Linux Today - Advisories: September 6, 2005

search.internet.com

Become a Marketplace Partner

internet.commerce

Be a Commerce Partner

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices

Technology Jobs

LinuxToday Newsletters

Subscribe News
Subscribe PR
Subscribe Security

internet.com

IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Current Newswire:

Novell Mono project bringing Silverlight to Apple iPhone

Build Your Own Video Community With Lighttpd And FlowPlayer (Ubuntu 9.10)

Will The Linux Desktop Soon Be Irrelevant?

Ruby 1.9.2 expected in August

Linux: A Platform for the Cloud

Get to Know MySQL Workbench

More than 100 candidates to Italian regional elections support Free Software

SECURITY: Thunderbird Secure Connections Using Postfix

IO Profiling of Applications: MPI Apps

Intel fields six-core embedded CPUs

Service Release Technical Architect Sr (PA)
Next Step Systems
US-PA-Philadelphia

Post A Job | Post A Resume

:Advisories: September 6, 2005

Advisories: September 6, 2005
Sep 7, 2005, 05 :30 UTC (0 Talkback[s]) (3370 reads)

Debian GNU/Linux

Debian Security Advisory DSA 795-2 security@debian.org
http://www.debian.org/security/ Michael Stone
September 2, 2005 http://www.debian.org/security/faq

Package : proftpd
Vulnerability : potential code execution
Problem-Type : format string error
Debian-specific: no
CVE ID : CAN-2005-2390

infamous42md reported that proftpd suffers from two format string vulnerabilities. In the first, a user with the ability to create a directory could trigger the format string error if there is a proftpd shutdown message configured to use the "%C", "%R", or "%U" variables. In the second, the error is triggered if mod_sql is used to retrieve messages from a database and if format strings have been inserted into the database by a user with permission to do so.

There was a build error for the sarge i386 proftpd packages released in DSA 795-1. A new build, 1.2.10-15sarge1.0.1, has been prepared to correct this error. The packages for other architectures are unaffected.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1.0.1_i386.deb
      Size/MD5 checksum: 371596 bd3d82221561e281e11d4583ce384b4f
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1.0.1_i386.deb
      Size/MD5 checksum: 189462 05f1c13c671f2576e119bfc316d01814
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1.0.1_i386.deb
      Size/MD5 checksum: 381726 b2d469c77fed2de5d35c325226556b02
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1.0.1_i386.deb
      Size/MD5 checksum: 397092 ef73f4b69701c8e88454f56887ed5b35
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1.0.1_i386.deb
      Size/MD5 checksum: 396948 42aaaeb976a9395550efc9667aa4ff31

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 801-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 5th, 2005 http://www.debian.org/security/faq

Package : ntp
Vulnerability : programming error
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-2496

SuSE developers discovered that ntp confuses the given group id with the group id of the given user when called with a group id on the commandline that is specified as a string and not as a numeric gid, which causes ntpd to run with different privileges than intended.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in version 4.2.0a+stable-2sarge1.

The unstable distribution (sid) is not affected by this problem.

We recommend that you upgrade your ntp-server package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1.dsc
      Size/MD5 checksum: 854 073a5db4d10747c018badaf285c8d673
    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1.diff.gz
      Size/MD5 checksum: 227920 18441676d886725e9772f50d6d66ed73
    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable.orig.tar.gz
      Size/MD5 checksum: 2272395 30f8b3d5b970c14dce5c6d8c922afa3e

Architecture independent components:

http://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.0a+stable-2sarge1_all.deb
Size/MD5 checksum: 888700 65e345e5a4c5671c35c35c2321a57929

Alpha architecture:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_alpha.deb
      Size/MD5 checksum: 281984 8018bab983d1b1273d80f13c98ab043e
    http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_alpha.deb
      Size/MD5 checksum: 268648 6a928c73d9a35e5d46be564919bfc5b3
    http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_alpha.deb
      Size/MD5 checksum: 33048 1206c292d2aea812ab31bc6c82747a83
    http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_alpha.deb
      Size/MD5 checksum: 157866 8129080e8d5a3efeeb35639a016455cc
    http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_alpha.deb
      Size/MD5 checksum: 48592 05084385b3fc719fc86ad052fa03417d

AMD64 architecture:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_amd64.deb
      Size/MD5 checksum: 264728 7fcf78a01ddc8e476057626abec86301
    http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_amd64.deb
      Size/MD5 checksum: 214096 e50b5a1b4dc57d8717fff35a3e482e11
    http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_amd64.deb
      Size/MD5 checksum: 31970 0251dd0e396376bf7eddaab24011dba8
    http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_amd64.deb
      Size/MD5 checksum: 129240 1c87bef079e38724a2c842001ba27444
    http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_amd64.deb
      Size/MD5 checksum: 44064 75f22981803941881927a8d5c81e95ef

ARM architecture:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_arm.deb
      Size/MD5 checksum: 257214 619dabee145fcc286294846d69d7d90c
    http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_arm.deb
      Size/MD5 checksum: 209646 1e134996fc09d8d0c93a7bfb4414c95a
    http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_arm.deb
      Size/MD5 checksum: 31368 3fe285ab9de86209226659ee91e07784
    http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_arm.deb
      Size/MD5 checksum: 127812 d0a44d77818399c1dbffba95a0d2bb71
    http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_arm.deb
      Size/MD5 checksum: 42664 6e4e47990a6d0c296fee757c6f4f0d43

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_i386.deb
      Size/MD5 checksum: 255444 03cc653031d7be7ff023b66a59bc681e
    http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_i386.deb
      Size/MD5 checksum: 200168 7a5bc9c7071e9b4c48573aa0e1334013
    http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_i386.deb
      Size/MD5 checksum: 31284 82c3f7be081c0c49f7447c0a2bffe007
    http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_i386.deb
      Size/MD5 checksum: 120276 e01e8f15ee6b755a71bc80662a9db60e
    http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_i386.deb
      Size/MD5 checksum: 41574 82575f5fbb7a6bf7d5b98ec9ea0cdfc8

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_ia64.deb
      Size/MD5 checksum: 302788 e9c9691a2effcb54e19e36637b8f4510
    http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_ia64.deb
      Size/MD5 checksum: 312428 82bbe1fcbfb03f64158b074116440c59
    http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_ia64.deb
      Size/MD5 checksum: 35044 b9100c5ee1d7bb7feeb42a931078cdd5
    http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_ia64.deb
      Size/MD5 checksum: 179862 dce97a989ead971d6a2a92914cc27b4c
    http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_ia64.deb
      Size/MD5 checksum: 54388 c368e58b9ab51c7ee284962fb87df75f

HP Precision architecture:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_hppa.deb
      Size/MD5 checksum: 268198 2fd7862ec6edb2fc494da2ddad4a04fd
    http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_hppa.deb
      Size/MD5 checksum: 223882 45e64eae438e54010678c4238561bbe7
    http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_hppa.deb
      Size/MD5 checksum: 32602 78cf25bd39bc1d32c7fe0717b85ebc0b
    http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_hppa.deb
      Size/MD5 checksum: 132252 2a38c59d881fede586fe0a1188f68cb6
    http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_hppa.deb
      Size/MD5 checksum: 45084 6b16a8e6dd8a4e734c5c78a48a661d53

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_m68k.deb
      Size/MD5 checksum: 245984 0fd8a681ade16a07b93871b9f274c833
    http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_m68k.deb
      Size/MD5 checksum: 176774 0b0f69e0c66d6f884471d3f75ca97e7b
    http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_m68k.deb
      Size/MD5 checksum: 30962 370a2555328ef924fd184e705f481fbb
    http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_m68k.deb
      Size/MD5 checksum: 108038 f40c34ae5aa890b32ba3ad7ae9d2ebcf
    http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_m68k.deb
      Size/MD5 checksum: 39940 52edbfdbe569a155f849e9cb1f171955

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_mips.deb
      Size/MD5 checksum: 268154 9135d6701c0ab87d77a73cc9850a0726
    http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_mips.deb
      Size/MD5 checksum: 233488 56e93ee7ecba66b6ebca7310cd564faa
    http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_mips.deb
      Size/MD5 checksum: 33926 fd4e4f7c6abd5ae4d106eb193944f616
    http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_mips.deb
      Size/MD5 checksum: 138146 0e816e27f765f9a046127f4bb7163819
    http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_mips.deb
      Size/MD5 checksum: 46228 acb472598aa68bcc2e02f7fa76c39519

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_mipsel.deb
      Size/MD5 checksum: 270556 83a5301cef400a1c60ebab2a39907436
    http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_mipsel.deb
      Size/MD5 checksum: 242944 a6550d4d21423deecafbc8e5c24830b1
    http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_mipsel.deb
      Size/MD5 checksum: 33942 c2660bf5737ede43d3857a09ae83462d
    http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_mipsel.deb
      Size/MD5 checksum: 146338 669c97272299c5d6f79cf0cec161a270
    http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_mipsel.deb
      Size/MD5 checksum: 46606 766f54b333ecafbce9f935c3013aa273

