Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Advisories: May 12, 2005

May 13, 2005, 04:45 (0 Talkback[s])

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200505-09

http://security.gentoo.org/


Severity: High
Title: Gaim: Denial of Service and buffer overflow vulnerabilties
Date: May 12, 2005
Bugs: #91862
ID: 200505-09


Synopsis

Gaim contains two vulnerabilities, potentially resulting in the execution of arbitrary code or Denial of Service.

Background

Gaim is a full featured instant messaging client which handles a variety of instant messaging protocols.

Affected packages


     Package      /  Vulnerable  /                          Unaffected

  1  net-im/gaim       < 1.3.0                                >= 1.3.0

Description

Stu Tomlinson discovered that Gaim is vulnerable to a remote stack based buffer overflow when receiving messages in certain protocols, like Jabber and SILC, with a very long URL (CAN-2005-1261). Siebe Tolsma discovered that Gaim is also vulnerable to a remote Denial of Service attack when receiving a specially crafted MSN message (CAN-2005-1262).

Impact

A remote attacker could cause a buffer overflow by sending an instant message with a very long URL, potentially leading to the execution of malicious code. By sending a SLP message with an empty body, a remote attacker could cause a Denial of Service or crash of the Gaim client.

Workaround

There are no known workarounds at this time.

Resolution

All Gaim users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-im/gaim-1.3.0"

References

[ 1 ] CAN-2005-1261

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1261

[ 2 ] CAN-2005-1262

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1262

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200505-09.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Mandriva Linux


Mandriva Linux Security Update Advisory


Package name: gnutls
Advisory ID: MDKSA-2005:084
Date: May 12th, 2005
Affected versions: 10.1, 10.2


Problem Description:

Two vulnerabilities were discovered in the GnuTLS library. The first is a vulnerability in the way GnuTLS does record packet parsing; the second is a flaw in the RSA key export functionality. These could be exploited by a remote attacker to cause a Denial of Service to any program using the GnuTLS library.

The provided packages have been patched to correct these issues.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1431


Updated Packages:

Mandrakelinux 10.1:
3901ab03e31589ff09a17703c64834a7 10.1/RPMS/gnutls-1.0.13-1.1.101mdk.i586.rpm
9330b4d1e79efe3aba750ce9a5a17853 10.1/RPMS/libgnutls11-1.0.13-1.1.101mdk.i586.rpm
82bf186492340e2b873639b4e7c56346 10.1/RPMS/libgnutls11-devel-1.0.13-1.1.101mdk.i586.rpm
b0f68343453fb1c092b495e2d278af16 10.1/SRPMS/gnutls-1.0.13-1.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
7249cbf6e89c219cacce161ef912b722 x86_64/10.1/RPMS/gnutls-1.0.13-1.1.101mdk.x86_64.rpm
2aaf5157c4639258204a8239456a1dcc x86_64/10.1/RPMS/lib64gnutls11-1.0.13-1.1.101mdk.x86_64.rpm
4f2d1bc7f1ef8dfde81e1e471531d8a7 x86_64/10.1/RPMS/lib64gnutls11-devel-1.0.13-1.1.101mdk.x86_64.rpm
b0f68343453fb1c092b495e2d278af16 x86_64/10.1/SRPMS/gnutls-1.0.13-1.1.101mdk.src.rpm

Mandrakelinux 10.2:
e806886f50d1143d859a58deca01be12 10.2/RPMS/gnutls-1.0.23-2.1.102mdk.i586.rpm
7be1c94df46ca3c351ec02ea577e9684 10.2/RPMS/libgnutls11-1.0.23-2.1.102mdk.i586.rpm
53f40a8e37fc739408ab555aebb8731b 10.2/RPMS/libgnutls11-devel-1.0.23-2.1.102mdk.i586.rpm
7ccd73cf5cd83af889657a95a6b499ae 10.2/SRPMS/gnutls-1.0.23-2.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
e09497fcb976f203ab4ab79a969fbfc2 x86_64/10.2/RPMS/gnutls-1.0.23-2.1.102mdk.x86_64.rpm
d2ff2b32ee329ceaa4da394119b67f8d x86_64/10.2/RPMS/lib64gnutls11-1.0.23-2.1.102mdk.x86_64.rpm
4c7b5da9adf83eab8bc4305ac7484b07 x86_64/10.2/RPMS/lib64gnutls11-devel-1.0.23-2.1.102mdk.x86_64.rpm
7ccd73cf5cd83af889657a95a6b499ae x86_64/10.2/SRPMS/gnutls-1.0.23-2.1.102mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Update Advisory


Package name: kdelibs
Advisory ID: MDKSA-2005:085
Date: May 12th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0


Problem Description:

A buffer overflow in the PCX decoder of kimgio was discovered by Bruno Rohee. If an attacker could trick a user into loading a malicious PCX image with any KDE application, he could cause the execution of arbitrary code with the privileges of the user opening the image.

The provided packages have been patched to correct this issue.

