Linux Today - Advisories, January 11, 2006

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices

Technology Jobs

LinuxToday Newsletters

Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com

Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

Current Newswire:

20 popular Ubuntu Linux apps you may want to try

A Selection of the Very Best Open Source Tutorials and Tools

Android Ice Cream Sandwich ported to x86 tablets, netbooks and notebooks

SECURITY: Google Chrome 17 Improves Security

How to read a CSV file in Perl?

Red Hat Brings Gluster to Amazon Cloud

New Linux kernel fixes power-saving issues

Using Wii remote with Android Device- Taking Gaming to the Next Level

Commercial Support now available for the open-source NGINX Web server

Linux Top 5: Linux's New Fellow

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Post A Job | Post A Resume

:Advisories, January 11, 2006

Advisories, January 11, 2006
Jan 12, 2006, 04 :45 UTC (0 Talkback[s]) (3066 reads)

Debian GNU/Linux

Debian Security Advisory DSA 936-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 11th, 2006 http://www.debian.org/security/faq

Package : libextractor
Vulnerability : buffer overflows
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-2097 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628

"infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from files, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

The old stable distribution (woody) does not contain libextractor packages.

For the stable distribution (sarge) these problems have been fixed in version 0.4.2-2sarge2.

For the unstable distribution (sid) these problems have been fixed in version 0.5.8-1.

We recommend that you upgrade your libextractor packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge2.dsc
      Size/MD5 checksum: 778 6906857074772199e2a8a892feb3aae2
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge2.diff.gz
      Size/MD5 checksum: 6345 c214699bde0bfad501cede35488b4f09
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2.orig.tar.gz
      Size/MD5 checksum: 5887095 d99e1b13a017d39700e376a0edbf7ba2

Alpha architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_alpha.deb
      Size/MD5 checksum: 19424 59bb8cddd5c80fb1cba57796b9445dab
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_alpha.deb
      Size/MD5 checksum: 5804676 9942575a95cb97dfcae26b156dca7a58
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_alpha.deb
      Size/MD5 checksum: 19204 fed48ebb930e6a7d3484bd75c8263a81

AMD64 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_amd64.deb
      Size/MD5 checksum: 18098 7d4a40679062c4d2d70f9c08dc785559
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_amd64.deb
      Size/MD5 checksum: 5641300 ff1bac0e15d1a6ff630a6ced168e284f
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_amd64.deb
      Size/MD5 checksum: 17364 54dd55236286550d6cadc8dbb3df9ccd

ARM architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_arm.deb
      Size/MD5 checksum: 17480 aa541fc867f51588b676aa23d34e25a8
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_arm.deb
      Size/MD5 checksum: 5710616 ed153d5e88e899f4e27ae5a67c5e45d0
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_arm.deb
      Size/MD5 checksum: 16784 7a7f73139e8c0c62187179e993734932

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_i386.deb
      Size/MD5 checksum: 17624 5419b495e3df96a658e1323c83f7faf9
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_i386.deb
      Size/MD5 checksum: 5713300 1bc2a3ab8b321b543a1ae92590e76f8b
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_i386.deb
      Size/MD5 checksum: 16546 71e4044ff8d923cd56d4bb046be1b37f

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_ia64.deb
      Size/MD5 checksum: 20404 cdea8cf2f6cd2b8a761ccca2a2d85421
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_ia64.deb
      Size/MD5 checksum: 5905266 98f5de1716817b660791a92d5ee7c6a6
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_ia64.deb
      Size/MD5 checksum: 19140 d780e22f3cd6c6204de3db711f068dcd

HP Precision architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_hppa.deb
      Size/MD5 checksum: 18560 70ae8b43a0cd581a36a8097fc94c2172
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_hppa.deb
      Size/MD5 checksum: 5687318 a241f7e800ac5cbd7f45fdafeae267ac
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_hppa.deb
      Size/MD5 checksum: 17710 c1848801758081872515d88f86938537

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_m68k.deb
      Size/MD5 checksum: 17184 d64fcc89500919e03805e47dbb9eca52
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_m68k.deb
      Size/MD5 checksum: 5708190 0d20df48cd437a99544bf748a1c89ea9
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_m68k.deb
      Size/MD5 checksum: 16404 0e47447d4b7007d4016c32a81f2b66f4

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_mips.deb
      Size/MD5 checksum: 18416 38f460cbf16a6c2a3c735c5a6545013a
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_mips.deb
      Size/MD5 checksum: 5729074 76787645b83e4438fc79325410114c99
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_mips.deb
      Size/MD5 checksum: 17700 8cbf4e1556b59d982589d27e5af1211e

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_mipsel.deb
      Size/MD5 checksum: 18460 dfaad60fd479b74c72c46680d92c5920
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_mipsel.deb
      Size/MD5 checksum: 5726846 0d9ad0d53eddd3503cdc2fce6b118595
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_mipsel.deb
      Size/MD5 checksum: 17734 a74a4df56930cd6e1ec289a714fe2225

