Linux Today - Advisories, February 2, 2006

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices

Technology Jobs

LinuxToday Newsletters

Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com

Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

Current Newswire:

20 popular Ubuntu Linux apps you may want to try

A Selection of the Very Best Open Source Tutorials and Tools

Android Ice Cream Sandwich ported to x86 tablets, netbooks and notebooks

SECURITY: Google Chrome 17 Improves Security

How to read a CSV file in Perl?

Red Hat Brings Gluster to Amazon Cloud

New Linux kernel fixes power-saving issues

Using Wii remote with Android Device- Taking Gaming to the Next Level

Commercial Support now available for the open-source NGINX Web server

Linux Top 5: Linux's New Fellow

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Post A Job | Post A Resume

:Advisories, February 2, 2006

Advisories, February 2, 2006
Feb 3, 2006, 04 :45 UTC (0 Talkback[s]) (3708 reads)

Debian GNU/Linux

Debian Security Advisory DSA 963-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 2nd, 2006 http://www.debian.org/security/faq

Package : mydns
Vulnerability : missing input sanitising
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-0351
BugTraq ID : 16431
Debian Bug : 348826

NISCC reported that MyDNS, a DNS server using an SQL database for data storage, can be tricked into an infinite loop by a remote attacker and hence cause a denial of service condition.

The old stable distribution (woody) does not contain mydns packages.

For the stable distribution (sarge) this problem has been fixed in version 1.0.0-4sarge1.

For the unstable distribution (sid) this problem has been fixed in version 1.1.0+pre-3.

We recommend that you upgrade your mydns package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/m/mydns/mydns_1.0.0-4sarge1.dsc
      Size/MD5 checksum: 671 e1244fb2b786c4571147d8be7b56216e
    http://security.debian.org/pool/updates/main/m/mydns/mydns_1.0.0-4sarge1.diff.gz
      Size/MD5 checksum: 17777 b48a997805664e2c074df3c1015edf99
    http://security.debian.org/pool/updates/main/m/mydns/mydns_1.0.0.orig.tar.gz
      Size/MD5 checksum: 689368 5c99d5f0aacb04c2e1f595c111a3f9a4

Architecture independent components:

http://security.debian.org/pool/updates/main/m/mydns/mydns-common_1.0.0-4sarge1_all.deb
Size/MD5 checksum: 30846 d874646c2fc47ff4fa89528c78755a00

Alpha architecture:

    http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_alpha.deb
      Size/MD5 checksum: 862238 821240c6825724424a3bc6d8718fcfa6
    http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_alpha.deb
      Size/MD5 checksum: 203926 7b81808aab0d8f3d0e66c5ba54c30f4e

AMD64 architecture:

    http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_amd64.deb
      Size/MD5 checksum: 727218 68cfefc7361b9fd9781781b24a3df58b
    http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_amd64.deb
      Size/MD5 checksum: 174886 e634ccfef1e8ea5910662e383184d5aa

ARM architecture:

    http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_arm.deb
      Size/MD5 checksum: 671170 9e432bed009b13b454fe7cd7246762fc
    http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_arm.deb
      Size/MD5 checksum: 155600 35b3f3b30ddb55f3b3c2deb592a89835

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_i386.deb
      Size/MD5 checksum: 684400 f57be304f708be8aa726022c029aff00
    http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_i386.deb
      Size/MD5 checksum: 158972 b199299be428fb3c707e74d7ab2efb30

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_ia64.deb
      Size/MD5 checksum: 946174 b0a8580949dd1fb336c1b73c8688c564
    http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_ia64.deb
      Size/MD5 checksum: 236268 502db665376bc04252e76802e5908ccc

HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_hppa.deb
      Size/MD5 checksum: 757184 70215c85ca68b7243ae56c7d4adf8baf
    http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_hppa.deb
      Size/MD5 checksum: 178260 36527bf47b346401329ceed8e0d19d00

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_m68k.deb
      Size/MD5 checksum: 638514 ab308138fc62fa46f029bfc8f479bfb4
    http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_m68k.deb
      Size/MD5 checksum: 142454 bed035eaed566f486125c69b1537b8f6