In addition, the LE2005 packages contain fixes to configuring email into kbugreport, fixing a KDE crasher bug, fixing a kicondialog bug, a KHTML bug, and a knewsticker export symbol problem.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1046
http://bugs.kde.org/show_bug.cgi?id=101577
http://bugs.kde.org/show_bug.cgi?id=104475
http://bugs.kde.org/show_bug.cgi?id=99970


Updated Packages:

Mandrakelinux 10.1:
d9187f933c87279b7e72df6513490154 10.1/RPMS/kdelibs-common-3.2.3-106.1.101mdk.i586.rpm
debbf58c43f6ceb879175c2b45fb7382 10.1/RPMS/libkdecore4-3.2.3-106.1.101mdk.i586.rpm
3fed03ddab92dafaf8a7edb70ddb6cc9 10.1/RPMS/libkdecore4-devel-3.2.3-106.1.101mdk.i586.rpm
44d483efd87e38e49738825009d65f9c 10.1/SRPMS/kdelibs-3.2.3-106.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
2df5f703c954bcb4c206c2da57c30b50 x86_64/10.1/RPMS/kdelibs-common-3.2.3-106.1.101mdk.x86_64.rpm
d336bec3abe9699aaf20a8aa6b138af9 x86_64/10.1/RPMS/lib64kdecore4-3.2.3-106.1.101mdk.x86_64.rpm
f0f24bd12da26bc53d1385b661499f91 x86_64/10.1/RPMS/lib64kdecore4-devel-3.2.3-106.1.101mdk.x86_64.rpm
debbf58c43f6ceb879175c2b45fb7382 x86_64/10.1/RPMS/libkdecore4-3.2.3-106.1.101mdk.i586.rpm
3fed03ddab92dafaf8a7edb70ddb6cc9 x86_64/10.1/RPMS/libkdecore4-devel-3.2.3-106.1.101mdk.i586.rpm
44d483efd87e38e49738825009d65f9c x86_64/10.1/SRPMS/kdelibs-3.2.3-106.1.101mdk.src.rpm

Mandrakelinux 10.2:
4bbf3caa4f7162f354c8f9049ff04cc6 10.2/RPMS/kdelibs-common-3.3.2-124.1.102mdk.i586.rpm
9f45e9f161e746cef2782d8be428fa67 10.2/RPMS/libkdecore4-3.3.2-124.1.102mdk.i586.rpm
a9848e016ff7b6e468a42f049c1674a8 10.2/RPMS/libkdecore4-devel-3.3.2-124.1.102mdk.i586.rpm
3da564391e8a3ba9e0336b78407e5af1 10.2/SRPMS/kdelibs-3.3.2-124.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
b339bb5667ca8c8e49a91c52e8763953 x86_64/10.2/RPMS/kdelibs-common-3.3.2-124.1.102mdk.x86_64.rpm
6898b9fc463185750f73ca7249d0e079 x86_64/10.2/RPMS/lib64kdecore4-3.3.2-124.1.102mdk.x86_64.rpm
4d6de10fe1dacfd0f7f5ca727a066d6f x86_64/10.2/RPMS/lib64kdecore4-devel-3.3.2-124.1.102mdk.x86_64.rpm
9f45e9f161e746cef2782d8be428fa67 x86_64/10.2/RPMS/libkdecore4-3.3.2-124.1.102mdk.i586.rpm
a9848e016ff7b6e468a42f049c1674a8 x86_64/10.2/RPMS/libkdecore4-devel-3.3.2-124.1.102mdk.i586.rpm
3da564391e8a3ba9e0336b78407e5af1 x86_64/10.2/SRPMS/kdelibs-3.3.2-124.1.102mdk.src.rpm

Corporate 3.0:
8fefa57d6fb048680557990918a44c59 corporate/3.0/RPMS/kdelibs-common-3.2-36.13.C30mdk.i586.rpm
cbaf86b446afde95d87ca74b67788ad6 corporate/3.0/RPMS/libkdecore4-3.2-36.13.C30mdk.i586.rpm
b9a0035248fdb687d370c3eba66b854e corporate/3.0/RPMS/libkdecore4-devel-3.2-36.13.C30mdk.i586.rpm
f6a2b830e0e3810df0fb8d07dc4ac183 corporate/3.0/SRPMS/kdelibs-3.2-36.13.C30mdk.src.rpm

Corporate 3.0/X86_64:
2ca4ecccc1afe1a6a1c7793af93fd324 x86_64/corporate/3.0/RPMS/kdelibs-common-3.2-36.13.C30mdk.x86_64.rpm
8f5cad1f3b8577a824b82d1937fdf127 x86_64/corporate/3.0/RPMS/lib64kdecore4-3.2-36.13.C30mdk.x86_64.rpm
305120c975db121e6e79699d6c7e9ef0 x86_64/corporate/3.0/RPMS/lib64kdecore4-devel-3.2-36.13.C30mdk.x86_64.rpm
cbaf86b446afde95d87ca74b67788ad6 x86_64/corporate/3.0/RPMS/libkdecore4-3.2-36.13.C30mdk.i586.rpm
f6a2b830e0e3810df0fb8d07dc4ac183 x86_64/corporate/3.0/SRPMS/kdelibs-3.2-36.13.C30mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Update Advisory


Package name: gaim
Advisory ID: MDKSA-2005:086
Date: May 12th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0


Problem Description:

More vulnerabilities have been found in the gaim instant messaging client. A stack-based buffer overflow bug was found in how gaim processes a message containing a URL; a remote attacker could send a carefully crafted message to cause the execution of arbitrary code on the user's machine (CAN-2005-1261).

