VARIoT IoT vulnerabilities database

Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727. Cisco CallManager There is a service disruption (DoS) There are vulnerabilities that are put into a state.Service disruption by a third party (DoS) There is a possibility of being put into a state. CallManager is susceptible to multiple remote denial of service vulnerabilities. These issues are documented in Cisco bugs CSCea53907, CSCsa86197, CSCsb16635 and CSCsb64161, which are available to Cisco customers. Attackers may exploit these vulnerabilities to crash the affected service, effectively denying service to legitimate users. Cisco CallManager (CCM) is a set of call processing components based on the Cisco Unified Communications solution of Cisco. Under certain circumstances, CCM will keep the TCP connection open indefinitely until the CCM service is restarted or the server is restarted. Successful exploitation of these vulnerabilities could result in a denial of service attack, causing high CPU usage, interrupting service, or restarting the server, which could then cause the phone to become unresponsive, log off the phone from the CCM, or restart the CCM. TITLE: Cisco CallManager Connection Handling Denial of Service SECUNIA ADVISORY ID: SA18494 VERIFY ADVISORY: http://secunia.com/advisories/18494/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network SOFTWARE: Cisco CallManager 3.x http://secunia.com/product/2805/ Cisco CallManager 4.x http://secunia.com/product/5363/ DESCRIPTION: Some vulnerabilities has been reported in Cisco CallManager, which can be exploited by malicious people to cause a DoS (Denial of Service). 2) An error in the processing of connections to ports 2001, 2002, and 7727 can be exploited to fill up the Windows message queue by establishing multiple connections. This further leads to the Cisco CallManager restarting after a 30 second timeout. The following versions are affected: * Cisco CallManager 3.2 and earlier * Cisco CallManager 3.3, versions earlier than 3.3(5)SR1a * Cisco CallManager 4.0, versions earlier than 4.0(2a)SR2c * Cisco CallManager 4.1, versions earlier than 4.1(3)SR2 SOLUTION: Fixes are available (see patch matrix): http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmdos.shtml#software PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmdos.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which (1) might allow remote attackers to obtain sensitive information, such as memory contents and internal operating-system data, by directly accessing the VxWorks WDB remote debugging ONCRPC (aka wdbrpc) on UDP 17185, (2) reflect network data using echo (TCP 7), or (3) gain access without authentication using rlogin (TCP 513). ACT P202S VOIP WIFI Phone allows remote debugger connections and remote unauthenticated administrative access. Successful exploitation of these vulnerabilities could allow a remote attacker to obtain debugging information from the device or cause a denial of service. Other attacks are also possible. ACT P202S VOIP WIFI Phones running firmware version 1.01.21 is prone to these issues. Due to code reuse, other devices and versions may also be affected. TITLE: ACT WLAN Phone P202S Multiple Security Issues SECUNIA ADVISORY ID: SA18514 VERIFY ADVISORY: http://secunia.com/advisories/18514/ CRITICAL: Less critical IMPACT: Unknown, Security Bypass, Exposure of system information, DoS WHERE: >From local network OPERATING SYSTEM: ACT WLAN Phone P202S http://secunia.com/product/6843/ DESCRIPTION: Shawn Merdinger has reported some security issues in ACT WLAN Phone P202S, which can be exploited by malicious people to potentially disclose system information, potentially cause a DoS (Denial of Service), and bypass certain security restrictions. 2) An error caused due to the phone allowing connections to the echo service on port 7/tcp may be exploited to cause a DoS on other network devices. 3) An error caused due to the phone allowing connections to the rlogin service on port 513/tcp can be exploited to gain rlogin access to the phone without authentication. It has also been reported that the phone has a hardcoded NTP server. The security issues have been reported in version 1.01.21. SOLUTION: Restrict use to within trusted networks only. PROVIDED AND/OR DISCOVERED BY: Shawn Merdinger ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041434.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

ACT P202S VOIP WIFI is a wireless VOIP phone. MPM HP-180W VOIP WIFI phones have multiple security issues that can be exploited by remote attackers to gain access to sensitive information or administrator access. The ACT P202S VOIP WIFI phone allows remote debug connections and remote unauthorized management access. Successful exploitation of these vulnerabilities allows an attacker to obtain debug information or denial of service from the device. These include undocumented port UDP/17185 VxWorks WDB for remote debugging, undocumented port TCP/7 echo, undocumented port TCP/513 rlogin

Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 on VxWorks uses a hardcoded Network Time Protocol (NTP) server in Taiwan, which could allow remote attackers to provide false time information, block access to time information, or conduct other attacks. ACT P202S VOIP WIFI Phone allows remote debugger connections and remote unauthenticated administrative access. Successful exploitation of these vulnerabilities could allow a remote attacker to obtain debugging information from the device or cause a denial of service. Other attacks are also possible. ACT P202S VOIP WIFI Phones running firmware version 1.01.21 is prone to these issues. Due to code reuse, other devices and versions may also be affected. TITLE: ACT WLAN Phone P202S Multiple Security Issues SECUNIA ADVISORY ID: SA18514 VERIFY ADVISORY: http://secunia.com/advisories/18514/ CRITICAL: Less critical IMPACT: Unknown, Security Bypass, Exposure of system information, DoS WHERE: >From local network OPERATING SYSTEM: ACT WLAN Phone P202S http://secunia.com/product/6843/ DESCRIPTION: Shawn Merdinger has reported some security issues in ACT WLAN Phone P202S, which can be exploited by malicious people to potentially disclose system information, potentially cause a DoS (Denial of Service), and bypass certain security restrictions. 2) An error caused due to the phone allowing connections to the echo service on port 7/tcp may be exploited to cause a DoS on other network devices. 3) An error caused due to the phone allowing connections to the rlogin service on port 513/tcp can be exploited to gain rlogin access to the phone without authentication. It has also been reported that the phone has a hardcoded NTP server. The security issues have been reported in version 1.01.21. SOLUTION: Restrict use to within trusted networks only. PROVIDED AND/OR DISCOVERED BY: Shawn Merdinger ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041434.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program. Check Point VPN-1 SecureClient is prone to a vulnerability that could allow an arbitrary file to be executed. The application attempts to execute an application without using properly quoted paths. Successful exploitation may allow local attackers to gain elevated privileges. Specific information about affected versions of Check Point VPN-1 SecureClient is unavailable at this time. This BID will be updated as further information is disclosed

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. KDE kpdf, kword, and xpdf are prone to a stack-based buffer-overflow vulnerability because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application or cause the affected application to crash, denying service to legitimate users. ** REJECTED ** Do not use this application number. ConsultIDs: CVE-2007-3387. Reason: This application number is a duplicate of CVE-2007-3387. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200709-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: teTeX: Multiple buffer overflows Date: September 27, 2007 Bugs: #170861, #182055, #188172 ID: 200709-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in teTeX, allowing for user-assisted execution of arbitrary code. Background ========== teTeX is a complete TeX distribution for editing documents. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/tetex < 3.0_p1-r4 >= 3.0_p1-r4 Description =========== Mark Richters discovered a buffer overflow in the open_sty() function in file mkind.c. Other vulnerabilities have also been discovered in the same file but might not be exploitable (CVE-2007-0650). Tetex also includes vulnerable code from GD library (GLSA 200708-05), and from Xpdf (CVE-2007-3387). Impact ====== A remote attacker could entice a user to process a specially crafted PNG, GIF or PDF file, or to execute "makeindex" on an overly long filename. In both cases, this could lead to the remote execution of arbitrary code with the privileges of the user running the application. Workaround ========== There is no known workaround at this time. Resolution ========== All teTeX users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/tetex-3.0_p1-r4" References ========== [ 1 ] CVE-2007-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0650 [ 2 ] CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 [ 3 ] GLSA-200708-05 http://www.gentoo.org/security/en/glsa/glsa-200708-05.xml Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200709-17.