Sign-up

VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-200704-0018 CVE-2007-2034 Cisco WCS Vulnerabilities in managing applications and networks CVSS V2: 9.0
CVSS V3: -
Severity: HIGH
Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.87.0 allows remote authenticated users to gain the privileges of the SuperUsers group, and manage the application and its networks, related to the group membership of user accounts, aka Bug ID CSCsg05190. Cisco Wireless Control System is prone to multiple vulnerabilities, including an unauthorized-access issue, a privilege-escalation issue, and an information-disclosure issue. An attacker can exploit these issues to obtain sensitive information, gain unauthorized access, and elevate privileges, which will compromise affected devices and aid in further attacks. Versions prior to 4.0.96.0 are vulnerable. These issues are being tracked by Cisco Bug IDs: CSCse93014 CSCse78596 CSCsg05190 CSCsg04301. Cisco Wireless Control System (WCS) provides wireless LAN planning and design, system configuration, location tracking, security monitoring and wireless LAN management tools. For example, a user in the LobbyAmbassador group can be added to the SuperUsers group. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: Cisco Wireless Control System Vulnerability and Security Issues SECUNIA ADVISORY ID: SA24865 VERIFY ADVISORY: http://secunia.com/advisories/24865/ CRITICAL: Moderately critical IMPACT: Security Bypass, Exposure of system information, Exposure of sensitive information, Privilege escalation, System access WHERE: >From remote SOFTWARE: Cisco Wireless Control System (WCS) http://secunia.com/product/6332/ DESCRIPTION: A vulnerability and two security issues have been reported in Cisco Wireless Control System (WCS), which can be exploited by malicious users to gain escalated privileges, and by malicious people to disclose sensitive information, bypass certain security restrictions, or potentially compromise a vulnerable system. 1) WCS includes a fixed username and password for backup operations via FTP. This can be exploited to read from and write to arbitrary files on affected systems. Successful exploitation potentially allows the server to be compromised, but requires knowledge of other properties of the FTP server. The security issue has been reported in WCS prior to version 4.0.96.0. 2) An unspecified error exists in the authentication system, which can be exploited by an authenticated user to change his account group membership. Successful exploitation can allow full administrative control of WCS, but requires a valid username and password. The vulnerability is reported in WCS prior to version 4.0.87.0. 3) Certain directories in WCS are not password protected. This can be exploited to disclose certain system information, e.g. organization of the network including access point locations. The security issue is reported in WCS prior to version 4.0.66.0. SOLUTION: Update to version 4.0.96.0 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200704-0017 CVE-2007-2033 Cisco WCS Vulnerability in reading configuration page CVSS V2: 6.5
CVSS V3: -
Severity: MEDIUM
Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.81.0 allows remote authenticated users to read any configuration page by changing the group membership of user accounts, aka Bug ID CSCse78596. Cisco Wireless Control System is prone to multiple vulnerabilities, including an unauthorized-access issue, a privilege-escalation issue, and an information-disclosure issue. An attacker can exploit these issues to obtain sensitive information, gain unauthorized access, and elevate privileges, which will compromise affected devices and aid in further attacks. Versions prior to 4.0.96.0 are vulnerable. These issues are being tracked by Cisco Bug IDs: CSCse93014 CSCse78596 CSCsg05190 CSCsg04301. Cisco Wireless Control System (WCS) provides wireless LAN planning and design, system configuration, location tracking, security monitoring and wireless LAN management tools. For example, a user in the LobbyAmbassador group can be added to the SuperUsers group. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: Cisco Wireless Control System Vulnerability and Security Issues SECUNIA ADVISORY ID: SA24865 VERIFY ADVISORY: http://secunia.com/advisories/24865/ CRITICAL: Moderately critical IMPACT: Security Bypass, Exposure of system information, Exposure of sensitive information, Privilege escalation, System access WHERE: >From remote SOFTWARE: Cisco Wireless Control System (WCS) http://secunia.com/product/6332/ DESCRIPTION: A vulnerability and two security issues have been reported in Cisco Wireless Control System (WCS), which can be exploited by malicious users to gain escalated privileges, and by malicious people to disclose sensitive information, bypass certain security restrictions, or potentially compromise a vulnerable system. 1) WCS includes a fixed username and password for backup operations via FTP. This can be exploited to read from and write to arbitrary files on affected systems. Successful exploitation potentially allows the server to be compromised, but requires knowledge of other properties of the FTP server. The security issue has been reported in WCS prior to version 4.0.96.0. Successful exploitation can allow full administrative control of WCS, but requires a valid username and password. The vulnerability is reported in WCS prior to version 4.0.87.0. 3) Certain directories in WCS are not password protected. This can be exploited to disclose certain system information, e.g. organization of the network including access point locations. The security issue is reported in WCS prior to version 4.0.66.0. SOLUTION: Update to version 4.0.96.0 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200704-0695 No CVE Miniwebsvr Server Directory Traversal Vulnerability CVSS V2: -
CVSS V3: -
Severity: -
Miniwebsvr is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks. Note that the attacker can traverse to only one directory above the current working directory of the webserver application. Miniwebsvr 0.0.7 is vulnerable to this issue; other versions may also be affected. UPDATE (March 4, 2008): Miniwebsvr 0.0.9a is also reported vulnerable.
VAR-200704-0182 CVE-2007-1995 Quagga BGPD UPDATE Message Remote Denial Of Service Vulnerability CVSS V2: 6.3
CVSS V3: -
Severity: MEDIUM
bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) via crafted UPDATE messages that trigger an assertion error or out of bounds read. (DoS) There is a vulnerability that becomes a condition.Crafted by a third party UPDATE Service disruption by sending a message (DoS) It may be in a state. Quagga is prone to a remote denial-of-service vulnerability because it fails to handle a malformed multi-protocol message. A remote attacker can exploit this issue by submitting a maliciously crafted message to the application. Successful exploits will cause the Quagga 'bgpd' daemon to abort, denying further service to legitimate users. Quagga 0.99.6 and prior versions (0.99 branch) as well as 0.98.6 and prior versions (0.98 branch) are vulnerable. =========================================================== Ubuntu Security Notice USN-461-1 May 17, 2007 quagga vulnerability CVE-2007-1995 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: quagga 0.99.2-1ubuntu3.1 Ubuntu 6.10: quagga 0.99.4-4ubuntu1.1 Ubuntu 7.04: quagga 0.99.6-2ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Quagga did not correctly verify length information sent from configured peers. Remote malicious peers could send a specially crafted UPDATE message which would cause bgpd to abort, leading to a denial of service. Updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1995 _______________________________________________________________________ Updated Packages: Corporate 4.0: becaf6ded7283c9c6021b225cdf4610a corporate/4.0/i586/libquagga0-0.99.3-1.1.20060mlcs4.i586.rpm 71834dab731b65e7a35a9fdd9732a889 corporate/4.0/i586/libquagga0-devel-0.99.3-1.1.20060mlcs4.i586.rpm cfbeb9e74071ffac712e5162f2613ac9 corporate/4.0/i586/quagga-0.99.3-1.1.20060mlcs4.i586.rpm 7cde7b9c156b90b8dcc960bfc1e32cbe corporate/4.0/i586/quagga-contrib-0.99.3-1.1.20060mlcs4.i586.rpm 725cf792adafc90d58a34178e4066771 corporate/4.0/SRPMS/quagga-0.99.3-1.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 92d1d28d06eb4eaff483882a41a5d31b corporate/4.0/x86_64/lib64quagga0-0.99.3-1.1.20060mlcs4.x86_64.rpm ccfa5e5665423f19b0c36ff13db53164 corporate/4.0/x86_64/lib64quagga0-devel-0.99.3-1.1.20060mlcs4.x86_64.rpm a9af90e11e1b9f0485718d4762b1f8fd corporate/4.0/x86_64/quagga-0.99.3-1.1.20060mlcs4.x86_64.rpm 596581e4051d2e02ae2b476e3aa83f74 corporate/4.0/x86_64/quagga-contrib-0.99.3-1.1.20060mlcs4.x86_64.rpm 725cf792adafc90d58a34178e4066771 corporate/4.0/SRPMS/quagga-0.99.3-1.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGONI7mqjQ0CJFipgRAhmXAKCr1iOp0SaSv1WdD2EsWJjqR3ZF4ACfZ2FP 56VBScMSKds3eiA29koFg5w= =IS+w -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Quagga: Denial of Service Date: May 02, 2007 Bugs: #174206 ID: 200705-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in Quagga allowing for a Denial of Service. Background ========== Quagga is a free routing daemon, supporting RIP, OSPF and BGP protocols. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/quagga < 0.98.6-r2 >= 0.98.6-r2 Description =========== The Quagga development team reported a vulnerability in the BGP routing deamon when processing NLRI attributes inside UPDATE messages. Impact ====== A malicious peer inside a BGP area could send a specially crafted packet to a Quagga instance, possibly resulting in a crash of the Quagga daemon. Workaround ========== There is no known workaround at this time. Resolution ========== All Quagga users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-0.98.6-r2" References ========== [ 1 ] CVE-2007-1995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1995 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1293-1 security@debian.org http://www.debian.org/security/ Martin Schulze May 17th, 2007 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : quagga Vulnerability : out of boundary read Problem type : remote Debian-specific: no CVE ID : CVE-2007-1995 BugTraq ID : 23417 Debian Bug : 418323 Paul Jakma discovered that specially crafted UPDATE messages can trigger an out of boundary read that can result in a system crash of quagga, the BGP/OSPF/RIP routing daemon. For the old stable distribution (sarge) this problem has been fixed in version 0.98.3-7.4. For the stable distribution (etch) this problem has been fixed in version 0.99.5-5etch2. For the unstable distribution (sid) this problem has been fixed in version 0.99.6-5. We recommend that you upgrade your quagga package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4.dsc Size/MD5 checksum: 1017 668014e3d7bde772eac63fc2809538c8 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4.diff.gz Size/MD5 checksum: 45503 ce79e6a7a23c57551af673936957b520 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz Size/MD5 checksum: 2118348 68be5e911e4d604c0f5959338263356e Architecture independent components: http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.4_all.deb Size/MD5 checksum: 488726 9176bb6c2d44c83c6b0235fe2d787c24 Alpha architecture: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_alpha.deb Size/MD5 checksum: 1613754 754e865cef5379625e6ac77fc03a1175 AMD64 architecture: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_amd64.deb Size/MD5 checksum: 1413316 5aa1b7a4d2a9a262d89e6ff050b61140 ARM architecture: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_arm.deb Size/MD5 checksum: 1290700 071171571b6afb1937cfe6d535a571dc HP Precision architecture: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_hppa.deb Size/MD5 checksum: 1447856 c4137c1ad75efb58c080a96aa9c0699e Intel IA-32 architecture: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_i386.deb Size/MD5 checksum: 1193528 52640ebe894244e34b98b43150028c01 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_ia64.deb Size/MD5 checksum: 1829130 27191432085ad6ebff2160874aa06826 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_m68k.deb Size/MD5 checksum: 1160000 c2f78f24982732c9804de4297c4c2672 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_mips.deb Size/MD5 checksum: 1353040 6ceb137f2908165b4d1420f56b8be65b Little endian MIPS architecture: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_mipsel.deb Size/MD5 checksum: 1355964 a1685523eede48afe70b1861a6b38038 PowerPC architecture: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_powerpc.deb Size/MD5 checksum: 1317034 2d80694cf741a3ed85617dbf4e7b4776 IBM S/390 architecture: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_s390.deb Size/MD5 checksum: 1401630 458f1f892e6ed57677971334589ecc45 Sun Sparc architecture: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_sparc.deb Size/MD5 checksum: 1287812 e92233bfc759de15910da4241e27ebd1 Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2.dsc Size/MD5 checksum: 762 667f0d6ae4984aa499d912b12d9146b9 http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2.diff.gz Size/MD5 checksum: 33122 ac7da5cf6b143338aef2b8c6da3b2b3a http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5.orig.tar.gz Size/MD5 checksum: 2311140 3f9c71aca6faa22a889e2f84ecfd0076 Architecture independent components: http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.5-5etch2_all.deb Size/MD5 checksum: 719938 01bcc6c571f620c957e1ea2b5cacf9f6 Alpha architecture: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_alpha.deb Size/MD5 checksum: 1681634 1f05ece668256dce58fe303801eb80b9 AMD64 architecture: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_amd64.deb Size/MD5 checksum: 1415656 6e88dd4c6f56eba87c752369590cf486 ARM architecture: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_arm.deb Size/MD5 checksum: 1347388 c33f7ed4aed2e8f846975ace01cee97c HP Precision architecture: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_hppa.deb Size/MD5 checksum: 1531224 22ce4a12ec77dae40ab0d064a7caeb9b Intel IA-32 architecture: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_i386.deb Size/MD5 checksum: 1246878 d358565ab725d69a366115ff6ef277c3 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_ia64.deb Size/MD5 checksum: 1955390 9327ea2cf8778b8cca45d1ccea8092f7 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_mips.deb Size/MD5 checksum: 1455582 a415e82fd838b9ce0f5badcdf4278770 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_mipsel.deb Size/MD5 checksum: 1460546 af16aa91c13c54fa84769e3e30d521f0 PowerPC architecture: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_powerpc.deb Size/MD5 checksum: 1379422 e7f92220a37daac49ddb3b0da124b9f7 IBM S/390 architecture: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_s390.deb Size/MD5 checksum: 1482556 87509f6d9afef8940e0b35055f590ed8 Sun Sparc architecture: http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_sparc.deb Size/MD5 checksum: 1347908 db02aaf16c68dfac81a509b8145ca001 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGTA8+W5ql+IAeqTIRApJFAJ0Zzdee8GfPVGWPY4woGKs4K1av8ACdH6xD EQiEXt1eQaZqI//EEe6eEcI= =NJHp -----END PGP SIGNATURE----- . References: [0] http://www.quagga.net/ [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1995 ____________________________________________________________________________ Primary Package Name: quagga Primary Package Home: http://openpkg.org/go/package/quagga Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Enterprise E1.0-SOLID quagga-0.99.5-E1.0.1 OpenPKG Community CURRENT quagga-0.99.7-20070430 ____________________________________________________________________________ For security reasons, this document was digitally signed with the OpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34) which you can download from http://openpkg.com/openpkg.com.pgp or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/. Follow the instructions at http://openpkg.com/security/signatures/ for more details on how to verify the integrity of this document
VAR-200704-0234 CVE-2007-1279 Adobe Bridge of OS X for Vulnerability gained in the update installer CVSS V2: 7.2
CVSS V3: -
Severity: HIGH
Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 update for Apple OS X, when patching with desktop management tools, allows local users to gain privileges via unspecified vectors during installation of the update by a different user who has administrative privileges. Adobe Bridge Update Installer is prone to a local privilege-escalation vulnerability. Exploiting this issue allows local attackers to gain elevated privileges, potentially leading to a complete compromise of affected computers. This issue affects the Bridge 1.0.3 update on the Mac OS. Adobe Bridge is a file browser that allows users to browse, organize and manipulate design assets between different components of Adobe Creative Suite. This vulnerability cannot be exploited remotely and requires local login privileges. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. Apple Remote Desktop). No further information is available. SOLUTION: Use the updated installer or update to version 1.0.4. http://www.adobe.com/support/downloads/detail.jsp?ftpID=3125 http://www.adobe.com/support/downloads/detail.jsp?ftpID=3395 PROVIDED AND/OR DISCOVERED BY: The vendor credits Jerry Case, Indiana University. ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/bulletins/apsb07-09.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200704-0737 CVE-2007-1351 X.Org LibXFont Multiple integer overflow vulnerabilities CVSS V2: 8.5
CVSS V3: -
Severity: HIGH
Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. FreeType is prone to a local integer-overflow vulnerability because it fails to adequately bounds-check user-supplied input. An attacker can exploit this vulnerability to execute arbitrary code with superuser privileges. Failed exploit attempts will likely cause denial-of-service conditions. This BID has been retired because it is a duplicate of BID 23283. X.Org is an official reference implementation of the X Window System operated by the X.Org Foundation. It is an open source free software. If the specially-made font information specifies more than 1,073,741,824 (2 to the 30th power) unit number in the first line, it may trigger a heap overflow. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: LibXfont, TightVNC: Multiple vulnerabilities Date: May 08, 2007 Bugs: #172575, #174200 ID: 200705-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in libXfont and TightVNC, allowing for the execution of arbitrary code with root privileges. Background ========== LibXfont is the X.Org font library. TightVNC is a VNC client/server for X displays. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/tightvnc < 1.2.9-r4 >= 1.2.9-r4 2 x11-libs/libXfont < 1.2.7-r1 >= 1.2.7-r1 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description =========== The libXfont code is prone to several integer overflows, in functions ProcXCMiscGetXIDList(), bdfReadCharacters() and FontFileInitTable(). TightVNC contains a local copy of this code and is also affected. Impact ====== A local attacker could use a specially crafted BDF Font to gain root privileges on the vulnerable host. Resolution ========== All libXfont users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.2.7-r1" All TightVNC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/tightvnc-1.2.9-r4" References ========== [ 1 ] CVE-2007-1003 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1003 [ 2 ] CVE-2007-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351 [ 3 ] CVE-2007-1352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-10.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. (CVE-2007-1667) Updated packages are patched to address these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1003 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: d96dcc000a74b02fbff0c3c0a5710767 2007.0/i586/libx11-common-1.0.3-2.2mdv2007.0.i586.rpm 0fbae1a4ac97941ea0f5e95e99fdf568 2007.0/i586/libx11_6-1.0.3-2.2mdv2007.0.i586.rpm 598252d23e15315d7213b09b1e3050ef 2007.0/i586/libx11_6-devel-1.0.3-2.2mdv2007.0.i586.rpm 1ffdc1a629ebded0e48cfc1ead8838b5 2007.0/i586/libx11_6-static-devel-1.0.3-2.2mdv2007.0.i586.rpm a3b70e66b722738df4d50295dd1a2604 2007.0/i586/libxfont1-1.1.0-4.2mdv2007.0.i586.rpm 14a727bef0655ad3385305230c16b6df 2007.0/i586/libxfont1-devel-1.1.0-4.2mdv2007.0.i586.rpm 46a3a943ba47a91cae462289425f1777 2007.0/i586/libxfont1-static-devel-1.1.0-4.2mdv2007.0.i586.rpm 71733a31bfce2d014975e7be5151fe87 2007.0/i586/x11-server-1.1.1-11.3mdv2007.0.i586.rpm b9650f724bcc27c9b02e4591b79a8170 2007.0/i586/x11-server-common-1.1.1-11.3mdv2007.0.i586.rpm 96291cb67e5effea3226d228934ca668 2007.0/i586/x11-server-devel-1.1.1-11.3mdv2007.0.i586.rpm ada36533a54b6abb8d9e05edcbe85a9b 2007.0/i586/x11-server-xati-1.1.1-11.3mdv2007.0.i586.rpm 65b27efd9b19e654917dc507a9fcc85b 2007.0/i586/x11-server-xchips-1.1.1-11.3mdv2007.0.i586.rpm 08be63fced01787c67111c49a37a217b 2007.0/i586/x11-server-xdmx-1.1.1-11.3mdv2007.0.i586.rpm b3808f59c82737c0a920f120e2821fda 2007.0/i586/x11-server-xephyr-1.1.1-11.3mdv2007.0.i586.rpm d11c6a18afe3aed8f1a51bf765bbdf68 2007.0/i586/x11-server-xepson-1.1.1-11.3mdv2007.0.i586.rpm 87e8f828f97229acd5ad881894cd1e13 2007.0/i586/x11-server-xfake-1.1.1-11.3mdv2007.0.i586.rpm f6ffd1174cbf64279a2feb6924f66e42 2007.0/i586/x11-server-xfbdev-1.1.1-11.3mdv2007.0.i586.rpm ab872f9c530a3fcc8397b111dfb43b44 2007.0/i586/x11-server-xgl-0.0.1-0.20060714.10.1mdv2007.0.i586.rpm fcc1678a7855a9bd889f819a29df978e 2007.0/i586/x11-server-xi810-1.1.1-11.3mdv2007.0.i586.rpm 3cf1b4fc5536ed5b54e8aad5b268ff2e 2007.0/i586/x11-server-xmach64-1.1.1-11.3mdv2007.0.i586.rpm 4ca148ffa7d5b363fd8fedfeef1cee71 2007.0/i586/x11-server-xmga-1.1.1-11.3mdv2007.0.i586.rpm dbf20841fd17021879081b4a6c869f3e 2007.0/i586/x11-server-xneomagic-1.1.1-11.3mdv2007.0.i586.rpm afd9701501cbe1b55cd5936456b04fc8 2007.0/i586/x11-server-xnest-1.1.1-11.3mdv2007.0.i586.rpm e91bf46f57be620a10bbbeff792df61b 2007.0/i586/x11-server-xnvidia-1.1.1-11.3mdv2007.0.i586.rpm a471731278537202b3c82792ad4e3368 2007.0/i586/x11-server-xorg-1.1.1-11.3mdv2007.0.i586.rpm 61661f612a200395a9d8a16923876ac8 2007.0/i586/x11-server-xpm2-1.1.1-11.3mdv2007.0.i586.rpm c85b6311efa2b1719ab77e5eb7231160 2007.0/i586/x11-server-xprt-1.1.1-11.3mdv2007.0.i586.rpm 08e47b2ae0c09d5d117e583941535a06 2007.0/i586/x11-server-xr128-1.1.1-11.3mdv2007.0.i586.rpm 1aa8aa6927148ac3d64dc047709f5abf 2007.0/i586/x11-server-xsdl-1.1.1-11.3mdv2007.0.i586.rpm 674a1a4c2fb68d234153033efae15394 2007.0/i586/x11-server-xsmi-1.1.1-11.3mdv2007.0.i586.rpm 77e6c7649a00f81d7538593b99d0678a 2007.0/i586/x11-server-xvesa-1.1.1-11.3mdv2007.0.i586.rpm bd6c55d0ad9e770d5680ae9dbd687a02 2007.0/i586/x11-server-xvfb-1.1.1-11.3mdv2007.0.i586.rpm 9867b8ebc08673dc8cf55a888bc0b22d 2007.0/i586/x11-server-xvia-1.1.1-11.3mdv2007.0.i586.rpm 44e16d3504f636eec6f4d51a5b506d39 2007.0/SRPMS/libx11-1.0.3-2.2mdv2007.0.src.rpm c552e38dc91ffef35ca44c4b5b09d22d 2007.0/SRPMS/libxfont-1.1.0-4.2mdv2007.0.src.rpm 678c7993955955fe45eb7c3a3d8c51c1 2007.0/SRPMS/x11-server-1.1.1-11.3mdv2007.0.src.rpm 18a0b058a4b1d5150139dea9a733e024 2007.0/SRPMS/x11-server-xgl-0.0.1-0.20060714.10.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 19a970386a276dd606b11400cd672c68 2007.0/x86_64/lib64x11_6-1.0.3-2.2mdv2007.0.x86_64.rpm 694178b488cfb01096ade83be1aa0d4c 2007.0/x86_64/lib64x11_6-devel-1.0.3-2.2mdv2007.0.x86_64.rpm 9e666c058971ae71a1644115c2dbc851 2007.0/x86_64/lib64x11_6-static-devel-1.0.3-2.2mdv2007.0.x86_64.rpm ae890ea6d025a00b8d1397fb2a8bee2c 2007.0/x86_64/lib64xfont1-1.1.0-4.2mdv2007.0.x86_64.rpm ae510dc95b877ce304c382da30ee6680 2007.0/x86_64/lib64xfont1-devel-1.1.0-4.2mdv2007.0.x86_64.rpm f4a67a4311146a73ea1ac5d2a094f511 2007.0/x86_64/lib64xfont1-static-devel-1.1.0-4.2mdv2007.0.x86_64.rpm b4186951ec846155eef67caf20a713d0 2007.0/x86_64/libx11-common-1.0.3-2.2mdv2007.0.x86_64.rpm 8e4dc66ec5d759761f8d36dd28194499 2007.0/x86_64/x11-server-1.1.1-11.3mdv2007.0.x86_64.rpm 932015ff2760dd9d155a3d62255fe9d8 2007.0/x86_64/x11-server-common-1.1.1-11.3mdv2007.0.x86_64.rpm 89a0a8d5751a07d2533ba5f6afb39584 2007.0/x86_64/x11-server-devel-1.1.1-11.3mdv2007.0.x86_64.rpm 72fc80b4c4ecbc09a6553375dfb45598 2007.0/x86_64/x11-server-xdmx-1.1.1-11.3mdv2007.0.x86_64.rpm 4020ee2d1bb311b944b7cee828a9591b 2007.0/x86_64/x11-server-xephyr-1.1.1-11.3mdv2007.0.x86_64.rpm ceb7ed60ceabf6beab04fb4f7d5a6b9f 2007.0/x86_64/x11-server-xfake-1.1.1-11.3mdv2007.0.x86_64.rpm 2e283d8183630848bd4bf3c36ec78da2 2007.0/x86_64/x11-server-xfbdev-1.1.1-11.3mdv2007.0.x86_64.rpm 41b186290408566c3af16ad56bff4583 2007.0/x86_64/x11-server-xgl-0.0.1-0.20060714.10.1mdv2007.0.x86_64.rpm f03f5f7b95ee81d36558cc286dbc09cf 2007.0/x86_64/x11-server-xnest-1.1.1-11.3mdv2007.0.x86_64.rpm ded05b44c119989703ec335ef8d7ba77 2007.0/x86_64/x11-server-xorg-1.1.1-11.3mdv2007.0.x86_64.rpm 58a552e341f4ccf59906f9ff32f1e96b 2007.0/x86_64/x11-server-xprt-1.1.1-11.3mdv2007.0.x86_64.rpm 908d1a089250581475bf63d3bd615209 2007.0/x86_64/x11-server-xsdl-1.1.1-11.3mdv2007.0.x86_64.rpm f1b54633237b6f56857f9022f9621b3a 2007.0/x86_64/x11-server-xvfb-1.1.1-11.3mdv2007.0.x86_64.rpm 44e16d3504f636eec6f4d51a5b506d39 2007.0/SRPMS/libx11-1.0.3-2.2mdv2007.0.src.rpm c552e38dc91ffef35ca44c4b5b09d22d 2007.0/SRPMS/libxfont-1.1.0-4.2mdv2007.0.src.rpm 678c7993955955fe45eb7c3a3d8c51c1 2007.0/SRPMS/x11-server-1.1.1-11.3mdv2007.0.src.rpm 18a0b058a4b1d5150139dea9a733e024 2007.0/SRPMS/x11-server-xgl-0.0.1-0.20060714.10.1mdv2007.0.src.rpm Corporate 3.0: 918c04c922a1613680cbbe9487e96c1f corporate/3.0/i586/X11R6-contrib-4.3-32.13.C30mdk.i586.rpm 89f73d5c80e4c5ff474b115d825b5c09 corporate/3.0/i586/XFree86-100dpi-fonts-4.3-32.13.C30mdk.i586.rpm 4a350003e29da90f9e20cfc490630e44 corporate/3.0/i586/XFree86-4.3-32.13.C30mdk.i586.rpm c1337f1ed5267d530dbf665f50619145 corporate/3.0/i586/XFree86-75dpi-fonts-4.3-32.13.C30mdk.i586.rpm 38c323d2e089e7f1cac411c6156a5025 corporate/3.0/i586/XFree86-Xnest-4.3-32.13.C30mdk.i586.rpm 9b18d33108c7d5aafb3e2d689045e91a corporate/3.0/i586/XFree86-Xvfb-4.3-32.13.C30mdk.i586.rpm 7fc5ac98bb77dc5ed11b52a17ca1ab18 corporate/3.0/i586/XFree86-cyrillic-fonts-4.3-32.13.C30mdk.i586.rpm be5ab8321d77e24e57553c9e537082e6 corporate/3.0/i586/XFree86-doc-4.3-32.13.C30mdk.i586.rpm 19353085c52e811da6d5cc9f173abb4a corporate/3.0/i586/XFree86-glide-module-4.3-32.13.C30mdk.i586.rpm 3373a7e9398a1788ab4bea0f12a9dce2 corporate/3.0/i586/XFree86-server-4.3-32.13.C30mdk.i586.rpm f78239e305badabba3d638b361473436 corporate/3.0/i586/XFree86-xfs-4.3-32.13.C30mdk.i586.rpm 69b594d3b0438be4c25c36abb37e5159 corporate/3.0/i586/libxfree86-4.3-32.13.C30mdk.i586.rpm 9d1c0eb89083a9f62c14d29126a0ce06 corporate/3.0/i586/libxfree86-devel-4.3-32.13.C30mdk.i586.rpm c67bddf7736902533773979e627b8761 corporate/3.0/i586/libxfree86-static-devel-4.3-32.13.C30mdk.i586.rpm 5f194d3c82ab8f214c16f33bd4952107 corporate/3.0/SRPMS/XFree86-4.3-32.13.C30mdk.src.rpm Corporate 3.0/X86_64: 2bd23a1148e5b379ff0305d9f96032f0 corporate/3.0/x86_64/X11R6-contrib-4.3-32.13.C30mdk.x86_64.rpm dc08cee63f5dcbed1b036c3708a657a1 corporate/3.0/x86_64/XFree86-100dpi-fonts-4.3-32.13.C30mdk.x86_64.rpm 171a7012e64618b79dc8880180093f76 corporate/3.0/x86_64/XFree86-4.3-32.13.C30mdk.x86_64.rpm de12bcbf7f7ebdec9becb1c051162ecf corporate/3.0/x86_64/XFree86-75dpi-fonts-4.3-32.13.C30mdk.x86_64.rpm 7f208dc7263f1558cf3f10e04e1ed5c9 corporate/3.0/x86_64/XFree86-Xnest-4.3-32.13.C30mdk.x86_64.rpm c24a2d0fa210741e5aade751bd8a61df corporate/3.0/x86_64/XFree86-Xvfb-4.3-32.13.C30mdk.x86_64.rpm a89a370a0185521e83c37b8daf60fdd0 corporate/3.0/x86_64/XFree86-cyrillic-fonts-4.3-32.13.C30mdk.x86_64.rpm 840dbd21393e5611d162ccf755792d4f corporate/3.0/x86_64/XFree86-doc-4.3-32.13.C30mdk.x86_64.rpm b9595f9ffe3bc8a1d16522b6a47d5598 corporate/3.0/x86_64/XFree86-server-4.3-32.13.C30mdk.x86_64.rpm 63479edcdcbe976b96582c481b986f5e corporate/3.0/x86_64/XFree86-xfs-4.3-32.13.C30mdk.x86_64.rpm 525e0d97ff88d1905502d405f90d4085 corporate/3.0/x86_64/lib64xfree86-4.3-32.13.C30mdk.x86_64.rpm 66f6f35a1c45d88672bbc2b2ea9c8f2d corporate/3.0/x86_64/lib64xfree86-devel-4.3-32.13.C30mdk.x86_64.rpm 2717e4c7875f4de5e880ad95b595fecd corporate/3.0/x86_64/lib64xfree86-static-devel-4.3-32.13.C30mdk.x86_64.rpm 5f194d3c82ab8f214c16f33bd4952107 corporate/3.0/SRPMS/XFree86-4.3-32.13.C30mdk.src.rpm Corporate 4.0: e63a99edfa23138af23caa7c9c980d54 corporate/4.0/i586/X11R6-contrib-6.9.0-5.15.20060mlcs4.i586.rpm 9fa37dcac91bc52853239a3b86acbfa8 corporate/4.0/i586/libxorg-x11-6.9.0-5.15.20060mlcs4.i586.rpm b34ee5541e4d8e7f37dcde66a75c6cfb corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.15.20060mlcs4.i586.rpm 71d076aff757c1778782065b3e7de161 corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.15.20060mlcs4.i586.rpm 59b2613a3f02781d966b76751a4f432c corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.15.20060mlcs4.i586.rpm 111813e2cbdeef71c025de2235199e90 corporate/4.0/i586/xorg-x11-6.9.0-5.15.20060mlcs4.i586.rpm 44b0a56d98313c72b05bfc4b28ff024b corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.15.20060mlcs4.i586.rpm 08026da35859225b367ab26e813d57d7 corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.15.20060mlcs4.i586.rpm 46f848204211932f59a8ecaf02a3894e corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.15.20060mlcs4.i586.rpm eb232b39a68609ffb5adc5f472dc5d1d corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.15.20060mlcs4.i586.rpm 055b63beae6e771a6b948049fed128cf corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.15.20060mlcs4.i586.rpm b2438635efdf6ed16508580cc901ecb5 corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.15.20060mlcs4.i586.rpm 91ac90d71030f3bfe0fdb9ddaf2ad816 corporate/4.0/i586/xorg-x11-doc-6.9.0-5.15.20060mlcs4.i586.rpm bf50b7e3fa360f3fd1aa61444526b9b8 corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.15.20060mlcs4.i586.rpm 372cfc8231f2f2d31760f165ee80d4e6 corporate/4.0/i586/xorg-x11-server-6.9.0-5.15.20060mlcs4.i586.rpm 7a73f4094d5ea7c3020a3b78ea9c9c98 corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.15.20060mlcs4.i586.rpm 61bd1d2dae41148425196597d28460af corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.15.20060mlcs4.i586.rpm 1e8a87194b755917783b1a6856a684a3 corporate/4.0/SRPMS/xorg-x11-6.9.0-5.15.20060mlcs4.src.rpm Corporate 4.0/X86_64: 32ff784cd7c2401ee6bb9cd2b814159b corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.15.20060mlcs4.x86_64.rpm d2575d1962896839c66e5a6d4f0d243b corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.15.20060mlcs4.x86_64.rpm 49455f9280c0f2e45cbfe40957644a06 corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.15.20060mlcs4.x86_64.rpm f57c87d13d3411731b28ac002873887f corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.15.20060mlcs4.x86_64.rpm cec0f84d92610fe7319678d52f85d69d corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.15.20060mlcs4.x86_64.rpm bbccb6cf65819363d944b72ea5dc0f94 corporate/4.0/x86_64/xorg-x11-6.9.0-5.15.20060mlcs4.x86_64.rpm 6aef383c3f44fc6b66fc3175084b87fc corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.15.20060mlcs4.x86_64.rpm c036dce014adc7e5a74a181cf9fabdaf corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.15.20060mlcs4.x86_64.rpm 59d992851f3d52838a9515f9449905d5 corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.15.20060mlcs4.x86_64.rpm 11867453dc758141fb38c33e3812e8e1 corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.15.20060mlcs4.x86_64.rpm a248cd02f7d7864c779491c6a9e696e1 corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.15.20060mlcs4.x86_64.rpm 6bec3e71d6c044a563bca2733260adb9 corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.15.20060mlcs4.x86_64.rpm d2f5b5cebcecefdce3cc1bfb550bf481 corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.15.20060mlcs4.x86_64.rpm 780c01a55862d4b9ac03286ac787b725 corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.15.20060mlcs4.x86_64.rpm 3ad687a6bb67d02ed23cb6d57ca0ea85 corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.15.20060mlcs4.x86_64.rpm 3f02a8bf7e6e94b4696baa3998712dae corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.15.20060mlcs4.x86_64.rpm 5df334cae18035961430532b7fa6a71f corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.15.20060mlcs4.x86_64.rpm 1e8a87194b755917783b1a6856a684a3 corporate/4.0/SRPMS/xorg-x11-6.9.0-5.15.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGFAoYmqjQ0CJFipgRAvkHAJwJVFe0mT1yBHKjcTWYIRiSz7YoZQCdF6wt /Czi8NSscvNCkThUftxcIJY= =eRgy -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-448-1 April 03, 2007 freetype, libxfont, xorg, xorg-server vulnerabilities CVE-2007-1003, CVE-2007-1351, CVE-2007-1352 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: libfreetype6 2.1.7-2.4ubuntu1.3 libxfont1 1:0.99.0+cvs.20050909-1.3 xserver-xorg-core 6.8.2-77.3 Ubuntu 6.06 LTS: libfreetype6 2.1.10-1ubuntu2.3 libxfont1 1:1.0.0-0ubuntu3.3 xserver-xorg-core 1:1.0.2-0ubuntu10.6 Ubuntu 6.10: libfreetype6 2.2.1-5ubuntu0.1 libxfont1 1:1.2.0-0ubuntu3.1 xserver-xorg-core 1:1.1.1-0ubuntu12.2 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Sean Larsson of iDefense Labs discovered that the MISC-XC extension of Xorg did not correctly verify the size of allocated memory. (CVE-2007-1003) Greg MacManus of iDefense Labs discovered that the BDF font handling code in Xorg and FreeType did not correctly verify the size of allocated memory. (CVE-2007-1351, CVE-2007-1352) Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.7-2.4ubuntu1.3.diff.gz Size/MD5: 57463 b8f6fa3ee48672ceca86bf9625536545 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.7-2.4ubuntu1.3.dsc Size/MD5: 695 b4b76f4eb02a68844666cecef2655e87 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.7.orig.tar.gz Size/MD5: 1245623 991ff86e88b075ba363e876f4ea58680 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont_0.99.0+cvs.20050909-1.3.diff.gz Size/MD5: 7087 fa6f3d6472398c4afe51232508d5bd25 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont_0.99.0+cvs.20050909-1.3.dsc Size/MD5: 771 220ed305b077585687ccec6564955b03 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont_0.99.0+cvs.20050909.orig.tar.gz Size/MD5: 788911 32b390bd94e4250475702e668b2bf243 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xorg_6.8.2-77.3.diff.gz Size/MD5: 2491611 eaa8cba7cdd69c746d88c0c28fe51c5c http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xorg_6.8.2-77.3.dsc Size/MD5: 3728 9ae8a29c6619763c73ac3c7554615886 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xorg_6.8.2.orig.tar.gz Size/MD5: 49471925 34cba217afe2c547e3a72657a3a27e37 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xbase-clients_6.8.2-77.3_all.deb Size/MD5: 65788 12bad26276ea4cb67cd2ef6959e8dc59 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs-data_6.8.2-77.3_all.deb Size/MD5: 72432 2c968bd2d7fcc1f5f7ebbc07193f58a5 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs-dev_6.8.2-77.3_all.deb Size/MD5: 65560 073f34a0d879c566823c70a701e40aeb http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs_6.8.2-77.3_all.deb Size/MD5: 92072 af61cbb4688ff1affeed10a82a8660dc http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xorg-common_6.8.2-77.3_all.deb Size/MD5: 715620 e4f2e86619a5f21ed660eca3f03897e3 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xutils_6.8.2-77.3_all.deb Size/MD5: 65536 e1edff49971cdb0872f71941f37950b3 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.4ubuntu1.3_amd64.deb Size/MD5: 75540 9be3f1b17f6ca112f2907b69d1e87ffa http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.4ubuntu1.3_amd64.deb Size/MD5: 722918 748a13b1cfbdf910d89f435a822d0546 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.4ubuntu1.3_amd64.udeb Size/MD5: 241784 bc3519b183a983495121373cd78c9456 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.4ubuntu1.3_amd64.deb Size/MD5: 392948 d6f2e48fe489ca394fad153c07400d14 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont-dev_0.99.0+cvs.20050909-1.3_amd64.deb Size/MD5: 297970 157c10e1e0db8aced07b462777318da5 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1-dbg_0.99.0+cvs.20050909-1.3_amd64.deb Size/MD5: 377708 bfc5fba5bc6305a66dc0836712e7a91b http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1_0.99.0+cvs.20050909-1.3_amd64.deb Size/MD5: 243588 f275099ce971aa990f3d28e0d7aea5f3 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/x-window-system-core_6.8.2-77.3_amd64.deb Size/MD5: 65746 e85a37b8b5ca3e0150961324914dd38a http://security.ubuntu.com/ubuntu/pool/main/x/xorg/x-window-system-dev_6.8.2-77.3_amd64.deb Size/MD5: 65774 dd5d197fe97c558ec418dde967a914a1 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg/xdmx_6.8.2-77.3_amd64.deb Size/MD5: 1029630 40e93609ec560b44558b86cc717d2991 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs-static-dev_6.8.2-77.3_amd64.deb Size/MD5: 117402 35860dfb00719c6fffddb2b4a5747abd http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs-static-pic_6.8.2-77.3_amd64.deb Size/MD5: 113704 24f40fbf5593dd653e72f6c2797516c0 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xnest_6.8.2-77.3_amd64.deb Size/MD5: 1526642 e357f9979668602743c2596992abee80 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-common_6.8.2-77.3_amd64.deb