Another bug was found in how gaim handles malformed MSN messages; an attacker could send a carefully crafted MSN message that would cause gaim to crash (CAN-2005-1262).

Gaim version 1.3.0 fixes these issues and is provided with this update.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1262


Updated Packages:

Mandrakelinux 10.1:
ed8172ba325d95f291a297903af41be0 10.1/RPMS/gaim-1.3.0-0.1.101mdk.i586.rpm
ad2fcbcb8f0c1034c4d4ec1c9544b4c0 10.1/RPMS/gaim-devel-1.3.0-0.1.101mdk.i586.rpm
21102fd5e78228809becd7ddf24351ba 10.1/RPMS/gaim-gevolution-1.3.0-0.1.101mdk.i586.rpm
837a724dd6917f305beb0423713fd8ac 10.1/RPMS/gaim-perl-1.3.0-0.1.101mdk.i586.rpm
5b3ca4cd6306963fb3e1b14c63df2244 10.1/RPMS/gaim-tcl-1.3.0-0.1.101mdk.i586.rpm
199a0196f394b00efee48482f309936e 10.1/RPMS/libgaim-remote0-1.3.0-0.1.101mdk.i586.rpm
d5518ced2d7c76b4526fd68779693207 10.1/RPMS/libgaim-remote0-devel-1.3.0-0.1.101mdk.i586.rpm
44820576063dd74fb9c28b4a5699e36a 10.1/SRPMS/gaim-1.3.0-0.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
4e2c86767236f1b8eeb188551bb27314 x86_64/10.1/RPMS/gaim-1.3.0-0.1.101mdk.x86_64.rpm
db62d40135b2a9848d3699424b556654 x86_64/10.1/RPMS/gaim-devel-1.3.0-0.1.101mdk.x86_64.rpm
3a0f91257813a81a7ec0456a220357c1 x86_64/10.1/RPMS/gaim-gevolution-1.3.0-0.1.101mdk.x86_64.rpm
38dd8f72ca74d9080a8e289bb186c92a x86_64/10.1/RPMS/gaim-perl-1.3.0-0.1.101mdk.x86_64.rpm
13359f709541ea9654312f75339c321b x86_64/10.1/RPMS/gaim-tcl-1.3.0-0.1.101mdk.x86_64.rpm
8542aca1513904f4c0a87c3f0fe543c5 x86_64/10.1/RPMS/lib64gaim-remote0-1.3.0-0.1.101mdk.x86_64.rpm
171e1625bd227112e50659b0648d8173 x86_64/10.1/RPMS/lib64gaim-remote0-devel-1.3.0-0.1.101mdk.x86_64.rpm
44820576063dd74fb9c28b4a5699e36a x86_64/10.1/SRPMS/gaim-1.3.0-0.1.101mdk.src.rpm

Mandrakelinux 10.2:
dae4fba008457633fe9f687285e43a34 10.2/RPMS/gaim-1.3.0-0.1.102mdk.i586.rpm
e79df04c807ee82e92ae8b1bd1c19f17 10.2/RPMS/gaim-devel-1.3.0-0.1.102mdk.i586.rpm
25bd9d7af41c8bbf6761b58465d89ee4 10.2/RPMS/gaim-gevolution-1.3.0-0.1.102mdk.i586.rpm
c8140054eb2228eb8a8aeade572ceae9 10.2/RPMS/gaim-perl-1.3.0-0.1.102mdk.i586.rpm
071ec72d9640dab11e58b9fd5eb196b2 10.2/RPMS/gaim-silc-1.3.0-0.1.102mdk.i586.rpm
f89cb44704cc525ab5f483737ea3ca45 10.2/RPMS/gaim-tcl-1.3.0-0.1.102mdk.i586.rpm
8b93abaa4953aeba755d2498c91bfdb4 10.2/RPMS/libgaim-remote0-1.3.0-0.1.102mdk.i586.rpm
a44d9d2bd48fc0886938db762b111b9d 10.2/RPMS/libgaim-remote0-devel-1.3.0-0.1.102mdk.i586.rpm
199e401eab3fd4bc5a9c19eb9b42c84e 10.2/SRPMS/gaim-1.3.0-0.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
e540621ec7ed8160e8a69f4c8e751c60 x86_64/10.2/RPMS/gaim-1.3.0-0.1.102mdk.x86_64.rpm
2a1491f4d49e424a389232f527567504 x86_64/10.2/RPMS/gaim-devel-1.3.0-0.1.102mdk.x86_64.rpm
d77f3c6453a0648c8561017b8eadf259 x86_64/10.2/RPMS/gaim-gevolution-1.3.0-0.1.102mdk.x86_64.rpm
53bb111a57f40c1b883978453c7e2301 x86_64/10.2/RPMS/gaim-perl-1.3.0-0.1.102mdk.x86_64.rpm
d69ede9ff9e8f64e34bd6a408e062e96 x86_64/10.2/RPMS/gaim-silc-1.3.0-0.1.102mdk.x86_64.rpm
4bc25f5496bac981116ede53777690fe x86_64/10.2/RPMS/gaim-tcl-1.3.0-0.1.102mdk.x86_64.rpm
1df0f36a11d9e0ae880e2e2a9196291b x86_64/10.2/RPMS/lib64gaim-remote0-1.3.0-0.1.102mdk.x86_64.rpm
3232b0c2b7becfc489da906c619fef5a x86_64/10.2/RPMS/lib64gaim-remote0-devel-1.3.0-0.1.102mdk.x86_64.rpm
199e401eab3fd4bc5a9c19eb9b42c84e x86_64/10.2/SRPMS/gaim-1.3.0-0.1.102mdk.src.rpm