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_mips.deb
      Size/MD5 checksum: 764628 7e87768efab69fa51ca0b9adbad4bf40
    http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_mips.deb
      Size/MD5 checksum: 175102 6e702b24e9d1158be86d54cec7a09796

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_mipsel.deb
      Size/MD5 checksum: 764022 bb0b9bc8ebe1528baa4464ecad0af10c
    http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_mipsel.deb
      Size/MD5 checksum: 175308 b20be096ed2481138d83adbdb8b6f5d5

PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_powerpc.deb
      Size/MD5 checksum: 743710 dcdb2e33b2ee22bda1e6994161972bbb
    http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_powerpc.deb
      Size/MD5 checksum: 178998 de334d94fa04d9c910877fa0bf3ef37b

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_s390.deb
      Size/MD5 checksum: 724954 1b516b6949a19565b9579734846526c8
    http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_s390.deb
      Size/MD5 checksum: 168860 0c4ff07361bcab17a3b7c2d78dac9bec

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_sparc.deb
      Size/MD5 checksum: 696440 65600bc54fc7cb587473d49bf78ef1b9
    http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_sparc.deb
      Size/MD5 checksum: 155700 b7dcdb09aecf69dac27ecddfb133e904

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Fedora Core

Fedora Update Notification
FEDORA-2006-075
2006-02-02

Product : Fedora Core 4
Name : mozilla
Version : 1.7.12
Release : 1.5.2
Summary : Web browser and mail reader

Description :
Mozilla is an open-source web browser, designed for standards compliance, performance and portability.

Update Information:

Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

Igor Bukanov discovered a bug in the way Mozilla's JavaScript interpreter dereferences objects. If a user visits a malicious web page, Mozilla could crash or execute arbitrary code as the user running Mozilla. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to this issue.

moz_bug_r_a4 discovered a bug in Mozilla's XULDocument.persist() function. A malicious web page could inject arbitrary RDF data into a user's localstore.rdf file, which can cause Mozilla to execute arbitrary JavaScript when a user runs Mozilla. (CVE-2006-0296)

A denial of service bug was found in the way Mozilla saves history information. If a user visits a web page with a very long title, it is possible Mozilla will crash or take a very long time to start the next time it is run. (CVE-2005-4134)

Sun Jan 29 2006 Christopher Aillon <caillon@redhat.com> 37:1.7.12-1.5.2
- Fix CVE-2005-4134, CVE-2006-0292, CVE-2006-0296