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . The oldstable distribution (sarge) doesn't include poppler. For the stable distribution (etch) this problem has been fixed in version 0.4.5-5.1etch1. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your poppler packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch1.dsc Size/MD5 checksum: 749 b1346c2cb4aee0ae1ca33ba060094007 http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch1.diff.gz Size/MD5 checksum: 482690 2f989d0448c2692300bd751bf522f5bd http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5.orig.tar.gz Size/MD5 checksum: 783752 2bb1c75aa3f9c42f0ba48b5492e6d32c Alpha architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_alpha.deb Size/MD5 checksum: 773812 d76d764076316ae07e8087303cc30992 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_alpha.deb Size/MD5 checksum: 55132 cb35ceb01b25cdfc3f79442b3448d02b http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_alpha.deb Size/MD5 checksum: 33820 a4a9c2b76f3701a78a9b14e970bb5ba1 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_alpha.deb Size/MD5 checksum: 504252 a9026c228974e16e5d89a25042ad7318 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_alpha.deb Size/MD5 checksum: 42904 c9bdb4e29ddad178743b31e90713c000 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_alpha.deb Size/MD5 checksum: 30346 6955b6218af2165b20e231d25e804514 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_alpha.deb Size/MD5 checksum: 86226 ec4c7750b60b527c1ffadcdccc2fc511 AMD64 architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_amd64.deb Size/MD5 checksum: 611808 4cf7b4f5c7913c534e137cde3a02f48d http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_amd64.deb Size/MD5 checksum: 45814 24824bf98843df51422173dd1420ffcd http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_amd64.deb Size/MD5 checksum: 30766 9d5a8cac9a7c6988ed72134992cdad1b http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_amd64.deb Size/MD5 checksum: 456460 1efb9a77c4f2ac098e24d93adb45c9bf http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_amd64.deb Size/MD5 checksum: 41300 4b809ddb231c59b108002aac26b2478f http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_amd64.deb Size/MD5 checksum: 29528 5d0c79cd1b94df97d21ecce34e8fdfc3 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_amd64.deb Size/MD5 checksum: 83972 e0e8cd89085e72d350fd43e56021ced9 ARM architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_arm.deb Size/MD5 checksum: 592632 63898117c4adef3f675f1b918d9aea82 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_arm.deb Size/MD5 checksum: 44500 d5a82185b30a5e855a236a08395bcb21 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_arm.deb Size/MD5 checksum: 30532 451a4ffa778a82ccd9dbe54f2f239c92 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_arm.deb Size/MD5 checksum: 437908 0a6689b9a291458d022f9369650b7e17 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_arm.deb Size/MD5 checksum: 39610 f2a40182a431d998a73a7c0dc40998a8 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_arm.deb Size/MD5 checksum: 29242 58097f3bd8ce4c571f162b50ddfcec06 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_arm.deb Size/MD5 checksum: 82498 7d3d731f89241c00b3107a1f2ad74ce8 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_i386.deb Size/MD5 checksum: 573554 725e3b628ecfb382bfd9d75049d24f84 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_i386.deb Size/MD5 checksum: 44092 93d59749719868c9e8e855ba5be957c1 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_i386.deb Size/MD5 checksum: 30104 d867bd597db2deb7a818780addad7c46 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_i386.deb Size/MD5 checksum: 443208 3c98ad946f941c338ce310c4dd58974f http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_i386.deb Size/MD5 checksum: 40564 1d30a6edbb90f4ce1c477ed5be4e66f0 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_i386.deb Size/MD5 checksum: 29336 ba2d26951c5f57b25319c00370f5d4d1 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_i386.deb Size/MD5 checksum: 80734 4c162ed3aa37045dd23a9aaf97d62f7d Intel IA-64 architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_ia64.deb Size/MD5 checksum: 808452 36eddb1c87e228a10e040e4aa810dd9f http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_ia64.deb Size/MD5 checksum: 54684 ee6598a0976411bc0642a18fbac9ec9f http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_ia64.deb Size/MD5 checksum: 33624 232ee172a92e67387fd0d2f0a85a44cc http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_ia64.deb Size/MD5 checksum: 613016 24b0da95fed8f02496f3bde2f16ff34d http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_ia64.deb Size/MD5 checksum: 47654 eb848894eda39ab7489a88cb31437ea1 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_ia64.deb Size/MD5 checksum: 32046 62595c13e89cff5556267b8d154f6549 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_ia64.deb Size/MD5 checksum: 105128 ba70646ab595919bb3624431170e9384 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_mips.deb Size/MD5 checksum: 672040 1461dead73436314eb88935df1ae9b13 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_mips.deb Size/MD5 checksum: 49638 7ee217f6d2f57a2e788092f1dfc7f0a3 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_mips.deb Size/MD5 checksum: 32002 90d28e7f4057ded75ca7cb7737cdce8e http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_mips.deb Size/MD5 checksum: 456562 fb22da4c7ea123176dcdb4021ed2dce4 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_mips.deb Size/MD5 checksum: 41234 c296d08bdf88d83c995f5051127b19ba http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_mips.deb Size/MD5 checksum: 29720 c31f5aa7cc55fc91efc83213e06791c9 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_mips.deb Size/MD5 checksum: 86744 663cd6aa6d9ee644aa3274338f6e34e6 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_mipsel.deb Size/MD5 checksum: 664562 a76a9ae04b3d9079316460dfd37541cf http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_mipsel.deb Size/MD5 checksum: 49610 9c4bf1245c7b16b6b216bbcf621204b4 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_mipsel.deb Size/MD5 checksum: 32034 fc77f927262ce430bcd065748b73ad66 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_mipsel.deb Size/MD5 checksum: 444222 1d2caa1d87e4d0b43418949153943187 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_mipsel.deb Size/MD5 checksum: 41046 070d0467544cb0581f0b3c133bad9d06 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_mipsel.deb Size/MD5 checksum: 29680 e37a2a5a6c24e9417cd67db9897fd486 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_mipsel.deb Size/MD5 checksum: 86486 aef8e31c38421662f3a875eb10d686e5 PowerPC architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_powerpc.deb Size/MD5 checksum: 651526 05cf43f123f3e547456cd8ab4469c609 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_powerpc.deb Size/MD5 checksum: 47968 bfa6208065b64793934a43132c1421e3 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_powerpc.deb Size/MD5 checksum: 31240 4d570e4ed7ee00fcc509b211cc06cfa1 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_powerpc.deb Size/MD5 checksum: 472044 5468d5759aab624d75a5ae5ec8f80ea3 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_powerpc.deb Size/MD5 checksum: 42980 588a81cdeaf6331b5bdd03b72039aea8 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_powerpc.deb Size/MD5 checksum: 31274 1e1dbc0e4eda9c8f69ff370110d1c294 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_powerpc.deb Size/MD5 checksum: 89146 475c8547c2286342097e71ca8be5e8f9 IBM S/390 architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_s390.deb Size/MD5 checksum: 621210 ed5404bd2125854397cbd66d833122ca http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_s390.deb Size/MD5 checksum: 46662 f136bcbde244026bd7a5cb382909cf00 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_s390.deb Size/MD5 checksum: 30396 48b3fdfa120eb49bb55fbb4dd61386cb http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_s390.deb Size/MD5 checksum: 453426 267940fd3f7e641db873334b5bacc1fe http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_s390.deb Size/MD5 checksum: 41518 c32030d7252d0e5b0a40988723e36239 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_s390.deb Size/MD5 checksum: 29298 dd5bd8caf52912a5b5e4ebc3f1b1833f http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_s390.deb Size/MD5 checksum: 80530 897b5056de7468e496e225668055d58a Sun Sparc architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_sparc.deb Size/MD5 checksum: 582952 c2d24c1f0036704fe390e629d679c56a http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_sparc.deb Size/MD5 checksum: 44374 27e3b0f740919f3519f8cd1146b18f96 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_sparc.deb Size/MD5 checksum: 30458 faccd537766990407a2720fe72ad437e http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_sparc.deb Size/MD5 checksum: 443556 38ec6210f11c0c2e55c5b8d47dd5c17e http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_sparc.deb Size/MD5 checksum: 40288 3af24912658ddecae77870cba99d7ca6 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_sparc.deb Size/MD5 checksum: 29122 00d80797d532b53164c3a6b62f78fc43 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_sparc.deb Size/MD5 checksum: 78120 5106a5323bfcf84b61ed6d0cc8203a27 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGtHkBXm3vHE4uyloRAuynAKCgWW4OTcuG40TFb8C60YtthFWl1ACfccAZ Y0s6KFcUQrACYB7XloHUbwA= =IkSZ -----END PGP SIGNATURE----- . TITLE: GNOME gpdf Xpdf Multiple Integer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA18375 VERIFY ADVISORY: http://secunia.com/advisories/18375/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: GNOME 2.x http://secunia.com/product/3277/ DESCRIPTION: Some vulnerabilities have been reported in GNOME gpdf, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. The vulnerabilities are caused due to the use of a vulnerable version of Xpdf. For more information: SA18303 SOLUTION: Restrict use to trusted PDF files only. Some Linux vendors have released updated packages. OTHER REFERENCES: SA18303: http://secunia.com/advisories/18303/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . This update provides packages which are patched to prevent these issues. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGwPBbmqjQ0CJFipgRAke6AJ0ZMJ2HlM+nB5i1r9L40KS3SJn9hwCdFe17 9NTmGQlz+1QpS8Zr/EaiHHY= =vt6P -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-496-1 August 03, 2007 koffice vulnerability CVE-2007-3387 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: kword 1:1.5.0-0ubuntu9.2 Ubuntu 6.10: kword 1:1.5.2-0ubuntu2.2 Ubuntu 7.04: kword 1:1.6.2-0ubuntu1.1 After a standard system upgrade you need to restart KWord to effect the necessary changes. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.5.0-0ubuntu9.2.diff.gz Size/MD5: 300835 16c7582e14982568803321cea7a34f11 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.5.0-0ubuntu9.2.dsc Size/MD5: 1448 fdadcad8df27cd7b9fabdd6bf93c2243 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.5.0.orig.tar.gz Size/MD5: 41765094 096962d7a25ec9063510b9340f18f152 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio-data_1.5.0-0ubuntu9.2_all.deb Size/MD5: 681940 a41c0cf57dbb9e758fed02a7fd5f5f10 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-data_1.5.0-0ubuntu9.2_all.deb Size/MD5: 747852 4cb1bc23d7a67c0144d1dbe0943cf3f3 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-doc-html_1.5.0-0ubuntu9.2_all.deb Size/MD5: 464520 7cbc419080f709ec4d82f208b8ccb832 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-doc_1.5.0-0ubuntu9.2_all.deb Size/MD5: 88042092 e3e3f4a3f740d971bd6625d908fb972d http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.5.0-0ubuntu9.2_all.deb Size/MD5: 24274 b09c7b32d679bf28f1fc15fbf9dbdfcf http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter-data_1.5.0-0ubuntu9.2_all.deb Size/MD5: 1893562 9ade0cb468aef115c13e84f6c1937a8d http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita-data_1.5.0-0ubuntu9.2_all.deb Size/MD5: 9816996 5b74ea5c2ebe28c7bafcb8e516d9ae56 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword-data_1.5.0-0ubuntu9.2_all.deb Size/MD5: 1590282 316855e7fac0273faf31af39bc0315b8 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.5.0-0ubuntu9.2_amd64.deb Size/MD5: 1053202 bbee94bb191ffbaac28ca90f3be56d6c http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.5.0-0ubuntu9.2_amd64.deb Size/MD5: 1305082 eae293a8a2d788021a24ba3205de73ba http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.5.0-0ubuntu9.2_amd64.deb Size/MD5: 3097380 baad146bd7bb1537c508c5e0bf6bd8c2 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.5.0-0ubuntu9.2_amd64.deb Size/MD5: 419496 9a4920191a23268794d67dc7307c791d http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.5.0-0ubuntu9.2_amd64.deb Size/MD5: 609614 06a614654e282f4c94d9fed46adf0f1f http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.5.0-0ubuntu9.2_amd64.deb Size/MD5: 52548050 a8d5edd29aa9e6d455cc2a6cdc97f7fc http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.5.0-0ubuntu9.2_amd64.deb Size/MD5: 360390 67c1c3923884b5c277cec42645edacd2 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.5.0-0ubuntu9.2_amd64.deb Size/MD5: 2565144 7650f9b98e7bff7116ec2199d3d97255 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.5.0-0ubuntu9.2_amd64.deb Size/MD5: 201256 813cc360b442cc3dcc9abe5d7787da80 http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kplato_1.5.0-0ubuntu9.2_amd64.deb Size/MD5: 919800 97ddb98f77504aa094086fcf68681432 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.5.0-0ubuntu9.2_amd64.deb Size/MD5: 1415034 1c1cb0c9fc2190c07b7501f67da49553 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.5.0-0ubuntu9.2_amd64.deb Size/MD5: 2914594 9fc42fec80237c0951c6dc899d5d5bf1 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.5.0-0ubuntu9.2_amd64.deb Size/MD5: 2461008 e395c28931e88395e8be151617ee11e4 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.5.0-0ubuntu9.2_amd64.deb Size/MD5: 328556 43e8b7c9da265d19c53ba8d7bce4593b http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.5.0-0ubuntu9.2_amd64.deb Size/MD5: 457654 d357b1a8f97d83419d0ad694039d7309 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.5.0-0ubuntu9.2_amd64.deb Size/MD5: 2797184 c60ef574f6927e1053a029c9aaaa3174 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.5.0-0ubuntu9.2_i386.deb Size/MD5: 929832 14b9265f3a3ea764742827912e11a195 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.5.0-0ubuntu9.2_i386.deb Size/MD5: 1232078 5c9ae96116afe9612b728b844d38b6ee http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.5.0-0ubuntu9.2_i386.deb Size/MD5: 2917478 35d9d9cd65723e5cdb570cd935d9b0d9 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.5.0-0ubuntu9.2_i386.deb Size/MD5: 411644 5dbad337484621e7277d696838c71dbe http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.5.0-0ubuntu9.2_i386.deb Size/MD5: 539644 97212d46395319118d412309db8fca3e http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.5.0-0ubuntu9.2_i386.deb Size/MD5: 47137776 a5e4876a3531be6b9068149d13c5e995 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.5.0-0ubuntu9.2_i386.deb Size/MD5: 360308 2c4edffb90368ad87cef49365ec3634f http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.5.0-0ubuntu9.2_i386.deb Size/MD5: 2315462 61a15e99af55c72a68b28bc96c05cbf5 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.5.0-0ubuntu9.2_i386.deb Size/MD5: 195314 83b423063ebce37cc7c9156f1ec9fd88 http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kplato_1.5.0-0ubuntu9.2_i386.deb Size/MD5: 842736 f76134a09b0c5f1608ba0d8bcd80e7a7 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.5.0-0ubuntu9.2_i386.deb Size/MD5: 1277164 a7111f5085f6e8e995e64fe06fe17984 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.5.0-0ubuntu9.2_i386.deb Size/MD5: 2578010 3d034f9662eea3a8a8bc04482379d384 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.5.0-0ubuntu9.2_i386.deb Size/MD5: 2276114 924a6310325364152c87930dcc3701f8 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.5.0-0ubuntu9.2_i386.deb Size/MD5: 324430 3f627f5c963a7b133f06cc2ebf0a2ec1 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.5.0-0ubuntu9.2_i386.deb Size/MD5: 436856 14a675182b77274f0cbd4012d93702e9 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.5.0-0ubuntu9.2_i386.deb Size/MD5: 2521956 b28caf6d8f9ba3e0873d610d6429ad79 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.5.0-0ubuntu9.2_powerpc.deb Size/MD5: 1006372 f0b2462500bcf01a1c830bb715b6e13d http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.5.0-0ubuntu9.2_powerpc.deb Size/MD5: 1279634 24c1e5af966707bdc551a8e474623413 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.5.0-0ubuntu9.2_powerpc.deb Size/MD5: 3024006 39972bd7014abef97f7769b5e1bf8a5b http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.5.0-0ubuntu9.2_powerpc.deb Size/MD5: 418116 3f61fd5752220f354ff261d61f177e4e http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.5.0-0ubuntu9.2_powerpc.deb Size/MD5: 580676 2fb8251be3c56cb1967b421b35cad7e2 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.5.0-0ubuntu9.2_powerpc.deb Size/MD5: 53356706 dc7cf63ad4bc4cf897f3aa48e0b99cfe http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.5.0-0ubuntu9.2_powerpc.deb Size/MD5: 360412 f343e3bf0651cec1ce7ed9c02351fbb1 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.5.0-0ubuntu9.2_powerpc.deb Size/MD5: 2446030 ede24c59320491471880f8620982e99e http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.5.0-0ubuntu9.2_powerpc.deb Size/MD5: 200568 1d88507875916e05f785f262696afef9 http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kplato_1.5.0-0ubuntu9.2_powerpc.deb Size/MD5: 865728 eed30a47e2bdd9caf29db6d4582a78c3 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.5.0-0ubuntu9.2_powerpc.deb Size/MD5: 1334030 88a949860af59d090cf684e06997096d http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.5.0-0ubuntu9.2_powerpc.deb Size/MD5: 2826012 460d0a28b59ed8f1d02fc0350df08a42 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.5.0-0ubuntu9.2_powerpc.deb Size/MD5: 2347594 332a6804f7fdc669379a7f7211bd19b2 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.5.0-0ubuntu9.2_powerpc.deb Size/MD5: 330132 0e3a50a8c00f49822996bd9e950e0fbd http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.5.0-0ubuntu9.2_powerpc.deb Size/MD5: 454312 1097958c81d9715875288e45f95754df http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.5.0-0ubuntu9.2_powerpc.deb Size/MD5: 2667628 00f8bff3362ac171663381a5ce6b330a sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.5.0-0ubuntu9.2_sparc.deb Size/MD5: 963216 44d48e7f9fc70e2e58369ace2efd710e http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.5.0-0ubuntu9.2_sparc.deb Size/MD5: 1252996 b3ac313e240f0e938eec1bc7f50965e3 