deb Size/MD5: 89356 f5ce688386f533148d285358b2d0f94e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.5_amd64.deb Size/MD5: 497420 7a7c509be8794e3b9a1243566e4d06c6 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.5_amd64.deb Size/MD5: 88194 eeb393933f848f1235fc60e8f11b266f http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.5_amd64.deb Size/MD5: 230062 e5fd161951d28baf2fe24b82f5648404 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.5_amd64.deb Size/MD5: 65680 79255626255e30c787e350577ae9004a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.5_amd64.deb Size/MD5: 186156 b639e3466735d88d44d307510c111a8c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.5_amd64.deb Size/MD5: 64990 67d6b6770ae7e1d6dde387bc81a152fb http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.5_amd64.deb Size/MD5: 91888 f6975551a54b239e30ca678b6921995a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.5_amd64.deb Size/MD5: 73244 0c47484eb042454f4c74d44e2af4c5fd i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.5_i386.deb Size/MD5: 131298 5f1988740369964c2c115f2de67509d6 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.5_i386.deb Size/MD5: 146018 ef43ccb5e756c8c410c7561c47e02455 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.5_i386.deb Size/MD5: 1289352 ce771e623d6a7609e904fb36fcb75c05 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.5_i386.deb Size/MD5: 89374 11f100236feeb3f6bee77fe31f031a7f http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.5_i386.deb Size/MD5: 460540 b6ee55e3658c7f134ed01f93e53d3988 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.5_i386.deb Size/MD5: 81752 e0eabfdf9e57257bbf3143c1c38c1ae4 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.5_i386.deb Size/MD5: 201756 24a4e88411874ccb5cd9d27f83c9f1e5 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.5_i386.deb Size/MD5: 60726 a16a11e945d15862dd416bd9ac69986a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.5_i386.deb Size/MD5: 173274 2844599d749aa992977bd30442dd65a6 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.5_i386.deb Size/MD5: 61764 092b92f7d7b2e457265333543ab2affd http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.5_i386.deb Size/MD5: 84336 de65b87f9b10ab3cfca546e604f90c93 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.5_i386.deb Size/MD5: 66930 eec249845089cac098189bf92dbe18ac lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.5_lpia.deb Size/MD5: 131452 3f65626a5250dafa58107c1600da5e5b http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.5_lpia.deb Size/MD5: 143924 aedefd842ae26a0eecf911d57f57ff74 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.5_lpia.deb Size/MD5: 1318430 39ab8720ef9497ead81e361e0fbd094a http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.5_lpia.deb Size/MD5: 89360 f25df603fd594c59cc7ae4c25f353511 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.5_lpia.deb Size/MD5: 455950 ea259f44df9bb2538e2ba2f60ecd4087 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.5_lpia.deb Size/MD5: 82216 c5c9e1290301108fe9a8d2dabec02338 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.5_lpia.deb Size/MD5: 200942 d851636e65c034ba77e76b2abfa929fa http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.5_lpia.deb Size/MD5: 60818 6c157534b0a632ca8f3045e0d5c2d909 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.5_lpia.deb Size/MD5: 172674 4f9549b2bcaf87ae00dfc54a9bf3ba3e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.5_lpia.deb Size/MD5: 61604 906a4227d276ffb6f4f2f9b9ca1e3c6b http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.5_lpia.deb Size/MD5: 84240 21a7925da5f8da57bb0a087605e5f18e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.5_lpia.deb Size/MD5: 67236 8efffed4f025eb2a204a15a2b604cd64 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.5_powerpc.deb Size/MD5: 158798 e295d6a6219dc793c758e803c0637061 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.5_powerpc.deb Size/MD5: 159392 f56793dd93546b9a6cdbbc28f6cb7624 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.5_powerpc.deb Size/MD5: 1335422 5ec8df0b2361569dc46f857611c7f5ed http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.5_powerpc.deb Size/MD5: 89386 1820c524f836083f81b4a9e5e99c4aee http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.5_powerpc.deb Size/MD5: 482498 7e47f49f7c0fe0c38ecfd5e81b82e873 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.5_powerpc.deb Size/MD5: 95336 78cb395797fb606747986e93fefa2d93 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.5_powerpc.deb Size/MD5: 245072 deb630843e1a5917d5ebd7c2d0464b55 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.5_powerpc.deb Size/MD5: 68832 e2ad81e0b3e7ee27a51837212d107984 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.5_powerpc.deb Size/MD5: 199432 92b7f18b5447b675277b970c9b33b60a http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.5_powerpc.deb Size/MD5: 64102 47589bdfc35c735f61078db869de3817 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.5_powerpc.deb Size/MD5: 100274 b0a0407a8b8113a6e2829f8d00101886 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.5_powerpc.deb Size/MD5: 75552 9ac5787225726589a5bd2884d3cc6303 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.5_sparc.deb Size/MD5: 134510 e93bf9c822bf121614592870ea001dad http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.5_sparc.deb Size/MD5: 142042 bdcac290983cb3c00667b5298b3166d5 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.5_sparc.deb Size/MD5: 1213630 a5e7654e4bcef363314e816f36cddf52 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.5_sparc.deb Size/MD5: 89374 fca68e23d1b93e71f511de8c6670a8d5 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.5_sparc.deb Size/MD5: 428140 7e39b6d2c6e53c9cb0375d9d0a6b11ac http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.5_sparc.deb Size/MD5: 83304 ead08ce3543b38cc5bebf09cdc52a095 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.5_sparc.deb Size/MD5: 211660 52c6d111252996dd60ac251805d971da http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.5_sparc.deb Size/MD5: 64124 b57cee07684ac0f601655867d00ca7b7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.5_sparc.deb Size/MD5: 173084 f770ddbd519481bacb9c6b5940331a80 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.5_sparc.deb Size/MD5: 58846 37ce1d7cde077019c4aa01374e24722b http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.5_sparc.deb Size/MD5: 87904 e9beb8d01a8a540c76194a44b6992d96 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.5_sparc.deb Size/MD5: 69646 6726d549694ff05aa1d352d772c37db4 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1-5ubuntu2.4.diff.gz Size/MD5: 885113 4b45f74a385627f2811965a2c4112bc3 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1-5ubuntu2.4.dsc Size/MD5: 1671 5ed5d8ab268ceecebafc0071fd7dfc4f http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1.orig.tar.gz Size/MD5: 11647547 08d6ce311204803acbe878ef0bb23c71 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.6.dfsg.4~beta1-5ubuntu2.4_all.deb Size/MD5: 2149040 b1099dfb994ec2d5a107ec04118aadf7 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.4_amd64.deb Size/MD5: 146674 e008db641b273e46633a58f14e0b94e0 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.4_amd64.deb Size/MD5: 166340 50429a2e6223866a693c093dd487ba8e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.4_amd64.deb Size/MD5: 1479396 e87612793214a18a3b9f224f24ebe254 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.4_amd64.deb Size/MD5: 93066 4dee507c216a1fc02d5622f7c5f85717 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.4_amd64.deb Size/MD5: 512396 e617c55e6131e0e76db0d6ac81b7e8a5 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.4_amd64.deb Size/MD5: 93804 6adcd6ab14740d7d7f5fbde57c6d308f http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.4_amd64.deb Size/MD5: 237542 11093b18e78f80aece53b5fdbb642754 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.4_amd64.deb Size/MD5: 69234 5ffa00dc608dfc5c737901c976345e31 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.4_amd64.deb Size/MD5: 108040 dd90024d2285467466856a869540985a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.4_amd64.deb Size/MD5: 198894 215f91c6a314658b95221143d394b4aa http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.4_amd64.deb Size/MD5: 68282 b626cbf76e21b0b303db7c22cb878a0b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.4_amd64.deb Size/MD5: 94850 42c0a8e01ca89bfc6670c984ce73686b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.4_amd64.deb Size/MD5: 76962 a339030f3ed689e7d55334cc148320a6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.4_i386.deb Size/MD5: 137260 cb337230589a5734e98e103115b21068 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.4_i386.deb Size/MD5: 150950 dc42613a94e700ac88897b3c7cffb99e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.4_i386.deb Size/MD5: 1417136 841e2b9f0783602cbc16cc57442f5e79 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.4_i386.deb Size/MD5: 93068 2fa453457d4fe2368c43691e1967f989 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.4_i386.deb Size/MD5: 473800 017d53eb0246e9d00f2e48ada6fa04ad http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.4_i386.deb Size/MD5: 87358 a69373317e2e4686e97aaaaa86408c61 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.4_i386.deb Size/MD5: 213970 9d5e84542b1e9b1018cdc483fe949763 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.4_i386.deb Size/MD5: 64336 f750752a51ad65861758c9c30415c415 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.4_i386.deb Size/MD5: 102396 a17d94240ffc3600c1470faa8069f721 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.4_i386.deb Size/MD5: 185474 492d93c3b16a0cb1ca82fcd6558d5677 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.4_i386.deb Size/MD5: 65066 371094e588e040d0ad60d55a62d5f5e7 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.4_i386.deb Size/MD5: 88148 27b92343c2a7fae683d93ac4ea24b7ca http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.4_i386.deb Size/MD5: 70902 0190f423d09d5afbb99ab899011d67ad lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.4_lpia.deb Size/MD5: 137116 a7ce321764e08bb2e4f543fd6ef4ff82 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.4_lpia.deb Size/MD5: 148530 08c9acd249f893223cf50cadcaf53bfe http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.4_lpia.deb Size/MD5: 1448280 d8ded3688645da6dea3c56e41fcfd34e http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.4_lpia.deb Size/MD5: 93064 064e3791a85282731052f77564e2c9a6 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.4_lpia.deb Size/MD5: 464216 4d6dc11b7d023c1006b6fa91951ea469 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.4_lpia.deb Size/MD5: 87466 337f70dc87f0050e03ab5d53612e5b09 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.4_lpia.deb Size/MD5: 207136 f1fc1b2fd7104ddfe4ca9026287e2130 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.4_lpia.deb Size/MD5: 64428 d03cc2251946ec85ed4ccfbf15ad3535 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.4_lpia.deb Size/MD5: 102248 8104e3a8c80891ea059e70a9af530ccd http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.4_lpia.deb Size/MD5: 185024 9f9f5a2bfece10bc2ff737e43d80b56c http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.4_lpia.deb Size/MD5: 64592 245992f1ce3636a73dcd3be1a54f72a6 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.4_lpia.deb Size/MD5: 87332 2870c1d0013b4075a41b5350ac1e2eae http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.4_lpia.deb Size/MD5: 70708 9e67629a14ea6590998b7ddef76bc3f9 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.4_powerpc.deb Size/MD5: 157392 ff91118879cd95ccf4118408bfce3a48 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.4_powerpc.deb Size/MD5: 161746 e5d0c1494bd80eed0882f0d8f8c73c59 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.4_powerpc.deb Size/MD5: 1476708 cdd897146d7f94c900c18586762fc50d http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.4_powerpc.deb Size/MD5: 93090 b235ea18fa72897708186becc1949c49 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.4_powerpc.deb Size/MD5: 494712 fca9f82fa33537a6b62a2d952433bce5 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.4_powerpc.deb Size/MD5: 97652 8902c37468cd44e76fb06f3ac9a03589 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.4_powerpc.deb Size/MD5: 245948 ad8d76302fd4d8e6d44c7cd074870e53 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.4_powerpc.deb Size/MD5: 70836 3b1bf256556bb539b7de288453ca1a4e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.4_powerpc.deb Size/MD5: 111176 59d498defa02c333750d54ef7ba0446a http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.4_powerpc.deb Size/MD5: 204792 a294bb0d172b70f395a94708e96768a0 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.4_powerpc.deb Size/MD5: 67116 8c13aa720ce5a99122620a0d6de092dd http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.4_powerpc.deb Size/MD5: 99200 63d7bb248d7fe003100ae59c195f867d http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.4_powerpc.deb Size/MD5: 77456 bf8029b902696545f61a039cff807ce8 