PowerPC architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_powerpc.deb
      Size/MD5 checksum: 19600 0fbb4093db271d5924d8e1fb81d0c5c3
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_powerpc.deb
      Size/MD5 checksum: 5677812 543192c6a5b6b89fdc0cc0c5b3f2befe
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_powerpc.deb
      Size/MD5 checksum: 17556 bd868a198744609509201e7af0e33ab9

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_s390.deb
      Size/MD5 checksum: 17974 f16109dd971b139abc8a2194731e33c8
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_s390.deb
      Size/MD5 checksum: 5768028 dfda84e8d1a0e53794418a77a09d801f
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_s390.deb
      Size/MD5 checksum: 17918 da3bb3df7f86443b1f36ed4b5bcc0113

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_sparc.deb
      Size/MD5 checksum: 17480 1ef23c92384723ab64b315b7d8d51089
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_sparc.deb
      Size/MD5 checksum: 5752164 91a3ad11d2f029e99955b2c54088e034
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_sparc.deb
      Size/MD5 checksum: 16696 87e4150b6738d9921728a1e594bc4904

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Fedora Core

Fedora Update Notification
FEDORA-2005-026
2006-01-10

Product : Fedora Core 4
Name : poppler
Version : 0.4.4
Release : 1.1
Summary : PDF rendering library

Description :
Poppler, a PDF rendering library, it's a fork of the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC.

Update Information:

Chris Evans discovered several flaws in the way poppler processes PDF files. An attacker could construct a carefully crafted PDF file that could cause poppler to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.

Tue Jan 10 2006 Kristian HÃ¸gsberg <krh@redhat.com> 0.4.4-1.1
- Update to 0.4.4 release and drop poppler-0.4.3-CVE-2005-3191.patch/.

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

3690ab8e7d8e717f6fe2580a81738c579996357f SRPMS/poppler-0.4.4-1.1.src.rpm
1597b8461a8bd1972aee62d4e1b2027dcf2bbc42 ppc/poppler-0.4.4-1.1.ppc.rpm
363d5fcff948292d5f60663309df7bd147ddb7e7 ppc/poppler-devel-0.4.4-1.1.ppc.rpm
e372992802a3e1867dcbab31e4a69720065809c8 ppc/debug/poppler-debuginfo-0.4.4-1.1.ppc.rpm
6c30672e65b4f257812f0a6c1e4443aa8354e687 x86_64/poppler-0.4.4-1.1.x86_64.rpm
9ad63986347bb0de8cadb1fca0df69d865cbef4a x86_64/poppler-devel-0.4.4-1.1.x86_64.rpm
ed87f5deb75bcef2cfe15d2ea5a33991eb4227cb x86_64/debug/poppler-debuginfo-0.4.4-1.1.x86_64.rpm
1571c13ca07473bf880dad9712c2505fdf7d4e71 i386/poppler-0.4.4-1.1.i386.rpm
798f241bcec802e7d0c6ef09aebdaebd4f112d9c i386/poppler-devel-0.4.4-1.1.i386.rpm
2f18e087f3eb11a56204ef3caaedba900ba86eb9 i386/debug/poppler-debuginfo-0.4.4-1.1.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

Fedora Update Notification
FEDORA-2005-027
2006-01-11

Product : Fedora Core 4
Name : xpdf
Version : 3.01
Release : 0.FC4.6
Summary : A PDF file viewer for the X Window System.

Description :
Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts.

Update Information:

Several flaws were discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-3193 to these issues.

Users of xpdf should upgrade to this updated package, which contains a patch to resolve these issues.

Tue Jan 10 2006 Karsten Hopp <karsten@redhat.de> 3.01-0.FC4.6
- fix CAN-2005-3193

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

abcb9d558d81aeb50a79250f522ca1a2de84552d SRPMS/xpdf-3.01-0.FC4.6.src.rpm
e9ae07e2016909f1eb62086122e6bfa8fe50f556 ppc/xpdf-3.01-0.FC4.6.ppc.rpm
b01ff97230638824488cc394d48cfb91eb7133e9 ppc/debug/xpdf-debuginfo-3.01-0.FC4.6.ppc.rpm
db46595730362036160d6e3779a44fc505484000 x86_64/xpdf-3.01-0.FC4.6.x86_64.rpm
1e94f6bf5c73d66bba7bf7997b465f7fa443da80 x86_64/debug/xpdf-debuginfo-3.01-0.FC4.6.x86_64.rpm
2a6e19b6b68188c12c7e15366a748536d575f828 i386/xpdf-3.01-0.FC4.6.i386.rpm
122f060d60aee3e313ddede8a98cf09da51f1b25 i386/debug/xpdf-debuginfo-3.01-0.FC4.6.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