Corporate 3.0:
e149a73b4459e4910211c6164119d408 corporate/3.0/RPMS/gaim-1.3.0-0.1.C30mdk.i586.rpm
556d49ec86c6d89d50ed5ab6b7077618 corporate/3.0/RPMS/gaim-devel-1.3.0-0.1.C30mdk.i586.rpm
0c9b562338fd7d15057ce66af6c0e916 corporate/3.0/RPMS/gaim-perl-1.3.0-0.1.C30mdk.i586.rpm
893a7bc983c2502b089b0b28ebc68573 corporate/3.0/RPMS/gaim-tcl-1.3.0-0.1.C30mdk.i586.rpm
e0ca61a235d914865c52a01b24d53cc6 corporate/3.0/RPMS/libgaim-remote0-1.3.0-0.1.C30mdk.i586.rpm
643fc0e061166293c841faa09beb0dc6 corporate/3.0/RPMS/libgaim-remote0-devel-1.3.0-0.1.C30mdk.i586.rpm
050ba22fc5a9834d611cc671fd23e897 corporate/3.0/SRPMS/gaim-1.3.0-0.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
7fd8169fd5f4b6b0b2ed0609a820ae09 x86_64/corporate/3.0/RPMS/gaim-1.3.0-0.1.C30mdk.x86_64.rpm
f4a248008e042fe09d11853ef385cbbf x86_64/corporate/3.0/RPMS/gaim-devel-1.3.0-0.1.C30mdk.x86_64.rpm
68d12ef13d3419cf0358ca51b15b48ff x86_64/corporate/3.0/RPMS/gaim-perl-1.3.0-0.1.C30mdk.x86_64.rpm
75207cb70b1388e1ef6d5aa5c8a47b33 x86_64/corporate/3.0/RPMS/gaim-tcl-1.3.0-0.1.C30mdk.x86_64.rpm
9b76928971f8f5adac79c2e68e1a0793 x86_64/corporate/3.0/RPMS/lib64gaim-remote0-1.3.0-0.1.C30mdk.x86_64.rpm
e7b767077d1ebba151fbd932c11746c7 x86_64/corporate/3.0/RPMS/lib64gaim-remote0-devel-1.3.0-0.1.C30mdk.x86_64.rpm
050ba22fc5a9834d611cc671fd23e897 x86_64/corporate/3.0/SRPMS/gaim-1.3.0-0.1.C30mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Update Advisory


Package name: tcpdump
Advisory ID: MDKSA-2005:087
Date: May 11th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate Server 2.1


Problem Description:

A number of Denial of Service vulnerabilities were discovered in the way that tcpdump processes certain network packets. If abused, these flaws can allow a remote attacker to inject a carefully crafted packet onto the network, crashing tcpdump.

The provided packages have been patched to correct these issues.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1280


Updated Packages:

Mandrakelinux 10.0:
e73bd8a6947c3685f0a1dcd370103a2d 10.0/RPMS/tcpdump-3.8.1-1.2.100mdk.i586.rpm
1e36745b1695e0272989183d00489401 10.0/SRPMS/tcpdump-3.8.1-1.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
49a077ec66ad00b73e7448328ef86b44 amd64/10.0/RPMS/tcpdump-3.8.1-1.2.100mdk.amd64.rpm
1e36745b1695e0272989183d00489401 amd64/10.0/SRPMS/tcpdump-3.8.1-1.2.100mdk.src.rpm

Mandrakelinux 10.1:
67d319eed39f1bafb30a25e57f7add2a 10.1/RPMS/tcpdump-3.8.3-2.1.101mdk.i586.rpm
9367b2c7064311b7552a516c71da2335 10.1/SRPMS/tcpdump-3.8.3-2.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
797c8b13a984821bf42b3a1ff1f0606f x86_64/10.1/RPMS/tcpdump-3.8.3-2.1.101mdk.x86_64.rpm
9367b2c7064311b7552a516c71da2335 x86_64/10.1/SRPMS/tcpdump-3.8.3-2.1.101mdk.src.rpm

Mandrakelinux 10.2:
5e3b9eaf014d072536aee3d4153149fd 10.2/RPMS/tcpdump-3.8.3-2.1.102mdk.i586.rpm
a84d58a6c8e197106db7550b89cd7bc9 10.2/SRPMS/tcpdump-3.8.3-2.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
46175965cf9fe968060f04212469403d x86_64/10.2/RPMS/tcpdump-3.8.3-2.1.102mdk.x86_64.rpm
a84d58a6c8e197106db7550b89cd7bc9 x86_64/10.2/SRPMS/tcpdump-3.8.3-2.1.102mdk.src.rpm

