Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Advisories: August 28, 2005

Aug 29, 2005, 05:30 (0 Talkback[s])

Debian Security Advisory DSA 786-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 26th, 2005 http://www.debian.org/security/faq


Package : simpleproxy
Vulnerability : format string vulnerability
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-1857

Ulf Harnhammar from the Debian Security Audit Project discoverd a format string vulnerability in simpleproxy, a simple TCP proxy, that can be exploited via replies from remote HTTP proxies.

The old stable distribution (woody) is not affected.

For the stable distribution (sarge) this problem has been fixed in version 3.2-3sarge1.

For the unstable distribution (sid) this problem has been fixed in version 3.2-4.

We recommend that you upgrade your simpleproxy package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1.dsc
      Size/MD5 checksum: 594 2c6aa98fb81fc04dbf0b6076fa87f4b6
    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1.diff.gz
      Size/MD5 checksum: 31814 47478adee75f80455ad446a215f49123
    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2.orig.tar.gz
      Size/MD5 checksum: 30919 d3323be4ca565eb23b9d67f4832ac47a

Alpha architecture:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_alpha.deb
      Size/MD5 checksum: 18244 bacca651f3e700842ad9a6d392c57231

AMD64 architecture:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_amd64.deb
      Size/MD5 checksum: 17096 a99039023d08f03001382af31b9b3875

ARM architecture:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_arm.deb
      Size/MD5 checksum: 14972 5ab9250a124bb40d8460c008e29aa868

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_i386.deb
      Size/MD5 checksum: 15390 bf5c2dd83f57033bba837148ce0d7c45

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_ia64.deb
      Size/MD5 checksum: 20912 3aa890e9e3c3955746cdaf8a62d1a3d6

HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_hppa.deb
      Size/MD5 checksum: 17076 d3b8e78e89ed907fe6ddb7b87a0632bb

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_m68k.deb
      Size/MD5 checksum: 14616 c37c3520bde1a32b4a656ec24ed4ec04

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_mips.deb
      Size/MD5 checksum: 16594 a409b824524147a5b2d3348b4f66cc55

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_mipsel.deb
      Size/MD5 checksum: 16682 b9ea5e19344975bcc63acbcc6f00406f

PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_powerpc.deb
      Size/MD5 checksum: 16108 fc936c14530296ae15cdf4b4292d1a24

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_s390.deb
      Size/MD5 checksum: 16730 42401e99d0fac0fda1cc51038006cd3d

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_sparc.deb
      Size/MD5 checksum: 15292 e4533f350987e6be26a9af3985dfa875

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 787-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 26th, 2005 http://www.debian.org/security/faq


Package : backup manager
Vulnerability : insecure permissions and tempfile
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-1855 CAN-2005-1856
Debian Bug : 308897 315582

Two bugs have been found in backup-manager, a command-line driven backup utility. The Common Vulnerabilities and Exposures project identifies the following problems:

CAN-2005-1855

Jeroen Vermeulen discovered that backup files are created with default permissions making them world readable, even though they may contain sensitive information.

CAN-2005-1856

Sven Joachim discovered that the optional CD-burning feature of backup-manager uses a hardcoded filename in a world-writable directory for logging. This can be subject to a symlink attack.

The old stable distribution (woody) does not provide the backup-manager package.

For the stable distribution (sarge) these problems have been fixed in version 0.5.7-1sarge1.

For the unstable distribution (sid) these problems have been fixed in version 0.5.8-2.

We recommend that you upgrade your backup-manager package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.5.7-1sarge1.dsc
      Size/MD5 checksum: 631 6b20ee3cd0439df2e95819d5001f7e53
    http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.5.7-1sarge1.diff.gz
      Size/MD5 checksum: 17938 a6f1ae5f8555c17c9db3a0fc2ba9ec7a
    http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.5.7.orig.tar.gz
      Size/MD5 checksum: 35661 a97a66d03c4a05072924998f48f7b5d6

Architecture independent components:

    http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.5.7-1sarge1_all.deb
      Size/MD5 checksum: 30550 3bbe99ebf51f69ca80a93e19a64880ac

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Fedora Core


Fedora Update Notification
FEDORA-2005-812
2005-08-26

Product : Fedora Core 3
Name : ntp
Version : 4.2.0.a.20040617
Release : 5.FC3
Summary : Synchronizes system time using the Network Time Protocol (NTP).

Description :
The Network Time Protocol (NTP) is used to synchronize a computer's time with another reference time source. The ntp package contains utilities and daemons that will synchronize your computer's time to Coordinated Universal Time (UTC) via the NTP protocol and NTP servers. The ntp package includes ntpdate (a program for retrieving the date and time from remote machines via a network) and ntpd (a daemon which continuously adjusts system time).

Install the ntp package if you need tools for keeping your system's time synchronized via the NTP protocol.


Update Information:

When starting xntpd with the -u option and specifying the group by using a string not a numeric gid the daemon uses the gid of the user not the group. This problem is now fixed by this update.

The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2496 to this issue.


  • Fri Aug 26 2005 Jindrich Novy <jnovy@redhat.com> 4.2.0.a.20040617-5.FC3
    • release update to fix CAN-2005-2496 (#147743)
  • Thu Apr 14 2005 Jiri Ryska <jryska@redhat.com> - 4.2.0.a.20040617-4.FC3
    • fixed gid setting when ntpd started with -u flag

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

8ffa25a375fde2490f9066094f9b963a SRPMS/ntp-4.2.0.a.20040617-5.FC3.src.rpm
a1df48b304321dcab2d50d1ab7ad490c x86_64/ntp-4.2.0.a.20040617-5.FC3.x86_64.rpm
c90cc76e4a237216e1fa73099a7784f4 x86_64/debug/ntp-debuginfo-4.2.0.a.20040617-5.FC3.x86_64.rpm
19f969758a759187854a4082f939ca09 i386/ntp-4.2.0.a.20040617-5.FC3.i386.rpm
6c0067db4f0f98903d8107dee90f78ce i386/debug/ntp-debuginfo-4.2.0.a.20040617-5.FC3.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.



Fedora Update Notification
FEDORA-2005-815
2005-08-26

Product : Fedora Core 3
Name : lesstif
Version : 0.93.36
Release : 6.FC3.2
Summary : An OSF/Motif(R) clone.

Description :
LessTif is a free replacement for OSF/Motif(R), which provides a full set of widgets for application development (menus, text entry areas, scrolling windows, etc.). LessTif is source compatible with OSF/Motif(R) 1.2. The widget set code is the primary focus of development. If you are installing lesstif, you also need to install lesstif-clients.


