VARIoT IoT vulnerabilities database

Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character. The Ipswitch IMail Server is vulnerable to a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Authentication is not required to exploit this vulnerability.The specific flaw exists within the SMTP daemon. A lack of bounds checking during the parsing of long strings contained within the characters '@' and ':' leads to a stack overflow vulnerability. Exploitation can result in code execution or a denial of service. Ipswitch IMail Server and Collaboration Suite are prone to a stack-overflow vulnerability. Updates are available. Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure are vulnerable. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Ipswitch IMail Server SMTP Service Unspecified Vulnerability SECUNIA ADVISORY ID: SA21795 VERIFY ADVISORY: http://secunia.com/advisories/21795/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Ipswitch Collaboration Suite 2006 http://secunia.com/product/8652/ IMail Secure Server 2006 http://secunia.com/product/8651/ IMail Server 2006 http://secunia.com/product/8653/ DESCRIPTION: A vulnerability has been reported in IMail Server, which can be exploited by malicious people to compromise a vulnerable system. ORIGINAL ADVISORY: http://www.ipswitch.com/support/ics/updates/ics20061.asp http://www.ipswitch.com/support/imail/releases/im20061.asp ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ZDI-06-028: Ipswitch Collaboration Suite SMTP Server Stack Overflow http://www.zerodayinitiative.com/advisories/ZDI-06-028.html September 7, 2006 -- CVE ID: CVE-2006-4379 -- Affected Vendor: Ipswitch -- Affected Products: ICS/IMail Server 2006 -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since August 31, 2006 by Digital Vaccine protection filter ID 4496. -- Vendor Response: Ipswitch has issued an update, version 2006.1, to correct this vulnerability. More details can be found at: http://www.ipswitch.com/support/imail/releases/im20061.asp -- Disclosure Timeline: 2006.06.22 - Vulnerability reported to vendor 2006.08.31 - Digital Vaccine released to TippingPoint customers 2006.09.07 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by an anonymous researcher. -- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product

Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs. Cisco IOS Contains source routing information GRE Packet Offset A vulnerability exists where the starting position of the source routing information is not properly calculated when releasing an encapsulated packet due to improper checks on the field.Inappropriate areas of the packet may be referred to as source routing information, and packets released from the device may be forwarded. Cisco IOS is prone to multiple vulnerabilities when decapsulating GRE routing packets. Specifically, these issues present themselves when the device handles malicious GRE packets with oversized header offset values, and also with malicious GRE packets containing modified source-routing data. A successful attack can allow an attacker to disclose sensitive information in process memory buffers, bypass security restrictions, deny service to legitimate users, or possibly crash the Cisco IOS operating system. Cisco IOS 12.0, 12.1, and 12.2 based trains are reported vulnerable. All devices running affected versions of Cisco IOS that are configured with GRE IP or GRE IP multipoint tunnels are vulnerable to this issue. Remote attackers may cause errors in device processing packets. If a specially crafted GRE message is received, the IOS device does not verify whether the offset field points to the message. If the offset value is set to a negative value, the IOS directly subtracts the offset from the integer containing the full length of the IP message. shift, resulting in buffer access out-of-bounds overflow. This may lead to interpreting the rest of the memory contents of the ring buffer as payload IP packets and re-injecting them into the routing queue with large length information: GRE decapsulated IP 0.3.74.0->0.0.1.30 (len =65407, ttl=39) GRE decapsulated IP 176.94.8.0- > 0.0.0.0 (len=64904, ttl=0) GRE decapsulated IP 0.15.31.193- > 176.94.8.0 (len=64894, ttl=237) GRE decapsulated IP 128.42.131.220->128.0.3.74 (len=64884, ttl=128) If the ring buffer can be carefully filled with legitimate traffic containing IP headers at the appropriate offsets, an attacker can create many An IP packet with a large length value. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Cisco IOS GRE Decapsulation Vulnerability SECUNIA ADVISORY ID: SA21783 VERIFY ADVISORY: http://secunia.com/advisories/21783/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: Cisco IOS R12.x http://secunia.com/product/50/ Cisco IOS 12.x http://secunia.com/product/182/ DESCRIPTION: FX has reported a vulnerability in Cisco IOS, which can be exploited by malicious people to bypass certain security restrictions. This can potentially be exploited to bypass access control lists on the router by sending specially crafted packets. NOTE: Cisco IOS version 12.0S, with a revision later than 12.0(23)S, with CEF enabled is not affected. SOLUTION: Apply patch CSCuk27655, CSCea22552, or CSCei62762. PROVIDED AND/OR DISCOVERED BY: FX, Phenoelit. ORIGINAL ADVISORY: Phenoelit: http://www.phenoelit.de/stuff/CiscoGRE.txt Cisco: http://www.cisco.com/warp/public/707/cisco-sr-20060906-gre.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder

The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on the external interface

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340. This vulnerability may allow an attacker to forge RSA signatures. A buffer overflow vulnerability in an OpenSSL library function could allow a remote attacker to execute code on an affected system. An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200612-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Mozilla Thunderbird: Multiple vulnerabilities Date: December 10, 2006 Bugs: #154448 ID: 200612-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been identified in Mozilla Thunderbird. Background ========== Mozilla Thunderbird is a popular open-source email client from the Mozilla Project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mozilla-thunderbird < 1.5.0.8 >= 1.5.0.8 2 mozilla-thunderbird-bin < 1.5.0.8 >= 1.5.0.8 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description =========== It has been identified that Mozilla Thunderbird improperly handles Script objects while they are being executed, allowing them to be modified during execution. JavaScript is disabled in Mozilla Thunderbird by default. Mozilla Thunderbird has also been found to be vulnerable to various potential buffer overflows. Lastly, the binary release of Mozilla Thunderbird is vulnerable to a low exponent RSA signature forgery issue because it is bundled with a vulnerable version of NSS. Impact ====== An attacker could entice a user to view a specially crafted email that causes a buffer overflow and again executes arbitrary code or causes a Denial of Service. An attacker could also entice a user to view an email containing specially crafted JavaScript and execute arbitrary code with the rights of the user running Mozilla Thunderbird. It is important to note that JavaScript is off by default in Mozilla Thunderbird, and enabling it is strongly discouraged. It is also possible for an attacker to create SSL/TLS or email certificates that would not be detected as invalid by the binary release of Mozilla Thunderbird, raising the possibility for Man-in-the-Middle attacks. Workaround ========== There is no known workaround at this time. Resolution ========== Users upgrading to the following releases of Mozilla Thunderbird should note that this version of Mozilla Thunderbird has been found to not display certain messages in some cases. </br> </br> All Mozilla Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.5.0.8" All Mozilla Thunderbird binary release users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.5.0.8" References ========== [ 1 ] CVE-2006-5462 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5462 [ 2 ] CVE-2006-5463 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5463 [ 3 ] CVE-2006-5464 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5464 [ 4 ] CVE-2006-5747 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5747 [ 5 ] CVE-2006-5748 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5748 [ 6 ] Mozilla Thunderbird Email Loss Bug https://bugzilla.mozilla.org/show_bug.cgi?id=360409 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200612-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Background ========== The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as 'Mozilla Application Suite'. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: rPath update for openssl SECUNIA ADVISORY ID: SA22193 VERIFY ADVISORY: http://secunia.com/advisories/22193/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: rPath Linux 1.x http://secunia.com/product/10614/ DESCRIPTION: rPath has issued an update for openssl. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. For more information: SA22130 SOLUTION: Update to: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.4-1 ORIGINAL ADVISORY: https://issues.rpath.com/browse/RPL-613 OTHER REFERENCES: SA22130: http://secunia.com/advisories/22130/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . =========================================================== Ubuntu Security Notice USN-382-1 November 16, 2006 mozilla-thunderbird vulnerabilities CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: mozilla-thunderbird 1.5.0.8-0ubuntu0.5.10 Ubuntu 6.06 LTS: mozilla-thunderbird 1.5.0.8-0ubuntu0.6.06 Ubuntu 6.10: mozilla-thunderbird 1.5.0.8-0ubuntu0.6.10 After a standard system upgrade you need to restart Thunderbird to effect the necessary changes. Details follow: USN-352-1 fixed a flaw in the verification of PKCS certificate signatures. Ulrich Kuehn discovered a variant of the original attack which the original fix did not cover. (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748) Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10.diff.gz Size/MD5: 451782 957b1eabbb35c399a9150fc148d2c8a1 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10.dsc Size/MD5: 960 3352ed8872f185027ac3ee354305eafb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8.orig.tar.gz Size/MD5: 35621218 a3b77b068da31275611ef46862c0316a amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.5.10_amd64.deb Size/MD5: 3523838 b6819a1f54c1c543ae2c6835ba477b6c http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.5.10_amd64.deb Size/MD5: 190416 761fe8dc15060c09de3013d856b79dd1 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.5.10_amd64.deb Size/MD5: 55640 617b95dd76853f2bd5d1abd60ad842d7 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10_amd64.deb Size/MD5: 11981580 188bd293b070ff01101e861eceb690a8 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.5.10_i386.deb Size/MD5: 3516580 b4c65509f97bea7dc2c207df0559651d http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.5.10_i386.deb Size/MD5: 183772 f7e72f8793eb681bd521d6963212947c http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.5.10_i386.deb Size/MD5: 51254 9e1e6d825c46a9831fd4643c846ac861 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10_i386.deb Size/MD5: 10286996 b1314587b5026e585a1da43c03748076 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.5.10_powerpc.deb Size/MD5: 3521222 aa373f9cf0e28313312b4d88d34bb2c4 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.5.10_powerpc.deb Size/MD5: 187110 07ee014b3874b619ab9252292a771d9d http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.5.10_powerpc.deb Size/MD5: 54826 04072c4224eaa979b52ac0ce1ea2d62d http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10_powerpc.deb Size/MD5: 11528020 4e67be3b40ef51e8a3a59170a72d51da sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.5.10_sparc.deb Size/MD5: 3518202 3559d6e77167adf6ad24cf2dc0ea980e http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.5.10_sparc.deb Size/MD5: 184568 c77f05b16cb004b4b28d08c87c551591 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.5.10_sparc.deb Size/MD5: 52714 d10e66393f273bd011a4b792aec0e1c6 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.5.10_sparc.deb Size/MD5: 10768484 49adf33e01df8b16dfae59539a09f6e4 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06.diff.gz Size/MD5: 454980 86dc6c3f6e7314db7f1862847aab1746 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06.dsc Size/MD5: 960 2d270b24bbe03fc5b642cac8c4183517 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8.orig.tar.gz Size/MD5: 35621218 a3b77b068da31275611ef46862c0316a amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.06_amd64.deb Size/MD5: 3528876 4d58793e693a14af93870581bcf5b7d4 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.06_amd64.deb Size/MD5: 193880 0c731b9fa2fa5556209ed28fdffd59bb http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.06_amd64.deb Size/MD5: 59120 ea7b9f02aefd49fc79250683fc277783 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06_amd64.deb Size/MD5: 11989558 3ffcc3970cae97b55a6b0ddc09e40b9b i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.06_i386.deb Size/MD5: 3520550 2dc76d9073a712a6da29dbd5e1e80d94 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.06_i386.deb Size/MD5: 187250 440d25b5232eab1e15929bf62166ee1a http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.06_i386.deb Size/MD5: 54640 8bfe36c400bca1c5fc6a3d6a079d15e7 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06_i386.deb Size/MD5: 10287496 c9e8b30b24ee9c1ea938662ec5c5c829 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.06_powerpc.deb Size/MD5: 3525980 331fb306bd301e6db588e3ae954682ec http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.06_powerpc.deb Size/MD5: 190586 6b2cd37ce0d4d218192c1701fedf2d35 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.06_powerpc.deb Size/MD5: 58236 b9adc16444e5f8a4ba184b896feeddbc http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06_powerpc.deb Size/MD5: 11560520 bf03db104a8a34d7623719d9bd2d78dd sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.06_sparc.deb Size/MD5: 3522432 9f608db55c878301303f11dda557b659 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.06_sparc.deb Size/MD5: 188046 80a01d132f407d2cc7bed5fa827f6726 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.06_sparc.deb Size/MD5: 56134 a9bb35877246b62480313cacdcaaec62 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.06_sparc.deb Size/MD5: 10759610 f8311676b1e447d52a059f673c1c8365 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10.diff.gz Size/MD5: 454992 495051c8a51c3c76f66110a9cc955da1 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10.dsc Size/MD5: 960 8de9b896031767eec82c7d4992c6a9ba http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8.orig.tar.gz Size/MD5: 35621218 a3b77b068da31275611ef46862c0316a amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.10_amd64.deb Size/MD5: 3528756 59670215a896e4928e90878dc9b04b08 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.10_amd64.deb Size/MD5: 194002 8c4679532a5a56d9ae9ef85fc10974b5 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.10_amd64.deb Size/MD5: 59126 7ae8776fabb53abe898c187cd42b3d05 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10_amd64.deb Size/MD5: 11982018 6b757d203ac93cf892a87ac8ca9a13db i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.10_i386.deb Size/MD5: 3523844 ec316699b80ad08945c58c3c7427aefa http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.10_i386.deb Size/MD5: 188658 beae7465832335242d6da367e8a79019 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.10_i386.deb Size/MD5: 55770 31263c265feb5c09cf2f7a5f692b95e7 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10_i386.deb Size/MD5: 10743540 60f03ab196fcc5160922386b2e0e27d3 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.10_powerpc.deb Size/MD5: 3526062 43038d1a52c353ccb64b0553156673b7 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.10_powerpc.deb Size/MD5: 191106 b8861d5299adce77a280852beffa9e4d http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.10_powerpc.deb Size/MD5: 58784 8c26c48f8cc8cf38bc6a0b5e8212936b http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10_powerpc.deb Size/MD5: 11690926 b727068e620efa13b2c0cd1d3899e271 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.5.0.8-0ubuntu0.6.10_sparc.deb Size/MD5: 3522380 3c544b8ac310f5ab3789a9f960a85577 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.5.0.8-0ubuntu0.6.10_sparc.deb Size/MD5: 188512 314b6bcbf287df8eeba2793fb3b2686c http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.5.0.8-0ubuntu0.6.10_sparc.deb Size/MD5: 56190 35ae6cf2ba9e5c68a16c5bfda8b7f0a3 http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.5.0.8-0ubuntu0.6.10_sparc.deb Size/MD5: 10955658 c847b48dfa1e26d4a2da0d8378127f64 . This update provides the latest Firefox to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5462 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5463 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5464 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5747 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5748 http://www.mozilla.org/security/announce/2006/mfsa2006-65.html http://www.mozilla.org/security/announce/2006/mfsa2006-66.html http://www.mozilla.org/security/announce/2006/mfsa2006-67.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: b91b0d758b80cd1e200d557954e0f439 2007.0/i586/deskbar-applet-2.16.0-3.1mdv2007.0.i586.rpm c69cea437a51263f156a883f28ba4cc4 2007.0/i586/devhelp-0.12-5.1mdv2007.0.i586.rpm 3b7c9bf926f63cac988f1ecc6fe21924 2007.0/i586/devhelp-plugins-0.12-5.1mdv2007.0.i586.rpm 45be37431714b21cdc3411d47cfc993b 2007.0/i586/epiphany-2.16.0-4.1mdv2007.0.i586.rpm 43475f16b335512313e36265297635e8 2007.0/i586/epiphany-devel-2.16.0-4.1mdv2007.0.i586.rpm c94a08e44366b583a7da5127fceaca16 2007.0/i586/epiphany-extensions-2.16.0-3.1mdv2007.0.i586.rpm 9fb4708c85d643a04b5487dbcf8a5d54 2007.0/i586/galeon-2.0.1-8.1mdv2007.0.i586.rpm c56127106df5a12e10973656d24c1a81 2007.0/i586/gnome-python-extras-2.14.2-6.1mdv2007.0.i586.rpm 846b0d6bec7d7624a5633f3e100b277f 2007.0/i586/gnome-python-gdl-2.14.2-6.1mdv2007.0.i586.rpm 4fd553ecbe4f3ae7ccc7b0901f2acb5c 2007.0/i586/gnome-python-gksu-2.14.2-6.1mdv2007.0.i586.rpm b109f4b0f8ffd6f3c42175e7d2e55789 2007.0/i586/gnome-python-gtkhtml2-2.14.2-6.1mdv2007.0.i586.rpm cb77cdfb4a195d0f119b2ab7cc5f14c9 2007.0/i586/gnome-python-gtkmozembed-2.14.2-6.1mdv2007.0.i586.rpm 742e895ca6feecf5156a9de6638e3be2 2007.0/i586/gnome-python-gtkspell-2.14.2-6.1mdv2007.0.i586.rpm 500510d8547749fbd54097f01bee92a8 2007.0/i586/libdevhelp-1_0-0.12-5.1mdv2007.0.i586.rpm 0cc3e9259cbb24f9862bf8fff6f00805 2007.0/i586/libdevhelp-1_0-devel-0.12-5.1mdv2007.0.i586.rpm 836629938d38b66e07ce7146c59bcfad 2007.0/i586/libmozilla-firefox1.5.0.8-1.5.0.8-1.1mdv2007.0.i586.rpm 885ed8e07e1bea07054574e02fadbeb9 2007.0/i586/libmozilla-firefox1.5.0.8-devel-1.5.0.8-1.1mdv2007.0.i586.rpm 0f6172194ca691de3c73e36e0f53c138 2007.0/i586/libnspr4-1.5.0.8-1.1mdv2007.0.i586.rpm 2ee2e689224d9e8cf5a546ac721723f0 2007.0/i586/libnspr4-devel-1.5.0.8-1.1mdv2007.0.i586.rpm 9027729bb27be1b4155a61d40acfad69 2007.0/i586/libnspr4-static-devel-1.5.0.8-1.1mdv2007.0.i586.rpm b22e001507090a91e85404730ce29cac 2007.0/i586/libnss3-1.5.0.8-1.1mdv2007.0.i586.rpm 5336661098db8f24270b842f1c224240 2007.0/i586/libnss3-devel-1.5.0.8-1.1mdv2007.0.i586.rpm f71a45af0db3336ee69754723812b685 2007.0/i586/libtotem-plparser1-2.16.1-2.1mdv2007.0.i586.rpm 3cabb1189288de5a3e56bcb0e10cc9e3 2007.0/i586/libtotem-plparser1-devel-2.16.1-2.1mdv2007.0.i586.rpm 1fa974233bf0aca855fdc317fe0dde6b 2007.0/i586/mozilla-firefox-1.5.0.8-1.1mdv2007.0.i586.rpm db5728ee5897673fb9e30ec5197662bf 2007.0/i586/mozilla-firefox-ar-1.5.0.8-1.1mdv2007.0.i586.rpm 02d9129452f5829c737657ad034470b4 2007.0/i586/mozilla-firefox-bg-1.5.0.8-1.1mdv2007.0.i586.rpm 7ee529b84ac1f3ca9f165bad8b2847d4 2007.0/i586/mozilla-firefox-br-1.5.0.8-1.1mdv2007.0.i586.rpm b6d1c5797bb91ca707759f73fecd15e8 2007.0/i586/mozilla-firefox-ca-1.5.0.8-1.1mdv2007.0.i586.rpm fcdd7a343fb41fe5f24de72248056834 2007.0/i586/mozilla-firefox-cs-1.5.0.8-1.1mdv2007.0.i586.rpm f19ce159de7d48f294488f643ad7bdf4 2007.0/i586/mozilla-firefox-da-1.5.0.8-1.1mdv2007.0.i586.rpm 4b27e9aa3ce6fe4e997da687eea53bbc 2007.0/i586/mozilla-firefox-de-1.5.0.8-1.1mdv2007.0.i586.rpm aaad0bfd4901285073a20bef2098cba9 2007.0/i586/mozilla-firefox-el-1.5.0.8-1.1mdv2007.0.i586.rpm edff07926737f59f8787e9937afa9b8a 2007.0/i586/mozilla-firefox-es-1.5.0.8-1.1mdv2007.0.i586.rpm 210d8c468009c721565e026296666395 2007.0/i586/mozilla-firefox-es_AR-1.5.0.8-1.1mdv2007.0.i586.rpm bdc0ba81bd408233afe07e2401e85352 2007.0/i586/mozilla-firefox-eu-1.5.0.8-1.1mdv2007.0.i586.rpm 06069ba3e43848aadcb72e6947994b87 2007.0/i586/mozilla-firefox-fi-1.5.0.8-1.1mdv2007.0.i586.rpm 5121b04fc402ed288c6cc69fd63390c9 2007.0/i586/mozilla-firefox-fr-1.5.0.8-1.1mdv2007.0.i586.rpm e012d0888e85efca0f6844dcde5425eb 2007.0/i586/mozilla-firefox-fy-1.5.0.8-1.1mdv2007.0.i586.rpm 9aa48833f1727776f299fbe44da6d640 2007.0/i586/mozilla-firefox-ga-1.5.0.8-1.1mdv2007.0.i586.rpm 9e4422078a1442d5da6f82819275f25f 2007.0/i586/mozilla-firefox-gu_IN-1.5.0.8-1.1mdv2007.0.i586.rpm 82a9d909d6c3291ae08c0cce71b44ae8 2007.0/i586/mozilla-firefox-he-1.5.0.8-1.1mdv2007.0.i586.rpm 7f2781630650b1545d55b37488978899 2007.0/i586/mozilla-firefox-hu-1.5.0.8-1.1mdv2007.0.i586.rpm 0493ee7667fefec6a3de55e935277945 2007.0/i586/mozilla-firefox-it-1.5.0.8-1.1mdv2007.0.i586.rpm 34c99eaffc8c81a1ca5fe9acd30cde21 2007.0/i586/mozilla-firefox-ja-1.5.0.8-1.1mdv2007.0.i586.rpm 85774cb7ee97e65dcb504c13ce724aee 2007.0/i586/mozilla-firefox-ko-1.5.0.8-1.1mdv2007.0.i586.rpm 2c49ee65c2445ee4786d2cb86d4429e8 2007.0/i586/mozilla-firefox-lt-1.5.0.8-1.1mdv2007.0.i586.rpm 67323c14122b6eb59e952248814109ad 2007.0/i586/mozilla-firefox-mk-1.5.0.8-1.1mdv2007.0.i586.rpm fec42dd3e26f97c6c1fccf81b91f8589 2007.0/i586/mozilla-firefox-nb-1.5.0.8-1.1mdv2007.0.i586.rpm ff411ab2378f14644688cd1320f57ea6 2007.0/i586/mozilla-firefox-nl-1.5.0.8-1.1mdv2007.0.i586.rpm b2df3df581175ae8864ec9a9e93775a7 2007.0/i586/mozilla-firefox-pa_IN-1.5.0.8-1.1mdv2007.0.i586.rpm 911a5970bd3761696b24e5d581c9a568 2007.0/i586/mozilla-firefox-pl-1.5.0.8-1.1mdv2007.0.i586.rpm ee6fbbbdbe58aed00f5ec227b3a92595 2007.0/i586/mozilla-firefox-pt-1.5.0.8-1.1mdv2007.0.i586.rpm d06fb1aed51e5e6a61674efcf3e51121 2007.0/i586/mozilla-firefox-pt_BR-1.5.0.8-1.1mdv2007.0.i586.rpm b9cf70e42a6db664db4be531a37f7081 2007.0/i586/mozilla-firefox-ro-1.5.0.8-1.1mdv2007.0.i586.rpm da8429df8cbab950a49ad4228ca6ccf3 2007.0/i586/mozilla-firefox-ru-1.5.0.8-1.1mdv2007.0.i586.rpm b423bdb3e2bebcabfe243fbbf0949eb4 2007.0/i586/mozilla-firefox-sk-1.5.0.8-1.1mdv2007.0.i586.rpm eb04f6705026d20c856d6e13e72f81cf 2007.0/i586/mozilla-firefox-sl-1.5.0.8-1.1mdv2007.0.i586.rpm 87640b95904f2312c7fae1f9f658d179 2007.0/i586/mozilla-firefox-sv-1.5.0.8-1.1mdv2007.0.i586.rpm 37931adaac825ccefd80ee8285374e94 2007.0/i586/mozilla-firefox-tr-1.5.0.8-1.1mdv2007.0.i586.rpm d64689cba4cf6937dac22efc5680874d 2007.0/i586/mozilla-firefox-uk-1.5.0.8-1.1mdv2007.0.i586.rpm 2fe43c1846f4e27e36f19d76c20c918d 2007.0/i586/mozilla-firefox-zh_CN-1.5.0.8-1.1mdv2007.0.i586.rpm ca54a9d6c8e2a6e0d532907538a44b01 2007.0/i586/mozilla-firefox-zh_TW-1.5.0.8-1.1mdv2007.0.i586.rpm 0353fb538eff1f7f1964650b08f223fb 2007.0/i586/totem-2.16.1-2.1mdv2007.0.i586.rpm e0b5fc2bbd3d70d139c3df0233e5b6ea 2007.0/i586/totem-common-2.16.1-2.1mdv2007.0.i586.rpm ac4a4d6ffbc72eeda3ac58ee9552cfa3 2007.0/i586/totem-gstreamer-2.16.1-2.1mdv2007.0.i586.rpm 76d609348d6b614f6d8fc2ed8c32441d 2007.0/i586/totem-mozilla-2.16.1-2.1mdv2007.0.i586.rpm decfb1f205b088d8674af45ac6a8aa2a 2007.0/i586/totem-mozilla-gstreamer-2.16.1-2.1mdv2007.0.i586.rpm 6c5f1b1c0c8e144a1e01bab350bdf125 2007.0/i586/yelp-2.16.0-2.1mdv2007.0.i586.rpm 01c2ab33db63e292029039474f459aae 2007.0/SRPMS/deskbar-applet-2.16.0-3.1mdv2007.0.src.rpm 5d9e32656fbb38c0c7343ebb0878146a 2007.0/SRPMS/devhelp-0.12-5.1mdv2007.0.src.rpm 0c2b87587f16838fa4a31a2c2a939cad 2007.0/SRPMS/epiphany-2.16.0-4.1mdv2007.0.src.rpm 32fa8d811ae52f9a4405894bdb5344ed 2007.0/SRPMS/epiphany-extensions-2.16.0-3.1mdv2007.0.src.rpm 7351e6dfda7596598f93c50f2ac06acf 2007.0/SRPMS/galeon-2.0.1-8.1mdv2007.0.src.rpm 55e77fdd797856bf73ae92b02105ae73 2007.0/SRPMS/gnome-python-extras-2.14.2-6.1mdv2007.0.src.rpm 83c301b1641404592346d332e2b24962 2007.0/SRPMS/mozilla-firefox-1.5.0.8-1.1mdv2007.0.src.rpm 4c88b90b47815b11763db6c6f60a08ad 2007.0/SRPMS/mozilla-firefox-l10n-1.5.0.8-1.1mdv2007.0.src.rpm 659f3151e56585d2d35dcd11806dcc0c 2007.0/SRPMS/totem-2.16.1-2.1mdv2007.0.src.rpm cfff6d40ac58bc9c5bb5d20efd1a4e0a 2007.0/SRPMS/yelp-2.16.0-2.