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.4_sparc.deb Size/MD5: 140560 e65deed402352a86ee58cd9c93117531 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.4_sparc.deb Size/MD5: 145026 768618723e31a1d7c345841b2b7ebf49 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.4_sparc.deb Size/MD5: 1337778 cc8ac4ae2beeb4148f3bb4e154b1ea80 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.4_sparc.deb Size/MD5: 93088 92f241bcabad04b0f571d5287b00965c http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.4_sparc.deb Size/MD5: 434496 a34bd51d9aaa78295449431049291054 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.4_sparc.deb Size/MD5: 88718 6a1b2f63dcda49ede179996b1af42563 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.4_sparc.deb Size/MD5: 221804 395a5850dced780ca6a44993cb597dac http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.4_sparc.deb Size/MD5: 67842 6b3967139d16dd09ff8ba71b6ab10373 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.4_sparc.deb Size/MD5: 101396 6ad5d7d930ddd4798a641aa29b45880b http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.4_sparc.deb Size/MD5: 184826 631142ba84e9f14755af0edf46390ba7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.4_sparc.deb Size/MD5: 61306 f0fb94502f0859f8aaf5e630015a3cbd http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.4_sparc.deb Size/MD5: 92222 b57738dd160d241cdb9dd3b78e51256e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.4_sparc.deb Size/MD5: 73040 12167c9e367b46af80a3e1dfb11f3c9e Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.7dfsg~beta3-1ubuntu0.6.diff.gz Size/MD5: 110535 f07d0b3524b9ee45c4f50da957b501e2 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.7dfsg~beta3-1ubuntu0.6.dsc Size/MD5: 1780 67e4f6c045746f889b84d374d696bb5b http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.7dfsg~beta3.orig.tar.gz Size/MD5: 12235083 5219bf9a5c23d6a1d9d9687b918f632d Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.7dfsg~beta3-1ubuntu0.6_all.deb Size/MD5: 2174528 92c6e9b0971bed92b21ab815fe3c00cc amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.7dfsg~beta3-1ubuntu0.6_amd64.deb Size/MD5: 142386 2fa6129bf9ab24fc7b26fac0c761a080 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libgssapi-krb5-2_1.7dfsg~beta3-1ubuntu0.6_amd64.deb Size/MD5: 114824 7b8d39dfe7c0a652f6af2a4de838e35b http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libgssrpc4_1.7dfsg~beta3-1ubuntu0.6_amd64.deb Size/MD5: 78990 3ae4cca6a55d19d1bf321c4dfc1308ed http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libk5crypto3_1.7dfsg~beta3-1ubuntu0.6_amd64.deb Size/MD5: 110608 90357fae88938315eb8649207c53163b http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm5clnt6_1.7dfsg~beta3-1ubuntu0.6_amd64.deb Size/MD5: 61158 f2e081d0ade56db4a6553226303b72a0 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm5srv6_1.7dfsg~beta3-1ubuntu0.6_amd64.deb Size/MD5: 74720 8fc12dbdcd7a3f808883bd83cecc9b45 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkdb5-4_1.7dfsg~beta3-1ubuntu0.6_amd64.deb Size/MD5: 58914 ba36aa1c8a4706ca3a99e850920327f4 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-3_1.7dfsg~beta3-1ubuntu0.6_amd64.deb Size/MD5: 354354 45406fea88d08d620a333c3b29c6bb33 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.7dfsg~beta3-1ubuntu0.6_amd64.deb Size/MD5: 1497588 c3359df0c54d81de7ce2bef0e84f4a5d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.7dfsg~beta3-1ubuntu0.6_amd64.deb Size/MD5: 101432 f752d74ea126119bf6d3913173fdef68 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5support0_1.7dfsg~beta3-1ubuntu0.6_amd64.deb Size/MD5: 42008 439270abcc57670f476c18a7fbbb7d95 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.7dfsg~beta3-1ubuntu0.6_amd64.deb Size/MD5: 109866 a7e2dbf03be9c9e7cf5080d5aa6efd4f http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.7dfsg~beta3-1ubuntu0.6_amd64.deb Size/MD5: 218082 a86a0113997fdd59b5ec2655fa63cf91 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.7dfsg~beta3-1ubuntu0.6_amd64.deb Size/MD5: 70994 40039ba0ede1c686011f27a7f0bf7111 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.7dfsg~beta3-1ubuntu0.6_amd64.deb Size/MD5: 112008 863b3818261f43171cdaab39c942c2ba http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.7dfsg~beta3-1ubuntu0.6_amd64.deb Size/MD5: 208452 78295163a8b4b441a0aa3acc99bc2bb3 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.7dfsg~beta3-1ubuntu0.6_amd64.deb Size/MD5: 72758 c0a623c167c089b25d1c25226e7a70d8 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.7dfsg~beta3-1ubuntu0.6_amd64.deb Size/MD5: 86372 b5050841f568d62971aaaa93c0c802fd http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.7dfsg~beta3-1ubuntu0.6_amd64.deb Size/MD5: 77590 f2301447b8d48d745b3043afdf8a879f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.7dfsg~beta3-1ubuntu0.6_i386.deb Size/MD5: 133612 09ebf5f935376bddfe23025415b934e0 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libgssapi-krb5-2_1.7dfsg~beta3-1ubuntu0.6_i386.deb Size/MD5: 108582 c1dafabd1fab3990545bb756306806d3 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libgssrpc4_1.7dfsg~beta3-1ubuntu0.6_i386.deb Size/MD5: 72420 c7ec5eff5df549d73c2cfc635ce1192b http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libk5crypto3_1.7dfsg~beta3-1ubuntu0.6_i386.deb Size/MD5: 102708 cddf81f69fc26aba09d1f56c784860c1 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm5clnt6_1.7dfsg~beta3-1ubuntu0.6_i386.deb Size/MD5: 57874 4a87c7ec2d842f99a9ea01933b704fcd http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm5srv6_1.7dfsg~beta3-1ubuntu0.6_i386.deb Size/MD5: 70360 03d8be04340e77e7532210042d6f8b54 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkdb5-4_1.7dfsg~beta3-1ubuntu0.6_i386.deb Size/MD5: 56506 721836fa6ca914c2f7d0a4e41699a31d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-3_1.7dfsg~beta3-1ubuntu0.6_i386.deb Size/MD5: 337732 74e9f822062a4b7cf16f2941a755dec4 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.7dfsg~beta3-1ubuntu0.6_i386.deb Size/MD5: 1478634 4f88eeac11b0a8422a6750f4c60cc99f http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.7dfsg~beta3-1ubuntu0.6_i386.deb Size/MD5: 101442 54960132653b0af65e2e1344497ea3b9 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5support0_1.7dfsg~beta3-1ubuntu0.6_i386.deb Size/MD5: 40190 3ba3335b26b74c856b1ddb9ba39ecd4d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.7dfsg~beta3-1ubuntu0.6_i386.deb Size/MD5: 102018 55ca46a0fa95ca088589d590e7d1d42e http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.7dfsg~beta3-1ubuntu0.6_i386.deb Size/MD5: 196206 3a59d9d97f4dfe12ee9806581111796d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.7dfsg~beta3-1ubuntu0.6_i386.deb Size/MD5: 65768 82cd0b70d3c074fde71aea57f0e0d7fb http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.7dfsg~beta3-1ubuntu0.6_i386.deb Size/MD5: 106724 000db0e7ad62a646e6f769da45145110 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.7dfsg~beta3-1ubuntu0.6_i386.deb Size/MD5: 192718 3ce359309f683b2848b81afb741598fa http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.7dfsg~beta3-1ubuntu0.6_i386.deb Size/MD5: 69552 f3ed50077ec7d92a11fd6122d45169f3 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.7dfsg~beta3-1ubuntu0.6_i386.deb Size/MD5: 80658 a43e3659496d1dbc6a495ec90caa6eae http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.7dfsg~beta3-1ubuntu0.6_i386.deb Size/MD5: 71334 7662e9be145c12610ad99ef0c65bb82c lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.7dfsg~beta3-1ubuntu0.6_lpia.deb Size/MD5: 133696 f156baa1da2540f79abc15e49700728d http://ports.ubuntu.com/pool/main/k/krb5/libgssapi-krb5-2_1.7dfsg~beta3-1ubuntu0.6_lpia.deb Size/MD5: 107674 bc70c0339efe4f221ecea690d980cde0 http://ports.ubuntu.com/pool/main/k/krb5/libgssrpc4_1.7dfsg~beta3-1ubuntu0.6_lpia.deb Size/MD5: 71842 e38ef898035aa5a351d796aefae09776 http://ports.ubuntu.com/pool/main/k/krb5/libk5crypto3_1.7dfsg~beta3-1ubuntu0.6_lpia.deb Size/MD5: 102872 a03098371d4bce05eec5479be821d6dc http://ports.ubuntu.com/pool/main/k/krb5/libkadm5clnt6_1.7dfsg~beta3-1ubuntu0.6_lpia.deb Size/MD5: 57440 a770056cd95ada9a67cf1a444edbb990 http://ports.ubuntu.com/pool/main/k/krb5/libkadm5srv6_1.7dfsg~beta3-1ubuntu0.6_lpia.deb Size/MD5: 70488 a773b53fe8d597cd19c027e78a65e3f8 http://ports.ubuntu.com/pool/main/k/krb5/libkdb5-4_1.7dfsg~beta3-1ubuntu0.6_lpia.deb Size/MD5: 56146 b2e5d456ee4f4f8606f274b4b8a9a295 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-3_1.7dfsg~beta3-1ubuntu0.6_lpia.deb Size/MD5: 335114 6e2f2385eb023fc1ca3ea82d4879fab4 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.7dfsg~beta3-1ubuntu0.6_lpia.deb Size/MD5: 1499644 b79ff4939a1e3a096a471ada6cbb07cc http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.7dfsg~beta3-1ubuntu0.6_lpia.deb Size/MD5: 101428 4eea6bf389cecfda1036ea74c19c2e94 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5support0_1.7dfsg~beta3-1ubuntu0.6_lpia.deb Size/MD5: 39920 6b15a5bcaa564d1b46c2a793c703b32d http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.7dfsg~beta3-1ubuntu0.6_lpia.deb Size/MD5: 102584 2a9716b03805a5e34383b53bc60be597 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.7dfsg~beta3-1ubuntu0.6_lpia.deb Size/MD5: 193134 742836837f9aab1f68b8bf602e0535d8 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.7dfsg~beta3-1ubuntu0.6_lpia.deb Size/MD5: 65924 d03cdede60ff82e9dd455d3446383a9e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.7dfsg~beta3-1ubuntu0.6_lpia.deb Size/MD5: 106794 3aea0debb2d80f794da3e5b0914e495e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.7dfsg~beta3-1ubuntu0.6_lpia.deb Size/MD5: 192990 8c197e4e220766273d01b8154d1107e5 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.7dfsg~beta3-1ubuntu0.6_lpia.deb Size/MD5: 69680 46242ef61e60b1b2cc5b93ac017885ee http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.7dfsg~beta3-1ubuntu0.6_lpia.deb Size/MD5: 80478 8b28712823de9276a86130bc76a29b1c http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.7dfsg~beta3-1ubuntu0.6_lpia.deb Size/MD5: 71624 2ebca67116955ac388dd8b42b14921b0 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.7dfsg~beta3-1ubuntu0.6_powerpc.deb Size/MD5: 139608 cf94100cf4e19ffc0e0dfb5fec8545f9 http://ports.ubuntu.com/pool/main/k/krb5/libgssapi-krb5-2_1.7dfsg~beta3-1ubuntu0.6_powerpc.deb Size/MD5: 113500 6d46f0d5de3931b0ab7335b611b59da2 http://ports.ubuntu.com/pool/main/k/krb5/libgssrpc4_1.7dfsg~beta3-1ubuntu0.6_powerpc.deb Size/MD5: 77954 6633238f8e93c4c866deebc2d6a43973 http://ports.ubuntu.com/pool/main/k/krb5/libk5crypto3_1.7dfsg~beta3-1ubuntu0.6_powerpc.deb Size/MD5: 116748 4774aa7d5c5cab70e11f460e3bc99f72 http://ports.ubuntu.com/pool/main/k/krb5/libkadm5clnt6_1.7dfsg~beta3-1ubuntu0.6_powerpc.deb Size/MD5: 59414 4bedcf56b0a32b2da7966184f8b4e40c http://ports.ubuntu.com/pool/main/k/krb5/libkadm5srv6_1.7dfsg~beta3-1ubuntu0.6_powerpc.deb Size/MD5: 73800 63f4612d285efc9ad1f783edf4418fd0 http://ports.ubuntu.com/pool/main/k/krb5/libkdb5-4_1.7dfsg~beta3-1ubuntu0.6_powerpc.deb Size/MD5: 58212 8d82271366757b49a9781fea6ea1fb06 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-3_1.7dfsg~beta3-1ubuntu0.6_powerpc.deb Size/MD5: 359938 b335bd9735270552f09436a8d5e73a85 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.7dfsg~beta3-1ubuntu0.6_powerpc.deb Size/MD5: 1535326 01bbcf4a62ec36eab0732ddfb6ea7be9 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.7dfsg~beta3-1ubuntu0.6_powerpc.deb Size/MD5: 101446 7e3277715daf24e68433e4ce885c0fe7 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5support0_1.7dfsg~beta3-1ubuntu0.6_powerpc.deb Size/MD5: 41552 6374127ef4de957edbcb653ddfd90b93 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.7dfsg~beta3-1ubuntu0.6_powerpc.deb Size/MD5: 107722 35b5f8e02931e7790fadfed70a3725fc http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.7dfsg~beta3-1ubuntu0.6_powerpc.deb Size/MD5: 211936 e0b03a8f3bf6d07e024104c002ee1f59 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.7dfsg~beta3-1ubuntu0.6_powerpc.deb Size/MD5: 69868 9f48cfe1b0a2ceecd711168e3a19d713 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.7dfsg~beta3-1ubuntu0.6_powerpc.deb Size/MD5: 112096 1535062bf59436c1f844ac0737bddc1c http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.7dfsg~beta3-1ubuntu0.6_powerpc.deb Size/MD5: 205962 0c35c2eab94d9e4d433acf5ab28f7ad6 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.7dfsg~beta3-1ubuntu0.6_powerpc.deb Size/MD5: 71268 a7286b177d850f1ff8a368e13dd53f9b http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.7dfsg~beta3-1ubuntu0.6_powerpc.deb Size/MD5: 83952 e53e1e14846c25a67b62cea74b06f8ca http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.7dfsg~beta3-1ubuntu0.6_powerpc.deb Size/MD5: 76454 dbd829926767e0d71a3672ce2127192d sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.7dfsg~beta3-1ubuntu0.6_sparc.deb Size/MD5: 136762 b42750b465cf0c51d4383ca948922bb5 http://ports.ubuntu.com/pool/main/k/krb5/libgssapi-krb5-2_1.7dfsg~beta3-1ubuntu0.6_sparc.deb Size/MD5: 101226 0b75c68eb0c9a59eaa3451c829e55e26 http://ports.ubuntu.com/pool/main/k/krb5/libgssrpc4_1.7dfsg~beta3-1ubuntu0.6_sparc.deb Size/MD5: 71382 aa027a6688feebe6b9265218c64a3dde