Size/MD5: 123324 d10670b3b2a2ae50b816062e004d1b7f http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-core_6.8.2-77.3_amd64.deb Size/MD5: 3993068 d361ba44f7464198b2d990dd2f939ff3 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-dbg_6.8.2-77.3_amd64.deb Size/MD5: 4773852 f644788b79b0d0a6deb0bb3e27743416 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-apm_6.8.2-77.3_amd64.deb Size/MD5: 126370 521f72819330e496e89a253021cf5215 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-ark_6.8.2-77.3_amd64.deb Size/MD5: 73882 3ebb4a5f56625e7b78d9e536072bc763 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-ati_6.8.2-77.3_amd64.deb Size/MD5: 324240 e01da75bc223cdd1b8699b19291334d6 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-chips_6.8.2-77.3_amd64.deb Size/MD5: 152244 43f0e543b835068278f56c60690769bf http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-cirrus_6.8.2-77.3_amd64.deb Size/MD5: 101702 9ebbefa73e1c3194b6c04269fdb292d8 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-cyrix_6.8.2-77.3_amd64.deb Size/MD5: 81032 5d524764bb1c2bd8b918ed563b68886e http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-dummy_6.8.2-77.3_amd64.deb Size/MD5: 70664 2db770e3cc6802174762f55c99ffd1b4 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-fbdev_6.8.2-77.3_amd64.deb Size/MD5: 74290 49d5ffa068a163464a569a4c8cd662f1 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-glint_6.8.2-77.3_amd64.deb Size/MD5: 160244 e59c1b781ec041ac3df2486743ba07cc http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-i128_6.8.2-77.3_amd64.deb Size/MD5: 89792 4b5528d20347eb721df443aa14be6084 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-i810_6.8.2-77.3_amd64.deb Size/MD5: 168474 a98c9ebf3b71b96066ee96c461e51de1 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-mga_6.8.2-77.3_amd64.deb Size/MD5: 154206 f146cd927b79c7f43fc4afe904fd7028 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-neomagic_6.8.2-77.3_amd64.deb Size/MD5: 99620 45382b9464fc7c21021ca81f7601977a http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-nv_6.8.2-77.3_amd64.deb Size/MD5: 131230 d73416650296039e0d59d2a2b75f2d8e http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-rendition_6.8.2-77.3_amd64.deb Size/MD5: 90240 5af0c68193b4349fbcd239ec482ed2ab http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-s3_6.8.2-77.3_amd64.deb Size/MD5: 91726 cb82c871f03ffb6e968bea210a6af75d http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-s3virge_6.8.2-77.3_amd64.deb Size/MD5: 104188 eb7e8e83da3cf9b4e7c65ed24b92a2e0 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-savage_6.8.2-77.3_amd64.deb Size/MD5: 107776 31c8cc09a6a9241c91d2c03975287842 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-siliconmotion_6.8.2-77.3_amd64.deb Size/MD5: 105300 e06379b5530410c398c23d24e4a2682d http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-sis_6.8.2-77.3_amd64.deb Size/MD5: 340896 0114deb2e7cea78860e08ada6fc9d3d9 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-tdfx_6.8.2-77.3_amd64.deb Size/MD5: 99038 bd5c774e186120d851799de0d060ef3f http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-tga_6.8.2-77.3_amd64.deb Size/MD5: 88846 e611135fac9da5e514defd35fadd8025 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-trident_6.8.2-77.3_amd64.deb Size/MD5: 132244 aab798cb57d644b327fe6a7bb5c51637 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-tseng_6.8.2-77.3_amd64.deb Size/MD5: 96404 3ee874ea69eefd45491d6ca56830f307 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-v4l_6.8.2-77.3_amd64.deb Size/MD5: 73392 6d5439acff5d2098ca6741cfb8ef6a00 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-vesa_6.8.2-77.3_amd64.deb Size/MD5: 77434 6e8e03907c375a01588e05d5e1b18b23 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-vga_6.8.2-77.3_amd64.deb Size/MD5: 75352 b12939451111e63dd0917362e42ec4cf http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-acecad_6.8.2-77.3_amd64.deb Size/MD5: 70676 730768c822fa4c806bab0459866971aa http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-aiptek_6.8.2-77.3_amd64.deb Size/MD5: 80550 184a471135082d501936061092fb607f http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-calcomp_6.8.2-77.3_amd64.deb Size/MD5: 70248 656d22076f2b45ded25f4d2f08d8801a http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-citron_6.8.2-77.3_amd64.deb Size/MD5: 90044 676d14ebebf88b4e12114b08b169003c http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-digitaledge_6.8.2-77.3_amd64.deb Size/MD5: 71032 fd5b286d4122018630fe6afec181edb6 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-dmc_6.8.2-77.3_amd64.deb Size/MD5: 70166 f1c622c52ee792548953adce5f372a2d http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-dynapro_6.8.2-77.3_amd64.deb Size/MD5: 69772 099498b9bb81379b15f5c24741a2befc http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-elographics_6.8.2-77.3_amd64.deb Size/MD5: 73234 3410e093a87090fcf4ca0134c7f00ab3 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-fpit_6.8.2-77.3_amd64.deb Size/MD5: 70778 b37384a5c58b046fef89f487ff49f5a0 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-hyperpen_6.8.2-77.3_amd64.deb Size/MD5: 72940 b873ef7a14637241aacfbce9951b60da http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-kbd_6.8.2-77.3_amd64.deb Size/MD5: 74632 79a5026db158fb123ff54af1e35d501d http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-magellan_6.8.2-77.3_amd64.deb Size/MD5: 69366 8f0c8b39e5f88d657a8c038aae1305eb http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-microtouch_6.8.2-77.3_amd64.deb Size/MD5: 72022 0dd20d44c7f77c47c3dd3f7a3353b894 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-mouse_6.8.2-77.3_amd64.deb Size/MD5: 98390 2c172d033b5252846ceeee40990d0a16 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-mutouch_6.8.2-77.3_amd64.deb Size/MD5: 73580 3d3b88bf32deff96a074b58a30a0cbee http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-palmax_6.8.2-77.3_amd64.deb Size/MD5: 71608 db4f436ea8ad1ecf12698014afca127f http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-penmount_6.8.2-77.3_amd64.deb Size/MD5: 70346 ca124fdfda754fcd9a91adb46d62a84e http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-spaceorb_6.8.2-77.3_amd64.deb Size/MD5: 69124 ac4fa56df52b175d81769cc20caf3777 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-summa_6.8.2-77.3_amd64.deb Size/MD5: 72888 c1279a890e388b9cdb7e8e79c6e6cafb http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-tek4957_6.8.2-77.3_amd64.deb Size/MD5: 70860 c17d207b3d04bd35ad5afa7ba56597e7 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-void_6.8.2-77.3_amd64.deb Size/MD5: 67680 77d2e92de46a38a197f62355e45a84ee http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-wacom_6.8.2-77.3_amd64.deb Size/MD5: 101040 b66ac048fc5858c86e9dc079c79f8b38 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg_6.8.2-77.3_amd64.deb Size/MD5: 274146 40e3014ce80f6be8852fa043105bab70 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xvfb_6.8.2-77.3_amd64.deb Size/MD5: 1640494 bf0c8235665a11c099cd227ad2b3a60b i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.4ubuntu1.3_i386.deb Size/MD5: 52860 8f9822785a4d4feeb120b7ef6d874709 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.4ubuntu1.3_i386.deb Size/MD5: 686404 46b3001cdee7cd73141461033f8f4482 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.4ubuntu1.3_i386.udeb Size/MD5: 209260 17f5df161bde9954b46051ef2e989159 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.4ubuntu1.3_i386.deb Size/MD5: 361112 e8d31f9d89c442a5834144b374b49a54 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont-dev_0.99.0+cvs.20050909-1.3_i386.deb Size/MD5: 275968 4d5e4d8c032a149c09033a3f4d078faa http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1-dbg_0.99.0+cvs.20050909-1.3_i386.deb Size/MD5: 321688 f7e708a09b31924830357d10ad2fec40 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1_0.99.0+cvs.20050909-1.3_i386.deb Size/MD5: 217758 a18b74fa709fa38ba055e8e4b820a09c http://security.ubuntu.com/ubuntu/pool/main/x/xorg/x-window-system-core_6.8.2-77.3_i386.deb Size/MD5: 65750 86dfe78dfa09f1d7a52d646fb10401cf http://security.ubuntu.com/ubuntu/pool/main/x/xorg/x-window-system-dev_6.8.2-77.3_i386.deb Size/MD5: 65778 5dbe48fb74851b2c6e85cd143560884a http://security.ubuntu.com/ubuntu/pool/universe/x/xorg/xdmx_6.8.2-77.3_i386.deb Size/MD5: 880068 69e876557cbb97c0b51a2574f2ab4a2a http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs-static-dev_6.8.2-77.3_i386.deb Size/MD5: 111442 5fb72b1e75b0a6e8a528940045233288 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs-static-pic_6.8.2-77.3_i386.deb Size/MD5: 107366 88bf57b6009f6e5e1b74543933d90952 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xnest_6.8.2-77.3_i386.deb Size/MD5: 1282444 a1616fca7bbd45734eeac5dbadd4ddca http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-common_6.8.2-77.3_i386.deb Size/MD5: 122984 46402235fcb4c943f421d0081767c228 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-core_6.8.2-77.3_i386.deb Size/MD5: 3393114 cf2287d566a90325bdf5d37d0d772c9f http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-dbg_6.8.2-77.3_i386.deb Size/MD5: 21046384 e74d9ad7ebea1118a0991b54de50b21b http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-apm_6.8.2-77.3_i386.deb Size/MD5: 122974 a2d63f1a30e2e8778d3737d334224e44 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-ark_6.8.2-77.3_i386.deb Size/MD5: 72406 c79fce80a122bcb69cb8aa2840027183 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-ati_6.8.2-77.3_i386.deb Size/MD5: 300354 be69393fd4c49073fc291d4382682af6 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-chips_6.8.2-77.3_i386.deb Size/MD5: 147054 13477206d327d76ed6cc6760081b6a0d http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-cirrus_6.8.2-77.3_i386.deb Size/MD5: 94812 6dbbfc2081ce19bd705e65a76c370b18 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-cyrix_6.8.2-77.3_i386.deb Size/MD5: 79216 96e108be36d7e96d1d7c61c55d2eada5 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-dummy_6.8.2-77.3_i386.deb Size/MD5: 69808 919b659eacec53b4612e0fac956adca7 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-fbdev_6.8.2-77.3_i386.deb Size/MD5: 73250 78bb84280077b3aba53beded9161a244 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-glide_6.8.2-77.3_i386.deb Size/MD5: 74914 040afc6608d22fee2eae20ba8b0e840b http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-glint_6.8.2-77.3_i386.deb Size/MD5: 159892 2780f991c85e2be15dda1635f8c98b11 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-i128_6.8.2-77.3_i386.deb Size/MD5: 87476 f4505c09091c8d4e49b3bbb345340e2e http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-i740_6.8.2-77.3_i386.deb Size/MD5: 86544 d08ed7ba7921a6341be43b1b597c7c01 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-i810_6.8.2-77.3_i386.deb Size/MD5: 158570 b6a1db2cde816a16be29d2aeb627ebee http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-imstt_6.8.2-77.3_i386.deb Size/MD5: 73262 07d1fa25882621bad5be61b318fd3a66 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-mga_6.8.2-77.3_i386.deb Size/MD5: 143748 8868549c96ba8150954a69cbf3730801 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-neomagic_6.8.2-77.3_i386.deb Size/MD5: 95818 b3b86c3fdce299e35aba1f8189fe5005 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-newport_6.8.2-77.3_i386.deb Size/MD5: 74236 e55cf778b3b0f1d43604722bdd8689b2 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-nsc_6.8.2-77.3_i386.deb Size/MD5: 160514 2ececee8091f44f6dd61de03d9ddf77e http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-nv_6.8.2-77.3_i386.deb Size/MD5: 123050 8e43b21c9dce1af5e5b88f24b8239952 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-rendition_6.8.2-77.3_i386.deb Size/MD5: 87578 52ec26ae5b375ef892d6a86f180577db http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-s3_6.8.2-77.3_i386.deb Size/MD5: 88736 1538d94d86c0603bde8c1f8504121c8f http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-s3virge_6.8.2-77.3_i386.deb Size/MD5: 100086 c31e59302ae59a2b4eeb015050922b41 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-savage_6.8.2-77.3_i386.deb Size/MD5: 102452 f1eec9b8382457b89406d69b526ad11e http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-siliconmotion_6.8.2-77.3_i386.deb Size/MD5: 102018 fe04cd8d4a6e461491add407142d3ff8 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-sis_6.8.2-77.3_i386.deb Size/MD5: 320680 c7a5363feaea7213a73835fb53a023dd http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-tdfx_6.8.2-77.3_i386.deb Size/MD5: 94190 4b8e7c65cc416de4a6d4691250776493 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-tga_6.8.2-77.3_i386.deb Size/MD5: 86104 94013a70b7734e0f4205e723093f71a0 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-trident_6.8.2-77.3_i386.deb Size/MD5: 125852 2352b91c3e6f9de7f5e5d63efdb22c82 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-tseng_6.8.2-77.3_i386.deb Size/MD5: 93760 809003f68c722bd4cfae1a197fc5f652 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-v4l_6.8.2-77.3_i386.deb Size/MD5: 72098 5651248f206d8b9987370ebbd24531ab http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-vesa_6.8.2-77.3_i386.deb Size/MD5: 75834 e41fa0b5de64e33a4c38c15f947cbb37 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-vga_6.8.2-77.3_i386.deb Size/MD5: 74320 9f80f3d04c9ffd9f5a505847a7fbbc4e http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-via_6.8.2-77.3_i386.deb Size/MD5: 138682 7e1c4877500e1dca3a735dd2f33d3193 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-vmware_6.8.2-77.3_i386.deb Size/MD5: 81378 ea3a2925ac33d30af17a184c1160ab34 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-acecad_6.8.2-77.3_i386.deb Size/MD5: 70188 dbba5b087d2dd682d7df359c6ecf7aaa http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-aiptek_6.8.2-77.3_i386.deb Size/MD5: 79394 52f292de69593f4126072df958002b5d http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-calcomp_6.8.2-77.3_i386.deb Size/MD5: 69716 edd13af3e98d5f70248479424f7597c2 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-citron_6.8.2-77.3_i386.deb Size/MD5: 87794 c6c08212db44d8cf26e0884a04c2d9b9 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-digitaledge_6.8.2-77.3_i386.deb Size/MD5: 70516 a91e7e0beab053a8ff753050c2f15b35 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-dmc_6.8.2-77.3_i386.deb Size/MD5: 69564 618499e29d79c7bc8f11ffa925c09b75 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-dynapro_6.8.2-77.3_i386.deb Size/MD5: 69266 f457352b4675b27b7d40337cbe0a2695 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-elographics_6.8.2-77.3_i386.deb Size/MD5: 71954 153e6af112f360033a37aeb4670c14cc http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-fpit_6.8.2-77.3_i386.deb Size/MD5: 70338 c01097e2eb0a2a3abc95a3dfa0247327 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-hyperpen_6.8.2-77.3_i386.deb Size/MD5: 71888 2f84d4568562561ef3498c9791ccab7f http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-kbd_6.8.2-77.3_i386.deb Size/MD5: 73402 7e0ab015ba49f103afb96c7211ce5755 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-magellan_6.8.2-77.3_i386.deb Size/MD5: 68822 4f17e665de66a9940ff3c6722fb08198 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-microtouch_6.8.2-77.3_i386.deb Size/MD5: 71282 ac55322bb00e6c33b1f764e47a2896e2 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-mouse_6.8.2-77.3_i386.deb Size/MD5: 96556 c3fce835be42eb0c31d03056fac32376 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-mutouch_6.8.2-77.3_i386.deb Size/MD5: 72546 05232e76ad9b9dc93d3db86c423d1b7c http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-palmax_6.8.2-77.3_i386.deb Size/MD5: 71022 4fd42ec380a437249a026bedc2e44cfe http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-penmount_6.8.2-77.3_i386.deb Size/MD5: 69748 7f95915c766d8f5486b6ee4af5f824ca http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-spaceorb_6.8.2-77.3_i386.deb Size/MD5: 68636 6e64a58144fd2364f5a27cacadc668a4 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-summa_6.8.2-77.3_i386.deb Size/MD5: 71956 f9a757c36bec95a75413995401d7fec8 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-tek4957_6.8.2-77.3_i386.deb Size/MD5: 70302 2ec147acfc14c068896185d2dd01887a http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-void_6.8.2-77.3_i386.deb Size/MD5: 67446 ca456ab89714cb807ab26dfa676578b2 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-wacom_6.8.2-77.3_i386.deb Size/MD5: 96986 2799f489d096d23cc91037d7705f7abd http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg_6.8.2-77.3_i386.deb Size/MD5: 274176 ea1d2fc5b60b7754d47ada4cbbe7a612 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xvfb_6.8.2-77.3_i386.deb Size/MD5: 1383664 7fca88ca86e1d9545c0a5a7ed877f2cf powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.4ubuntu1.3_powerpc.deb Size/MD5: 80654 12c06589e94a6d6da139a27d5bd48b4c http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.4ubuntu1.3_powerpc.deb Size/MD5: 729308 9c85d5592d0f162884bc52bc82e09457 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.4ubuntu1.3_powerpc.udeb Size/MD5: 230642 65a12121f60f8096bea04955e30ae42a http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.4ubuntu1.3_powerpc.deb Size/MD5: 382478 7b1ac5f12fdba3482ad3251c3c24bef3 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont-dev_0.99.0+cvs.20050909-1.3_powerpc.deb Size/MD5: 286022 d37d7708a0341cd63c1390fb0ff387a9 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1-dbg_0.99.0+cvs.20050909-1.3_powerpc.deb Size/MD5: 373114 ed63b7e61d8a65f90cd8c3599d0c96a6 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1_0.99.0+cvs.20050909-1.3_powerpc.deb Size/MD5: 237726 289174b8732579cc6b38f50f6398525e http://security.ubuntu.com/ubuntu/pool/main/x/xorg/x-window-system-core_6.8.2-77.3_powerpc.deb Size/MD5: 65746 c5de437f4027dec1acb8640bf14c4ccf http://security.ubuntu.com/ubuntu/pool/main/x/xorg/x-window-system-dev_6.8.2-77.3_powerpc.deb Size/MD5: 65774 9d5e6b227f9799035e83f10ffa1f4cbe http://security.ubuntu.com/ubuntu/pool/universe/x/xorg/xdmx_6.8.2-77.3_powerpc.deb Size/MD5: 1006498 218159bdb9b8b250ef184881db5364e6 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs-static-dev_6.8.2-77.3_powerpc.deb Size/MD5: 114636 384d4379cf21cc360da3f74252dc6e48 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs-static-pic_6.8.2-77.3_powerpc.deb Size/MD5: 110580 054183b9a9c8a86fefac3017592eeb3f http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xnest_6.8.2-77.3_powerpc.deb Size/MD5: 1477044 d49494dfeb3fbb06cc60ac2397b104b4 