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 80851043dd92218983323ad1a9d93668 2007.0/x86_64/deskbar-applet-2.16.0-3.1mdv2007.0.x86_64.rpm f6e80f07ecf15b967d485dbcaa9f7e8c 2007.0/x86_64/devhelp-0.12-5.1mdv2007.0.x86_64.rpm 04a535f48452519eba13d00c97b11159 2007.0/x86_64/devhelp-plugins-0.12-5.1mdv2007.0.x86_64.rpm 9c6816b2d3599f1b381c7fba9527b340 2007.0/x86_64/epiphany-2.16.0-4.1mdv2007.0.x86_64.rpm 6a6b53599dfbbd3d27c8fda5e4cc2d1c 2007.0/x86_64/epiphany-devel-2.16.0-4.1mdv2007.0.x86_64.rpm 9ab9ca8ca14379996e532a2dade68f3a 2007.0/x86_64/epiphany-extensions-2.16.0-3.1mdv2007.0.x86_64.rpm f4b923e368b05c4ce7ebeff201e40265 2007.0/x86_64/galeon-2.0.1-8.1mdv2007.0.x86_64.rpm d2a1eea4906952103afc940c600a7f75 2007.0/x86_64/gnome-python-extras-2.14.2-6.1mdv2007.0.x86_64.rpm 62d428088816a83b120559f3f915c871 2007.0/x86_64/gnome-python-gdl-2.14.2-6.1mdv2007.0.x86_64.rpm b3ab1bcaed14b17bec6b43f82fb8fdad 2007.0/x86_64/gnome-python-gksu-2.14.2-6.1mdv2007.0.x86_64.rpm 942d7c7bb0f4cf3d64ac4fcf67cdd468 2007.0/x86_64/gnome-python-gtkhtml2-2.14.2-6.1mdv2007.0.x86_64.rpm 57543cedc85f4c33f87e1959d93eb0c9 2007.0/x86_64/gnome-python-gtkmozembed-2.14.2-6.1mdv2007.0.x86_64.rpm 69c4189877051a5252555453d25ae0f5 2007.0/x86_64/gnome-python-gtkspell-2.14.2-6.1mdv2007.0.x86_64.rpm 454ad59ac0495bd1d8cc413ef0fe6643 2007.0/x86_64/lib64devhelp-1_0-0.12-5.1mdv2007.0.x86_64.rpm f7867ec9589fa978f18f902e633810f3 2007.0/x86_64/lib64devhelp-1_0-devel-0.12-5.1mdv2007.0.x86_64.rpm 3116eecdec16bbadf00c6173b2471a0e 2007.0/x86_64/lib64mozilla-firefox1.5.0.8-1.5.0.8-1.1mdv2007.0.x86_64.rpm 69eba98dffdffa568175834600567101 2007.0/x86_64/lib64mozilla-firefox1.5.0.8-devel-1.5.0.8-1.1mdv2007.0.x86_64.rpm 0c2521c7efb4fa49631ddd57206870b7 2007.0/x86_64/lib64nspr4-1.5.0.8-1.1mdv2007.0.x86_64.rpm c1c80f43574c4c949429f4f012b1f5c8 2007.0/x86_64/lib64nspr4-devel-1.5.0.8-1.1mdv2007.0.x86_64.rpm 5351fd089034e5ed4e44e52d98752f86 2007.0/x86_64/lib64nspr4-static-devel-1.5.0.8-1.1mdv2007.0.x86_64.rpm 394fb954fb75c68a9ebbbd20a5b4cff6 2007.0/x86_64/lib64nss3-1.5.0.8-1.1mdv2007.0.x86_64.rpm 7ac1ec573542b20aada4abf4483a545e 2007.0/x86_64/lib64nss3-devel-1.5.0.8-1.1mdv2007.0.x86_64.rpm 79fc091b8555ad1566a23a08a6dc1173 2007.0/x86_64/lib64totem-plparser1-2.16.1-2.1mdv2007.0.x86_64.rpm b8c4befca901874d8092c1ae003ef25c 2007.0/x86_64/lib64totem-plparser1-devel-2.16.1-2.1mdv2007.0.x86_64.rpm b2dc7ad59e244330a96814c9d8e0212a 2007.0/x86_64/mozilla-firefox-1.5.0.8-1.1mdv2007.0.x86_64.rpm 7ce40b4a2bf93cd05686e118af4838c6 2007.0/x86_64/mozilla-firefox-ar-1.5.0.8-1.1mdv2007.0.x86_64.rpm c39542f4f59411271bb46baf5648cf60 2007.0/x86_64/mozilla-firefox-bg-1.5.0.8-1.1mdv2007.0.x86_64.rpm 1b8ff77c52dfaa869b0855fadb55f0f6 2007.0/x86_64/mozilla-firefox-br-1.5.0.8-1.1mdv2007.0.x86_64.rpm 3865dafd06ae1b38a9a6c4729b8446f5 2007.0/x86_64/mozilla-firefox-ca-1.5.0.8-1.1mdv2007.0.x86_64.rpm 1cfa510ed5cce13c5c087d3d5c2a82a1 2007.0/x86_64/mozilla-firefox-cs-1.5.0.8-1.1mdv2007.0.x86_64.rpm 48d1488dbd34e1e7c97e861891000251 2007.0/x86_64/mozilla-firefox-da-1.5.0.8-1.1mdv2007.0.x86_64.rpm 01a29973e5c74d794fcfaaad573ee8c6 2007.0/x86_64/mozilla-firefox-de-1.5.0.8-1.1mdv2007.0.x86_64.rpm a39500ca6eb0040c232e5ef5cf7a91d0 2007.0/x86_64/mozilla-firefox-el-1.5.0.8-1.1mdv2007.0.x86_64.rpm 375fb37154f945d9722d2e9ff3287de9 2007.0/x86_64/mozilla-firefox-es-1.5.0.8-1.1mdv2007.0.x86_64.rpm 46d2118a894bdbde59e14fa0681daab1 2007.0/x86_64/mozilla-firefox-es_AR-1.5.0.8-1.1mdv2007.0.x86_64.rpm e3cab8d2631fc9c76c901c669c677a85 2007.0/x86_64/mozilla-firefox-eu-1.5.0.8-1.1mdv2007.0.x86_64.rpm 19e20f44c093c5d401885f9f673db7c9 2007.0/x86_64/mozilla-firefox-fi-1.5.0.8-1.1mdv2007.0.x86_64.rpm 5dedc30b432e1e9236bd2d6639a1fb05 2007.0/x86_64/mozilla-firefox-fr-1.5.0.8-1.1mdv2007.0.x86_64.rpm 0c0ab629fe2067e5ee9988dae0f92cb6 2007.0/x86_64/mozilla-firefox-fy-1.5.0.8-1.1mdv2007.0.x86_64.rpm 870b3cfcf3a0fe0001d77f9cd6f07fdc 2007.0/x86_64/mozilla-firefox-ga-1.5.0.8-1.1mdv2007.0.x86_64.rpm 28bf3c7257b6e23805efc4386d5c520b 2007.0/x86_64/mozilla-firefox-gu_IN-1.5.0.8-1.1mdv2007.0.x86_64.rpm b6fdd904314ab62a67d521761ca83975 2007.0/x86_64/mozilla-firefox-he-1.5.0.8-1.1mdv2007.0.x86_64.rpm b35feb2b469f18ffb37fdb7ab631284c 2007.0/x86_64/mozilla-firefox-hu-1.5.0.8-1.1mdv2007.0.x86_64.rpm ecbdd5415283fc99cead2d1a2e30d7d7 2007.0/x86_64/mozilla-firefox-it-1.5.0.8-1.1mdv2007.0.x86_64.rpm 0b08708225efb7a1ad0e2a93efcaaecb 2007.0/x86_64/mozilla-firefox-ja-1.5.0.8-1.1mdv2007.0.x86_64.rpm 64f8dab64d7edacdd8dea9312f3bc371 2007.0/x86_64/mozilla-firefox-ko-1.5.0.8-1.1mdv2007.0.x86_64.rpm 190710b65f4a1cc46bdf26654bc97711 2007.0/x86_64/mozilla-firefox-lt-1.5.0.8-1.1mdv2007.0.x86_64.rpm 8ca2562da91458eccc590fc610dff9c4 2007.0/x86_64/mozilla-firefox-mk-1.5.0.8-1.1mdv2007.0.x86_64.rpm bcf462e1a0eec021e9aab03fb7480f76 2007.0/x86_64/mozilla-firefox-nb-1.5.0.8-1.1mdv2007.0.x86_64.rpm d2fbfeed3c54958b05d13fac09c173c6 2007.0/x86_64/mozilla-firefox-nl-1.5.0.8-1.1mdv2007.0.x86_64.rpm b8cef648a1529759b7b2a70b915eca38 2007.0/x86_64/mozilla-firefox-pa_IN-1.5.0.8-1.1mdv2007.0.x86_64.rpm 05feec907328879bb87f3bc28b9d248f 2007.0/x86_64/mozilla-firefox-pl-1.5.0.8-1.1mdv2007.0.x86_64.rpm df425a9aba8146cba8905bfe460cb862 2007.0/x86_64/mozilla-firefox-pt-1.5.0.8-1.1mdv2007.0.x86_64.rpm 5b3fe1c5ee087b003269049d68f3ee13 2007.0/x86_64/mozilla-firefox-pt_BR-1.5.0.8-1.1mdv2007.0.x86_64.rpm 08a2711a6f6117158630f60500ae5986 2007.0/x86_64/mozilla-firefox-ro-1.5.0.8-1.1mdv2007.0.x86_64.rpm dd8348feec156ef4ae500129e212b044 2007.0/x86_64/mozilla-firefox-ru-1.5.0.8-1.1mdv2007.0.x86_64.rpm 68faaf2302efde9c04bc63d481be7467 2007.0/x86_64/mozilla-firefox-sk-1.5.0.8-1.1mdv2007.0.x86_64.rpm ad0f25da8b2331ea10eced98a902ce3a 2007.0/x86_64/mozilla-firefox-sl-1.5.0.8-1.1mdv2007.0.x86_64.rpm d68781b83b403363063d96df642d83c7 2007.0/x86_64/mozilla-firefox-sv-1.5.0.8-1.1mdv2007.0.x86_64.rpm 120fe382a40f46677aa7e07672af6e8e 2007.0/x86_64/mozilla-firefox-tr-1.5.0.8-1.1mdv2007.0.x86_64.rpm 58271805cec18b640c478662226aa4c2 2007.0/x86_64/mozilla-firefox-uk-1.5.0.8-1.1mdv2007.0.x86_64.rpm 1c64c9af61a9a9c101dc8339746d29a0 2007.0/x86_64/mozilla-firefox-zh_CN-1.5.0.8-1.1mdv2007.0.x86_64.rpm 7b62a0cd4b6f22710f5dea490c69cd77 2007.0/x86_64/mozilla-firefox-zh_TW-1.5.0.8-1.1mdv2007.0.x86_64.rpm a349937cee9565d010122b8dfe81da94 2007.0/x86_64/totem-2.16.1-2.1mdv2007.0.x86_64.rpm 3672074a8d7a1f064b5a783a583d4da7 2007.0/x86_64/totem-common-2.16.1-2.1mdv2007.0.x86_64.rpm 361606c2139028e96419a7c57c50dd9a 2007.0/x86_64/totem-gstreamer-2.16.1-2.1mdv2007.0.x86_64.rpm 7a50ef64653d6a9b78a5cdc278b4bcfa 2007.0/x86_64/totem-mozilla-2.16.1-2.1mdv2007.0.x86_64.rpm 361bf8fcba11cc9ddab784a0e3c9706d 2007.0/x86_64/totem-mozilla-gstreamer-2.16.1-2.1mdv2007.0.x86_64.rpm a58c9e43565011c27bb5d727d0d071e8 2007.0/x86_64/yelp-2.16.0-2.1mdv2007.0.x86_64.rpm 01c2ab33db63e292029039474f459aae 2007.0/SRPMS/deskbar-applet-2.16.0-3.1mdv2007.0.src.rpm 5d9e32656fbb38c0c7343ebb0878146a 2007.0/SRPMS/devhelp-0.12-5.1mdv2007.0.src.rpm 0c2b87587f16838fa4a31a2c2a939cad 2007.0/SRPMS/epiphany-2.16.0-4.1mdv2007.0.src.rpm 32fa8d811ae52f9a4405894bdb5344ed 2007.0/SRPMS/epiphany-extensions-2.16.0-3.1mdv2007.0.src.rpm 7351e6dfda7596598f93c50f2ac06acf 2007.0/SRPMS/galeon-2.0.1-8.1mdv2007.0.src.rpm 55e77fdd797856bf73ae92b02105ae73 2007.0/SRPMS/gnome-python-extras-2.14.2-6.1mdv2007.0.src.rpm 83c301b1641404592346d332e2b24962 2007.0/SRPMS/mozilla-firefox-1.5.0.8-1.1mdv2007.0.src.rpm 4c88b90b47815b11763db6c6f60a08ad 2007.0/SRPMS/mozilla-firefox-l10n-1.5.0.8-1.1mdv2007.0.src.rpm 659f3151e56585d2d35dcd11806dcc0c 2007.0/SRPMS/totem-2.16.1-2.1mdv2007.0.src.rpm cfff6d40ac58bc9c5bb5d20efd1a4e0a 2007.0/SRPMS/yelp-2.16.0-2.1mdv2007.0.src.rpm Corporate 3.0: e9c20691dca1541a9ca1410554d8860d corporate/3.0/i586/libnspr4-1.5.0.8-0.1.C30mdk.i586.rpm 2d7eb84862b6c15cb765095290bc55be corporate/3.0/i586/libnspr4-devel-1.5.0.8-0.1.C30mdk.i586.rpm 3ba8dd79e1593e672f33107631d84e4a corporate/3.0/i586/libnspr4-static-devel-1.5.0.8-0.1.C30mdk.i586.rpm 827734706e6af0fb0402dcbc57f677a6 corporate/3.0/i586/libnss3-1.5.0.8-0.1.C30mdk.i586.rpm 0e16702e278ff43264ed7069ff31a59b corporate/3.0/i586/libnss3-devel-1.5.0.8-0.1.C30mdk.i586.rpm 15674f3f327a0860c0feffc89dcc8c45 corporate/3.0/i586/mozilla-firefox-1.5.0.8-0.1.C30mdk.i586.rpm fa5318afe39b796670cd0ab0410cdc4b corporate/3.0/i586/mozilla-firefox-ar-1.5.0.8-0.1.C30mdk.i586.rpm 4d9dca29468193ef164eb5d3dd852370 corporate/3.0/i586/mozilla-firefox-bg-1.5.0.8-0.1.C30mdk.i586.rpm 3f049db808da48baeeec58f836e4cd66 corporate/3.0/i586/mozilla-firefox-br-1.5.0.8-0.1.C30mdk.i586.rpm f63860a2a8c7a314fd3eb8b3fa7da20b corporate/3.0/i586/mozilla-firefox-ca-1.5.0.8-0.1.C30mdk.i586.rpm 6f1b26e0fa8f93cc8147006df4cdc76f corporate/3.0/i586/mozilla-firefox-cs-1.5.0.8-0.1.C30mdk.i586.rpm 7a0738e2c91215dadc79e375040530ef corporate/3.0/i586/mozilla-firefox-da-1.5.0.8-0.1.C30mdk.i586.rpm 764108d488fe48455d856ff67b407056 corporate/3.0/i586/mozilla-firefox-de-1.5.0.8-0.1.C30mdk.i586.rpm b20e8871620a89f08b95f01a568da207 corporate/3.0/i586/mozilla-firefox-devel-1.5.0.8-0.1.C30mdk.i586.rpm c462bce9ea56a861a036c3b814d978a4 corporate/3.0/i586/mozilla-firefox-el-1.5.0.8-0.1.C30mdk.i586.rpm 9feed3de38ac8e209030c07197432bac corporate/3.0/i586/mozilla-firefox-es-1.5.0.8-0.1.C30mdk.i586.rpm 14214019c8d4f5a98639d3c38aa851d2 corporate/3.0/i586/mozilla-firefox-es_AR-1.5.0.8-0.1.C30mdk.i586.rpm f3795974e5a4931378e0b974cd177248 corporate/3.0/i586/mozilla-firefox-eu-1.5.0.8-0.1.C30mdk.i586.rpm 79c37baa0cdc11d93605a8cb2cea005e corporate/3.0/i586/mozilla-firefox-fi-1.5.0.8-0.1.C30mdk.i586.rpm 3a0f6e44d1c19a37ef19874919ceed39 corporate/3.0/i586/mozilla-firefox-fr-1.5.0.8-0.1.C30mdk.i586.rpm b0a19b03ec982f5d9db5f67a7aaa7363 corporate/3.0/i586/mozilla-firefox-fy-1.5.0.8-0.1.C30mdk.i586.rpm 80a06d2f1788ed174e385abc55eb3051 corporate/3.0/i586/mozilla-firefox-ga-1.5.0.8-0.1.C30mdk.i586.rpm 9bca565677ded374c572c1ec4678ff30 corporate/3.0/i586/mozilla-firefox-gu_IN-1.5.0.8-0.1.C30mdk.i586.rpm 4928af899e49f32c716fbe9c2ac85dda corporate/3.0/i586/mozilla-firefox-he-1.5.0.8-0.1.C30mdk.i586.rpm d014b763538d2dfbea52fa20bcbaa98a corporate/3.0/i586/mozilla-firefox-hu-1.5.0.8-0.1.C30mdk.i586.rpm f42a5f2c796542eed3fcbf7551d32847 corporate/3.0/i586/mozilla-firefox-it-1.5.0.8-0.1.C30mdk.i586.rpm 8e76658aba8fefe0b8ec693c67285b5f corporate/3.0/i586/mozilla-firefox-ja-1.5.0.8-0.1.C30mdk.i586.rpm 0f4f0e40655aed7ace4a0e051fc823f3 corporate/3.0/i586/mozilla-firefox-ko-1.5.0.8-0.1.C30mdk.i586.rpm e1ecef228b514caddce72529d900b05f corporate/3.0/i586/mozilla-firefox-lt-1.5.0.8-0.1.C30mdk.i586.rpm 1b4a0afc69e2590c5e20520bc84ed06e corporate/3.0/i586/mozilla-firefox-mk-1.5.0.8-0.1.C30mdk.i586.rpm cb134936baa5ee67377769999ea287fe corporate/3.0/i586/mozilla-firefox-nb-1.5.0.8-0.1.C30mdk.i586.rpm 578f14a4978f05a080f25d47c5a8e622 corporate/3.0/i586/mozilla-firefox-nl-1.5.0.8-0.1.C30mdk.i586.rpm e8d5043f825abdfbb4f13d25d41e5ef7 corporate/3.0/i586/mozilla-firefox-pa_IN-1.5.0.8-0.1.C30mdk.i586.rpm 6df93a7969b4067886408ea930396996 corporate/3.0/i586/mozilla-firefox-pl-1.5.0.8-0.1.C30mdk.i586.rpm c3a9a9eddcd1ec358028a26c3d006250 corporate/3.0/i586/mozilla-firefox-pt-1.5.0.8-0.1.C30mdk.i586.rpm 25d505054fc99454df1865bf121c155f corporate/3.0/i586/mozilla-firefox-pt_BR-1.5.0.8-0.1.C30mdk.i586.rpm 0ff148c48951ffa94d2a6bfdcb766ec8 corporate/3.0/i586/mozilla-firefox-ro-1.5.0.8-0.1.C30mdk.i586.rpm 04ab3e6e9963a7b86716be7b14baa5af corporate/3.0/i586/mozilla-firefox-ru-1.5.0.8-0.1.C30mdk.i586.rpm 3ada50ce8ecf2126814db37880c992f2 corporate/3.0/i586/mozilla-firefox-sk-1.5.0.8-0.1.C30mdk.i586.rpm 4a66117b50427bc2aa2839111b7ab638 corporate/3.0/i586/mozilla-firefox-sl-1.5.0.8-0.1.C30mdk.i586.rpm 6439f21230de80d007347d35b96e2797 corporate/3.0/i586/mozilla-firefox-sv-1.5.0.8-0.1.C30mdk.i586.rpm eeda1db56835e2ba3b74eff551360fb6 corporate/3.0/i586/mozilla-firefox-tr-1.5.0.8-0.1.C30mdk.i586.rpm 12f8d54646eafff347eeacac23a47b8d corporate/3.0/i586/mozilla-firefox-uk-1.5.0.8-0.1.C30mdk.i586.rpm 1e47c896b6401e714a409ea34dc005ea corporate/3.0/i586/mozilla-firefox-zh_CN-1.5.0.8-0.1.C30mdk.i586.rpm 9bdebb599b7ef9d63c5e0f589ce6567d corporate/3.0/i586/mozilla-firefox-zh_TW-1.5.0.8-0.1.C30mdk.i586.rpm 86b4b1bfc9b8a084cad7ee7d46be291b corporate/3.0/SRPMS/mozilla-firefox-1.5.0.8-0.1.C30mdk.src.rpm 2f0e72d3924aff74bc9a55a41b44f60f corporate/3.0/SRPMS/mozilla-firefox-l10n-1.5.0.8-0.1.C30mdk.src.rpm Corporate 3.0/X86_64: e41213dc5c63b46a3917bd2b6fdf6b26 corporate/3.0/x86_64/lib64nspr4-1.5.0.8-0.1.C30mdk.x86_64.rpm 363650fb4785c9aa32a17d308ab85fbe corporate/3.0/x86_64/lib64nspr4-devel-1.5.0.8-0.1.C30mdk.x86_64.rpm 9f775b9a58d3553e813cbc3a2c6c859c corporate/3.0/x86_64/lib64nspr4-static-devel-1.5.0.8-0.1.C30mdk.x86_64.rpm 44539ac13c8e371ee870f96f03f89bfc corporate/3.0/x86_64/lib64nss3-1.5.0.8-0.1.C30mdk.x86_64.rpm 2c490eb3dfbe2e56b4e2ff479e48fe03 corporate/3.0/x86_64/lib64nss3-devel-1.5.0.8-0.1.C30mdk.x86_64.rpm f26042362f1e2f8455c9199f9d9d4f4b corporate/3.0/x86_64/mozilla-firefox-1.5.0.8-0.1.C30mdk.x86_64.rpm 44b63c9d73c9070351da9656a1bc8e40 corporate/3.0/x86_64/mozilla-firefox-ar-1.5.0.8-0.1.C30mdk.x86_64.rpm 4d3c868d4001fbfc3d95d6245eae0c6f corporate/3.0/x86_64/mozilla-firefox-bg-1.5.0.8-0.1.C30mdk.x86_64.rpm 400cfc94d7a111147e97f3373d4af37b corporate/3.0/x86_64/mozilla-firefox-br-1.5.0.8-0.1.C30mdk.x86_64.rpm 1aa20a7377c52bdb860f5192d6d5d2a3 corporate/3.0/x86_64/mozilla-firefox-ca-1.5.0.8-0.1.C30mdk.x86_64.rpm a6dace88a4772e17536cbb6805539379 corporate/3.0/x86_64/mozilla-firefox-cs-1.5.0.8-0.1.C30mdk.x86_64.rpm cf1715ff43e1226b6880c0547194070d corporate/3.0/x86_64/mozilla-firefox-da-1.5.0.8-0.1.C30mdk.x86_64.rpm ae5c0718f9fc85a7666b53d355a1fac4 corporate/3.0/x86_64/mozilla-firefox-de-1.5.0.8-0.1.C30mdk.x86_64.rpm 92c3c4477e3310a70f1cff09a7b5c6c7 corporate/3.0/x86_64/mozilla-firefox-devel-1.5.0.8-0.1.C30mdk.x86_64.rpm 48220b6c5f543dccb50f75e7eb0ab72d corporate/3.0/x86_64/mozilla-firefox-el-1.5.0.8-0.1.C30mdk.x86_64.rpm eb7dc2896ee4936d565d91c050ff7b03 corporate/3.0/x86_64/mozilla-firefox-es-1.5.0.8-0.1.C30mdk.x86_64.rpm 4c2b296ed6b27d552549be92077c1f72 corporate/3.0/x86_64/mozilla-firefox-es_AR-1.5.0.8-0.1.C30mdk.x86_64.rpm a77469216f5d9774a2540c6142023596 corporate/3.0/x86_64/mozilla-firefox-eu-1.5.0.8-0.1.C30mdk.x86_64.rpm 6a2729173eb1b8964017258bf5183b20 corporate/3.0/x86_64/mozilla-firefox-fi-1.5.0.8-0.1.C30mdk.x86_64.rpm c543760efaaa21393a736dfbc69d8564 corporate/3.0/x86_64/mozilla-firefox-fr-1.5.0.8-0.1.C30mdk.x86_64.rpm 47a1bf39777d2a0f15afbac99c95e488 corporate/3.0/x86_64/mozilla-firefox-fy-1.5.0.8-0.1.C30mdk.x86_64.rpm ed9cd505277126d4b0666dc50180843c corporate/3.0/x86_64/mozilla-firefox-ga-1.5.0.8-0.1.C30mdk.x86_64.rpm 5b491a1ab10b5344287af12bb23ca2ec corporate/3.0/x86_64/mozilla-firefox-gu_IN-1.5.0.8-0.1.C30mdk.x86_64.rpm bba60554281d8e66eb12c7e2f1c286eb corporate/3.0/x86_64/mozilla-firefox-he-1.5.0.8-0.1.C30mdk.x86_64.rpm 499df4d089285c7347f7796526cdeed8 corporate/3.0/x86_64/mozilla-firefox-hu-1.5.0.8-0.1.C30mdk.x86_64.rpm 0590b36a3507d20a1554a921f2df290e corporate/3.0/x86_64/mozilla-firefox-it-1.5.0.8-0.1.C30mdk.x86_64.rpm 1090726474a874691c600de1ff3d7fe4 corporate/3.0/x86_64/mozilla-firefox-ja-1.5.0.8-0.1.C30mdk.x86_64.rpm f1854c1973d2067aeb47717e02e1b978 corporate/3.0/x86_64/mozilla-firefox-ko-1.5.0.8-0.1.C30mdk.x86_64.rpm 66281573f2dfbb13247b4efd83c5eac9 corporate/3.0/x86_64/mozilla-firefox-lt-1.5.0.8-0.1.C30mdk.x86_64.rpm bf8ffc3d1ca00b9aa9c3da330d0894f9 corporate/3.0/x86_64/mozilla-firefox-mk-1.5.0.8-0.1.C30mdk.x86_64.rpm 0730fcca475a3ccf41bdcd5a5b381704 corporate/3.0/x86_64/mozilla-firefox-nb-1.5.0.8-0.1.C30mdk.x86_64.rpm c2efc6cc73f5e10cf13f8640295dbec5 corporate/3.0/x86_64/mozilla-firefox-nl-1.5.0.8-0.1.C30mdk.x86_64.rpm e93489555defa4d394a07d7c3be044e9 corporate/3.0/x86_64/mozilla-firefox-pa_IN-1.5.0.8-0.1.C30mdk.x86_64.rpm 5c3d5d884c5f1e198fd0dcb0ea35b53b corporate/3.0/x86_64/mozilla-firefox-pl-1.5.0.8-0.1.C30mdk.x86_64.rpm b4fa89a62c4a3f75d7329d2c61829249 corporate/3.0/x86_64/mozilla-firefox-pt-1.5.0.8-0.1.C30mdk.x86_64.rpm 98b5d2228cfe87430979350dede26382 corporate/3.0/x86_64/mozilla-firefox-pt_BR-1.5.0.8-0.1.C30mdk.x86_64.rpm 121bb72512fe0cb739a8dfea2cb77334 corporate/3.0/x86_64/mozilla-firefox-ro-1.5.0.8-0.1.C30mdk.x86_64.rpm 6690c024983dc636337c330a14d18f9b corporate/3.0/x86_64/mozilla-firefox-ru-1.5.0.8-0.1.C30mdk.x86_64.rpm c4f5525868b98ccfd265fb078e026c41 corporate/3.0/x86_64/mozilla-firefox-sk-1.5.0.8-0.1.C30mdk.x86_64.rpm c5732b363604b60387260935eb3d6ad1 corporate/3.0/x86_64/mozilla-firefox-sl-1.5.0.8-0.1.C30mdk.x86_64.rpm 215eedd08847949966f593fbc652866e corporate/3.0/x86_64/mozilla-firefox-sv-1.5.0.8-0.1.C30mdk.x86_64.rpm e8b937a222ebbee6497e8679832aa4c8 corporate/3.0/x86_64/mozilla-firefox-tr-1.5.0.8-0.1.C30mdk.x86_64.rpm 82416aec298b336154c6fdf780563623 corporate/3.0/x86_64/mozilla-firefox-uk-1.5.0.8-0.1.C30mdk.x86_64.rpm 5229c9bdb1da356f715dadc18939783d corporate/3.0/x86_64/mozilla-firefox-zh_CN-1.5.0.8-0.1.C30mdk.x86_64.rpm 04150ecca5dbfe244090af9cccd076ed corporate/3.0/x86_64/mozilla-firefox-zh_TW-1.5.0.8-0.1.C30mdk.x86_64.rpm 86b4b1bfc9b8a084cad7ee7d46be291b corporate/3.0/SRPMS/mozilla-firefox-1.5.0.8-0.1.C30mdk.src.rpm 2f0e72d3924aff74bc9a55a41b44f60f corporate/3.0/SRPMS/mozilla-firefox-l10n-1.5.0.8-0.1.C30mdk.src.rpm Corporate 4.0: 088124d1ec139440c91f40f6259d60f7 corporate/4.0/i586/libnspr4-1.5.0.8-0.1.20060mlcs4.i586.rpm 4935d71a7f50c711f7061da070e452c3 corporate/4.0/i586/libnspr4-devel-1.5.0.8-0.1.20060mlcs4.i586.rpm f95cb35be57af2fcc1011d712b830b91 corporate/4.0/i586/libnspr4-static-devel-1.5.0.8-0.1.20060mlcs4.i586.rpm c68520b4ad039d1d03930ed225bd3dc7 corporate/4.0/i586/libnss3-1.5.0.8-0.1.20060mlcs4.i586.rpm a2ffb796cabd43984cc00f26a048b44b corporate/4.0/i586/libnss3-devel-1.5.0.8-0.1.20060mlcs4.i586.rpm ba7e80138f2678ae6951c5aa8c609356 corporate/4.0/i586/mozilla-firefox-1.5.0.8-0.1.20060mlcs4.i586.rpm db5bde23f45cabf3d8eb575e1366a373 corporate/4.0/i586/mozilla-firefox-ar-1.5.0.8-0.1.20060mlcs4.i586.rpm 0cf58005ddcc3024988abe09210c062c corporate/4.0/i586/mozilla-firefox-bg-1.5.0.8-0.1.20060mlcs4.i586.rpm 585ab33b50a390dc9f3ea1d40c7133cc corporate/4.0/i586/mozilla-firefox-br-1.5.0.8-0.1.20060mlcs4.i586.rpm 74f91ca40bc294828604faf640c97dc5 corporate/4.0/i586/mozilla-firefox-ca-1.5.0.8-0.1.20060mlcs4.i586.rpm 44c6d74403d8b35d65a1a1c25c98beda corporate/4.0/i586/mozilla-firefox-cs-1.5.0.8-0.1.20060mlcs4.i586.rpm 4203e096f8f6bee19998ce6b3ddb3eb2 corporate/4.0/i586/mozilla-firefox-da-1.5.0.8-0.1.20060mlcs4.i586.rpm 01d38722c97ac1fc18d062665aec4ef7 corporate/4.0/i586/mozilla-firefox-de-1.5.0.8-0.1.20060mlcs4.i586.rpm 8ebaa2edb49e3feec867225959494c85 corporate/4.0/i586/mozilla-firefox-devel-1.5.0.8-0.1.20060mlcs4.i586.rpm c4749e3562d63e15430e21d0dd9a7215 corporate/4.0/i586/mozilla-firefox-el-1.5.0.8-0.1.20060mlcs4.i586.rpm 877eed1cb682f64f9a2b9ef2f4257e34 corporate/4.0/i586/mozilla-firefox-es-1.5.0.8-0.1.20060mlcs4.i586.rpm c73011439b0c874d3be5a207c8182689 corporate/4.0/i586/mozilla-firefox-es_AR-1.5.0.8-0.1.20060mlcs4.i586.rpm 7370aadeeaf66b52058594037146b4f4 corporate/4.0/i586/mozilla-firefox-eu-1.5.0.8-0.1.20060mlcs4.i586.rpm 832e859a8b62126a77dfeb7b8086d21c corporate/4.0/i586/mozilla-firefox-fi-1.5.0.8-0.1.20060mlcs4.i586.rpm 02e7fed06cce9eb2e8ead70ff6c2aa49 corporate/4.0/i586/mozilla-firefox-fr-1.5.0.8-0.1.20060mlcs4.i586.rpm 9338908202a07748f8ce6eb262eb7865 corporate/4.0/i586/mozilla-firefox-fy-1.5.0.8-0.1.20060mlcs4.i586.rpm 7b4b941ac54ed8dcd70d48d6945b158e corporate/4.0/i586/mozilla-firefox-ga-1.5.0.8-0.1.20060mlcs4.i586.rpm 3b06ebef8316fbec787b73e4506dd1bd corporate/4.0/i586/mozilla-firefox-gu_IN-1.5.0.8-0.1.20060mlcs4.i586.rpm cf225d052aa0ef653c1038db6c485eb1 corporate/4.0/i586/mozilla-firefox-he-1.5.0.8-0.1.20060mlcs4.i586.rpm 7034f3d156e4e78e729f148cc8f2bf69 corporate/4.0/i586/mozilla-firefox-hu-1.5.0.8-0.1.20060mlcs4.i586.rpm e2dbd8037553ba7727d715000440f43a corporate/4.0/i586/mozilla-firefox-it-1.5.0.8-0.1.20060mlcs4.i586.rpm ac4472ae342aa2dce68239402dfd12ea corporate/4.0/i586/mozilla-firefox-ja-1.5.0.8-0.1.20060mlcs4.i586.rpm 87da0b6c52d5c066a43dd62bb3849970 corporate/4.0/i586/mozilla-firefox-ko-1.5.0.8-0.1.20060mlcs4.i586.rpm 0c7d6aa08b63a3c24c33ffa3cdc592a7 corporate/4.0/i586/mozilla-firefox-lt-1.5.0.8-0.1.20060mlcs4.i586.rpm 5b85537051503f852604a9a32cdd388b corporate/4.0/i586/mozilla-firefox-mk-1.5.0.8-0.1.20060mlcs4.i586.rpm 873c8a9ccab7a3f0b3ea5eb649ed5647 corporate/4.0/i586/mozilla-firefox-nb-1.5.0.8-0.1.20060mlcs4.i586.rpm 1ef55e1d5c7c498bd4ed8323e9bbf4a7 corporate/4.0/i586/mozilla-firefox-nl-1.5.0.8-0.1.20060mlcs4.i586.rpm c62cc43b661fc61658c630f4000e124f corporate/4.0/i586/mozilla-firefox-pa_IN-1.5.0.8-0.1.20060mlcs4.i586.rpm 1a2aacf34a5b39c34aefdd38579f0c3c corporate/4.0/i586/mozilla-firefox-pl-1.5.0.8-0.1.20060mlcs4.i586.rpm bbd43b6930ed48a19d8e623b7f70efcd corporate/4.0/i586/mozilla-firefox-pt-1.5.0.8-0.1.20060mlcs4.i586.rpm 71bc48ed5b8dc6404f7ae3af9fa9b841 corporate/4.0/i586/mozilla-firefox-pt_BR-1.5.0.8-0.1.20060mlcs4.i586.rpm 14a8e53126599ced68d931f38fecf1bf corporate/4.0/i586/mozilla-firefox-ro-1.5.0.8-0.1.20060mlcs4.i586.rpm e60329757a9ffe3b27c7be5a214c4ed3 corporate/4.0/i586/mozilla-firefox-ru-1.5.0.8-0.1.20060mlcs4.i586.rpm cabedd45cd2a0d3d1015499269ea98b4 corporate/4.0/i586/mozilla-firefox-sk-1.5.0.8-0.1.20060mlcs4.i586.rpm ea1422e5b3266ef79aa8f5f462438d69 corporate/4.0/i586/mozilla-firefox-sl-1.5.0.8-0.1.20060mlcs4.i586.rpm 598e8f43608641c737bec8617e26c832 corporate/4.0/i586/mozilla-firefox-sv-1.5.0.8-0.1.20060mlcs4.i586.rpm 93c3f8e73ef4522850485008acaf4bed corporate/4.0/i586/mozilla-firefox-tr-1.5.0.8-0.1.20060mlcs4.i586.rpm f59b22a253f53c8f252e0b77629597c1 corporate/4.0/i586/mozilla-firefox-uk-1.5.0.8-0.1.20060mlcs4.i586.rpm 3007ea5ed5980a2b1ddeaefdea33638b corporate/4.0/i586/mozilla-firefox-zh_CN-1.5.0.8-0.1.20060mlcs4.i586.rpm c503fd11f3664f863aced8cfe44f6b82 corporate/4.0/i586/mozilla-firefox-zh_TW-1.5.0.8-0.1.20060mlcs4.i586.rpm ec0dee65b1a8045682b753c6e952e84f corporate/4.0/SRPMS/mozilla-firefox-1.5.0.8-0.1.20060mlcs4.src.rpm 3891c87832bbe8586a5a89635d17aac4 corporate/4.0/SRPMS/mozilla-firefox-l10n-1.5.0.8-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 813367131571fd2de6015d97fcdbd96c corporate/4.0/x86_64/lib64nspr4-1.5.0.8-0.1.20060mlcs4.x86_64.rpm bd8eac475b3e616d7727f78870838e2a corporate/4.0/x86_64/lib64nspr4-devel-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 262c97f8a4a11b4e1d05a3c79106920b corporate/4.0/x86_64/lib64nspr4-static-devel-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 4eb7982644b66cdb045c941e96f0ba6b corporate/4.0/x86_64/lib64nss3-1.5.0.8-0.1.20060mlcs4.x86_64.rpm e447d521d2cadf03456b6cf47f204e27 corporate/4.0/x86_64/lib64nss3-devel-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 870e49d6e0a0e8d328ea8588968377d4 corporate/4.0/x86_64/mozilla-firefox-1.5.0.8-0.1.20060mlcs4.x86_64.rpm fe479bec573c685eb5a524d43e034e4b corporate/4.0/x86_64/mozilla-firefox-ar-1.5.0.8-0.1.20060mlcs4.x86_64.rpm e3b17bdb5a04725d06feb9eaaed5bb13 corporate/4.0/x86_64/mozilla-firefox-bg-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 81141ec8733b0b1ddb6a03683438da92 corporate/4.0/x86_64/mozilla-firefox-br-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 99cdba287d60a5fcbc725e6a1411c88c corporate/4.0/x86_64/mozilla-firefox-ca-1.5.0.8-0.1.20060mlcs4.x86_64.rpm e0f7a0e82af8c8494662d3fa19140e79 corporate/4.0/x86_64/mozilla-firefox-cs-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 1f6bc24ee3bef8182d00ab4df69ec387 corporate/4.0/x86_64/mozilla-firefox-da-1.5.0.8-0.1.20060mlcs4.x86_64.rpm b0f068ede8420a34af18c171a40aace4 corporate/4.0/x86_64/mozilla-firefox-de-1.5.0.8-0.1.20060mlcs4.x86_64.rpm c80d12106c9d5ae6d39d595bb7629a9c corporate/4.0/x86_64/mozilla-firefox-devel-1.5.0.8-0.1.20060mlcs4.x86_64.rpm f44b29e064accac25bbf1c75ec7cf872 corporate/4.0/x86_64/mozilla-firefox-el-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 46898ed5ce7833e13a14a204df199007 corporate/4.0/x86_64/mozilla-firefox-es-1.5.0.8-0.1.20060mlcs4.x86_64.rpm