Corporate Server 2.1:
aa300032c33e2bbe3f4a164a0202c410 corporate/2.1/RPMS/tcpdump-3.7.2-2.3.C21mdk.i586.rpm
d56843af254ecdebf9c047f6fb903149 corporate/2.1/SRPMS/tcpdump-3.7.2-2.3.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
d539efda2769654b6a7368b74565d613 x86_64/corporate/2.1/RPMS/tcpdump-3.7.2-2.3.C21mdk.x86_64.rpm
d56843af254ecdebf9c047f6fb903149 x86_64/corporate/2.1/SRPMS/tcpdump-3.7.2-2.3.C21mdk.src.rpm

Corporate 3.0:
df9e3b52c36c3a68aa3c5a12464dfa33 corporate/3.0/RPMS/tcpdump-3.8.1-1.2.C30mdk.i586.rpm
13100cead5f5b078e0b3249d1f522339 corporate/3.0/SRPMS/tcpdump-3.8.1-1.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
69a3d5fc2be9891eaeea2d1a0ebbfc09 x86_64/corporate/3.0/RPMS/tcpdump-3.8.1-1.2.C30mdk.x86_64.rpm
13100cead5f5b078e0b3249d1f522339 x86_64/corporate/3.0/SRPMS/tcpdump-3.8.1-1.2.C30mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Ubuntu Linux


Ubuntu Security Notice USN-124-1 May 11, 2005
mozilla-firefox, mozilla vulnerabilities
CAN-2005-1153, CAN-2005-1154, CAN-2005-1155, CAN-2005-1156, CAN-2005-1157, CAN-2005-1158, CAN-2005-1160

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

mozilla-browser
mozilla-firefox

The problem can be corrected by upgrading the affected package to version 1.0.2-0ubuntu5.1 (mozilla-firefox) and 2:1.7.6-1ubuntu2.1 (mozilla-browser). After a standard system upgrade you need to restart your browser to effect the necessary changes.

Please note that Ubuntu 5.04 (Warty Warthog) is also affected; this release will be fixed soon in a separate advisory.

Details follow:

When a popup is blocked the user is given the ability to open that popup through the popup-blocking status bar icon and, in Firefox, through the information bar. Doron Rosenberg noticed that popups which are permitted by the user were executed with elevated privileges, which could be abused to automatically install and execute arbitrary code with the privileges of the user. (CAN-2005-1153)

It was discovered that the browser did not start with a clean global JavaScript state for each new website. This allowed a malicious web page to define a global variable known to be used by a different site, allowing malicious code to be executed in the context of that site (for example, sending web mail or automatic purchasing). (CAN-2005-1154)

Michael Krax discovered a flaw in the "favicon" links handler. A malicious web page could define a favicon link tag as JavaScript, which could be exploited to execute arbitrary code with the privileges of the user. (CAN-2005-1155)

Michael Krax found two flaws in the Search Plugin installation. This allowed malicious plugins to execute arbitrary code in the context of the current site. If the current page had elevated privileges (like "about:plugins" or "about:config"), the malicious plugin could even install malicious software when a search was performed. (CAN-2005-1156, CAN-2005-1157)

Kohei Yoshino discovered two missing security checks when Firefox opens links in its sidebar. This allowed a malicious web page to construct a link that, when clicked on, could execute arbitrary JavaScript code with the privileges of the user. (CAN-2005-1158)

Georgi Guninski discovered that the types of certain XPInstall related JavaScript objects were not sufficiently validated when they were called. This could be exploited by a malicious website to crash Firefox or even execute arbitrary code with the privileges of the user. (CAN-2005-1159)

Firefox did not properly verify the values of XML DOM nodes of web pages. By tricking the user to perform a common action like clicking on a link or opening the context menu, a malicious page could exploit this to execute arbitrary JavaScript code with the full privileges of the user. (CAN-2005-1160)

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.1.diff.gz
Size/MD5: 830197 4ce184fa78a64ea7b7080534b7bb4855
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.1.dsc
Size/MD5: 1696 1d3777c903164f487f0f1b3710acfc93
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2.orig.tar.gz
Size/MD5: 41023585 7e98ce4aefc5ea9b5f1f35b7a0c58f60
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.6-1ubuntu2.1.diff.gz
Size/MD5: 314103 47b87f40b60e80d62eaccf9760632dd2
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.6-1ubuntu2.1.dsc
Size/MD5: 1767 1c1dde816d6772fd3e6d47334757c61b
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla_1.7.6.orig.tar.gz
Size/MD5: 30587697 800f8d3877193a5d786d9ce4e3d1e400