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

2d63b67eca3a37cfd58d0fe898c94b7f07428f3f SRPMS/mozilla-1.7.12-1.5.2.src.rpm
5792fd158f6c9de07b6fc33dac63f63964fc5372 ppc/mozilla-1.7.12-1.5.2.ppc.rpm
22fb55e6c03609948e71645750e446dbcf7a6342 ppc/mozilla-nspr-1.7.12-1.5.2.ppc.rpm
c4e5209f64788a1f68cfceaecb9e86d706d2dc4a ppc/mozilla-nspr-devel-1.7.12-1.5.2.ppc.rpm
866ece106827a85431f4dd769f477707ce5726f4 ppc/mozilla-nss-1.7.12-1.5.2.ppc.rpm
372ac7c5d9c7092db5e89b1b2c32ff655ed4bc13 ppc/mozilla-nss-devel-1.7.12-1.5.2.ppc.rpm
bfb343549a0f61a3e4af02ce1eb504970a95b84a ppc/mozilla-devel-1.7.12-1.5.2.ppc.rpm
83653b993a3c1f939f1228746bab5999f4aa641e ppc/mozilla-mail-1.7.12-1.5.2.ppc.rpm
925c0ac3ea1b2bd90442cbebaf17b64a5bde7ff4 ppc/mozilla-chat-1.7.12-1.5.2.ppc.rpm
c904061f97fa70e2dbddfde39a9fafe365c998a6 ppc/mozilla-js-debugger-1.7.12-1.5.2.ppc.rpm
a809b5149d1386bd63e231f73d8053608fcda795 ppc/mozilla-dom-inspector-1.7.12-1.5.2.ppc.rpm
fe503337dacdf1a458f8a6b1b3537d32352eb410 ppc/debug/mozilla-debuginfo-1.7.12-1.5.2.ppc.rpm
1eb5c26cea0db6e73fe6dfc17ff2213d01c580cf x86_64/mozilla-1.7.12-1.5.2.x86_64.rpm
a7f7bedc70223aa12d694dcf391c162898618bc1 x86_64/mozilla-nspr-1.7.12-1.5.2.x86_64.rpm
8ff7d0c8475d443365aa6e6b8d4a20ffe8b6f8c9 x86_64/mozilla-nspr-devel-1.7.12-1.5.2.x86_64.rpm
ecbbdaebf5f0926db5b06abeb28cd7f26f644f4e x86_64/mozilla-nss-1.7.12-1.5.2.x86_64.rpm
d7949c70bc730ce4fa9670a90b2870169e35c574 x86_64/mozilla-nss-devel-1.7.12-1.5.2.x86_64.rpm
0c39728a2e6ef28c87159aaa95189ec3bc7b0e0e x86_64/mozilla-devel-1.7.12-1.5.2.x86_64.rpm
ce814bf566fe2e8b0fcd78ef8f2b77ec3041620d x86_64/mozilla-mail-1.7.12-1.5.2.x86_64.rpm
36ff9cdd4d72510eaedd2e98eaae4d2d67b2f27a x86_64/mozilla-chat-1.7.12-1.5.2.x86_64.rpm
73e3a60f9e9e7ef2d613ecbd7a516e0347fd52c2 x86_64/mozilla-js-debugger-1.7.12-1.5.2.x86_64.rpm
0da54002f43f92b6810b408b1d0fca9f81eba5cc x86_64/mozilla-dom-inspector-1.7.12-1.5.2.x86_64.rpm
aec63cc8952bcdeedca64d5c13bbaaaa9accef74 x86_64/debug/mozilla-debuginfo-1.7.12-1.5.2.x86_64.rpm
f5f1cf060f250fd274e560e55dd2ee1c866218e5 i386/mozilla-1.7.12-1.5.2.i386.rpm
15beac21ff0ff6b43117b5d128a81834d8d755d5 i386/mozilla-nspr-1.7.12-1.5.2.i386.rpm
51525231e79de34a335acf40b47bbf800b1d85ab i386/mozilla-nspr-devel-1.7.12-1.5.2.i386.rpm
6d65ad231025054b6797828346d679d111019523 i386/mozilla-nss-1.7.12-1.5.2.i386.rpm
f54042f6f450db77d4ffbc83cd87864c683cd7dc i386/mozilla-nss-devel-1.7.12-1.5.2.i386.rpm
93ee64fdfbc8eb4fcdf4c7317f859d98c72963f3 i386/mozilla-devel-1.7.12-1.5.2.i386.rpm
61027b28a80358a0cb874f3e4ebfeb29b0a34a1b i386/mozilla-mail-1.7.12-1.5.2.i386.rpm
350263359cdbe1959e0f24299109cb1d7efc1e5a i386/mozilla-chat-1.7.12-1.5.2.i386.rpm
e15edc081719380528c5e17b166c05191e98d168 i386/mozilla-js-debugger-1.7.12-1.5.2.i386.rpm
020cf3c6252e44adb37e3680a6e7ae7216e8670e i386/mozilla-dom-inspector-1.7.12-1.5.2.i386.rpm
c9ea96428af2ef0a90c0f509e1ba48670cc4471a i386/debug/mozilla-debuginfo-1.7.12-1.5.2.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.

Fedora Update Notification
FEDORA-2006-076
2006-02-02

Product : Fedora Core 4
Name : firefox
Version : 1.0.7
Release : 1.2.fc4
Summary : Mozilla Firefox Web browser.

Description :
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.

Update Information:

Mozilla Firefox is an open source Web browser.