Fedora Legacy

Fedora Legacy Update Advisory

Synopsis: Updated ethereal packages fix security issues
Advisory ID: FLSA:152922
Issue date: 2006-01-09
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CAN-2004-1139, CAN-2004-1140, CVE-2004-1141, CVE-2004-1142, CVE-2005-0006, CVE-2005-0007, CVE-2005-0008, CVE-2005-0009, CVE-2005-0010, CVE-2005-0084, CVE-2005-0699, CVE-2005-0704, CVE-2005-0705, CVE-2005-0739, CVE-2005-1456, CVE-2005-1457, CVE-2005-1458, CVE-2005-1459, CVE-2005-1460, CVE-2005-1461, CVE-2005-1462, CVE-2005-1463, CVE-2005-1464, CVE-2005-1465, CVE-2005-1466, CVE-2005-1467, CVE-2005-1468, CVE-2005-1469, CVE-2005-1470, CVE-2005-2360, CVE-2005-2361, CVE-2005-2362, CVE-2005-2363, CVE-2005-2364, CVE-2005-2365, CVE-2005-2366, CVE-2005-2367, CVE-2005-3241, CVE-2005-3242, CVE-2005-3243, CVE-2005-3244, CVE-2005-3245, CVE-2005-3246, CVE-2005-3247, CVE-2005-3248, CVE-2005-3249, and CVE-2005-3184.

1. Topic:

Updated Ethereal packages that fix various security vulnerabilities are now available.

Ethereal is a program for monitoring network traffic.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386

3. Problem description:

A number of security flaws have been discovered in Ethereal. On a system where Ethereal is running, a remote attacker could send malicious packets to trigger these flaws and cause Ethereal to crash or potentially execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the following names to these issues:

CAN-2004-1139, CAN-2004-1140, CVE-2004-1141, CVE-2004-1142, CVE-2005-0006, CVE-2005-0007, CVE-2005-0008, CVE-2005-0009, CVE-2005-0010, CVE-2005-0084, CVE-2005-0699, CVE-2005-0704, CVE-2005-0705, CVE-2005-0739, CVE-2005-1456, CVE-2005-1457, CVE-2005-1458, CVE-2005-1459, CVE-2005-1460, CVE-2005-1461, CVE-2005-1462, CVE-2005-1463, CVE-2005-1464, CVE-2005-1465, CVE-2005-1466, CVE-2005-1467, CVE-2005-1468, CVE-2005-1469, CVE-2005-1470, CVE-2005-2360, CVE-2005-2361, CVE-2005-2362, CVE-2005-2363, CVE-2005-2364, CVE-2005-2365, CVE-2005-2366, CVE-2005-2367, CVE-2005-3241, CVE-2005-3242, CVE-2005-3243, CVE-2005-3244, CVE-2005-3245, CVE-2005-3246, CVE-2005-3247, CVE-2005-3248, CVE-2005-3249, and CVE-2005-3184.

Users of Ethereal should upgrade to these updated packages which contain version 0.10.13 and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152922

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/ethereal-0.10.13-0.73.1.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ethereal-0.10.13-0.73.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ethereal-gnome-0.10.13-0.73.1.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/ethereal-0.10.13-0.90.1.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ethereal-0.10.13-0.90.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ethereal-gnome-0.10.13-0.90.1.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/ethereal-0.10.13-1.FC1.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/ethereal-0.10.13-1.FC1.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/ethereal-gnome-0.10.13-1.FC1.3.legacy.i386.rpm

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/ethereal-0.10.13-1.FC2.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/ethereal-0.10.13-1.FC2.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/ethereal-gnome-0.10.13-1.FC2.2.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name

b6ec3227ce109dee158226168c100e726bfc20e3 redhat/7.3/updates/i386/ethereal-0.10.13-0.73.1.legacy.i386.rpm
76bf3ca139e814ced155cab659e2845713baeee8 redhat/7.3/updates/i386/ethereal-gnome-0.10.13-0.73.1.legacy.i386.rpm
27d46417d6c70d7696ce51bb0eda1eca4c09306c redhat/7.3/updates/SRPMS/ethereal-0.10.13-0.73.1.legacy.src.rpm

f40d4d125f74b5b2320b5f9c07a4dfe3a38b6070 redhat/9/updates/i386/ethereal-0.10.13-0.90.1.legacy.i386.rpm
d2a08d88c8c22d375f36ebcaf480b580244e7b8f redhat/9/updates/i386/ethereal-gnome-0.10.13-0.90.1.legacy.i386.rpm
51e96ba6f6d6448370fd1d7e88bce2be2561f5b8 redhat/9/updates/SRPMS/ethereal-0.10.13-0.90.1.legacy.src.rpm