  • Fri May 6 2005 Thomas Woerner <twoerner@redhat.com> 0.93-36-6.FC3.2
    • fixed possible libXpm overflows (#151640)
    • allow to write XPM files with absolute path names again (#140815)
  • Fri Nov 26 2004 Thomas Woerner <twoerner@redhat.com> 0.93.36-6.FC3.1
    • fixed CAN-2004-0687 (integer overflows) and CAN-2004-0688 (stack overflows) in embedded Xpm library (#135080)
    • latest Xpm patches: CAN-2004-0914 (#135081)

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

76df08792027e75229e837cffcbb476a SRPMS/lesstif-0.93.36-6.FC3.2.src.rpm
013397612e73b1dc3fa6280a1ca8e599 x86_64/lesstif-0.93.36-6.FC3.2.x86_64.rpm
576eb1fe1829b35b680292d122ec0048 x86_64/lesstif-devel-0.93.36-6.FC3.2.x86_64.rpm
d83b1cedb08ff23388264006f864aa58 x86_64/debug/lesstif-debuginfo-0.93.36-6.FC3.2.x86_64.rpm
daf976dcd539551a9fcd4a6105e3b953 x86_64/lesstif-0.93.36-6.FC3.2.i386.rpm
daf976dcd539551a9fcd4a6105e3b953 i386/lesstif-0.93.36-6.FC3.2.i386.rpm
89f43a0e8fc6c30eecc1db4dcc61236b i386/lesstif-devel-0.93.36-6.FC3.2.i386.rpm
e8dbbcccd334047d50aea2b3e6eaf134 i386/debug/lesstif-debuginfo-0.93.36-6.FC3.2.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.


Gentoo Linux


Gentoo Linux Security Advisory GLSA 200508-18

http://security.gentoo.org/


Severity: High
Title: PhpWiki: Arbitrary command execution through XML-RPC
Date: August 26, 2005
Bugs: #102380
ID: 200508-18


Synopsis

PhpWiki includes PHP XML-RPC code which is vulnerable to arbitrary command execution.

Background

PhpWiki is an application that creates a web site where anyone can edit the pages through HTML forms.

Affected packages


     Package           /   Vulnerable   /                   Unaffected

  1  www-apps/phpwiki      < 1.3.10-r2                    >= 1.3.10-r2

Description

Earlier versions of PhpWiki contain an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags.

Impact

A remote attacker could exploit this vulnerability to inject arbitrary PHP script code into eval() statements by sending a specially crafted XML document to PhpWiki.

Workaround

There is no known workaround at this time.

Resolution

All PhpWiki users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/phpwiki-1.3.10-r2"

References

[ 1 ] CAN-2005-2498

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200508-18.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Mandriva Linux


Mandriva Linux Security Update Advisory


Package name: mozilla-thunderbird
Advisory ID: MDKSA-2005:127-1
Date: August 26th, 2005
Original Advisory Date: July 28th, 2005
Affected versions: 10.2


Problem Description:

A number of vulnerabilities were reported and fixed in Thunderbird 1.0.5 and Mozilla 1.7.9. The following vulnerabilities have been backported and patched for this update:

The native implementations of InstallTrigger and other XPInstallrelated javascript objects did not properly validate that they were called on instances of the correct type. By passing other objects, even raw numbers, the javascript interpreter would jump to the wrong place in memory. Although no proof of concept has been developed we believe this could be exploited (MFSA 2005-40).

moz_bug_r_a4 reported several exploits giving an attacker the ability to install malicious code or steal data, requiring only that the user do commonplace actions like clicking on a link or open the context menu. The common cause in each case was privileged UI code ("chrome") being overly trusting of DOM nodes from the content window. Scripts in the web page can override properties and methods of DOM nodes and shadow the native values, unless steps are taken to get the true underlying values (MFSA 2005-41).

Additional checks were added to make sure Javascript eval and Script objects are run with the privileges of the context that created them, not the potentially elevated privilege of the context calling them in order to protect against an additional variant of MFSA 2005-41 (MFSA 2005-44).

In several places the browser UI did not correctly distinguish between true user events, such as mouse clicks or keystrokes, and synthetic events genenerated by web content. The problems ranged from minor annoyances like switching tabs or entering full-screen mode, to a variant on MFSA 2005-34 Synthetic events are now prevented from reaching the browser UI entirely rather than depend on each potentially spoofed function to protect itself from untrusted events (MFSA 2005-45).

Scripts in XBL controls from web content continued to be run even when Javascript was disabled. By itself this causes no harm, but it could be combined with most script-based exploits to attack people running vulnerable versions who thought disabling javascript would protect them. In the Thunderbird and Mozilla Suite mail clients Javascript is disabled by default for protection against denial-of-service attacks and worms; this vulnerability could be used to bypass that protection (MFSA 2005-46).

When InstallVersion.compareTo() is passed an object rather than a string it assumed the object was another InstallVersion without verifying it. When passed a different kind of object the browser would generally crash with an access violation. shutdown has demonstrated that different javascript objects can be passed on some OS versions to get control over the instruction pointer. We assume this could be developed further to run arbitrary machine code if the attacker can get exploit code loaded at a predictable address (MFSA 2005-50).

A child frame can call top.focus() even if the framing page comes from a different origin and has overridden the focus() routine. The call is made in the context of the child frame. The attacker would look for a target site with a framed page that makes this call but doesn't verify that its parent comes from the same site. The attacker could steal cookies and passwords from the framed page, or take actions on behalf of a signed-in user. This attack would work only against sites that use frames in this manner (MFSA 2005-52).

Parts of the browser UI relied too much on DOM node names without taking different namespaces into account and verifying that nodes really were of the expected type. An XHTML document could be used to create fake <IMG> elements, for example, with content-defined properties that the browser would access as if they were the trusted built-in properties of the expected HTML elements. The severity of the vulnerability would depend on what the attacker could convince the victim to do, but could result in executing user-supplied script with elevated "chrome" privileges. This could be used to install malicious software on the victim's machine (MFSA 2005-55).

Improper cloning of base objects allowed web content scripts to walk up the prototype chain to get to a privileged object. This could be used to execute code with enhanced privileges (MFSA 2005-56).

The updated packages have been patched to address these issue.