PowerPC architecture:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_powerpc.deb
      Size/MD5 checksum: 266082 4b95908ba945a5981de225e7f08a08cf
    http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_powerpc.deb
      Size/MD5 checksum: 213172 40f7b322d123d4a0c07b0a72c88ea316
    http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_powerpc.deb
      Size/MD5 checksum: 31914 41f2214cbba83c953645d828cb08163c
    http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_powerpc.deb
      Size/MD5 checksum: 129092 f278da81542a03b383117acdbc223045
    http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_powerpc.deb
      Size/MD5 checksum: 43684 67e6a656ad5786b54f5924b4d33f7da3

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_s390.deb
      Size/MD5 checksum: 262906 a5dba3ef8693a44ca7e53c750a7b602c
    http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_s390.deb
      Size/MD5 checksum: 209214 521113f21da1b4b125806dc673c13a41
    http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_s390.deb
      Size/MD5 checksum: 31812 f115ec3f6c74b884c2e8d6ed46c362e8
    http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_s390.deb
      Size/MD5 checksum: 126366 2bea02161d8fe272b63e9ea73afd2634
    http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_s390.deb
      Size/MD5 checksum: 44204 b6c1d457ee2938707cc601ee533d4103

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_sparc.deb
      Size/MD5 checksum: 255138 2fa91e71128b89183d52bda74f4e6329
    http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_sparc.deb
      Size/MD5 checksum: 201106 945e6362db7bca49daa7f1ae91637b60
    http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_sparc.deb
      Size/MD5 checksum: 31398 578d29c5f031717a9a5cd7c5afa6f756
    http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_sparc.deb
      Size/MD5 checksum: 120274 9cabce720603c3b96b168df882bb3230
    http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_sparc.deb
      Size/MD5 checksum: 42486 75b2d4cc418c402819f29249b329fcb0

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Fedora Core

Fedora Update Notification
FEDORA-2005-841
2005-09-06

Product : Fedora Core 3
Name : perl-DBI
Version : 1.40
Release : 6.fc3
Summary : A database access API for Perl.

Description :
DBI is a database access Application Programming Interface (API) for the Perl programming language. The DBI API specification defines a set of functions, variables and conventions that provide a consistent database interface independent of the actual database being used.

Update Information:

Old and low priority security update that we forgot to push a while ago.

Mon Jan 24 2005 Chip Turner <cturner@redhat.com> - 1.40-7
- remove .orig left by patches
Mon Jan 24 2005 Chip Turner <cturner@redhat.com> 1.40-7
- bugzilla: 145577, fix tempfile vulnerability

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

eb26057adb4896dd345f8c6250c577a4 SRPMS/perl-DBI-1.40-6.fc3.src.rpm
17013d4820bece20e5415d9fce185194 x86_64/perl-DBI-1.40-6.fc3.x86_64.rpm
0242e76191bc1b8faa146d117cbe6283 x86_64/debug/perl-DBI-debuginfo-1.40-6.fc3.x86_64.rpm
9c2c769283f9e6469dea3328ab1bcd56 i386/perl-DBI-1.40-6.fc3.i386.rpm
c33e9fe31e20a520638869692b518381 i386/debug/perl-DBI-debuginfo-1.40-6.fc3.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

Fedora Update Notification
FEDORA-2005-851
2005-09-06

Product : Fedora Core 4
Name : squid
Version : 2.5.STABLE9
Release : 8
Summary : The Squid proxy caching server.

Description :
Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests.

Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools.

Tue Sep 6 2005 Martin Stransky <stransky@redhat.com> 7:2.5.STABLE9-8
- Three upstream patches for #167414
- Spanish and Greek messages
- patch for -D_FORTIFY_SOURCE=2

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

84ffacd1861487183b380b9d10eaefad SRPMS/squid-2.5.STABLE9-8.src.rpm
e3edef9bb8a108f14a5320adc5bb4911 ppc/squid-2.5.STABLE9-8.ppc.rpm
1a40db4808c6b8275294b7958ee7efec ppc/debug/squid-debuginfo-2.5.STABLE9-8.ppc.rpm
1663acd75c2347126210263fb1b39143 x86_64/squid-2.5.STABLE9-8.x86_64.rpm
8f982a06009db83614118735e2efff27 x86_64/debug/squid-debuginfo-2.5.STABLE9-8.x86_64.rpm
3ea7ad95299b212639ee90cc28b2156b i386/squid-2.5.STABLE9-8.i386.rpm
0e5412ed95b927f1a3d20a3a1fbcd555 i386/debug/squid-debuginfo-2.5.STABLE9-8.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

Fedora Update Notification
FEDORA-2005-852
2005-09-06

Product : Fedora Core 3
Name : squid
Version : 2.5.STABLE9
Release : 1.FC3.7
Summary : The Squid proxy caching server.

Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools.

Tue Sep 6 2005 Martin Stransky <stransky@redhat.com> 7:2.5.STABLE9-1.FC3.7
- Three upstream patches for #167414
- Spanish and Greek messages
- patch for -D_FORTIFY_SOURCE=2

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

268ed1f8914e63cf62ed219dba64bdd3 SRPMS/squid-2.5.STABLE9-1.FC3.7.src.rpm
9e778cb8cb3c567a1448cbbdb58a279c x86_64/squid-2.5.STABLE9-1.FC3.7.x86_64.rpm
19e7fc5664b3a329a503ea36246c3f95 x86_64/debug/squid-debuginfo-2.5.STABLE9-1.FC3.7.x86_64.rpm
79d84f9735f50a4178f7b17d5e466c97 i386/squid-2.5.STABLE9-1.FC3.7.i386.rpm
4dc0c0a28762db74b1c9a6effe394e7c i386/debug/squid-debuginfo-2.5.STABLE9-1.FC3.7.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200509-02

http://security.gentoo.org/

Severity: Normal
Title: Gnumeric: Heap overflow in the included PCRE library
Date: September 03, 2005
Bugs: #104010
ID: 200509-02

Synopsis

Gnumeric is vulnerable to a heap overflow, possibly leading to the execution of arbitrary code.

Background

The Gnumeric spreadsheet is a versatile application developed as part of the GNOME Office project. libpcre is a library providing functions for Perl-compatible regular expressions.

Affected packages


     Package              /  Vulnerable  /                  Unaffected

  1  app-office/gnumeric     < 1.4.3-r2                    >= 1.4.3-r2

Description

Gnumeric contains a private copy of libpcre which is subject to an integer overflow leading to a heap overflow (see GLSA 200508-17).

Impact

An attacker could potentially exploit this vulnerability by tricking a user into opening a specially crafted spreadsheet, which could lead to the execution of arbitrary code with the privileges of the user running Gnumeric.

Workaround

There is no known workaround at this time.

Resolution

All Gnumeric users should upgrade to the latest version:

    # emerge  --sync
    # emerge --ask --oneshot --verbose ">=app-office/gnumeric-1.4.3-r2"

References

[ 1 ] CAN-2005-2491

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491

[ 2 ] GLSA 200508-17

http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200509-02.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Linux Security Advisory GLSA 200509-03

http://security.gentoo.org/

Severity: High
Title: OpenTTD: Format string vulnerabilities
Date: September 05, 2005
Bugs: #102631
ID: 200509-03

Synopsis

OpenTTD is vulnerable to format string vulnerabilities which may result in remote execution of arbitrary code.

Background

OpenTTD is an open source clone of the simulation game "Transport Tycoon Deluxe" by Microprose.

Affected packages


     Package                   /   Vulnerable   /           Unaffected

  1  games-simulation/openttd     < 0.4.0.1-r1           >= 0.4.0.1-r1

Description

Alexey Dobriyan discovered several format string vulnerabilities in OpenTTD.

Impact

A remote attacker could exploit these vulnerabilities to crash the OpenTTD server or client and possibly execute arbitrary code with the rights of the user running OpenTTD.

Workaround

There are no known workarounds at this time.

Resolution

All OpenTTD users should upgrade to the latest version:

    # emerge  --sync
    # emerge --ask --oneshot --verbose ">=games-simulation/openttd-0.4.0.1-r1"

References

[ 1 ] CAN-2005-2763

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2763

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200509-03.xml

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Linux Security Advisory GLSA 200509-04

http://security.gentoo.org/

Severity: Low
Title: phpLDAPadmin: Authentication bypass
Date: September 06, 2005
Bugs: #104293
ID: 200509-04

Synopsis

A flaw in phpLDAPadmin may allow attackers to bypass security restrictions and connect anonymously.

Background

phpLDAPadmin is a web-based LDAP client allowing to easily manage LDAP servers.

Affected packages


     Package               /    Vulnerable    /             Unaffected

  1  net-nds/phpldapadmin     < 0.9.7_alpha6           >= 0.9.7_alpha6

Description

Alexander Gerasiov discovered a flaw in login.php preventing the application from validating whether anonymous bind has been disabled in the target LDAP server configuration.

Impact

Anonymous users can access the LDAP server, even if the "disable_anon_bind" parameter was explicitly set to avoid this.

Workaround

There is no known workaround at this time.