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-common_6.8.2-77.3_powerpc.deb Size/MD5: 123370 5084044b08a994ade1e05ca769fbfeab http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-core_6.8.2-77.3_powerpc.deb Size/MD5: 4153716 d136a45467ed83aa7c9be079d38bbea1 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-dbg_6.8.2-77.3_powerpc.deb Size/MD5: 17841844 cc6a10b4f49e0a3dc197f4b4a25be310 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-ati_6.8.2-77.3_powerpc.deb Size/MD5: 316180 8da85e525823bd09bc3648d5f642baad http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-chips_6.8.2-77.3_powerpc.deb Size/MD5: 158800 f6957aec1dfb811624d4223b3b8792c3 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-fbdev_6.8.2-77.3_powerpc.deb Size/MD5: 74910 886ebb1cc261a13774fb37442f67b04b http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-glint_6.8.2-77.3_powerpc.deb Size/MD5: 177164 4df697145e0bc9e405269f370c098ad3 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-imstt_6.8.2-77.3_powerpc.deb Size/MD5: 74766 af48765f0b61b699ef013e7fb91d0563 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-mga_6.8.2-77.3_powerpc.deb Size/MD5: 154718 49e8c9067f4196f735100fdb88abf241 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-nv_6.8.2-77.3_powerpc.deb Size/MD5: 133938 1f37af997b732cce638c2f442ac32c27 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-s3_6.8.2-77.3_powerpc.deb Size/MD5: 98722 fd531207bb51ee7557839113134c03de http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-s3virge_6.8.2-77.3_powerpc.deb Size/MD5: 107536 eb327385a5f0410f9a1180d7c6808903 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-savage_6.8.2-77.3_powerpc.deb Size/MD5: 110162 a70cd8531c61382bcc07b92a34202bed http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-sis_6.8.2-77.3_powerpc.deb Size/MD5: 368234 fde514af99dfabf48ab685c95a95249b http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-tdfx_6.8.2-77.3_powerpc.deb Size/MD5: 100614 d6dabc2023c08f6379f0fb98d3c076b3 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-trident_6.8.2-77.3_powerpc.deb Size/MD5: 142422 42f616549b5dac01f66403b64d5c5e5c http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-v4l_6.8.2-77.3_powerpc.deb Size/MD5: 74212 d6d45dde725417a9a4b014c65a41cb12 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-vga_6.8.2-77.3_powerpc.deb Size/MD5: 76358 450f581f1d862d20f67f0054ea46cc66 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-acecad_6.8.2-77.3_powerpc.deb Size/MD5: 70846 9b2d0fa88f4fa0edacffdef2ee62901a http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-aiptek_6.8.2-77.3_powerpc.deb Size/MD5: 82626 b4af3fee8db47771e9325f634119c6b4 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-calcomp_6.8.2-77.3_powerpc.deb Size/MD5: 70766 2f945c77af13fed6788bdabc71c312ce http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-citron_6.8.2-77.3_powerpc.deb Size/MD5: 93244 e8dee7a2b70acb94d51c7cd1c1e97b9c http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-digitaledge_6.8.2-77.3_powerpc.deb Size/MD5: 71734 e73893cfe3b9d5b693569c2382905cf1 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-dmc_6.8.2-77.3_powerpc.deb Size/MD5: 70374 7082960291a9bb88d003eeeb4285358b http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-dynapro_6.8.2-77.3_powerpc.deb Size/MD5: 69938 d7113c27bbd386c14ff9a2b712c51342 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-elographics_6.8.2-77.3_powerpc.deb Size/MD5: 74028 4bd41187c68fa51fb0adced0ccaad0ac http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-fpit_6.8.2-77.3_powerpc.deb Size/MD5: 70956 a0f37dfd435cba240a1d3a35f27841aa http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-hyperpen_6.8.2-77.3_powerpc.deb Size/MD5: 74336 41cacbfcdc99b42b0264d82a7578a8ec http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-kbd_6.8.2-77.3_powerpc.deb Size/MD5: 74960 52611ed1fc10530d4ab44fd16577bce1 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-magellan_6.8.2-77.3_powerpc.deb Size/MD5: 69550 22c49ab9f187bdca55a0fbb83857ce25 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-microtouch_6.8.2-77.3_powerpc.deb Size/MD5: 72498 44c3195bdcf64c2c5cf8504f6089e619 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-mouse_6.8.2-77.3_powerpc.deb Size/MD5: 99586 ac9781c897e4dc052af9c9c80a4853db http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-mutouch_6.8.2-77.3_powerpc.deb Size/MD5: 74312 6d10ae854f4e4a3c5f137950e307db5f http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-palmax_6.8.2-77.3_powerpc.deb Size/MD5: 71850 80b3b7bd7b567be9d5dd896e8613ec16 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-penmount_6.8.2-77.3_powerpc.deb Size/MD5: 70548 37d1b7c034b9f792608d3e6dd2a867d1 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-spaceorb_6.8.2-77.3_powerpc.deb Size/MD5: 69216 7ee83181573ac45a56f2a4fb044a5e6f http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-summa_6.8.2-77.3_powerpc.deb Size/MD5: 74222 a0f33d1df407af5b5a6c51a5882a9e60 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-tek4957_6.8.2-77.3_powerpc.deb Size/MD5: 71126 9140e6af3e6ad35bd68a5f5968399b0b http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-void_6.8.2-77.3_powerpc.deb Size/MD5: 67622 d3f49e28e34a285865f8870b3eeb8aae http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-wacom_6.8.2-77.3_powerpc.deb Size/MD5: 106738 88fbfbd6e6ad9f5336552ec2e50ec9a1 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg_6.8.2-77.3_powerpc.deb Size/MD5: 274024 93076262a05833b4807e98699103d946 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xvfb_6.8.2-77.3_powerpc.deb Size/MD5: 1590104 e71d49333a98a285fe438d08e48ca2e9 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.4ubuntu1.3_sparc.deb Size/MD5: 68646 bd18602999ade0786089cf0c117a8340 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.4ubuntu1.3_sparc.deb Size/MD5: 699952 0697ae616e5f96afe661a7a121eaf8ee http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.4ubuntu1.3_sparc.udeb Size/MD5: 216454 7d29da7d817ac7ff1c6d7914630493ad http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.4ubuntu1.3_sparc.deb Size/MD5: 367276 9024cd052d0210a8bacdaff20589b06c http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont-dev_0.99.0+cvs.20050909-1.3_sparc.deb Size/MD5: 294964 b666356962ef9506da0b76efd05c9908 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1-dbg_0.99.0+cvs.20050909-1.3_sparc.deb Size/MD5: 324238 7dfef6defc80be665990fcbdd0e08e2e http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1_0.99.0+cvs.20050909-1.3_sparc.deb Size/MD5: 232476 dd914e38e4765a07e0980dd6ad5907b8 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/x-window-system-core_6.8.2-77.3_sparc.deb Size/MD5: 65744 69da99ffdd8daf0a439b098b2e284b32 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/x-window-system-dev_6.8.2-77.3_sparc.deb Size/MD5: 65772 de0733e94929d4379e05d3c88a13a285 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg/xdmx_6.8.2-77.3_sparc.deb Size/MD5: 920880 2d70ca5f3de16d1192b1c05d99e21d93 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs-static-dev_6.8.2-77.3_sparc.deb Size/MD5: 112780 bf763538fea32c5f73f85ab86438014b http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs-static-pic_6.8.2-77.3_sparc.deb Size/MD5: 108622 99531cb07cdffc17daf11727bc7e11bf http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xnest_6.8.2-77.3_sparc.deb Size/MD5: 1357838 e4491783b6a9e3d45d19a1ffa086bc81 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-common_6.8.2-77.3_sparc.deb Size/MD5: 123326 32c21b631ab344dd58d27bf7a62c605b http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-core_6.8.2-77.3_sparc.deb Size/MD5: 3746340 8e6087848c828cfc5d72cde99b21242b http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-dbg_6.8.2-77.3_sparc.deb Size/MD5: 19778476 767707fd2df5e224381a33fa872cf19a http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-apm_6.8.2-77.3_sparc.deb Size/MD5: 124424 081cfba509d6784ba22518521c18aa79 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-ark_6.8.2-77.3_sparc.deb Size/MD5: 73344 ca0e2f22257a9911dbbe7c9c0f479d57 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-ati_6.8.2-77.3_sparc.deb Size/MD5: 302440 861d677e1de334391174481377f437cf http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-chips_6.8.2-77.3_sparc.deb Size/MD5: 152068 643d54a96746678c36f17c3ffd3ab91c http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-cirrus_6.8.2-77.3_sparc.deb Size/MD5: 99108 b1a219d38a08ec0a3ca4cecba79a2784 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-dummy_6.8.2-77.3_sparc.deb Size/MD5: 70306 2b541fd5e4f10f05266800b2f977f120 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-fbdev_6.8.2-77.3_sparc.deb Size/MD5: 74052 448582ffd40305e797cf2815c6f9c1a0 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-glint_6.8.2-77.3_sparc.deb Size/MD5: 174824 44a2ace41f17b1f0da1c3ff7199de0f0 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-i128_6.8.2-77.3_sparc.deb Size/MD5: 90378 e8c95b12f1882e1f9294cb9821dff299 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-i740_6.8.2-77.3_sparc.deb Size/MD5: 88784 7069730f8ea7530b607c0ecdedabe693 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-imstt_6.8.2-77.3_sparc.deb Size/MD5: 74196 a67897463a21167d281a29fab9414ecf http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-mga_6.8.2-77.3_sparc.deb Size/MD5: 151636 442a736cb4530a699e4ea844e01763a0 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-neomagic_6.8.2-77.3_sparc.deb Size/MD5: 98780 9b374f040468ddfa4c8559c63e4598e1 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-newport_6.8.2-77.3_sparc.deb Size/MD5: 75054 e41f20599375cef562d50cfd5ea91f22 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-nv_6.8.2-77.3_sparc.deb Size/MD5: 130164 7d81597fa246853896dee123c93a3443 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-rendition_6.8.2-77.3_sparc.deb Size/MD5: 89382 0c4f8f40654fdd09e520145ca2e886bd http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-s3virge_6.8.2-77.3_sparc.deb Size/MD5: 105294 1f6862c1c719219da1b965623774def5 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-savage_6.8.2-77.3_sparc.deb Size/MD5: 107562 634a4e99cee1f7ed5a96fa6d1e5053aa http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-siliconmotion_6.8.2-77.3_sparc.deb Size/MD5: 106838 ca4bcbbcbb250fc4374477ef17dd5dbd http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-sunbw2_6.8.2-77.3_sparc.deb Size/MD5: 68678 95aa8f3f675f84b9b445fd5a85c75952 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-suncg14_6.8.2-77.3_sparc.deb Size/MD5: 69252 2d87f35b35295d29bdd76a8172351ac2 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-suncg3_6.8.2-77.3_sparc.deb Size/MD5: 68734 8809dd6543372feddd2a5886f6976776 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-suncg6_6.8.2-77.3_sparc.deb Size/MD5: 69728 1b59fdb3a45e0a569445b34d064d0633 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-sunffb_6.8.2-77.3_sparc.deb Size/MD5: 127670 0b38955174a4ed44bd4578c87da66684 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-sunleo_6.8.2-77.3_sparc.deb Size/MD5: 81660 117464ff17f748d0c95aa59f89abf250 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-suntcx_6.8.2-77.3_sparc.deb Size/MD5: 70446 e69222c475300674077226d927e4a156 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-tdfx_6.8.2-77.3_sparc.deb Size/MD5: 99410 33d1cafe6bf0edca99ba9392966d6ab7 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-tga_6.8.2-77.3_sparc.deb Size/MD5: 87728 726ce3e0143dafcd495e3de4a40cf8c0 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-trident_6.8.2-77.3_sparc.deb Size/MD5: 131950 e98574be1b719debd2c4542b199cdfcc http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-v4l_6.8.2-77.3_sparc.deb Size/MD5: 73412 b1d2672fcf4c22e883e9b93ddfe70e1a http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-vesa_6.8.2-77.3_sparc.deb Size/MD5: 76710 1254832b3fa89d4cf901bce0bb79c6ba http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-vga_6.8.2-77.3_sparc.deb Size/MD5: 75206 36b39c918f6061dd11711972d2025110 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-vmware_6.8.2-77.3_sparc.deb Size/MD5: 82618 c65b2958ebcc66702c6db1a24aee3813 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-acecad_6.8.2-77.3_sparc.deb Size/MD5: 70412 26c69d8e78229e07af1aa8176594728d http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-aiptek_6.8.2-77.3_sparc.deb Size/MD5: 80920 710cf56fd1e938d25cd1b0ad6a524a08 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-calcomp_6.8.2-77.3_sparc.deb Size/MD5: 70316 83f3d61a2bed0574b25b2b0afb808ff6 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-citron_6.8.2-77.3_sparc.deb Size/MD5: 91828 01867c3013e5a645d22cd97dc2068e1c http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-digitaledge_6.8.2-77.3_sparc.deb Size/MD5: 71154 447987785afddd40f58871ed82d1d8c7 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-dmc_6.8.2-77.3_sparc.deb Size/MD5: 69880 df7253bb410088887e963b4ec185a761 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-dynapro_6.8.2-77.3_sparc.deb Size/MD5: 69582 772f0ae3564c523c6f010b9e54b9dbe6 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-elographics_6.8.2-77.3_sparc.deb Size/MD5: 73168 0a6bc07c0a89ed382852a9f22212882f http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-fpit_6.8.2-77.3_sparc.deb Size/MD5: 70622 a647189fd612aad8b9d57ee1d8d29da4 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-hyperpen_6.8.2-77.3_sparc.deb Size/MD5: 73350 e5ca5c4d5c85b8b58a2d966c9cc122a5 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-kbd_6.8.2-77.3_sparc.deb Size/MD5: 74194 2d9b7ab568db94f2fdfbf9208c51f269 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-magellan_6.8.2-77.3_sparc.deb Size/MD5: 69170 bd51f60f99bea164a1655bf99d81080d http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-microtouch_6.8.2-77.3_sparc.deb Size/MD5: 71910 f439b8d1778d01df70f869e04d0f916a http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-mouse_6.8.2-77.3_sparc.deb Size/MD5: 97820 daa144c86465f941bad248f7f2011095 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-mutouch_6.8.2-77.3_sparc.deb Size/MD5: 73544 67eead253f6f73a4c95cff9ee3fe5e45 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-palmax_6.8.2-77.3_sparc.deb Size/MD5: 71470 462bf1db6bf06a3541c048e978f619e1 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-penmount_6.8.2-77.3_sparc.deb Size/MD5: 70044 56d63787661918acfa11b4c2edf1b363 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-spaceorb_6.8.2-77.3_sparc.deb Size/MD5: 68896 407a96555ef0aca1c0f862756985bcc4 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-summa_6.8.2-77.3_sparc.deb Size/MD5: 73208 c124d986e5ede6f22d2e6e4468ef44da http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-tek4957_6.8.2-77.3_sparc.deb Size/MD5: 70788 139b257d986d1d81abc5df96ff6c07ac http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-void_6.8.2-77.3_sparc.deb Size/MD5: 67526 da4b3fa6d2ea2cd03ff074fae1f99e11 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-wacom_6.8.2-77.3_sparc.deb Size/MD5: 102200 d20486be0bd003c871362662945890ce http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg_6.8.2-77.3_sparc.deb Size/MD5: 274186 2936a9182f8fe998082ea1b094cb4d84 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xvfb_6.8.2-77.3_sparc.deb Size/MD5: 1463574 ed56597df856cf23c99ea94b0df46132 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.3.diff.gz Size/MD5: 59540 862bd1b35276a1f6295ab86afbb0c585 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.3.dsc Size/MD5: 710 e45aa32ea5d21cea1443eef299963ab6 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10.orig.tar.gz Size/MD5: 1323617 adf145ce51196ad1b3054d5fb032efe6 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont_1.0.0-0ubuntu3.3.diff.gz Size/MD5: 7292 53e0bf4639f85be2596ea73128f9786f http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont_1.0.0-0ubuntu3.3.dsc Size/MD5: 743 fb5f2db984b7aa11cc61b95c08908f4e http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont_1.0.0.orig.tar.gz Size/MD5: 816966 29c00c678d4ac9bea8ffe7ba264825d0 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.0.2-0ubuntu10.6.diff.gz Size/MD5: 31362 fb578e86128d4cefd37470d2b1b7a800 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.0.2-0ubuntu10.6.dsc Size/MD5: 1804 b8fa2ff2adefb6457a217c145f0a99ee http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.0.2.orig.tar.gz Size/MD5: 7966941 f44f0f07136791ed7a4028bd0dd5eae3 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.3_amd64.deb Size/MD5: 133862 9849bf94a3c83769fee1c8c40cc5a195 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.3_amd64.deb Size/MD5: 717494 0b0587f17aa8338d68f00f4f6de40cf8 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.3_amd64.udeb Size/MD5: 251748 ea23cce32b15ed7b944ceea15a7c28c4 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.3_amd64.deb Size/MD5: 439876 f4511db24d690e234e2c6157f6f0d86d http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont-dev_1.0.0-0ubuntu3.3_amd64.deb Size/MD5: 302752 cdb9b9f31fc890e1f81b6b84e62e6743 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1-dbg_1.0.0-0ubuntu3.3_amd64.deb Size/MD5: 375884 261b8c8db1350e1729a58bf14455f0d2 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1_1.0.0-0ubuntu3.3_amd64.deb Size/MD5: 242806 0d259ee4f74d911e61e8d6c1c3fd45a9 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.0.2-0ubuntu10.6_amd64.deb Size/MD5: 49900 6cd998c1385119c61c656454fcafdc57 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.0.2-0ubuntu10.6_amd64.deb Size/MD5: 848976 1de01ffe87bc9aad344ceebf57136501 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.0.2-0ubuntu10.6_amd64.deb Size/MD5: 1414328 fcd5128c61ea7c91f5dd0fdd67eb04fd http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.0.2-0ubuntu10.6_amd64.deb Size/MD5: 4048070 8a20c1e88020a82b1831541874ce7c48 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.0.2-0ubuntu10.6_amd64.deb Size/MD5: 294524 6b2619e3fbfc72356dc7afa6ee3afa0e http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.0.2-0ubuntu10.6_amd64.deb Size/MD5: 1564542 9ba68a1f137e86d212d7eb264008f4cd i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.3_i386.deb Size/MD5: 117358 a678e7f1914fdc53c66bc12b2563c104 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.3_i386.deb Size/MD5: 677468 1245a799d53d0326992d1fa22bad875b http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.3_i386.udeb Size/MD5: 227264 9c15e03342736754f33977e838c6d801 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.3_i386.deb Size/MD5: 415384 7ae6d5bbe1a4bde544290a80a3e3dc3f