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.6-1ubuntu2.1_amd64.deb
Size/MD5: 168060 ed2993df33ab89c2f256385cb8c29146
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.6-1ubuntu2.1_amd64.deb
Size/MD5: 139634 30cabc7ee95013519fc0e96220a45265
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.6-1ubuntu2.1_amd64.deb
Size/MD5: 184942 2915e105352efa7bedcf7de8f4c4d653
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.6-1ubuntu2.1_amd64.deb
Size/MD5: 708458 47ff7e80d251d1c0bcb2b1bcdf5cefef
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.6-1ubuntu2.1_amd64.deb
Size/MD5: 10591978 a8cc6ec3a71921fa1daeeacbe8ec85dc
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.6-1ubuntu2.1_amd64.deb
Size/MD5: 403262 2420179b28f69331ea96352ca3c90cc3
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.6-1ubuntu2.1_amd64.deb
Size/MD5: 158320 94912562292b87c86c6538c782d1efeb
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.6-1ubuntu2.1_amd64.deb
Size/MD5: 3348764 5adf0f0b038cbe91cb08a3af971960a1
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.6-1ubuntu2.1_amd64.deb
Size/MD5: 121178 6df756cf8cae9232c361a0f74fa04ac7
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.2-0ubuntu5.1_amd64.deb
Size/MD5: 2629544 14da7a2f6e6f68820800c38ad987ea57
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.1_amd64.deb
Size/MD5: 156958 d46c88bd1084fa30f51f617da0866ebb
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-0ubuntu5.1_amd64.deb
Size/MD5: 56234 61f9327937882137049c0f75d9e796db
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.1_amd64.deb
Size/MD5: 9756214 a8f6bfa38739f09696eb2a4731d8e6c5
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.6-1ubuntu2.1_amd64.deb
Size/MD5: 204148 53132a415b5d2c5e82eb8ef76f99d485
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.6-1ubuntu2.1_amd64.deb
Size/MD5: 1935848 1e697ad9f4a24d46c62a0f5ba1cf8dba
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.6-1ubuntu2.1_amd64.deb
Size/MD5: 204116 423fb6293d4547192a9c7dd7b7d5f6be
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.6-1ubuntu2.1_amd64.deb
Size/MD5: 1032 6c15f001a938f0bd7d5090e9906a8339

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.6-1ubuntu2.1_i386.deb
Size/MD5: 168058 222d46dac5ca6f51a03d04768cc4bb69
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.6-1ubuntu2.1_i386.deb
Size/MD5: 126282 5338a7ac6ec8f0407ce273d4bda614cf
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.6-1ubuntu2.1_i386.deb
Size/MD5: 184948 c2ae8d09fbb125b0efa3f7be632da257
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.6-1ubuntu2.1_i386.deb
Size/MD5: 638278 ada234a2e1a35c38e21ee0a3d305e7ec
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.6-1ubuntu2.1_i386.deb
Size/MD5: 9609946 66d3a0479de8127b56f0482342bd93de
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.6-1ubuntu2.1_i386.deb
Size/MD5: 403286 e9b6231b9140172afcfe966248603133
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.6-1ubuntu2.1_i386.deb
Size/MD5: 158334 0a81f18ac7fc7bdda0780a40d66580da
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.6-1ubuntu2.1_i386.deb
Size/MD5: 3341098 b6e580a5de3c6a77809485e0dd68322e
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.6-1ubuntu2.1_i386.deb
Size/MD5: 115820 69166b1cf69c798f2fcb24aeca9db981
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.2-0ubuntu5.1_i386.deb
Size/MD5: 2629486 f02da01be0f2bbb867ca81cb028f5221
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.1_i386.deb
Size/MD5: 151858 868d1b4632978f22f09af3594d5a681b
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-0ubuntu5.1_i386.deb
Size/MD5: 52824 f19d463a3db16a8f18f3c2fc4de09386
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.1_i386.deb
Size/MD5: 8788424 95629abf4db585733e4883c5e31a1275
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.6-1ubuntu2.1_i386.deb
Size/MD5: 204158 83a4bba634abd309ccc8a6da5d138dc1
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.6-1ubuntu2.1_i386.deb
Size/MD5: 1780844 5540a89fbe45d02f399d168e407d91b8
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.6-1ubuntu2.1_i386.deb
Size/MD5: 188178 19977271c04901479dfadc5a4d1f6dd6
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.6-1ubuntu2.1_i386.deb
Size/MD5: 1032 29a610e4ed60a34fccbef8e957282112

ia64 architecture (Intel Itanium)