Resolution

All phpLDAPadmin users should upgrade to the latest version:

    # emerge  --sync
    # emerge --ask --oneshot --verbose ">=net-nds/phpldapadmin-0.9.7_alpha6"

References

[ 1 ] CAN-2005-2654

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2654

[ 2 ] Secunia Advisory SA16611

http://secunia.com/advisories/16611/

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200509-04.xml

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Linux Security Advisory GLSA 200509-05

http://security.gentoo.org/

Severity: Normal
Title: Net-SNMP: Insecure RPATH
Date: September 06, 2005
Bugs: #103776
ID: 200509-05

Synopsis

The Gentoo Net-SNMP package may provide Perl modules containing an insecure DT_RPATH, potentially allowing privilege escalation.

Background

Net-SNMP is a suite of applications used to implement the Simple Network Management Protocol.

Affected packages


     Package                /   Vulnerable   /              Unaffected

  1  net-analyzer/net-snmp     < 5.2.1.2-r1              >= 5.2.1.2-r1

Description

James Cloos reported that Perl modules from the Net-SNMP package look for libraries in an untrusted location. This is due to a flaw in the Gentoo package, and not the Net-SNMP suite.

Impact

A local attacker (member of the portage group) may be able to create a shared object that would be loaded by the Net-SNMP Perl modules, executing arbitrary code with the privileges of the user invoking the Perl script.

Workaround

Limit group portage access to trusted users.

Resolution

All Net-SNMP users should upgrade to the latest version:

    # emerge  --sync
    # emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.2.1.2-r1"

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200509-05.xml

Concerns?

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Mandriva Linux

Mandriva Linux Security Update Advisory

Package name: ntp
Advisory ID: MDKSA-2005:156
Date: September 6th, 2005
Affected versions: 10.2

Problem Description:

When starting xntpd with the -u option and specifying the group by using a string not a numeric gid the daemon uses the gid of the user not the group.

The updated packages have been patched to correct this problem.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2496

Updated Packages:

Mandrakelinux 10.2:
f8c40868f356423814da1ed1c96fa467 10.2/RPMS/ntp-4.2.0-18.1.102mdk.i586.rpm
bbfded59532b51fb226f4a1d770b17ad 10.2/RPMS/ntp-client-4.2.0-18.1.102mdk.i586.rpm
fa12c82a51e78230bedfb1b60bfd2076 10.2/SRPMS/ntp-4.2.0-18.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
11d77745e05f559a9e3fa1beb2b19187 x86_64/10.2/RPMS/ntp-4.2.0-18.1.102mdk.x86_64.rpm
c64b3db1d415c80e76fab18066ef05ef x86_64/10.2/RPMS/ntp-client-4.2.0-18.1.102mdk.x86_64.rpm
fa12c82a51e78230bedfb1b60bfd2076 x86_64/10.2/SRPMS/ntp-4.2.0-18.1.102mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Mandriva Linux Security Update Advisory

Package name: smb4k
Advisory ID: MDKSA-2005:157
Date: September 6th, 2005
Affected versions: 10.1, 10.2

Problem Description:

A severe security issue has been discovered in Smb4K. By linking a simple text file FILE to /tmp/smb4k.tmp or /tmp/sudoers, an attacker could get access to the full contents of the /etc/super.tab or /etc/sudoers file, respectively, because Smb4K didn't check for the existance of these files before writing any contents. When using super, the attack also resulted in /etc/super.tab being a symlink to FILE.

Affected are all versions of the 0.4, 0.5, and 0.6 series of Smb4K.

The updated packages have been patched to correct this problem.

References:

http://smb4k.berlios.de

Updated Packages:

Mandrakelinux 10.1:
dd4471a3de6feb035637f15dd75d8d56 10.1/RPMS/smb4k-0.4.0-3.1.101mdk.i586.rpm
d56d014b32bf1ec767fc018f0e40c245 10.1/SRPMS/smb4k-0.4.0-3.1.101mdk.src.rpm

Mandrakelinux 10.2:
a1fd04d53c4c32d69f74bf17a255c250 10.2/RPMS/smb4k-0.5.1-1.1.102mdk.i586.rpm
30d1745f5dafea4c2d12c7b6a7c09526 10.2/SRPMS/smb4k-0.5.1-1.1.102mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Mandriva Linux Security Update Advisory

Package name: mplayer
Advisory ID: MDKSA-2005:158
Date: September 6th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0

Problem Description:

Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows remote attackers to execute arbitrary code via a video file with an audio header containing a large value in a strf chunk.

The updated packages have been patched to correct this problem.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2718
http://www.sven-tantau.de/public_files/mplayer/mplayer_20050824.txt

Updated Packages:

Mandrakelinux 10.1:
250459965c8fc4f42a2769e749e22e81 10.1/RPMS/libdha1.0-1.0-0.pre5.8.2.101mdk.i586.rpm
d8c7750a627e80277fce628e2d1e94c8 10.1/RPMS/libpostproc0-1.0-0.pre5.8.2.101mdk.i586.rpm
5917312b2927d69c316ccfee23fada24 10.1/RPMS/libpostproc0-devel-1.0-0.pre5.8.2.101mdk.i586.rpm
9be25967363cd572adfd36bc4d87b93a 10.1/RPMS/mencoder-1.0-0.pre5.8.2.101mdk.i586.rpm
c80e742412e9d1d350c370b634c246ba 10.1/RPMS/mplayer-1.0-0.pre5.8.2.101mdk.i586.rpm
2b8c578c31cb5ee5973b33af7954d026 10.1/RPMS/mplayer-gui-1.0-0.pre5.8.2.101mdk.i586.rpm
6a2f4fe0b219c835f95a7e0c4947991f 10.1/SRPMS/mplayer-1.0-0.pre5.8.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
250459965c8fc4f42a2769e749e22e81 x86_64/10.1/RPMS/libdha1.0-1.0-0.pre5.8.2.101mdk.i586.rpm
d8c7750a627e80277fce628e2d1e94c8 x86_64/10.1/RPMS/libpostproc0-1.0-0.pre5.8.2.101mdk.i586.rpm
5917312b2927d69c316ccfee23fada24 x86_64/10.1/RPMS/libpostproc0-devel-1.0-0.pre5.8.2.101mdk.i586.rpm
9be25967363cd572adfd36bc4d87b93a x86_64/10.1/RPMS/mencoder-1.0-0.pre5.8.2.101mdk.i586.rpm
c80e742412e9d1d350c370b634c246ba x86_64/10.1/RPMS/mplayer-1.0-0.pre5.8.2.101mdk.i586.rpm
2b8c578c31cb5ee5973b33af7954d026 x86_64/10.1/RPMS/mplayer-gui-1.0-0.pre5.8.2.101mdk.i586.rpm
6a2f4fe0b219c835f95a7e0c4947991f x86_64/10.1/SRPMS/mplayer-1.0-0.pre5.8.2.101mdk.src.rpm

Mandrakelinux 10.2:
de875487b091b75e8f5247df554081cb 10.2/RPMS/libdha1.0-1.0-0.pre6.8.2.102mdk.i586.rpm
a6604d2eb448775983d3b02b3e407fb0 10.2/RPMS/libpostproc0-1.0-0.pre6.8.2.102mdk.i586.rpm
6798646f4d62525901fc7e39b2ed923e 10.2/RPMS/libpostproc0-devel-1.0-0.pre6.8.2.102mdk.i586.rpm
d22348b0c5984578a5943cb7c1f411f3 10.2/RPMS/mencoder-1.0-0.pre6.8.2.102mdk.i586.rpm
4eacc77aa9e231e55c40a0a1175113f9 10.2/RPMS/mplayer-1.0-0.pre6.8.2.102mdk.i586.rpm
b17dc79c2f2f3c7ca1512abde018b069 10.2/RPMS/mplayer-gui-1.0-0.pre6.8.2.102mdk.i586.rpm
956d43071a6e94af9394b5da7fb12a62 10.2/SRPMS/mplayer-1.0-0.pre6.8.2.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
1790a5313459770becf4d56943266bb5 x86_64/10.2/RPMS/lib64postproc0-1.0-0.pre6.8.2.102mdk.x86_64.rpm
360a5c1ccce816edc10f0764ce818784 x86_64/10.2/RPMS/lib64postproc0-devel-1.0-0.pre6.8.2.102mdk.x86_64.rpm
39b2652e9203165fb9c9d44dd75cacdc x86_64/10.2/RPMS/mencoder-1.0-0.pre6.8.2.102mdk.x86_64.rpm
0df3262bbab999f1dbd0710e863c8610 x86_64/10.2/RPMS/mplayer-1.0-0.pre6.8.2.102mdk.x86_64.rpm
760154d8cf96ca552c327610b75c1acf x86_64/10.2/RPMS/mplayer-gui-1.0-0.pre6.8.2.102mdk.x86_64.rpm
956d43071a6e94af9394b5da7fb12a62 x86_64/10.2/SRPMS/mplayer-1.0-0.pre6.8.2.102mdk.src.rpm