http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont-dev_1.0.0-0ubuntu3.3_i386.deb Size/MD5: 279004 3551439419ec533ee6e13b4ddad9879f http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1-dbg_1.0.0-0ubuntu3.3_i386.deb Size/MD5: 320798 e118c7ba341674944cd61dce7dd45266 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1_1.0.0-0ubuntu3.3_i386.deb Size/MD5: 216576 9357f5af25709f7e2c5627960a1c965c http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.0.2-0ubuntu10.6_i386.deb Size/MD5: 42444 13fe0025f651e11decf5072e9ba7c88e http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.0.2-0ubuntu10.6_i386.deb Size/MD5: 748738 8c8fb9a5513045b418ffc3c37337aaa9 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.0.2-0ubuntu10.6_i386.deb Size/MD5: 1241568 96276d9b49ce87040e0d355de948d7af http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.0.2-0ubuntu10.6_i386.deb Size/MD5: 3531364 addce36a358f8e1566118b490517d0d1 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.0.2-0ubuntu10.6_i386.deb Size/MD5: 294542 401c8007c96f3468eee908422fe384d5 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.0.2-0ubuntu10.6_i386.deb Size/MD5: 1382554 bfdc3acaba7eae4bfa8f09466c1a14f1 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.3_powerpc.deb Size/MD5: 134248 3f73867444b6902b21ece5e88bda5736 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.3_powerpc.deb Size/MD5: 708456 fd230d35b21882e8f33a733571589eb3 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.3_powerpc.udeb Size/MD5: 241444 985d65e2f522108b58cbb7101a1c4e93 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.3_powerpc.deb Size/MD5: 429892 e96a4115854d6b32907a3249bda2a0b4 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont-dev_1.0.0-0ubuntu3.3_powerpc.deb Size/MD5: 290970 714aaa371169f80396afd1d5d0bc082a http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1-dbg_1.0.0-0ubuntu3.3_powerpc.deb Size/MD5: 369962 cda66f3b003f5faeabe2225356ff414c http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1_1.0.0-0ubuntu3.3_powerpc.deb Size/MD5: 235378 3086125be0dd5bb2480f31d4a21b46c6 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.0.2-0ubuntu10.6_powerpc.deb Size/MD5: 55158 3d6a6b1cf5be95e00a48e5523d641d29 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.0.2-0ubuntu10.6_powerpc.deb Size/MD5: 825340 a5329d0d2322ebb0c2d102a47635216f http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.0.2-0ubuntu10.6_powerpc.deb Size/MD5: 1368184 0e1b6171168a996773c760b8b875648e http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.0.2-0ubuntu10.6_powerpc.deb Size/MD5: 4076112 3668d14302e64241292219b67e1f9659 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.0.2-0ubuntu10.6_powerpc.deb Size/MD5: 294538 5ef1c38d239ef6e6ac65d852d96c1665 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.0.2-0ubuntu10.6_powerpc.deb Size/MD5: 1506656 fc1885b7b5f482fe734f5d081b072b51 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.3_sparc.deb Size/MD5: 120076 f0524701f9defa5d49f80b333dba9161 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.3_sparc.deb Size/MD5: 683560 22024047655d0a6e26c484d1d231be3c http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.3_sparc.udeb Size/MD5: 222408 4a26ce30531b338bc5ce9e16bfcda691 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.3_sparc.deb Size/MD5: 410888 897071c782c16c0e3000a9c4586e184f http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont-dev_1.0.0-0ubuntu3.3_sparc.deb Size/MD5: 297866 0775567bab801a064f92e79c0939886c http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1-dbg_1.0.0-0ubuntu3.3_sparc.deb Size/MD5: 321246 8e57f2843bf6cb39a8cbde389c740872 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1_1.0.0-0ubuntu3.3_sparc.deb Size/MD5: 229820 c0e50a0ea242052b971dbd43f4144d6f http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.0.2-0ubuntu10.6_sparc.deb Size/MD5: 43880 705741e8b4a3cd9b591da2a1b85db401 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.0.2-0ubuntu10.6_sparc.deb Size/MD5: 758608 92ca7b1ee8f4509a4222c1dae58cb288 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.0.2-0ubuntu10.6_sparc.deb Size/MD5: 1313218 208167a5f9f5d074bf1f162da5377664 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.0.2-0ubuntu10.6_sparc.deb Size/MD5: 3789064 d7127a902bc8951e03e70baece970b34 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.0.2-0ubuntu10.6_sparc.deb Size/MD5: 294998 c2d3c3b6673c8c8f70d23db3712c134b http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.0.2-0ubuntu10.6_sparc.deb Size/MD5: 1445764 a1efd9aa2fa04d62f69771887a5d557f Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.2.1-5ubuntu0.1.diff.gz Size/MD5: 32265 c95bae22cdf8aff7dd045ffd19b84acb http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.2.1-5ubuntu0.1.dsc Size/MD5: 804 3c64a49cc8029e44361ec5b5dbac0a96 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.2.1.orig.tar.gz Size/MD5: 1451392 a584e84d617c6e7919b4aef9b5106cf4 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont_1.2.0-0ubuntu3.1.diff.gz Size/MD5: 21080 14f360ae2e6a5c3a535ba34244f513c9 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont_1.2.0-0ubuntu3.1.dsc Size/MD5: 923 df21beb2608cc68aa140d315041d9795 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont_1.2.0.orig.tar.gz Size/MD5: 827186 b4cb7808df5804efeb457043fed13782 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.1.1-0ubuntu12.2.diff.gz Size/MD5: 92001 cbe621e817e97c8a67ee7465bf3fa266 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.1.1-0ubuntu12.2.dsc Size/MD5: 2020 e4b095a246fd0a52f314ce371b3e0cb6 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.1.1.orig.tar.gz Size/MD5: 8388609 15852049050e49f380f953d8715500b9 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.2.1-5ubuntu0.1_amd64.deb Size/MD5: 150940 92d6b1c0aa652e6e8f013ae4048f4062 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.2.1-5ubuntu0.1_amd64.deb Size/MD5: 668960 0e5ff244ad6488cd3eb801b3768b7eda http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.2.1-5ubuntu0.1_amd64.udeb Size/MD5: 248264 4328e1df8f13a92086bc6dc0c43add50 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.2.1-5ubuntu0.1_amd64.deb Size/MD5: 353738 c41d6ae077ca5f31a25cc0f58cbd93c9 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont-dev_1.2.0-0ubuntu3.1_amd64.deb Size/MD5: 305140 eaa2799e4a889de2924c16629750c749 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1-dbg_1.2.0-0ubuntu3.1_amd64.deb Size/MD5: 354690 d06520d61f32e74f26764e6dbc1c14c4 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1_1.2.0-0ubuntu3.1_amd64.deb Size/MD5: 242998 5e24330de281bfc1bd33341abb57d967 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.1.1-0ubuntu12.2_amd64.deb Size/MD5: 57434 5edf610ecbdd99e59f118959ca0eb414 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.1.1-0ubuntu12.2_amd64.deb Size/MD5: 813654 4da55af97b7c83f85c557df79f66c0c2 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.1.1-0ubuntu12.2_amd64.deb Size/MD5: 1427180 efafeb1045b436463419496481cfdc78 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xserver-xephyr_1.1.1-0ubuntu12.2_amd64.deb Size/MD5: 1608506 39e8887d0c3b1d4b4059a990ccacc07b http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.1.1-0ubuntu12.2_amd64.deb Size/MD5: 3917424 d69cc89a0777f800d5e74e3a8041fd93 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.1.1-0ubuntu12.2_amd64.deb Size/MD5: 297442 b41410b7b585f2960827f912241891bc http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.1.1-0ubuntu12.2_amd64.deb Size/MD5: 1579394 facb0f2f9c2722e4d07af7dea9f838e5 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.2.1-5ubuntu0.1_i386.deb Size/MD5: 134026 6a3c9319eba74a20e6f5c0e3457a2e97 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.2.1-5ubuntu0.1_i386.deb Size/MD5: 640492 bb5ed3196a9e9fb626c17d96f40b3b2e http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.2.1-5ubuntu0.1_i386.udeb Size/MD5: 235400 cde67a8b74de363b4d3e1abe0f41e781 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.2.1-5ubuntu0.1_i386.deb Size/MD5: 341274 5aee6b86c26c312e17acf68808b737cc http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont-dev_1.2.0-0ubuntu3.1_i386.deb Size/MD5: 291958 2344c15719ade83c6e125e29e4b86c23 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1-dbg_1.2.0-0ubuntu3.1_i386.deb Size/MD5: 336952 fe81984c7c8cf4a8ca6a0f44998bc0eb http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1_1.2.0-0ubuntu3.1_i386.deb Size/MD5: 226028 5456ac2131d824a096d1e979cecfcea4 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.1.1-0ubuntu12.2_i386.deb Size/MD5: 50646 23cd4f9ca5689117c09c43ebdcfea49e http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.1.1-0ubuntu12.2_i386.deb Size/MD5: 751476 f3769d8fb8508eca644db0c8d9530a08 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.1.1-0ubuntu12.2_i386.deb Size/MD5: 1327210 73b1fa3c9d0e365f029962cb4e920b8e http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xserver-xephyr_1.1.1-0ubuntu12.2_i386.deb Size/MD5: 1498720 e7e629d60198742c9040687d9c02d108 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.1.1-0ubuntu12.2_i386.deb Size/MD5: 3563454 7f18073d92ab9a8a5fbb096b483598b5 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.1.1-0ubuntu12.2_i386.deb Size/MD5: 297484 7d506b6a3fee567e20a2a5e7aa6c2bc7 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.1.1-0ubuntu12.2_i386.deb Size/MD5: 1475138 fffb6ddb7a71160b492de7c8987cfc9b powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.2.1-5ubuntu0.1_powerpc.deb Size/MD5: 148582 24a4dc3fcd4e9ed1cc439178926016b4 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.2.1-5ubuntu0.1_powerpc.deb Size/MD5: 663380 d84c7eab9c0a1678485b5c10c99e227d http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.2.1-5ubuntu0.1_powerpc.udeb Size/MD5: 241628 bff6e436dc7884091e9a159425fb3345 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.2.1-5ubuntu0.1_powerpc.deb Size/MD5: 346870 8da887f46827f7a148b9d5573d6cb526 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont-dev_1.2.0-0ubuntu3.1_powerpc.deb Size/MD5: 295948 e373a2fb962bbd917ed1475707925379 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1-dbg_1.2.0-0ubuntu3.1_powerpc.deb Size/MD5: 353796 9ad2219e7d15c1e5267c922f5d518954 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1_1.2.0-0ubuntu3.1_powerpc.deb Size/MD5: 237280 a187dc106461ded50a6cafe3b7e5442d http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.1.1-0ubuntu12.2_powerpc.deb Size/MD5: 63432 d611ac901c34e99a1cfc77956c6f42c4 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.1.1-0ubuntu12.2_powerpc.deb Size/MD5: 797454 d0208072254a9e1e6041b12f660a7cf0 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.1.1-0ubuntu12.2_powerpc.deb Size/MD5: 1401888 9af060d4e15bcbc8bd55ec3b77f8f733 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xserver-xephyr_1.1.1-0ubuntu12.2_powerpc.deb Size/MD5: 1565976 22e88a95a1d3dc23299f782df124578e http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.1.1-0ubuntu12.2_powerpc.deb Size/MD5: 3983002 3345dba424bb25e0862b66acda8747d8 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.1.1-0ubuntu12.2_powerpc.deb Size/MD5: 297498 55dd5abe4abf1c7ef441c85dc070e68a http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.1.1-0ubuntu12.2_powerpc.deb Size/MD5: 1541334 474f69d831b778c5825ae02d340556e2 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.2.1-5ubuntu0.1_sparc.deb Size/MD5: 131806 c3d342df6c666a6ff77ad70c7c729297 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.2.1-5ubuntu0.1_sparc.deb Size/MD5: 635934 2ba5cf3a10353ed63a2b08a5ebd038ff http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.2.1-5ubuntu0.1_sparc.udeb Size/MD5: 220156 4f9315e0d159b61aed69ae09c8282b82 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.2.1-5ubuntu0.1_sparc.deb Size/MD5: 325494 95813d719f39a3b86f6b44cda4519a83 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont-dev_1.2.0-0ubuntu3.1_sparc.deb Size/MD5: 304582 8bca3c95b9e5f10d08357fb32ffa690c http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1-dbg_1.2.0-0ubuntu3.1_sparc.deb Size/MD5: 321526 1765ba83a127b01ed81632785688a0b0 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1_1.2.0-0ubuntu3.1_sparc.deb Size/MD5: 234114 fd5c8e1b70051aeae6d189037043c23e http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.1.1-0ubuntu12.2_sparc.deb Size/MD5: 50314 9fdc77ad9a5448d3b92c3b05fcfc4ac1 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.1.1-0ubuntu12.2_sparc.deb Size/MD5: 733754 8d5052a6cb973b478b57efcf9535020b http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.1.1-0ubuntu12.2_sparc.deb Size/MD5: 1344340 10ad7e4b138b14102ab3a396fa31255f http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xserver-xephyr_1.1.1-0ubuntu12.2_sparc.deb Size/MD5: 1500142 801229631c468c808bc3570a02f36436 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.1.1-0ubuntu12.2_sparc.deb Size/MD5: 3695516 c037048a7c2971f1c064e1644083a738 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.1.1-0ubuntu12.2_sparc.deb Size/MD5: 297856 45e8359cdae581b6ab4d5ad683a4ba89 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.1.1-0ubuntu12.2_sparc.deb Size/MD5: 1477724 8d6c6d871e63e6009ab6f9be3b10300f . (CVE-2007-1351, CVE-2007-1352) TightVNC uses some of the same code base as Xorg, and has the same vulnerable code. Multiple Vendor X Server BDF Font Parsing Integer Overflow Vulnerability iDefense Security Advisory 04.03.07 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 03, 2007 I. BACKGROUND The X Window System (or X11) is a graphical windowing system used on Unix-like systems. It is based on a client/server model. More information about about The X Window system is available at the following URL. http://en.wikipedia.org/wiki/X_Window_System II. DESCRIPTION Local exploitation of an integer overflow vulnerability in multiple vendors' implementations of the X Window System server BDF font parsing component could allow execution of arbitrary commands with elevated privileges. The vulnerability specifically exists in the parsing of BDF fonts. III. As the X11 server requires direct access to video hardware, it runs with elevated privileges. A user compromising an X server would gain those permissions. In order to exploit this vulnerability, an attacker would need to be able to cause the X server to use a maliciously constructed font. The X11 server contains multiple methods for a user to define additional paths to look for fonts. An exploit has been developed using the "-fp" command line option to the X11 server to pass the location of the attack to the server. It is also possible to use "xset" command with the "fp" option to perform an attack on an already running server. Some distributions allow users to start the X11 server only if they are logged on at the console, while others will allow any user to start it. Attempts at exploiting this vulnerability may put the console into an unusable state. This will not prevent repeated exploitation attempts. IV. DETECTION iDefense has confirmed the existence of this vulnerability in X.Org X11R7.1. Older versions are suspected to be vulnerable. Additionally, it is reported that the freetype library is also vulnerable. V. WORKAROUND iDefense is currently unaware of any effective workaround for this issue. VI. VENDOR RESPONSE The X.Org Foundation has addressed this vulnerability with source code patches. More information can be found from their advisory at the following URL. http://lists.freedesktop.org/archives/xorg-announce/2007-april/0286.html The freetype developers have committed a fix for this issue to their CVS repository. Future releases will contain this fix. VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-1351 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 02/21/2007 Initial vendor notification 03/28/2007 Initial vendor response 04/03/2007 Coordinated public disclosure IX. CREDIT This vulnerability was discovered by Greg MacManus of iDefense Labs. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright \xa9 2007 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information