Update:

There was a slight regression in the handling of "right-click" menus in the packages previously released that is corrected with this new update.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2270
http://www.mozilla.org/security/announce/mfsa2005-40.html
http://www.mozilla.org/security/announce/mfsa2005-41.html
http://www.mozilla.org/security/announce/mfsa2005-44.html
http://www.mozilla.org/security/announce/mfsa2005-45.html
http://www.mozilla.org/security/announce/mfsa2005-46.html
http://www.mozilla.org/security/announce/mfsa2005-50.html
http://www.mozilla.org/security/announce/mfsa2005-52.html
http://www.mozilla.org/security/announce/mfsa2005-55.html
http://www.mozilla.org/security/announce/mfsa2005-56.html
http://secunia.com/advisories/15549/


Updated Packages:

Mandrakelinux 10.2:
dc5d6c3678f46e575bdc215ac7aa00e3 10.2/RPMS/mozilla-thunderbird-1.0.2-3.1.102mdk.i586.rpm
d3a4170ba3535057621ee85712bacc8d 10.2/RPMS/mozilla-thunderbird-devel-1.0.2-3.1.102mdk.i586.rpm
76b14e777bffb3c9f6bfde915f79a2ad 10.2/RPMS/mozilla-thunderbird-enigmail-1.0.2-3.1.102mdk.i586.rpm
77717fb74315ae1bb54dfea91d053441 10.2/RPMS/mozilla-thunderbird-enigmime-1.0.2-3.1.102mdk.i586.rpm
da50dfbc83a1cb3067479eada1727d4e 10.2/SRPMS/mozilla-thunderbird-1.0.2-3.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
da471fbf66c976861717e0264fc46aaf x86_64/10.2/RPMS/mozilla-thunderbird-1.0.2-3.1.102mdk.x86_64.rpm
6baf58a3cb334c6179f8d47c8255ac43 x86_64/10.2/RPMS/mozilla-thunderbird-devel-1.0.2-3.1.102mdk.x86_64.rpm
b35aaa288786860f96d4beb4b574db63 x86_64/10.2/RPMS/mozilla-thunderbird-enigmail-1.0.2-3.1.102mdk.x86_64.rpm
3728bee246d6e9aad8181e1d7529913d x86_64/10.2/RPMS/mozilla-thunderbird-enigmime-1.0.2-3.1.102mdk.x86_64.rpm
da50dfbc83a1cb3067479eada1727d4e x86_64/10.2/SRPMS/mozilla-thunderbird-1.0.2-3.1.102mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Update Advisory


Package name: lm_sensors
Advisory ID: MDKSA-2005:149
Date: August 25th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0


Problem Description:

Javier Fernandez-Sanguino Pena discovered that the pwmconfig script in the lm_sensors package created temporary files in an insecure manner. This could allow a symlink attack to create or overwrite arbitrary files with full root privileges because pwmconfig is typically executed by root.

The updated packages have been patched to correct this problem by using mktemp to create the temporary files.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2672


Updated Packages:

Mandrakelinux 10.0:
df10273b9fba09f7c5ce627bb5e36ada 10.0/RPMS/liblm_sensors3-2.8.4-2.1.100mdk.i586.rpm
9d7b0eb57123bd343c332f7fce076397 10.0/RPMS/liblm_sensors3-devel-2.8.4-2.1.100mdk.i586.rpm
85abe9679e939b093f1bd7d77e7d7e16 10.0/RPMS/liblm_sensors3-static-devel-2.8.4-2.1.100mdk.i586.rpm
3212cbd6f8123492b47a33c70f28e67c 10.0/RPMS/lm_sensors-2.8.4-2.1.100mdk.i586.rpm
fcc02a355b53b9e922ddb26cefe0753a 10.0/SRPMS/lm_sensors-2.8.4-2.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
ec6a4717784b523a0b3359cda0576765 amd64/10.0/RPMS/lib64lm_sensors3-2.8.4-2.1.100mdk.amd64.rpm
0a72c0a128cacefe91f1f7cc49e5762f amd64/10.0/RPMS/lib64lm_sensors3-devel-2.8.4-2.1.100mdk.amd64.rpm
24db3949ab603bfe06066e95fe332673 amd64/10.0/RPMS/lib64lm_sensors3-static-devel-2.8.4-2.1.100mdk.amd64.rpm
2e514d87df42d4aa351939c4b27e2fe7 amd64/10.0/RPMS/lm_sensors-2.8.4-2.1.100mdk.amd64.rpm
fcc02a355b53b9e922ddb26cefe0753a amd64/10.0/SRPMS/lm_sensors-2.8.4-2.1.100mdk.src.rpm

Mandrakelinux 10.1:
1c851f52f07dd18fd84e4c47102c656f 10.1/RPMS/liblm_sensors3-2.8.7-7.1.101mdk.i586.rpm
6802ce70ffab988d04579d009b78d8a7 10.1/RPMS/liblm_sensors3-devel-2.8.7-7.1.101mdk.i586.rpm
6b59df6a1814d9300b9d590a1ab4008f 10.1/RPMS/liblm_sensors3-static-devel-2.8.7-7.1.101mdk.i586.rpm
4ab2767ada36c3eb47ec7dff9aae28df 10.1/RPMS/lm_sensors-2.8.7-7.1.101mdk.i586.rpm
e978ae8f29f593dbf3dbb59eda006db1 10.1/SRPMS/lm_sensors-2.8.7-7.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
965c42926063cd3abee729f3e3b6b850 x86_64/10.1/RPMS/lib64lm_sensors3-2.8.7-7.1.101mdk.x86_64.rpm
a470b4f7b984c5e17f579abc10edd49f x86_64/10.1/RPMS/lib64lm_sensors3-devel-2.8.7-7.1.101mdk.x86_64.rpm
7612338836b497a6bdd3b638120e67ef x86_64/10.1/RPMS/lib64lm_sensors3-static-devel-2.8.7-7.1.101mdk.x86_64.rpm
1805b24a8c2f2c09b0f19259f3ebcb58 x86_64/10.1/RPMS/lm_sensors-2.8.7-7.1.101mdk.x86_64.rpm
e978ae8f29f593dbf3dbb59eda006db1 x86_64/10.1/SRPMS/lm_sensors-2.8.7-7.1.101mdk.src.rpm