1f7a8447e658a08866f8050458c130793684ea72 fedora/1/updates/i386/ethereal-0.10.13-1.FC1.3.legacy.i386.rpm
15198b45cdf68437b14cf37476b4eacb93313547 fedora/1/updates/i386/ethereal-gnome-0.10.13-1.FC1.3.legacy.i386.rpm
7df377ffb3f5267fc65e11adb54882d92135b405 fedora/1/updates/SRPMS/ethereal-0.10.13-1.FC1.3.legacy.src.rpm

f50e59779e38adf3de331c9f1b71f49ddb5dec11 fedora/2/updates/i386/ethereal-0.10.13-1.FC2.2.legacy.i386.rpm
92c6b494330da5f7c6757bec6004d9110786c914 fedora/2/updates/i386/ethereal-gnome-0.10.13-1.FC2.2.legacy.i386.rpm
aa43704fe2deb8aa46b3e61e3884470d9911e1fa fedora/2/updates/SRPMS/ethereal-0.10.13-1.FC2.2.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org

Fedora Legacy Update Advisory

Synopsis: Updated mozilla packages fix security issues
Advisory ID: FLSA:168375
Issue date: 2006-01-09
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-2701 CVE-2005-2702 CVE-2005-2703 CVE-2005-2704 CVE-2005-2705 CVE-2005-2706 CVE-2005-2707 CVE-2005-2871 CVE-2005-3089

1. Topic:

Updated mozilla packages that fix several security bugs are now available.

Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386

3. Problem description:

A bug was found in the way Mozilla processes XBM image files. If a user views a specially crafted XBM file, it becomes possible to execute arbitrary code as the user running Mozilla. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-2701 to this issue.

A bug was found in the way Mozilla processes certain Unicode sequences. It may be possible to execute arbitrary code as the user running Mozilla, if the user views a specially crafted Unicode sequence. (CVE-2005-2702)

A bug was found in the way Mozilla makes XMLHttp requests. It is possible that a malicious web page could leverage this flaw to exploit other proxy or server flaws from the victim's machine. It is also possible that this flaw could be leveraged to send XMLHttp requests to hosts other than the originator; the default behavior of the browser is to disallow this. (CVE-2005-2703)

A bug was found in the way Mozilla implemented its XBL interface. It may be possible for a malicious web page to create an XBL binding in a way that would allow arbitrary JavaScript execution with chrome permissions. Please note that in Mozilla 1.7.10 this issue is not directly exploitable and would need to leverage other unknown exploits. (CVE-2005-2704)

An integer overflow bug was found in Mozilla's JavaScript engine. Under favorable conditions, it may be possible for a malicious web page to execute arbitrary code as the user running Mozilla. (CVE-2005-2705)

A bug was found in the way Mozilla displays about: pages. It is possible for a malicious web page to open an about: page, such as about:mozilla, in such a way that it becomes possible to execute JavaScript with chrome privileges. (CVE-2005-2706)

A bug was found in the way Mozilla opens new windows. It is possible for a malicious web site to construct a new window without any user interface components, such as the address bar and the status bar. This window could then be used to mislead the user for malicious purposes. (CVE-2005-2707)

A bug was found in the way Mozilla processes certain international domain names. An attacker could create a specially crafted HTML file, which when viewed by the victim would cause Mozilla to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CAN-2005-2871 to this issue.

Users of Mozilla are advised to upgrade to these updated packages that contain Mozilla version 1.7.12 and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168375

6. RPMs required:

Red Hat Linux 7.3:

SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/mozilla-1.7.12-0.73.2.legacy.src.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/galeon-1.2.14-0.73.5.legacy.src.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/mozilla-1.7.12-0.90.1.legacy.src.rpm
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/galeon-1.2.14-0.90.5.legacy.src.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/mozilla-1.7.12-1.1.1.legacy.src.rpm
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/epiphany-1.0.8-1.fc1.5.legacy.src.rpm

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/mozilla-1.7.12-1.2.1.legacy.src.rpm
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/epiphany-1.2.10-0.2.6.legacy.src.rpm
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/devhelp-0.9.1-0.2.9.legacy.src.rpm