Igor Bukanov discovered a bug in the way Firefox's JavaScript interpreter dereferences objects. If a user visits a malicious web page, Firefox could crash or execute arbitrary code as the user running Firefox. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to this issue.

moz_bug_r_a4 discovered a bug in Firefox's XULDocument.persist() function. A malicious web page could inject arbitrary RDF data into a user's localstore.rdf file, which can cause Firefox to execute arbitrary JavaScript when a user runs Firefox. (CVE-2006-0296)

A denial of service bug was found in the way Firefox saves history information. If a user visits a web page with a very long title, it is possible Firefox will crash or take a very long time to start the next time it is run. (CVE-2005-4134)

Sun Jan 29 2006 Christopher Aillon <caillon@redhat.com> 0:1.0.7-1.2.fc4
- Fix CVE-2005-4134, CVE-2006-0292, CVE-2006-0296

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

d37a19a1ad285f0605ed0a7fc3603c289e4d33a0 SRPMS/firefox-1.0.7-1.2.fc4.src.rpm
46d0d5698126e86ce6d2e844e113d230cd4f23ea ppc/firefox-1.0.7-1.2.fc4.ppc.rpm
822405f5a6de3e18324b2a1270a0e9a08aabb234 ppc/debug/firefox-debuginfo-1.0.7-1.2.fc4.ppc.rpm
42c8d63a8dd251c505e19dfff2c61450c149c774 x86_64/firefox-1.0.7-1.2.fc4.x86_64.rpm
f737d3deb0c8791ed31caff83226d4b1a17a58d8 x86_64/debug/firefox-debuginfo-1.0.7-1.2.fc4.x86_64.rpm
c6d0a31bd2106ae7ffe65ff9c780209fa3edcd9a i386/firefox-1.0.7-1.2.fc4.i386.rpm
6635d0ddc685bb7579f2701971704a4bec7d1dc8 i386/debug/firefox-debuginfo-1.0.7-1.2.fc4.i386.rpm

Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2006:028
http://www.mandriva.com/security/

Package : php
Date : February 1, 2006
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0, Multi Network Firewall 2.0

Problem Description:

Multiple response splitting vulnerabilities in PHP allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors, possibly involving a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function. (CVE-2006-0207)

Multiple cross-site scripting (XSS) vulnerabilities in PHP allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in "certain error conditions." (CVE-2006-0208). This issue does not affect Corporate Server 2.1.

Updated packages are patched to address these issues. Users must execute "service httpd restart" for the new PHP modules to be loaded by Apache.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0208

Updated Packages:

Mandriva Linux 10.1:
df01c3861affe2f3e1c889018bb2bdbf 10.1/RPMS/libphp_common432-4.3.8-3.7.101mdk.i586.rpm
f9df1052bc1f6ce85a3bbb5ec544b077 10.1/RPMS/php432-devel-4.3.8-3.7.101mdk.i586.rpm
3be049c85f40f7051f3cf1e44b165485 10.1/RPMS/php-cgi-4.3.8-3.7.101mdk.i586.rpm
de903ca3c9126f451f48d71e30042066 10.1/RPMS/php-cli-4.3.8-3.7.101mdk.i586.rpm
d697297c4330d93379848b2f3ea5b59c 10.1/SRPMS/php-4.3.8-3.7.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
c9123a9203fd795b7445c2d54b2e0e65 x86_64/10.1/RPMS/lib64php_common432-4.3.8-3.7.101mdk.x86_64.rpm
a8ec659d640715f2cbe8ec5b93868de2 x86_64/10.1/RPMS/php432-devel-4.3.8-3.7.101mdk.x86_64.rpm
76ff7da663400e000c148d5562540097 x86_64/10.1/RPMS/php-cgi-4.3.8-3.7.101mdk.x86_64.rpm
d4c84cc9cf9325560e641f20040579ee x86_64/10.1/RPMS/php-cli-4.3.8-3.7.101mdk.x86_64.rpm
d697297c4330d93379848b2f3ea5b59c x86_64/10.1/SRPMS/php-4.3.8-3.7.101mdk.src.rpm