Mandrakelinux 10.2:
bc0221e163fa223e9f7a7e8b101209eb 10.2/RPMS/liblm_sensors3-2.9.0-4.1.102mdk.i586.rpm
90d172096a15727c0e9f55f8f6459d14 10.2/RPMS/liblm_sensors3-devel-2.9.0-4.1.102mdk.i586.rpm
92020d0fafe62fc329dfcc3d1d9ed4e6 10.2/RPMS/liblm_sensors3-static-devel-2.9.0-4.1.102mdk.i586.rpm
7c67db72576b4e623e8c0adf6f3b49aa 10.2/RPMS/lm_sensors-2.9.0-4.1.102mdk.i586.rpm
bf68836cfdf5be70f4fac4e5f928c3ae 10.2/SRPMS/lm_sensors-2.9.0-4.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
0588a52c3be2a4327042f0ef762f2677 x86_64/10.2/RPMS/lib64lm_sensors3-2.9.0-4.1.102mdk.x86_64.rpm
6f101ef435f161d6d2fd2801ea90ade2 x86_64/10.2/RPMS/lib64lm_sensors3-devel-2.9.0-4.1.102mdk.x86_64.rpm
b1d4d08c90db9fb7a5c889a88e855529 x86_64/10.2/RPMS/lib64lm_sensors3-static-devel-2.9.0-4.1.102mdk.x86_64.rpm
6c80fec8081da73a246d02be3b361fd5 x86_64/10.2/RPMS/lm_sensors-2.9.0-4.1.102mdk.x86_64.rpm
bf68836cfdf5be70f4fac4e5f928c3ae x86_64/10.2/SRPMS/lm_sensors-2.9.0-4.1.102mdk.src.rpm

Corporate 3.0:
b992ecee206b158aa13752250f55a239 corporate/3.0/RPMS/liblm_sensors3-2.8.4-2.1.C30mdk.i586.rpm
1422d8d639631c0d82e7ffdaef8ecfb2 corporate/3.0/RPMS/liblm_sensors3-devel-2.8.4-2.1.C30mdk.i586.rpm
0c8f7b0c546748c218b6f96c14747b04 corporate/3.0/RPMS/liblm_sensors3-static-devel-2.8.4-2.1.C30mdk.i586.rpm
900cd7aabecb4af76a1900005f2cc82f corporate/3.0/RPMS/lm_sensors-2.8.4-2.1.C30mdk.i586.rpm
42537c2b258f5d5c859e89554b18e670 corporate/3.0/SRPMS/lm_sensors-2.8.4-2.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
5f2ba067df2ffcea7460ecbbed5b9406 x86_64/corporate/3.0/RPMS/lib64lm_sensors3-2.8.4-2.1.C30mdk.x86_64.rpm
532c570adec5fddf0bc1de218f281113 x86_64/corporate/3.0/RPMS/lib64lm_sensors3-devel-2.8.4-2.1.C30mdk.x86_64.rpm
6ea29988cd83558f4acea49cc3eaa34f x86_64/corporate/3.0/RPMS/lib64lm_sensors3-static-devel-2.8.4-2.1.C30mdk.x86_64.rpm
7a8e60e83b80043606b839119d43d26b x86_64/corporate/3.0/RPMS/lm_sensors-2.8.4-2.1.C30mdk.x86_64.rpm
42537c2b258f5d5c859e89554b18e670 x86_64/corporate/3.0/SRPMS/lm_sensors-2.8.4-2.1.C30mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Update Advisory


Package name: bluez-utils
Advisory ID: MDKSA-2005:150
Date: August 25th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0


Problem Description:

A vulnerability in bluez-utils was discovered by Henryk Plotz. Due to missing input sanitizing, it was possible for an attacker to execute arbitrary commands supplied as a device name from the remote bluetooth device.

The updated packages have been patched to correct this problem.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2547


Updated Packages:

Mandrakelinux 10.0:
a363e2012cbf365604147ea094d48e51 10.0/RPMS/bluez-utils-2.4-4.1.100mdk.i586.rpm
b9836323e7edaefa139dbf803ed5b11a 10.0/SRPMS/bluez-utils-2.4-4.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
0c14d3c62ccbb9c53f88f41129883226 amd64/10.0/RPMS/bluez-utils-2.4-4.1.100mdk.amd64.rpm
b9836323e7edaefa139dbf803ed5b11a amd64/10.0/SRPMS/bluez-utils-2.4-4.1.100mdk.src.rpm

Mandrakelinux 10.1:
ae95bbad5bb67d20a6d209500c729062 10.1/RPMS/bluez-utils-2.10-3.1.101mdk.i586.rpm
15c9d82af6f029699f5f17901277b4f5 10.1/RPMS/bluez-utils-cups-2.10-3.1.101mdk.i586.rpm
e612f6d35745cba68c362003a4c163e4 10.1/SRPMS/bluez-utils-2.10-3.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
c63fc9b66c8a6886602fcc34dcc82f0b x86_64/10.1/RPMS/bluez-utils-2.10-3.1.101mdk.x86_64.rpm
d27d581f66ed0f4d23ad627f836e86f1 x86_64/10.1/RPMS/bluez-utils-cups-2.10-3.1.101mdk.x86_64.rpm
e612f6d35745cba68c362003a4c163e4 x86_64/10.1/SRPMS/bluez-utils-2.10-3.1.101mdk.src.rpm

Mandrakelinux 10.2:
f909df9003986b72b21a95044298ddba 10.2/RPMS/bluez-utils-2.14-1.1.102mdk.i586.rpm
c3a06b22a142cb1a5b3f9d07e7acc65f 10.2/RPMS/bluez-utils-cups-2.14-1.1.102mdk.i586.rpm
c8e48eedc86d6f3dc5e1aa97d4b819fd 10.2/SRPMS/bluez-utils-2.14-1.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
1dccad3836e309b8046d677eccc96cc5 x86_64/10.2/RPMS/bluez-utils-2.14-1.1.102mdk.x86_64.rpm
76ace2f605fccfb1570c3f74d6c1a5ef x86_64/10.2/RPMS/bluez-utils-cups-2.14-1.1.102mdk.x86_64.rpm
c8e48eedc86d6f3dc5e1aa97d4b819fd x86_64/10.2/SRPMS/bluez-utils-2.14-1.1.102mdk.src.rpm

Corporate 3.0:
e9db54c7ed37293e88f9a6a296ef5aa2 corporate/3.0/RPMS/bluez-utils-2.4-4.1.C30mdk.i586.rpm
68ecbc8a999f219d5613b5ddc3aed4df corporate/3.0/SRPMS/bluez-utils-2.4-4.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
6cd0acb52a764d5ed594b616c0947db4 x86_64/corporate/3.0/RPMS/bluez-utils-2.4-4.1.C30mdk.x86_64.rpm
68ecbc8a999f219d5613b5ddc3aed4df x86_64/corporate/3.0/SRPMS/bluez-utils-2.4-4.1.C30mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Update Advisory