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.6-1ubuntu2.1_ia64.deb
Size/MD5: 168060 016f780244ef101dfb590af59aafe67a
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.6-1ubuntu2.1_ia64.deb
Size/MD5: 167994 639735a28f74803de95f9952666708d7
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.6-1ubuntu2.1_ia64.deb
Size/MD5: 184938 bc36f3745afa98fc59ecd2668be6f3cb
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.6-1ubuntu2.1_ia64.deb
Size/MD5: 960402 0f859bcd08441b21017df723b0681dbd
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.6-1ubuntu2.1_ia64.deb
Size/MD5: 12420732 21cf6e5a13833e0a0f87320488eef3cd
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.6-1ubuntu2.1_ia64.deb
Size/MD5: 403268 8c729829bb2ad3a0231ca9e36bcd7562
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.6-1ubuntu2.1_ia64.deb
Size/MD5: 158316 9dd45991a4b6db9b3c5ab46946c610bf
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.6-1ubuntu2.1_ia64.deb
Size/MD5: 3374846 42e83bf82f8a05d084e3489d4fd685d6
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.6-1ubuntu2.1_ia64.deb
Size/MD5: 125580 36621440b6877a70f2f3e15319426647
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.2-0ubuntu5.1_ia64.deb
Size/MD5: 2629556 9f568be6452b5df2dcb0e2afa79dfc0b
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.1_ia64.deb
Size/MD5: 161108 6caf35526e85085dcc735f9614270988
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-0ubuntu5.1_ia64.deb
Size/MD5: 60966 a833be3832f033a3dda4d78ac358c7ca
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.1_ia64.deb
Size/MD5: 11697162 45b9ab1529ea6bdd0902f23af13ae991
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.6-1ubuntu2.1_ia64.deb
Size/MD5: 204146 bea56abb3658a36940d5072862b6c9c6
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.6-1ubuntu2.1_ia64.deb
Size/MD5: 2302082 3fe0de68589a09debf6e88f3a45835de
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.6-1ubuntu2.1_ia64.deb
Size/MD5: 242278 1a4c320cf968e67192cde5f1241a17a6
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.6-1ubuntu2.1_ia64.deb
Size/MD5: 1030 2ff818fdd8ddadf3b4557f19eab32f3f

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr-dev_1.7.6-1ubuntu2.1_powerpc.deb
Size/MD5: 168058 af918e0c1dacc2e6e99e1700dd1b81d1
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnspr4_1.7.6-1ubuntu2.1_powerpc.deb
Size/MD5: 125046 7ed144c7220f45d114217894a06f005e
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss-dev_1.7.6-1ubuntu2.1_powerpc.deb
Size/MD5: 184936 e99c819a8f2c223ec80d1cc24537ee12
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/libnss3_1.7.6-1ubuntu2.1_powerpc.deb
Size/MD5: 712690 706d71fed7d5414b78d371e9521a1541
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-browser_1.7.6-1ubuntu2.1_powerpc.deb
Size/MD5: 9160526 ff174690d0608415e67d263d61ff32b7
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-calendar_1.7.6-1ubuntu2.1_powerpc.deb
Size/MD5: 403272 1126a9bb557965befe61ffbc6f312833
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-chatzilla_1.7.6-1ubuntu2.1_powerpc.deb
Size/MD5: 158320 6c21f61154745bbb310d53ed981afa1a
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-dev_1.7.6-1ubuntu2.1_powerpc.deb
Size/MD5: 3336710 3babb94961cc6b7b33f29a95f5437e7c
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-dom-inspector_1.7.6-1ubuntu2.1_powerpc.deb
Size/MD5: 114574 5d1be8d4c536eb9e6e64a09e879d1b12
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.2-0ubuntu5.1_powerpc.deb
Size/MD5: 2629590 2afc3fc11370be8965471df308cad9ca
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.1_powerpc.deb
Size/MD5: 150628 ae5e401c15b84d79c208a64f5481672f
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-0ubuntu5.1_powerpc.deb
Size/MD5: 55468 02bcb9dc7edc927e87e1240762def966
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.1_powerpc.deb
Size/MD5: 8446334 19563893ea6dd9dde53a1646a1039c0b
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-js-debugger_1.7.6-1ubuntu2.1_powerpc.deb
Size/MD5: 204152 97550a0b3c55285231c2918443c92499
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla-mailnews_1.7.6-1ubuntu2.1_powerpc.deb
Size/MD5: 1642892 b261f0b2564022c476cf48ad086fabb0
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla/mozilla-psm_1.7.6-1ubuntu2.1_powerpc.deb
Size/MD5: 175480 b8ba64bbb7a49b9b0fe6fd40aee60030
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla/mozilla_1.7.6-1ubuntu2.1_powerpc.deb
Size/MD5: 1028 48085111c4e1c0fd807d0c3dc98e2ea5


Ubuntu Security Notice USN-124-2 May 12, 2005
mozilla-firefox bug fix
https://bugzilla.ubuntu.com/show_bug.cgi?id=10643

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

mozilla-firefox

The problem can be corrected by upgrading the affected package to version 1.0.2-0ubuntu5.2. After a standard system upgrade you need to restart your browser to effect the necessary changes.

Details follow:

USN-124-1 fixed several vulnerabilities of Firefox. After that update, several users experienced XML errors on various actions like adding bookmarks (see https://bugzilla.ubuntu.com/show_bug.cgi?id=10643). After installing these new packages and restarting the browser, these problems should be fixed.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.2.diff.gz
Size/MD5: 830215 171bbcf810eff9852d659e50490afb65
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.2.dsc
Size/MD5: 1696 66c5737ebfa1cdfee5da549305c8edb5
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2.orig.tar.gz
Size/MD5: 41023585 7e98ce4aefc5ea9b5f1f35b7a0c58f60

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.2-0ubuntu5.2_amd64.deb
Size/MD5: 2629498 ee36c810f34192c25c144a732084a3e6
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.2_amd64.deb
Size/MD5: 157012 a8345685b334bad370a7e24986b62418
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-0ubuntu5.2_amd64.deb
Size/MD5: 56282 3876c17e0939c5aa7228e975861c533b
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.2_amd64.deb
Size/MD5: 9756140 dc892767a7ae2ec48a271996bf149c5b