Corporate 3.0:
4154fbdaf579fa4999c7d78b21d6cb36 corporate/3.0/RPMS/libdha0.1-1.0-0.pre3.14.3.C30mdk.i586.rpm
4e3754365ee2513295db740ab3cf6cf0 corporate/3.0/RPMS/libpostproc0-1.0-0.pre3.14.3.C30mdk.i586.rpm
15334f63a998240eda3beb3adf8b871c corporate/3.0/RPMS/libpostproc0-devel-1.0-0.pre3.14.3.C30mdk.i586.rpm
f4e09e3a33b59becd4dd034a3cb0dc96 corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.3.C30mdk.i586.rpm
068a5c5e29b7c3d191d553e32d4b5d16 corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.3.C30mdk.i586.rpm
75b97f74726b07e8dbf908ff731c167a corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.3.C30mdk.i586.rpm
063e6e15d3cfa8d859acc33da0e90eee corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
85e34fedb91a68091e37521fe4d1cfa3 x86_64/corporate/3.0/RPMS/lib64postproc0-1.0-0.pre3.14.3.C30mdk.x86_64.rpm
3bfdf357b670cd8dc0b310dfa31adf6b x86_64/corporate/3.0/RPMS/lib64postproc0-devel-1.0-0.pre3.14.3.C30mdk.x86_64.rpm
278616d508bd32dcdf5f4a1f21bd3249 x86_64/corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.3.C30mdk.x86_64.rpm
b7008436842f07451bc9867dd2d30973 x86_64/corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.3.C30mdk.x86_64.rpm
e1b508be67d5f3d0ef42985d02925f45 x86_64/corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.3.C30mdk.x86_64.rpm
063e6e15d3cfa8d859acc33da0e90eee x86_64/corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.3.C30mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Mandriva Linux Security Update Advisory

Package name: kdeedu
Advisory ID: MDKSA-2005:159
Date: September 6th, 2005
Affected versions: 10.1, 10.2

Problem Description:

Ben Burton notified the KDE security team about several tempfile handling related vulnerabilities in langen2kvtml, a conversion script for kvoctrain. This vulnerability was initially discovered by Javier Fernãndez-Sanguino Peña.

The script uses known filenames in /tmp which allow an local attacker to overwrite files writeable by the user (manually) invoking the conversion script.

The updated packages have been patched to correct this problem.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2101
http://www.kde.org/info/security/advisory-20050815-1.txt

Updated Packages:

Mandrakelinux 10.1:
22f08da9f14236b97f67c5976eda26d8 10.1/RPMS/kdeedu-3.2.3-7.1.101mdk.i586.rpm
da6b340e1110607e71c3997030e6ff52 10.1/RPMS/libkdeedu1-3.2.3-7.1.101mdk.i586.rpm
895a59f03e50cfa3976a4b023e6f944d 10.1/RPMS/libkdeedu1-devel-3.2.3-7.1.101mdk.i586.rpm
fab7de15f23ba02676b302e9b9f4606f 10.1/SRPMS/kdeedu-3.2.3-7.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
e689e0327fe6656afe4427dbde6531b4 x86_64/10.1/RPMS/kdeedu-3.2.3-7.1.101mdk.x86_64.rpm
737170e6d672711c36cb2b2e83243172 x86_64/10.1/RPMS/lib64kdeedu1-3.2.3-7.1.101mdk.x86_64.rpm
de170bee8d5bbf97b5d0159865e6414f x86_64/10.1/RPMS/lib64kdeedu1-devel-3.2.3-7.1.101mdk.x86_64.rpm
da6b340e1110607e71c3997030e6ff52 x86_64/10.1/RPMS/libkdeedu1-3.2.3-7.1.101mdk.i586.rpm
fab7de15f23ba02676b302e9b9f4606f x86_64/10.1/SRPMS/kdeedu-3.2.3-7.1.101mdk.src.rpm

Mandrakelinux 10.2:
04f206d950e469d65fa244fabf3607e1 10.2/RPMS/kdeedu-3.3.2-9.1.102mdk.i586.rpm
1d62bb60fb8e272e8ae9aa7ec4476631 10.2/RPMS/libkdeedu1-3.3.2-9.1.102mdk.i586.rpm
d268b14834e1b89e55630bc33d26df15 10.2/RPMS/libkdeedu1-devel-3.3.2-9.1.102mdk.i586.rpm
ab09fc314b45a9ab535b0ec9dcf848a0 10.2/SRPMS/kdeedu-3.3.2-9.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
9d2ae377f8c640ec006a3de8f7773a5a x86_64/10.2/RPMS/kdeedu-3.3.2-9.1.102mdk.x86_64.rpm
54c81580deb3f2b06944046334759ce3 x86_64/10.2/RPMS/lib64kdeedu1-3.3.2-9.1.102mdk.x86_64.rpm
d200247c5318c421ded410f0c80e1f4c x86_64/10.2/RPMS/lib64kdeedu1-devel-3.3.2-9.1.102mdk.x86_64.rpm
ab09fc314b45a9ab535b0ec9dcf848a0 x86_64/10.2/SRPMS/kdeedu-3.3.2-9.1.102mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Mandriva Linux Security Update Advisory

Package name: kdebase
Advisory ID: MDKSA-2005:160
Date: September 6th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0

Problem Description:

Ilja van Sprundel from suresec.org notified the KDE security team about a serious lock file handling error in kcheckpass that can, in some configurations, be used to gain root access.

In order for an exploit to succeed, the directory /var/lock has to be writeable for a user that is allowed to invoke kcheckpass.

The updated packages have been patched to correct this problem.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2494 http://www.kde.org/info/security/advisory-20050905-1.txt

Updated Packages:

Mandrakelinux 10.1:
fde6f11dca5fa72d8b892326ef18af39 10.1/RPMS/kdebase-3.2.3-134.9.101mdk.i586.rpm
af8c908d2d1e82d38057d8c2a85226ae 10.1/RPMS/kdebase-common-3.2.3-134.9.101mdk.i586.rpm
82059179465feed8f4aa87eeb09083c6 10.1/RPMS/kdebase-kate-3.2.3-134.9.101mdk.i586.rpm
31551dc2a3ccd80305a0b7aec7d525a2 10.1/RPMS/kdebase-kcontrol-data-3.2.3-134.9.101mdk.i586.rpm
256d4d84ec2af022ca1a91f91f4becbe 10.1/RPMS/kdebase-kcontrol-nsplugins-3.2.3-134.9.101mdk.i586.rpm
bc75565668aee981f4170b082c875973 10.1/RPMS/kdebase-kdeprintfax-3.2.3-134.9.101mdk.i586.rpm
3b1aa69777ca0380a598687febccf3cf 10.1/RPMS/kdebase-kdm-3.2.3-134.9.101mdk.i586.rpm
c4aa598c9468d30370eca266e5cd26d2 10.1/RPMS/kdebase-kdm-config-file-3.2.3-134.9.101mdk.i586.rpm
a3a5bfacdfbeda1e5674c8c85ce33d06 10.1/RPMS/kdebase-kmenuedit-3.2.3-134.9.101mdk.i586.rpm
43989b4186ca73c933c0a14e6e8ada7e 10.1/RPMS/kdebase-konsole-3.2.3-134.9.101mdk.i586.rpm
27eb9535ade339cc18745238cdca82e7 10.1/RPMS/kdebase-nsplugins-3.2.3-134.9.101mdk.i586.rpm
2e150c90e33b4895f03afd0f150ef133 10.1/RPMS/kdebase-progs-3.2.3-134.9.101mdk.i586.rpm
5a01676e0b14f1dcfdc354f36c809a15 10.1/RPMS/libkdebase4-3.2.3-134.9.101mdk.i586.rpm
933a50f6b133a925553ebc500ffc77b2 10.1/RPMS/libkdebase4-devel-3.2.3-134.9.101mdk.i586.rpm
d047b4804fa7ef86a4e358f4fa905062 10.1/RPMS/libkdebase4-kate-3.2.3-134.9.101mdk.i586.rpm
75aa31fb0122567a8f61b27c6a6b97e3 10.1/RPMS/libkdebase4-kate-devel-3.2.3-134.9.101mdk.i586.rpm
11d99a0db991f5ce81069d5a3b04996c 10.1/RPMS/libkdebase4-kmenuedit-3.2.3-134.9.101mdk.i586.rpm
1d68a5e0a0ee1e9b683726394ef1d9d4 10.1/RPMS/libkdebase4-konsole-3.2.3-134.9.101mdk.i586.rpm
79e2da009c3444e9fc8bae76a8e4bc58 10.1/SRPMS/kdebase-3.2.3-134.9.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
3edfcb2be06588148b7dbea26ddeb0ab x86_64/10.1/RPMS/kdebase-3.2.3-134.9.101mdk.x86_64.rpm
c2222b94addf5138736253d3591fe8a5 x86_64/10.1/RPMS/kdebase-common-3.2.3-134.9.101mdk.x86_64.rpm
cbb30cf71ef0ee26a742425cc0131a57 x86_64/10.1/RPMS/kdebase-kate-3.2.3-134.9.101mdk.x86_64.rpm
ee1cd14197f0978fe6683d732be2d9a9 x86_64/10.1/RPMS/kdebase-kcontrol-data-3.2.3-134.9.101mdk.x86_64.rpm
9415b5810205fa4a6e40e158d73bb793 x86_64/10.1/RPMS/kdebase-kcontrol-nsplugins-3.2.3-134.9.101mdk.x86_64.rpm
3b273879aba8c243abd365032cc12e10 x86_64/10.1/RPMS/kdebase-kdeprintfax-3.2.3-134.9.101mdk.x86_64.rpm
d263866608db223d7c8003d873885327 x86_64/10.1/RPMS/kdebase-kdm-3.2.3-134.9.101mdk.x86_64.rpm
c0e041f29979178df76dc8ae20f5c71f x86_64/10.1/RPMS/kdebase-kdm-config-file-3.2.3-134.9.101mdk.x86_64.rpm
53ea70085e2b73a1fcf716307b3c1f7a x86_64/10.1/RPMS/kdebase-kmenuedit-3.2.3-134.9.101mdk.x86_64.rpm
24c0b0f3cf506ce3c0fa4ea383c43312 x86_64/10.1/RPMS/kdebase-konsole-3.2.3-134.9.101mdk.x86_64.rpm
72c06b57b925085a85ea1532299a8c12 x86_64/10.1/RPMS/kdebase-nsplugins-3.2.3-134.9.101mdk.x86_64.rpm
f2b612031c9b753acdeca70da2761c14 x86_64/10.1/RPMS/kdebase-progs-3.2.3-134.9.101mdk.x86_64.rpm
2be4621405105330c569a2d3371f7912 x86_64/10.1/RPMS/lib64kdebase4-3.2.3-134.9.101mdk.x86_64.rpm
47fa9328d312663c970a0ea02f7ece97 x86_64/10.1/RPMS/lib64kdebase4-devel-3.2.3-134.9.101mdk.x86_64.rpm
2c46a175a2d53cc9e71e1c7e80fc515f x86_64/10.1/RPMS/lib64kdebase4-kate-3.2.3-134.9.101mdk.x86_64.rpm
7ca3088d0a3fde613c6fc99bff434904 x86_64/10.1/RPMS/lib64kdebase4-kate-devel-3.2.3-134.9.101mdk.x86_64.rpm
4333de20ac19527f2ed54590e13c668e x86_64/10.1/RPMS/lib64kdebase4-kmenuedit-3.2.3-134.9.101mdk.x86_64.rpm
45b52dcf04ef25fecc47179f699e8c6a x86_64/10.1/RPMS/lib64kdebase4-konsole-3.2.3-134.9.101mdk.x86_64.rpm
5a01676e0b14f1dcfdc354f36c809a15 x86_64/10.1/RPMS/libkdebase4-3.2.3-134.9.101mdk.i586.rpm
d047b4804fa7ef86a4e358f4fa905062 x86_64/10.1/RPMS/libkdebase4-kate-3.2.3-134.9.101mdk.i586.rpm
11d99a0db991f5ce81069d5a3b04996c x86_64/10.1/RPMS/libkdebase4-kmenuedit-3.2.3-134.9.101mdk.i586.rpm
1d68a5e0a0ee1e9b683726394ef1d9d4 x86_64/10.1/RPMS/libkdebase4-konsole-3.2.3-134.9.101mdk.i586.rpm
79e2da009c3444e9fc8bae76a8e4bc58 x86_64/10.1/SRPMS/kdebase-3.2.3-134.9.101mdk.src.rpm

Mandrakelinux 10.2:
8ea820faf7f9a1c575fd814fa1b3be88 10.2/RPMS/kdebase-3.3.2-100.2.102mdk.i586.rpm
64bf9ac92b71929fd8eb05ed082370d1 10.2/RPMS/kdebase-common-3.3.2-100.2.102mdk.i586.rpm
6cc03c736e294c87acb62809496b3a23 10.2/RPMS/kdebase-kate-3.3.2-100.2.102mdk.i586.rpm
b70f0133b3eb354edd91086b3dfb0ee0 10.2/RPMS/kdebase-kcontrol-data-3.3.2-100.2.102mdk.i586.rpm
a27b819f2e74a1ac437eed30dc0c7a3a 10.2/RPMS/kdebase-kcontrol-nsplugins-3.3.2-100.2.102mdk.i586.rpm
535c6d1e728d20ebfdd92f1e570aff80 10.2/RPMS/kdebase-kdeprintfax-3.3.2-100.2.102mdk.i586.rpm
c1bdedce77fb4bd2ac91a20def9af473 10.2/RPMS/kdebase-kdm-3.3.2-100.2.102mdk.i586.rpm
f8a3371d011e0f26c6c6ba05b1b09d5a 10.2/RPMS/kdebase-kdm-config-file-3.3.2-100.2.102mdk.i586.rpm
ac2ad4a2c9863886bf00e22584baf0bc 10.2/RPMS/kdebase-kmenuedit-3.3.2-100.2.102mdk.i586.rpm
84b86ebce0224eaaa633c600f7474ee4 10.2/RPMS/kdebase-konsole-3.3.2-100.2.102mdk.i586.rpm
6fb8ec68e2d5c06b479fe50150d92ba3 10.2/RPMS/kdebase-nsplugins-3.3.2-100.2.102mdk.i586.rpm
9d5c8d81876c2223000ee63dfcbeee01 10.2/RPMS/kdebase-progs-3.3.2-100.2.102mdk.i586.rpm
bb38c4c73b9d375278ef65471d298d82 10.2/RPMS/libkdebase4-3.3.2-100.2.102mdk.i586.rpm
be3bc52ee3a2fcbc00878a9a4af0cc29 10.2/RPMS/libkdebase4-devel-3.3.2-100.2.102mdk.i586.rpm
635d14cbd10a57d48e53a8cd28a3969a 10.2/RPMS/libkdebase4-kate-3.3.2-100.2.102mdk.i586.rpm
f1d7eea1781433ebe12c1c46e0b6aaa7 10.2/RPMS/libkdebase4-kate-devel-3.3.2-100.2.102mdk.i586.rpm
c38367170d9640b89c12207bcd716a10 10.2/RPMS/libkdebase4-kmenuedit-3.3.2-100.2.102mdk.i586.rpm
6cfa802a5041180479b14f1877eb51dd 10.2/RPMS/libkdebase4-konsole-3.3.2-100.2.102mdk.i586.rpm
841ae9b72c2f032308c0921fd4c70ab3 10.2/SRPMS/kdebase-3.3.2-100.2.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
fd97ac0f42af8d4b1ae63f940bc6fa53 x86_64/10.2/RPMS/kdebase-3.3.2-100.2.102mdk.x86_64.rpm
5293b17c951461e487ca49439971b759 x86_64/10.2/RPMS/kdebase-common-3.3.2-100.2.102mdk.x86_64.rpm
5d2b1093f31e9058b4a67efdcad7a40e x86_64/10.2/RPMS/kdebase-kate-3.3.2-100.2.102mdk.x86_64.rpm
be52e48039b301a67acbd4d7ecbde6df x86_64/10.2/RPMS/kdebase-kcontrol-data-3.3.2-100.2.102mdk.x86_64.rpm
ec395a1c9aeed29e431bd888c004b72e x86_64/10.2/RPMS/kdebase-kcontrol-nsplugins-3.3.2-100.2.102mdk.x86_64.rpm
8dd7de1b81ed9c868d0f790e23884d1a x86_64/10.2/RPMS/kdebase-kdeprintfax-3.3.2-100.2.102mdk.x86_64.rpm
eac43c0d20c96edf27dfec090618aa0d x86_64/10.2/RPMS/kdebase-kdm-3.3.2-100.2.102mdk.x86_64.rpm
c62c51eed03325b323caf5fc8cc6cc68 x86_64/10.2/RPMS/kdebase-kdm-config-file-3.3.2-100.2.102mdk.x86_64.rpm
ae976bc220b5e66aecc9e0466958cd41 x86_64/10.2/RPMS/kdebase-kmenuedit-3.3.2-100.2.102mdk.x86_64.rpm
fb4c6cefd6cb1e8afa4eb9390a9f7ae2 x86_64/10.2/RPMS/kdebase-konsole-3.3.2-100.2.102mdk.x86_64.rpm
6fb8ec68e2d5c06b479fe50150d92ba3 x86_64/10.2/RPMS/kdebase-nsplugins-3.3.2-100.2.102mdk.i586.rpm
e9cc53487468f187b718967e9ab50fd1 x86_64/10.2/RPMS/kdebase-progs-3.3.2-100.2.102mdk.x86_64.rpm
e78f53e65808be2cbbfaf82014d0c8b7 x86_64/10.2/RPMS/lib64kdebase4-3.3.2-100.2.102mdk.x86_64.rpm
4847ef47d9c15d390a411dfe6caaf0df x86_64/10.2/RPMS/lib64kdebase4-devel-3.3.2-100.2.102mdk.x86_64.rpm
69b112bfb1a91e862507236dc62771f2 x86_64/10.2/RPMS/lib64kdebase4-kate-3.3.2-100.2.102mdk.x86_64.rpm
ecc5111a1ad88ad0cdd03b9fbd297008 x86_64/10.2/RPMS/lib64kdebase4-kate-devel-3.3.2-100.2.102mdk.x86_64.rpm
af472b1c462c450f8e7b2d05bc175bf9 x86_64/10.2/RPMS/lib64kdebase4-kmenuedit-3.3.2-100.2.102mdk.x86_64.rpm
abb2bd8b81fb4b1a26eafa673483b759 x86_64/10.2/RPMS/lib64kdebase4-konsole-3.3.2-100.2.102mdk.x86_64.rpm
841ae9b72c2f032308c0921fd4c70ab3 x86_64/10.2/SRPMS/kdebase-3.3.2-100.2.102mdk.src.rpm