Package name: pcre
Advisory ID: MDKSA-2005:151
Date: August 25th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate Server 2.1, Multi Network Firewall 2.0


Problem Description:

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

The updated packages have been patched to correct this problem.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491


Updated Packages:

Mandrakelinux 10.0:
309b57502a08710bc746463e40564c2e 10.0/RPMS/libpcre0-4.5-3.1.100mdk.i586.rpm
a7f390ea8291db6a913db92434ab4fd1 10.0/RPMS/libpcre0-devel-4.5-3.1.100mdk.i586.rpm
e7ad5f3caae546bc9f76d90c53d98131 10.0/RPMS/pcre-4.5-3.1.100mdk.i586.rpm
e832acf199d237eb25869d3e1dd1f3a5 10.0/SRPMS/pcre-4.5-3.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
5ec78978882ae59e235036f463caf728 amd64/10.0/RPMS/lib64pcre0-4.5-3.1.100mdk.amd64.rpm
c1ea77b8c96a64de277200642c0f39c4 amd64/10.0/RPMS/lib64pcre0-devel-4.5-3.1.100mdk.amd64.rpm
459960f18b926090eccfbae6faa0c84f amd64/10.0/RPMS/pcre-4.5-3.1.100mdk.amd64.rpm
e832acf199d237eb25869d3e1dd1f3a5 amd64/10.0/SRPMS/pcre-4.5-3.1.100mdk.src.rpm

Mandrakelinux 10.1:
5fb1ddf8ac2ed8bb2268bf3e18b64529 10.1/RPMS/libpcre0-4.5-5.1.101mdk.i586.rpm
819b1b79f017971f145b8c12b78cc593 10.1/RPMS/libpcre0-devel-4.5-5.1.101mdk.i586.rpm
acb97853ce1673ad72027ff5057428c0 10.1/RPMS/pcre-4.5-5.1.101mdk.i586.rpm
f4a2d968098de33876cc7ad022f4e751 10.1/SRPMS/pcre-4.5-5.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
03249093a10cb990ec3cc5a362924841 x86_64/10.1/RPMS/lib64pcre0-4.5-5.1.101mdk.x86_64.rpm
f74eadbea48228c62d1093622c6e9bb9 x86_64/10.1/RPMS/lib64pcre0-devel-4.5-5.1.101mdk.x86_64.rpm
1a0c903d0391d7f935786a84d2fa66eb x86_64/10.1/RPMS/pcre-4.5-5.1.101mdk.x86_64.rpm
f4a2d968098de33876cc7ad022f4e751 x86_64/10.1/SRPMS/pcre-4.5-5.1.101mdk.src.rpm

Mandrakelinux 10.2:
4b3dcaf88712905c07eb9d1eea48f426 10.2/RPMS/libpcre0-5.0-2.1.102mdk.i586.rpm
93f5253396e53c95b5aebb79a290957c 10.2/RPMS/libpcre0-devel-5.0-2.1.102mdk.i586.rpm
c42b2c321aacd8fc36aaed195aaed054 10.2/RPMS/pcre-5.0-2.1.102mdk.i586.rpm
c9bd1f6fd2816a6ff02c08533faa700a 10.2/SRPMS/pcre-5.0-2.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
9c16f12aec35bc1d32932ecf478e0672 x86_64/10.2/RPMS/lib64pcre0-5.0-2.1.102mdk.x86_64.rpm
93ff357fa977d8a26ac5a4a0ef2b6400 x86_64/10.2/RPMS/lib64pcre0-devel-5.0-2.1.102mdk.x86_64.rpm
a2ceb2799814de8984ca6707b497fce5 x86_64/10.2/RPMS/pcre-5.0-2.1.102mdk.x86_64.rpm
c9bd1f6fd2816a6ff02c08533faa700a x86_64/10.2/SRPMS/pcre-5.0-2.1.102mdk.src.rpm

Multi Network Firewall 2.0:
39a7d2f6d40af5ca22b7a78607b3217f mnf/2.0/RPMS/libpcre0-4.5-3.1.M20mdk.i586.rpm
de30c5803f323b1b124234c21f125b25 mnf/2.0/RPMS/pcre-4.5-3.1.M20mdk.i586.rpm
6c8e57198db4380e69017f8299ff40e5 mnf/2.0/SRPMS/pcre-4.5-3.1.M20mdk.src.rpm

Corporate Server 2.1:
de01932f1bb779c78999762bb5057653 corporate/2.1/RPMS/libpcre0-3.9-5.1.C21mdk.i586.rpm
2a7c71195755079fe3eee0fda834a7d9 corporate/2.1/RPMS/libpcre0-devel-3.9-5.1.C21mdk.i586.rpm
aae9df225a2bdafa9f60feeb397f5796 corporate/2.1/RPMS/pcre-3.9-5.1.C21mdk.i586.rpm
16ff4bcf36bba60143ac847e0ce91cb0 corporate/2.1/SRPMS/pcre-3.9-5.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
d310322b1038159b0270ae62140e8b4c x86_64/corporate/2.1/RPMS/libpcre0-3.9-5.1.C21mdk.x86_64.rpm
7977cc9ab34756f1653e96e996abdfb4 x86_64/corporate/2.1/RPMS/libpcre0-devel-3.9-5.1.C21mdk.x86_64.rpm
aad833aca80deac98d7157de58a9ef68 x86_64/corporate/2.1/RPMS/pcre-3.9-5.1.C21mdk.x86_64.rpm
16ff4bcf36bba60143ac847e0ce91cb0 x86_64/corporate/2.1/SRPMS/pcre-3.9-5.1.C21mdk.src.rpm