7. Verification:

SHA1 sum Package Name

0ae10dbacdb2472a628a50bf8c5e8f2f54c05e8b redhat/7.3/updates/i386/mozilla-1.7.12-0.73.2.legacy.i386.rpm
bff4f2c1d9275bd23d77485aaba9cba2711cd059 redhat/7.3/updates/i386/mozilla-chat-1.7.12-0.73.2.legacy.i386.rpm
f03b386ccc78f9e7701e9a13bc7b8d20a1ffa6a1 redhat/7.3/updates/i386/mozilla-devel-1.7.12-0.73.2.legacy.i386.rpm
07c3079647613a446cc228c52dd30bf680577a7a redhat/7.3/updates/i386/mozilla-dom-inspector-1.7.12-0.73.2.legacy.i386.rpm
6b784f7a3d316f2cba036edff3de9b0655a931a0 redhat/7.3/updates/i386/mozilla-js-debugger-1.7.12-0.73.2.legacy.i386.rpm
3117c8a563e96c6680a67d54838cb80edd2d1bdb redhat/7.3/updates/i386/mozilla-mail-1.7.12-0.73.2.legacy.i386.rpm
7c8a98aa917aa25a8da0111ddf0dd14af97dae29 redhat/7.3/updates/i386/mozilla-nspr-1.7.12-0.73.2.legacy.i386.rpm
af0566c481a1c71ca829acbe1a6236a0c8357500 redhat/7.3/updates/i386/mozilla-nspr-devel-1.7.12-0.73.2.legacy.i386.rpm
13f7e9de34bde44148fc937b8af67a646d05a088 redhat/7.3/updates/i386/mozilla-nss-1.7.12-0.73.2.legacy.i386.rpm
38a2c8ae78b113999ca96cb6e6cded4546e8d12f redhat/7.3/updates/i386/mozilla-nss-devel-1.7.12-0.73.2.legacy.i386.rpm
d4ed2b56c7c9d3fce0798f8c8896532513e39cd0 redhat/7.3/updates/SRPMS/mozilla-1.7.12-0.73.2.legacy.src.rpm
5e150015de68be25c45dad3a1bd9b3a2d377845c redhat/7.3/updates/i386/galeon-1.2.14-0.73.5.legacy.i386.rpm
386ee463b84c4749942c1cb0c9f9f56111729c1c redhat/7.3/updates/SRPMS/galeon-1.2.14-0.73.5.legacy.src.rpm

5282b6d81fa7dbd45f506921da3800fa233ace20 redhat/9/updates/i386/mozilla-1.7.12-0.90.1.legacy.i386.rpm
c4ae587e77b7905666079958c199f01726542afb redhat/9/updates/i386/mozilla-chat-1.7.12-0.90.1.legacy.i386.rpm
65dd772102dd18492e3d1dcf57c25c8e2dc266b4 redhat/9/updates/i386/mozilla-devel-1.7.12-0.90.1.legacy.i386.rpm
d9037fbae761a3be89464b49a3e4d0144fe5f902 redhat/9/updates/i386/mozilla-dom-inspector-1.7.12-0.90.1.legacy.i386.rpm
7286328e5e852d54054842499991b757a611764a redhat/9/updates/i386/mozilla-js-debugger-1.7.12-0.90.1.legacy.i386.rpm
ce0434655656869055dd1c241d8e4ec87b116332 redhat/9/updates/i386/mozilla-mail-1.7.12-0.90.1.legacy.i386.rpm
f8b6ac8a06f09586dae8c0b6b5ee1ac477441a9b redhat/9/updates/i386/mozilla-nspr-1.7.12-0.90.1.legacy.i386.rpm
4e3e35121ee0b7af06741ed55b8940dbfff75729 redhat/9/updates/i386/mozilla-nspr-devel-1.7.12-0.90.1.legacy.i386.rpm
084505eb96bf88a56674de30742f65488456b605 redhat/9/updates/i386/mozilla-nss-1.7.12-0.90.1.legacy.i386.rpm
cdf65aa899b79b48e0887ef39ca91302e6d15681 redhat/9/updates/i386/mozilla-nss-devel-1.7.12-0.90.1.legacy.i386.rpm
5a2acb7f2793efb7f10255b92612e77a1d9e65bb redhat/9/updates/SRPMS/mozilla-1.7.12-0.90.1.legacy.src.rpm
74020053368e66bfd9efce5ba562c63f69a577d6 redhat/9/updates/i386/galeon-1.2.14-0.90.5.legacy.i386.rpm
2b4d838851a2281850c46ba31431e648a00499a3 redhat/9/updates/SRPMS/galeon-1.2.14-0.90.5.legacy.src.rpm

18c32412474b8a52d801d2fc4ed81495b68ea951 fedora/1/updates/i386/mozilla-1.7.12-1.1.1.legacy.i386.rpm
07750f8d1e9c3837fb6914501da8dfea7d4020d4 fedora/1/updates/i386/mozilla-chat-1.7.12-1.1.1.legacy.i386.rpm
ab9fc23d55b6d15343033e0c8ed9421dc3863722 fedora/1/updates/i386/mozilla-devel-1.7.12-1.1.1.legacy.i386.rpm
6847a3a144b5f35d03fadefcc908c94b865905d3 fedora/1/updates/i386/mozilla-dom-inspector-1.7.12-1.1.1.legacy.i386.rpm
7f1d643d23e0d0f03230b6f5737d00cf2a1668b9 fedora/1/updates/i386/mozilla-js-debugger-1.7.12-1.1.1.legacy.i386.rpm
881f6ca2c2db756f3f5def713824f4d7081e3493 fedora/1/updates/i386/mozilla-mail-1.7.12-1.1.1.legacy.i386.rpm
ccf82ba2d865f59f45160ac3f01b5f1bb9b30dde fedora/1/updates/i386/mozilla-nspr-1.7.12-1.1.1.legacy.i386.rpm
5e7d244a529051309619e1c4ff11ecc556e4eae6 fedora/1/updates/i386/mozilla-nspr-devel-1.7.12-1.1.1.legacy.i386.rpm
aa8c2bce17d85f5233060849bb49472ddaf5565f fedora/1/updates/i386/mozilla-nss-1.7.12-1.1.1.legacy.i386.rpm
ff7b95a361c1d7687e9cffef62e069731652fdb2 fedora/1/updates/i386/mozilla-nss-devel-1.7.12-1.1.1.legacy.i386.rpm
78828bdf69c50385edce0ce157ec0eb6fc08146c fedora/1/updates/SRPMS/mozilla-1.7.12-1.1.1.legacy.src.rpm
06a88b65df00bd254ec70948c5e37e43d6484af4 fedora/1/updates/i386/epiphany-1.0.8-1.fc1.5.legacy.i386.rpm
7562c2a419340f1d5e3fe57073af7a4f1f126306 fedora/1/updates/SRPMS/epiphany-1.0.8-1.fc1.5.legacy.src.rpm