Corporate 3.0:
5c5bb47872157532e74cb286c036f0ac corporate/3.0/RPMS/kdebase-3.2-79.15.C30mdk.i586.rpm
f1a378005b009f9626e775ce63c7807b corporate/3.0/RPMS/kdebase-common-3.2-79.15.C30mdk.i586.rpm
d67f323387473d54e4c17f1b67538785 corporate/3.0/RPMS/kdebase-kate-3.2-79.15.C30mdk.i586.rpm
e3869e03e1764c2fee79f5169be58a42 corporate/3.0/RPMS/kdebase-kcontrol-data-3.2-79.15.C30mdk.i586.rpm
f110abbe7b0d5cd772b159f7ba7e2127 corporate/3.0/RPMS/kdebase-kdeprintfax-3.2-79.15.C30mdk.i586.rpm
a90cb881d3f22e2e2c3f6d66142fc52b corporate/3.0/RPMS/kdebase-kdm-3.2-79.15.C30mdk.i586.rpm
17fc38870b8833c2d4343f0d2c4268e3 corporate/3.0/RPMS/kdebase-kdm-config-file-3.2-79.15.C30mdk.i586.rpm
821120dd5702eeb4a061efc69c179c9e corporate/3.0/RPMS/kdebase-kmenuedit-3.2-79.15.C30mdk.i586.rpm
9b1b4b6873d77d9076afdafde9a4c9c1 corporate/3.0/RPMS/kdebase-konsole-3.2-79.15.C30mdk.i586.rpm
ccd40a116f2c31257fa69ce3c7f8cc0e corporate/3.0/RPMS/kdebase-nsplugins-3.2-79.15.C30mdk.i586.rpm
65c533e7edca8091e398e5632bdc0a4f corporate/3.0/RPMS/kdebase-progs-3.2-79.15.C30mdk.i586.rpm
24f93afd0d620488555d0d4f0a141d95 corporate/3.0/RPMS/libkdebase4-3.2-79.15.C30mdk.i586.rpm
66465a760c0c47f41ae01151ff58e9ff corporate/3.0/RPMS/libkdebase4-kate-3.2-79.15.C30mdk.i586.rpm
5a4e2d25ad889c6d2d7ef54f2b6328d9 corporate/3.0/RPMS/libkdebase4-kmenuedit-3.2-79.15.C30mdk.i586.rpm
1d14512ed592fe30afc82478738224f7 corporate/3.0/RPMS/libkdebase4-konsole-3.2-79.15.C30mdk.i586.rpm
64f65eb5d0a37a2cedb127a6fb791156 corporate/3.0/RPMS/libkdebase4-nsplugins-3.2-79.15.C30mdk.i586.rpm
f4009c97636ea98bee4a8c0e59d4deff corporate/3.0/SRPMS/kdebase-3.2-79.15.C30mdk.src.rpm

Corporate 3.0/X86_64:
765b9e68c3f33a9bdee7614a3763c08b x86_64/corporate/3.0/RPMS/kdebase-3.2-79.15.C30mdk.x86_64.rpm
8209c85a7d1ff5b5671da87da35e284f x86_64/corporate/3.0/RPMS/kdebase-common-3.2-79.15.C30mdk.x86_64.rpm
108339dbdd9f77a3970dfe4d69fefd2c x86_64/corporate/3.0/RPMS/kdebase-kate-3.2-79.15.C30mdk.x86_64.rpm
ba0c970fd675e1cbe8a9a7f04d1b9654 x86_64/corporate/3.0/RPMS/kdebase-kcontrol-data-3.2-79.15.C30mdk.x86_64.rpm
1e86eb77ceb9ba139aaf63fad755f18c x86_64/corporate/3.0/RPMS/kdebase-kdeprintfax-3.2-79.15.C30mdk.x86_64.rpm
4f118f3483d2edb8ffc999f9643dfe22 x86_64/corporate/3.0/RPMS/kdebase-kdm-3.2-79.15.C30mdk.x86_64.rpm
0cab09bb2a12aeb3167eeafa8edf21fa x86_64/corporate/3.0/RPMS/kdebase-kdm-config-file-3.2-79.15.C30mdk.x86_64.rpm
253479b917bab26432f972283dab4959 x86_64/corporate/3.0/RPMS/kdebase-kmenuedit-3.2-79.15.C30mdk.x86_64.rpm
747401c57ca0ba41c58255efffae1f0b x86_64/corporate/3.0/RPMS/kdebase-konsole-3.2-79.15.C30mdk.x86_64.rpm
2b9012cad5af77f1dbb3b40a2f4f49cf x86_64/corporate/3.0/RPMS/kdebase-nsplugins-3.2-79.15.C30mdk.x86_64.rpm
7635c3c9b477579a7d08734b638d3da2 x86_64/corporate/3.0/RPMS/kdebase-progs-3.2-79.15.C30mdk.x86_64.rpm
b78dc26632d1fb48d63e062b0369e83e x86_64/corporate/3.0/RPMS/lib64kdebase4-3.2-79.15.C30mdk.x86_64.rpm
249473e7032d316eb6c6e46dd14d72ea x86_64/corporate/3.0/RPMS/lib64kdebase4-kate-3.2-79.15.C30mdk.x86_64.rpm
6aa270ce944bc6a65a58b8503abdf82d x86_64/corporate/3.0/RPMS/lib64kdebase4-kmenuedit-3.2-79.15.C30mdk.x86_64.rpm
ca68112054d1b9f43edfca85837ce946 x86_64/corporate/3.0/RPMS/lib64kdebase4-konsole-3.2-79.15.C30mdk.x86_64.rpm
a74132dd02854d83c4079554b1e24adc x86_64/corporate/3.0/RPMS/lib64kdebase4-nsplugins-3.2-79.15.C30mdk.x86_64.rpm
f4009c97636ea98bee4a8c0e59d4deff x86_64/corporate/3.0/SRPMS/kdebase-3.2-79.15.C30mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Red Hat Linux

Red Hat Security Advisory

Synopsis: Important: httpd security update
Advisory ID: RHSA-2005:608-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-608.html
Issue date: 2005-09-06
Updated on: 2005-09-06
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-2700 CAN-2005-2728

1. Summary:

Updated Apache httpd packages that correct two security issues are now available for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having important security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The Apache HTTP Server is a popular and freely-available Web server.

A flaw was discovered in mod_ssl's handling of the "SSLVerifyClient" directive. This flaw occurs if a virtual host is configured using "SSLVerifyClient optional" and a directive "SSLVerifyClient required" is set for a specific location. For servers configured in this fashion, an attacker may be able to access resources that should otherwise be protected, by not supplying a client certificate when connecting. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2700 to this issue.

A flaw was discovered in Apache httpd where the byterange filter would buffer certain responses into memory. If a server has a dynamic resource such as a CGI script or PHP script that generates a large amount of data, an attacker could send carefully crafted requests in order to consume resources, potentially leading to a Denial of Service. (CAN-2005-2728)

Users of Apache httpd should update to these errata packages that contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

167102 - CAN-2005-2728 byterange memory DoS 167194 - CAN-2005-2700 SSLVerifyClient flaw