Corporate 3.0:
18dd263d0c809022c870a29899eeb8b3 corporate/3.0/RPMS/libpcre0-4.5-3.2.C30mdk.i586.rpm
674b5bba9b87dc2ed6e6fafe9c53abfc corporate/3.0/RPMS/libpcre0-devel-4.5-3.2.C30mdk.i586.rpm
d5df129d1e9d7800e1b9a97cccb96217 corporate/3.0/RPMS/pcre-4.5-3.2.C30mdk.i586.rpm
e9f3f1d4a19b0396481871aa0c398c16 corporate/3.0/SRPMS/pcre-4.5-3.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
a5a97684dac58a4bce9748039c961278 x86_64/corporate/3.0/RPMS/lib64pcre0-4.5-3.2.C30mdk.x86_64.rpm
d1dcd3f60940c3165d42b79c631b558d x86_64/corporate/3.0/RPMS/lib64pcre0-devel-4.5-3.2.C30mdk.x86_64.rpm
bc0dae706980d75df70c6080cb1968a4 x86_64/corporate/3.0/RPMS/pcre-4.5-3.2.C30mdk.x86_64.rpm
e9f3f1d4a19b0396481871aa0c398c16 x86_64/corporate/3.0/SRPMS/pcre-4.5-3.2.C30mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Update Advisory


Package name: php
Advisory ID: MDKSA-2005:152
Date: August 25th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate Server 2.1, Multi Network Firewall 2.0


Problem Description:

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

The php packages, as shipped, were built using a private copy of pcre.

The updated packages have been rebuilt against the system pcre libs to correct this problem.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491


Updated Packages:

Mandrakelinux 10.0:
eb0e368698b2fda5305b91ab1db8454b 10.0/RPMS/libphp_common432-4.3.4-4.6.100mdk.i586.rpm
1816cfcc76d579e46733d572b9419fce 10.0/RPMS/php-cgi-4.3.4-4.6.100mdk.i586.rpm
44eccf95b5ea20a7980bc57193fd4207 10.0/RPMS/php-cli-4.3.4-4.6.100mdk.i586.rpm
a69cc3baef9baa683242e30f6011f8e2 10.0/RPMS/php432-devel-4.3.4-4.6.100mdk.i586.rpm
a0a2f9a9e8241a515cf2b548beae4cb7 10.0/SRPMS/php-4.3.4-4.6.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
fd1a6e1293506461a19e5cc80d90eecb amd64/10.0/RPMS/lib64php_common432-4.3.4-4.6.100mdk.amd64.rpm
f9374c5b4339d568fe6e05bfb17b81f7 amd64/10.0/RPMS/php-cgi-4.3.4-4.6.100mdk.amd64.rpm
0f811ea9666a35feaeb3176bef2145e4 amd64/10.0/RPMS/php-cli-4.3.4-4.6.100mdk.amd64.rpm
5cc1e89e7e2d2474d4249713855ab1b1 amd64/10.0/RPMS/php432-devel-4.3.4-4.6.100mdk.amd64.rpm
a0a2f9a9e8241a515cf2b548beae4cb7 amd64/10.0/SRPMS/php-4.3.4-4.6.100mdk.src.rpm

Mandrakelinux 10.1:
696d96819a573db2fc9ef77018a1cd5a 10.1/RPMS/libphp_common432-4.3.8-3.4.101mdk.i586.rpm
cd75f36ce70b59b1e7d89ec17e939c01 10.1/RPMS/php-cgi-4.3.8-3.4.101mdk.i586.rpm
190fb5d7390f421ab639f086b0d4b830 10.1/RPMS/php-cli-4.3.8-3.4.101mdk.i586.rpm
92d72f61dba2582098b490790d1dd759 10.1/RPMS/php432-devel-4.3.8-3.4.101mdk.i586.rpm
7c1fd0570af6566a47ef240e072757e3 10.1/SRPMS/php-4.3.8-3.4.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
497261e30c8f34eeb074273dff2e51cd x86_64/10.1/RPMS/lib64php_common432-4.3.8-3.4.101mdk.x86_64.rpm
08f0ba426c68ae93549dc9617aec9fa7 x86_64/10.1/RPMS/php-cgi-4.3.8-3.4.101mdk.x86_64.rpm
beb9dfc3eabafd3491f3996f339b89a7 x86_64/10.1/RPMS/php-cli-4.3.8-3.4.101mdk.x86_64.rpm
3b9dfd200b756098165f7df0381e4fbd x86_64/10.1/RPMS/php432-devel-4.3.8-3.4.101mdk.x86_64.rpm
7c1fd0570af6566a47ef240e072757e3 x86_64/10.1/SRPMS/php-4.3.8-3.4.101mdk.src.rpm

Mandrakelinux 10.2:
586822538c1277d23958c0ccc7ca5f5b 10.2/RPMS/libphp_common432-4.3.10-7.2.102mdk.i586.rpm
eda7407c1646e614949886cc0779c317 10.2/RPMS/php-cgi-4.3.10-7.2.102mdk.i586.rpm
cc5883ec909c52dd3c8eafd069bfefad 10.2/RPMS/php-cli-4.3.10-7.2.102mdk.i586.rpm
7ba1ae1b35dcae80c87e934f7942ba4b 10.2/RPMS/php432-devel-4.3.10-7.2.102mdk.i586.rpm
8e6141b81f2a0852338915b5b5f78f43 10.2/SRPMS/php-4.3.10-7.2.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
df8091c501dc846ee06d91843bb5bb01 x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.2.102mdk.x86_64.rpm
d6ed3306dbdf94e2d9a9331e787082c6 x86_64/10.2/RPMS/php-cgi-4.3.10-7.2.102mdk.x86_64.rpm
9fae82418ec0cb926515a401563cd6f6 x86_64/10.2/RPMS/php-cli-4.3.10-7.2.102mdk.x86_64.rpm
0a966fc75dfeba6697907a9d85365521 x86_64/10.2/RPMS/php432-devel-4.3.10-7.2.102mdk.x86_64.rpm
8e6141b81f2a0852338915b5b5f78f43 x86_64/10.2/SRPMS/php-4.3.10-7.2.102mdk.src.rpm

Multi Network Firewall 2.0:
9512ea70132f3edb788c48a4d3ac7e34 mnf/2.0/RPMS/libphp_common432-4.3.4-4.6.M20mdk.i586.rpm
5df5f70c8470ece4238d11f0cb213fb0 mnf/2.0/RPMS/php-cgi-4.3.4-4.6.M20mdk.i586.rpm
c1c3eae72209c6742cbaa204fe1174d4 mnf/2.0/SRPMS/php-4.3.4-4.6.M20mdk.src.rpm