VAR-200704-0043 CVE-2007-1913 SAP RFC Library Trusted_System_Security Function Information Disclosure Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. SAP RFC Library is prone to an information-disclosure vulnerability. Few details regarding this issue are currently available. This BID will be updated as more information emerges. An attacker can exploit this issue to access sensitive informaiton. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: SAP RFC Library Multiple Vulnerabilities SECUNIA ADVISORY ID: SA24722 VERIFY ADVISORY: http://secunia.com/advisories/24722/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information, DoS, System access WHERE: >From local network SOFTWARE: SAP RFC Library 7.x http://secunia.com/product/13851/ SAP RFC Library 6.x http://secunia.com/product/13850/ DESCRIPTION: Mariano Nu\xf1ez Di Croce has reported some vulnerabilities in SAP RFC Library, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system. 1) The "RFC_SET_REG_SERVER_PROPERTY" RFC function allows to define the exclusive use of the RFC Server. This can be exploited to cause a DoS by denying access to other clients. 2) An unspecified buffer overflow exists within the "SYSTEM_CREATE_INSTANCE" RFC function, which can be exploited to execute arbitrary code. 3) An unspecified buffer overflow exists within the "RFC_START_GUI" RFC function, which can be exploited to execute arbitrary code. 4) Two unspecified errors exist within the "RFC_START_PROGRAM" RFC function. These can be exploited to gain knowledge about the RFC server's configuration or execute arbitrary code. Other versions may also be affected. SOLUTION: Reportedly, SAP released patches. PROVIDED AND/OR DISCOVERED BY: Mariano Nu\xf1ez Di Croce ORIGINAL ADVISORY: http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_SET_REG_SERVER_PROPERTY_RFC_Function_Denial_of_Service.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_GUI_RFC_Function_Buffer_Overflow.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_PROGRAM_RFC_Function_Multiple_Vulnerabilities.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_SYSTEM_CREATE_INSTANCE_RFC_Function_Buffer_Overflow.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200704-0045 CVE-2007-1915 SAP RFC Library of RFC_START_PROGRAM Buffer overflow vulnerability in functions CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Buffer overflow in the RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. The SAP RFC Library is prone to an unspecified buffer-overflow issue and an information-disclosure issue. An attacker could exploit these issues to execute arbitrary code, cause the affected application to crash, or gain access to sensitive information. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: SAP RFC Library Multiple Vulnerabilities SECUNIA ADVISORY ID: SA24722 VERIFY ADVISORY: http://secunia.com/advisories/24722/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information, DoS, System access WHERE: >From local network SOFTWARE: SAP RFC Library 7.x http://secunia.com/product/13851/ SAP RFC Library 6.x http://secunia.com/product/13850/ DESCRIPTION: Mariano Nu\xf1ez Di Croce has reported some vulnerabilities in SAP RFC Library, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system. 1) The "RFC_SET_REG_SERVER_PROPERTY" RFC function allows to define the exclusive use of the RFC Server. This can be exploited to cause a DoS by denying access to other clients. 4) Two unspecified errors exist within the "RFC_START_PROGRAM" RFC function. 5) An error within the "TRUSTED_SYSTEM_SECURITY" function can be exploited to gain knowledge about existing user accounts and groups on a RFC server. Other versions may also be affected. SOLUTION: Reportedly, SAP released patches. PROVIDED AND/OR DISCOVERED BY: Mariano Nu\xf1ez Di Croce ORIGINAL ADVISORY: http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_SET_REG_SERVER_PROPERTY_RFC_Function_Denial_of_Service.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_GUI_RFC_Function_Buffer_Overflow.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_PROGRAM_RFC_Function_Multiple_Vulnerabilities.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_SYSTEM_CREATE_INSTANCE_RFC_Function_Buffer_Overflow.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200704-0046 CVE-2007-1916 SAP RFC Library of RFC_START_GUI Buffer overflow vulnerability in functions CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Buffer overflow in the RFC_START_GUI function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. An attacker could exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: SAP RFC Library Multiple Vulnerabilities SECUNIA ADVISORY ID: SA24722 VERIFY ADVISORY: http://secunia.com/advisories/24722/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information, DoS, System access WHERE: >From local network SOFTWARE: SAP RFC Library 7.x http://secunia.com/product/13851/ SAP RFC Library 6.x http://secunia.com/product/13850/ DESCRIPTION: Mariano Nu\xf1ez Di Croce has reported some vulnerabilities in SAP RFC Library, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system. 1) The "RFC_SET_REG_SERVER_PROPERTY" RFC function allows to define the exclusive use of the RFC Server. This can be exploited to cause a DoS by denying access to other clients. 4) Two unspecified errors exist within the "RFC_START_PROGRAM" RFC function. 5) An error within the "TRUSTED_SYSTEM_SECURITY" function can be exploited to gain knowledge about existing user accounts and groups on a RFC server. The vulnerabilities are reported in SAP RFC Library versions 6.40 and 7.00. Other versions may also be affected. SOLUTION: Reportedly, SAP released patches. PROVIDED AND/OR DISCOVERED BY: Mariano Nu\xf1ez Di Croce ORIGINAL ADVISORY: http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_SET_REG_SERVER_PROPERTY_RFC_Function_Denial_of_Service.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_GUI_RFC_Function_Buffer_Overflow.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_PROGRAM_RFC_Function_Multiple_Vulnerabilities.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_SYSTEM_CREATE_INSTANCE_RFC_Function_Buffer_Overflow.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200704-0047 CVE-2007-1917 SAP RFC Library of SYSTEM_CREATE_INSTANCE Buffer overflow vulnerability in functions CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. Few details regarding this issue are currently available. This BID will be updated as more information emerges. An attacker can exploit this issue to execute arbitrary commands over external RFC servers. Failed attempts will likely cause denial-of-service conditions. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: SAP RFC Library Multiple Vulnerabilities SECUNIA ADVISORY ID: SA24722 VERIFY ADVISORY: http://secunia.com/advisories/24722/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information, DoS, System access WHERE: >From local network SOFTWARE: SAP RFC Library 7.x http://secunia.com/product/13851/ SAP RFC Library 6.x http://secunia.com/product/13850/ DESCRIPTION: Mariano Nu\xf1ez Di Croce has reported some vulnerabilities in SAP RFC Library, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system. 1) The "RFC_SET_REG_SERVER_PROPERTY" RFC function allows to define the exclusive use of the RFC Server. This can be exploited to cause a DoS by denying access to other clients. 4) Two unspecified errors exist within the "RFC_START_PROGRAM" RFC function. 5) An error within the "TRUSTED_SYSTEM_SECURITY" function can be exploited to gain knowledge about existing user accounts and groups on a RFC server. The vulnerabilities are reported in SAP RFC Library versions 6.40 and 7.00. Other versions may also be affected. SOLUTION: Reportedly, SAP released patches. PROVIDED AND/OR DISCOVERED BY: Mariano Nu\xf1ez Di Croce ORIGINAL ADVISORY: http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_SET_REG_SERVER_PROPERTY_RFC_Function_Denial_of_Service.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_GUI_RFC_Function_Buffer_Overflow.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_PROGRAM_RFC_Function_Multiple_Vulnerabilities.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_SYSTEM_CREATE_INSTANCE_RFC_Function_Buffer_Overflow.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200704-0048 CVE-2007-1918 SAP RFC Library of RFC_SET_REG_SERVER_PROPERTY Service disruption in functions (DoS) Vulnerabilities CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 and 7.00 before 20070109 implements an option for exclusive access to an RFC server, which allows remote attackers to cause a denial of service (client lockout) via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. The SAP RFC Library is prone to a remote denial-of-service vulnerability. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: SAP RFC Library Multiple Vulnerabilities SECUNIA ADVISORY ID: SA24722 VERIFY ADVISORY: http://secunia.com/advisories/24722/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information, DoS, System access WHERE: >From local network SOFTWARE: SAP RFC Library 7.x http://secunia.com/product/13851/ SAP RFC Library 6.x http://secunia.com/product/13850/ DESCRIPTION: Mariano Nu\xf1ez Di Croce has reported some vulnerabilities in SAP RFC Library, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system. This can be exploited to cause a DoS by denying access to other clients. 2) An unspecified buffer overflow exists within the "SYSTEM_CREATE_INSTANCE" RFC function, which can be exploited to execute arbitrary code. 3) An unspecified buffer overflow exists within the "RFC_START_GUI" RFC function, which can be exploited to execute arbitrary code. 4) Two unspecified errors exist within the "RFC_START_PROGRAM" RFC function. These can be exploited to gain knowledge about the RFC server's configuration or execute arbitrary code. 5) An error within the "TRUSTED_SYSTEM_SECURITY" function can be exploited to gain knowledge about existing user accounts and groups on a RFC server. Other versions may also be affected. SOLUTION: Reportedly, SAP released patches. PROVIDED AND/OR DISCOVERED BY: Mariano Nu\xf1ez Di Croce ORIGINAL ADVISORY: http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_SET_REG_SERVER_PROPERTY_RFC_Function_Denial_of_Service.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_GUI_RFC_Function_Buffer_Overflow.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_PROGRAM_RFC_Function_Multiple_Vulnerabilities.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_SYSTEM_CREATE_INSTANCE_RFC_Function_Buffer_Overflow.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200712-0433 CVE-2007-5849 CUPS of SNMP Backend program for integer overflow vulnerability CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow. Common UNIX Printing System (CUPS) is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer. Failed exploit attempts will likely result in denial-of-service conditions. Apple Mac OS X is prone to multiple security vulnerabilities. These issues affect Mac OS X and various applications, including Address Book, CFNetwork, ColorSync, CoreFoundation, CUPS, Desktop Services, iChat, IO Storage Family, Launch Services, Mail, Quick Look, Safari, Safari RSS, SMB, Software Update, Spin Tracer, Spotlight, tcpdump, and XQuery. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues. Apple Common Unix Printing System (CUPS) is an open source printing system for OS X and Unix-like systems developed by Apple. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. There is a vulnerability when CUPS processes SNMP requests containing malformed data, and remote attackers may exploit this vulnerability to control the server. There is a symbol error in the asn1_get_string() function in the backend/snmp.c file of CUPS. =========================================================== Ubuntu Security Notice USN-563-1 January 09, 2008 cupsys vulnerabilities CVE-2007-5849, CVE-2007-6358 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: cupsys 1.2.2-0ubuntu0.6.06.6 Ubuntu 6.10: cupsys 1.2.4-2ubuntu3.2 Ubuntu 7.04: cupsys 1.2.8-0ubuntu8.2 Ubuntu 7.10: cupsys 1.3.2-1ubuntu7.3 In general, a standard system upgrade is sufficient to effect the necessary changes. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.6.diff.gz Size/MD5: 96854 c42f659f650a9c0d81bdb4f8ba7004bf http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.6.dsc Size/MD5: 1049 01c4bd2466a668f82bc852b2658e3f24 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.6_all.deb Size/MD5: 996 b0b0b7b1a5b04ac737c6c1c506bf0a1d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.6_amd64.deb Size/MD5: 36242 0d64ba11e2e59e2f089fdb40efed1565 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.6_amd64.deb Size/MD5: 81910 3f9240a0ac855620f13662ecd48224d5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.6_amd64.deb Size/MD5: 2285594 073223e345043bfa56f5d173393cbbfe http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.6_amd64.deb Size/MD5: 6094 dcb63118059086cdf2fe9f66eab3c9ab http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.6_amd64.deb Size/MD5: 75942 d4483bb658545cbedcafa65e9a6ee045 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.6_amd64.deb Size/MD5: 25746 39cf872611b0f62f54b38953374b1c01 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.6_amd64.deb Size/MD5: 128784 dbf0ce78d28f3a62d2ef67074a04facb i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.6_i386.deb Size/MD5: 34776 16593bfabe944044a1c0c87fd006111b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.6_i386.deb Size/MD5: 77984 67af7dd120fda3fabd5bf1bcde0ecaa0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.6_i386.deb Size/MD5: 2253134 7d5f6f3d3343cf0f4873042947c3265f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.6_i386.deb Size/MD5: 6096 2b68e82e024d376d649cd3b3c14cf378 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.6_i386.deb Size/MD5: 75008 b9b5873df6f6e12ca694404e0ae1397a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.6_i386.deb Size/MD5: 25742 3d4a30e76a7ab05dddc49967c5af6206 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.6_i386.deb Size/MD5: 121008 75fa970f801c819ca2e37f42ccda165a powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.6_powerpc.deb Size/MD5: 40466 e078800e5e94fa64a451cdbb8414acc3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.6_powerpc.deb Size/MD5: 89536 b9a20806c2b91bd7370686ea3b8588da http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.6_powerpc.deb Size/MD5: 2300252 9252b6866259c84e63ee4dba67083ed8 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.6_powerpc.deb Size/MD5: 6096 4d677d45da127c45c81ce3889a9256a7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.6_powerpc.deb Size/MD5: 77702 2e05e968244b734744f1fce8ebfafb33 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.6_powerpc.deb Size/MD5: 25752 9f7ba4ffc1c72e78047d983554e32512 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.6_powerpc.deb Size/MD5: 126772 8246a4b5933201f0f247f30ab5a97944 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.6_sparc.deb Size/MD5: 35396 9193306b04ba1d9bcf0d22225cc839e6 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.6_sparc.deb Size/MD5: 78730 bce8c7563b87f3327a134c451364ce21 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.6_sparc.deb Size/MD5: 2286800 833891fe2b553542324e93bb306c9da4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.6_sparc.deb Size/MD5: 6098 700ed2ed4032bae2bc5f7ad1b0938f65 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.6_sparc.deb Size/MD5: 74964 84b65d7d0127cc488d2aed110b7d9086 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.6_sparc.deb Size/MD5: 25740 fa32e9fe9c0d429a1159e41b07d5964f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.6_sparc.deb Size/MD5: 122514 1e818d01773b5bc86b9f56e8022d6863 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.2.diff.gz Size/MD5: 110832 2971bd952368028e975fd00a20ce501b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.2.dsc Size/MD5: 1059 e98ea8935c9ceed519d111d32e552586 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4.orig.tar.gz Size/MD5: 4091480 46722ad2dc78b12b5c05db2d080fe784 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.2.4-2ubuntu3.2_all.deb Size/MD5: 869636 834405f963c7a9ce3b3d69f09e1805fe amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.2_amd64.deb Size/MD5: 36710 d6b14470183b492c8a0695ae3cf5820d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.2_amd64.deb Size/MD5: 82508 1f22c18ad0618cae8fd9b161debe997c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.2_amd64.deb Size/MD5: 1480116 da71d67953ad08e275d92429aff51456 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.2_amd64.deb Size/MD5: 6122 869caee45ed45ef339c86eb51a114920 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.2_amd64.deb Size/MD5: 95102 8f5848eddffc362517e4ff676f835973 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.2_amd64.deb Size/MD5: 26142 8ec6a04b1c0389911e1f1dc9e5377536 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.2_amd64.deb Size/MD5: 171840 f8215cbe5fe52dd32a598cbc7f27a8a1 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.2_i386.deb Size/MD5: 36264 c1ce097acea2435d13a0773986769641 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.2_i386.deb Size/MD5: 80106 cbc3b76611aaece014e555a170dca185 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.2_i386.deb Size/MD5: 1463248 4d326335153bdf16670b4d6b23309adb http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.2_i386.deb Size/MD5: 6122 f3ee8c280dffbcb1be2e30087818fc12 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.2_i386.deb Size/MD5: 94910 b56efddf07944953ee6c93a357392ab5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.2_i386.deb Size/MD5: 26140 062e3f1216765e325ed4bbc0dff04df5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.2_i386.deb Size/MD5: 168962 ff967163df3e0c10338ebccecf816fa2 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.2_powerpc.deb Size/MD5: 41804 90c6b755b81eac7f64cffdc410781637 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.2_powerpc.deb Size/MD5: 91146 93b16b2504ca56ca57ca562ccd109a42 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.2_powerpc.deb Size/MD5: 1497758 d713cc8d5962474285cfcb8f4d5c9387 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.2_powerpc.deb Size/MD5: 6126 61c3a759bc71ed557194b123ee547425 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.2_powerpc.deb Size/MD5: 97286 e4da8af1c90ae24bd767317aa8cfcf4a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.2_powerpc.deb Size/MD5: 26138 fcd8753ebf0b695dea0375e713a85ea2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.2_powerpc.deb Size/MD5: 172252 27806a56e06673bd3fe961f650939193 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.4-2ubuntu3.2_sparc.deb Size/MD5: 36282 2b0888242ed98acf5f8214598a191ac4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.4-2ubuntu3.2_sparc.deb Size/MD5: 80234 819d971ba0a287fc39f8ffe60a8dea46 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.4-2ubuntu3.2_sparc.deb Size/MD5: 1488822 33280b196dd0f5e372c01f679fa6b92a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.4-2ubuntu3.2_sparc.deb Size/MD5: 6128 36f672bc145cc881f6ed0d501532c889 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.4-2ubuntu3.2_sparc.deb Size/MD5: 94144 b270ae4767e5a5a4f664686c688e4c83 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.4-2ubuntu3.2_sparc.deb Size/MD5: 26142 e951c05414d91657af1774951ff0b49c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.4-2ubuntu3.2_sparc.deb Size/MD5: 168272 9c24a04995a400f1c868398d14b31740 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.2.diff.gz Size/MD5: 155988 d5eeee8bb5b1be8f20732ddc15a146b7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.2.dsc Size/MD5: 1143 0669aaa760ed047edc4f9a942882f01d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8.orig.tar.gz Size/MD5: 4293194 107affe95fcf1cd4aaed4a5c73f4b91f Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.2.8-0ubuntu8.2_all.deb Size/MD5: 925994 663b23d61cc43e14a45a4079a1b53d14 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.2_amd64.deb Size/MD5: 37404 c857fcb86cf6fbc5a1fe7dcb93bcfc9c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.2_amd64.deb Size/MD5: 83234 cb15baea3370ad40ad903ecdd5c2a150 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.2_amd64.deb Size/MD5: 1638028 f9e0e6d0ab30836134b18e68f515aa24 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.2_amd64.deb Size/MD5: 56372 45a35748bebb147b1ece7fc2318fe5d5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.2_amd64.deb Size/MD5: 103904 3ec48e9e35555d39718da7dfa12296e1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.2_amd64.deb Size/MD5: 144844 d7a36d83f016f81978d77334df958abe http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.2_amd64.deb Size/MD5: 181906 504d933b448fea5199083007de9def13 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.2_i386.deb Size/MD5: 36728 a9d95dd94c95b39fba113bad0ba83d31 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.2_i386.deb Size/MD5: 80756 002c4adb90d4aeb46f22cf043c2a3c5d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.2_i386.deb