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/httpd-2.0.46-46.3.ent.src.rpm
484b418c080a8fc60b3add4dfcf1900f httpd-2.0.46-46.3.ent.src.rpm

i386:
319460633151ee1517c8148931ca72de httpd-2.0.46-46.3.ent.i386.rpm
6cc3044405158920afedbd288430544c httpd-devel-2.0.46-46.3.ent.i386.rpm
ee51eb393a77fcbc28640ab9c7c0376c mod_ssl-2.0.46-46.3.ent.i386.rpm

ia64:
5f9c92619f6a7e60409aeef7b92f5056 httpd-2.0.46-46.3.ent.ia64.rpm
cba1acc27a9904ea4988159c81e96a97 httpd-devel-2.0.46-46.3.ent.ia64.rpm
15b4dba781df66f9cbcfc0230b96d261 mod_ssl-2.0.46-46.3.ent.ia64.rpm

ppc:
2ae362a59d4c95ef58879a9f74ec6c30 httpd-2.0.46-46.3.ent.ppc.rpm
2b61fbe228b61e5d113abd012e9bf619 httpd-devel-2.0.46-46.3.ent.ppc.rpm
6f653931571bfaebb519aecdbb7150c8 mod_ssl-2.0.46-46.3.ent.ppc.rpm

s390:
c59a7c3908fa71b8b7ba36d07cd0d0d4 httpd-2.0.46-46.3.ent.s390.rpm
2d3f8bf4a5745ba5b87d188f18d04a75 httpd-devel-2.0.46-46.3.ent.s390.rpm
e1bc611d1e4eaecffbc58ff669d16b39 mod_ssl-2.0.46-46.3.ent.s390.rpm

s390x:
ba883d990a3fc34d2c6d20b6329372c1 httpd-2.0.46-46.3.ent.s390x.rpm
57c48448f06e2444d285440a6e43631c httpd-devel-2.0.46-46.3.ent.s390x.rpm
2f44730013c2c1aef58d4c81e9ae613b mod_ssl-2.0.46-46.3.ent.s390x.rpm

x86_64:
d1bd5698951993680a3f4d78b332117e httpd-2.0.46-46.3.ent.x86_64.rpm
9d57852140e597b4719cda1d8aee4101 httpd-devel-2.0.46-46.3.ent.x86_64.rpm
fc4beccd061aa1de3286a4548d820bcc mod_ssl-2.0.46-46.3.ent.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/httpd-2.0.46-46.3.ent.src.rpm
484b418c080a8fc60b3add4dfcf1900f httpd-2.0.46-46.3.ent.src.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/httpd-2.0.46-46.3.ent.src.rpm
484b418c080a8fc60b3add4dfcf1900f httpd-2.0.46-46.3.ent.src.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/httpd-2.0.46-46.3.ent.src.rpm
484b418c080a8fc60b3add4dfcf1900f httpd-2.0.46-46.3.ent.src.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/httpd-2.0.52-12.2.ent.src.rpm
de6c9583b0be4f8a91d58f9d96082d3c httpd-2.0.52-12.2.ent.src.rpm

i386:
2b535c428cc468bb8c94e88cb47b48a0 httpd-2.0.52-12.2.ent.i386.rpm
62933dc89da98cf4e2cdb885cb195d29 httpd-devel-2.0.52-12.2.ent.i386.rpm
573ee8e079b51dd2d6a474c7513ede63 httpd-manual-2.0.52-12.2.ent.i386.rpm
ee7ce0885eb313d0f359c89b0d22b637 httpd-suexec-2.0.52-12.2.ent.i386.rpm
df4a617088e7c3d22cdb88d149f81209 mod_ssl-2.0.52-12.2.ent.i386.rpm

ia64:
2c03808a9cf8081f395259ae21730af0 httpd-2.0.52-12.2.ent.ia64.rpm
99fcf9f0c7ea2b8a4248cd3a0d25da89 httpd-devel-2.0.52-12.2.ent.ia64.rpm
856092d56cc712997901f534a76f568c httpd-manual-2.0.52-12.2.ent.ia64.rpm
92ac8b5beb4e12b1ead63f7027d07cfb httpd-suexec-2.0.52-12.2.ent.ia64.rpm
a44cc800809c368c7455c1af306b8e7d mod_ssl-2.0.52-12.2.ent.ia64.rpm

ppc:
7f49f8989dd2261c2d137af07e14ff54 httpd-2.0.52-12.2.ent.ppc.rpm
a6e1f360410c36f2cc641e321395fd16 httpd-devel-2.0.52-12.2.ent.ppc.rpm
69ce88336483a278bcad15ea6eaca096 httpd-manual-2.0.52-12.2.ent.ppc.rpm
f396126f7386857c22eeeef20d947652 httpd-suexec-2.0.52-12.2.ent.ppc.rpm
99b6d20eed066a3b565756ad83888d22 mod_ssl-2.0.52-12.2.ent.ppc.rpm

s390:
0cbd52d64a91644717a1df0e15ccc39a httpd-2.0.52-12.2.ent.s390.rpm
ca79cb435376a78d9f6b33c83473defe httpd-devel-2.0.52-12.2.ent.s390.rpm
3e8a5481d36c837350b17ee20c4fd429 httpd-manual-2.0.52-12.2.ent.s390.rpm
2899ee38bcd82766e731b57d3330ce9a httpd-suexec-2.0.52-12.2.ent.s390.rpm
7b5f79e871aefd2482c18cff9904c7c4 mod_ssl-2.0.52-12.2.ent.s390.rpm

s390x:
ca68a1ae7ab25f761c901f28cd522f74 httpd-2.0.52-12.2.ent.s390x.rpm
09c838209a62cba64e5b28688e313026 httpd-devel-2.0.52-12.2.ent.s390x.rpm
caf032aaba9e03987ba1413743c47088 httpd-manual-2.0.52-12.2.ent.s390x.rpm
0eeea0d60e789902f10252c39b13140a httpd-suexec-2.0.52-12.2.ent.s390x.rpm
cedd7dadf3408b281a9d4d7d45e31b16 mod_ssl-2.0.52-12.2.ent.s390x.rpm

x86_64:
34ec39c05630e576fad8859e8f233ba7 httpd-2.0.52-12.2.ent.x86_64.rpm
614164cb0770a14d30eacc211fed4242 httpd-devel-2.0.52-12.2.ent.x86_64.rpm
2b59b10e2c8e41ed23041e3d433a67c7 httpd-manual-2.0.52-12.2.ent.x86_64.rpm
2ce9c581b49e48da9db9b95e61f18ea9 httpd-suexec-2.0.52-12.2.ent.x86_64.rpm
048f5c406bac99d9026eca82573c59f1 mod_ssl-2.0.52-12.2.ent.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/httpd-2.0.52-12.2.ent.src.rpm
de6c9583b0be4f8a91d58f9d96082d3c httpd-2.0.52-12.2.ent.src.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/httpd-2.0.52-12.2.ent.src.rpm
de6c9583b0be4f8a91d58f9d96082d3c httpd-2.0.52-12.2.ent.src.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/httpd-2.0.52-12.2.ent.src.rpm
de6c9583b0be4f8a91d58f9d96082d3c httpd-2.0.52-12.2.ent.src.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2728

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Red Hat Security Advisory

Synopsis: Low: cvs security update
Advisory ID: RHSA-2005:756-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-756.html
Issue date: 2005-09-06
Updated on: 2005-09-06
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-2693

1. Summary:

An updated cvs package that fixes a security bug is now available.

This update has been rated as having low security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

CVS (Concurrent Version System) is a version control system.

An insecure temporary file usage was found in the cvsbug program. It is possible that a local user could leverage this issue to execute arbitrary instructions as the user running cvsbug. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-2693 to this issue.

All users of cvs should upgrade to this updated package, which includes a patch to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

166365 - CAN-2005-2693 CVS temporary file issue

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/cvs-1.11.1p1-19.src.rpm
58d707950339b5984b92e679d8735283 cvs-1.11.1p1-19.src.rpm

i386:
c4c7380ba52df40f08cb1ecc96aa70ea cvs-1.11.1p1-19.i386.rpm

ia64:
c8f4b3f86b9d2c79a3e6c7be3f68c456 cvs-1.11.1p1-19.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/cvs-1.11.1p1-19.src.rpm
58d707950339b5984b92e679d8735283 cvs-1.11.1p1-19.src.rpm

ia64:
c8f4b3f86b9d2c79a3e6c7be3f68c456 cvs-1.11.1p1-19.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/cvs-1.11.1p1-19.src.rpm
58d707950339b5984b92e679d8735283 cvs-1.11.1p1-19.src.rpm

i386:
c4c7380ba52df40f08cb1ecc96aa70ea cvs-1.11.1p1-19.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/cvs-1.11.1p1-19.src.rpm
58d707950339b5984b92e679d8735283 cvs-1.11.1p1-19.src.rpm

i386:
c4c7380ba52df40f08cb1ecc96aa70ea cvs-1.11.1p1-19.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/cvs-1.11.2-28.src.rpm
63dda99e283a8dec83dda68217cf8242 cvs-1.11.2-28.src.rpm

i386:
5a85254a3c83ad082cb9b3579bf53cb1 cvs-1.11.2-28.i386.rpm

ia64:
e5330fbefb332f44ee8b55ed32cbd580 cvs-1.11.2-28.ia64.rpm

ppc:
f49d4b23da384c46f13c14a6252910cd cvs-1.11.2-28.ppc.rpm

s390:
f632e999728a52715479b92de9b49443 cvs-1.11.2-28.s390.rpm

s390x:
6f9020e43e5c9129633b96778e476753 cvs-1.11.2-28.s390x.rpm

x86_64:
dceaf8bbd78dd72d792e0d9ee88a0060 cvs-1.11.2-28.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/cvs-1.11.2-28.src.rpm
63dda99e283a8dec83dda68217cf8242 cvs-1.11.2-28.src.rpm