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.5.0-0ubuntu9.2_sparc.deb Size/MD5: 2920098 8620db2b3b88283b90d0893f11aaa748 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.5.0-0ubuntu9.2_sparc.deb Size/MD5: 411694 2558eef1f28abf66b31e1a48e0835f65 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.5.0-0ubuntu9.2_sparc.deb Size/MD5: 560518 122bb033ea2bc23b0d923851d9fdd60e http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.5.0-0ubuntu9.2_sparc.deb Size/MD5: 48838146 55129d9b55af835c83db25254fd8c8fe http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.5.0-0ubuntu9.2_sparc.deb Size/MD5: 360448 78fbb9bacca98517b6f7cfe8743c05ca http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.5.0-0ubuntu9.2_sparc.deb Size/MD5: 2353478 fad310421f90467b495cc35058e15e1c http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.5.0-0ubuntu9.2_sparc.deb Size/MD5: 195550 b186a3f8d6c73144480eee3dacf46a04 http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kplato_1.5.0-0ubuntu9.2_sparc.deb Size/MD5: 857670 72a5aba50e11ed4ded3fb3844f21b49f http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.5.0-0ubuntu9.2_sparc.deb Size/MD5: 1311440 b5186f9f2a0293ebece17dae7c0db444 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.5.0-0ubuntu9.2_sparc.deb Size/MD5: 2669090 45ba3c743837014b6c7430b3fb1edf6a http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.5.0-0ubuntu9.2_sparc.deb Size/MD5: 2319908 ea5bab5d859fe4af3d24d2df837aef1e http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.5.0-0ubuntu9.2_sparc.deb Size/MD5: 324898 d25c0b0bc1c270db246892146f50f472 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.5.0-0ubuntu9.2_sparc.deb Size/MD5: 432346 56b605f14a8b93c48742624650c237f3 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.5.0-0ubuntu9.2_sparc.deb Size/MD5: 2587492 1f91245f127ad4661d1a499a735c3aac Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.5.2-0ubuntu2.2.diff.gz Size/MD5: 292142 a76842190ddabfd23f9cc5a6128acddf http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.5.2-0ubuntu2.2.dsc Size/MD5: 1450 c3513b092c30286bbb3ccf952843ce37 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.5.2.orig.tar.gz Size/MD5: 41680992 9ec947e0de1b33df5ca0995fd02087dd Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio-data_1.5.2-0ubuntu2.2_all.deb Size/MD5: 683036 df0775342a7af9197cf44841027216fc http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-data_1.5.2-0ubuntu2.2_all.deb Size/MD5: 748754 f2819895ed44a622ed9d0666e89eab8f http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-doc-html_1.5.2-0ubuntu2.2_all.deb Size/MD5: 467476 c80a8767e9f45b00c4397dfa702ca1eb http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-doc_1.5.2-0ubuntu2.2_all.deb Size/MD5: 88593522 dd28b76a071e125db68b855d705fc022 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.5.2-0ubuntu2.2_all.deb Size/MD5: 24612 153a7c2012da751788bfca59a36815f4 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter-data_1.5.2-0ubuntu2.2_all.deb Size/MD5: 1896748 4b942db845c1d1990c9147b2e6f23443 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita-data_1.5.2-0ubuntu2.2_all.deb Size/MD5: 9821274 791ad4cc0b9ab19a1d8e9ceb5e051aff http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword-data_1.5.2-0ubuntu2.2_all.deb Size/MD5: 1593902 62684e5b591be119f84aacfc6332c117 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.5.2-0ubuntu2.2_amd64.deb Size/MD5: 1052792 c46cff7a650ae217ed77e208fbd9c9fd http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.5.2-0ubuntu2.2_amd64.deb Size/MD5: 1305436 d4dff76009b756dacf8aa11c34c16918 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.5.2-0ubuntu2.2_amd64.deb Size/MD5: 3098146 8a3975779427b69955980df0cce73133 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.5.2-0ubuntu2.2_amd64.deb Size/MD5: 419306 530f15ba0f9ab303eaf4b57d85486680 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.5.2-0ubuntu2.2_amd64.deb Size/MD5: 609270 097944d1207a32f0d4f4f080900d5f52 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.5.2-0ubuntu2.2_amd64.deb Size/MD5: 53496798 2ad388220baf403a6f1ab10a066b9f1b http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.5.2-0ubuntu2.2_amd64.deb Size/MD5: 368350 1fa556a00b1a2be8a20d52666296be94 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.5.2-0ubuntu2.2_amd64.deb Size/MD5: 2603700 8750658e971960b583736f38bd209bb3 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.5.2-0ubuntu2.2_amd64.deb Size/MD5: 195570 41c2e6140fbb419c6b7cb823152266c5 http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kplato_1.5.2-0ubuntu2.2_amd64.deb Size/MD5: 919668 e86eef0338157263732c922bfd9ee34d http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.5.2-0ubuntu2.2_amd64.deb Size/MD5: 1409116 614d17d9c0a3210d47b1fb08909b6f07 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.5.2-0ubuntu2.2_amd64.deb Size/MD5: 2867340 b2007277c85e0cf45e381ad4e5ed3985 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.5.2-0ubuntu2.2_amd64.deb Size/MD5: 2468888 22fd20c60a1ccb4642c04547c3a582dd http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.5.2-0ubuntu2.2_amd64.deb Size/MD5: 329360 731c2de990493166417a16f6ff8d6610 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.5.2-0ubuntu2.2_amd64.deb Size/MD5: 457542 3f1c8a5854eeae995703699818b47566 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.5.2-0ubuntu2.2_amd64.deb Size/MD5: 2823676 e51021f5c43466dc641ddc705f4fa90b i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.5.2-0ubuntu2.2_i386.deb Size/MD5: 964862 af7afdee2badbab01847ee1e7116ea69 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.5.2-0ubuntu2.2_i386.deb Size/MD5: 1254012 be4ef4a3c37b333d017f0c2da1706e99 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.5.2-0ubuntu2.2_i386.deb Size/MD5: 2996286 7b338a87aa0d9493a29665e4b96a3ce8 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.5.2-0ubuntu2.2_i386.deb Size/MD5: 413310 9a3410a50832fd786bc4d4767e8683a9 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.5.2-0ubuntu2.2_i386.deb Size/MD5: 556908 4d85511f6f85ea5c656150b461768f71 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.5.2-0ubuntu2.2_i386.deb Size/MD5: 52105034 585bef4dc35789a3279b8288a613bca6 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.5.2-0ubuntu2.2_i386.deb Size/MD5: 368382 612d429e3bb41046e5b960d099f8f037 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.5.2-0ubuntu2.2_i386.deb Size/MD5: 2419110 657c9c67fcbeaad9d6b3ad84ea3760e7 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.5.2-0ubuntu2.2_i386.deb Size/MD5: 191298 a664ad364dde385f901b105cd0a4cd5d http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kplato_1.5.2-0ubuntu2.2_i386.deb Size/MD5: 865234 b33c142c8993b1f7fa9814e6f30bcfd3 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.5.2-0ubuntu2.2_i386.deb Size/MD5: 1313550 6791d6cb78f5f05b3620b8eca302f12b http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.5.2-0ubuntu2.2_i386.deb Size/MD5: 2603880 d546468eedf079d4880b3ecb789e4652 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.5.2-0ubuntu2.2_i386.deb Size/MD5: 2339698 a5332738bac0b713236c79dcfadc1a87 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.5.2-0ubuntu2.2_i386.deb Size/MD5: 325978 085c24555730be735558e740f20aa99c http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.5.2-0ubuntu2.2_i386.deb Size/MD5: 442476 8bb0f26bd7301a11db36a94ed01e6675 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.5.2-0ubuntu2.2_i386.deb Size/MD5: 2632222 86f0c86abec86238df3df34c96908111 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.5.2-0ubuntu2.2_powerpc.deb Size/MD5: 1016840 09c9e6fff21837aeb95e4dbfb19e7de7 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.5.2-0ubuntu2.2_powerpc.deb Size/MD5: 1283746 993658d0e3172a0a70189f8904a0ac1c http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.5.2-0ubuntu2.2_powerpc.deb Size/MD5: 3047984 12b6726b2e9dcdb1959ffa6fb94bb7c6 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.5.2-0ubuntu2.2_powerpc.deb Size/MD5: 418140 3602d58e3984905d159fd8542ab5e257 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.5.2-0ubuntu2.2_powerpc.deb Size/MD5: 585972 9a3bee7e3c4e733ab5f398475c5cc907 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.5.2-0ubuntu2.2_powerpc.deb Size/MD5: 55180624 de22dbecc01bbbba126d63e5e339bed7 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.5.2-0ubuntu2.2_powerpc.deb Size/MD5: 368376 2ef60ec228389700966a9023c494baf8 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.5.2-0ubuntu2.2_powerpc.deb Size/MD5: 2496830 67029e3095f56fc2b069b24d8dadbfbf http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.5.2-0ubuntu2.2_powerpc.deb Size/MD5: 194432 9ca5c6798c68ad5012ebd3b2efc2e4ea http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kplato_1.5.2-0ubuntu2.2_powerpc.deb Size/MD5: 868370 b2774643a52fa223006b054821cf400c http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.5.2-0ubuntu2.2_powerpc.deb Size/MD5: 1341348 68f341ceab24129a669432431381784d http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.5.2-0ubuntu2.2_powerpc.deb Size/MD5: 2787150 453dcfc46bfb3ceef8d12a83bb36cd1f http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.5.2-0ubuntu2.2_powerpc.deb Size/MD5: 2366586 e873f1336960fb243b5a7929f7ab573f http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.5.2-0ubuntu2.2_powerpc.deb Size/MD5: 330940 a3e3edaad84cab1f48cd4e5f687cb6f7 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.5.2-0ubuntu2.2_powerpc.deb