http://ports.ubuntu.com/pool/main/k/krb5/libk5crypto3_1.7dfsg~beta3-1ubuntu0.6_sparc.deb Size/MD5: 108350 c5167dbdd34ad0fbcc3fefeacad55c7a http://ports.ubuntu.com/pool/main/k/krb5/libkadm5clnt6_1.7dfsg~beta3-1ubuntu0.6_sparc.deb Size/MD5: 55444 481b67dfa8ab09aed46eb774eeb44a19 http://ports.ubuntu.com/pool/main/k/krb5/libkadm5srv6_1.7dfsg~beta3-1ubuntu0.6_sparc.deb Size/MD5: 66972 399da8bdce2962523cf2d0c884d09f2e http://ports.ubuntu.com/pool/main/k/krb5/libkdb5-4_1.7dfsg~beta3-1ubuntu0.6_sparc.deb Size/MD5: 54388 d49b32034ba8cc5e3cc66c7d0090f1bc http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-3_1.7dfsg~beta3-1ubuntu0.6_sparc.deb Size/MD5: 324530 8d1c62204d1c6c852f9ee24b66249e41 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.7dfsg~beta3-1ubuntu0.6_sparc.deb Size/MD5: 1381242 6105c2f14357f6b3b0b2160e36ecd99b http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.7dfsg~beta3-1ubuntu0.6_sparc.deb Size/MD5: 101444 2c10c3a3fa4f5741dd2437c306145de1 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5support0_1.7dfsg~beta3-1ubuntu0.6_sparc.deb Size/MD5: 39740 8aa511b8517a664465c2058d2428319d http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.7dfsg~beta3-1ubuntu0.6_sparc.deb Size/MD5: 103962 f46e78a2f875818cf38cacafdf739abb http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.7dfsg~beta3-1ubuntu0.6_sparc.deb Size/MD5: 208720 6fc6b8d2091709163dcd670263f66f58 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.7dfsg~beta3-1ubuntu0.6_sparc.deb Size/MD5: 68502 64f6c43f29053edf7d12a44be2c368b9 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.7dfsg~beta3-1ubuntu0.6_sparc.deb Size/MD5: 105692 7c76a6b79b8a52a0b70baa6fc0648224 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.7dfsg~beta3-1ubuntu0.6_sparc.deb Size/MD5: 192292 f83f94bdd460f59e8e1125175b4c2797 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.7dfsg~beta3-1ubuntu0.6_sparc.deb Size/MD5: 65050 b01bf4d756458ff19494d4739cc7cede http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.7dfsg~beta3-1ubuntu0.6_sparc.deb Size/MD5: 84452 fad81a7db97fcddc716eb9a3ccb86fa3 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.7dfsg~beta3-1ubuntu0.6_sparc.deb Size/MD5: 73508 1be5288f0d9315f83873d90abd1cfe7f . Description A uninitialized vulnerability (CVE-2007-5894)in function reply() in ftpd.c. A dereferencing vulnerability(CVE-2007-5901) in gssapi lib in function gss_indicate_mechs(mi norStatus, mechSet) in g_initialize.c and a integer overflow vunerability(CVE-2007-5902) in rpc lib in function svcauth_gss_get_principal in svc_auth_gss.c. Impact Reading uninitialized variables can result in unpredictable behavior, crashes, or security holes. Dereferencing,integer overflow and double free may cause instability and potentially crash. References ========== [ 1 ] CVE-2007-5894 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894 [ 2 ] CVE-2007-5901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5901 [ 3 ] CVE-2007-5902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5902 [ 4 ] CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 [ 5 ] CVE-2007-5972 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5972 III.CREDIT: ---------- Venustech AD-LAB discovery this vuln. Thank to all Venustech AD-Lab guys. V.DISCLAIMS: ----------- The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Copyright 1996-2007 VENUSTECH. All Rights Reserved. Terms of use. VENUSTECH Security Lab VENUSTECH INFORMATION TECHNOLOGY CO.,LTD(http://www.venustech.com.cn) Security Trusted {Solution} Provider Service _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store this key. Kerberos是美国麻省理工学院（MIT）开发的一套网络认证协议，它采用客户端/服务器结构，并且客户端和服务器端均可对对方进行身份认证（即双重验证），可防止窃听、防止replay攻击等。MIT Kerberos 5（又名krb5）是美国麻省理工学院（MIT）开发的一套网络认证协议，它采用客户端/服务器结构，并且客户端和服务器端均可对对方进行身份认证（即双重验证），可防止窃听、防止replay攻击等. Kerberos的实现上存在多个内存破坏漏洞，远程攻击者可能利用这些漏洞导致服务程序崩溃. gssftp的ftpd是Kerberos加密的FTP服务器，可通过Kerberos 5认证。在ftpd.c的reply()函数中存在未初始化的指针： void reply(int n, char *fmt, ...) { ... (1) int length, kerror; ＜---- declared length without initializer if (n) sprintf(in, \"\\%d\\%c\", n, cont_char); else in[0] = \'\'＼0\'\'; strncat(in, buf, sizeof (in) - strlen(in) - 1); ＃ifdef KRB5_KRB4_COMPAT if (strcmp(auth_type, \"KERBEROS_V4\") == 0) { if (clevel == PROT_P) length = krb_mk_priv((unsigned char *)in, (unsigned char *)out, strlen(in), schedule, ＆kdata.session, ＆ctrl_addr, ＆his_addr); else length = krb_mk_safe((unsigned char *)in, (unsigned char *)out, strlen(in), ＆kdata.session, ＆ctrl_addr, ＆his_addr); if (length == -1) { syslog(LOG_ERR, \"krb_mk_\\%s failed for KERBEROS_V4\", clevel == PROT_P ? \"priv\" ： \"safe\"); fputs(in,stdout); } } else ＃endif /* KRB5_KRB4_COMPAT */ ＃ifdef GSSAPI /* reply (based on level) */ if (strcmp(auth_type, \"GSSAPI\") == 0) { gss_buffer_desc in_buf, out_buf; OM_uint32 maj_stat, min_stat; int conf_state; in_buf.value = in; in_buf.length = strlen(in); maj_stat = gss_seal(＆min_stat, gcontext, clevel == PROT_P, /* private */ GSS_C_QOP_DEFAULT, ＆in_buf, ＆conf_state, ＆out_buf); if (maj_stat != GSS_S_COMPLETE) { ＃if 0 /* Don\'\'t setup an infinite loop */ /* generally need to deal */ secure_gss_error(maj_stat, min_stat, (clevel==PROT_P)? \"gss_seal ENC didn\'\'t complete\"： \"gss_seal MIC didn\'\'t complete\"); ＃endif /* 0 */ } else if ((clevel == PROT_P) ＆＆ !conf_state) { ＃if 0 /* Don\'\'t setup an infinite loop */ secure_error(\"GSSAPI didn\'\'t encrypt message\"); ＃endif /* 0 */ } else { memcpy(out, out_buf.value, length=out_buf.length); gss_release_buffer(＆min_stat, ＆out_buf); } } ＃endif /* GSSAPI */ /* Othe. These issues include a use-after-free vulnerability, an integer-overflow vulnerability, and two double-free vulnerabilities. It adopts a client/server structure, and both the client and the server can authenticate each other (that is, double verification), which can prevent eavesdropping and replay attack, etc. MIT Kerberos 5 (also known as krb5) is a set of network authentication protocols developed by the Massachusetts Institute of Technology (MIT). ), which can prevent eavesdropping, prevent replay attacks, etc. There are multiple memory corruption vulnerabilities in the implementation of Kerberos, and remote attackers may use these vulnerabilities to cause the service program to crash. gssftp's ftpd is a Kerberos-encrypted FTP server that can pass Kerberos 5 authentication. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: SUSE Update for Multiple Packages SECUNIA ADVISORY ID: SA28636 VERIFY ADVISORY: http://secunia.com/advisories/28636/ CRITICAL: Highly critical IMPACT: Security Bypass, DoS, System access WHERE: >From remote OPERATING SYSTEM: SUSE Linux 10.1 http://secunia.com/product/10796/ openSUSE 10.2 http://secunia.com/product/13375/ openSUSE 10.3 http://secunia.com/product/16124/ SuSE Linux Enterprise Server 8 http://secunia.com/product/1171/ SUSE Linux Enterprise Server 9 http://secunia.com/product/4118/ SUSE Linux Enterprise Server 10 http://secunia.com/product/12192/ SuSE Linux Openexchange Server 4.x http://secunia.com/product/2001/ SuSE Linux Standard Server 8 http://secunia.com/product/2526/ DESCRIPTION: SUSE has issued updates for multiple packages. These fix some vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to bypass certain security restrictions, to cause a DoS, or to compromise a user's system. For more information: SA27313 SA28076 SA28129 SA28228 SA28327 SA28358 SA28384 SA28444 SOLUTION: Updated packages are available via Yast Online Update or the SUSE FTP server. ORIGINAL ADVISORY: http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00005.html OTHER REFERENCES: SA27313: http://secunia.com/advisories/27313/ SA28076: http://secunia.com/advisories/28076/ SA28129: http://secunia.com/advisories/28129/ SA28228: http://secunia.com/advisories/28228/ SA28327: http://secunia.com/advisories/28327/ SA28358: http://secunia.com/advisories/28358/ SA28384: http://secunia.com/advisories/28384/ SA28444: http://secunia.com/advisories/28444/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- Secunia CSI + Microsoft SCCM ----------------------- = Extensive Patch Management http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Ubuntu update for krb5 SECUNIA ADVISORY ID: SA39290 VERIFY ADVISORY: http://secunia.com/advisories/39290/ DESCRIPTION: Ubuntu has issued an update for krb5. (Only Ubuntu 6.06 LTS was affected.) (CVE-2007-5902, CVE-2007-5971, CVE-2007-5972) Joel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos did not correctly verify certain packet structures. ---------------------------------------------------------------------- Stay Compliant Alerts, Technical Descriptions, PoC, Links to patches, CVSS, CVE, Changelogs, Alternative Remediation Strategies, and much more provided in the Secunia Vulnerability Intelligence solutions Free Trial http://secunia.com/products/corporate/evm/trial/ ---------------------------------------------------------------------- TITLE: Ubuntu update for krb5 SECUNIA ADVISORY ID: SA39784 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39784/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39784 RELEASE DATE: 2010-05-21 DISCUSS ADVISORY: http://secunia.com/advisories/39784/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39784/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39784 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for krb5. II.DETAILS: ---------- Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Description A uninitialized vulnerability (CVE-2007-5894)in function reply() in ftpd.c. A dereferencing vulnerability(CVE-2007-5901) in gssapi lib in function gss_indicate_mechs(mi norStatus, mechSet) in g_initialize.c and a integer overflow vunerability(CVE-2007-5902) in rpc lib in function svcauth_gss_get_principal in svc_auth_gss.c. A double free vulnerability(CVE-2007-5971) in function gss_krb5int_make_seal_token_v3 in k5sealv3.c and another double free vulnerability(CVE-2007-5972) in function krb5_def_store_mkey in lib/kdb/kdb_default.c. Impact Reading uninitialized variables can result in unpredictable behavior, crashes, or security holes. Dereferencing,integer overflow and double free may cause instability and potentially crash. References ========== [ 1 ] CVE-2007-5894 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894 [ 2 ] CVE-2007-5901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5901 [ 3 ] CVE-2007-5902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5902 [ 4 ] CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 [ 5 ] CVE-2007-5972 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5972 III.CREDIT: ---------- Venustech AD-LAB discovery this vuln. Thank to all Venustech AD-Lab guys. V.DISCLAIMS: ----------- The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Copyright 1996-2007 VENUSTECH. All Rights Reserved. Terms of use. VENUSTECH Security Lab VENUSTECH INFORMATION TECHNOLOGY CO.,LTD(http://www.venustech.com.cn) Security Trusted {Solution} Provider Service _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-924-1 April 07, 2010 krb5 vulnerabilities CVE-2007-5901, CVE-2007-5902, CVE-2007-5971, CVE-2007-5972, CVE-2010-0629 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: krb5-kdc 1.6.dfsg.3~beta1-2ubuntu1.4 libkrb53 1.6.dfsg.3~beta1-2ubuntu1.4 Ubuntu 8.10: krb5-kdc 1.6.dfsg.4~beta1-3ubuntu0.4 Ubuntu 9.04: krb5-kdc 1.6.dfsg.4~beta1-5ubuntu2.3 libkrb53 1.6.dfsg.4~beta1-5ubuntu2.3 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Sol Jerome discovered that the Kerberos kadmind service did not correctly free memory. An unauthenticated remote attacker could send specially crafted traffic to crash the kadmind process, leading to a denial of service. (CVE-2010-0629) It was discovered that Kerberos did not correctly free memory in the GSSAPI library. If a remote attacker were able to manipulate an application using GSSAPI carefully, the service could crash, leading to a denial of service. (Ubuntu 8.10 was not affected.) (CVE-2007-5901, CVE-2007-5971) It was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. If a remote attacker were able to manipulate an application using these libraries carefully, the service could crash, leading to a denial of service. (Only Ubuntu 8.04 LTS was affected.) (CVE-2007-5902, CVE-2007-5972) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.3~beta1-2ubuntu1.4.diff.gz Size/MD5: 1747579 857bc90fe202aacef9aa7ec1915912b0 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.3~beta1-2ubuntu1.4.dsc Size/MD5: 1135 4cacf5667996472a34c29f5db3590a0a http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.3~beta1.orig.tar.gz Size/MD5: 14672599 7a36c3471aa31ffd01d5a020f9d82dff Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.6.dfsg.3~beta1-2ubuntu1.4_all.deb Size/MD5: 2121560 319ec346ce4f7acfcd3f535276b2e7e9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 140892 372ce44cc13bfcea71652553d16ab0f6 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 162164 6b37b079fa1b8fd1d512e8d5a268c6e3 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 1337522 23370d40c101659acb54bd203c263e3d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 89344 