Size/MD5: 1620614 dfd8630f8aa3bfc7a3603ab89376bbdc http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.2_i386.deb Size/MD5: 55450 15f5048b3543a2506d1b65937c145c10 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.2_i386.deb Size/MD5: 103602 621c142a15a018a53fb4e1c731dd6273 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.2_i386.deb Size/MD5: 139324 45c10a2df595a6e2d911e2ff3ab4a405 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.2_i386.deb Size/MD5: 178200 41745eaf4b7e638c6294c0c7d272e91b powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.2_powerpc.deb Size/MD5: 46770 7b7c32c212787825b4c8ce5f23f11e9f http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.2_powerpc.deb Size/MD5: 101104 8a64784b5b11dbd2633de705b6803702 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.2_powerpc.deb Size/MD5: 1695072 a9a974ada7cab231ed81c03a91ddc6fa http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.2_powerpc.deb Size/MD5: 56224 859a93733a404b6336815740c704cb31 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.2_powerpc.deb Size/MD5: 109462 b57a9c49d5a186cb0a90ceff60fe3e0c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.2_powerpc.deb Size/MD5: 141176 03a25641a1d1f0cc3daaff277fc9a1fe http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.2_powerpc.deb Size/MD5: 187796 4f7930d31e79c8e80c3002305f628abb sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.8-0ubuntu8.2_sparc.deb Size/MD5: 37776 4b82dbd83e2d0ab3b8a37a1819df2be0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.8-0ubuntu8.2_sparc.deb Size/MD5: 83754 ca7d3f04b938edf84d4495ee28401947 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.8-0ubuntu8.2_sparc.deb Size/MD5: 1658640 516e63f4be8670977ede42a5931f84d1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.8-0ubuntu8.2_sparc.deb Size/MD5: 54742 c393dd034b59bdb312caa88e6e5a2518 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.8-0ubuntu8.2_sparc.deb Size/MD5: 103154 cca146d09d3d96060aae19ed28c9bad0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.8-0ubuntu8.2_sparc.deb Size/MD5: 141756 8ac1af17f52affe05290eda3f632a5c2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.8-0ubuntu8.2_sparc.deb Size/MD5: 177460 7a2e8e00865878da7823113b9c82fe96 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.3.diff.gz Size/MD5: 123551 3081910dc48c0bf26861c418898424e5 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.3.dsc Size/MD5: 1218 31f9a51331fdef642f68181a96e48b90 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2.orig.tar.gz Size/MD5: 4848424 9e3e1dee4d872fdff0682041198d3d73 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.2-1ubuntu7.3_all.deb Size/MD5: 1080422 55bbe3cc2879bf863ea481de00a87d38 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.3_amd64.deb Size/MD5: 37090 c208eccfeb8c01c9c9cf69d533e48875 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.3_amd64.deb Size/MD5: 89264 d75e34c37e473f37049e9b8d56da85f9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.3_amd64.deb Size/MD5: 2033330 19317bd0287cd2ffb107a79cb10221b7 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.3_amd64.deb Size/MD5: 59894 669b27a09c281c6627ac6f90cdaa9d6c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.3_amd64.deb Size/MD5: 46744 3bf6625d4362c0b737f8092a5ce5d8f2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.3_amd64.deb Size/MD5: 152012 918fb853dabc5e4f9b01d141a700cdd6 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.3_amd64.deb Size/MD5: 185064 9ba4383cca2c676c115f0896c4d3f7ac i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.3_i386.deb Size/MD5: 36386 a9cc51dd1d0bfb023a1723094b5dc8fd http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.3_i386.deb Size/MD5: 86266 a5a5f183b0072355dc7f6d7da0cc6150 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.3_i386.deb Size/MD5: 2016958 1a403efd5824fdd4aabc01d6fd4be80d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.3_i386.deb Size/MD5: 58630 05c449135359e5dff074bb09d35ab993 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.3_i386.deb Size/MD5: 46096 190e2a501bcc471b47b19c0fab1e6faf http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.3_i386.deb Size/MD5: 145700 6bace8671d4aabfb12981f35bf90e3fd http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.3_i386.deb Size/MD5: 181864 48bdde0f8e4419ed820aad223f04a78e powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.3_powerpc.deb Size/MD5: 46396 d418a342f7bcc3c62a00b6aaa91f6a55 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.3_powerpc.deb Size/MD5: 107534 b5021ac12d34feaa894822833a80f96c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.3_powerpc.deb Size/MD5: 2098076 ce2bbaac830121b2e332e1d6be7f2812 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.3_powerpc.deb Size/MD5: 59338 a2e1ed47fc41b154279fa991d1b83b63 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.3_powerpc.deb Size/MD5: 51684 5dc5292ba6c5957c6906a1ec10425389 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.3_powerpc.deb Size/MD5: 146958 ca1a231a2fead08a3a291a98016ad164 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.3_powerpc.deb Size/MD5: 190810 df39b95fd46271a4102fa86991687d87 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.2-1ubuntu7.3_sparc.deb Size/MD5: 37476 ad024b3c304fddd547f73533c2af353e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.2-1ubuntu7.3_sparc.deb Size/MD5: 89402 d43d4d7730511ae01ada631e49a33386 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.2-1ubuntu7.3_sparc.deb Size/MD5: 2059212 5d8c784938e35c99434a9aeec756c7f0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.2-1ubuntu7.3_sparc.deb Size/MD5: 57890 c16d91ecc08a9f644a4702694f061948 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.2-1ubuntu7.3_sparc.deb Size/MD5: 45426 9b43f0207dc35329c6b68a00f9470b27 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.2-1ubuntu7.3_sparc.deb Size/MD5: 148480 6475be7a82a097f3d1e650f2e1b34e4a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.2-1ubuntu7.3_sparc.deb Size/MD5: 180882 aa0f56882aee8a313019fd9806cb96e2 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200712-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: CUPS: Multiple vulnerabilities Date: December 18, 2007 Bugs: #199195, #201042, #201570 ID: 200712-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in CUPS, allowing for the remote execution of arbitrary code and a Denial of Service. Background ========== CUPS provides a portable printing layer for UNIX-based operating systems. The alternate pdftops filter is a CUPS filter used to convert PDF files to the Postscript format via Poppler; the filter is installed by default in Gentoo Linux. Elias Pipping (Gentoo) discovered that the alternate pdftops filter creates temporary files with predictable file names when reading from standard input (CVE-2007-6358). Furthermore, the resolution of a Denial of Service vulnerability covered in GLSA 200703-28 introduced another Denial of Service vulnerability within SSL handling (CVE-2007-4045). A local attacker could exploit the second vulnerability to overwrite arbitrary files with the privileges of the user running the CUPS spooler (usually lp) by using symlink attacks. A remote attacker could cause a Denial of Service condition via the third vulnerability when SSL is enabled in CUPS. Workaround ========== To disable SNMP support in CUPS, you have have to manually delete the file "/usr/libexec/cups/backend/snmp". Please note that the file is reinstalled if you merge CUPS again later. To disable the pdftops filter, delete all lines referencing "pdftops" in CUPS' "mime.convs" configuration file. To work around the third vulnerability, disable SSL support via the corresponding USE flag. Resolution ========== All CUPS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.2.12-r4" References ========== [ 1 ] CVE-2007-4045 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4045 [ 2 ] CVE-2007-5849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5849 [ 3 ] CVE-2007-6358 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6358 [ 4 ] GLSA 200703-28 http://www.gentoo.org/security/en/glsa/glsa-200703-28.xml Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200712-14.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Background ========== AMD64 x86 emulation base libraries provides pre-compiled 32-bit libraries. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/emul-linux-x86-baselibs < 20140406-r1 >= 20140406-r1 Description =========== Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. They are included in this advisory for the sake of completeness. It is likely that your system is already no longer affected by them. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1437-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff December 26, 2007 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : cupsys Vulnerability : several Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-5849 CVE-2007-6358 Several local vulnerabilities have been discovered in the Common UNIX Printing System. This vulnerability is not exploitable in the default configuration. For the stable distribution (etch), these problems have been fixed in version 1.2.7-4etch2. The old stable distribution (sarge) is not affected by CVE-2007-5849. The other issue doesn't warrant an update on it's own and has been postponed. For the unstable distribution (sid), these problems have been fixed in version 1.3.5-1. We recommend that you upgrade your cupsys packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 4.0 (stable) - ------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2.dsc Size/MD5 checksum: 1084 7eda7d3797d141d174e163f837cd91b4 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz Size/MD5 checksum: 4214272 c9ba33356e5bb93efbcf77b6e142e498 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2.diff.gz Size/MD5 checksum: 103089 a856a1ff975042783cb87f23d15e5b3a Architecture independent packages: http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch2_all.deb Size/MD5 checksum: 45246 3216cd80859aa97b7c8c5774b2462db2 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch2_all.deb Size/MD5 checksum: 893020 28b90e7e58400b9216f72cecf7de0d4a alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_alpha.deb Size/MD5 checksum: 1096542 686386cd43230708d49cea4af0d57b9f http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_alpha.deb Size/MD5 checksum: 94468 32d1efdef788039ac00ed1e57a6fcc47 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_alpha.deb Size/MD5 checksum: 1608840 d042363f0999e1f11939e3f5e8de8b38 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_alpha.deb Size/MD5 checksum: 72432 5e43d1208715258c4ff09dcee0fa4081 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_alpha.deb Size/MD5 checksum: 86284 dca9ccc53cb8fcf7b8e1a44b8e76a6ad http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_alpha.deb Size/MD5 checksum: 184372 cb6c4f2c2a08ccc55c25c35d039fe400 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_alpha.deb Size/MD5 checksum: 39260 cdfc7a39f71c1aed6973a2956cf8749d http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_alpha.deb Size/MD5 checksum: 174608 e2c1ebf86bfc9f538a640c8ea385330f amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_amd64.deb Size/MD5 checksum: 142552 60167bc344afbaa54904b295c78def9c http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_amd64.deb Size/MD5 checksum: 36366 3feca5f614aca7d527b1beba01462f6e http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_amd64.deb Size/MD5 checksum: 161666 65ebf0f70d842eeb8adc309946357b4d http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_amd64.deb Size/MD5 checksum: 85314 0be1f821b4880c7a4b83cd7779edbce4 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_amd64.deb Size/MD5 checksum: 80704 26db3ea2f4aee728ead9ffba2686b827 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_amd64.deb Size/MD5 checksum: 1574360 3a1e7f5f6a8766a1f89aa65fc47c5d72 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_amd64.deb Size/MD5 checksum: 52862 3e8caecdc231fcded29f0029b76019a8 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_amd64.deb Size/MD5 checksum: 1085694 235f96f3c07947ab11cd4222490441f0 arm architecture (ARM) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_arm.deb Size/MD5 checksum: 48532 08ce8a9c2d9edf30a381ddc34073c397 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_arm.deb Size/MD5 checksum: 1025036 c3165815ab4292c0b200176c4c0ad7d6 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_arm.deb Size/MD5 checksum: 35924 02c6ebde8deb0fcb39074deb5895b95b http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_arm.deb Size/MD5 checksum: 78912 33627a4c4e1dd3b4001f165cfda64259 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_arm.deb Size/MD5 checksum: 132054 c4e04d8fb763e599931f3cb0207d84cb http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_arm.deb Size/MD5 checksum: 154314 0dcbd01293a5a0925af776bc0d6490fa http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_arm.deb Size/MD5 checksum: 84494 66ff0b8a8b07d0faddee758806e044be http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_arm.deb Size/MD5 checksum: 1568356 725c88c2ac3737a0a323e82a5877f8f9 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_hppa.deb Size/MD5 checksum: 39264 528456372ac16c6dc257d2672a24cc84 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_hppa.deb Size/MD5 checksum: 85260 60da86a4e6b72d49f3c405cda6eaaa33 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_hppa.deb Size/MD5 checksum: 90316 7d7093a9bca7c6ee4a190eaea715cf1f http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_hppa.deb Size/MD5 checksum: 57026 7e78c5bf532b9761b6ebc290c4c24b94 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_hppa.deb Size/MD5 checksum: 171548 37bfd1849d459be20f5df6da4d0e8f19 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_hppa.deb Size/MD5 checksum: 1611932 3a3e91d8c878c6ec42a99d1bfacbafac http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_hppa.deb Size/MD5 checksum: 154600 fc87ba725d54223245d9cb71777307a7 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_hppa.deb Size/MD5 checksum: 1031728 cdcfb63a3a2200f4ca36aa0d530c32d9 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_i386.deb Size/MD5 checksum: 53068 e28d98e95a5e543991b996e84d028863 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_i386.deb Size/MD5 checksum: 138280 28df76637f6b23d98ec81f6a7bf2b6ba http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_i386.deb Size/MD5 checksum: 159796 fa2db05d879ce293041be45683febe8b http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_i386.deb Size/MD5 checksum: 1547840 6d7396410919ae7207d3d9aadfb5026f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_i386.deb Size/MD5 checksum: 79880 c392020f91e2901d4122ef6a1fa08fed http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_i386.deb Size/MD5 checksum: 85778 a11291b1a834d42ba160fb8d92db0c3a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_i386.deb Size/MD5 checksum: 997490 0d91574ed291678037351dd0a32f445f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_i386.deb Size/MD5 checksum: 36476 ee84ce1774c646915ba410dadcda3470 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_ia64.deb Size/MD5 checksum: 1107194 dc683bec9dcfffc4a1e020b2859e1fab http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_ia64.deb Size/MD5 checksum: 106228 db41cfc57bf2d43da703285f9790344c http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_ia64.deb Size/MD5 checksum: 46332 f52d7a07c6acf6613da1ae43f64b8ef7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_ia64.deb Size/MD5 checksum: 203378 9da06426a99702d4485b528d542b666d http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_ia64.deb Size/MD5 checksum: 105872 cd243300f6b804b2501e5681401c574e http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_ia64.deb Size/MD5 checksum: 73934 b3618bd2d5b1de8371ea56301312ef3a http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_ia64.deb Size/MD5 checksum: 192368 35aba3be08e6a72b54617bb666b12d4c http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_ia64.deb Size/MD5 checksum: 1769808 8d0ab1028149cabd9d946c44cf4d4f86 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_mips.deb Size/MD5 checksum: 77158 5302b4e5edb3d0d7733481eaabdbddcf http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_mips.deb Size/MD5 checksum: 85874 d6beacabf8db05137b4c4357ea7557e9 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_mips.deb Size/MD5 checksum: 157884 d0f4ed5d1da24041179f9f2697f2ffcb http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_mips.deb Size/MD5 checksum: 1096124 feea35b2ae01af3b06ee3ce8a854324e http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_mips.deb Size/MD5 checksum: 35968 0bb0b6c1018c466326b6406de4af093e http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_mips.deb Size/MD5 checksum: 150766 ff55f24b0b36722265644252857d8b5c http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_mips.deb Size/MD5 checksum: 1550792 97167182293fc8400cb9fefffc3670e7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_mips.deb Size/MD5 checksum: 57384 b2473f40bde45105c0bdec916ff93cdb mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_mipsel.deb Size/MD5 checksum: 86054 f78f586a8f15727e28c67bca58caaa26 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_mipsel.deb Size/MD5 checksum: 1552410 94190014545b85b403a21e97d9901776 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_mipsel.deb Size/MD5 checksum: 157716 e0bd0f1e90b1124b1441bc1f313a7764 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_mipsel.deb Size/MD5 checksum: 1083814 a5968478d72e11f19d4e019d3095e51f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_mipsel.deb Size/MD5 checksum: 36068 363ff5b0694c2fef407a92dea1ba1c4e http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_mipsel.deb Size/MD5 checksum: 77458 db7144590602bf3cf25cba5fdce485a8 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_mipsel.deb Size/MD5 checksum: 57700 04626a4cb44728ea61bcb7f8d8ddc1ed http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_mipsel.deb Size/MD5 checksum: 150902 f3cb4f6ca36503d7b70aab6d559199d2 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_powerpc.deb Size/MD5 checksum: 51792 e89680c8a9b4851ebb5ad0d304e6bbb7 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_powerpc.deb Size/MD5 checksum: 90002 ce367709844a87951f810524aadfea4c http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_powerpc.deb Size/MD5 checksum: 136864 0aabc007ab84b86a77f6c601ba8d44fd http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_powerpc.deb Size/MD5 checksum: 87576 