2b7201d0640279090ba36b881cee56444f12a9b6 fedora/2/updates/i386/mozilla-1.7.12-1.2.1.legacy.i386.rpm
7158928cb2a91dd5acfbbe6d4cd90bdb93060178 fedora/2/updates/i386/mozilla-chat-1.7.12-1.2.1.legacy.i386.rpm
c21b66c22ded12a42375d75724673b7a1816543b fedora/2/updates/i386/mozilla-devel-1.7.12-1.2.1.legacy.i386.rpm
eddc9d39ddfb6562ad22c793ff9ba945ab4f4f78 fedora/2/updates/i386/mozilla-dom-inspector-1.7.12-1.2.1.legacy.i386.rpm
2f95ea57e64e31484cdb3ae7c74eddbad8aa43b0 fedora/2/updates/i386/mozilla-js-debugger-1.7.12-1.2.1.legacy.i386.rpm
2853941cb5115c58b0f02f61abe883d00186707b fedora/2/updates/i386/mozilla-mail-1.7.12-1.2.1.legacy.i386.rpm
349a2fe95bf5e792a5dc4b981f1af31b7a02b520 fedora/2/updates/i386/mozilla-nspr-1.7.12-1.2.1.legacy.i386.rpm
f48748f29967b40255e8a64620612cc39d497340 fedora/2/updates/i386/mozilla-nspr-devel-1.7.12-1.2.1.legacy.i386.rpm
c9c6b6437bb73536aab3848e16d12090c376877d fedora/2/updates/i386/mozilla-nss-1.7.12-1.2.1.legacy.i386.rpm
5e20ad8d5d237a7aec66ca6ed6a5b4de806db106 fedora/2/updates/i386/mozilla-nss-devel-1.7.12-1.2.1.legacy.i386.rpm
428bd0ee614bf6e25d473a82d666e5e9c7212f5a fedora/2/updates/SRPMS/mozilla-1.7.12-1.2.1.legacy.src.rpm
04fd8328845ef860a6a61d3a8f001f8ce1aafcac fedora/2/updates/i386/epiphany-1.2.10-0.2.6.legacy.i386.rpm
005dfc66f6dc4288457983397850db041f845e19 fedora/2/updates/SRPMS/epiphany-1.2.10-0.2.6.legacy.src.rpm
24d7a3574244da838fabb07f1ac91071e8015202 fedora/2/updates/i386/devhelp-0.9.1-0.2.9.legacy.i386.rpm
36480970cf8a3639a956192959ba6f766e6b819e fedora/2/updates/i386/devhelp-devel-0.9.1-0.2.9.legacy.i386.rpm
c5c049361828b011e956bce2b07e21724b108ddb fedora/2/updates/SRPMS/devhelp-0.9.1-0.2.9.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org

Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2006:010
http://www.mandriva.com/security/

Package : cups
Date : January 10, 2006
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0

Problem Description:

Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191)

Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01 allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. (CVE-2005-3192)

Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. (CVE-2005-3193)

An additional patch re-addresses memory allocation routines in goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE).

In addition, Chris Evans discovered several other vulnerbilities in the xpdf code base:

Out-of-bounds heap accesses with large or negative parameters to "FlateDecode" stream. (CVE-2005-3192)

Out-of-bounds heap accesses with large or negative parameters to "CCITTFaxDecode" stream. (CVE-2005-3624)

Infinite CPU spins in various places when stream ends unexpectedly. (CVE-2005-3625)

NULL pointer crash in the "FlateDecode" stream. (CVE-2005-3626)

Overflows of compInfo array in "DCTDecode" stream. (CVE-2005-3627)

Possible to use index past end of array in "DCTDecode" stream. (CVE-2005-3627)

Possible out-of-bounds indexing trouble in "DCTDecode" stream. (CVE-2005-3627)

CUPS uses an embedded copy of the xpdf code, with the same vulnerabilities.