f7fa4cf4d55ebad18a3f64ed8da661c3 corporate/4.0/x86_64/mozilla-firefox-es_AR-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 136ab61e9aabbaea966f6b125924140b corporate/4.0/x86_64/mozilla-firefox-eu-1.5.0.8-0.1.20060mlcs4.x86_64.rpm a56c87ce3b17e6a050881fe8af67376a corporate/4.0/x86_64/mozilla-firefox-fi-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 2eae3fa8406ac770bba2ffd4e0f765d0 corporate/4.0/x86_64/mozilla-firefox-fr-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 421b50805708b0d890b8029be9feeb3a corporate/4.0/x86_64/mozilla-firefox-fy-1.5.0.8-0.1.20060mlcs4.x86_64.rpm bb0f4306a08c3f07c06479300ac9c567 corporate/4.0/x86_64/mozilla-firefox-ga-1.5.0.8-0.1.20060mlcs4.x86_64.rpm a2752a4d34292e1fdacf2e440387e28c corporate/4.0/x86_64/mozilla-firefox-gu_IN-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 4b462b990bb29314aa8180626dde2d8e corporate/4.0/x86_64/mozilla-firefox-he-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 1e396247f146937bb355d781ed30028a corporate/4.0/x86_64/mozilla-firefox-hu-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 93a8f58e7cae5a88a408f344e56f8902 corporate/4.0/x86_64/mozilla-firefox-it-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 2c1b403e5617e1caec3e4c6a7263a23c corporate/4.0/x86_64/mozilla-firefox-ja-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 4b1842dc6355dac2a3dbadcf7b244cd5 corporate/4.0/x86_64/mozilla-firefox-ko-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 8612355da8a17943f31407e637fa89b2 corporate/4.0/x86_64/mozilla-firefox-lt-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 3ec1a46602a49430424a4830c7a4e14e corporate/4.0/x86_64/mozilla-firefox-mk-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 5ca60240a7ff1dd097438d347cfd194d corporate/4.0/x86_64/mozilla-firefox-nb-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 7012d72f8d7382bf92bacfd52d5a16b3 corporate/4.0/x86_64/mozilla-firefox-nl-1.5.0.8-0.1.20060mlcs4.x86_64.rpm dc805f1226cea17a507e8937232dae90 corporate/4.0/x86_64/mozilla-firefox-pa_IN-1.5.0.8-0.1.20060mlcs4.x86_64.rpm e30d1aa794d2992fd2ccd1f9b1ac7652 corporate/4.0/x86_64/mozilla-firefox-pl-1.5.0.8-0.1.20060mlcs4.x86_64.rpm cdaff2ff2cec4e31720d5b422b3d9153 corporate/4.0/x86_64/mozilla-firefox-pt-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 7fabe48a3d3b30bfb0015cfa51a27e63 corporate/4.0/x86_64/mozilla-firefox-pt_BR-1.5.0.8-0.1.20060mlcs4.x86_64.rpm edeec031bcc3e355b1264004f89d240e corporate/4.0/x86_64/mozilla-firefox-ro-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 9fec0a083306fdbc113a12257cc700c4 corporate/4.0/x86_64/mozilla-firefox-ru-1.5.0.8-0.1.20060mlcs4.x86_64.rpm b7f87f9b0172b016bf20a6d628c528d8 corporate/4.0/x86_64/mozilla-firefox-sk-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 1ca27fa5f612d9e08090ea312b08cd39 corporate/4.0/x86_64/mozilla-firefox-sl-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 449fcb7d04b8a863e873bb473b9c0f53 corporate/4.0/x86_64/mozilla-firefox-sv-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 3433a53ecd5123499f9c58b88dc15c80 corporate/4.0/x86_64/mozilla-firefox-tr-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 70e009f2f21dd5a95f2a56a5c183f36e corporate/4.0/x86_64/mozilla-firefox-uk-1.5.0.8-0.1.20060mlcs4.x86_64.rpm 53336d37c8f78fdf3bbea2f9c0ace96f corporate/4.0/x86_64/mozilla-firefox-zh_CN-1.5.0.8-0.1.20060mlcs4.x86_64.rpm e9e5543570a71f0af3a1a4ea584a2721 corporate/4.0/x86_64/mozilla-firefox-zh_TW-1.5.0.8-0.1.20060mlcs4.x86_64.rpm ec0dee65b1a8045682b753c6e952e84f corporate/4.0/SRPMS/mozilla-firefox-1.5.0.8-0.1.20060mlcs4.src.rpm 3891c87832bbe8586a5a89635d17aac4 corporate/4.0/SRPMS/mozilla-firefox-l10n-1.5.0.8-0.1.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFU4rymqjQ0CJFipgRAhpNAJ9eoApPOTg7tYSCQ+sPHT7pAQ/a+gCfcIms mnmaHXjuuaXW/n2k7ghGaGE= =gsi7 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1225-1 security@debian.org http://www.debian.org/security/ Martin Schulze December 3rd, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : mozilla-firefox Vulnerability : several Problem type : remote Debian-specific: no CVE IDs : CVE-2006-4310 CVE-2006-5462 CVE-2006-5463 CVE-2006-5464 CVE-2006-5748 CERT advisories: VU#335392 VU#390480 VU#495288 VU#714496 BugTraq IDs : 19678 20957 Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2006-4310 Tomas Kempinsky discovered that malformed FTP server responses could lead to denial of service. CVE-2006-5462 Ulrich K\xfchn discovered that the correction for a cryptographic flaw in the handling of PKCS-1 certificates was incomplete, which allows the forgery of certificates. CVE-2006-5463 "shutdown" discovered that modification of JavaScript objects during execution could lead to the execution of arbitrary JavaScript bytecode. CVE-2006-5464 Jesse Ruderman and Martijn Wargers discovered several crashes in the layout engine, which might also allow execution of arbitrary code. CVE-2006-5748 Igor Bukanov and Jesse Ruderman discovered several crashes in the JavaScript engine, which might allow execution of arbitrary code. This update also adresses several crashes, which could be triggered by malicious websites and fixes a regression introduced in the previous Mozilla update. For the stable distribution (sarge) these problems have been fixed in version 1.0.4-2sarge13. For the unstable distribution (sid) these problems have been fixed in the current iceweasel package 2.0+dfsg-1. We recommend that you upgrade your mozilla-firefox package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13.dsc Size/MD5 checksum: 1003 4a8d05c1e9563e6066ca838e7c0b2f53 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13.diff.gz Size/MD5 checksum: 450265 46d4bedf12a1e0c92a275ae012d92b5a http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz Size/MD5 checksum: 40212297 8e4ba81ad02c7986446d4e54e978409d Alpha architecture: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_alpha.deb Size/MD5 checksum: 11182242 388bf02a94456182cd7a39187886875a http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_alpha.deb Size/MD5 checksum: 170908 4cbff185bb88b1c7e11791059cd83142 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_alpha.deb Size/MD5 checksum: 62736 f42571aa18001fc521be0f5348eb9511 AMD64 architecture: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_amd64.deb Size/MD5 checksum: 9412474 fcd7ced169a47d7413197a918047036a http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_amd64.deb Size/MD5 checksum: 165706 931ebeee155ac01fcecb1467388a2fab http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_amd64.deb Size/MD5 checksum: 61276 cf839454fe9e09a0b58641353f9c75c6 ARM architecture: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_arm.deb Size/MD5 checksum: 8233670 39a042f6300c805ad372828fd115cab0 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_arm.deb Size/MD5 checksum: 157176 873eb90c91c98e1c4168f215b493fd74 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_arm.deb Size/MD5 checksum: 56586 c53ca4b95b188684381338eae43603cc HP Precision architecture: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_hppa.deb Size/MD5 checksum: 10287242 8a7eddef738dfe4eb164bd5e486474a2 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_hppa.deb Size/MD5 checksum: 168624 fa195e512062a19cf92018de4009160d http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_hppa.deb Size/MD5 checksum: 61736 b0dbfbbce97f954c9487a126d20b9a90 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_i386.deb Size/MD5 checksum: 8908194 9cfe0ac430050c7d62066cd3f8beb64f http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_i386.deb Size/MD5 checksum: 160902 77a78dd1eac37417b4a5629e745e4391 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_i386.deb Size/MD5 checksum: 58124 f82b3d3fc66e1054d5da72a69ab9bd20 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_ia64.deb Size/MD5 checksum: 11646376 83d5349be8156e1f95eb75da89beb578 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_ia64.deb Size/MD5 checksum: 171244 46ae3d6d9112d31f92407922832e6599 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_ia64.deb Size/MD5 checksum: 65934 690969e2e7a865faee22ed6fb8a88384 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_m68k.deb Size/MD5 checksum: 8186050 ab9f31d6cbd9ff6c1820c59ef1e44ce7 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_m68k.deb Size/MD5 checksum: 159792 69c3cf68fc12fd5fb3929339aa8cd9cb http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_m68k.deb Size/MD5 checksum: 57394 14636fe25df3a18c536819129e83e1a0 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_mips.deb Size/MD5 checksum: 9943474 75b7796d42079421a151bfac35a17f95 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_mips.deb Size/MD5 checksum: 158694 a3c6f1c71947cb5e9c2fc8d8acece832 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_mips.deb Size/MD5 checksum: 58386 395683ab3ebb0983e24bc3afde8d28f5 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_mipsel.deb Size/MD5 checksum: 9819470 41ecbd5f3543c0b110771e93e2307abc http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_mipsel.deb Size/MD5 checksum: 157672 43ca2a353bacf378a2dc7dfa9a7f3a73 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_mipsel.deb Size/MD5 checksum: 57634 8d16796108c3a7627ab9654e977277a5 PowerPC architecture: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_powerpc.deb Size/MD5 checksum: 8580222 c2f239d0961911962bea6b7f7bf1cdc1 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_powerpc.deb Size/MD5 checksum: 159320 5a5ea9d8a9f7a845bc1898b0c9976112 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_powerpc.deb Size/MD5 checksum: 60508 3ce3df0f45aeef3acb1964960bf76406 IBM S/390 architecture: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_s390.deb Size/MD5 checksum: 9650866 9fd3e3788898152580a0ab344112b5ab http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_s390.deb Size/MD5 checksum: 166290 70bcea0f67fc9d0288c75bb2ad8e7b36 http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_s390.deb Size/MD5 checksum: 60696 7d6b7a3cf65fa798f3e41275f4bb9967 Sun Sparc architecture: http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_sparc.deb Size/MD5 checksum: 8672090 c32301aeb3eb3ebbad2ff26f56d3e9ee http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_sparc.deb Size/MD5 checksum: 159508 7c3fd5b5a0c78c8abf09082dcb06bbfc http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_sparc.deb Size/MD5 checksum: 56946 0b154ceb732d771ca492e4d98ea21350 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFcvzPW5ql+IAeqTIRAv/HAJwNUC+NOPCf2Nq1161rGipNubPqDQCfWnmg FvfjUK0FBtQjuT9x9Fg3gu8= =1YQv -----END PGP SIGNATURE-----

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. Hitachi Web Server accepts an SSL certificate sent by a clinet trying to connect to the Server even if the certificate is fraudulent. The vulnerability does not affect the product if the SSL authenticaton client feature is disabled.An attacker could gain access with a fraudulent certificate. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1174-1 security@debian.org http://www.debian.org/security/ Noah Meyerhans September 11th, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : openssl096 Problem-Type : local Vulnerability : cryptographic weakness Debian-specific: no CVE ID : CVE-2006-4339 BugTraq ID : 19849 Debian Bug : 386247 Daniel Bleichenbacher discovered a flaw in OpenSSL cryptographic package that could allow an attacker to generate a forged signature that OpenSSL will accept as valid. For the stable distribution (sarge) this problem has been fixed in version 0.9.6m-1sarge2 This package exists only for compatibility with older software, and is not present in the unstable or testing branches of Debian. Note that services linking against the openssl shared libraries will need to be restarted. Common examples of such services include most Mail Transport Agents, SSH servers, and web servers. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge2.dsc Size/MD5 checksum: 617 018a88ab90403cb04c62fb3e30b74447 http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge2.diff.gz Size/MD5 checksum: 19110 ebf3d65348f1a0e2b09543b02f1752ff http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m.orig.tar.gz Size/MD5 checksum: 2184918 1b63bfdca1c37837dddde9f1623498f9 Alpha architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_alpha.deb Size/MD5 checksum: 1965098 f321c9d2831643d65718730f8ff81f16 AMD64 architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_amd64.deb Size/MD5 checksum: 578014 b47b9fb2acd8c6e22aac6812c7ad4dda ARM architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_arm.deb Size/MD5 checksum: 518746 29a69a8d997445d4ae2a53c337678cc6 HP Precision architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_hppa.deb Size/MD5 checksum: 587368 4291ac3835b28ae9acf555ec90242d26 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_i386.deb Size/MD5 checksum: 1755640 d9fb8d8383c96d0d4ebe4af8cb5e9a3a Intel IA-64 architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_ia64.deb Size/MD5 checksum: 814966 1a366b00181bba9bd04b2312f4ae8f42 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_m68k.deb Size/MD5 checksum: 476722 2002d9eeb9b36d329855042466c9dfc1 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_mips.deb Size/MD5 checksum: 576764 2001e7d3f5d72e0328b8d46f83bb0b4d Little endian MIPS architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_mipsel.deb Size/MD5 checksum: 568756 3b25b7c66ff42626c8f458be9485f9bb PowerPC architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_powerpc.deb Size/MD5 checksum: 582402 e677ab4fd68d34affff58a9c7d2cd823 IBM S/390 architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_s390.deb Size/MD5 checksum: 602334 674b58c6811c7e60ad2bb53ec7c1bcdc Sun Sparc architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_sparc.deb Size/MD5 checksum: 1458574 d9ab5370d48647780172587e58682297 These files will probably be moved into the stable distribution on its next update. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2007-0001 Synopsis: VMware ESX server security updates Issue date: 2007-01-08 Updated on: 2007-01-08 CVE: CVE-2006-3589 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2006-4980 - ------------------------------------------------------------------- 1. Summary: Updated ESX Patches address several security issues. 2. Relevant releases: VMware ESX 3.0.1 without patch ESX-9986131 VMware ESX 3.0.0 without patch ESX-3069097 VMware ESX 2.5.4 prior to upgrade patch 3 VMware ESX 2.5.3 prior to upgrade patch 6 VMware ESX 2.1.3 prior to upgrade patch 4 VMware ESX 2.0.2 prior to upgrade patch 4 3. Problem description: Problems addressed by these patches: a. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589): ESX 3.0.1: does not have this problem ESX 3.0.0: does not have this problem ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502) ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703) ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803) ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801) A possible security issue with the configuration program vmware-config which could set incorrect permissions on SSL key files. Local users may be able to obtain access to the SSL key files. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-3589 to this issue. b. OpenSSL library vulnerabilities: ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131 ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097 ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502) ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703) ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803) ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801) (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. (CVE-2006-4343) The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4339, and CVE-2006-4343 to these issues. c. Updated OpenSSH package addresses the following possible security issues: ESX 3.0.1: corrected by Patch ESX-9986131 ESX 3.0.0: corrected by Patch ESX-3069097 ESX 2.5.4: does not have these problems ESX 2.5.3: does not have these problems ESX 2.1.3: does not have these problems ESX 2.0.2: does not have these problems (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption). (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address. (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. NOTE: ESX by default disables version 1 SSH protocol. (CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. NOTE: ESX doesn't use GSSAPI by default. (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386, CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues. d. Object reuse problems with newly created virtual disk (.vmdk or .dsk) files: ESX 3.0.1: does not have this problem ESX 3.0.0: does not have this problem ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502) ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703) ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803) ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801) A possible security issue with virtual disk (.vmdk or .dsk) files that are newly created, but contain blocks from recently deleted virtual disk files. Information belonging to the previously deleted virtual disk files could be revealed in newly created virtual disk files. VMware recommends the following workaround: When creating new virtual machines on an ESX Server that may contain sensitive data, use vmkfstools with the -W option. This initializes the virtual disk with zeros. NOTE: ESX 3.x defines this option as -w. e. Buffer overflow in Python function repr(): ESX 3.0.1: corrected by Patch ESX-9986131 ESX 3.0.0: corrected by ESX-3069097 ESX 2.5.4: does not have this problem ESX 2.5.3: does not have this problem ESX 2.1.3: does not have this problem ESX 2.0.2: does not have this problem A possible security issue with how the Python function repr() function handles UTF-32/UCS-4 strings. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-4980 to this issue. 4. Solution: Please review the Patch notes for your version of ESX and verify the md5sum. ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739 ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f 5. References: ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097 ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131 ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980 6. Contact: http://www.vmware.com/security VMware Security Response Policy http://www.vmware.com/vmtn/technology/security/security_response.html E-mail: security@vmware.com Copyright 2007 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE neFG0RikD74TCYeXKW6CBy4= =9/6k -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) BACKGROUND RESOLUTION HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126 HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7 HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45 HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652 Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. PRODUCT SPECIFIC INFORMATION The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4. Background ========== OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. The x86 emulation base libraries for AMD64 contain a vulnerable version of OpenSSL. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 openssl < 0.9.7k >= 0.9.7k 2 emul-x86-linux-baselibs < 2.5.2 >= 2.5.2 ------------------------------------------------------------------- # Package 2 [app-emulation/emul-x86-linux-baselibs] only applies to AMD64 users. NOTE: Any packages listed without architecture tags apply to all architectures... Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7k" All AMD64 x86 emulation base libraries users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/emul-x86-linux-baselibs-2.5.2" References ========== [ 1 ] CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200609-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following software updates available to resolve these vulnerabilities. Kit Name Location HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. ---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: OpenOffice.org 3 Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38568 VERIFY ADVISORY: http://secunia.com/advisories/38568/ DESCRIPTION: Some vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a user's system. 1) The included libxml2 library fails to properly verify signatures. This is related to: SA21709 2) An error in the included libxmlsec library can be exploited to potentially forge a valid signature. For more information: SA35854 3) An error in the included MSVC Runtime package can be exploited to bypass certain security features. For more information see vulnerability #2 in: SA35967 4) An error in the processing XPM files can be exploited to potentially execute arbitrary code. 5) An error in the processing GIF files can be exploited to potentially execute arbitrary code. 6) An error in the processing of Word documents can be exploited to potentially execute arbitrary code. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 4) Sebastian Apelt of siberas 5) Frank Rei\xdfner and Sebastian Apelt of siberas 6) Nicolas Joly of Vupen ORIGINAL ADVISORY: http://www.openoffice.org/security/cves/CVE-2006-4339.html http://www.openoffice.org/security/cves/CVE-2009-0217.html http://www.openoffice.org/security/cves/CVE-2009-2493.html http://www.openoffice.org/security/cves/CVE-2009-2949.html http://www.openoffice.org/security/cves/CVE-2009-2950.html http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html OTHER REFERENCES: SA21709: http://secunia.com/advisories/21709/ SA35854: http://secunia.com/advisories/35854/ SA35967: http://secunia.com/advisories/35967/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Release Date: 2006-10-31 Last Updated: 2006-10-31 Potential Security Impact: Remote Unauthorized access Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A security vulnerability has been identified in OpenSSL used in HP VirtualVault 4.7, 4.6, 4.5 and HP WebProxy that may allow remote unauthorized access. References: CVE-2006-4339 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.04 running Virtualvault 4.7 or Virtualvault 4.6 or Virtualvault 4.5 or HP WebProxy. BACKGROUND The OpenSSL community has released OpenSSL 0.9.7.k version superseding the OpenSSL 0.9.7i release that was identified in the CVE report. Note: To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed. AFFECTED VERSIONS HP-UX B.11.04 Virtualvault A.04.70 =========================== VaultWS.WS-CORE VaultTS.VV-IWS VaultTS.VV-CORE-CMN VaultTGP.TGP-CORE action: install PHSS_35463, PHSS_35460, PHSS_35481 or subsequent HP-UX B.11.04 Virtualvault A.04.70 (Apache 2.X) ==================================== VaultWS.WS-CORE action: install PHSS_35436 or subsequent HP-UX B.11.04 Virtualvault A.04.60 =========================== VaultWS.WS-CORE VaultTS.VV-IWS VaultTS.VV-CORE-CMN VaultTGP.TGP-CORE action: install PHSS_35462, PHSS_35459, PHSS_35480 or subsequent HP-UX B.11.04 Virtualvault A.04.50 =========================== VaultWS.WS-CORE VaultTS.VV-IWS VaultTS.VV-IWS-JK VaultTS.VV-CORE-CMN action: install PHSS_35461, PHSS_35458 or subsequent HP-UX B.11.04 HP Webproxy A.02.10 (Apache 2.x) ============================ HP_Webproxy.HPWEB-PX-CORE action: install PHSS_35437 or subsequent HP-UX B.11.04 HP Webproxy A.02.10 (Apache 1.x) ============================ HP_Webproxy.HPWEB-PX-CORE action: install PHSS_35111 or subsequent HP-UX B.11.04 HP Webproxy A.02.00 ============================ HP_Webproxy.HPWEB-PX-CORE action: install PHSS_35110 or subsequent END AFFECTED VERSIONS RESOLUTION HP is making the following patches available to resolve this issue. The patches are available for download from http://itrc.hp.com For B.11.04 HP has made the following patches available: PHSS_35463 Virtualvault 4.7 OWS (Apache 1.x) update PHSS_35460 Virtualvault 4.7 IWS update PHSS_35481 Virtualvault 4.7 TGP update PHSS_35436 Virtualvault 4.7 OWS (Apache 2.x) update PHSS_35462 Virtualvault 4.6 OWS update PHSS_35459 Virtualvault 4.6 IWS update PHSS_35480 Virtualvault 4.6 TGP update PHSS_35461 Virtualvault 4.5 OWS update PHSS_35458 Virtualvault 4.5 IWS update PHSS_35437 Webproxy server 2.1 (Apache 2.x) update PHSS_35111 Webproxy server 2.1 (Apache 1.x) update PHSS_35110 Webproxy server 2.0 update PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA MANUAL ACTIONS: No HISTORY Version: 1 (rev.1) 31 October 2006 Initial release Third Party Security Patches: Third Party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com. It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA& langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW, MA = HP Management Agents, MI = Misc. 3rd party SW, MP = HP MPE/iX, NS = HP NonStop Servers, OV = HP OpenVMS, PI = HP Printing & Imaging, ST = HP Storage SW, TL = HP Trusted Linux, TU = HP Tru64 UNIX, UX = HP-UX, VV = HP Virtual Vault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." (c)Copyright 2006 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. OpenSSL Security Advisory [5th September 2006] RSA Signature Forgery (CVE-2006-4339) ===================================== Vulnerability ------------- Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures. Implementations may incorrectly verify the certificate if they are not checking for excess data in the RSA exponentiation result of the signature. Since there are CAs using exponent 3 in wide use, and PKCS #1 v1.5 is used in X.509 certificates, all software that uses OpenSSL to verify X.509 certificates is potentially vulnerable, as well as any other use of PKCS #1 v1.5. This includes software that uses OpenSSL for SSL or TLS. Recommendations --------------- There are multiple ways to avoid this vulnerability. Any one of the following measures is sufficient. Upgrade the OpenSSL server software. The vulnerability is resolved in the following versions of OpenSSL: - in the 0.9.7 branch, version 0.9.7k (or later); - in the 0.9.8 branch, version 0.9.8c (or later). OpenSSL 0.9.8c and OpenSSL 0.9.7k are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): o http://www.openssl.org/source/ o ftp://ftp.openssl.org/source/ The distribution file names are: o openssl-0.9.8c.tar.gz MD5 checksum: 78454bec556bcb4c45129428a766c886 SHA1 checksum: d0798e5c7c4509d96224136198fa44f7f90e001d o openssl-0.9.7k.tar.gz MD5 checksum: be6bba1d67b26eabb48cf1774925416f SHA1 checksum: 90056b8f5e518edc9f74f66784fbdcfd9b784dd2 The checksums were calculated using the following commands: openssl md5 openssl-0.9*.tar.gz openssl sha1 openssl-0.9*.tar.gz 2. If this version upgrade is not an option at the present time, alternatively the following patch may be applied to the OpenSSL source code to resolve the problem. The patch is compatible with the 0.9.6, 0.9.7, 0.9.8, and 0.9.9 branches of OpenSSL. o http://www.openssl.org/news/patch-CVE-2006-4339.txt Whether you choose to upgrade to a new version or to apply the patch, make sure to recompile any applications statically linked to OpenSSL libraries. Acknowledgements ---------------- The OpenSSL team thank Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie, of Google Security, who successfully forged various certificates, showing OpenSSL was vulnerable, and provided the patch to fix the problems