f18bba76c873a6238e78a80182c0cd38 http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_powerpc.deb Size/MD5 checksum: 1575144 506c85d9a8b03be737ccb8dd3fd31248 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_powerpc.deb Size/MD5 checksum: 1141712 b6ab866de7c8c6f2051c2a813003a722 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_powerpc.deb Size/MD5 checksum: 162358 08096969b7e8ef48d2ece9a86600004a http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_powerpc.deb Size/MD5 checksum: 41290 b7eb0528a3b1b8bd07247fd9e16b76c2 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_s390.deb Size/MD5 checksum: 1586292 01001ec68f5ff6a090ebff3099265be0 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_s390.deb Size/MD5 checksum: 1035680 081c5ca040751dc4ec59d2a83289099c http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_s390.deb Size/MD5 checksum: 86854 5011337fee7f4dcfb62a6c95f7054e98 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_s390.deb Size/MD5 checksum: 37422 731fb2009fa3cf47e270c35348d2e3e4 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_s390.deb Size/MD5 checksum: 82338 4f93e2f975642addd238eecf78a94779 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_s390.deb Size/MD5 checksum: 165816 c69411004d08763f1b86a5d517592fc7 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_s390.deb Size/MD5 checksum: 144946 74bca185776b08ac50a9abcc17019e68 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_s390.deb Size/MD5 checksum: 52260 1324db10b3374beb81b98032ba92e2b8 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_sparc.deb Size/MD5 checksum: 51580 6052b09bd8c4cb9600156b24f185122a http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_sparc.deb Size/MD5 checksum: 139570 2aa5b4d2d64849aa048489332f7e3aca http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_sparc.deb Size/MD5 checksum: 1561428 59199c965cba64d0aaf9a2de6c3432b6 http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_sparc.deb Size/MD5 checksum: 84282 edec6a1d4af9df91f2d2b5c20553dbe9 http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_sparc.deb Size/MD5 checksum: 990474 e276a14d21a6d7661c91c3420c96e142 http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_sparc.deb Size/MD5 checksum: 158256 d43c9657a710bb5969e704208502f59f http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_sparc.deb Size/MD5 checksum: 78514 32c106b3332c95dd0f24d6cf5d208add http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_sparc.deb Size/MD5 checksum: 36020 751c12e8f83f04b5fd54d4a23abdf6fc These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHclSzXm3vHE4uyloRAqN4AJ446Cy9X2qGSIJqCKirOI2pWmEseACgygi1 mLr61xygMrJtafqG+L6vzQw= =Kaoc -----END PGP SIGNATURE----- . The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4045 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5849 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: e7b60799c6564dab2fac51c4f141dbe5 2007.0/i586/cups-1.2.4-1.6mdv2007.0.i586.rpm 4c32071aad3f9098ea2dd2f9a1b7cd49 2007.0/i586/cups-common-1.2.4-1.6mdv2007.0.i586.rpm 63d9a864863267cf2f4fddc02e095e06 2007.0/i586/cups-serial-1.2.4-1.6mdv2007.0.i586.rpm 1f4920904c759ce0e9abb3bbc8cdd594 2007.0/i586/libcups2-1.2.4-1.6mdv2007.0.i586.rpm b1ec7aa06c2be308ff9c2a63da1c7731 2007.0/i586/libcups2-devel-1.2.4-1.6mdv2007.0.i586.rpm f383e8d9d10ca981e447dd6a01ee851d 2007.0/i586/php-cups-1.2.4-1.6mdv2007.0.i586.rpm f79a5dfe12eb0645f787ad1112c21df6 2007.0/SRPMS/cups-1.2.4-1.6mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: b7553d0c3fbc26b3701b141c9b83d4f3 2007.0/x86_64/cups-1.2.4-1.6mdv2007.0.x86_64.rpm 4a38d3105789f691876915a408b14238 2007.0/x86_64/cups-common-1.2.4-1.6mdv2007.0.x86_64.rpm 66f5f00ec62eda88ad3bcc4a7c1bb9f8 2007.0/x86_64/cups-serial-1.2.4-1.6mdv2007.0.x86_64.rpm 8cb823e9208e3318df6856d6f604e915 2007.0/x86_64/lib64cups2-1.2.4-1.6mdv2007.0.x86_64.rpm 87a2ecc7dea1d4df9dc375aaa08706df 2007.0/x86_64/lib64cups2-devel-1.2.4-1.6mdv2007.0.x86_64.rpm 80f26c35b1a9df435722fda1cbbf73a3 2007.0/x86_64/php-cups-1.2.4-1.6mdv2007.0.x86_64.rpm f79a5dfe12eb0645f787ad1112c21df6 2007.0/SRPMS/cups-1.2.4-1.6mdv2007.0.src.rpm Mandriva Linux 2007.1: 211c3ad187609d5b780ff3fa5b49e444 2007.1/i586/cups-1.2.10-2.4mdv2007.1.i586.rpm 7d40f786123cf00358798508bb62d3d3 2007.1/i586/cups-common-1.2.10-2.4mdv2007.1.i586.rpm 0e5804893b2a9246b0e868c31b32b06b 2007.1/i586/cups-serial-1.2.10-2.4mdv2007.1.i586.rpm 338d3dec619d84e87f51bd7cfd16d8d2 2007.1/i586/libcups2-1.2.10-2.4mdv2007.1.i586.rpm 8db18206adc7d5e06791544156b055b3 2007.1/i586/libcups2-devel-1.2.10-2.4mdv2007.1.i586.rpm 62132f4112ac2b0a2d12774d29bec0cb 2007.1/i586/php-cups-1.2.10-2.4mdv2007.1.i586.rpm 4ba57d3741a92f13208328191a9a1778 2007.1/SRPMS/cups-1.2.10-2.4mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 8c149f4c10733c9a9111160ae59ad925 2007.1/x86_64/cups-1.2.10-2.4mdv2007.1.x86_64.rpm 4b1daf55b41af95a1cd84bebe942d560 2007.1/x86_64/cups-common-1.2.10-2.4mdv2007.1.x86_64.rpm 5c5ca12c2c1acc4d4dbabdd1a724c6b6 2007.1/x86_64/cups-serial-1.2.10-2.4mdv2007.1.x86_64.rpm c3b6080be7e3f4705a8a2a49bcffd444 2007.1/x86_64/lib64cups2-1.2.10-2.4mdv2007.1.x86_64.rpm e0b59e5053778c2ffa2f54e0b45d2d39 2007.1/x86_64/lib64cups2-devel-1.2.10-2.4mdv2007.1.x86_64.rpm f55015ed699bf755c426f543c1663c68 2007.1/x86_64/php-cups-1.2.10-2.4mdv2007.1.x86_64.rpm 4ba57d3741a92f13208328191a9a1778 2007.1/SRPMS/cups-1.2.10-2.4mdv2007.1.src.rpm Mandriva Linux 2008.0: 5e6c08849a88b069afaa97a41e9e960e 2008.0/i586/cups-1.3.0-3.4mdv2008.0.i586.rpm 9572d60e8afebae8af024b1fe7209fb3 2008.0/i586/cups-common-1.3.0-3.4mdv2008.0.i586.rpm 3f289e765d786c9e10ea5cfc21f73f6b 2008.0/i586/cups-serial-1.3.0-3.4mdv2008.0.i586.rpm c0fd3de781ef4d6ed0f9e13cae53d883 2008.0/i586/libcups2-1.3.0-3.4mdv2008.0.i586.rpm 610b6e72c3c11c6015f8177701156351 2008.0/i586/libcups2-devel-1.3.0-3.4mdv2008.0.i586.rpm fb6ef9cab451a3133be7f76ba840b012 2008.0/i586/php-cups-1.3.0-3.4mdv2008.0.i586.rpm 188a7ec8777c3b4b31750580117a870e 2008.0/SRPMS/cups-1.3.0-3.4mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 402aea771b06142b45b722bff80f091e 2008.0/x86_64/cups-1.3.0-3.4mdv2008.0.x86_64.rpm f2455232cc2a9573ecec47ef56cdc597 2008.0/x86_64/cups-common-1.3.0-3.4mdv2008.0.x86_64.rpm 37a5555a41d6fb417b21939c805664f2 2008.0/x86_64/cups-serial-1.3.0-3.4mdv2008.0.x86_64.rpm ce9c705103f3818d9c5795c9870fe8ff 2008.0/x86_64/lib64cups2-1.3.0-3.4mdv2008.0.x86_64.rpm 69cbe40728e22cc75aec77357f1afd05 2008.0/x86_64/lib64cups2-devel-1.3.0-3.4mdv2008.0.x86_64.rpm 383988eb5c94bb74024fdf374cb3b2be 2008.0/x86_64/php-cups-1.3.0-3.4mdv2008.0.x86_64.rpm 188a7ec8777c3b4b31750580117a870e 2008.0/SRPMS/cups-1.3.0-3.4mdv2008.0.src.rpm Corporate 3.0: 22d8969d906321fbee18c2bbc85588d3 corporate/3.0/i586/cups-1.1.20-5.15.C30mdk.i586.rpm 36304afe8bedfa972b100864a155c631 corporate/3.0/i586/cups-common-1.1.20-5.15.C30mdk.i586.rpm c769d1450268709318ca831aa61fb0e1 corporate/3.0/i586/cups-serial-1.1.20-5.15.C30mdk.i586.rpm add323f4e6d19502d1784d8170b56158 corporate/3.0/i586/libcups2-1.1.20-5.15.C30mdk.i586.rpm 1795159898f7d56792ccb5d2fa94f01d corporate/3.0/i586/libcups2-devel-1.1.20-5.15.C30mdk.i586.rpm 862992a50ff8f3311bc1e6a57e916f44 corporate/3.0/SRPMS/cups-1.1.20-5.15.C30mdk.src.rpm Corporate 3.0/X86_64: 4cc49531ae7c6e30a6119a96fd6e2be7 corporate/3.0/x86_64/cups-1.1.20-5.15.C30mdk.x86_64.rpm d99c41a39764138480fd0498fc08dc86 corporate/3.0/x86_64/cups-common-1.1.20-5.15.C30mdk.x86_64.rpm 1217f6489b62f4f97272266a36ad1dcf corporate/3.0/x86_64/cups-serial-1.1.20-5.15.C30mdk.x86_64.rpm 37b559193f8165d5fb94f3dfb0a17002 corporate/3.0/x86_64/lib64cups2-1.1.20-5.15.C30mdk.x86_64.rpm 29f3155a705199ddc18d4f07151ee0e5 corporate/3.0/x86_64/lib64cups2-devel-1.1.20-5.15.C30mdk.x86_64.rpm 862992a50ff8f3311bc1e6a57e916f44 corporate/3.0/SRPMS/cups-1.1.20-5.15.C30mdk.src.rpm Corporate 4.0: 2ff282c107a464893dceecd702a49fbb corporate/4.0/i586/cups-1.2.4-0.6.20060mlcs4.i586.rpm d40e3334925c3dfeb4cf69c9a81279da corporate/4.0/i586/cups-common-1.2.4-0.6.20060mlcs4.i586.rpm c0cd1b083354931223532a3f66708796 corporate/4.0/i586/cups-serial-1.2.4-0.6.20060mlcs4.i586.rpm 2cbac22995a55e1f2a2775c9b2f993ef corporate/4.0/i586/libcups2-1.2.4-0.6.20060mlcs4.i586.rpm 6e2f4b34178fea2cf9fbc6d2ef23bb10 corporate/4.0/i586/libcups2-devel-1.2.4-0.6.20060mlcs4.i586.rpm 7013f9f6c6820f411bbece64eef74338 corporate/4.0/i586/php-cups-1.2.4-0.6.20060mlcs4.i586.rpm af983d1c74680e800bdc2cf9190a64d3 corporate/4.0/SRPMS/cups-1.2.4-0.6.20060mlcs4.src.rpm Corporate 4.0/X86_64: 5b7647d72d7c6717fc66511d99dfb85d corporate/4.0/x86_64/cups-1.2.4-0.6.20060mlcs4.x86_64.rpm 4e2885508967804e2036312408b887a6 corporate/4.0/x86_64/cups-common-1.2.4-0.6.20060mlcs4.x86_64.rpm c2c7dcc9fe085e0763bfdb492fb75efc corporate/4.0/x86_64/cups-serial-1.2.4-0.6.20060mlcs4.x86_64.rpm 8638a23ea946526c960840507933c835 corporate/4.0/x86_64/lib64cups2-1.2.4-0.6.20060mlcs4.x86_64.rpm 856b172bc91bbd802a821a775d45b6c9 corporate/4.0/x86_64/lib64cups2-devel-1.2.4-0.6.20060mlcs4.x86_64.rpm f97300e6f09ef8b08d1a0563a5c324f1 corporate/4.0/x86_64/php-cups-1.2.4-0.6.20060mlcs4.x86_64.rpm af983d1c74680e800bdc2cf9190a64d3 corporate/4.0/SRPMS/cups-1.2.4-0.6.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHqfERmqjQ0CJFipgRAjdGAKDHckN83/fyAlJvHgk69P50eexo2wCbBhR9 nEhVEeHY+sACGciJMKbk5+I= =Qgcw -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_vacancies/ Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/ http://secunia.com/Linux_Security_Specialist/ ---------------------------------------------------------------------- TITLE: Gentoo update for cups SECUNIA ADVISORY ID: SA24660 VERIFY ADVISORY: http://secunia.com/advisories/24660/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: Gentoo Linux 1.x http://secunia.com/product/339/ DESCRIPTION: Gentoo has issued an update for cups. For more information: SA24517 SOLUTION: Update to "net-print/cups-1.2.9" or later. ORIGINAL ADVISORY: http://www.gentoo.org/security/en/glsa/glsa-200703-28.xml OTHER REFERENCES: SA24517: http://secunia.com/advisories/24517/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200704-0551 CVE-2007-1800 Cisco Secure ACS Vulnerable to network access CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Cisco Secure ACS does not require authentication when Cisco Trust Agent (CTA) transmits posture information, which might allow remote attackers to gain network access via a spoofed Network Endpoint Assessment posture, aka "NACATTACK." NOTE: this attack might be limited to authenticated users and devices. Cisco Secure ACS is prone to a remote security vulnerability. Also known as \"NACATTACK\"
VAR-200704-0544 CVE-2007-1793 Symantec Norton Personal Firewall of SPBBCDrv.sys Service disruption in (DoS) Vulnerabilities CVSS V2: 4.9
CVSS V3: -
Severity: MEDIUM
SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected. Multiple Symantec products are prone to a local denial-of-service vulnerability. This issue occurs when attackers supply invalid argument values to the 'SPBBCDrv.sys' driver. A local attacker may exploit this issue to crash affected computers, denying service to legitimate users. Symantec Norton Personal Firewall is a very popular firewall software. There is a loophole in the driver implementation of Norton Personal Firewall, and local attackers may use this loophole to perform denial-of-service attacks on the system. The vulnerability is caused due to an input validation error in SPBBCDrv.sys when handling parameters of certain hooked functions. This can be exploited to crash the system by calling NtCreateMutant or NtOpenEvent with specially crafted parameters. The vulnerability is confirmed in version 9.0.0.73 and also reported in versions 9.1.1.7 and 9.1.0.33. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Matousec Transparent Security ORIGINAL ADVISORY: Matousec Transparent Security: http://www.matousec.com/info/advisories/Norton-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200703-0432 CVE-2007-1786 Groupmax Used for products such as Hitachi Collaboration - Online Community Management In SQL Injection vulnerability CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Multiple Hitachi products are prone to an SQL-injection vulnerability because the applications fail to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Please see the vendor's advisory for fix information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi: http://www.hitachi-support.com/security_e/vuls_e/HS07-008_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200704-0209 CVE-2007-1884 PHP of printf Function family integer sign error vulnerability CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function because of 64 to 32 bit truncation, and bypass a check for the maximum allowable value; and (2) a width and precision of -1, which make it possible for the php_sprintf_appendstring function to place an internal buffer at an arbitrary memory location. PHP is prone to multiple format-string vulnerabilities due to a design error when casting 64-bit variables to 32 bits. Attackers may be able to exploit these issues to execute arbitrary code in the context of the webserver process or to cause denial-of-service conditions. These issues affect PHP versions prior to 4.4.5 and 5.2.1 running on 64-bit computers. An attacker who plays by ear can execute arbitrary code with the help of specific negative parameter numbers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01086137 Version: 1 HPSBTU02232 SSRT071429 rev.1 - Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) or HP Internet Express for Tru64 UNIX running PHP, Remote Arbitrary Code Execution, Unauthorized Disclosure of Information, or Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2007-06-25 Last Updated: 2007-06-25 Potential Security Impact: Remote Arbitrary Code Execution, Unauthorized Disclosure of Information, or Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential vulnerabilities have been reported on the PHP Hypertext Processing Engine provided with the Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) and HP Internet Express for Tru64 UNIX (IX). References: CVE-2006-4625 CVE-2007-0988 CVE-2007-1286 CVE-2007-1380 CVE-2007-1700 CVE-2007-1701 CVE-2007-1710 CVE-2007-1835 CVE-2007-1884 CVE-2007-1885 CVE-2007-1886 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The following supported software versions running running PHP Hypertext Processing Engine v 4.4.4 are affected: HP Internet Express for Tru64 UNIX (IX) v 6.6 and earlier Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) v 6.6.4 and earlier BACKGROUND RESOLUTION HP is providing PHP v 4.4.6 as part of Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) v 6.6.5, which resolves the potential vulnerabilities. Until the update is available in the mainstream product release, HP is releasing the following two setld-based kits publicly for use by any customer. The resolutions contained in the kits are targeted for availability in the following mainstream product release: HP Internet Express for Tru64 UNIX v 6.7 The kits distribute the following: Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) with PHP v 4.4.6 installable kit Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) with PHP v 4.4.6 installable kit and source files Secure Web Server for HP Tru64 UNIX v 6.6.5 PREREQUISITE: HP Tru64 UNIX v 5.1A or later Name: sws_v6_6_5_kit.tar.gz Location: http://h30097.www3.hp.com/internet/download.htm#sws Secure Web Server for HP Tru64 UNIX v 6.6.5 including Source Files PREREQUISITE: HP Tru64 UNIX v 5.1A or later Name: sws_v6_6_5_src_kit.tar.gz Location: http://h30097.www3.hp.com/internet/download.htm#sws PRODUCT SPECIFIC INFORMATION HISTORY Version:1 (rev.1) - 25 June 2007 Initial release Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." \xa9Copyright 2007 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBRoETyuAfOvwtKn1ZEQKROACggBC5RrNrpby62nQmYPEBLnLT8LoAoOKr X4BXLpHPsJJL+xua0KFkk+Te =oBJf -----END PGP SIGNATURE-----
VAR-200704-0592 CVE-2007-1833 CUCM of SCCP Service disruption in implementation (DoS) Vulnerabilities CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The Skinny Call Control Protocol (SCCP) implementation in Cisco Unified CallManager (CUCM) 3.3 before 3.3(5)SR2a, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3)SR1, and 5.0 before 5.0(4a)SU1 allows remote attackers to cause a denial of service (loss of voice services) by sending crafted packets to the (1) SCCP (2000/tcp) or (2) SCCPS (2443/tcp) port. Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server (CUPS) are prone to multiple remote denial-of-service vulnerabilities. These issues occur because the devices fail to handle certain network packets or network requests. An attacker can exploit these issues to crash the affected services on the devices, denying service to legitimate users. This vulnerability is documented in Cisco Bug ID as CSCsf10805
VAR-200704-0593 CVE-2007-1834 CUCM Service disruption in (DoS) Vulnerabilities CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allow remote attackers to cause a denial of service (loss of voice services) via a flood of ICMP echo requests, aka bug ID CSCsf12698. These issues occur because the devices fail to handle certain network packets or network requests. An attacker can exploit these issues to crash the affected services on the devices, denying service to legitimate users. The CUCM vulnerability is documented in Cisco Bug ID as CSCsf12698 and the CUPS vulnerability is documented in Cisco Bug ID as CSCsg60930
VAR-200704-0585 CVE-2007-1826 CUCM of IPSec Manager Service Service disruption in (DoS) Vulnerabilities CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allows remote attackers to cause a denial of service (loss of cluster services) via a "specific UDP packet" to UDP port 8500, aka bug ID CSCsg60949. Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server (CUPS) are prone to multiple remote denial-of-service vulnerabilities. These issues occur because the devices fail to handle certain network packets or network requests. An attacker can exploit these issues to crash the affected services on the devices, denying service to legitimate users. The CUCM vulnerability is documented in Cisco Bug ID as CSCsg20143 and the CUPS vulnerability is documented in Cisco Bug ID as CSCsg60949
VAR-200703-0389 CVE-2007-1728 PS3 and PSP of Remote Play Service disruption in functionality (DoS) Vulnerabilities CVSS V2: 7.8
CVSS V3: -
Severity: HIGH
The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and Playstation Portable (PSP) 3.10 OE-A allows remote attackers to cause a denial of service via a flood of UDP packets. PSP is prone to a denial-of-service vulnerability