i386:
5a85254a3c83ad082cb9b3579bf53cb1 cvs-1.11.2-28.i386.rpm

x86_64:
dceaf8bbd78dd72d792e0d9ee88a0060 cvs-1.11.2-28.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/cvs-1.11.2-28.src.rpm
63dda99e283a8dec83dda68217cf8242 cvs-1.11.2-28.src.rpm

i386:
5a85254a3c83ad082cb9b3579bf53cb1 cvs-1.11.2-28.i386.rpm

ia64:
e5330fbefb332f44ee8b55ed32cbd580 cvs-1.11.2-28.ia64.rpm

x86_64:
dceaf8bbd78dd72d792e0d9ee88a0060 cvs-1.11.2-28.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/cvs-1.11.2-28.src.rpm
63dda99e283a8dec83dda68217cf8242 cvs-1.11.2-28.src.rpm

i386:
5a85254a3c83ad082cb9b3579bf53cb1 cvs-1.11.2-28.i386.rpm

ia64:
e5330fbefb332f44ee8b55ed32cbd580 cvs-1.11.2-28.ia64.rpm

x86_64:
dceaf8bbd78dd72d792e0d9ee88a0060 cvs-1.11.2-28.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cvs-1.11.17-8.RHEL4.src.rpm
d544d5c637a6d4548afbb8eec213a2d6 cvs-1.11.17-8.RHEL4.src.rpm

i386:
175510834dbe9447bed0c56247105667 cvs-1.11.17-8.RHEL4.i386.rpm

ia64:
a70bd224c537256f89d50839ffee506d cvs-1.11.17-8.RHEL4.ia64.rpm

ppc:
45b1d1fc3397f8c484835d6aea963dc8 cvs-1.11.17-8.RHEL4.ppc.rpm

s390:
56bbbddb91b8dcae6671cffe4c66e8f1 cvs-1.11.17-8.RHEL4.s390.rpm

s390x:
4d66f3e910fb772c21efffaefc8fdbc1 cvs-1.11.17-8.RHEL4.s390x.rpm

x86_64:
5f53a4781fe1a688a6af68ef294fe159 cvs-1.11.17-8.RHEL4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cvs-1.11.17-8.RHEL4.src.rpm
d544d5c637a6d4548afbb8eec213a2d6 cvs-1.11.17-8.RHEL4.src.rpm

i386:
175510834dbe9447bed0c56247105667 cvs-1.11.17-8.RHEL4.i386.rpm

x86_64:
5f53a4781fe1a688a6af68ef294fe159 cvs-1.11.17-8.RHEL4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cvs-1.11.17-8.RHEL4.src.rpm
d544d5c637a6d4548afbb8eec213a2d6 cvs-1.11.17-8.RHEL4.src.rpm

i386:
175510834dbe9447bed0c56247105667 cvs-1.11.17-8.RHEL4.i386.rpm

ia64:
a70bd224c537256f89d50839ffee506d cvs-1.11.17-8.RHEL4.ia64.rpm

x86_64:
5f53a4781fe1a688a6af68ef294fe159 cvs-1.11.17-8.RHEL4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cvs-1.11.17-8.RHEL4.src.rpm
d544d5c637a6d4548afbb8eec213a2d6 cvs-1.11.17-8.RHEL4.src.rpm

i386:
175510834dbe9447bed0c56247105667 cvs-1.11.17-8.RHEL4.i386.rpm

ia64:
a70bd224c537256f89d50839ffee506d cvs-1.11.17-8.RHEL4.ia64.rpm

x86_64:
5f53a4781fe1a688a6af68ef294fe159 cvs-1.11.17-8.RHEL4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2693

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

SUSE Linux

SUSE Security Announcement

Package: php4,php5
Announcement ID: SUSE-SA:2005:051
Date: Mon, 05 Sep 2005 10:00:00 +0000
Affected Products: 9.0, 9.1, 9.2, 9.3
SUSE Linux Enterprise Server 8, 9
Vulnerability Type: remote code execution
Severity (1-10): 8
SUSE Default Package: yes
Cross-References: CAN-2005-2491 CAN-2005-1921 CAN-2005-2498

Content of This Advisory:

Security Vulnerability Resolved: XML_RPC problems and PCRE integer overflows Problem Description
Solution or Work-Around
Special Instructions and Notes
Package Location and Checksums
Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report.
Authenticity Verification and Additional Information

1) Problem Description and Brief Discussion

This update fixes the following security issues in the PHP scripting language.

Bugs in the PEAR::XML_RPC library allowed remote attackers to pass arbitrary PHP code to the eval() function (CAN-2005-1921, CAN-2005-2498).
The Pear::XML_RPC library is not used by default in SUSE Linux, but might be used by third-party PHP applications.
An integer overflow bug was found in the PCRE (perl compatible regular expression) library which could be used by an attacker to potentially execute code. (CAN-2005-2491)
Please note:
This is a reissue of the previous PHP update (SUSE-SA:2005:049) which due to a mixup between PCRE version was causing breakage in nearly all PHP applications.

2) Solution or Work-Around

There is no known workaround, please install the update packages.

3) Special Instructions and Notes

Please close and restart all running instances of Apache and Apache2 after the update.

4) Package Location and Checksums

The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command

rpm -Fhv <file.rpm>

to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package.

Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web.

x86 Platform:

SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-mod_php4-4.3.3-196.i586.rpm cec496652002d4b9839c8cd3e52bda1e
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-4.3.3-196.i586.rpm fe0ccb1c242ab8ecd0c5ffdba6d44d01
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-aolserver-4.3.3-196.i586.rpm de914c91c71dc3ea4ed5135953c7d207
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-core-4.3.3-196.i586.rpm 0403f1160cbe921ec5b869cfed69e50c
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-devel-4.3.3-196.i586.rpm 88eb0ade1823c4d6a80eaf67b7a58122
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-servlet-4.3.3-196.i586.rpm d04d4a10dd24daa91319cfee8f848701 source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mod_php4-4.3.3-196.src.rpm 78c7187256423753cc7c61047f3f50d8

x86-64 Platform:

SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-mod_php4-4.3.3-196.x86_64.rpm 4d11fd42bbf56c6e8926cfc8c98309fa
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-4.3.3-196.x86_64.rpm 4ed077607cd5e38f6d446353ca0732c8
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-aolserver-4.3.3-196.x86_64.rpm 9f3eeef7c577478c290fc453362240af
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-core-4.3.3-196.x86_64.rpm 8d191c8d9696573755f8926a44b49bf5
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-devel-4.3.3-196.x86_64.rpm 32f2a745cad34cfc569ce5c17e02ff76
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-servlet-4.3.3-196.x86_64.rpm a864ce932e3bfc5aeec95fbd2267cd77 source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mod_php4-4.3.3-196.src.rpm dd9e0d81f19873a12755ce2a488d45ca

5) Pending Vulnerabilities, Solutions, and Work-Arounds:

See SUSE Security Summary Report.

6) Authenticity Verification and Additional Information

Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security@suse.de>"

where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with.
There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package:
1. Using the internal gpg signatures of the rpm package
2. MD5 checksums as provided in this announcement
1. The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command
  rpm -v --checksig <file.rpm>
  to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement.
2. If you need an alternative means of verification, use the md5sum
  command to verify the authenticity of the packages. Execute the command
  md5sum <filename.rpm>
  after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security@suse.de), the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified.
SUSE runs two security mailing lists to which any interested party may subscribe:
suse-security@suse.com
General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list. To subscribe, send an e-mail to
<suse-security-subscribe@suse.com>.
suse-security-announce@suse.com
SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to
<suse-security-announce-subscribe@suse.com>.
For general information or the frequently asked questions (FAQ), send mail to <suse-security-info@suse.com> or <suse-security-faq@suse.com>.

SUSE's security contact is <security@suse.com> or <security@suse.de>. The <security@suse.de> public key is listed below.

The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text.

SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory.

Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>

Ubuntu Linux

Ubuntu Security Notice USN-145-2 September 06, 2005
wget bug fix
http://bugzilla.ubuntu.com/show_bug.cgi?id=12604

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

wget

The problem can be corrected by upgrading the affected package to version 1.9.1-10ubuntu2.2. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

USN-145-1 fixed several vulnerabilities in wget. However, Ralph Corderoy discovered some regressions that caused wget to crash in some cases. The updated version fixes this flaw.

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.9.1-10ubuntu2.2.diff.gz
      Size/MD5: 81829 d13dad0a2cbcf7014acf41f1a7df205a
    http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.9.1-10ubuntu2.2.dsc
      Size/MD5: 667 2c656adefaf1e4bd34e84a342e48ea6a
    http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.9.1.orig.tar.gz
      Size/MD5: 1322378 e6051f1e1487ec0ebfdbda72bedc70ad

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.9.1-10ubuntu2.2_amd64.deb
Size/MD5: 211712 cd7703238a4c50fdf822a181a6da94b3

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.9.1-10ubuntu2.2_i386.deb
Size/MD5: 202452 70bb4cdc51556eea2d88b13c91505622

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/w/wget/wget_1.9.1-10ubuntu2.2_powerpc.deb
Size/MD5: 209212 61da799c9a288f400ac974a96822ff04