Size/MD5: 455356 9163b5fac890d66069f4b1a760b157b2 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.5.2-0ubuntu2.2_powerpc.deb Size/MD5: 2720094 284546c4ab8fa1de424ff1dbd4b0b95f sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.5.2-0ubuntu2.2_sparc.deb Size/MD5: 970192 01a17dc36ae6cd9f69334c588ad09f2b http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.5.2-0ubuntu2.2_sparc.deb Size/MD5: 1256084 2863464f5f97936c802cca5fa2ebd16c http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.5.2-0ubuntu2.2_sparc.deb Size/MD5: 2929136 747ae0c6798ca7634c0bef599cbd5252 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.5.2-0ubuntu2.2_sparc.deb Size/MD5: 411530 461f246e0518fe5c4fcfd7f4e431cd14 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.5.2-0ubuntu2.2_sparc.deb Size/MD5: 567296 2cf82073efa93ec257fbd86cc1831898 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.5.2-0ubuntu2.2_sparc.deb Size/MD5: 51179966 2f941dd7c0aa6236e97b7433ce46e78f http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.5.2-0ubuntu2.2_sparc.deb Size/MD5: 368378 f80c7d042506d6c96d9715c636f3f6dc http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.5.2-0ubuntu2.2_sparc.deb Size/MD5: 2392682 66de8552c8b6de96e7808b3d6f4d80a0 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.5.2-0ubuntu2.2_sparc.deb Size/MD5: 190284 f40d6ddf175d743d2192f736cc2ebce8 http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kplato_1.5.2-0ubuntu2.2_sparc.deb Size/MD5: 856372 92f1c5e2aea37690df79a8739d2033a4 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.5.2-0ubuntu2.2_sparc.deb Size/MD5: 1315434 0b4a4d40defd5c6dc98bb6a2fc6a9795 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.5.2-0ubuntu2.2_sparc.deb Size/MD5: 2648980 c461a128c1a91427c7545be52f543e56 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.5.2-0ubuntu2.2_sparc.deb Size/MD5: 2330486 78e829259fc84be8ba81f0261e94520a http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.5.2-0ubuntu2.2_sparc.deb Size/MD5: 325644 38bcaa30470f37ad702579420a2ff159 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.5.2-0ubuntu2.2_sparc.deb Size/MD5: 446622 b235b4a0d20be528cae99ff56f009efd http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.5.2-0ubuntu2.2_sparc.deb Size/MD5: 2630664 f332670382f81ced2072ca267da4171e Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.6.2-0ubuntu1.1.diff.gz Size/MD5: 1072220 568dcf4ea970404f550f36dc2a8cee37 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.6.2-0ubuntu1.1.dsc Size/MD5: 1558 28845f2eb6da98327c4f0b9c1deaca06 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.6.2.orig.tar.gz Size/MD5: 63327839 cae5ffd9966bc474a28dcab9f590b657 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio-data_1.6.2-0ubuntu1.1_all.deb Size/MD5: 684918 fe45745280faca2ca788d93ff18890ce http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-data_1.6.2-0ubuntu1.1_all.deb Size/MD5: 751448 adfca2b8086dc8a0c1ff322c1e0af469 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-doc-html_1.6.2-0ubuntu1.1_all.deb Size/MD5: 524412 956d13f27ff1a8970235ebcd7a9910a6 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-doc_1.6.2-0ubuntu1.1_all.deb Size/MD5: 94365858 0a05dfdc71cbc3436e868a0bfd31796c http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.6.2-0ubuntu1.1_all.deb Size/MD5: 25368 2bfb781306f46225dec61f7a162dc21d http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter-data_1.6.2-0ubuntu1.1_all.deb Size/MD5: 1904508 e4926a630c19ab9e2a8594dd209a3e58 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita-data_1.6.2-0ubuntu1.1_all.deb Size/MD5: 29001516 251f79c308e4f3109abbf36316922f54 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword-data_1.6.2-0ubuntu1.1_all.deb Size/MD5: 1775460 6dc84bf3f39f29947e21861d6d91f5a9 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.6.2-0ubuntu1.1_amd64.deb Size/MD5: 1086280 97f0c5371b524503b8fdf83506d400b9 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.6.2-0ubuntu1.1_amd64.deb Size/MD5: 1382918 33494c5614720f4a9a400e31c0e18daa http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.6.2-0ubuntu1.1_amd64.deb Size/MD5: 3574032 8ee92f68ab062cac500f78179f83a63a http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.6.2-0ubuntu1.1_amd64.deb Size/MD5: 1043308 66b215b304b29b13a909d6b98d972c3b http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.6.2-0ubuntu1.1_amd64.deb Size/MD5: 631776 5d6e8c76ecf3b8c913180d063d94b2f0 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.6.2-0ubuntu1.1_amd64.deb Size/MD5: 57109266 6cf2381229ac605ae52c554f82fce48d http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.6.2-0ubuntu1.1_amd64.deb Size/MD5: 408398 222c1fa8ac923c0cef80a160a9ff96f4 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.6.2-0ubuntu1.1_amd64.deb Size/MD5: 2752480 1e75d78d6676c07b2ef3fe1bac81599a http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.6.2-0ubuntu1.1_amd64.deb Size/MD5: 198078 3bad98e696d72e13456836e184f6a763 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kplato_1.6.2-0ubuntu1.1_amd64.deb Size/MD5: 961374 bac36b01123d9fa1f8311ee8876f47b2 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.6.2-0ubuntu1.1_amd64.deb Size/MD5: 1369222 1a3efae458f1f4782552bac052ebee6e http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.6.2-0ubuntu1.1_amd64.deb Size/MD5: 3431336 ff18851b253182337b087b7889d43571 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.6.2-0ubuntu1.1_amd64.deb Size/MD5: 2755208 5c244823872e49b877a1d27021867cb5 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.6.2-0ubuntu1.1_amd64.deb Size/MD5: 330536 4a0d4869dbc43ed05851c8dbaf1b4e80 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.6.2-0ubuntu1.1_amd64.deb Size/MD5: 467842 a396bc540e4220f7d97fcacd046319e2 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.6.2-0ubuntu1.1_amd64.deb Size/MD5: 2916454 17ff56affc8533cba237203beb70201f i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.6.2-0ubuntu1.1_i386.deb Size/MD5: 995572 c80be409fae3911fd6a0f0ca4e1da9e6 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.6.2-0ubuntu1.1_i386.deb Size/MD5: 1326330 d6d40a0170c9872cad68caf56ad5ac2c http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.6.2-0ubuntu1.1_i386.deb Size/MD5: 3469162 1e7c52b0184213d0876671681d477c9b http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.6.2-0ubuntu1.1_i386.deb Size/MD5: 1037524 576a9f273b77bf44bc321d3bfb0ef342 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.6.2-0ubuntu1.1_i386.deb Size/MD5: 578174 0c8520fe9ecd713c29d327180daeba71 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.6.2-0ubuntu1.1_i386.deb Size/MD5: 55638590 0051d2b54ba49c214f9eae96081bd19f http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.6.2-0ubuntu1.1_i386.deb Size/MD5: 408404 98c56a23e567aa739c24d43ec1c74266 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.6.2-0ubuntu1.1_i386.deb Size/MD5: 2555174 eaebd95c4d1d504b7d7405afe314f859 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.6.2-0ubuntu1.1_i386.deb Size/MD5: 193972 87182cbd6d30a6a4bf7b9342eac1b80f http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kplato_1.6.2-0ubuntu1.1_i386.deb Size/MD5: 904348 3d53a02508c047eda9516a7c4b1938bb http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.6.2-0ubuntu1.1_i386.deb Size/MD5: 1276110 153fc722ca52ce085df634d5a19e663b http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.6.2-0ubuntu1.1_i386.deb Size/MD5: 3116052 cdeddb67760144c8983c0a01d8a71094 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.6.2-0ubuntu1.1_i386.deb Size/MD5: 2619850 d7482a2b3af49b3f2df0090f87e5c598 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.6.2-0ubuntu1.1_i386.deb Size/MD5: 327380 5d75dc13269f597e495e31dc3ffbb39a http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.6.2-0ubuntu1.1_i386.deb Size/MD5: 452796 732c77e1447f4935fe11a617e73036d9 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.6.2-0ubuntu1.1_i386.deb Size/MD5: 2719190 05928600d581598c31004ea7b8abda70 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.6.2-0ubuntu1.1_powerpc.deb Size/MD5: 1111208 1fbdfb3a723455452efb05aa894a0bdc http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.6.2-0ubuntu1.1_powerpc.deb Size/MD5: 1388198 abf8e3430628fdd78c284a5601bd5213 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.6.2-0ubuntu1.1_powerpc.deb Size/MD5: 3675590 176624bd28b3c1da385c12322b5097bf http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.6.2-0ubuntu1.1_powerpc.deb Size/MD5: 1048940 4615b69c508b2a960b5b8918b022c7da http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.6.2-0ubuntu1.1_powerpc.deb Size/MD5: 645948 42163720a8d5f14d0794830d6fa7d9a3 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.6.2-0ubuntu1.1_powerpc.deb Size/MD5: 58946426 0704e89f19df6fa2c1293406c587b4bb http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.6.2-0ubuntu1.1_powerpc.deb Size/MD5: 408428 32f51fc3f780bbb3e256ce74d9b12a60 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.6.2-0ubuntu1.1_powerpc.deb Size/MD5: 2778204 d33fd4e0b2fc8bde5e9bdb14e276258d http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.6.2-0ubuntu1.1_powerpc.deb Size/MD5: 201780 3fb3556fbcac80b10036716157e04ca1 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kplato_1.6.2-0ubuntu1.1_powerpc.deb Size/MD5: 942816 7aa3318c8547289b5a9b7d6be0c00210 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.6.2-0ubuntu1.1_powerpc.deb Size/MD5: 1370840 415a386f5804963dc1a72c5189eff29d