02a61de3df97772e9a46ce5f960d392d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 497374 89e647e9beec851c340774d758f6d68c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 88168 6f6c1a76b5fd3f579c26f5438fb04f69 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 230020 ff26ae7c13bedcd6335b36d335357f79 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 65660 6ad8023f8ec936b19046b04c95c948bc http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 186140 af7b0135284c9bffd16a6a03b2c36703 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 64960 abc799e9e887480fc993bdba504af466 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 91866 cfb606d8378283313f5009faa2dec564 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 73208 6ee86c16449e975666de4454ca001fb4 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 131262 a8beec1ae2763a39f4224e6457d79a68 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 146000 ea7aad15118b9e3df627d9e41f641c25 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 1289340 b3f36e7e2fb3fdba00a5af1153c4f407 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 89352 372324ef9477c4a6f3f9bc31ef297a57 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 460514 62959156fab7500c76d9f11ebae51d52 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 81706 fbbc1993212b37307d15fbac473a1568 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 201704 e920981af86ee031bcf12fdf0d58f044 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 60694 c1e8663d26f5090f64350e56967f1b4b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 173246 532692f310673efbd4329d0661811370 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 61726 78e20ba263aad29b73f92ce156ba12a7 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 84298 fe5eceddccc659692e8c95149da13dd9 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 66892 efb07a08a44037d73c7e98525dcbab56 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 131436 e9a07a3d73999fe64e97ec4f15754f00 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 143896 0885dad9ce7cfb900e80f664256ce3c7 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 1318388 8c5fee9fe04a1d4d5cd50e31066c592d http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 89348 f12babd06a10b951388d6618288b081d http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 455898 ceb7713ec70fe69de2e9e675f34162eb http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 82168 603b21fbba3e4092e21e95f7fc79addb http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 200914 066a5fa912c9a64a2a4f4de12326ded2 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 60786 d11c67185932d0b746584e0406294a3e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 172640 2de487fc075709f917b2396a053d8bde http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 61574 394a1d2ee087fb9ed2d8bbdd6b54c1c2 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 84204 1c7cccecf78f77db4073669da9f82ef7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 67206 ce64e680e6c213afea88440bb1d944b6 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 158748 c5daffac1ce8e89ee9002325f63ed078 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 159344 9fb7e6c72d4e07e06e704b127582204a http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 1335326 2e5bf6c9daec4169d467583f70b2652f http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 89362 edd451d9c7efb36480bd396347d33b47 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 482430 c4f6f3ee75b56c4fb436e0a55f008097 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 95278 554caab935dc3d35ed2297dff4b9cd21 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 245012 0a16b0e350544021fd2a3a8879d1372f http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 68806 ea6d4ae9080e63be328418af216cf7fd http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 199412 9063aec6b15eab435032ac249f516a44 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 64060 a367b9c7a4afee60fe4b8e7e98eac1a4 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 100238 e253160984af0fd0f914b453bf604b1d http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 75518 7bfda8e39e560cb747ad8b78ceee7fa8 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 134486 d031b1b700640b4e254e9ba9950c0a9c http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 142010 d0fd459614fb1e4bb411b5ff1220e6a9 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 1213582 cd49f178b2202d58d3eb471a3c791e49 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 89356 8e603c181d789500185720f8e35da971 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 428108 356af6cc775d8bafe2a028c43a33b89c http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 83266 e87d03878c6db3b236edbe0616e1c839 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 211652 121558486b173d309bccbe304b8ec550 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 64092 69c588ea021fc09582f299ec80ce5ebf http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 173032 01fd0f15a60c39f2180c0290b8b4f015 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 58806 e21d86723683a97d0f9812d820b39da7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 87886 eef2eaa5c992cd9849f865c5b88de7aa http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 69614 8f28b615e8a75bb0a6e04da3131c39bb Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1-3ubuntu0.4.diff.gz Size/MD5: 858566 abe6f3bf8714b16dd084cd583b5aa350 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1-3ubuntu0.4.dsc Size/MD5: 1671 e03526558ccf9a954c92a3e257e66351 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1.orig.tar.gz Size/MD5: 11647547 08d6ce311204803acbe878ef0bb23c71 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.6.dfsg.4~beta1-3ubuntu0.4_all.deb Size/MD5: 2148728 a0785e0f46d4268e3906483b821241bb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 146234 7c1e6b679b00982416953a085acb5f39 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 165978 0415c29a760df4dbf38e3b82e93aaf54 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 1474040 289fcb9189903998fe6adb217d111257 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 92554 db275139f0715242c7f339b0005f7f65 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 510612 ad1d674ce1ffc4f39dfc6d75d8c80282 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 92862 99ee34c7a17ce0cb980ba620cbc97e67 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 237266 eb87e828f93d628e7dab9de7a657566d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 68946 43644b68a2aa3219a07dcb85f7a45371 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 107696 5be51db685dc9d9536765a0771e52223 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 196660 e36a1e5bc9fd0b173bbd0fca05b79d0b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 67914 098fd941dbdb7c32ce12f983dbbd6ed9 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 94504 4bbe57034a98573f623870361380055d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 76670 6759a5aad2f5ba13b5b0354dc025aa0c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 136816 71232407545e52025735e7e630496f84 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 150618 e413fd35cb127f765870211bc25a47ec http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 1413034 f1f3fb8a55ee8ba77c9b6aac5ad9aff4 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 92570 98ed6b6053fff58ac3a600f4b51b7cd0 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 472690 7cf30b9521b99808b48879295b579d07 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 86424 76aefeea8bbaecc66933de53158503fe http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 213602 a6d796c92390bc1b9ff794ae4204f974 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 63886 8a7affbe90bd3c31e1bb360f4f93ce90 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 102054 15234247c475c7ac05549b3e0ac04e8a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 183124 34b361091e4883adf77658c04f431edb http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 64676 72cd11a2060ebd4524dfb4345d6ac3b0 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 87766 bd091590f2ebf42a256b00c00ca08704 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 70558 37b76c195ee928457ddb7f859ee19b80 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 136772 173deb07bb07502e6d16adc880d27209 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 148130 beebf3d09c4c0f5b605a1719d87d3f62 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 1443468 4236ad375d51fe23404e21b1979103cf http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 92538 c696e177873d8255183b7cc50576eb48 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 463248 680eff30a2fd36ab52900ad3b7d58192 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 86530 2d5c2d44148bcc30b1fc0862c26bbc88 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 206758 d08cdf41d7ee2bacd847639b5f5b8676 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 63948 c42df041a5ed4079b03fad6d1fd16a5d http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 101826 1bfed64995fab3d278fd7e382be0f207 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 182666 c40bbef2b97460a08eb18a64767c9f8f http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 64188 1421cd4073a447d334eea471a2dd548f http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 86954 b9b8f522b5881cc111124d368dcc0d6f http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 70346 f77d255277ff6ea8964c3992dded5118 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 157076 4501c9b76ba4cd09cce27ef2ce1a74ad http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 161396 9f6134a5f7e29859b46f41fa1f6c23a8 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 1472026 4f1e6fbc7c474bd9ddedce81c307e52f http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 92578 3b7a1d729048d6c66629e03a8230cb8b http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 492848 c791a13ad685af0293c3b8b0397adb25 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 96700 4980c34839066b9866eacb06fb385d23 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 245612 c4f47729971c422bdf47cbc86669999b http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 70360 4904070348252bd4bdd692d85af4249a http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 110768 2c18038848b99c2f90b87a0c8af7a2e5 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 202494 7c9671f7bdb178be8f1bbc8445ab00a9 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 66680 36a33a9765740aa2eab16419017562b0 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 98830 bfafb479fdc24c38cda9ab334c7c059e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 77096 ffc6213bd7623df1b396d14a72d4e830 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 140360 97dcf304de4a27ebac536e0092b7fc1b http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 144848 64545260134ceba4c1fa36bbb5dbb3e7 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 1332818 cfbeb843bc41b29bc39c9f472cc6f388 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 92562 18978f9e7ff1ce581359bffaa3183cae http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 433500 135cfb8e8a08c6086ee81a2401f5caea http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 87970 205855c848f241acd5262a11ca7bbc7a http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 221618 1475ec81f68851111b85bb0bb0ab6fbf http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 67506 5742f0bd5b8775f8aa948f8fda02456b http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 100974 b9c4cb0e343eb63dbda925b29888186d http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 182710 be662df46e52c604f0ef9aee39287bd4 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 60936 d39a4e432ed22e23cc7342986b59cad2 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 91922 62f5f68fe447a9e1367457ba4ac1033e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 72734 e3a771cb836f6fc6b40402befbdfdf20 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1-5ubuntu2.3.diff.gz Size/MD5: 884759 6834e06b9b7420e013639e5f0177dde7 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1-5ubuntu2.3.dsc Size/MD5: 1671 2df8fc05d522a39465b516106eb1c720 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1.orig.tar.gz Size/MD5: 11647547 08d6ce311204803acbe878ef0bb23c71 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.6.dfsg.4~beta1-5ubuntu2.3_all.deb Size/MD5: 2149012 143718b601a3a99b8ebd05937ecaed25 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 146656 2d86ade2be3e079d940e8919217802e7 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 166316 faec7da08e9aa386f72e349c7408bf10 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 1479408 de4a5e28107e556683c959c1a0cfa819 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 93046 a88830b71b66d9071ecf9e43422c1d3e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 512336 6623911d29c86d0da61a57ac3f5443fa http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 93766 c1fe58d664c3021eb0f3b39a21f292f6 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 237514 15434edb948a81df6827c54e7cfc493a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 