The updated packages have been patched to correct these problems.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628

Updated Packages:

Mandriva Linux 10.1:
b5c52be00b23507bcd130c9e7d1ddd50 10.1/RPMS/cups-1.1.21-0.rc1.7.8.101mdk.i586.rpm
3c98e0ba4a584ca32a2a25eb20b33a39 10.1/RPMS/cups-common-1.1.21-0.rc1.7.8.101mdk.i586.rpm
1fe768077621d37fa855f51baeecd414 10.1/RPMS/cups-serial-1.1.21-0.rc1.7.8.101mdk.i586.rpm
4d8cc497b444ef413726f305af275a6a 10.1/RPMS/libcups2-1.1.21-0.rc1.7.8.101mdk.i586.rpm
a4d621ee0eccb8f95791b991fac95768 10.1/RPMS/libcups2-devel-1.1.21-0.rc1.7.8.101mdk.i586.rpm
7e0e073cfdd7c43d255aa80ed37c28d1 10.1/SRPMS/cups-1.1.21-0.rc1.7.8.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
c782703a80182ba0f194a3fe59e29671 x86_64/10.1/RPMS/cups-1.1.21-0.rc1.7.8.101mdk.x86_64.rpm
77ddacf0c0a0e327190ff86c797a7eb3 x86_64/10.1/RPMS/cups-common-1.1.21-0.rc1.7.8.101mdk.x86_64.rpm
88f6f078e7bdf537359b12df1b116875 x86_64/10.1/RPMS/cups-serial-1.1.21-0.rc1.7.8.101mdk.x86_64.rpm
bba6774180d2f868f962f8ea8b6e0e51 x86_64/10.1/RPMS/lib64cups2-1.1.21-0.rc1.7.8.101mdk.x86_64.rpm
9cc3515dc6a6655e89a492a3664cea67 x86_64/10.1/RPMS/lib64cups2-devel-1.1.21-0.rc1.7.8.101mdk.x86_64.rpm
7e0e073cfdd7c43d255aa80ed37c28d1 x86_64/10.1/SRPMS/cups-1.1.21-0.rc1.7.8.101mdk.src.rpm

Mandriva Linux 10.2:
5765c4454d6295a4a7cfc6eeeca70c77 10.2/RPMS/cups-1.1.23-11.2.102mdk.i586.rpm
d18d807072f5cc3d1c4ef98a2cf911ab 10.2/RPMS/cups-common-1.1.23-11.2.102mdk.i586.rpm
ef4f68b6a7b2201abd2bb3c70fe296be 10.2/RPMS/cups-serial-1.1.23-11.2.102mdk.i586.rpm
29ae7290946944562087a0191142e9cc 10.2/RPMS/libcups2-1.1.23-11.2.102mdk.i586.rpm
a853346dc6688da93a3231d12c1728f6 10.2/RPMS/libcups2-devel-1.1.23-11.2.102mdk.i586.rpm
5862692ff8114c7f78a808e946c371e6 10.2/SRPMS/cups-1.1.23-11.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
9d2e1052c4aeb7f6aad3e0d3c60f85d8 x86_64/10.2/RPMS/cups-1.1.23-11.2.102mdk.x86_64.rpm
8dfe2e759e0749cf7b7acdf077fab2e8 x86_64/10.2/RPMS/cups-common-1.1.23-11.2.102mdk.x86_64.rpm
0ae798ff3cad9bf639db492d3717ff99 x86_64/10.2/RPMS/cups-serial-1.1.23-11.2.102mdk.x86_64.rpm
b85e0f3831dae734217d76930813909b x86_64/10.2/RPMS/lib64cups2-1.1.23-11.2.102mdk.x86_64.rpm
38f5140a72acf7689b599bef9f923000 x86_64/10.2/RPMS/lib64cups2-devel-1.1.23-11.2.102mdk.x86_64.rpm
5862692ff8114c7f78a808e946c371e6 x86_64/10.2/SRPMS/cups-1.1.23-11.2.102mdk.src.rpm