http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.6.2-0ubuntu1.1_powerpc.deb Size/MD5: 3570404 577d4275a3006da5d279873e23698bfa http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.6.2-0ubuntu1.1_powerpc.deb Size/MD5: 2748922 3ad18073fc79ceb796e6f7cdb9753fa0 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.6.2-0ubuntu1.1_powerpc.deb Size/MD5: 336120 d790a93dd267b4a47b33d32262061f1a http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.6.2-0ubuntu1.1_powerpc.deb Size/MD5: 483528 b3366968b71a564cf8cd7e6226069e8d http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.6.2-0ubuntu1.1_powerpc.deb Size/MD5: 2927694 62d3b2ad859e8d621f7fdacc67527621 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.6.2-0ubuntu1.1_sparc.deb Size/MD5: 1003146 aab89dfcc9d1bb8e1ecc80a03f4d92fb http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.6.2-0ubuntu1.1_sparc.deb Size/MD5: 1329992 676f2b96772fa229ac466f742d31205b http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.6.2-0ubuntu1.1_sparc.deb Size/MD5: 3414326 0ff0f42fc47759682daa468875d5ff66 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.6.2-0ubuntu1.1_sparc.deb Size/MD5: 1035824 577c9373b48afd6e5d5d579bab61a72c http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.6.2-0ubuntu1.1_sparc.deb Size/MD5: 589152 99daf5ee36b9ffbe9fe2048d8dadd659 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.6.2-0ubuntu1.1_sparc.deb Size/MD5: 54778912 1602f3423fd85b56d5e22f6d4d75a516 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.6.2-0ubuntu1.1_sparc.deb Size/MD5: 408442 2a8b73e503e84243700b561de10c6000 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.6.2-0ubuntu1.1_sparc.deb Size/MD5: 2549200 24da8029874f4295a95195c1ba24191a http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.6.2-0ubuntu1.1_sparc.deb Size/MD5: 192864 bf7f6ddc6ed493382b44afd54424045d http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kplato_1.6.2-0ubuntu1.1_sparc.deb Size/MD5: 898574 5c836d1af84c6bf0544c55aec6fc9205 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.6.2-0ubuntu1.1_sparc.deb Size/MD5: 1283842 8b5cc78786a65fa5831894a46afeb9ae http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.6.2-0ubuntu1.1_sparc.deb Size/MD5: 3174718 c26c8f7b9544f877fcff3a9a225931c7 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.6.2-0ubuntu1.1_sparc.deb Size/MD5: 2610398 5a7eb696d9620466ff3655fe192b39f7 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.6.2-0ubuntu1.1_sparc.deb Size/MD5: 327090 4424f9581aa382ad89427d255b0861e3 http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.6.2-0ubuntu1.1_sparc.deb Size/MD5: 456384 b1ad370d466ebe6b5c03dc8f55d512dd http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.6.2-0ubuntu1.1_sparc.deb Size/MD5: 2712696 51ea150f553b3df79e85c6cca1cb591a

Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large number of spoofed ARP packets, which creates a large ARP table that exhausts memory, aka Bug ID CSCsc16644. Cisco IOS Wireless access point that operates Cisco Aironet Wireless Access Points (WAP) Is illegal ARP When processing a request, there is a vulnerability where the physical memory on the device is exhausted and traffic cannot be processed.Device is out of service (DoS) It may be in a state. This issue is due to memory exhaustion caused by improper handling of an excessive number of ARP requests. This issue allows attackers who can successfully associate with a vulnerable access point to exhaust the memory of the affected device. As a result, the device fails to pass legitimate traffic until it has been rebooted. There is a loophole in Cisco Aironet's processing of ARP requests, and a remote attacker may use the loophole to carry out a denial of service attack on the device. This will cause the device to be unable to transmit traffic until it is powered off and reloaded, affecting the availability of the wireless access point, and may not be able to use management and packet forwarding services. This can be exploited by sending spoofed ARP messages to the management interface of the AP to continuously add entries to the ARP table of the device until the device runs out of memory. Successful exploitation causes the AP to be unable to pass traffic until the device is restarted, but requires the ability to send ARP messages to the management interface of the AP. SOLUTION: Update to IOS version 12.3-7-JA2. http://tools.cisco.com/support/downloads/pub/MDFTree.x?butype=wireless PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060112-wireless.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.1.3 has an undocumented administrative account with a default password, which allows local users to gain privileges via the expert command. This password is static across all installations of the software. It is possible for those running software release 4.1.3 and later to change a portion of the default administrative password, effectively addressing the vulnerability. However, earlier versions do not provide this option. In addition, CS-MARS can also perform automated tasks to alleviate safety issues. Successful exploitation of this vulnerability will allow the attacker to obtain full management rights of the CS-MARS device. The password for the account reportedly cannot be changed. Successful exploitation requires logon to the administration command line interface with e.g. the "pnadmin" account. The vulnerability has been reported in versions prior to 4.1.3. SOLUTION: Update to version 4.1.3 or later and use the "passwd expert" command to change the root password. http://www.cisco.com/pcgi-bin/tablebuild.pl/cs-mars?psrtdcat20e2 PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060111-mars.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Cisco IP Phone 7940 allows remote attackers to cause a denial of service (reboot) via a large amount of TCP SYN packets (syn flood) to arbitrary ports, as demonstrated to port 80. Cisco IP Phone 7940 is prone to a remote denial of service vulnerability. Successful exploitation causes the phone to restart. Cisco is tracking this issue as Cisco bug ID CSCef33398. Solaris is a commercial UNIX operating system developed and maintained by Sun. There is a buffer overflow vulnerability in the /usr/bin/uustat binary program of Solaris. An attacker who successfully exploits this vulnerability can completely control the return address of the execution function and execute arbitrary code with uucp user privileges. If the string length after the \"-S\" command line parameter is greater than or equal to 1152 bytes, it may cause the binary program to crash. The following example shows that the buffer is overflowed and the o1 register is completely overwritten by the letter A: bash-2.03\\% ls -l /usr/bin/uustat ---s--x--x 1 uucp uucp 62012 Jan 17 16:07 uustat bash-2.03$ /usr/bin/uustat -S `perl -e \'\'print \"A\"x3000\'\'` Segmentation Fault bash-2.03$ (gdb) info registers g0 0x0 0 g1 0xff315e98 - 13541736 g2 0x1cc00 117760 g3 0x440 1088 g4 0x0 0 g5 0x0 0 g6 0x0 0 g7 0x0 0 o0 0xff3276a8 -13470040 o1 0x41414141 1094795585 ... The vulnerability is caused due to an error in the IP Stack. SOLUTION: Update to firmware revision 7.1(1) or later, which have the capability to perform load control using TCP throttling. This prevents a device from reloading. PROVIDED AND/OR DISCOVERED BY: The vendor credits Knud Erik H\xf8jgaard. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-response-20060113-ip-phones.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792. PHPNuke EV is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. PHPNuke EV version 7.7 is vulnerable; earlier versions may also be affected. For more information: SA17543 The vulnerability has been confirmed in version 7.7-R1. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Originally reported in PHP-Nuke by sp3x. Reported in PHPNuke EV by Lostmon. ORIGINAL ADVISORY: http://lostmon.blogspot.com/2006/01/phpnuke-ev-77-search-module-query.html OTHER REFERENCES: SA17543: http://secunia.com/advisories/17543/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics Accelerator Driver 6.14.10.4308 allows attackers to cause a denial of service (crash or screen resolution change) via a long text field, as demonstrated using a long window title. This issue allows attackers to crash the display manager on Microsoft Windows XP, or cause a complete system crash on computers running Microsoft Windows 2000. Other operating systems where the affected display driver is available are also likely affected. Version 6.14.10.4308 of the Intel Graphics Accelerator driver is considered vulnerable to this issue. Other versions may also be affected. This issue will be updated as further information becomes available. This issue may be related to the one described in BID 10913 (Microsoft Windows Large Image Processing Remote Denial Of Service Vulnerability), but this has not been confirmed. Attempting to parse very long text in Mozilla Firefox triggers a buffer overflow that crashes the Windows Display Manager. This can potentially be exploited to cause a DoS e.g. by tricking a user to open a window to an overly long URL with the browser. Successful exploitation may cause the system to restart or cause the system to revert to a low resolution display mode. The vulnerability has been confirmed in version 6.14.10.4308. SOLUTION: Do not visit non-trusted websites or open non-trusted files. PROVIDED AND/OR DISCOVERED BY: $um$id ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command. Authentication is required to exploit this vulnerability.This specific flaw exists within the IMAP daemon. A lack of bounds checking during the parsing of long arguments to the FETCH verb can result in an exploitable buffer overflow. The vulnerability presents itself when the server handles a specially crafted IMAP FETCH command. This may result in memory corruption leading to a denial-of-service condition or arbitrary code execution. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system. TITLE: Ipswitch IMail Server/Collaboration Suite IMAP FETCH Vulnerability SECUNIA ADVISORY ID: SA19168 VERIFY ADVISORY: http://secunia.com/advisories/19168/ CRITICAL: Less critical IMPACT: DoS WHERE: >From remote SOFTWARE: IMail Secure Server 2006 http://secunia.com/product/8651/ IMail Server 2006 http://secunia.com/product/8653/ Ipswitch Collaboration Suite 2006 http://secunia.com/product/8652/ DESCRIPTION: A vulnerability has been reported in Ipswitch IMail Server/Collaboration Suite, which can be exploited by malicious users to cause a DoS (Denial of Service). This can be exploited to cause a buffer overflow, which crashes the server. Ipswitch Collaboration Suite 2006 Premium Edition: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/ICS/ics-premium200603.exe Ipswitch Collaboration Suite 2006 Standard Edition: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/ICS/ics-standard200603.exe IMail Secure Server 2006: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imailsecure200603.exe IMail Server 2006: ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail200603.exe PROVIDED AND/OR DISCOVERED BY: The vendor credits 3Com's Zero Day Initiative. ORIGINAL ADVISORY: http://www.ipswitch.com/support/ics/updates/ics200603prem.asp http://www.ipswitch.com/support/ics/updates/ics200603stan.asp http://www.ipswitch.com/support/imail/releases/imsec200603.asp http://www.ipswitch.com/support/imail/releases/im200603.asp ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-003.html March 13, 2006 -- CVE ID: CVE-2005-3526 -- Affected Vendor: Ipswitch -- Affected Products: Ipswitch Collaboration Suite 2006.02 and below -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since December 13, 2005 by Digital Vaccine protection filter ID 3982. -- Vendor Response: >>From http://www.ipswitch.com/support/ics/updates/ics200603prem.asp: "IMAP: Corrected a vulnerability issue where a properly crafted Fetch command causes IMAP to crash with a buffer overflow (disclosed by TippingPoint, a division of 3Com)." -- Disclosure Timeline: 2005.12.13 - Vulnerability reported to vendor 2005.12.13 - Digital Vaccine released to TippingPoint customers 2006.03.13 - Public release of advisory -- Credit: This vulnerability was discovered by Manuel Santamarina Suarez aka 'FistFuXXer'. -- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field. The attacker can trigger the vulnerability by supplying a negative HTTP Content-Length value and a large URI to the service. A successful attack can result in corrupting process memory and the execution of arbitrary code with SYSTEM privileges on Windows platforms. The vendor has reported that this issue triggers only a denial-of-service condition on other platforms. Products containing iGateway 4.0.051230 are vulnerable to this issue. iTechnology is an integrated technology that provides standard Web service interfaces for third-party products. There is a heap overflow vulnerability in iTechnology's processing of HTTP request headers. iGateway service monitors standard HTTP or SSL communication on port 5250. The service does not properly handle negative HTTP Content-Length fields. iGateway parses the Content-length field value of the HTTP request and uses this value directly in the malloc() heap allocation call, so if a negative value is provided, the heap allocation call will return a small buffer. After the malloc() call, memcpy the provided URI to the allocated buffer and overwrite it to the heap. TITLE: CA Products iGateway Service Content-Length Buffer Overflow SECUNIA ADVISORY ID: SA18591 VERIFY ADVISORY: http://secunia.com/advisories/18591/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network SOFTWARE: BrightStor ARCserve Backup 11.x http://secunia.com/product/312/ BrightStor ARCserve Backup 11.x (for Windows) http://secunia.com/product/3099/ BrightStor ARCserve Backup 9.x http://secunia.com/product/313/ BrightStor ARCserve Backup for Laptops & Desktops 11.x http://secunia.com/product/5906/ BrightStor Enterprise Backup 10.x http://secunia.com/product/314/ BrightStor Process Automation Manager 11.x http://secunia.com/product/5908/ BrightStor Storage Resource Manager 11.x http://secunia.com/product/5909/ BrightStor Storage Resource Manager 6.x http://secunia.com/product/5910/ CA Advantage Data Transformer 2.x http://secunia.com/product/5904/ CA AllFusion Harvest Change Manager 7.x http://secunia.com/product/5905/ CA BrightStor Portal 11.x http://secunia.com/product/5577/ CA BrightStor SAN Manager 11.x http://secunia.com/product/5576/ CA eTrust Admin 8.x http://secunia.com/product/5584/ CA eTrust Audit 1.x http://secunia.com/product/5911/ CA eTrust Audit 8.x http://secunia.com/product/5912/ CA eTrust Identity Minder 8.x http://secunia.com/product/5913/ CA Unicenter Service Fulfillment 2.x http://secunia.com/product/5942/ eTrust Secure Content Manager (SCM) http://secunia.com/product/3391/ DESCRIPTION: Erika Mendoza has reported a vulnerability in various CA products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the handling of HTTP data in the iGateway component. SOLUTION: Update the iGateway component to version 4.0.051230 or later. ftp://ftp.ca.com/pub/iTech/downloads/ PROVIDED AND/OR DISCOVERED BY: Erika Mendoza ORIGINAL ADVISORY: Computer Associates: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778 iDEFENSE: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Please see below for important changes to CAID 33778 (aka CVE-2005-3653; OSVDB 22688; X-Force 24269; SecurityTracker Alert ID 1015526). Changelog is near end of advisory. Regards, Ken Williams Title: CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1] CA Vulnerability ID: 33778 CA Advisory Date: 2006-01-23 Updated Advisory [v1.1]: 2006-01-26 Discovered By: Erika Mendoza reported this issue to iDefense. Mitigating Factors: None. Severity: CA has given this vulnerability a Medium risk rating. Affected Technologies: Please note that the iGateway component is not a product, but rather a common component that is included with multiple products. The iGateway component is included in the following CA products, which are consequently potentially vulnerable. Affected Products: BrightStor ARCserve Backup r11.5 BrightStor ARCserve Backup r11.1 BrightStor ARCserve Backup for Windows r11 BrightStor Enterprise Backup 10.5 BrightStor ARCserve Backup v9.01 BrightStor ARCserve Backup Laptop & Desktop r11.1 BrightStor ARCserve Backup Laptop & Desktop r11 BrightStor Process Automation Manager r11.1 BrightStor SAN Manager r11.1 BrightStor SAN Manager r11.5 BrightStor Storage Resource Manager r11.5 BrightStor Storage Resource Manager r11.1 BrightStor Storage Resource Manager 6.4 BrightStor Storage Resource Manager 6.3 BrightStor Portal 11.1 Note to BrightStor Storage Resource Manager and BrightStor Portal users: In addition to the application servers where these products are installed, all hosts that have iSponsors deployed to them for managing applications like Veritas Volume Manager and Tivoli TSM are also affected by this vulnerability. eTrust Products: eTrust Audit 1.5 SP2 (iRecorders and ARIES) eTrust Audit 1.5 SP3 (iRecorders and ARIES) eTrust Audit 8.0 (iRecorders and ARIES) eTrust Admin 8.1 eTrust Identity Minder 8.0 eTrust Secure Content Manager (SCM) R8 eTrust Integrated Threat Management (ITM) R8 eTrust Directory, R8.1 (Web Components Only) Unicenter Products: Unicenter CA Web Services Distributed Management R11 Unicenter AutoSys JM R11 Unicenter Management for WebLogic / Management for WebSphere R11 Unicenter Service Delivery R11 Unicenter Service Level Management (USLM) R11 Unicenter Application Performance Monitor R11 Unicenter Service Desk R11 Unicenter Service Desk Knowledge Tools R11 Unicenter Asset Portfolio Management R11 Unicenter Service Metric Analysis R11 Unicenter Service Catalog/Assure/Accounting R11 Unicenter MQ Management R11 Unicenter Application Server Management R11 Unicenter Web Server Management R11 Unicenter Exchange Management R11 Affected platforms: AIX, HP-UX, Linux Intel, Solaris, and Windows Status and Recommendation: Customers with vulnerable versions of the iGateway component should upgrade to the current version of iGateway (4.0.051230 or later), which is available for download from the following locations: http://supportconnect.ca.com/ ftp://ftp.ca.com/pub/iTech/downloads/ Determining the version of iGateway: To determine the version numbers of the iGateway components: Go to the igateway directory: On windows, this is %IGW_LOC% Default path for v3.*: C:\Program Files\CA\igateway Default path for v4.*: C:\Program Files\CA\SharedComponents\iTechnology On unix, Default path for v3.*: /opt/CA/igateway Default path for v4.*: the install directory path is contained in opt/CA/SharedComponents/iTechnology.location. The default path is /opt/CA/SharedComponents/iTechnology Look at the <Version> element in igateway.conf. The versions are affected by this vulnerability if you see a value LESS THAN the following: <Version>4.0.051230</Version> (note the format of v.s.YYMMDD) References: (note that URLs may wrap) CA SupportConnect: http://supportconnect.ca.com/ http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_not ice.asp CAID: 33778 CAID Advisory link: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778 CVE Reference: CVE-2005-3653 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3653 OSVDB Reference: OSVDB-22688 http://osvdb.org/22688 iDefense Reference: Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376 Changelog: v1.0 - Initial Release v1.1 - Removed several unaffected technologies; added more reference links. Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com. For technical questions or comments related to this advisory, please send email to vuln@ca.com, or contact me directly. If you discover a vulnerability in CA products, please report your findings to vuln@ca.com, or utilize our "Submit a Vulnerability" form. URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx Regards, Ken Williams ; 0xE2941985 Dir. of CA Vulnerability Research Team CA, One Computer Associates Plaza. Islandia, NY 11749 Contact http://www3.ca.com/contact/ Legal Notice http://ca.com/calegal.htm Privacy Policy http://www.ca.com/caprivacy.htm Copyright 2006 CA. All rights reserved