69208 f38a09c9ce73b663053b0c16e562d53e http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 108010 397c0979124621bde63b49d55df1951b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 198894 971764b78a61757018f675faaf8d13c2 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 68258 7abb3d320bbaac22e6d91c8ddf808ced http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 94832 c3b98b57230bdd7b7f6ebb83418b398f http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 76946 85b0519be431be8228d1b8930ca82032 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 137258 6722093f41aea33c126c60594e91aa89 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 150922 b01712adff6c2dd19bbb578691b55a82 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 1417102 87153ec02650a379e068d91412027243 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 93044 d29e99de8b3cd37a2f66411cb62f69e6 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 473744 d7f752135e4a924139b89e5873901aa1 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 87338 441b4cbdfcf76a714c81f88fc78d45f0 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 213942 12b948c395cf70a2fea94cc8fc195228 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 64306 bab53b895c90f98f7964e66768e8e020 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 102364 0892484a20867e24c567a57fa9bdabbe http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 185436 c7716a56e5e00c6b34c37d619c3e2fd3 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 65034 673f5afa510e0b6c9718ca2b0b1d8634 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 88118 4d16b24b0c8de073394fcd16efbd471b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 70886 7c57638b2967e79f0b35ed27baca2c5c lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 137092 88eac351aa4c04cabeb5004ba0488a89 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 148518 5c4bcb387e8ceae4642e955c9073b936 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 1448176 04dc34d8d656fdd5cabfd522a2862fcb http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 93040 696bfd471bba2b1f3cb7d5c0538068d0 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 464142 11481d506c939a4595c5d235768692e5 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 87422 41b6c7fb1aed7ddfd0732af69c393ee5 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 207106 86e5df0b876d7a0fc53ff75dffcced9e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 64392 783c9e473eb37ca0368c9a52aa92d343 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 102218 548d6f447c103522fa6616dbea42e75a http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 184990 325f5322d631683068bc6ddc6af35940 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 64550 b6b3f9ad2c07f8f7597c484fc14315be http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 87292 bcdb18ceb438927ab77150be9c4176f9 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 70680 eb8483a9164d278a76774413d9660ddb powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 157362 3603a529157befb84af0edad2c3bb7dc http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 161722 7ba5b2cd8023ffb44230d435aad75f4c http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 1476674 1db714f8b53e25bdc2301cdfa99551bf http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 93054 82c6e84e63e5c5a561dfc55a5bbee018 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 494652 9251f6d55d90fbf9bb28ee930cef7aed http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 97626 05a2eef51dafed34f8689bde6d025d51 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 245924 2e85a1edc5ea735861525a91a37bcca6 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 70818 aa62de270b7d513cd8bd5831c63e4d20 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 111146 d4464357b86e371914cc23251c2c1780 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 204756 dd5364842f6604199e2d7698334771ff http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 67072 5144031c10eebd19c85b9bed8186b5a7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 99180 54eca3303b1097ee902e2ef84f0220e7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 77438 a18355513e1155b4dc997881878ce816 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 140558 5c0e1c57333b16f654ed94502e54d354 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 145012 bc16c76d7e202efb7f392185f9a34ecf http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 1337686 00ce5bdd2e53fd6059205375458ba917 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 93054 29490c704727e89faf1079f1b517606e http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 434466 9047f19cc6730c592a0f9ac99abd31e4 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 88702 55bf696f05f0d9b72b630d35422ed905 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 221790 bf2fb8e80cf389bee1a7b9edbcacb3d0 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 67822 4c2219ff77a59d8bcc8c78fb07e5b0e7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 101378 d7720e20362e7870e6d205a924b7e486 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 184808 7d8827058a213b3216c16cfe15d26bf1 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 61274 1b5b021b7e019641010877555e99058d http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 92206 8baa9bba468967c26e6a2c87ffa8dfbb http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 73024 607a1edca12d6130393158fc82b86b28

Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code. Vulnerabilities in the MIT Kerberos libgssrpc library may allow an attacker to cause a denial of service or potentially execute arbitrary code. This problem is probably caused by a typo in the source code.Details of this vulnerability are unknown. Kerberos是美国麻省理工学院（MIT）开发的一套网络认证协议，它采用客户端/服务器结构，并且客户端和服务器端均可对对方进行身份认证（即双重验证），可防止窃听、防止replay攻击等。MIT Kerberos 5（又名krb5）是美国麻省理工学院（MIT）开发的一套网络认证协议，它采用客户端/服务器结构，并且客户端和服务器端均可对对方进行身份认证（即双重验证），可防止窃听、防止replay攻击等. Kerberos的实现上存在多个内存破坏漏洞，远程攻击者可能利用这些漏洞导致服务程序崩溃. gssftp的ftpd是Kerberos加密的FTP服务器，可通过Kerberos 5认证。在ftpd.c的reply()函数中存在未初始化的指针： void reply(int n, char *fmt, ...) { ... (1) int length, kerror; ＜---- declared length without initializer if (n) sprintf(in, \"\\%d\\%c\", n, cont_char); else in[0] = \'\'＼0\'\'; strncat(in, buf, sizeof (in) - strlen(in) - 1); ＃ifdef KRB5_KRB4_COMPAT if (strcmp(auth_type, \"KERBEROS_V4\") == 0) { if (clevel == PROT_P) length = krb_mk_priv((unsigned char *)in, (unsigned char *)out, strlen(in), schedule, ＆kdata.session, ＆ctrl_addr, ＆his_addr); else length = krb_mk_safe((unsigned char *)in, (unsigned char *)out, strlen(in), ＆kdata.session, ＆ctrl_addr, ＆his_addr); if (length == -1) { syslog(LOG_ERR, \"krb_mk_\\%s failed for KERBEROS_V4\", clevel == PROT_P ? \"priv\" ： \"safe\"); fputs(in,stdout); } } else ＃endif /* KRB5_KRB4_COMPAT */ ＃ifdef GSSAPI /* reply (based on level) */ if (strcmp(auth_type, \"GSSAPI\") == 0) { gss_buffer_desc in_buf, out_buf; OM_uint32 maj_stat, min_stat; int conf_state; in_buf.value = in; in_buf.length = strlen(in); maj_stat = gss_seal(＆min_stat, gcontext, clevel == PROT_P, /* private */ GSS_C_QOP_DEFAULT, ＆in_buf, ＆conf_state, ＆out_buf); if (maj_stat != GSS_S_COMPLETE) { ＃if 0 /* Don\'\'t setup an infinite loop */ /* generally need to deal */ secure_gss_error(maj_stat, min_stat, (clevel==PROT_P)? \"gss_seal ENC didn\'\'t complete\"： \"gss_seal MIC didn\'\'t complete\"); ＃endif /* 0 */ } else if ((clevel == PROT_P) ＆＆ !conf_state) { ＃if 0 /* Don\'\'t setup an infinite loop */ secure_error(\"GSSAPI didn\'\'t encrypt message\"); ＃endif /* 0 */ } else { memcpy(out, out_buf.value, length=out_buf.length); gss_release_buffer(＆min_stat, ＆out_buf); } } ＃endif /* GSSAPI */ /* Othe. These issues include a use-after-free vulnerability, an integer-overflow vulnerability, and two double-free vulnerabilities. It adopts a client/server structure, and both the client and the server can authenticate each other (that is, double verification), which can prevent eavesdropping and replay attack, etc. ), which can prevent eavesdropping, prevent replay attacks, etc. gssftp's ftpd is a Kerberos-encrypted FTP server that can pass Kerberos 5 authentication. A flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4 protocol packets. This issue only affects krb5kdc when it has Kerberos v4 protocol compatibility enabled, which is a compiled-in default in all Kerberos versions that Mandriva Linux ships prior to Mandriva Linux 2008.0. The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 64c3f5c31177dcacc99b021ec6ed1271 2007.1/i586/ftp-client-krb5-1.5.2-6.6mdv2007.1.i586.rpm 11b4194bc9edba8c0951e44660ba9955 2007.1/i586/ftp-server-krb5-1.5.2-6.6mdv2007.1.i586.rpm 23794e6e0cb1d46a329c42a04f672c5f 2007.1/i586/krb5-server-1.5.2-6.6mdv2007.1.i586.rpm 0fbb29bd81c8452d937d30fbbda62242 2007.1/i586/krb5-workstation-1.5.2-6.6mdv2007.1.i586.rpm 8f4eea60bf4ea3bfc776f1c117ceb26d 2007.1/i586/libkrb53-1.5.2-6.6mdv2007.1.i586.rpm fd5b1da0a056d995011d2b1a692e4292 2007.1/i586/libkrb53-devel-1.5.2-6.6mdv2007.1.i586.rpm ca79ccbe3f286b9069f0ae028d9816f7 2007.1/i586/telnet-client-krb5-1.5.2-6.6mdv2007.1.i586.rpm 8a7c84f1fe1bbb5338723f28d12a9f21 2007.1/i586/telnet-server-krb5-1.5.2-6.6mdv2007.1.i586.rpm 22830790ad7715479b7d4fbecc6c1e7f 2007.1/SRPMS/krb5-1.5.2-6.6mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: fc02060b7c1da08c33952e6c14fb5627 2007.1/x86_64/ftp-client-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 513fca34bdd1f2a5643a8e6adeb62e0e 2007.1/x86_64/ftp-server-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 4f42d639753a885212e6d62bfe84a121 2007.1/x86_64/krb5-server-1.5.2-6.6mdv2007.1.x86_64.rpm 6b2ca028321fb08199be20a4aedef4a0 2007.1/x86_64/krb5-workstation-1.5.2-6.6mdv2007.1.x86_64.rpm 4d453dc2a579e74e29dfc052197fedc1 2007.1/x86_64/lib64krb53-1.5.2-6.6mdv2007.1.x86_64.rpm b22d9f1b515df1a5270d2d4c373b7dd3 2007.1/x86_64/lib64krb53-devel-1.5.2-6.6mdv2007.1.x86_64.rpm 21b245649de9e38e43782bd1a18922a7 2007.1/x86_64/telnet-client-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 1322374ab1c15b5c1392ee4ae5f915e7 2007.1/x86_64/telnet-server-krb5-1.5.2-6.6mdv2007.1.x86_64.rpm 22830790ad7715479b7d4fbecc6c1e7f 2007.1/SRPMS/krb5-1.5.2-6.6mdv2007.1.src.rpm Mandriva Linux 2008.0: 3ee5a309927b830bf8559a872161384b 2008.0/i586/ftp-client-krb5-1.6.2-7.1mdv2008.0.i586.rpm 1835baa43ab27aac2493dc7821bafa8a 2008.0/i586/ftp-server-krb5-1.6.2-7.1mdv2008.0.i586.rpm 5e8369c201ac4678a7bc46590107e45f 2008.0/i586/krb5-1.6.2-7.1mdv2008.0.i586.rpm 94277e76faf2b75553c2e6250e428a43 2008.0/i586/krb5-server-1.6.2-7.1mdv2008.0.i586.rpm 695d5b85347b906401433fa55177be1a 2008.0/i586/krb5-workstation-1.6.2-7.1mdv2008.0.i586.rpm 4696cbae0ce644c265b74ff4ce59a865 2008.0/i586/libkrb53-1.6.2-7.1mdv2008.0.i586.rpm cc8122a1c6a3449fc41d3022bbdffeb2 2008.0/i586/libkrb53-devel-1.6.2-7.1mdv2008.0.i586.rpm d5e75835b35e81a3f7d038e501dabd1c 2008.0/i586/telnet-client-krb5-1.6.2-7.1mdv2008.0.i586.rpm 072b5ba782fbd1659ed8bde15bd11b5a 2008.0/i586/telnet-server-krb5-1.6.2-7.1mdv2008.0.i586.rpm cfd133fde8cc72b038ea61dc94405701 2008.0/SRPMS/krb5-1.6.2-7.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 7a8c1c390b1d1a0b2a8fe28e8fb6a458 2008.0/x86_64/ftp-client-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm 9b312bd49bd858d00d00ec299866a275 2008.0/x86_64/ftp-server-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm 19f7d0590227c4cc636ee5528db8027a 2008.0/x86_64/krb5-1.6.2-7.1mdv2008.0.x86_64.rpm 6a84bc19cb8e32f7331ce4c1ed36dc9d 2008.0/x86_64/krb5-server-1.6.2-7.1mdv2008.0.x86_64.rpm dabaf97b9b36316dc2b69e9edc953793 2008.0/x86_64/krb5-workstation-1.6.2-7.1mdv2008.0.x86_64.rpm 2810bbed78b7480ff48b021a798cb5a1 2008.0/x86_64/lib64krb53-1.6.2-7.1mdv2008.0.x86_64.rpm 734b018e6b05204767d07a7d53ef2c3c 2008.0/x86_64/lib64krb53-devel-1.6.2-7.1mdv2008.0.x86_64.rpm 787fb5ea70eff84b91eea5d68c1e956d 2008.0/x86_64/telnet-client-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm d6224c005bc7c818c117e3fc61643840 2008.0/x86_64/telnet-server-krb5-1.6.2-7.1mdv2008.0.x86_64.rpm cfd133fde8cc72b038ea61dc94405701 2008.0/SRPMS/krb5-1.6.2-7.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFH4WG/mqjQ0CJFipgRAom/AKDt3NL//QdT6Aw4zm4Ok/TlQjpNLQCeJ2qJ Hsy0RD3h2ilxoUTodKz7J5k= =y37y -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. I. II. III. Solution Install updates from your vendor Check with your vendors for patches or updates. For information about a vendor, please see the systems affected section in vulnerability notes VU#895609 and VU#374121 or contact your vendor directly. Administrators who compile MIT Kerberos from source should refer to MIT Security Advisory 2008-002 for more information. IV. References * US-CERT Vulnerability Note VU#895609 - <http://www.kb.cert.org/vuls/id/895609> * US-CERT Vulnerability Note VU#374121 - <http://www.kb.cert.org/vuls/id/374121> * MIT krb5 Security Advisory 2008-002 - <http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-002.txt2> _________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA08-079B.html> _________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA08-079B Feedback VU#895609" in the subject. _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. _________________________________________________________________ Produced 2008 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History March 19, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR+E+pPRFkHkM87XOAQK1jwf/ZDEomMLCZvsmN7KVXa0Il5PqXlfRvG2Y jdWPUCi92qmgvm8LdqoNgAUxnUGYzCHLQzw8ebmnz37AMigDNsYIzFHStgnoJDVi iK6UGC6gHLnGJFuG+otEC9jZaVeIiUbKddB2+vzvmDWLnvIsyxzmHf6lJe0IrZlH ho/cCgpfRctgZHM5Ke+pPPqMjZZ7u0OUQnM7MIcSsZbKxw8x2CyUpaSiheMDhf8p 8JGyx+nkyvZoja6Ee4WCRq3xtVaUlp/sg8IZYY5nav2VuSh15rJXLJCWDBXUU+oV aAXPa2JEx5Cn3S0CFz8SIJ4NoLUp09usVMFyeNd57FMBKRjTAC/DBw== =4wkz -----END PGP SIGNATURE----- . Background ========== MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. kadmind is the MIT Kerberos 5 administration daemon, KDC is the Key Distribution Center. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-crypt/mit-krb5 < 1.6.3-r1 >= 1.6.3-r1 Description =========== * Two vulnerabilities were found in the Kerberos 4 support in KDC: A global variable is not set for some incoming message types, leading to a NULL pointer dereference or a double free() (CVE-2008-0062) and unused portions of a buffer are not properly cleared when generating an error message, which results in stack content being contained in a reply (CVE-2008-0063). * Jeff Altman (Secure Endpoints) discovered a buffer overflow in the RPC library server code, used in the kadmin server, caused when too many file descriptors are opened (CVE-2008-0947). These bugs can only be triggered when Kerberos 4 support is enabled. This bug can only be triggered in configurations that allow large numbers of open file descriptors in a process. Workaround ========== Kerberos 4 support can be disabled via disabling the "krb4" USE flag and recompiling the ebuild, or setting "v4_mode=none" in the [kdcdefaults] section of /etc/krb5/kdc.conf. This will only work around the KDC related vulnerabilities. Resolution ========== All MIT Kerberos 5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.6.3-r1" References ========== [ 1 ] CVE-2007-5901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894 [ 2 ] CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 [ 3 ] CVE-2008-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062 [ 4 ] CVE-2008-0063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063 [ 5 ] CVE-2008-0947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-31.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Description A uninitialized vulnerability (CVE-2007-5894)in function reply() in ftpd.c. A dereferencing vulnerability(CVE-2007-5901) in gssapi lib in function gss_indicate_mechs(mi norStatus, mechSet) in g_initialize.c and a integer overflow vunerability(CVE-2007-5902) in rpc lib in function svcauth_gss_get_principal in svc_auth_gss.c. Impact Reading uninitialized variables can result in unpredictable behavior, crashes, or security holes. Dereferencing,integer overflow and double free may cause instability and potentially crash. References ========== [ 1 ] CVE-2007-5894 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894 [ 2 ] CVE-2007-5901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5901 [ 3 ] CVE-2007-5902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5902 [ 4 ] CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 [ 5 ] CVE-2007-5972 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5972 III.CREDIT: ---------- Venustech AD-LAB discovery this vuln. Thank to all Venustech AD-Lab guys. V.DISCLAIMS: ----------- The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Copyright 1996-2007 VENUSTECH. All Rights Reserved. Terms of use. VENUSTECH Security Lab VENUSTECH INFORMATION TECHNOLOGY CO.,LTD(http://www.venustech.com.cn) Security Trusted {Solution} Provider Service _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-924-1 April 07, 2010 krb5 vulnerabilities CVE-2007-5901, CVE-2007-5902, CVE-2007-5971, CVE-2007-5972, CVE-2010-0629 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: krb5-kdc 1.6.dfsg.3~beta1-2ubuntu1.4 libkrb53 1.6.dfsg.3~beta1-2ubuntu1.4 Ubuntu 8.10: krb5-kdc 1.6.dfsg.4~beta1-3ubuntu0.4 Ubuntu 9.04: krb5-kdc 1.6.dfsg.4~beta1-5ubuntu2.3 libkrb53 1.6.dfsg.4~beta1-5ubuntu2.3 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Sol Jerome discovered that the Kerberos kadmind service did not correctly free memory. (CVE-2010-0629) It was discovered that Kerberos did not correctly free memory in the GSSAPI library. (Ubuntu 8.10 was not affected.) (CVE-2007-5901, CVE-2007-5971) It was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. (Only Ubuntu 8.04 LTS was affected.) (CVE-2007-5902, CVE-2007-5972) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.3~beta1-2ubuntu1.4.diff.gz Size/MD5: 1747579 857bc90fe202aacef9aa7ec1915912b0 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.3~beta1-2ubuntu1.4.dsc Size/MD5: 1135 4cacf5667996472a34c29f5db3590a0a http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.3~beta1.orig.tar.gz Size/MD5: 14672599 7a36c3471aa31ffd01d5a020f9d82dff Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.6.dfsg.3~beta1-2ubuntu1.4_all.deb Size/MD5: 2121560 319ec346ce4f7acfcd3f535276b2e7e9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 140892 372ce44cc13bfcea71652553d16ab0f6 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 162164 6b37b079fa1b8fd1d512e8d5a268c6e3 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 1337522 23370d40c101659acb54bd203c263e3d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 89344 02a61de3df97772e9a46ce5f960d392d http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 497374 89e647e9beec851c340774d758f6d68c http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 88168 6f6c1a76b5fd3f579c26f5438fb04f69 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 230020 ff26ae7c13bedcd6335b36d335357f79 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 65660 6ad8023f8ec936b19046b04c95c948bc http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 186140 af7b0135284c9bffd16a6a03b2c36703 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 64960 abc799e9e887480fc993bdba504af466 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 91866 cfb606d8378283313f5009faa2dec564 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_amd64.deb Size/MD5: 73208 6ee86c16449e975666de4454ca001fb4 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 131262 a8beec1ae2763a39f4224e6457d79a68 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 146000 ea7aad15118b9e3df627d9e41f641c25 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 1289340 b3f36e7e2fb3fdba00a5af1153c4f407 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 89352 372324ef9477c4a6f3f9bc31ef297a57 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 460514 62959156fab7500c76d9f11ebae51d52 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 81706 fbbc1993212b37307d15fbac473a1568 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 201704 e920981af86ee031bcf12fdf0d58f044 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 60694 c1e8663d26f5090f64350e56967f1b4b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 173246 532692f310673efbd4329d0661811370 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 61726 78e20ba263aad29b73f92ce156ba12a7 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 84298 fe5eceddccc659692e8c95149da13dd9 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_i386.deb Size/MD5: 66892 efb07a08a44037d73c7e98525dcbab56 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 131436 e9a07a3d73999fe64e97ec4f15754f00 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 143896 0885dad9ce7cfb900e80f664256ce3c7 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 1318388 8c5fee9fe04a1d4d5cd50e31066c592d http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 89348 f12babd06a10b951388d6618288b081d http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 455898 ceb7713ec70fe69de2e9e675f34162eb http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 82168 603b21fbba3e4092e21e95f7fc79addb http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 200914 066a5fa912c9a64a2a4f4de12326ded2 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 60786 d11c67185932d0b746584e0406294a3e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 172640 2de487fc075709f917b2396a053d8bde http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 61574 394a1d2ee087fb9ed2d8bbdd6b54c1c2 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 84204 1c7cccecf78f77db4073669da9f82ef7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_lpia.deb Size/MD5: 67206 ce64e680e6c213afea88440bb1d944b6 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 158748 c5daffac1ce8e89ee9002325f63ed078 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 159344 9fb7e6c72d4e07e06e704b127582204a http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 1335326 2e5bf6c9daec4169d467583f70b2652f http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 89362 edd451d9c7efb36480bd396347d33b47 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 482430 c4f6f3ee75b56c4fb436e0a55f008097 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 95278 554caab935dc3d35ed2297dff4b9cd21 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 245012 0a16b0e350544021fd2a3a8879d1372f http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 68806 ea6d4ae9080e63be328418af216cf7fd http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 199412 9063aec6b15eab435032ac249f516a44 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 64060 a367b9c7a4afee60fe4b8e7e98eac1a4 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 100238 e253160984af0fd0f914b453bf604b1d http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_powerpc.deb Size/MD5: 75518 7bfda8e39e560cb747ad8b78ceee7fa8 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 134486 d031b1b700640b4e254e9ba9950c0a9c http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 142010 d0fd459614fb1e4bb411b5ff1220e6a9 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 1213582 cd49f178b2202d58d3eb471a3c791e49 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 89356 8e603c181d789500185720f8e35da971 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 428108 356af6cc775d8bafe2a028c43a33b89c http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 83266 e87d03878c6db3b236edbe0616e1c839 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 211652 121558486b173d309bccbe304b8ec550 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 64092 69c588ea021fc09582f299ec80ce5ebf http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 173032 01fd0f15a60c39f2180c0290b8b4f015 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 58806 e21d86723683a97d0f9812d820b39da7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 87886 eef2eaa5c992cd9849f865c5b88de7aa http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.3~beta1-2ubuntu1.4_sparc.deb Size/MD5: 69614 8f28b615e8a75bb0a6e04da3131c39bb Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1-3ubuntu0.4.diff.gz Size/MD5: 858566 abe6f3bf8714b16dd084cd583b5aa350 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1-3ubuntu0.4.dsc Size/MD5: 1671 e03526558ccf9a954c92a3e257e66351 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1.orig.tar.gz Size/MD5: 11647547 08d6ce311204803acbe878ef0bb23c71 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.6.dfsg.4~beta1-3ubuntu0.4_all.deb Size/MD5: 2148728 a0785e0f46d4268e3906483b821241bb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 146234 7c1e6b679b00982416953a085acb5f39 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 165978 0415c29a760df4dbf38e3b82e93aaf54 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 1474040 289fcb9189903998fe6adb217d111257 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 92554 db275139f0715242c7f339b0005f7f65 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 510612 ad1d674ce1ffc4f39dfc6d75d8c80282 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 92862 99ee34c7a17ce0cb980ba620cbc97e67 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 237266 eb87e828f93d628e7dab9de7a657566d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 68946 43644b68a2aa3219a07dcb85f7a45371 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 107696 5be51db685dc9d9536765a0771e52223 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 196660 e36a1e5bc9fd0b173bbd0fca05b79d0b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 67914 098fd941dbdb7c32ce12f983dbbd6ed9 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 94504 4bbe57034a98573f623870361380055d http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-3ubuntu0.4_amd64.deb Size/MD5: 76670 6759a5aad2f5ba13b5b0354dc025aa0c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 136816 71232407545e52025735e7e630496f84 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 150618 e413fd35cb127f765870211bc25a47ec http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 1413034 f1f3fb8a55ee8ba77c9b6aac5ad9aff4 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 92570 98ed6b6053fff58ac3a600f4b51b7cd0 