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. RSA The signature is used to prove that the message origin can be trusted. RSA There is a vulnerability in multiple software that implements that the signature is not verified correctly. For example, SSH , SSL , PGP , X.509 May affect the software.By a remote third party RSA The signature may be forged. This may prevent the validity of the signed message. Hitachi Web Server accepts an SSL certificate sent by a clinet trying to connect to the Server even if the certificate is fraudulent. The vulnerability does not affect the product if the SSL authenticaton client feature is disabled.An attacker could gain access with a fraudulent certificate. Adobe Reader fails to properly handle RSA signatures. Adobe Reader contains an issue where it may fail to properly verify RSA signatures. Masahiko Takenaka of FUJITSU LABORATORIES LTD. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker may be able to forge an RSA signature on a PDF document. This vulnerability may allow an attacker to forge RSA signatures. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2007-0001 Synopsis: VMware ESX server security updates Issue date: 2007-01-08 Updated on: 2007-01-08 CVE: CVE-2006-3589 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343 CVE-2006-4980 - ------------------------------------------------------------------- 1. Summary: Updated ESX Patches address several security issues. 2. Relevant releases: VMware ESX 3.0.1 without patch ESX-9986131 VMware ESX 3.0.0 without patch ESX-3069097 VMware ESX 2.5.4 prior to upgrade patch 3 VMware ESX 2.5.3 prior to upgrade patch 6 VMware ESX 2.1.3 prior to upgrade patch 4 VMware ESX 2.0.2 prior to upgrade patch 4 3. Problem description: Problems addressed by these patches: a. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589): ESX 3.0.1: does not have this problem ESX 3.0.0: does not have this problem ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502) ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703) ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803) ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801) A possible security issue with the configuration program vmware-config which could set incorrect permissions on SSL key files. Local users may be able to obtain access to the SSL key files. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-3589 to this issue. b. OpenSSL library vulnerabilities: ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131 ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097 ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502) ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703) ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803) ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801) (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. (CVE-2006-4343) The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4339, and CVE-2006-4343 to these issues. c. Updated OpenSSH package addresses the following possible security issues: ESX 3.0.1: corrected by Patch ESX-9986131 ESX 3.0.0: corrected by Patch ESX-3069097 ESX 2.5.4: does not have these problems ESX 2.5.3: does not have these problems ESX 2.1.3: does not have these problems ESX 2.0.2: does not have these problems (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption). (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address. (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. NOTE: ESX by default disables version 1 SSH protocol. (CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. NOTE: ESX doesn't use GSSAPI by default. (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386, CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues. d. Object reuse problems with newly created virtual disk (.vmdk or .dsk) files: ESX 3.0.1: does not have this problem ESX 3.0.0: does not have this problem ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502) ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703) ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803) ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801) A possible security issue with virtual disk (.vmdk or .dsk) files that are newly created, but contain blocks from recently deleted virtual disk files. Information belonging to the previously deleted virtual disk files could be revealed in newly created virtual disk files. VMware recommends the following workaround: When creating new virtual machines on an ESX Server that may contain sensitive data, use vmkfstools with the -W option. This initializes the virtual disk with zeros. NOTE: ESX 3.x defines this option as -w. e. Buffer overflow in Python function repr(): ESX 3.0.1: corrected by Patch ESX-9986131 ESX 3.0.0: corrected by ESX-3069097 ESX 2.5.4: does not have this problem ESX 2.5.3: does not have this problem ESX 2.1.3: does not have this problem ESX 2.0.2: does not have this problem A possible security issue with how the Python function repr() function handles UTF-32/UCS-4 strings. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-4980 to this issue. 4. Solution: Please review the Patch notes for your version of ESX and verify the md5sum. ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739 ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f 5. References: ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097 ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131 ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980 6. Contact: http://www.vmware.com/security VMware Security Response Policy http://www.vmware.com/vmtn/technology/security/security_response.html E-mail: security@vmware.com Copyright 2007 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE neFG0RikD74TCYeXKW6CBy4= =9/6k -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . OpenSSL Security Advisory [5th September 2006] RSA Signature Forgery (CVE-2006-4339) ===================================== Vulnerability ------------- Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures. Implementations may incorrectly verify the certificate if they are not checking for excess data in the RSA exponentiation result of the signature. Since there are CAs using exponent 3 in wide use, and PKCS #1 v1.5 is used in X.509 certificates, all software that uses OpenSSL to verify X.509 certificates is potentially vulnerable, as well as any other use of PKCS #1 v1.5. This includes software that uses OpenSSL for SSL or TLS. Recommendations --------------- There are multiple ways to avoid this vulnerability. Any one of the following measures is sufficient. The vulnerability is resolved in the following versions of OpenSSL: - in the 0.9.7 branch, version 0.9.7k (or later); - in the 0.9.8 branch, version 0.9.8c (or later). OpenSSL 0.9.8c and OpenSSL 0.9.7k are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): o http://www.openssl.org/source/ o ftp://ftp.openssl.org/source/ The distribution file names are: o openssl-0.9.8c.tar.gz MD5 checksum: 78454bec556bcb4c45129428a766c886 SHA1 checksum: d0798e5c7c4509d96224136198fa44f7f90e001d o openssl-0.9.7k.tar.gz MD5 checksum: be6bba1d67b26eabb48cf1774925416f SHA1 checksum: 90056b8f5e518edc9f74f66784fbdcfd9b784dd2 The checksums were calculated using the following commands: openssl md5 openssl-0.9*.tar.gz openssl sha1 openssl-0.9*.tar.gz 2. If this version upgrade is not an option at the present time, alternatively the following patch may be applied to the OpenSSL source code to resolve the problem. The patch is compatible with the 0.9.6, 0.9.7, 0.9.8, and 0.9.9 branches of OpenSSL. o http://www.openssl.org/news/patch-CVE-2006-4339.txt Whether you choose to upgrade to a new version or to apply the patch, make sure to recompile any applications statically linked to OpenSSL libraries. Acknowledgements ---------------- The OpenSSL team thank Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie, of Google Security, who successfully forged various certificates, showing OpenSSL was vulnerable, and provided the patch to fix the problems. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00849540 Version: 1 HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2007-01-17 Last Updated: 2007-01-23 Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. References: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01 BACKGROUND AFFECTED VERSIONS For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE HP-UX B.11.23 =========== hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE END AFFECTED VERSIONS RESOLUTION HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. Apache Update Procedure Check for Apache Installation ----------------------------- To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server Stop Apache ------------- Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop Download and Install Apache -------------------------- Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. Removing Apache Installation --------------------------- The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product. PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA HISTORY: rev.1 - 23 January 2007 Initial Release Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." \xa9Copyright 2007 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. Background ========== The Mozilla Network Security Service is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. This impacts any software using the NSS library, like the Mozilla products Firefox, Thunderbird and Seamonkey. Workaround ========== There is no known workaround at this time. Resolution ========== All NSS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.11.3" Note: As usual after updating a library, you should run 'revdep-rebuild' (from the app-portage/gentoolkit package) to ensure that all applications linked to it are properly rebuilt. References ========== [ 1 ] CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 [ 2 ] CVE-2006-4340 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4340 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200610-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: OpenOffice.org 3 Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38568 VERIFY ADVISORY: http://secunia.com/advisories/38568/ DESCRIPTION: Some vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a user's system. This is related to: SA21709 2) An error in the included libxmlsec library can be exploited to potentially forge a valid signature. For more information: SA35854 3) An error in the included MSVC Runtime package can be exploited to bypass certain security features. 5) An error in the processing GIF files can be exploited to potentially execute arbitrary code. 6) An error in the processing of Word documents can be exploited to potentially execute arbitrary code. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 4) Sebastian Apelt of siberas 5) Frank Rei\xdfner and Sebastian Apelt of siberas 6) Nicolas Joly of Vupen ORIGINAL ADVISORY: http://www.openoffice.org/security/cves/CVE-2006-4339.html http://www.openoffice.org/security/cves/CVE-2009-0217.html http://www.openoffice.org/security/cves/CVE-2009-2493.html http://www.openoffice.org/security/cves/CVE-2009-2949.html http://www.openoffice.org/security/cves/CVE-2009-2950.html http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html OTHER REFERENCES: SA21709: http://secunia.com/advisories/21709/ SA35854: http://secunia.com/advisories/35854/ SA35967: http://secunia.com/advisories/35967/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . HP-UX B.11.04 running Virtualvault 4.7 or Virtualvault 4.6 or Virtualvault 4.5 or HP WebProxy. BACKGROUND The OpenSSL community has released OpenSSL 0.9.7.k version superseding the OpenSSL 0.9.7i release that was identified in the CVE report. Note: To determine if a system has an affected version, search the output of "swlist -a revision -l fileset" for an affected fileset. Then determine if the recommended patch or update is installed. The following supported software versions are affected: HP Tru64 UNIX v 5.1B-4 (SSL and BIND) HP Tru64 UNIX v 5.1B-3 (SSL and BIND) HP Tru64 UNIX v 5.1A PK6 (BIND) HP Tru64 UNIX v 4.0G PK4 (BIND) HP Tru64 UNIX v 4.0F PK8 (BIND) Internet Express (IX) v 6.6 BIND (BIND) HP Insight Management Agents for Tru64 UNIX patch v 3.5.2 and earlier (SSL) BACKGROUND RESOLUTION HP has released the following Early Release Patch kits (ERPs) publicly for use by any customer. The ERP kits use dupatch to install and will not install over any Customer Specific Patches (CSPs) that have file intersections with the ERP. A new patch version for HP Insight Management Agents for Tru64 UNIX is also available that addresses the potential vulnerabilities. The fixes contained in the ERP kits will be available in the following mainstream releases: -Targeted for availability in HP Tru64 UNIX v 5.1B-5 -Internet Express (IX) v 6.7 -HP Insight Management Agents for Tru64 UNIX patch v 3.6.1 (already available) HP Tru64 UNIX Version 5.1B-4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001167-V51BB27-ES-20070321 Name: T64KIT1001167-V51BB27-ES-20070321 MD5 Checksum: a697a90bd0b1116b6f27d1100bbf81fd HP Tru64 UNIX Version 5.1B-3 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001163-V51BB26-ES-20070315 Name: T64KIT1001163-V51BB26-ES-20070315 MD5 Checksum: d376d403176f0dbe7badd4df4e91c126 HP Tru64 UNIX Version 5.1A PK6 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001160-V51AB24-ES-20070314 Name: T64KIT1001160-V51AB24-ES-20070314 MD5 Checksum: 7bb43ef667993f7c4711b6cf978e0aa7 HP Tru64 UNIX Version 4.0G PK4 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001166-V40GB22-ES-20070316 Name: T64KIT1001166-V40GB22-ES-20070316 MD5 Checksum: a446c39169b769c4a03c654844d5ac45 HP Tru64 UNIX Version 4.0F PK8 ERP Kit Location: http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=DUXKIT1001165-V40FB22-ES-20070316 Name: DUXKIT1001165-V40FB22-ES-20070316 MD5 Checksum: 718148c87a913536b32a47af4c36b04e HP Insight Management Agents for Tru64 UNIX patch version 3.6.1 (for kit CPQIIM360) Location: http://h30097.www3.hp.com/cma/patches.html Name: CPQIM360.SSL.01.tar.gz MD5 Checksum: 1001a10ab642461c87540826dfe28652 Internet Express (IX) v 6.6 BIND Note: Customers who use Internet Express (IX) v 6.6 BIND should install the BIND 9.2.8 patch from the ERP kit appropriate for their base operating system version. PRODUCT SPECIFIC INFORMATION The HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 ERP kits distribute two patches: -OpenSSL 0.9.8d -BIND 9.2.8 built with OpenSSL 0.9.8d Note: HP Tru64 UNIX v 5.1A, v 4.0G, and v 4.0F releases did not distribute OpenSSL and so their ERP kits provide only the BIND 9.2.8 patch that has been built with OpenSSL 0.9.8d Customers who have been using OpenSSL on HP Tru64 UNIX v 5.1B-3 and v 5.1B-4 should install the OpenSSL patch from the ERP kit appropriate for their base operating system version. The HP Insight Management Agents for Tru64 UNIX patch contains OpenSSL 0.9.8d and is applicable for HP Tru64 UNIX v 5.1A, v 5.1B-3, and v 5.1B-4

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. This vulnerability may allow an attacker to forge RSA signatures. Hitachi Web Server accepts an SSL certificate sent by a clinet trying to connect to the Server even if the certificate is fraudulent. The vulnerability does not affect the product if the SSL authenticaton client feature is disabled.An attacker could gain access with a fraudulent certificate. Adobe Reader fails to properly handle RSA signatures. Adobe Reader contains an issue where it may fail to properly verify RSA signatures. Masahiko Takenaka of FUJITSU LABORATORIES LTD. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker may be able to forge an RSA signature on a PDF document. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition. An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. Any software using OpenSSL to verify X.509 certificates is potentially vulnerable to this issue, as well as any other use of PKCS #1 v1.5, including software uses OpenSSL for SSL or TLS. Updated packages are patched to address this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://www.openssl.org/news/secadv_20060905.txt _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: 8c5769bf04f65ba4c871556156e83a24 2006.0/RPMS/libopenssl0.9.7-0.9.7g-2.3.20060mdk.i586.rpm f4f595e10bc3ca3f075847ac25e5d78b 2006.0/RPMS/libopenssl0.9.7-devel-0.9.7g-2.3.20060mdk.i586.rpm 448ca33d2bf74e29650a72c4324ee26d 2006.0/RPMS/libopenssl0.9.7-static-devel-0.9.7g-2.3.20060mdk.i586.rpm 1d084addaaed6cf3933e21a59c831f37 2006.0/RPMS/openssl-0.9.7g-2.3.20060mdk.i586.rpm fffdadefbb4571005a0c48495eb9c112 2006.0/SRPMS/openssl-0.9.7g-2.3.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: c62f2df7b05b041498f0b8e335265d4f x86_64/2006.0/RPMS/lib64openssl0.9.7-0.9.7g-2.3.20060mdk.x86_64.rpm 3a113e1603e4827ef5ce2cc3e6fd30a8 x86_64/2006.0/RPMS/lib64openssl0.9.7-devel-0.9.7g-2.3.20060mdk.x86_64.rpm b991400c2bc6c2f1886ed8163fc64c46 x86_64/2006.0/RPMS/lib64openssl0.9.7-static-devel-0.9.7g-2.3.20060mdk.x86_64.rpm a1bec4a4d34fb73ea5fcd72e22a4f291 x86_64/2006.0/RPMS/openssl-0.9.7g-2.3.20060mdk.x86_64.rpm fffdadefbb4571005a0c48495eb9c112 x86_64/2006.0/SRPMS/openssl-0.9.7g-2.3.20060mdk.src.rpm Corporate 3.0: 89b73fa8deec7e2b87b2dc29ad854420 corporate/3.0/RPMS/libopenssl0.9.7-0.9.7c-3.5.C30mdk.i586.rpm fad4d18975f6eba4b0534fe8b1237512 corporate/3.0/RPMS/libopenssl0.9.7-devel-0.9.7c-3.5.C30mdk.i586.rpm 3755fdc390b94c4fd3e3ccbb69e27fa4 corporate/3.0/RPMS/libopenssl0.9.7-static-devel-0.9.7c-3.5.C30mdk.i586.rpm f1cbc11423cc40e1421b781638f1910d corporate/3.0/RPMS/openssl-0.9.7c-3.5.C30mdk.i586.rpm 2ecc834f99eceafe3567e8ed0e9277e3 corporate/3.0/SRPMS/openssl-0.9.7c-3.5.C30mdk.src.rpm Corporate 3.0/X86_64: f65a08626dcc23531a30f009ca6a8b52 x86_64/corporate/3.0/RPMS/lib64openssl0.9.7-0.9.7c-3.5.C30mdk.x86_64.rpm 67ac445d3ad9c1e2d19f4da624e6091f x86_64/corporate/3.0/RPMS/lib64openssl0.9.7-devel-0.9.7c-3.5.C30mdk.x86_64.rpm 70b179ba036cad4bd59d79716dd0af41 x86_64/corporate/3.0/RPMS/lib64openssl0.9.7-static-devel-0.9.7c-3.5.C30mdk.x86_64.rpm 133be57ba3ba96ca84a2d09cf661ddb8 x86_64/corporate/3.0/RPMS/openssl-0.9.7c-3.5.C30mdk.x86_64.rpm 2ecc834f99eceafe3567e8ed0e9277e3 x86_64/corporate/3.0/SRPMS/openssl-0.9.7c-3.5.C30mdk.src.rpm Multi Network Firewall 2.0: 9c361b601f34404e9d5809a726005303 mnf/2.0/RPMS/libopenssl0.9.7-0.9.7c-3.5.M20mdk.i586.rpm aae1f0dcdb8c3f41c417f3f4cc823363 mnf/2.0/RPMS/libopenssl0.9.7-devel-0.9.7c-3.5.M20mdk.i586.rpm d71945758cd4cab08bba725bc7086181 mnf/2.0/RPMS/libopenssl0.9.7-static-devel-0.9.7c-3.5.M20mdk.i586.rpm 1584f0ecda9e2a57a1c8f848e8422049 mnf/2.0/RPMS/openssl-0.9.7c-3.5.M20mdk.i586.rpm efe79e9da865fdae6fa4d1bf377fb27e mnf/2.0/SRPMS/openssl-0.9.7c-3.5.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFE/zXomqjQ0CJFipgRAqraAJ9dQKFCKZSs2+wIddQYrsrir0XI7ACffXU5 4LAKvCmOVrwEbNgrZUVjHwU= =6ziA -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201408-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenOffice, LibreOffice: Multiple vulnerabilities Date: August 31, 2014 Bugs: #283370, #305195, #320491, #332321, #352864, #386081, #409509, #429482, #514886 ID: 201408-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenOffice and LibreOffice, the worst of which may result in execution of arbitrary code. Background ========== OpenOffice is the open source version of StarOffice, a full office productivity suite. LibreOffice is a fork of OpenOffice. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-office/openoffice-bin < 3.5.5.3 >= 3.5.5.3 2 app-office/openoffice <= 3.5.5.3 Vulnerable! 3 app-office/libreoffice < 4.2.5.2 >= 4.2.5.2 4 app-office/libreoffice-bin < 4.2.5.2 >= 4.2.5.2 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 4 affected packages Description =========== Multiple vulnerabilities have been discovered in OpenOffice and Libreoffice. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenOffice (binary) users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-office/openoffice-bin-3.5.5.3" All LibreOffice users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-office/libreoffice-4.2.5.2"= All LibreOffice (binary) users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-office/libreoffice-bin-4.2.5.2" We recommend that users unmerge OpenOffice: # emerge --unmerge "app-office/openoffice" References ========== [ 1 ] CVE-2006-4339 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4339 [ 2 ] CVE-2009-0200 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0200 [ 3 ] CVE-2009-0201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0201 [ 4 ] CVE-2009-0217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0217 [ 5 ] CVE-2009-2949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2949 [ 6 ] CVE-2009-2950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2950 [ 7 ] CVE-2009-3301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3301 [ 8 ] CVE-2009-3302 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3302 [ 9 ] CVE-2010-0395 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0395 [ 10 ] CVE-2010-2935 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2935 [ 11 ] CVE-2010-2936 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2936 [ 12 ] CVE-2010-3450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3450 [ 13 ] CVE-2010-3451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3451 [ 14 ] CVE-2010-3452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3452 [ 15 ] CVE-2010-3453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3453 [ 16 ] CVE-2010-3454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3454 [ 17 ] CVE-2010-3689 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3689 [ 18 ] CVE-2010-4253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4253 [ 19 ] CVE-2010-4643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4643 [ 20 ] CVE-2011-2713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2713 [ 21 ] CVE-2012-0037 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0037 [ 22 ] CVE-2012-1149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1149 [ 23 ] CVE-2012-2149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2149 [ 24 ] CVE-2012-2334 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2334 [ 25 ] CVE-2012-2665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2665 [ 26 ] CVE-2014-0247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0247 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201408-19.