D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment. D-Link is an internationally renowned provider of network equipment and solutions, and its products include a variety of router equipment.  D-Link's multiple wireless access routers have a denial of service vulnerability. Remote attackers may use this vulnerability to conduct denial of service attacks on devices.  If the attacker sends three consecutive fragmented UDP packets as follows, the device will restart:  The IP header of all messages must have the same Identification Number.  Message 1:  The MORE_FRAGMENTS flag must be set to 1 (IP_MF)  Debris offset = 0  The effective part size of the message is 8 bytes. Null bytes were used in the attack code.  Message 2:  Set the MORE_FRAGMENTS flag to 1 (0x2002)  Debris offset = 16  The valid part is 8 bytes long.  Message 3:  Set the MORE_FRAGMENTS flag to 0 (0x0003)  Debris offset = 24  The valid part is 8 bytes long.  Upon receiving the above message, the affected router will immediately terminate all current connections. DI-524 takes about 1 minute to restart to restore the connection, and DI-624 takes about 30 seconds to restart. This issue is due to a flaw in affected devices that causes them to fail when attempting to reassemble certain IP packets. D-Link DI-524, DI-624, and Di-784 devices are affected by this issue. Due to code reuse among routers, other devices may also be affected. It is reported that US Robotics USR8054 devices are also affected. D-Link is a network company founded by Taiwan D-Link Group, dedicated to the R&D, production and marketing of LAN, broadband network, wireless network, voice network and related network equipment. TITLE: D-Link Wireless Access Point Denial of Service Vulnerability SECUNIA ADVISORY ID: SA18833 VERIFY ADVISORY: http://secunia.com/advisories/18833/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: D-Link DI-784 http://secunia.com/product/8029/ D-Link DI-624 http://secunia.com/product/3660/ D-Link DI-524 http://secunia.com/product/8028/ DESCRIPTION: Aaron Portnoy and Keefe Johnson has reported a vulnerability in D-Link Wireless Access Point, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the handling of fragmented UDP packets. The vulnerability has been reported in the following products: * D-Link DI-524 Wireless Router (firmware version 3.20 August 18, 2005). * D-Link DI-624 Wireless Router. * D-Link DI-784. SOLUTION: The vulnerability has reportedly been fixed in the latest firmware. PROVIDED AND/OR DISCOVERED BY: Aaron Portnoy and Keefe Johnson ORIGINAL ADVISORY: http://www.thunkers.net/~deft/advisories/dlink_udp_dos.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service (disk consumption), or make unauthorized files accessible, by uploading files through requests to certain JSP scripts, a related issue to CVE-2005-4332. Cisco Clean Access (CCA) is prone to a denial-of-service vulnerability

Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different issue than CVE-2006-4774, CVE-2006-4775, and CVE-2006-4776. The VLAN Trunking Protocol (VTP) is Cisco's proprietary protocol for centralized management of VLANs.  If a malformed VTP packet is received, some switch devices may be overloaded. However, an attacker must know the VTP domain name and send malformed VTP packets to the port configured for relay on the switch to exploit this vulnerability. Multiple Cisco switches are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause affected devices to restart, effectively denying service to legitimate users. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Cisco IOS VTP Denial of Service Vulnerability SECUNIA ADVISORY ID: SA23892 VERIFY ADVISORY: http://secunia.com/advisories/23892/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: Cisco IOS 12.x http://secunia.com/product/182/ Cisco IOS R12.x http://secunia.com/product/50/ DESCRIPTION: David Barroso Berrueta and Alfredo Andres Omella have reported a vulnerability in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). This can be exploited to cause a device to reload by sending a specially crafted VTP packet. Successful exploitation requires knowledge of the VTP domain name and the port that is configured for trunking. PROVIDED AND/OR DISCOVERED BY: Alfredo Andres Omella and David Barroso Berrueta, S21SEC ORIGINAL ADVISORY: Cisco Advisory: http://www.cisco.com/en/US/products/products_security_response09186a00807d1a81.html 21SEC Advisory: http://www.s21sec.com/es/avisos/s21sec-034-en.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive interface) via malformed packets. The Apple AirPort device is a wireless access point that provides 802.11 services to network clients.  A denial of service vulnerability exists in Apple AirPort. A malicious network attacker can send a specially crafted message, causing the network interface of the AirPort base station to stop responding. This occurs when the device handles malformed packets. Specific details regarding this issue are not currently known. This record will be updated when more information becomes available. AirPort Express firmware versions prior to 6.3 and AirPort Extreme firmware versions prior to 5.7 are vulnerable. The vulnerability is caused due to an unspecified error in the base station when handling certain network packets. SOLUTION: Apply updated firmware. ORIGINAL ADVISORY: http://docs.info.apple.com/article.html?artnum=303072 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Credit to Michael Zanetta of NETwork Security Consortium for reporting this issue

The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, AX-S4 MMS 5.01 and earlier, AX-S4 ICCP 3.0103 and earlier, and the ICCP Toolkit for MMS-EASE 4.10 and earlier, allows remote attackers to cause a denial of service (process crash) via certain network traffic, as demonstrated using a Nessus scan. A vulnerability exists in the SISCO OSI stack for Windows. If successfully exploited, an attacker could cause a denial-of-service condition. The Inter-control Center Communications Protocol (ICCP) is a protocol for communicating data in the control center of a SCADA network. A remote attacker can exploit the vulnerability to perform a denial of service attack on the service. The SISCO OSI stack on the Windows platform incorrectly handles malformed packets, and remote unauthenticated users can perform denial of service attacks on services. This issue allows remote, unauthenticated attackers to crash affected applications, denying further service to legitimate users. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: SISCO OSI Stack Denial of Service Vulnerability SECUNIA ADVISORY ID: SA22047 VERIFY ADVISORY: http://secunia.com/advisories/22047/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote SOFTWARE: SISCO MMS-EASE 7.x http://secunia.com/product/12072/ SISCO ICCP Toolkit for MMS-EASE 4.x http://secunia.com/product/12073/ SISCO AX-S4 MMS 5.x http://secunia.com/product/12071/ SISCO AX-S4 ICCP 3.x http://secunia.com/product/12070/ DESCRIPTION: A vulnerability has been reported in various SISCO products, which can be exploited by malicious people to cause a DoS (Denial of Service). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: SISCO: http://www.sisconet.com/downloads/NESSUS_Vulnerability_Announcement.pdf OTHER REFERENCES: US-CERT VU#468798: http://www.kb.cert.org/vuls/id/468798 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Drivers for certain display adapters, including (1) an unspecified ATI driver and (2) an unspecified Intel driver, might allow remote attackers to cause a denial of service (system crash) via a large JPEG image, as demonstrated in Internet Explorer using stoopid.jpg with a width and height of 9999999. Display Adapter Driver is prone to a denial-of-service vulnerability

Unspecified vulnerability in the Mac OS X kernel before 10.3.8 allows local users to cause a denial of service (temporary hang) via unspecified attack vectors related to the fan control unit (FCU) driver. There is an unknown vulnerability in the Mac OS X kernel before 10.3.8