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 472690 7cf30b9521b99808b48879295b579d07 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 86424 76aefeea8bbaecc66933de53158503fe http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 213602 a6d796c92390bc1b9ff794ae4204f974 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 63886 8a7affbe90bd3c31e1bb360f4f93ce90 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 102054 15234247c475c7ac05549b3e0ac04e8a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 183124 34b361091e4883adf77658c04f431edb http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 64676 72cd11a2060ebd4524dfb4345d6ac3b0 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 87766 bd091590f2ebf42a256b00c00ca08704 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-3ubuntu0.4_i386.deb Size/MD5: 70558 37b76c195ee928457ddb7f859ee19b80 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 136772 173deb07bb07502e6d16adc880d27209 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 148130 beebf3d09c4c0f5b605a1719d87d3f62 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 1443468 4236ad375d51fe23404e21b1979103cf http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 92538 c696e177873d8255183b7cc50576eb48 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 463248 680eff30a2fd36ab52900ad3b7d58192 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 86530 2d5c2d44148bcc30b1fc0862c26bbc88 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 206758 d08cdf41d7ee2bacd847639b5f5b8676 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 63948 c42df041a5ed4079b03fad6d1fd16a5d http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 101826 1bfed64995fab3d278fd7e382be0f207 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 182666 c40bbef2b97460a08eb18a64767c9f8f http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 64188 1421cd4073a447d334eea471a2dd548f http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 86954 b9b8f522b5881cc111124d368dcc0d6f http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-3ubuntu0.4_lpia.deb Size/MD5: 70346 f77d255277ff6ea8964c3992dded5118 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 157076 4501c9b76ba4cd09cce27ef2ce1a74ad http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 161396 9f6134a5f7e29859b46f41fa1f6c23a8 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 1472026 4f1e6fbc7c474bd9ddedce81c307e52f http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 92578 3b7a1d729048d6c66629e03a8230cb8b http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 492848 c791a13ad685af0293c3b8b0397adb25 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 96700 4980c34839066b9866eacb06fb385d23 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 245612 c4f47729971c422bdf47cbc86669999b http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 70360 4904070348252bd4bdd692d85af4249a http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 110768 2c18038848b99c2f90b87a0c8af7a2e5 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 202494 7c9671f7bdb178be8f1bbc8445ab00a9 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 66680 36a33a9765740aa2eab16419017562b0 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 98830 bfafb479fdc24c38cda9ab334c7c059e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-3ubuntu0.4_powerpc.deb Size/MD5: 77096 ffc6213bd7623df1b396d14a72d4e830 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 140360 97dcf304de4a27ebac536e0092b7fc1b http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 144848 64545260134ceba4c1fa36bbb5dbb3e7 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 1332818 cfbeb843bc41b29bc39c9f472cc6f388 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 92562 18978f9e7ff1ce581359bffaa3183cae http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 433500 135cfb8e8a08c6086ee81a2401f5caea http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 87970 205855c848f241acd5262a11ca7bbc7a http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 221618 1475ec81f68851111b85bb0bb0ab6fbf http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 67506 5742f0bd5b8775f8aa948f8fda02456b http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 100974 b9c4cb0e343eb63dbda925b29888186d http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 182710 be662df46e52c604f0ef9aee39287bd4 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 60936 d39a4e432ed22e23cc7342986b59cad2 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 91922 62f5f68fe447a9e1367457ba4ac1033e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-3ubuntu0.4_sparc.deb Size/MD5: 72734 e3a771cb836f6fc6b40402befbdfdf20 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1-5ubuntu2.3.diff.gz Size/MD5: 884759 6834e06b9b7420e013639e5f0177dde7 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1-5ubuntu2.3.dsc Size/MD5: 1671 2df8fc05d522a39465b516106eb1c720 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5_1.6.dfsg.4~beta1.orig.tar.gz Size/MD5: 11647547 08d6ce311204803acbe878ef0bb23c71 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-doc_1.6.dfsg.4~beta1-5ubuntu2.3_all.deb Size/MD5: 2149012 143718b601a3a99b8ebd05937ecaed25 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 146656 2d86ade2be3e079d940e8919217802e7 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 166316 faec7da08e9aa386f72e349c7408bf10 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 1479408 de4a5e28107e556683c959c1a0cfa819 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 93046 a88830b71b66d9071ecf9e43422c1d3e http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 512336 6623911d29c86d0da61a57ac3f5443fa http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 93766 c1fe58d664c3021eb0f3b39a21f292f6 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 237514 15434edb948a81df6827c54e7cfc493a http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 69208 f38a09c9ce73b663053b0c16e562d53e http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 108010 397c0979124621bde63b49d55df1951b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 198894 971764b78a61757018f675faaf8d13c2 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 68258 7abb3d320bbaac22e6d91c8ddf808ced http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 94832 c3b98b57230bdd7b7f6ebb83418b398f http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.3_amd64.deb Size/MD5: 76946 85b0519be431be8228d1b8930ca82032 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 137258 6722093f41aea33c126c60594e91aa89 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 150922 b01712adff6c2dd19bbb578691b55a82 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 1417102 87153ec02650a379e068d91412027243 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 93044 d29e99de8b3cd37a2f66411cb62f69e6 http://security.ubuntu.com/ubuntu/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 473744 d7f752135e4a924139b89e5873901aa1 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 87338 441b4cbdfcf76a714c81f88fc78d45f0 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 213942 12b948c395cf70a2fea94cc8fc195228 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 64306 bab53b895c90f98f7964e66768e8e020 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 102364 0892484a20867e24c567a57fa9bdabbe http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 185436 c7716a56e5e00c6b34c37d619c3e2fd3 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 65034 673f5afa510e0b6c9718ca2b0b1d8634 http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 88118 4d16b24b0c8de073394fcd16efbd471b http://security.ubuntu.com/ubuntu/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.3_i386.deb Size/MD5: 70886 7c57638b2967e79f0b35ed27baca2c5c lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 137092 88eac351aa4c04cabeb5004ba0488a89 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 148518 5c4bcb387e8ceae4642e955c9073b936 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 1448176 04dc34d8d656fdd5cabfd522a2862fcb http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 93040 696bfd471bba2b1f3cb7d5c0538068d0 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 464142 11481d506c939a4595c5d235768692e5 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 87422 41b6c7fb1aed7ddfd0732af69c393ee5 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 207106 86e5df0b876d7a0fc53ff75dffcced9e http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 64392 783c9e473eb37ca0368c9a52aa92d343 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 102218 548d6f447c103522fa6616dbea42e75a http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 184990 325f5322d631683068bc6ddc6af35940 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 64550 b6b3f9ad2c07f8f7597c484fc14315be http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 87292 bcdb18ceb438927ab77150be9c4176f9 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.3_lpia.deb Size/MD5: 70680 eb8483a9164d278a76774413d9660ddb powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 157362 3603a529157befb84af0edad2c3bb7dc http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 161722 7ba5b2cd8023ffb44230d435aad75f4c http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 1476674 1db714f8b53e25bdc2301cdfa99551bf http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 93054 82c6e84e63e5c5a561dfc55a5bbee018 http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 494652 9251f6d55d90fbf9bb28ee930cef7aed http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 97626 05a2eef51dafed34f8689bde6d025d51 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 245924 2e85a1edc5ea735861525a91a37bcca6 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 70818 aa62de270b7d513cd8bd5831c63e4d20 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 111146 d4464357b86e371914cc23251c2c1780 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 204756 dd5364842f6604199e2d7698334771ff http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 67072 5144031c10eebd19c85b9bed8186b5a7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 99180 54eca3303b1097ee902e2ef84f0220e7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.3_powerpc.deb Size/MD5: 77438 a18355513e1155b4dc997881878ce816 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 140558 5c0e1c57333b16f654ed94502e54d354 http://ports.ubuntu.com/pool/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 145012 bc16c76d7e202efb7f392185f9a34ecf http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 1337686 00ce5bdd2e53fd6059205375458ba917 http://ports.ubuntu.com/pool/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 93054 29490c704727e89faf1079f1b517606e http://ports.ubuntu.com/pool/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 434466 9047f19cc6730c592a0f9ac99abd31e4 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 88702 55bf696f05f0d9b72b630d35422ed905 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 221790 bf2fb8e80cf389bee1a7b9edbcacb3d0 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 67822 4c2219ff77a59d8bcc8c78fb07e5b0e7 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 101378 d7720e20362e7870e6d205a924b7e486 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 184808 7d8827058a213b3216c16cfe15d26bf1 http://ports.ubuntu.com/pool/universe/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 61274 1b5b021b7e019641010877555e99058d http://ports.ubuntu.com/pool/universe/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 92206 8baa9bba468967c26e6a2c87ffa8dfbb http://ports.ubuntu.com/pool/universe/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5ubuntu2.3_sparc.deb Size/MD5: 73024 607a1edca12d6130393158fc82b86b28