Corporate Server 2.1:
20e4fe9664591d97bd7e87bce7abf8a1 corporate/2.1/RPMS/php-4.2.3-4.5.C21mdk.i586.rpm
b5c53e71a69a7d8812bb2871cef26aaf corporate/2.1/RPMS/php-common-4.2.3-4.5.C21mdk.i586.rpm
483f7f2db9ec6d49e29ba7c4488996ee corporate/2.1/RPMS/php-devel-4.2.3-4.5.C21mdk.i586.rpm
1b3cbc4961e4ef50c6304d6a8f03cd0a corporate/2.1/RPMS/php-pear-4.2.3-4.5.C21mdk.i586.rpm
0b15baacbb3243b46143fd041a8dd8f4 corporate/2.1/SRPMS/php-4.2.3-4.5.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
734b15eebd17d63cef3e3a7f042c9fb1 x86_64/corporate/2.1/RPMS/php-4.2.3-4.5.C21mdk.x86_64.rpm
d3c6941f8c98f4e868e5b9b2366e8886 x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.5.C21mdk.x86_64.rpm
8eed243db07e3b87186598d050dcee8b x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.5.C21mdk.x86_64.rpm
839e1b9811714d35ce87b6d7bdd4a326 x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.5.C21mdk.x86_64.rpm
0b15baacbb3243b46143fd041a8dd8f4 x86_64/corporate/2.1/SRPMS/php-4.2.3-4.5.C21mdk.src.rpm

Corporate 3.0:
0058c2f1310f1d9d96699565d285a9f2 corporate/3.0/RPMS/libphp_common432-4.3.4-4.6.C30mdk.i586.rpm
6d8a5bad11aa6891a21ed9ad3da4dc45 corporate/3.0/RPMS/php-cgi-4.3.4-4.6.C30mdk.i586.rpm
12c74a0af4df6572420c5ba18881cc3c corporate/3.0/RPMS/php-cli-4.3.4-4.6.C30mdk.i586.rpm
e1e8b213071496d8bcd20d8c54288b4a corporate/3.0/RPMS/php432-devel-4.3.4-4.6.C30mdk.i586.rpm
d29855cc6df3d29b38eba206acf7c1d2 corporate/3.0/SRPMS/php-4.3.4-4.6.C30mdk.src.rpm

Corporate 3.0/X86_64:
de5bbf1a212dda1610ba9cb39429ee03 x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.6.C30mdk.x86_64.rpm
bb62cee7751251be364cb9a42467066b x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.6.C30mdk.x86_64.rpm
28a83cd6fdf175ea0e7f0907b708acd4 x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.6.C30mdk.x86_64.rpm
91d3df83d21e58d339ac5f84e97b7386 x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.6.C30mdk.x86_64.rpm
d29855cc6df3d29b38eba206acf7c1d2 x86_64/corporate/3.0/SRPMS/php-4.3.4-4.6.C30mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Update Advisory


Package name: gnumeric
Advisory ID: MDKSA-2005:153
Date: August 26th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0


Problem Description:

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

The gnumeric packages use a private copy of pcre code.

The updated packages have been patched to correct this problem.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491


Updated Packages:

Mandrakelinux 10.1:
0886c3abe93a6f99e9c388a2057678e2 10.1/RPMS/gnumeric-1.2.13-3.1.101mdk.i586.rpm
1f4b803c3a19763710cfb56b141fe4d2 10.1/SRPMS/gnumeric-1.2.13-3.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
e6371dd0e84c22a47d2be3146f6efe1e x86_64/10.1/RPMS/gnumeric-1.2.13-3.1.101mdk.x86_64.rpm
1f4b803c3a19763710cfb56b141fe4d2 x86_64/10.1/SRPMS/gnumeric-1.2.13-3.1.101mdk.src.rpm

Mandrakelinux 10.2:
9ce2fee0efdaac36d6f84374da737f61 10.2/RPMS/gnumeric-1.4.2-1.1.102mdk.i586.rpm
de0c185642dea43227c2bd8d04b05c19 10.2/SRPMS/gnumeric-1.4.2-1.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
ebf2b9f3573524f8a956f6697f08efc9 x86_64/10.2/RPMS/gnumeric-1.4.2-1.1.102mdk.x86_64.rpm
de0c185642dea43227c2bd8d04b05c19 x86_64/10.2/SRPMS/gnumeric-1.4.2-1.1.102mdk.src.rpm

Corporate 3.0:
3510cf943ed010540a3659d23627f912 corporate/3.0/RPMS/gnumeric-1.2.6-1.1.C30mdk.i586.rpm
b296c5410c6bc28c2e5774d5024d3e43 corporate/3.0/SRPMS/gnumeric-1.2.6-1.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
58aedcd44337210db29fa0ee7123f7e0 x86_64/corporate/3.0/RPMS/gnumeric-1.2.6-1.1.C30mdk.x86_64.rpm
b296c5410c6bc28c2e5774d5024d3e43 x86_64/corporate/3.0/SRPMS/gnumeric-1.2.6-1.1.C30mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Update Advisory


Package name: python
Advisory ID: MDKSA-2005:154
Date: August 26th, 2005
Affected versions: 10.0, 10.1, Corporate 3.0, Corporate Server 2.1, Multi Network Firewall 2.0


Problem Description:

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

The python packages use a private copy of pcre code.

The updated packages have been patched to correct this problem.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491


Updated Packages:

Mandrakelinux 10.0:
5254d6dd2c29d04b93742943d850d5a6 10.0/RPMS/libpython2.3-2.3.3-2.2.100mdk.i586.rpm
01e76259abbca381185552182c755ebc 10.0/RPMS/libpython2.3-devel-2.3.3-2.2.100mdk.i586.rpm
4c0842a0ae3c0d00af9f238aba27b2c6 10.0/RPMS/python-2.3.3-2.2.100mdk.i586.rpm
fb6a33cc69d04f8edd53ce8026fa1a11 10.0/RPMS/python-base-2.3.3-2.2.100mdk.i586.rpm
4775225e6c25405c162599ff27391d35 10.0/RPMS/python-docs-2.3.3-2.2.100mdk.i586.rpm
82530135e527cd8ac99193368a81c3fb 10.0/RPMS/xchat-python-2.0.7-6.1.100mdk.i586.rpm
917165c654a81f44cc974b0f6adeba35 10.0/RPMS/tkinter-2.3.3-2.2.100mdk.i586.rpm
06ab77bf8c3a95864d73018485f7a22a 10.0/SRPMS/python-2.3.3-2.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
36deaedf901b5c30f68ba81aef492728 amd64/10.0/RPMS/lib64python2.3-2.3.3-2.2.100mdk.amd64.rpm
4be95cd1143d2f255b334b43e410e98b amd64/10.0/RPMS/lib64python2.3-devel-2.3.3-2.2.100mdk.amd64.rpm
385fbba2bdf856e2acbb186a6977f6f0 amd64/10.0/RPMS/python-2.3.3-2.2.100mdk.amd64.rpm
bba1e1f45eaa5d557be977fdec1ef752 amd64/10.0/RPMS/python-base-2.3.3-2.2.100mdk.amd64.rpm
6f9b5d5076ba084325a108df2dd3523f amd64/10.0/RPMS/python-docs-2.3.3-2.2.100mdk.amd64.rpm
0466472b41b2fd02802bfc5a3fe5b7a9 amd64/10.0/RPMS/tkinter-2.3.3-2.2.100mdk.amd64.rpm
06ab77bf8c3a95864d73018485f7a22a amd64/10.0/SRPMS/python-2.3.3-2.2.100mdk.src.rpm