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.2-0ubuntu5.2_i386.deb
Size/MD5: 2629498 3c61872e4ae275a99297f01449065805
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.2_i386.deb
Size/MD5: 151888 1af80107fb80773ca9bd6d528e862c16
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-0ubuntu5.2_i386.deb
Size/MD5: 52878 ea1a716a801d2d7d1d3850d32b3fc5e3
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.2_i386.deb
Size/MD5: 8788602 a0accbd4feea931cd0c0e2eb329b733a

ia64 architecture (Intel Itanium)

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.2-0ubuntu5.2_ia64.deb
Size/MD5: 2629578 26fe63b9aec7e5841dcdf37638f343cb
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.2_ia64.deb
Size/MD5: 161158 4e810ff6b5e4b576ef5bd941aed18678
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-0ubuntu5.2_ia64.deb
Size/MD5: 61010 887486bd4a653316d8f5239cf109251b
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.2_ia64.deb
Size/MD5: 11697238 8557609e0907aaee9abde9293d377784

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-dev_1.0.2-0ubuntu5.2_powerpc.deb
Size/MD5: 2629594 177d63ab4acb33e0c0c4a314c6e11bc1
http://security.ubuntu.com/ubuntu/pool/universe/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.2-0ubuntu5.2_powerpc.deb
Size/MD5: 150648 a75e35b6d9516b303b2b1e7f8e69d788
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.2-0ubuntu5.2_powerpc.deb
Size/MD5: 55508 ff182d135feee479aa235e61cc474e94
http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/mozilla-firefox_1.0.2-0ubuntu5.2_powerpc.deb
Size/MD5: 8446040 9e5a311e08ac0f929dac62541121f6c3


Ubuntu Security Notice USN-125-1 May 12, 2005
gaim vulnerabilities
CAN-2005-0967, CAN-2005-1261, CAN-2005-1261

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

gaim
gaim-data

The problem can be corrected by upgrading the affected package to version 1:1.0.0-1ubuntu1.4 (for Ubuntu 4.10), or 1:1.1.4-1ubuntu4.1 (for Ubuntu 5.04). After a standard system upgrade you have to restart Gaim to effect the necessary changes.

Details follow:

Marco Alvarez found a Denial of Service vulnerability in the Jabber protocol handler. A remote attacker could exploit this to crash Gaim by sending specially crafted file transfers to the user. (CAN-2005-0967)

Stu Tomlinson discovered an insufficient bounds checking flaw in the URL parser. By sending a message containing a very long URL, a remote attacker could crash Gaim or execute arbitrary code with the privileges of the user. This was not possible on all protocols, due to message length restrictions. Jabber are SILC were known to be vulnerable. (CAN-2005-1261)

Siebe Tolsma discovered a Denial of Service attack in the MSN handler. By sending a specially crafted SLP message with an empty body, a remote attacker could crash Gaim. (CAN-2005-1262)

Updated packages for Ubuntu 4.10 (Warty Warthog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.4.diff.gz
Size/MD5: 46992 d36bd86fc86d0e1ed7cff852f262b3bd
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.4.dsc
Size/MD5: 853 6a263a078b6fbf53822e59f466a8aae2
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0.orig.tar.gz
Size/MD5: 6985979 7dde686aace751a49dce734fd0cb7ace

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.4_amd64.deb
Size/MD5: 3444626 df8476ccc632e61dc8b7adc8567d3d46

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.4_i386.deb
Size/MD5: 3354914 5dbdc651c4ec1bea08e2bc5061c80522

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.4_powerpc.deb
Size/MD5: 3418282 8f3a48a0148143b4bb3c0d700417422f

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.1.diff.gz
Size/MD5: 106708 245a83a77b4ad58e3c9316f40b566cb2
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.1.dsc
Size/MD5: 991 b125a9154cf19e7d7947acb8418be0b5
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4.orig.tar.gz
Size/MD5: 5188552 b55bf3217b271918384f3f015a6e5b62

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-data_1.1.4-1ubuntu4.1_all.deb
Size/MD5: 603526 7f96838ec2b78882660115c39823aebe

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubuntu4.1_amd64.deb
Size/MD5: 101620 b2e42f7a640536c1165b43e7002f4fa6
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.1_amd64.deb
Size/MD5: 934090 ce17f19071a91c6af0ef361dd90f4bc8

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubuntu4.1_i386.deb
Size/MD5: 101620 616d89e2302ce0ee0f8d9493a24a1988
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.1_i386.deb
Size/MD5: 845470 e28a7383e86bf572dad84928b0b25624

ia64 architecture (Intel Itanium)

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubuntu4.1_ia64.deb
Size/MD5: 101634 601109a3df9d10f1bf9e5bbef48c06ae
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.1_ia64.deb
Size/MD5: 1258622 fa30fc5985afe77a04dbdcbc4d977202

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubuntu4.1_powerpc.deb
Size/MD5: 101648 525baf5b4ab9ff70172864b3d5a48a05
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.1_powerpc.deb
Size/MD5: 910280 a651ab439ffc1bcb15f42b7a4a804f07