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00849540 Version: 1 HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2007-01-17 Last Updated: 2007-01-23 Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. References: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01 BACKGROUND AFFECTED VERSIONS For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE HP-UX B.11.23 =========== hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE END AFFECTED VERSIONS RESOLUTION HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. Apache Update Procedure Check for Apache Installation ----------------------------- To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server Stop Apache ------------- Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop Download and Install Apache -------------------------- Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. Removing Apache Installation --------------------------- The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product. PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA HISTORY: rev.1 - 23 January 2007 Initial Release Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." \xa9Copyright 2007 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBRbc7fOAfOvwtKn1ZEQJs6ACg9AMS2ZtEgsaZh7T9e8Q0OgyfmEQAni1I otH/juFiPayhwdxQwX1pZwdm =e4BA -----END PGP SIGNATURE----- . Background ========== OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. The x86 emulation base libraries for AMD64 contain a vulnerable version of OpenSSL. NOTE: Any packages listed without architecture tags apply to all architectures... HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. BACKGROUND RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue. Background ========== The Mozilla Network Security Service is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. This impacts any software using the NSS library, like the Mozilla products Firefox, Thunderbird and Seamonkey. For the stable distribution (sarge) this problem has been fixed in version 0.9.7e-3sarge2 For the unstable distribution (sid) this problem has been fixed in version 0.9.8b-3 We recommend that you upgrade your openssl packages. Note that services linking against the openssl shared libraries will need to be restarted. Common examples of such services include most Mail Transport Agents, SSH servers, and web servers. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2.dsc Size/MD5 checksum: 639 a6d3c0f1fae595b8c2f7a45ca76dff1f http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2.diff.gz Size/MD5 checksum: 27435 16d02ad2e1e531617e5d533553340a83 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e.orig.tar.gz Size/MD5 checksum: 3043231 a8777164bca38d84e5eb2b1535223474 Alpha architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_alpha.deb Size/MD5 checksum: 3339496 917761204c442b6470cc84364a1d5227 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_alpha.deb Size/MD5 checksum: 2445696 6d894629524dcefbefa0f813cb588bef http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_alpha.deb Size/MD5 checksum: 929948 117af21021dfea510ac09e9a09c1dfd9 AMD64 architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_amd64.deb Size/MD5 checksum: 2693336 c45662184c5ed338e179f3ec5e39289e http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_amd64.deb Size/MD5 checksum: 769324 e216b2d3b89634457906140fcff4c5ac http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_amd64.deb Size/MD5 checksum: 903454 52d2ce0e5d967ca1a77a33f9417fd798 ARM architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_arm.deb Size/MD5 checksum: 2555074 fd529ad701cfbbde50845aa3e0ba4d5e http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_arm.deb Size/MD5 checksum: 689548 a626529a0d9f52d069e6fcb1ec3a2513 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_arm.deb Size/MD5 checksum: 893880 58bcc0001bf7e014b6a1d7ab9849cf2c HP Precision architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_hppa.deb Size/MD5 checksum: 2694850 7dd819a9adddc660268d260df3e8cea2 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_hppa.deb Size/MD5 checksum: 790570 06a37ff4879fab7ee26ac35f6526d7c3 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_hppa.deb Size/MD5 checksum: 914188 74e469de973e495e93455816587b63db Intel IA-32 architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_i386.deb Size/MD5 checksum: 2553346 946eaef80a1dc82af47e10d4913153b3 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_i386.deb Size/MD5 checksum: 2262628 a4e5d09c7086373d2a76370c71542ce0 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_i386.deb Size/MD5 checksum: 908336 e850093346e148d2132d59db3184d398 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_ia64.deb Size/MD5 checksum: 3394850 a43e3948b612ea7b48cdcb267fb26ef5 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_ia64.deb Size/MD5 checksum: 1037694 e4cda7f8044cbc72ebbef123124461ea http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_ia64.deb Size/MD5 checksum: 974802 a6dcd78bc35ca46bb21ac24ac1ccde1b Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_m68k.deb Size/MD5 checksum: 2316460 403eae3e2c3f396a0e789069e8896036 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_m68k.deb Size/MD5 checksum: 661108 eeb8f5b59f10b7c5ed5187f25b1505e6 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_m68k.deb Size/MD5 checksum: 889522 07baf9c082693a1bbf7d81d49f5dd216 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_mips.deb Size/MD5 checksum: 2778514 ef833284a26b9ad69eb22c169dcb822f http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_mips.deb Size/MD5 checksum: 705952 57a2075ffd4746c1c989c06be4e5587e http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_mips.deb Size/MD5 checksum: 896456 0d93ca64cbc1608c5a8345a574b47ada Little endian MIPS architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_mipsel.deb Size/MD5 checksum: 2766270 1d197335ffe887e31525c04466dfd66c http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_mipsel.deb Size/MD5 checksum: 693836 45f358db6b4e149982a16cced46eb1d7 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_mipsel.deb Size/MD5 checksum: 895636 60f63815017772f9dcbcfce2d8aa9138 PowerPC architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_powerpc.deb Size/MD5 checksum: 2774840 012631d48936597d2bdb35a2c9e597cc http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_powerpc.deb Size/MD5 checksum: 778946 3e0d5b50e5c3a1b00faf6c7c18a8ac4f http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_powerpc.deb Size/MD5 checksum: 908016 8bfe8de155f113aef3edca883cd72dac IBM S/390 architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_s390.deb Size/MD5 checksum: 2716386 e8744dd7d49acabdd664bdd505e9efae http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_s390.deb Size/MD5 checksum: 813542 05846cc017a99f250d8104c406f2a609 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_s390.deb Size/MD5 checksum: 918208 f78b15dae8f8072339e601793707c4eb Sun Sparc architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_sparc.deb Size/MD5 checksum: 2629368 4532f9940cf010b00b0d1404c11f9da5 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_sparc.deb Size/MD5 checksum: 1884394 f7a8f112bb7e09c8c1dacc68c923cd40 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_sparc.deb Size/MD5 checksum: 924208 a5e3e93b474e23a0f858eaa3a329d2de These files will probably be moved into the stable distribution on its next update. This is related to: SA21709 2) An error in the included libxmlsec library can be exploited to potentially forge a valid signature. For more information: SA35854 3) An error in the included MSVC Runtime package can be exploited to bypass certain security features. SOLUTION: Update to version 3.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 4) Sebastian Apelt of siberas 5) Frank Rei\xdfner and Sebastian Apelt of siberas 6) Nicolas Joly of Vupen ORIGINAL ADVISORY: http://www.openoffice.org/security/cves/CVE-2006-4339.html http://www.openoffice.org/security/cves/CVE-2009-0217.html http://www.openoffice.org/security/cves/CVE-2009-2493.html http://www.openoffice.org/security/cves/CVE-2009-2949.html http://www.openoffice.org/security/cves/CVE-2009-2950.html http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html OTHER REFERENCES: SA21709: http://secunia.com/advisories/21709/ SA35854: http://secunia.com/advisories/35854/ SA35967: http://secunia.com/advisories/35967/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. The Oracle SYS.DBMS_AQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. RSA The signature is used to prove that the message origin can be trusted. RSA There is a vulnerability in multiple software that implements that the signature is not verified correctly. For example, SSH , SSL , PGP , X.509 May affect the software.By a remote third party RSA The signature may be forged. This may prevent the validity of the signed message. Hitachi Web Server accepts an SSL certificate sent by a clinet trying to connect to the Server even if the certificate is fraudulent. The vulnerability does not affect the product if the SSL authenticaton client feature is disabled.An attacker could gain access with a fraudulent certificate. This vulnerability may allow an attacker to forge RSA signatures. Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. BIND uses RSA cryptography as part of its DNSSEC implementation. As a result, to resolve the security issue, these packages need to be upgraded and for both KEY and DNSKEY record types, new RSASHA1 and RSAMD5 keys need to be generated using the "-e" option of dnssec-keygen, if the current keys were generated using the default exponent of 3. You are able to determine if your keys are vulnerable by looking at the algorithm (1 or 5) and the first three characters of the Base64 encoded RSA key. RSAMD5 (1) and RSASHA1 (5) keys that start with "AQM", "AQN", "AQO", or "AQP" are vulnerable. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://marc.theaimsgroup.com/?l=bind-announce&m=116253119512445 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: 1035f92172986ed63ca035de0603a0fd 2006.0/i586/bind-9.3.1-4.2.20060mdk.i586.rpm 4f5949d85f13c68220f4f5f030f63849 2006.0/i586/bind-devel-9.3.1-4.2.20060mdk.i586.rpm f201e05548b673268038e95225451085 2006.0/i586/bind-utils-9.3.1-4.2.20060mdk.i586.rpm 4f57cbdc960171c439223f5c20952460 2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 83b6c31bef9e4df229e2fe5cf8c3aa2a 2006.0/x86_64/bind-9.3.1-4.2.20060mdk.x86_64.rpm fb03e9a493645041816c206267a052f4 2006.0/x86_64/bind-devel-9.3.1-4.2.20060mdk.x86_64.rpm f54babadfba3ec593563724208df1eaa 2006.0/x86_64/bind-utils-9.3.1-4.2.20060mdk.x86_64.rpm 4f57cbdc960171c439223f5c20952460 2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm Mandriva Linux 2007.0: 6c282a7b5c3cfec534e2557926005bbf 2007.0/i586/bind-9.3.2-8.1mdv2007.0.i586.rpm 03390448f140777d62cdd76e50361526 2007.0/i586/bind-devel-9.3.2-8.1mdv2007.0.i586.rpm 7546dc98ff5e8061636a3a75d6b318fb 2007.0/i586/bind-utils-9.3.2-8.1mdv2007.0.i586.rpm 8be8a7d591971e760d1251bd75f97a6c 2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: c190d522505a16aa97891f525e0034a4 2007.0/x86_64/bind-9.3.2-8.1mdv2007.0.x86_64.rpm 594cacdac86db81b0c62a7380c6a3a2d 2007.0/x86_64/bind-devel-9.3.2-8.1mdv2007.0.x86_64.rpm e827e65717615868896e43bcb4856f2d 2007.0/x86_64/bind-utils-9.3.2-8.1mdv2007.0.x86_64.rpm 8be8a7d591971e760d1251bd75f97a6c 2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm Corporate 3.0: fa096b2fac1840797e382ba61728d47e corporate/3.0/i586/bind-9.2.3-6.2.C30mdk.i586.rpm 0f1e56f1f3a2689443c04b52d8ce5545 corporate/3.0/i586/bind-devel-9.2.3-6.2.C30mdk.i586.rpm 99bf1f4127e97b8941b597aa5e19aa0a corporate/3.0/i586/bind-utils-9.2.3-6.2.C30mdk.i586.rpm 2b49bd9c7edf8bd81b297260b54de32d corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm Corporate 3.0/X86_64: e74bea44aee406d11c87227584790c26 corporate/3.0/x86_64/bind-9.2.3-6.2.C30mdk.x86_64.rpm b108edf227b55f3af3ab55b48c23a62a corporate/3.0/x86_64/bind-devel-9.2.3-6.2.C30mdk.x86_64.rpm ba548cbba992f479ad40ecf0808f36cb corporate/3.0/x86_64/bind-utils-9.2.3-6.2.C30mdk.x86_64.rpm 2b49bd9c7edf8bd81b297260b54de32d corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm Corporate 4.0: 8bfc97510d4f07568d64c9b9872b4bba corporate/4.0/i586/bind-9.3.2-7.1.20060mlcs4.i586.rpm dda709703f8bf05f1ff59ae6132a81a7 corporate/4.0/i586/bind-devel-9.3.2-7.1.20060mlcs4.i586.rpm daf59d23abaaaf62c990d2fa1155688c corporate/4.0/i586/bind-utils-9.3.2-7.1.20060mlcs4.i586.rpm ccfd1d4d79b168ab5f7998e51c305a26 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 3d1bbe1e7d4f2de6e546996e181a16b0 corporate/4.0/x86_64/bind-9.3.2-7.1.20060mlcs4.x86_64.rpm c1b8467d62623ef5daf35a696ab2389e corporate/4.0/x86_64/bind-devel-9.3.2-7.1.20060mlcs4.x86_64.rpm 83cf57110f107c450aaac5931ee52ecb corporate/4.0/x86_64/bind-utils-9.3.2-7.1.20060mlcs4.x86_64.rpm ccfd1d4d79b168ab5f7998e51c305a26 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm Multi Network Firewall 2.0: abd228e7f0b762ae8c11c8ecd90200c2 mnf/2.0/i586/bind-9.2.3-6.2.M20mdk.i586.rpm dd7b0785e31880a09d10957695c0552d mnf/2.0/i586/bind-devel-9.2.3-6.2.M20mdk.i586.rpm 0a2052e5f263b8b8d94111a581928c57 mnf/2.0/i586/bind-utils-9.2.3-6.2.M20mdk.i586.rpm eff2c78779b4285783ffea14e6e33c31 mnf/2.0/SRPMS/bind-9.2.3-6.2.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFWlnDmqjQ0CJFipgRAvl+AKCd5q51CkdHf1UnUJ4imb9Fzl5mZQCfaW5Z 6faoicEmIFqGW4QuEVIhCbU= =bI0u -----END PGP SIGNATURE----- . Any software using OpenSSL to verify X.509 certificates is potentially vulnerable to this issue, as well as any other use of PKCS #1 v1.5, including software uses OpenSSL for SSL or TLS. Incorrect permissions on SSL key files generated by vmware-config (CVE-2006-3589): ESX 3.0.1: does not have this problem ESX 3.0.0: does not have this problem ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502) ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703) ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803) ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801) A possible security issue with the configuration program vmware-config which could set incorrect permissions on SSL key files. Local users may be able to obtain access to the SSL key files. OpenSSL library vulnerabilities: ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131 ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097 ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502) ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703) ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803) ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801) (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. (CVE-2006-4343) The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. Updated OpenSSH package addresses the following possible security issues: ESX 3.0.1: corrected by Patch ESX-9986131 ESX 3.0.0: corrected by Patch ESX-3069097 ESX 2.5.4: does not have these problems ESX 2.5.3: does not have these problems ESX 2.1.3: does not have these problems ESX 2.0.2: does not have these problems (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption). (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address. (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. NOTE: ESX by default disables version 1 SSH protocol. (CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. NOTE: ESX doesn't use GSSAPI by default. (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist. Object reuse problems with newly created virtual disk (.vmdk or .dsk) files: ESX 3.0.1: does not have this problem ESX 3.0.0: does not have this problem ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502) ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703) ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803) ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801) A possible security issue with virtual disk (.vmdk or .dsk) files that are newly created, but contain blocks from recently deleted virtual disk files. Information belonging to the previously deleted virtual disk files could be revealed in newly created virtual disk files. VMware recommends the following workaround: When creating new virtual machines on an ESX Server that may contain sensitive data, use vmkfstools with the -W option. This initializes the virtual disk with zeros. NOTE: ESX 3.x defines this option as -w. Buffer overflow in Python function repr(): ESX 3.0.1: corrected by Patch ESX-9986131 ESX 3.0.0: corrected by ESX-3069097 ESX 2.5.4: does not have this problem ESX 2.5.3: does not have this problem ESX 2.1.3: does not have this problem ESX 2.0.2: does not have this problem A possible security issue with how the Python function repr() function handles UTF-32/UCS-4 strings. ESX 3.0.1 http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html md5usm: 239375e107fd4c7af57663f023863fcb ESX 3.0.0 http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html md5sum: ca9947239fffda708f2c94f519df33dc ESX 2.5.4 http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html md5sum: 239375e107fd4c7af57663f023863fcb ESX 2.5.3 http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html md5sum: f90fcab28362edbf2311f3ca90cc7739 ESX 2.1.3 http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f ESX 2.0.2 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html md5sum: 925e70f28d17714c53fdbd24de64329f 5. References: ESX 3.0.0 Patch URL: http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html Knowledge base URL: http://kb.vmware.com/kb/3069097 ESX 3.0.1 Patch URL: http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html Knowledge base URL: http://kb.vmware.com/kb/9986131 ESX 2.5.4 Patch URL: http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html ESX 2.5.3 Patch URL: http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html ESX 2.1.3 Patch URL: http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html ESX 2.0.2 Patch URL: http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980 6. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------- ~ VMware Security Advisory Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340 - ------------------------------------------------------------------- 1. 2. Relevant releases: ~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier 3. Problem description: ~ a. Host to guest shared folder (HGFS) traversal vulnerability ~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations. NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected. ~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930. ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue. ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ b. Insecure named pipes ~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user. ~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing. ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues. ~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities ~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated. ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue. ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ NOTE: Fusion is not affected by this issue. ~ d. ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ NOTE: Fusion is not affected by this issue. ~ e. VIX API default setting changed to a more secure default value ~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest. ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability ~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines. ~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities. ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue. ~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ NOTE: Fusion and Linux based products are not affected by this ~ issue. ~ g. DHCP denial of service vulnerability ~ A potential denial of service issue affects DHCP service running ~ on the host. ~ VMware would like to thank Martin O'Neal for reporting this issue. ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue. ~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241) ~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products. ~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file ~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process. ~ VMware would like to thank Sun Bing for reporting the issue. ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue. ~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service ~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption. ~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue. ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue. ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) 4. Solution: Please review the Patch notes for your product and version and verify the md5sum of your downloaded file. ~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9 ~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202 ~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8 ~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html ~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0 ~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f 5. References: ~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340 - ------------------------------------------------------------------- 6. Contact: E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: ~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk E-mail: security@vmware.com Security web site http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2008 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201408-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenOffice, LibreOffice: Multiple vulnerabilities Date: August 31, 2014 Bugs: #283370, #305195, #320491, #332321, #352864, #386081, #409509, #429482, #514886 ID: 201408-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenOffice and LibreOffice, the worst of which may result in execution of arbitrary code. Background ========== OpenOffice is the open source version of StarOffice, a full office productivity suite. LibreOffice is a fork of OpenOffice. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 4 affected packages Description =========== Multiple vulnerabilities have been discovered in OpenOffice and Libreoffice. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenOffice (binary) users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-office/openoffice-bin-3.5.5.3" All LibreOffice users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-office/libreoffice-4.2.5.2"= All LibreOffice (binary) users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-office/libreoffice-bin-4.2.5.2" We recommend that users unmerge OpenOffice: # emerge --unmerge "app-office/openoffice" References ========== [ 1 ] CVE-2006-4339 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4339 [ 2 ] CVE-2009-0200 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0200 [ 3 ] CVE-2009-0201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0201 [ 4 ] CVE-2009-0217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0217 [ 5 ] CVE-2009-2949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2949 [ 6 ] CVE-2009-2950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2950 [ 7 ] CVE-2009-3301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3301 [ 8 ] CVE-2009-3302 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3302 [ 9 ] CVE-2010-0395 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0395 [ 10 ] CVE-2010-2935 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2935 [ 11 ] CVE-2010-2936 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2936 [ 12 ] CVE-2010-3450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3450 [ 13 ] CVE-2010-3451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3451 [ 14 ] CVE-2010-3452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3452 [ 15 ] CVE-2010-3453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3453 [ 16 ] CVE-2010-3454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3454 [ 17 ] CVE-2010-3689 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3689 [ 18 ] CVE-2010-4253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4253 [ 19 ] CVE-2010-4643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4643 [ 20 ] CVE-2011-2713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2713 [ 21 ] CVE-2012-0037 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0037 [ 22 ] CVE-2012-1149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1149 [ 23 ] CVE-2012-2149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2149 [ 24 ] CVE-2012-2334 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2334 [ 25 ] CVE-2012-2665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2665 [ 26 ] CVE-2014-0247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0247 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201408-19.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00849540 Version: 1 HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2007-01-17 Last Updated: 2007-01-23 Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01 BACKGROUND AFFECTED VERSIONS For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE HP-UX B.11.23 =========== hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE END AFFECTED VERSIONS RESOLUTION HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. Apache Update Procedure Check for Apache Installation ----------------------------- To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server Stop Apache ------------- Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop Download and Install Apache -------------------------- Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. Removing Apache Installation --------------------------- The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product. PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA HISTORY: rev.1 - 23 January 2007 Initial Release Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." \xa9Copyright 2007 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. For the stable distribution (sarge) this problem has been fixed in version 0.9.7e-3sarge2 For the unstable distribution (sid) this problem has been fixed in version 0.9.8b-3 We recommend that you upgrade your openssl packages. Note that services linking against the openssl shared libraries will need to be restarted. Common examples of such services include most Mail Transport Agents, SSH servers, and web servers. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2.dsc Size/MD5 checksum: 639 a6d3c0f1fae595b8c2f7a45ca76dff1f http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2.diff.gz Size/MD5 checksum: 27435 16d02ad2e1e531617e5d533553340a83 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e.orig.tar.gz Size/MD5 checksum: 3043231 a8777164bca38d84e5eb2b1535223474 Alpha architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_alpha.deb Size/MD5 checksum: 3339496 917761204c442b6470cc84364a1d5227 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_alpha.deb Size/MD5 checksum: 2445696 6d894629524dcefbefa0f813cb588bef http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_alpha.deb Size/MD5 checksum: 929948 117af21021dfea510ac09e9a09c1dfd9 AMD64 architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_amd64.deb Size/MD5 checksum: 2693336 c45662184c5ed338e179f3ec5e39289e http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_amd64.deb Size/MD5 checksum: 769324 e216b2d3b89634457906140fcff4c5ac http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_amd64.deb Size/MD5 checksum: 903454 52d2ce0e5d967ca1a77a33f9417fd798 ARM architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_arm.deb Size/MD5 checksum: 2555074 fd529ad701cfbbde50845aa3e0ba4d5e http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_arm.deb Size/MD5 checksum: 689548 a626529a0d9f52d069e6fcb1ec3a2513 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_arm.deb Size/MD5 checksum: 893880 58bcc0001bf7e014b6a1d7ab9849cf2c HP Precision architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_hppa.deb Size/MD5 checksum: 2694850 7dd819a9adddc660268d260df3e8cea2 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_hppa.deb Size/MD5 checksum: 790570 06a37ff4879fab7ee26ac35f6526d7c3 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_hppa.deb Size/MD5 checksum: 914188 74e469de973e495e93455816587b63db Intel IA-32 architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_i386.deb Size/MD5 checksum: 2553346 946eaef80a1dc82af47e10d4913153b3 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_i386.deb Size/MD5 checksum: 2262628 a4e5d09c7086373d2a76370c71542ce0 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_i386.deb Size/MD5 checksum: 908336 e850093346e148d2132d59db3184d398 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_ia64.deb Size/MD5 checksum: 3394850 a43e3948b612ea7b48cdcb267fb26ef5 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_ia64.deb Size/MD5 checksum: 1037694 e4cda7f8044cbc72ebbef123124461ea http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_ia64.deb Size/MD5 checksum: 974802 a6dcd78bc35ca46bb21ac24ac1ccde1b Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_m68k.deb Size/MD5 checksum: 2316460 403eae3e2c3f396a0e789069e8896036 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_m68k.deb Size/MD5 checksum: 661108 eeb8f5b59f10b7c5ed5187f25b1505e6 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_m68k.deb Size/MD5 checksum: 889522 07baf9c082693a1bbf7d81d49f5dd216 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_mips.deb Size/MD5 checksum: 2778514 ef833284a26b9ad69eb22c169dcb822f http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_mips.deb Size/MD5 checksum: 705952 57a2075ffd4746c1c989c06be4e5587e http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_mips.deb Size/MD5 checksum: 896456 0d93ca64cbc1608c5a8345a574b47ada Little endian MIPS architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_mipsel.deb Size/MD5 checksum: 2766270 1d197335ffe887e31525c04466dfd66c http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_mipsel.deb Size/MD5 checksum: 693836 45f358db6b4e149982a16cced46eb1d7 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_mipsel.deb Size/MD5 checksum: 895636 60f63815017772f9dcbcfce2d8aa9138 PowerPC architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_powerpc.deb Size/MD5 checksum: 2774840 012631d48936597d2bdb35a2c9e597cc http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_powerpc.deb Size/MD5 checksum: 778946 3e0d5b50e5c3a1b00faf6c7c18a8ac4f http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_powerpc.deb Size/MD5 checksum: 908016 8bfe8de155f113aef3edca883cd72dac IBM S/390 architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_s390.deb Size/MD5 checksum: 2716386 e8744dd7d49acabdd664bdd505e9efae http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_s390.deb Size/MD5 checksum: 813542 05846cc017a99f250d8104c406f2a609 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_s390.deb Size/MD5 checksum: 918208 f78b15dae8f8072339e601793707c4eb Sun Sparc architecture: http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_sparc.deb Size/MD5 checksum: 2629368 4532f9940cf010b00b0d1404c11f9da5 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_sparc.deb Size/MD5 checksum: 1884394 f7a8f112bb7e09c8c1dacc68c923cd40 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_sparc.deb Size/MD5 checksum: 924208 a5e3e93b474e23a0f858eaa3a329d2de These files will probably be moved into the stable distribution on its next update. 1) The included libxml2 library fails to properly verify signatures. This is related to: SA21709 2) An error in the included libxmlsec library can be exploited to potentially forge a valid signature. For more information: SA35854 3) An error in the included MSVC Runtime package can be exploited to bypass certain security features. 5) An error in the processing GIF files can be exploited to potentially execute arbitrary code. 6) An error in the processing of Word documents can be exploited to potentially execute arbitrary code. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 4) Sebastian Apelt of siberas 5) Frank Rei\xdfner and Sebastian Apelt of siberas 6) Nicolas Joly of Vupen ORIGINAL ADVISORY: http://www.openoffice.org/security/cves/CVE-2006-4339.html http://www.openoffice.org/security/cves/CVE-2009-0217.html http://www.openoffice.org/security/cves/CVE-2009-2493.html http://www.openoffice.org/security/cves/CVE-2009-2949.html http://www.openoffice.org/security/cves/CVE-2009-2950.html http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html OTHER REFERENCES: SA21709: http://secunia.com/advisories/21709/ SA35854: http://secunia.com/advisories/35854/ SA35967: http://secunia.com/advisories/35967/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . =========================================================== Ubuntu Security Notice USN-339-1 September 05, 2006 openssl vulnerability CVE-2006-4339 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libssl0.9.7 0.9.7e-3ubuntu0.3 Ubuntu 5.10: libssl0.9.7 0.9.7g-1ubuntu1.2 Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie of Google Security discovered that the OpenSSL library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3.diff.gz Size/MD5: 29738 8ff4b43003645c9cc0340b7aeaa0e943 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3.dsc Size/MD5: 645 f1d90d6945db3f52eb9e523cd2257cb3 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e.orig.tar.gz Size/MD5: 3043231 a8777164bca38d84e5eb2b1535223474 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_amd64.udeb Size/MD5: 495170 6ecb42d8f16500657a823c246d90f721 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_amd64.deb Size/MD5: 2693394 8554202ca8540221956438754ce83daa http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_amd64.deb Size/MD5: 769732 1924597de3a34f244d50812ce47e839f http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_amd64.deb Size/MD5: 903646 0da1a7985ac40c27bffd43effcdeb306 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_i386.udeb Size/MD5: 433284 3701e85ed202bc56684583e5cdcee090 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_i386.deb Size/MD5: 2492646 bbb95c47fede95c469d7fdef9faeedcf http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_i386.deb Size/MD5: 2241170 8f890db2ab8675adccb3e5f9e9129c97 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_i386.deb Size/MD5: 901102 f43171afd1211d5026a0241abbce7710 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.3_powerpc.udeb Size/MD5: 499392 6c4844845826d244a5062664d725d7f4 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.3_powerpc.deb Size/MD5: 2774414 f275ee27e93d2ddbdf7af62837512b4a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.3_powerpc.deb Size/MD5: 779388 29c64dab8447a8a79c2b82e6aad0c900 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.3_powerpc.deb Size/MD5: 908166 34dc1579ba2d5543f841ca917c1f7f35 Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2.diff.gz Size/MD5: 30435 9ad78dd2d10b6a32b2efa84aeedc1b28 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2.dsc Size/MD5: 657 1d871efaeb3b5bafccb17ec8787ae57c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g.orig.tar.gz Size/MD5: 3132217 991615f73338a571b6a1be7d74906934 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_amd64.udeb Size/MD5: 498836 bd128f07f8f4ff96c7a4ec0cd01a5a24 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_amd64.deb Size/MD5: 2699482 cdefd160fc10ae893743cff5bf872463 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_amd64.deb Size/MD5: 773202 41180b2c148cbee6a514ca07d9d8038c http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_amd64.deb Size/MD5: 913254 4d7d2b9debbe46c070628174e4359281 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_i386.udeb Size/MD5: 430730 904e4e96ab1f84715cdf0db8bd34b5c5 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_i386.deb Size/MD5: 2479858 e18443ee7bd4bacf1b2b9e1b64c9733e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_i386.deb Size/MD5: 2203354 799110bb4e00931d801208e97316c2a5 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_i386.deb Size/MD5: 904410 d19a02f94c4e321112ba4cc4091ae398 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_powerpc.udeb Size/MD5: 476320 0e8146d671c590e6cfb260da7e7bd94e http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_powerpc.deb Size/MD5: 2656084 4f5799481d8abb40bc7e5ff712349b33 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_powerpc.deb Size/MD5: 752756 24177008d7989591e7a10ce33e4f15e4 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_powerpc.deb Size/MD5: 910052 ea5f2afb2b1e05913668d04cb14f4d5a sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.2_sparc.udeb Size/MD5: 452112 7287ea7ed03e385eedc38be06052e554 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.2_sparc.deb Size/MD5: 2569762 159afe6386461da5a10d58594604f923 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.2_sparc.deb Size/MD5: 1791288 d30b69f5e3d3b4b3ca6c889577d4c30a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.2_sparc.deb Size/MD5: 918074 81e40476e7153055043ee7ae07ab9b15 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1.diff.gz Size/MD5: 35264 b4ff10d076548a137e80df0ea6133cf6 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1.dsc Size/MD5: 816 1748b5fba8b23850f0a35186e8d80b0b http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_amd64.udeb Size/MD5: 571346 32560c34d375896443908ad44ef37724 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_amd64.deb Size/MD5: 2166016 7478ed6526daef015f02e53ecd29c794 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_amd64.deb Size/MD5: 1681264 f38fa12908776cad70e4f03f5d82ec52 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_amd64.deb Size/MD5: 873938 905d85741bd0f71d997b0ad1da0af1c1 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_amd64.deb Size/MD5: 984054 0b7663affd06815eda8f814ce98eddf1 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_i386.udeb Size/MD5: 508988 17028f0a0751e40a77199e0727503726 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_i386.deb Size/MD5: 2022304 daa0e6b56441e0b2fa71e14de831dc41 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_i386.deb Size/MD5: 5046624 d14ffd5dccbba81c666d149b9b80affb http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_i386.deb Size/MD5: 2591760 9581e906f3ba5da9983514eca0d10d82 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_i386.deb Size/MD5: 975476 840ba1e9f244516df5cf9e5f48667879 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_powerpc.udeb Size/MD5: 557516 0ea8220e55677599c9867d9104bee981 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_powerpc.deb Size/MD5: 2179304 8356a41ecc095a3a4ec4163f39374bda http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_powerpc.deb Size/MD5: 1725322 7a60fe2ec5537c970d80cf5e48db1ebd http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_powerpc.deb Size/MD5: 860294 6ba3aadd9a9f930e5c893165bc61ae93 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_powerpc.deb Size/MD5: 979370 db3041b4dab69fe48bf2d34d572f4c36 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.1_sparc.udeb Size/MD5: 530316 67e7789eaa5ca6b1edf6408edc7c0835 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.1_sparc.deb Size/MD5: 2091014 a250f9740992c202cd088a0824ceb07a http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.1_sparc.deb Size/MD5: 3939674 4007aa0e07366b2ac9c090409ef22e7b http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.1_sparc.deb Size/MD5: 2089320 672bd1ace848bdb20496ff9ff66a8873 http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.1_sparc.deb Size/MD5: 987236 ecacd01dc72995f246531c25e783a879

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. A flaw in the OpenSSL library could allow a remote attacker to cause a denial of service on an affected application. Multiple RSA implementations fail to properly handle RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition. Hitachi Web Server accepts an SSL certificate sent by a clinet trying to connect to the Server even if the certificate is fraudulent. The vulnerability does not affect the product if the SSL authenticaton client feature is disabled.An attacker could gain access with a fraudulent certificate. An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. All versions prior to and including OpenSSL 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. BIND uses RSA cryptography as part of its DNSSEC implementation. As a result, to resolve the security issue, these packages need to be upgraded and for both KEY and DNSKEY record types, new RSASHA1 and RSAMD5 keys need to be generated using the "-e" option of dnssec-keygen, if the current keys were generated using the default exponent of 3. You are able to determine if your keys are vulnerable by looking at the algorithm (1 or 5) and the first three characters of the Base64 encoded RSA key. RSAMD5 (1) and RSASHA1 (5) keys that start with "AQM", "AQN", "AQO", or "AQP" are vulnerable. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://marc.theaimsgroup.com/?l=bind-announce&m=116253119512445 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: 1035f92172986ed63ca035de0603a0fd 2006.0/i586/bind-9.3.1-4.2.20060mdk.i586.rpm 4f5949d85f13c68220f4f5f030f63849 2006.0/i586/bind-devel-9.3.1-4.2.20060mdk.i586.rpm f201e05548b673268038e95225451085 2006.0/i586/bind-utils-9.3.1-4.2.20060mdk.i586.rpm 4f57cbdc960171c439223f5c20952460 2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 83b6c31bef9e4df229e2fe5cf8c3aa2a 2006.0/x86_64/bind-9.3.1-4.2.20060mdk.x86_64.rpm fb03e9a493645041816c206267a052f4 2006.0/x86_64/bind-devel-9.3.1-4.2.20060mdk.x86_64.rpm f54babadfba3ec593563724208df1eaa 2006.0/x86_64/bind-utils-9.3.1-4.2.20060mdk.x86_64.rpm 4f57cbdc960171c439223f5c20952460 2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm Mandriva Linux 2007.0: 6c282a7b5c3cfec534e2557926005bbf 2007.0/i586/bind-9.3.2-8.1mdv2007.0.i586.rpm 03390448f140777d62cdd76e50361526 2007.0/i586/bind-devel-9.3.2-8.1mdv2007.0.i586.rpm 7546dc98ff5e8061636a3a75d6b318fb 2007.0/i586/bind-utils-9.3.2-8.1mdv2007.0.i586.rpm 8be8a7d591971e760d1251bd75f97a6c 2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: c190d522505a16aa97891f525e0034a4 2007.0/x86_64/bind-9.3.2-8.1mdv2007.0.x86_64.rpm 594cacdac86db81b0c62a7380c6a3a2d 2007.0/x86_64/bind-devel-9.3.2-8.1mdv2007.0.x86_64.rpm e827e65717615868896e43bcb4856f2d 2007.0/x86_64/bind-utils-9.3.2-8.1mdv2007.0.x86_64.rpm 8be8a7d591971e760d1251bd75f97a6c 2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm Corporate 3.0: fa096b2fac1840797e382ba61728d47e corporate/3.0/i586/bind-9.2.3-6.2.C30mdk.i586.rpm 0f1e56f1f3a2689443c04b52d8ce5545 corporate/3.0/i586/bind-devel-9.2.3-6.2.C30mdk.i586.rpm 99bf1f4127e97b8941b597aa5e19aa0a corporate/3.0/i586/bind-utils-9.2.3-6.2.C30mdk.i586.rpm 2b49bd9c7edf8bd81b297260b54de32d corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm Corporate 3.0/X86_64: e74bea44aee406d11c87227584790c26 corporate/3.0/x86_64/bind-9.2.3-6.2.C30mdk.x86_64.rpm b108edf227b55f3af3ab55b48c23a62a corporate/3.0/x86_64/bind-devel-9.2.3-6.2.C30mdk.x86_64.rpm ba548cbba992f479ad40ecf0808f36cb corporate/3.0/x86_64/bind-utils-9.2.3-6.2.C30mdk.x86_64.rpm 2b49bd9c7edf8bd81b297260b54de32d corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm Corporate 4.0: 8bfc97510d4f07568d64c9b9872b4bba corporate/4.0/i586/bind-9.3.2-7.1.20060mlcs4.i586.rpm dda709703f8bf05f1ff59ae6132a81a7 corporate/4.0/i586/bind-devel-9.3.2-7.1.20060mlcs4.i586.rpm daf59d23abaaaf62c990d2fa1155688c corporate/4.0/i586/bind-utils-9.3.2-7.1.20060mlcs4.i586.rpm ccfd1d4d79b168ab5f7998e51c305a26 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: 3d1bbe1e7d4f2de6e546996e181a16b0 corporate/4.0/x86_64/bind-9.3.2-7.1.20060mlcs4.x86_64.rpm c1b8467d62623ef5daf35a696ab2389e corporate/4.0/x86_64/bind-devel-9.3.2-7.1.20060mlcs4.x86_64.rpm 83cf57110f107c450aaac5931ee52ecb corporate/4.0/x86_64/bind-utils-9.3.2-7.1.20060mlcs4.x86_64.rpm ccfd1d4d79b168ab5f7998e51c305a26 corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm Multi Network Firewall 2.0: abd228e7f0b762ae8c11c8ecd90200c2 mnf/2.0/i586/bind-9.2.3-6.2.M20mdk.i586.rpm dd7b0785e31880a09d10957695c0552d mnf/2.0/i586/bind-devel-9.2.3-6.2.M20mdk.i586.rpm 0a2052e5f263b8b8d94111a581928c57 mnf/2.0/i586/bind-utils-9.2.3-6.2.M20mdk.i586.rpm eff2c78779b4285783ffea14e6e33c31 mnf/2.0/SRPMS/bind-9.2.3-6.2.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFWlnDmqjQ0CJFipgRAvl+AKCd5q51CkdHf1UnUJ4imb9Fzl5mZQCfaW5Z 6faoicEmIFqGW4QuEVIhCbU= =bI0u -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1174-1 security@debian.org http://www.debian.org/security/ Noah Meyerhans September 11th, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : openssl096 Problem-Type : local Vulnerability : cryptographic weakness Debian-specific: no CVE ID : CVE-2006-4339 BugTraq ID : 19849 Debian Bug : 386247 Daniel Bleichenbacher discovered a flaw in OpenSSL cryptographic package that could allow an attacker to generate a forged signature that OpenSSL will accept as valid. For the stable distribution (sarge) this problem has been fixed in version 0.9.6m-1sarge2 This package exists only for compatibility with older software, and is not present in the unstable or testing branches of Debian. Note that services linking against the openssl shared libraries will need to be restarted. Common examples of such services include most Mail Transport Agents, SSH servers, and web servers. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge2.dsc Size/MD5 checksum: 617 018a88ab90403cb04c62fb3e30b74447 http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge2.diff.gz Size/MD5 checksum: 19110 ebf3d65348f1a0e2b09543b02f1752ff http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m.orig.tar.gz Size/MD5 checksum: 2184918 1b63bfdca1c37837dddde9f1623498f9 Alpha architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_alpha.deb Size/MD5 checksum: 1965098 f321c9d2831643d65718730f8ff81f16 AMD64 architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_amd64.deb Size/MD5 checksum: 578014 b47b9fb2acd8c6e22aac6812c7ad4dda ARM architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_arm.deb Size/MD5 checksum: 518746 29a69a8d997445d4ae2a53c337678cc6 HP Precision architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_hppa.deb Size/MD5 checksum: 587368 4291ac3835b28ae9acf555ec90242d26 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_i386.deb Size/MD5 checksum: 1755640 d9fb8d8383c96d0d4ebe4af8cb5e9a3a Intel IA-64 architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_ia64.deb Size/MD5 checksum: 814966 1a366b00181bba9bd04b2312f4ae8f42 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_m68k.deb Size/MD5 checksum: 476722 2002d9eeb9b36d329855042466c9dfc1 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_mips.deb Size/MD5 checksum: 576764 2001e7d3f5d72e0328b8d46f83bb0b4d Little endian MIPS architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_mipsel.deb Size/MD5 checksum: 568756 3b25b7c66ff42626c8f458be9485f9bb PowerPC architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_powerpc.deb Size/MD5 checksum: 582402 e677ab4fd68d34affff58a9c7d2cd823 IBM S/390 architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_s390.deb Size/MD5 checksum: 602334 674b58c6811c7e60ad2bb53ec7c1bcdc Sun Sparc architecture: http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_sparc.deb Size/MD5 checksum: 1458574 d9ab5370d48647780172587e58682297 These files will probably be moved into the stable distribution on its next update. OpenSSL Security Advisory [5th September 2006] RSA Signature Forgery (CVE-2006-4339) ===================================== Vulnerability ------------- Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures. Implementations may incorrectly verify the certificate if they are not checking for excess data in the RSA exponentiation result of the signature. Since there are CAs using exponent 3 in wide use, and PKCS #1 v1.5 is used in X.509 certificates, all software that uses OpenSSL to verify X.509 certificates is potentially vulnerable, as well as any other use of PKCS #1 v1.5. This includes software that uses OpenSSL for SSL or TLS. Recommendations --------------- There are multiple ways to avoid this vulnerability. Any one of the following measures is sufficient. The vulnerability is resolved in the following versions of OpenSSL: - in the 0.9.7 branch, version 0.9.7k (or later); - in the 0.9.8 branch, version 0.9.8c (or later). OpenSSL 0.9.8c and OpenSSL 0.9.7k are available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): o http://www.openssl.org/source/ o ftp://ftp.openssl.org/source/ The distribution file names are: o openssl-0.9.8c.tar.gz MD5 checksum: 78454bec556bcb4c45129428a766c886 SHA1 checksum: d0798e5c7c4509d96224136198fa44f7f90e001d o openssl-0.9.7k.tar.gz MD5 checksum: be6bba1d67b26eabb48cf1774925416f SHA1 checksum: 90056b8f5e518edc9f74f66784fbdcfd9b784dd2 The checksums were calculated using the following commands: openssl md5 openssl-0.9*.tar.gz openssl sha1 openssl-0.9*.tar.gz 2. If this version upgrade is not an option at the present time, alternatively the following patch may be applied to the OpenSSL source code to resolve the problem. The patch is compatible with the 0.9.6, 0.9.7, 0.9.8, and 0.9.9 branches of OpenSSL. o http://www.openssl.org/news/patch-CVE-2006-4339.txt Whether you choose to upgrade to a new version or to apply the patch, make sure to recompile any applications statically linked to OpenSSL libraries. Acknowledgements ---------------- The OpenSSL team thank Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie, of Google Security, who successfully forged various certificates, showing OpenSSL was vulnerable, and provided the patch to fix the problems. References ---------- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html URL for this Security Advisory: http://www.openssl.org/news/secadv_20060905.txt . =========================================================== Ubuntu Security Notice USN-339-1 September 05, 2006 openssl vulnerability CVE-2006-4339 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libssl0.9.7 0.9.7e-3ubuntu0.3 Ubuntu 5.10: libssl0.9.7 0.9.7g-1ubuntu1.2 Ubuntu 6.06 LTS: libssl0.9.8 0.9.8a-7ubuntu0.1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------- ~ VMware Security Advisory Advisory ID: VMSA-2008-0005 Synopsis: Updated VMware Workstation, VMware Player, VMware ~ Server, VMware ACE, and VMware Fusion resolve ~ critical security issues Issue date: 2008-03-17 Updated on: 2008-03-17 (initial release of advisory) CVE numbers: CVE-2008-0923 CVE-2008-0923 CVE-2008-1361 ~ CVE-2008-1362 CVE-2007-5269 CVE-2006-2940 ~ CVE-2006-2937 CVE-2006-4343 CVE-2006-4339 ~ CVE-2007-5618 CVE-2008-1364 CVE-2008-1363 ~ CVE-2008-1340 - ------------------------------------------------------------------- 1. Summary: ~ Several critical security vulnerabilities have been addressed ~ in the newest releases of VMware's hosted product line. 2. Relevant releases: ~ VMware Workstation 6.0.2 and earlier ~ VMware Workstation 5.5.4 and earlier ~ VMware Player 2.0.2 and earlier ~ VMware Player 1.0.4 and earlier ~ VMware ACE 2.0.2 and earlier ~ VMware ACE 1.0.2 and earlier ~ VMware Server 1.0.4 and earlier ~ VMware Fusion 1.1 and earlier 3. Problem description: ~ a. Host to guest shared folder (HGFS) traversal vulnerability ~ On Windows hosts, if you have configured a VMware host to guest ~ shared folder (HGFS), it is possible for a program running in the ~ guest to gain access to the host's file system and create or modify ~ executable files in sensitive locations. NOTE: VMware Server is not affected because it doesn't use host to ~ guest shared folders. Because ~ ESX Server is based on a bare-metal hypervisor architecture ~ and not a hosted architecture, and it doesn't include any ~ shared folder abilities. Fusion and Linux based hosted ~ products are unaffected. ~ VMware would like to thank CORE Security Technologies for ~ working with us on this issue. This addresses advisory ~ CORE-2007-0930. ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2008-0923 to this issue. ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ b. Insecure named pipes ~ An internal security audit determined that a malicious Windows ~ user could attain and exploit LocalSystem privileges by causing ~ the authd process to connect to a named pipe that is opened and ~ controlled by the malicious user. ~ The same internal security audit determined that a malicious ~ Windows user could exploit an insecurely created named pipe ~ object to escalate privileges or create a denial of service ~ attack. In this situation, the malicious user could ~ successfully impersonate authd and attain privileges under ~ which Authd is executing. ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the names CVE-2008-1361, CVE-2008-1362 to these ~ issues. ~ Windows Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ c. Updated libpng library to version 1.2.22 to address various ~ security vulnerabilities ~ Several flaws were discovered in the way libpng handled various PNG ~ image chunks. An attacker could create a carefully crafted PNG ~ image file in such a way that it could cause an application linked ~ with libpng to crash when the file was manipulated. ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ has assigned the name CVE-2007-5269 to this issue. ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ NOTE: Fusion is not affected by this issue. ~ d. ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the following names to these issues: CVE-2006-2940, ~ CVE-2006-2937, CVE-2006-4343, CVE-2006-4339. ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ NOTE: Fusion is not affected by this issue. ~ e. VIX API default setting changed to a more secure default value ~ Workstation 6.0.2 allowed anonymous console access to the guest by ~ means of the VIX API. This release, Workstation 6.0.3, disables ~ this feature. This means that the Eclipse Integrated Virtual ~ Debugger and the Visual Studio Integrated Virtual Debugger will now ~ prompt for user account credentials to access a guest. ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ f. Windows 2000 based hosted products privilege escalation ~ vulnerability ~ This release addresses a potential privilege escalation on ~ Windows 2000 hosted products. Certain services may be improperly ~ registered and present a security vulnerability to Windows 2000 ~ machines. ~ VMware would like to thank Ray Hicken for reporting this issue and ~ David Maciejak for originally pointing out these types of ~ vulnerabilities. ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2007-5618 to this issue. ~ Windows versions of Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ NOTE: Fusion and Linux based products are not affected by this ~ issue. ~ g. DHCP denial of service vulnerability ~ A potential denial of service issue affects DHCP service running ~ on the host. ~ VMware would like to thank Martin O'Neal for reporting this issue. ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1364 to this issue. ~ Hosted products ~ --------------- ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ VMware Fusion 1.1 upgrade to version 1.1.1 (Build# 72241) ~ NOTE: This issue doesn't affect the latest versions of VMware ~ Workstation 6, VMware Player 2, and ACE 2 products. ~ h. Local Privilege Escalation on Windows based platforms by ~ Hijacking VMware VMX configuration file ~ VMware uses a configuration file named "config.ini" which ~ is located in the application data directory of all users. ~ By manipulating this file, a user could gain elevated ~ privileges by hijacking the VMware VMX process. ~ VMware would like to thank Sun Bing for reporting the issue. ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1363 to this issue. ~ Windows based Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Workstation 5.5 upgrade to version 5.5.6 (Build# 80404) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware Player 1.0 upgrade to version 1.0.6 (Build# 80404) ~ VMware Server 1.0 upgrade to version 1.0.5 (Build# 80187) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) ~ VMware ACE 1.0 upgrade to version 1.0.5 (Build# 79846) ~ i. Virtual Machine Communication Interface (VMCI) memory corruption ~ resulting in denial of service ~ VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, ~ and VMware ACE 2.0. It is an experimental, optional feature and ~ it may be possible to crash the host system by making specially ~ crafted calls to the VMCI interface. This may result in denial ~ of service via memory exhaustion and memory corruption. ~ VMware would like to thank Andrew Honig of the Department of ~ Defense for reporting this issue. ~ The Common Vulnerabilities and Exposures project (cve.mitre.org) ~ assigned the name CVE-2008-1340 to this issue. ~ Hosted products ~ --------------- ~ VMware Workstation 6.0 upgrade to version 6.0.3 (Build# 80004) ~ VMware Player 2.0 upgrade to version 2.0.3 (Build# 80004) ~ VMware ACE 2.0 upgrade to version 2.0.1 (Build# 80004) 4. Solution: Please review the Patch notes for your product and version and verify the md5sum of your downloaded file. ~ VMware Workstation 6.0.3 ~ ------------------------ ~ http://www.vmware.com/download/ws/ ~ Release notes: ~ http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html ~ Windows binary ~ md5sum: 323f054957066fae07735160b73b91e5 ~ RPM Installation file for 32-bit Linux ~ md5sum: c44183ad11082f05593359efd220944e ~ tar Installation file for 32-bit Linux ~ md5sum: 57601f238106cb12c1dea303ad1b4820 ~ RPM Installation file for 64-bit Linux ~ md5sum: e9ba644be4e39556724fa2901c5e94e9 ~ tar Installation file for 64-bit Linux ~ md5sum: d8d423a76f99a94f598077d41685e9a9 ~ VMware Workstation 5.5.5 ~ ------------------------ ~ http://www.vmware.com/download/ws/ws5.html ~ Release notes: ~ http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html ~ Windows binary ~ md5sum: 9c2dd94db5eed93d7f64e8d6ba8d8bd3 ~ Compressed Tar archive for 32-bit Linux ~ md5sum: 77401c0842a151f0b2db0b4fcb0d16eb ~ Linux RPM version for 32-bit Linux ~ md5sum: c222b6db934deb9c1bb79b16b25a3202 ~ VMware Server 1.0.5 ~ ------------------- ~ http://www.vmware.com/download/server/ ~ Release notes: ~ http://www.vmware.com/support/server/doc/releasenotes_server.html ~ VMware Server for Windows 32-bit and 64-bit ~ md5sum: 3c4a57310c55e17bf8e4a1059d5b36cc ~ VMware Server Windows client package ~ md5sum: cb3dd2439203dc510f4d95f06ba59d21 ~ VMware Server for Linux ~ md5sum: 161dcbe5af9bbd9834a86bf7c599903e ~ VMware Server for Linux rpm ~ md5sum: fc3b81ed18b53eda943a992971e9f84a ~ Management Interface ~ md5sum: dd10d25895d9994bd27ca896152f48ef ~ VMware Server Linux client package ~ md5sum: aae18f1f7b8811b5499e3a358754d4f8 ~ VMware ACE 2.0.3 and 1.0.5 ~ -------------------------- ~ http://www.vmware.com/download/ace/ ~ Windows Release notes: ~ http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html ~ VMware Fusion 1.1.1 ~ ------------------- ~ http://www.vmware.com/download/fusion/ ~ Release notes: ~ http://www.vmware.com/support/fusion/doc/releasenotes_fusion.html ~ md5sum: 38e116ec26b30e7a6ac47c249ef650d0 ~ VMware Player 2.0.3 and 1.0.6 ~ ---------------------- ~ http://www.vmware.com/download/player/ ~ Release notes Player 1.x: ~ http://www.vmware.com/support/player/doc/releasenotes_player.html ~ Release notes Player 2.0 ~ http://www.vmware.com/support/player2/doc/releasenotes_player2.html ~ 2.0.3 Windows binary ~ md5sum: 0c5009d3b569687ae139e13d24c868d3 ~ VMware Player 2.0.3 for Linux (.rpm) ~ md5sum: 53502b2112a863356dcd13dd0d8dd8f2 ~ VMware Player 2.0.3 for Linux (.tar) ~ md5sum: 2305fcff49bef6e4ad83742412eac978 ~ VMware Player 2.0.3 - 64-bit (.rpm) ~ md5sum: cf945b571c4d96146ede010286fdfca5 ~ VMware Player 2.0.3 - 64-bit (.tar) ~ md5sum: f99c5b293eb87c5f918ad24111565b9f ~ 1.0.6 Windows binary ~ md5sum: 895081406c4de5361a1700ec0473e49c ~ Player 1.0.6 for Linux (.rpm) ~ md5sum: 8adb23799dd2014be0b6d77243c76942 ~ Player 1.0.6 for Linux (.tar) ~ md5sum: c358f8e1387fb60863077d6f8a9f7b3f 5. References: ~ CVE numbers ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0923 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1361 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1362 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5618 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1364 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1363 ~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1340 - ------------------------------------------------------------------- 6. Contact: E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: ~ * security-announce@lists.vmware.com ~ * bugtraq@securityfocus.com ~ * full-disclosure@lists.grok.org.uk E-mail: security@vmware.com Security web site http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2008 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFH3yTxS2KysvBH1xkRCHq8AJ0QOMocv/gSz/hgdojA39PGVO6pUACePCRv Cv8MnL2bYPyDfYQ3f4IUL+w= =tFXS -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00849540 Version: 1 HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2007-01-17 Last Updated: 2007-01-23 Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access. Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01 BACKGROUND AFFECTED VERSIONS For IPv4: HP-UX B.11.00 HP-UX B.11.11 =========== hpuxwsAPACHE action: install revision A.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE For IPv6: HP-UX B.11.11 =========== hpuxwsAPACHE,revision=B.1.0.00.01 hpuxwsAPACHE,revision=B.1.0.07.01 hpuxwsAPACHE,revision=B.1.0.08.01 hpuxwsAPACHE,revision=B.1.0.09.01 hpuxwsAPACHE,revision=B.1.0.10.01 hpuxwsAPACHE,revision=B.2.0.48.00 hpuxwsAPACHE,revision=B.2.0.49.00 hpuxwsAPACHE,revision=B.2.0.50.00 hpuxwsAPACHE,revision=B.2.0.51.00 hpuxwsAPACHE,revision=B.2.0.52.00 hpuxwsAPACHE,revision=B.2.0.53.00 hpuxwsAPACHE,revision=B.2.0.54.00 hpuxwsAPACHE,revision=B.2.0.55.00 hpuxwsAPACHE,revision=B.2.0.56.00 hpuxwsAPACHE,revision=B.2.0.58.00 action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE HP-UX B.11.23 =========== hpuxwsAPACHE action: install revision B.2.0.58.01 or subsequent restart Apache URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE END AFFECTED VERSIONS RESOLUTION HP has made the following software updates available to resolve the issue. Software updates for the Apache-based Web Server are available from: http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent. Apache Update Procedure Check for Apache Installation ----------------------------- To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system. For example, the results of the command swlist -l product | grep -I apache hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server Stop Apache ------------- Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time. After determining which Apache is installed, stop Apache with the following commands: for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop Download and Install Apache -------------------------- Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE Verify successful download by comparing the cksum with the value specified on the installation web page. Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported. Removing Apache Installation --------------------------- The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables. %ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf MANUAL ACTIONS: Yes - Update plus other actions Install the revision of the product. PRODUCT SPECIFIC INFORMATION HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system. For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA HISTORY: rev.1 - 23 January 2007 Initial Release Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." \xa9Copyright 2007 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. HP Secure Web Server (SWS) for OpenVMS (based on Apache) V2.1-1 and earlier. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2002-0839 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2002-0840 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2003-0542 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2004-0492 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2005-2491 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2005-3352 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2005-3357 (AV:N/AC:H/Au:N/C:N/I:N/A:C) 5.4 CVE-2006-2937 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-2940 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2006-3738 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2006-3747 (AV:N/AC:H/Au:N/C:C/I:C/A:C) 7.6 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-4339 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2006-4343 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-5000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6388 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:C) 7.1 CVE-2009-3095 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3291 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3293 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2009-3555 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2010-0010 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following software updates available to resolve these vulnerabilities. Kit Name Location HP SWS V2.2 for OpenVMS Alpha and OpenVMS Integrity servers. HP System Management Homepage (SMH) versions prior to 2.1.7 running on Linux and Windows. BACKGROUND RESOLUTION HP has provided System Management Homepage (SMH) version 2.1.7 or subsequent for each platform to resolve this issue

Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the HelpDesk module. vtiger CRM Contains a cross-site scripting vulnerability.By any third party, via the following parameters Web Script or HTML May be inserted. (1) Unspecified module description Parameters (2) HelpDesk Module solution Parameters. The vtiger CRM is prone to HTML-injection and access-control-bypass vulnerabilities because the application fails to properly sanitize user-supplied input and effectively control access to administrative modules. Version 4.2.4 of vtiger CRM is reportedly affected; previous versions may be vulnerable as well. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: vtiger CRM Script Insertion and Administrative Modules Access SECUNIA ADVISORY ID: SA21728 VERIFY ADVISORY: http://secunia.com/advisories/21728/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting WHERE: >From remote SOFTWARE: vtiger CRM 4.x http://secunia.com/product/6211/ DESCRIPTION: Ivan Markovic has discovered some vulnerabilities in vtiger CRM, which can be exploited by malicious people to conduct script insertion attacks and bypass certain security restrictions. 1) Input passed to the "description" field in various modules when e.g. creating a contact and the "solution" field when an administrator modifies the solution in the HelpDesk modules isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed. 2) An error in the access control verification can be exploited by a normal user to access administrative modules (e.g. the settings section) by accessing certain URLs directly. The vulnerabilities have been confirmed in version 4.2.4. Use another product. PROVIDED AND/OR DISCOVERED BY: Ivan Markovic ORIGINAL ADVISORY: http://www.security-net.biz/adv/D3906a.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module. The vtiger CRM is prone to HTML-injection and access-control-bypass vulnerabilities because the application fails to properly sanitize user-supplied input and effectively control access to administrative modules. Version 4.2.4 of vtiger CRM is reportedly affected; previous versions may be vulnerable as well. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: vtiger CRM Script Insertion and Administrative Modules Access SECUNIA ADVISORY ID: SA21728 VERIFY ADVISORY: http://secunia.com/advisories/21728/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting WHERE: >From remote SOFTWARE: vtiger CRM 4.x http://secunia.com/product/6211/ DESCRIPTION: Ivan Markovic has discovered some vulnerabilities in vtiger CRM, which can be exploited by malicious people to conduct script insertion attacks and bypass certain security restrictions. 1) Input passed to the "description" field in various modules when e.g. creating a contact and the "solution" field when an administrator modifies the solution in the HelpDesk modules isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed. 2) An error in the access control verification can be exploited by a normal user to access administrative modules (e.g. the settings section) by accessing certain URLs directly. The vulnerabilities have been confirmed in version 4.2.4. Use another product. PROVIDED AND/OR DISCOVERED BY: Ivan Markovic ORIGINAL ADVISORY: http://www.security-net.biz/adv/D3906a.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow remote attackers to cause a denial of service via unspecified vectors involving (1) IPSec replay windows and (2) the use of vulnerable versions of ClamAV before 0.88.4. NOTE: it is possible that vector 2 is related to CVE-2006-4018. This vulnerability CVE-2006-4018 May be related.Service disruption by a third party (DoS) There is a possibility of being put into a state. SnapGear is prone to multiple unspecified remote denial-of-service vulnerabilities. An attacker can exploit these vulnerabilities to crash an affected device, effectively denying service to legitimate users. These issues affect SnapGear firmware versions prior to 3.1.4u2. This BID is being retired. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: SnapGear Two Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA21707 VERIFY ADVISORY: http://secunia.com/advisories/21707/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: SnapGear 3.x http://secunia.com/product/11807/ DESCRIPTION: Two vulnerabilities have been reported in SnapGear, which can be exploited by malicious people to cause a DoS (Denial of Service). This affects the 560, 565, 580, and 710 models. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly implement a "list of acceptable host IP addresses in the probe settings," which has unknown impact and attack vectors

Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the Photo Viewer in the Sony PlaystationPortable (PSP) 2.00 through 2.80 allows local users to execute arbitrary code via crafted TIFF images. NOTE: due to lack of details, it is not clear whether this is related to other issues such as CVE-2006-3464 or CVE-2006-3465. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Sony PSP TIFF Image Viewing Code Execution Vulnerability SECUNIA ADVISORY ID: SA21672 VERIFY ADVISORY: http://secunia.com/advisories/21672/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Sony PlayStation Portable (PSP) 2.x http://secunia.com/product/5764/ DESCRIPTION: A vulnerability has been discovered in Sony PlayStation Portable, which can be exploited by malicious people to compromise a user's system. The vulnerability has been confirmed in version 2.60 and has also been reported in versions 2.00 through 2.80. SOLUTION: Do not view untrusted images. PROVIDED AND/OR DISCOVERED BY: Discovered by NOPx86. Additional research by psp250, Skylark, Joek2100, CSwindle, JimP, and Fanjita. ORIGINAL ADVISORY: http://noobz.eu/content/home.html#280806 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client. SAP-DB and MaxDB are prone to a remote buffer-overflow vulnerability because these applications fail to perform sufficient bounds-checking of user-supplied data before copying it to an insufficiently sized memory buffer. Failed exploit attempts will likely crash the application, denying further service to legitimate users. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID: SYMSA-2006-09 Advisory Title: SAP-DB/MaxDB WebDBM remote buffer overflow Author: Oliver Karow / Oliver_Karow@symantec.com Release Date: 29-08-2006 Application: SAP-DB/MaxDB 7.6.00.22 - WebDBM Platform: Windows/Unix Severity: Remotely exploitable/Local System Access Vendor status: Verified by vendor / Resolved in 7.6.00.31 CVE Number: CVE-2006-4305 Reference: http://www.securityfocus.com/bid/19660 Overview: A connection from a WebDBM Client to the DBM Server causes a buffer overflow when the given database name is too large. This can result in the execution of arbitrary code in the context of the database server. Details: SAP-DB/MaxDB is a heavy-duty, SAP-certified open source database for OLTP and OLAP usage which offers high reliability, availability, scalability and a very comprehensive feature set. It is targeted for large mySAP Business Suite environments and other applications that require maximum enterprise-level database functionality and complements the MySQL database server. A remotely exploitable vulnerability exists in MaxDB's WebDBM. Authentication is not required for successful exploitation to occur. Vendor Response: The above vulnerability has been fixed in the latest release of the product, MaxDB 7.6.00.31. Licensed and evaluation versions of MaxDB are available for download in the download section of www.mysql.com/maxdb: http://dev.mysql.com/downloads/maxdb/7.6.00.html. If there are any further questions about this statement, please contact mysql-MaxDB support. Please note that SAP customers receive their downloads via the SAP Service Marketplace www.service.sap.com and must not use downloads from the addresses above for their SAP solutions. Recommendation: The vendor has released MaxDB 7.6.00.31 to address this issue. Users should contact the vendor to obtain the appropriate upgrade. As a temporary workaround the SAP-DB WWW Service should either be disabled or have access to it restricted using appropriate network or client based access controls. Common Vulnerabilities and Exposures (CVE) Information: The Common Vulnerabilities and Exposures (CVE) project has assigned the following names to these issues. These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. CVE-2006-4305 - -------Symantec Consulting Services Advisory Information------- For questions about this advisory, or to report an error: cs_advisories@symantec.com For details on Symantec's Vulnerability Reporting Policy: http://www.symantec.com/research/Symantec-Responsible-Disclosure.pdf Consulting Services Advisory Archive: http://www.symantec.com/research/ Consulting Services Advisory GPG Key: http://www.symantec.com/research/Symantec_Vulnerability_Research_GPG.asc - -------------Symantec Product Advisory Information------------- To Report a Security Vulnerability in a Symantec Product: secure@symantec.com For general information on Symantec's Product Vulnerability reporting and response: http://www.symantec.com/security/ Symantec Product Advisory Archive: http://www.symantec.com/avcenter/security/SymantecAdvisories.html Symantec Product Advisory PGP Key: http://www.symantec.com/security/Symantec-Vulnerability-Management-Key.asc - --------------------------------------------------------------- Copyright (c) 2006 by Symantec Corp. Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Consulting Services. Reprinting the whole or part of this alert in any medium other than electronically requires permission from cs_advisories@symantec.com. Disclaimer The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. Symantec, Symantec products, and Symantec Consulting Services are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFE8u4huk7IIFI45IARAlJoAKCqrvNsyLPPWm5Dnor9VtePm+I7zACfVqf5 gKP3gDsY1sr7ioo8+maNHFA= =vuXL -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: MaxDB WebDBM Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA21677 VERIFY ADVISORY: http://secunia.com/advisories/21677/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network SOFTWARE: MaxDB 7.x http://secunia.com/product/4012/ DESCRIPTION: Oliver Karow has reported a vulnerability in MaxDB, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in WebDBM when processing database names. The vulnerability has been reported in version 7.6.00.22. Other versions may also be affected. SOLUTION: Update to version 7.6.00.31 or later. http://dev.mysql.com/downloads/maxdb/7.6.00.html PROVIDED AND/OR DISCOVERED BY: Oliver Karow, Symantec. ORIGINAL ADVISORY: Symantec: http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA21677 SOLUTION: Apply updated packages. -- Debian GNU/Linux 3.1 alias sarge -- Source archives: http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.dsc Size/MD5 checksum: 1141 2747ee99a22fd9b6ba0ee9229cf23956 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.diff.gz Size/MD5 checksum: 102502 b00c857a9956eed998e17a155d692d8b http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24.orig.tar.gz Size/MD5 checksum: 16135296 4d581530145c30a46ef7a434573f3beb AMD64 architecture: http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_amd64.deb Size/MD5 checksum: 681616 b4bf816d096fc5cf147e530979de8c2a http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_amd64.deb Size/MD5 checksum: 835926 0c6f2a9e4d8c945937afd044e15ff688 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_amd64.deb Size/MD5 checksum: 602828 f1ff9957fd7713422f589e2b5ce878e1 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_amd64.deb Size/MD5 checksum: 110542 d1b0ad84bba2fbf2e1fc66870d217c1a http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_amd64.deb Size/MD5 checksum: 879638 6c14c3e14f8a3d311b753da8059e8718 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_amd64.deb Size/MD5 checksum: 1002292 249bf89f7f2b342fc23bb230c87ce0d2 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_amd64.deb Size/MD5 checksum: 1924254 fedf03c8551d3c89fdcf9bd381ce25a9 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_amd64.deb Size/MD5 checksum: 1861026 7cd7e22627438e425fc014d5c0689882 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_amd64.deb Size/MD5 checksum: 2815606 12eca89b6c94a93f0805a3be61f053f5 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_amd64.deb Size/MD5 checksum: 11762902 9543cd40e9dd2bd31668dc34bdde714b http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_amd64.deb Size/MD5 checksum: 5454626 1a9e3e48fe5e5d0088e896ca1e2c535a http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_amd64.deb Size/MD5 checksum: 125258 cbc85c2295d40664794d8dea7fdefe36 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_amd64.deb Size/MD5 checksum: 2469898 7cf201e9a125267ab012196a6515b4bd http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_amd64.deb Size/MD5 checksum: 57530 cc1d8ba42c0213d233ecb07855733fab http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_amd64.deb Size/MD5 checksum: 52896 2623c86e1e8c104a7b6e534283f92d88 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_amd64.deb Size/MD5 checksum: 388490 dc2719125122fc8c9d74cf621db8a159 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_amd64.deb Size/MD5 checksum: 195236 edff932c86a91803ac12fa12afdffe80 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_amd64.deb Size/MD5 checksum: 388500 7e4f4d52029cffb09b4dec330be23f9f http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_amd64.deb Size/MD5 checksum: 195262 579c30388c18177e6a59fdb5b7a228ce Intel IA-32 architecture: http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_i386.deb Size/MD5 checksum: 724428 7f3da03ea2e15ec1906a17a844a8de71 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_i386.deb Size/MD5 checksum: 884322 f87be31d0c3ccc25826a8adbb90c0fd8 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_i386.deb Size/MD5 checksum: 662674 b768894d4d0613c7a78561ec3c63a736 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_i386.deb Size/MD5 checksum: 113500 0762412421cc8bba7920cd3e5c7ba912 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_i386.deb Size/MD5 checksum: 959610 05077a4995b6f30736dd031f650fc8bb http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_i386.deb Size/MD5 checksum: 1151380 f5952dd48f3c289d59c59869a7910675 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_i386.deb Size/MD5 checksum: 2074392 198c3e94e284f312acb8a60680fb3dac http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_i386.deb Size/MD5 checksum: 1998244 e85b595329b9d3ee86abca690ae8205f http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_i386.deb Size/MD5 checksum: 3087456 3ba8dc9c84e7e0d65e07b8d1f469adcd http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_i386.deb Size/MD5 checksum: 13245168 5bcd0e38d550518e611a510d338a3bd8 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_i386.deb Size/MD5 checksum: 6269766 b747c1d1155a6512266a1ce3e52a6ce1 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_i386.deb Size/MD5 checksum: 132864 f0c46a30fd72b4a29e93b9b75042c6a8 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_i386.deb Size/MD5 checksum: 2619482 9b66168b5b70efbd69c16a06e2de734d http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_i386.deb Size/MD5 checksum: 57534 7d4cb5ef1fa3bf65d79b590023cdc1db http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_i386.deb Size/MD5 checksum: 52902 61f35976dd90a9e461dfceea5430fa1e http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_i386.deb Size/MD5 checksum: 411124 79212c1b66ae516b5404f4d1bb314dc6 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_i386.deb Size/MD5 checksum: 204636 ae693e5ef1041afef92f11fa81314dfe http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_i386.deb Size/MD5 checksum: 411094 3974583dbdfb586097274e4aaddf376b http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_i386.deb Size/MD5 checksum: 204620 c2f00a1d54744ed51c547e681595f537 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_ia64.deb Size/MD5 checksum: 928300 8f9b50424dae7723c38aac9e0c9a52ab http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_ia64.deb Size/MD5 checksum: 1057976 d1127e1ab07ac2a3bc485f040fb0339c http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_ia64.deb Size/MD5 checksum: 911096 4b2d26b87f9e8abe2a8cabb5f5a3dc38 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_ia64.deb Size/MD5 checksum: 125196 c590b2aeb6e773afc78b234880679d0b http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_ia64.deb Size/MD5 checksum: 1157550 bc505370fe0b635ed20241dcec297922 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_ia64.deb Size/MD5 checksum: 1457434 239d74377e81b0d4cceed7e1c99553a5 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_ia64.deb Size/MD5 checksum: 2340496 2f32566da56fcaed5a889f29b2df2ae1 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_ia64.deb Size/MD5 checksum: 2253224 b49a58cd8ad452633f57c0d4c2bb7ccc http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_ia64.deb Size/MD5 checksum: 4126188 db0b224332c029575c85ec3b4af7055f http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_ia64.deb Size/MD5 checksum: 16985506 7634c5b20bbed0b559c5a30a70abcff1 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_ia64.deb Size/MD5 checksum: 8270364 76ac234b9524ec827443e44270b10a7d http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_ia64.deb Size/MD5 checksum: 172092 c89208be8d296c2a188b52b60e42ff1c http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_ia64.deb Size/MD5 checksum: 3018916 de87cf29f90c5b6e08698411c6ee6366 http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_ia64.deb Size/MD5 checksum: 57530 67e6ce8dfb5282aed0aaf8c0d2e3dfba http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_ia64.deb Size/MD5 checksum: 52898 00f142490fbc22408ef5347abf228baa http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_ia64.deb Size/MD5 checksum: 512998 f38b9df396ef132650ddbd151780f5ce http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_ia64.deb Size/MD5 checksum: 247500 d014a66017bbabc285f0bb42df85a71e http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_ia64.deb Size/MD5 checksum: 513000 244752450b149746ec25fbbb67037d9e http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_ia64.deb Size/MD5 checksum: 247500 06b34ba0ab20719baf4c44a828de0436 -- Debian GNU/Linux unstable alias sid -- Reportedly, the problem will be fixed soon

The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows remote attackers to prevent installation of the Cisco Clean Access (CCA) Agent and bypass local and remote protection mechanisms by modifying (1) the HTTP User-Agent header or (2) the behavior of the TCP/IP stack. NOTE: the vendor has disputed the severity of this issue, stating that users cannot bypass authentication mechanisms. The Cisco NAC Agent is prone to a security-bypass vulnerability because of a design error in the application. An attacker can exploit this issue to bypass security restrictions. This results in a false sense of security and may aid attackers in further attacks. An attacker can connect to the network by changing the default parameters of the Windows TCP/IP stack and using a custom HTTPS client (instead of a browser) to bypass host authentication

The ArrowPoint cookie functionality for Cisco 11000 series Content Service Switches specifies an internal IP address if the administrator does not specify a string option, which allows remote attackers to obtain sensitive information. IP There is a vulnerability in which important information can be obtained because the address is specified.Important information may be obtained by a third party

The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server. These issues occur because the application fails to properly validate HTTP requests. An attacker can exploit these issues to bypass authentication and gain administrative access to the affected embedded application or to cause denial-of-service conditions. This may lead to other attacks. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Dell Color Laser Printers Multiple Vulnerabilities SECUNIA ADVISORY ID: SA21630 VERIFY ADVISORY: http://secunia.com/advisories/21630/ CRITICAL: Less critical IMPACT: Security Bypass, DoS WHERE: >From local network OPERATING SYSTEM: Dell Color Laser Printer 5110cn http://secunia.com/product/11721/ Dell Color Laser Printer 5100cn http://secunia.com/product/11733/ Dell Color Laser Printer 3110cn http://secunia.com/product/11734/ Dell Color Laser Printer 3100cn http://secunia.com/product/11736/ Dell Color Laser Printer 3010cn http://secunia.com/product/11735/ Dell Color Laser Printer 3000cn http://secunia.com/product/11737/ DESCRIPTION: Some vulnerabilities have been reported in various Dell Color Laser Printers, which can be exploited by malicious people to bypass certain security restrictions or to cause a DoS (Denial of Service). 1) The embedded FTP server does not restrict the use of the FTP PORT command. This can be exploited to connect to arbitrary systems through the FTP server. This can be exploited to make unauthorized changes to the system configuration or to cause a DoS. The vulnerability has been reported in Dell 5110cn, Dell 3110cn, and Dell 3010cn with firmware versions prior to A01 and in Dell 5100cn, Dell 3100cn, and Dell 3000cn with firmware versions prior to A05. NOTE: Other products using the Fuji Xerox Printing Engine may also be affected. SOLUTION: Apply patches. Dell 5110cn (firmware versions prior to A01): http://ftp.us.dell.com/printer/R130538.EXE Dell 3110cn (firmware versions prior to A01): http://ftp.us.dell.com/printer/R130356.EXE Dell 3010cn (firmware versions prior to A01): http://ftp.us.dell.com/printer/R132075.EXE Dell 5100cn (firmware versions prior to A05): http://ftp.us.dell.com/printer/R132718.EXE Dell 3100cn (firmware versions prior to A05): http://ftp.us.dell.com/printer/R132079.EXE Dell 3000cn (firmware versions prior to A05): http://ftp.us.dell.com/printer/R132368.EXE PROVIDED AND/OR DISCOVERED BY: Nate Johnson and Sean Krulewitch, Indiana University. ORIGINAL ADVISORY: https://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . PROVIDED AND/OR DISCOVERED BY: Nate Johnson and Sean Krulewitch, Indiana University. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Indiana University Security Advisory: Fuji Xerox Printing Systems (FXPS)[1] print engine vulnerabilities Advisory ID: 20060824_FXPS_Print_Engine_Vulnerabilities[2] Revisions: 08-24-2006 2350 UTC 1.0 Initial Public Release Issues: FTP bounce attack is possible when FTP printing is enabled (CVE-2006-2112)[3] Embedded HTTP server allows unauthenticated access to system configuration and settings (CVE-2006-2113)[4] Credit/acknowledgement: CVE-2006-2112 Date of discovery: 04-11-2006 Nate Johnson, Lead Security Engineer, Indiana University Sean Krulewitch, Deputy IT Security Officer, Indiana University CVE-2006-2113 Date of discovery: 04-11-2006 Sean Krulewitch, Deputy IT Security Officer, Indiana University Summary: Certain FXPS print engines contain vulnerabilities that allow a remote attacker to perform FTP bounce attacks through the FTP printing interface or allow unauthenticated access to the embedded HTTP remote user interface. This allows an attacker to cause the FTP server to make arbitrary connections to ports on another system, which can be used to bypass access controls and hide the the true identity of the source of the attacker's traffic. A successful attacker would be able to reset the administrator password but would not be capable of exposing the current password. Mitigation/workarounds: Disabling FTP printing prevents the FTP bounce attack. Disabling the embedded web server prevents the DoS/unauthorized configuration change attack. Best practice suggests that access controls and network firewall policies be put into place to only allow connections from trusted machines and networks. Criticality: These vulnerabilities have a combined risk of moderately critical. Footnotes: [1] http://www.fxpsc.co.jp/en/ [2] https://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2112 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2113 [5] http://ftp.us.dell.com/printer/R130538.EXE [6] http://ftp.us.dell.com/printer/R130356.EXE [7] http://ftp.us.dell.com/printer/R132075.EXE [8] http://ftp.us.dell.com/printer/R132718.EXE [9] http://ftp.us.dell.com/printer/R132079.EXE [10] http://ftp.us.dell.com/printer/R132368.EXE All contents are Copyright 2006 The Trustees of Indiana University. All rights reserved. - -- Sean Krulewitch, Deputy IT Security Officer IT Security Office, Office of the VP for Information Technology Indiana University For PGP Key or S/MIME cert: https://www.itso.iu.edu/Sean_Krulewitch -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRO46FTOEdAVfeKEbEQKc+ACeNvyfI5+GXspTdx32rSxH+WHfXW8AoKPe AJYb0WM59jddPs4cSXaZOyQq =Y7Kv -----END PGP SIGNATURE-----

Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, allows remote attackers to use the FTP printing interface as a proxy ("FTP bounce") by using arbitrary PORT arguments to connect to systems for which access would be otherwise restricted. This could result in the proxying of arbitrary requests by a user through the system using the vulnerable FTP print server. Successful exploits may allow an attacker to make connections to arbitrary hosts and generate traffic with the identity of the vulnerable FTP print server. As a result, this may allow the attacker to bypass access controls and security restrictions by masking the original source of the attacker's traffic. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Dell Color Laser Printers Multiple Vulnerabilities SECUNIA ADVISORY ID: SA21630 VERIFY ADVISORY: http://secunia.com/advisories/21630/ CRITICAL: Less critical IMPACT: Security Bypass, DoS WHERE: >From local network OPERATING SYSTEM: Dell Color Laser Printer 5110cn http://secunia.com/product/11721/ Dell Color Laser Printer 5100cn http://secunia.com/product/11733/ Dell Color Laser Printer 3110cn http://secunia.com/product/11734/ Dell Color Laser Printer 3100cn http://secunia.com/product/11736/ Dell Color Laser Printer 3010cn http://secunia.com/product/11735/ Dell Color Laser Printer 3000cn http://secunia.com/product/11737/ DESCRIPTION: Some vulnerabilities have been reported in various Dell Color Laser Printers, which can be exploited by malicious people to bypass certain security restrictions or to cause a DoS (Denial of Service). 1) The embedded FTP server does not restrict the use of the FTP PORT command. 2) The embedded HTTP server does not authenticate certain HTTP requests correctly. This can be exploited to make unauthorized changes to the system configuration or to cause a DoS. The vulnerability has been reported in Dell 5110cn, Dell 3110cn, and Dell 3010cn with firmware versions prior to A01 and in Dell 5100cn, Dell 3100cn, and Dell 3000cn with firmware versions prior to A05. NOTE: Other products using the Fuji Xerox Printing Engine may also be affected. SOLUTION: Apply patches. Dell 5110cn (firmware versions prior to A01): http://ftp.us.dell.com/printer/R130538.EXE Dell 3110cn (firmware versions prior to A01): http://ftp.us.dell.com/printer/R130356.EXE Dell 3010cn (firmware versions prior to A01): http://ftp.us.dell.com/printer/R132075.EXE Dell 5100cn (firmware versions prior to A05): http://ftp.us.dell.com/printer/R132718.EXE Dell 3100cn (firmware versions prior to A05): http://ftp.us.dell.com/printer/R132079.EXE Dell 3000cn (firmware versions prior to A05): http://ftp.us.dell.com/printer/R132368.EXE PROVIDED AND/OR DISCOVERED BY: Nate Johnson and Sean Krulewitch, Indiana University. ORIGINAL ADVISORY: https://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . PROVIDED AND/OR DISCOVERED BY: Nate Johnson and Sean Krulewitch, Indiana University. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Indiana University Security Advisory: Fuji Xerox Printing Systems (FXPS)[1] print engine vulnerabilities Advisory ID: 20060824_FXPS_Print_Engine_Vulnerabilities[2] Revisions: 08-24-2006 2350 UTC 1.0 Initial Public Release Issues: FTP bounce attack is possible when FTP printing is enabled (CVE-2006-2112)[3] Embedded HTTP server allows unauthenticated access to system configuration and settings (CVE-2006-2113)[4] Credit/acknowledgement: CVE-2006-2112 Date of discovery: 04-11-2006 Nate Johnson, Lead Security Engineer, Indiana University Sean Krulewitch, Deputy IT Security Officer, Indiana University CVE-2006-2113 Date of discovery: 04-11-2006 Sean Krulewitch, Deputy IT Security Officer, Indiana University Summary: Certain FXPS print engines contain vulnerabilities that allow a remote attacker to perform FTP bounce attacks through the FTP printing interface or allow unauthenticated access to the embedded HTTP remote user interface. A successful attacker would be able to reset the administrator password but would not be capable of exposing the current password. Mitigation/workarounds: Disabling FTP printing prevents the FTP bounce attack. Disabling the embedded web server prevents the DoS/unauthorized configuration change attack. Best practice suggests that access controls and network firewall policies be put into place to only allow connections from trusted machines and networks. Criticality: These vulnerabilities have a combined risk of moderately critical. Footnotes: [1] http://www.fxpsc.co.jp/en/ [2] https://itso.iu.edu/20060824_FXPS_Print_Engine_Vulnerabilities [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2112 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2113 [5] http://ftp.us.dell.com/printer/R130538.EXE [6] http://ftp.us.dell.com/printer/R130356.EXE [7] http://ftp.us.dell.com/printer/R132075.EXE [8] http://ftp.us.dell.com/printer/R132718.EXE [9] http://ftp.us.dell.com/printer/R132079.EXE [10] http://ftp.us.dell.com/printer/R132368.EXE All contents are Copyright 2006 The Trustees of Indiana University. All rights reserved. - -- Sean Krulewitch, Deputy IT Security Officer IT Security Office, Office of the VP for Information Technology Indiana University For PGP Key or S/MIME cert: https://www.itso.iu.edu/Sean_Krulewitch -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQA/AwUBRO46FTOEdAVfeKEbEQKc+ACeNvyfI5+GXspTdx32rSxH+WHfXW8AoKPe AJYb0WM59jddPs4cSXaZOyQq =Y7Kv -----END PGP SIGNATURE-----