Mandrakelinux 10.1:
0c2619eb2e9864ef420ec89ae78dba12 10.1/RPMS/libpython2.3-2.3.4-6.2.101mdk.i586.rpm
ed9f6fee4ec8ab8d8e2388f9c92f66ef 10.1/RPMS/libpython2.3-devel-2.3.4-6.2.101mdk.i586.rpm
e71c5ad5f0718e61c81a93c98667deaf 10.1/RPMS/python-2.3.4-6.2.101mdk.i586.rpm
4e8831f2dab035e3c67afc53f702108f 10.1/RPMS/python-base-2.3.4-6.2.101mdk.i586.rpm
7a4822ce3f46a48ead29363f23adfcd5 10.1/RPMS/python-docs-2.3.4-6.2.101mdk.i586.rpm
6b15b0c9b116db6b38623cb15f868fe6 10.1/RPMS/tkinter-2.3.4-6.2.101mdk.i586.rpm
b965827276d1efd49fc403dda0df33e8 10.1/SRPMS/python-2.3.4-6.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
a19885472aaa03aad5c3dac1b8d668b4 x86_64/10.1/RPMS/lib64python2.3-2.3.4-6.2.101mdk.x86_64.rpm
79e3aaa88ec98d9007d20c37cee2cccd x86_64/10.1/RPMS/lib64python2.3-devel-2.3.4-6.2.101mdk.x86_64.rpm
2a3eee71bcd5b63fa1cc39775e3d514d x86_64/10.1/RPMS/python-2.3.4-6.2.101mdk.x86_64.rpm
318cec7614713c4410393ec50425bebb x86_64/10.1/RPMS/python-base-2.3.4-6.2.101mdk.x86_64.rpm
494b1c0a96a211dacfd4f75f803014ae x86_64/10.1/RPMS/python-docs-2.3.4-6.2.101mdk.x86_64.rpm
08bfe8c623d71cb66a5d84f5579eeac5 x86_64/10.1/RPMS/tkinter-2.3.4-6.2.101mdk.x86_64.rpm
b965827276d1efd49fc403dda0df33e8 x86_64/10.1/SRPMS/python-2.3.4-6.2.101mdk.src.rpm

Multi Network Firewall 2.0:
12396f1a0b719b02e058926dee6a62c8 mnf/2.0/RPMS/libpython2.3-2.3.3-2.2.M20mdk.i586.rpm
646799aea341177d9118e55254c2508f mnf/2.0/RPMS/python-2.3.3-2.2.M20mdk.i586.rpm
c031bc315c2a580557c5ef970cb9ff42 mnf/2.0/RPMS/python-base-2.3.3-2.2.M20mdk.i586.rpm
788f1f58cb6efbd1d44fb13df757587f mnf/2.0/SRPMS/python-2.3.3-2.2.M20mdk.src.rpm

Corporate Server 2.1:
5a0c02b33df517b05732d15e52674218 corporate/2.1/RPMS/libpython2.2-2.2.1-14.6.C21mdk.i586.rpm
d4b45fdea45bcb3997cc33464411c0c5 corporate/2.1/RPMS/libpython2.2-devel-2.2.1-14.6.C21mdk.i586.rpm
dfcd6f26c5d4a2fa9863ff385db02add corporate/2.1/RPMS/python-2.2.1-14.6.C21mdk.i586.rpm
b4f8157fd19d0d1a815dda9e46a51cbe corporate/2.1/RPMS/python-base-2.2.1-14.6.C21mdk.i586.rpm
9ae1eabfc50a8e142e4f8c71a4942650 corporate/2.1/RPMS/python-docs-2.2.1-14.6.C21mdk.i586.rpm
fb5201c0f5a7d0c961699c8a11b678a8 corporate/2.1/RPMS/tkinter-2.2.1-14.6.C21mdk.i586.rpm
4278bc8a7bccc81af2e2a5d3f2ceef75 corporate/2.1/SRPMS/python-2.2.1-14.6.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
0637dd1d56b1325764fb76e7971cb8b8 x86_64/corporate/2.1/RPMS/libpython2.2-2.2.1-14.6.C21mdk.x86_64.rpm
4d58b57f2084fe45e8eb5f94165b1560 x86_64/corporate/2.1/RPMS/libpython2.2-devel-2.2.1-14.6.C21mdk.x86_64.rpm
efb6243e3d36f7efbb49d9aba35da8a7 x86_64/corporate/2.1/RPMS/python-2.2.1-14.6.C21mdk.x86_64.rpm
cf919649caf1ff241ad7b5bfe1723fcd x86_64/corporate/2.1/RPMS/python-base-2.2.1-14.6.C21mdk.x86_64.rpm
349e2813c1646a5b912d15ba9b9a6f9e x86_64/corporate/2.1/RPMS/python-docs-2.2.1-14.6.C21mdk.x86_64.rpm
87bb6b2752730ccc16d4f618a8b629e1 x86_64/corporate/2.1/RPMS/tkinter-2.2.1-14.6.C21mdk.x86_64.rpm
4278bc8a7bccc81af2e2a5d3f2ceef75 x86_64/corporate/2.1/SRPMS/python-2.2.1-14.6.C21mdk.src.rpm

Corporate 3.0:
c1f03087db68fdd46699568578f679e3 corporate/3.0/RPMS/libpython2.3-2.3.3-2.2.C30mdk.i586.rpm
d9944ec5da6e803e7196fa4ec06506c1 corporate/3.0/RPMS/libpython2.3-devel-2.3.3-2.2.C30mdk.