The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used. NOTE: the vendor disputes this issue, stating " The 'length' variable is only uninitialized if 'auth_type' is neither the 'KERBEROS_V4' nor 'GSSAPI'; this condition cannot occur in the unmodified source code. MIT Kerberos of kerberos 5 Exists in unspecified vulnerabilities.None. Kerberos的实现上存在多个内存破坏漏洞，远程攻击者可能利用这些漏洞导致服务程序崩溃. gssftp的ftpd是Kerberos加密的FTP服务器，可通过Kerberos 5认证。在ftpd.c的reply()函数中存在未初始化的指针： void reply(int n, char *fmt, ...) { ... (1) int length, kerror; ＜---- declared length without initializer if (n) sprintf(in, \"\\%d\\%c\", n, cont_char); else in[0] = \'\'＼0\'\'; strncat(in, buf, sizeof (in) - strlen(in) - 1); ＃ifdef KRB5_KRB4_COMPAT if (strcmp(auth_type, \"KERBEROS_V4\") == 0) { if (clevel == PROT_P) length = krb_mk_priv((unsigned char *)in, (unsigned char *)out, strlen(in), schedule, ＆kdata.session, ＆ctrl_addr, ＆his_addr); else length = krb_mk_safe((unsigned char *)in, (unsigned char *)out, strlen(in), ＆kdata.session, ＆ctrl_addr, ＆his_addr); if (length == -1) { syslog(LOG_ERR, \"krb_mk_\\%s failed for KERBEROS_V4\", clevel == PROT_P ? \"priv\" ： \"safe\"); fputs(in,stdout); } } else ＃endif /* KRB5_KRB4_COMPAT */ ＃ifdef GSSAPI /* reply (based on level) */ if (strcmp(auth_type, \"GSSAPI\") == 0) { gss_buffer_desc in_buf, out_buf; OM_uint32 maj_stat, min_stat; int conf_state; in_buf.value = in; in_buf.length = strlen(in); maj_stat = gss_seal(＆min_stat, gcontext, clevel == PROT_P, /* private */ GSS_C_QOP_DEFAULT, ＆in_buf, ＆conf_state, ＆out_buf); if (maj_stat != GSS_S_COMPLETE) { ＃if 0 /* Don\'\'t setup an infinite loop */ /* generally need to deal */ secure_gss_error(maj_stat, min_stat, (clevel==PROT_P)? \"gss_seal ENC didn\'\'t complete\"： \"gss_seal MIC didn\'\'t complete\"); ＃endif /* 0 */ } else if ((clevel == PROT_P) ＆＆ !conf_state) { ＃if 0 /* Don\'\'t setup an infinite loop */ secure_error(\"GSSAPI didn\'\'t encrypt message\"); ＃endif /* 0 */ } else { memcpy(out, out_buf.value, length=out_buf.length); gss_release_buffer(＆min_stat, ＆out_buf); } } ＃endif /* GSSAPI */ /* Othe. These issues include a use-after-free vulnerability, an integer-overflow vulnerability, and two double-free vulnerabilities. It adopts a client/server structure, and both the client and the server can authenticate each other (that is, double verification), which can prevent eavesdropping and replay attack, etc. MIT Kerberos 5 (also known as krb5) is a set of network authentication protocols developed by the Massachusetts Institute of Technology (MIT). ), which can prevent eavesdropping, prevent replay attacks, etc. gssftp's ftpd is a Kerberos-encrypted FTP server that can pass Kerberos 5 authentication. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: SUSE Update for Multiple Packages SECUNIA ADVISORY ID: SA28636 VERIFY ADVISORY: http://secunia.com/advisories/28636/ CRITICAL: Highly critical IMPACT: Security Bypass, DoS, System access WHERE: >From remote OPERATING SYSTEM: SUSE Linux 10.1 http://secunia.com/product/10796/ openSUSE 10.2 http://secunia.com/product/13375/ openSUSE 10.3 http://secunia.com/product/16124/ SuSE Linux Enterprise Server 8 http://secunia.com/product/1171/ SUSE Linux Enterprise Server 9 http://secunia.com/product/4118/ SUSE Linux Enterprise Server 10 http://secunia.com/product/12192/ SuSE Linux Openexchange Server 4.x http://secunia.com/product/2001/ SuSE Linux Standard Server 8 http://secunia.com/product/2526/ DESCRIPTION: SUSE has issued updates for multiple packages. For more information: SA27313 SA28076 SA28129 SA28228 SA28327 SA28358 SA28384 SA28444 SOLUTION: Updated packages are available via Yast Online Update or the SUSE FTP server. ORIGINAL ADVISORY: http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00005.html OTHER REFERENCES: SA27313: http://secunia.com/advisories/27313/ SA28076: http://secunia.com/advisories/28076/ SA28129: http://secunia.com/advisories/28129/ SA28228: http://secunia.com/advisories/28228/ SA28327: http://secunia.com/advisories/28327/ SA28358: http://secunia.com/advisories/28358/ SA28384: http://secunia.com/advisories/28384/ SA28444: http://secunia.com/advisories/28444/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: MIT Kerberos 5: Multiple vulnerabilities Date: March 24, 2008 Bugs: #199205, #212363 ID: 200803-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilites have been found in MIT Kerberos 5, which could allow a remote unauthenticated user to execute arbitrary code with root privileges. Background ========== MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. kadmind is the MIT Kerberos 5 administration daemon, KDC is the Key Distribution Center. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-crypt/mit-krb5 < 1.6.3-r1 >= 1.6.3-r1 Description =========== * Two vulnerabilities were found in the Kerberos 4 support in KDC: A global variable is not set for some incoming message types, leading to a NULL pointer dereference or a double free() (CVE-2008-0062) and unused portions of a buffer are not properly cleared when generating an error message, which results in stack content being contained in a reply (CVE-2008-0063). * Jeff Altman (Secure Endpoints) discovered a buffer overflow in the RPC library server code, used in the kadmin server, caused when too many file descriptors are opened (CVE-2008-0947). * Venustech AD-LAB discovered multiple vulnerabilities in the GSSAPI library: usage of a freed variable in the gss_indicate_mechs() function (CVE-2007-5901) and a double free() vulnerability in the gss_krb5int_make_seal_token_v3() function (CVE-2007-5971). Impact ====== The first two vulnerabilities can be exploited by a remote unauthenticated attacker to execute arbitrary code on the host running krb5kdc, compromise the Kerberos key database or cause a Denial of Service. These bugs can only be triggered when Kerberos 4 support is enabled. The RPC related vulnerability can be exploited by a remote unauthenticated attacker to crash kadmind, and theoretically execute arbitrary code with root privileges or cause database corruption. This bug can only be triggered in configurations that allow large numbers of open file descriptors in a process. The GSSAPI vulnerabilities could be exploited by a remote attacker to cause Denial of Service conditions or possibly execute arbitrary code. Workaround ========== Kerberos 4 support can be disabled via disabling the "krb4" USE flag and recompiling the ebuild, or setting "v4_mode=none" in the [kdcdefaults] section of /etc/krb5/kdc.conf. This will only work around the KDC related vulnerabilities. Resolution ========== All MIT Kerberos 5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.6.3-r1" References ========== [ 1 ] CVE-2007-5901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894 [ 2 ] CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 [ 3 ] CVE-2008-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062 [ 4 ] CVE-2008-0063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063 [ 5 ] CVE-2008-0947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-31.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Description A uninitialized vulnerability (CVE-2007-5894)in function reply() in ftpd.c. A dereferencing vulnerability(CVE-2007-5901) in gssapi lib in function gss_indicate_mechs(mi norStatus, mechSet) in g_initialize.c and a integer overflow vunerability(CVE-2007-5902) in rpc lib in function svcauth_gss_get_principal in svc_auth_gss.c. Impact Reading uninitialized variables can result in unpredictable behavior, crashes, or security holes. Dereferencing,integer overflow and double free may cause instability and potentially crash. References ========== [ 1 ] CVE-2007-5894 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894 [ 2 ] CVE-2007-5901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5901 [ 3 ] CVE-2007-5902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5902 [ 4 ] CVE-2007-5971 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971 [ 5 ] CVE-2007-5972 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5972 III.CREDIT: ---------- Venustech AD-LAB discovery this vuln. Thank to all Venustech AD-Lab guys. V.DISCLAIMS: ----------- The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Copyright 1996-2007 VENUSTECH. All Rights Reserved. Terms of use. VENUSTECH Security Lab VENUSTECH INFORMATION TECHNOLOGY CO.,LTD(http://www.venustech.com.cn) Security Trusted {Solution} Provider Service _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary. Exploiting this issue allows local, unprivileged users to crash affected kernels, denying further service to legitimate users. Apple Mac OS X 10.4 and 10.5.1 are vulnerable to this issue; other versions may also be affected. A local attacker can trigger this overflow to cause an infinite loop, and the system will become unresponsive. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. The vulnerability is caused due to an integer overflow error in the handling of Mach-O binaries and can be exploited to render the system unresponsive. Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: mu-b ORIGINAL ADVISORY: http://www.digit-labs.org/files/exploits/xnu-macho-dos.c ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag. NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries. SonicWALL Global VPN Client is prone to a remote format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application. Failed attempts may cause denial-of-service conditions. Versions prior to SonicWALL Global VPN Client 4.0.0.830 are affected. Local attackers may use this vulnerability to elevate their privileges. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. The vulnerability is caused due to a format-string error when processing a VPN configuration file. This can be exploited by e.g. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 3.1.0.556 and also reported in version 4.0.0.810. Other versions may also be affected. SOLUTION: The vendor has reportedly issued version 4.0.0.830, which fixes the vulnerability. PROVIDED AND/OR DISCOVERED BY: Discovered by lofi42 and reported via SEC Consult. ORIGINAL ADVISORY: SEC Consult (20071204-0): http://www.sec-consult.com/305.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112. An attacker can exploit this issue to crash affected computers, denying service to legitimate users. This issue affects Apple Mac OS X 10.5; other versions may also be affected. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. The vulnerability is caused due to an error within vpnd when handling connections and can be exploited to stop the VPN daemon by sending a specially crafted packet to the service. Other versions may also be affected. SOLUTION: Restrict network access to the VPN daemon to trusted clients. PROVIDED AND/OR DISCOVERED BY: mu-b ORIGINAL ADVISORY: http://milw0rm.com/exploits/4690 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA30802 VERIFY ADVISORY: http://secunia.com/advisories/30802/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities and a weakness. 1) An unspecified error in the Alias Manager when handling AFP volume mount information in an alias data structure can be exploited to cause a memory corruption and potentially execute arbitrary code. 2) A weakness is caused due to users not being warned before opening certain potentially unsafe content types, e.g. .xht and .xhtm files. 3) A format string error in c++filt can be exploited to exploited to execute arbitrary code when a specially crafted string is passed to the application. 4) An vulnerability in Dock can be exploited by malicious people with physical access to a system to bypass the screen lock when Expos\xe9 hot corners are set. 5) A race condition error exists in Launch Services in the download validation of symbolic links. This can be exploited to execute arbitrary code when a user visits a malicious web site. Successful exploitation requires that the "Open 'safe' files" option is enabled in Safari. 6) A vulnerability in Net-SNMP can be exploited by malicious people to spoof authenticated SNMPv3 packets. For more information: SA30574 7) Some vulnerabilities in Ruby can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. 8) A vulnerability in SMB File Server can be exploited by malicious people to compromise a vulnerable system. For more information: SA30228 9) It is possible to store malicious files within the User Template directory. This can be exploited to execute arbitrary code with permissions of a new user when his home directory is created using the User Template directory. 10) Some vulnerabilities in Tomcat can be exploited by malicious users to disclose sensitive information and by malicious people to disclose sensitive information or to conduct cross-site scripting attacks. For more information: SA25678 SA26466 SA27398 SA28878 11) A vulnerability in WebKit can be exploited by malicious people to compromise a user's system. or apply Security Update 2008-004. Security Update 2008-004 (PPC): http://www.apple.com/support/downloads/securityupdate2008004ppc.html Security Update 2008-004 (Intel): http://www.apple.com/support/downloads/securityupdate2008004intel.html Security Update 2008-004 Server (PPC): http://www.apple.com/support/downloads/securityupdate2008004serverppc.html Security Update 2008-004 Server (Intel): http://www.apple.com/support/downloads/securityupdate2008004serverintel.html Mac OS X 10.5.4 Combo Update: http://www.apple.com/support/downloads/macosx1054comboupdate.html Mac OS X 10.5.4 Update: http://www.apple.com/support/downloads/macosx1054update.html Mac OS X Server 10.5.4: http://www.apple.com/support/downloads/macosxserver1054.html Mac OS X Server Combo 10.5.4: http://www.apple.com/support/downloads/macosxservercombo1054.html PROVIDED AND/OR DISCOVERED BY: The vendor credits: 2) Brian Mastenbrook 4) Andrew Cassell, Marine Spill Response Corporation 8) Alin Rad Pop, Secunia Research 9) Andrew Mortensen, University of Michigan 11) James Urquhart ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT2163 OTHER REFERENCES: SA25678: http://secunia.com/advisories/25678/ SA26466: http://secunia.com/advisories/26466/ SA27398: http://secunia.com/advisories/27398/ SA28878: http://secunia.com/advisories/28878/ SA29232: http://secunia.com/advisories/29232/ SA29794: http://secunia.com/advisories/29794/ SA30228: http://secunia.com/advisories/30228/ SA30574: http://secunia.com/advisories/30574/ SA30775: http://secunia.com/advisories/30775/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------