Mandriva Linux 2006.0:
7fa2fe8c6e545eb18fd69f037688d701 2006.0/RPMS/cups-1.1.23-17.1.20060mdk.i586.rpm
045c02e7fe8e5c5a7c19710170892847 2006.0/RPMS/cups-common-1.1.23-17.1.20060mdk.i586.rpm
d0246199b3ca4cb26e91490fd85994f4 2006.0/RPMS/cups-serial-1.1.23-17.1.20060mdk.i586.rpm
f8b9623d2d7a925196c3496c6f8c491d 2006.0/RPMS/libcups2-1.1.23-17.1.20060mdk.i586.rpm
dca5e3b78ef5941f8f6880197e7c02c0 2006.0/RPMS/libcups2-devel-1.1.23-17.1.20060mdk.i586.rpm
f54c5483e511e5f94706d25d04b9bed7 2006.0/SRPMS/cups-1.1.23-17.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
2f3de58ff175a564fe4949538632af96 x86_64/2006.0/RPMS/cups-1.1.23-17.1.20060mdk.x86_64.rpm
f411ec48c957768194cde193e5693a9e x86_64/2006.0/RPMS/cups-common-1.1.23-17.1.20060mdk.x86_64.rpm
4ca9fcdc1d9c90c0d00cb5ba4c80ad06 x86_64/2006.0/RPMS/cups-serial-1.1.23-17.1.20060mdk.x86_64.rpm
c869457a90e4113d284730074dfa8b4e x86_64/2006.0/RPMS/lib64cups2-1.1.23-17.1.20060mdk.x86_64.rpm
98f854ccb1cff62ac98c70213d9da0f8 x86_64/2006.0/RPMS/lib64cups2-devel-1.1.23-17.1.20060mdk.x86_64.rpm
f54c5483e511e5f94706d25d04b9bed7 x86_64/2006.0/SRPMS/cups-1.1.23-17.1.20060mdk.src.rpm

Corporate Server 2.1:
3a4a7fadc8472a8b9df603d06173a12b corporate/2.1/RPMS/cups-1.1.18-2.12.C21mdk.i586.rpm
8142c0e40cac5993bf87b20867403225 corporate/2.1/RPMS/cups-common-1.1.18-2.12.C21mdk.i586.rpm
a4246d3a163aad65368ad436ee271d3d corporate/2.1/RPMS/cups-serial-1.1.18-2.12.C21mdk.i586.rpm
61e710d2dbd5c3b24980a3aee8027609 corporate/2.1/RPMS/libcups1-1.1.18-2.12.C21mdk.i586.rpm
26b64c12e3b8b48e214fd7070f547879 corporate/2.1/RPMS/libcups1-devel-1.1.18-2.12.C21mdk.i586.rpm
06625c0147c5e2aaebd3575ed0133e6b corporate/2.1/SRPMS/cups-1.1.18-2.12.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
fd0907a5db87cc55f999f05183866f4e x86_64/corporate/2.1/RPMS/cups-1.1.18-2.12.C21mdk.x86_64.rpm
7fb05a22ddee7df584552964b3c29d77 x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.12.C21mdk.x86_64.rpm
bf0863a6b7616e34678b6866e2c4d6df x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.12.C21mdk.x86_64.rpm
d3925af3dc401c15a7d5a5da02b7469b x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.12.C21mdk.x86_64.rpm
fdc4cdf8756b835b28b6e6d6945914e4 x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.12.C21mdk.x86_64.rpm
06625c0147c5e2aaebd3575ed0133e6b x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.12.C21mdk.src.rpm

Corporate 3.0:
18480c0d569725ed5f5542a6e118e01a corporate/3.0/RPMS/cups-1.1.20-5.10.C30mdk.i586.rpm
41eed97b13410174f82c85e43b2b9c9f corporate/3.0/RPMS/cups-common-1.1.20-5.10.C30mdk.i586.rpm
c371b67e6315faae8afcd686a5f1affb corporate/3.0/RPMS/cups-serial-1.1.20-5.10.C30mdk.i586.rpm
43f1a46effe9a488642fbe7ba7932477 corporate/3.0/RPMS/libcups2-1.1.20-5.10.C30mdk.i586.rpm
da7a75b3e56a8ad8812bd88e078c4567 corporate/3.0/RPMS/libcups2-devel-1.1.20-5.10.C30mdk.i586.rpm
9540dbf56f41e2f77d573ca2798cf306 corporate/3.0/SRPMS/cups-1.1.20-5.10.C30mdk.src.rpm

Corporate 3.0/X86_64:
fe95777cc7bdfd4b41daf4f9a19186c9 x86_64/corporate/3.0/RPMS/cups-1.1.20-5.10.C30mdk.x86_64.rpm
5e56191f8f14638ab5304ac94df6bb7a x86_64/corporate/3.0/RPMS/cups-common-1.1.20-5.10.C30mdk.x86_64.rpm
20f1396cf173d3b58d2a1dc4068770d4 x86_64/corporate/3.0/RPMS/cups-serial-1.1.20-5.10.C30mdk.x86_64.rpm
6da98153e198cd3b2456280feae5bdba x86_64/corporate/3.0/RPMS/lib64cups2-1.1.20-5.10.C30mdk.x86_64.rpm
83d2c68c0180d8ba395bc9c0cb8b1338 x86_64/corporate/3.0/RPMS/lib64cups2-devel-1.1.20-5.10.C30mdk.x86_64.rpm
9540dbf56f41e2f77d573ca2798cf306 x86_64/corporate/3.0/SRPMS/cups-1.1.20-5.10.C30mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2006:011
http://www.mandriva.com/security/

Package : tetex
Date : January 10, 2006
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0