Mandriva Linux 10.2:
fb20504431c87a13d3dccc44a14cc8fb 10.2/RPMS/libphp_common432-4.3.10-7.5.102mdk.i586.rpm
a4a9a3e923ad9fb3364cb40fc65d4dda 10.2/RPMS/php432-devel-4.3.10-7.5.102mdk.i586.rpm
603deaacb7e29fbb89c45bbedc5669dd 10.2/RPMS/php-cgi-4.3.10-7.5.102mdk.i586.rpm
80c2c8841acd4119ef49be89c0fcc2d0 10.2/RPMS/php-cli-4.3.10-7.5.102mdk.i586.rpm
7e608b7cc03ac505f9a118f75fd62d25 10.2/SRPMS/php-4.3.10-7.5.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
17a7eb595d3d46d7a5aaface597c8667 x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.5.102mdk.x86_64.rpm
b1e1b44ebdefde1f92fd4067f8dbabf5 x86_64/10.2/RPMS/php432-devel-4.3.10-7.5.102mdk.x86_64.rpm
778fa2d2adaf31a8cb7e31dbd808066e x86_64/10.2/RPMS/php-cgi-4.3.10-7.5.102mdk.x86_64.rpm
d02642564aa38691a881194c2662d98c x86_64/10.2/RPMS/php-cli-4.3.10-7.5.102mdk.x86_64.rpm
7e608b7cc03ac505f9a118f75fd62d25 x86_64/10.2/SRPMS/php-4.3.10-7.5.102mdk.src.rpm

Mandriva Linux 2006.0:
f2b7973428979dd09f52accd547568da 2006.0/RPMS/libphp5_common5-5.0.4-9.3.20060mdk.i586.rpm
5f4d832f023ab7a89ef0100bf84f5287 2006.0/RPMS/php-cgi-5.0.4-9.3.20060mdk.i586.rpm
2670bb765568506f6747a73974939c07 2006.0/RPMS/php-cli-5.0.4-9.3.20060mdk.i586.rpm
379cda215916c997a1dc2dbd5fb2620c 2006.0/RPMS/php-devel-5.0.4-9.3.20060mdk.i586.rpm
ca8db2763cf64ea2bac4322ee9cca899 2006.0/RPMS/php-fcgi-5.0.4-9.3.20060mdk.i586.rpm
92af673ab17df4b7dfe7fdebee76a48b 2006.0/SRPMS/php-5.0.4-9.3.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
f3d43c707c9a8d5cec75bafcb78e6ab1 x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.3.20060mdk.x86_64.rpm
2f94a04a14fe62fae94111b6cb684ece x86_64/2006.0/RPMS/php-cgi-5.0.4-9.3.20060mdk.x86_64.rpm
4ede0e512810b584bed25e09fca6ba4a x86_64/2006.0/RPMS/php-cli-5.0.4-9.3.20060mdk.x86_64.rpm
f172b4c76fcf58cd9dc090a25103f6a5 x86_64/2006.0/RPMS/php-devel-5.0.4-9.3.20060mdk.x86_64.rpm
79efe6cf1c641439fe1bbd4e75b8fc4f x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.3.20060mdk.x86_64.rpm
92af673ab17df4b7dfe7fdebee76a48b x86_64/2006.0/SRPMS/php-5.0.4-9.3.20060mdk.src.rpm

Corporate Server 2.1:
09f5076909971d5604836d7b9ea9fd45 corporate/2.1/RPMS/php-4.2.3-4.7.C21mdk.i586.rpm
8c035441a66315b1eff8b17312c3a930 corporate/2.1/RPMS/php-common-4.2.3-4.7.C21mdk.i586.rpm
c6f1fd24fe3e8f1ab43dcac22606486f corporate/2.1/RPMS/php-devel-4.2.3-4.7.C21mdk.i586.rpm
86819061809b349bd18566a406273570 corporate/2.1/RPMS/php-pear-4.2.3-4.7.C21mdk.i586.rpm
7dd951360a264bf5866d065a00d5238f corporate/2.1/SRPMS/php-4.2.3-4.7.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
37b27434d1c44f27d8c277ae564b936e x86_64/corporate/2.1/RPMS/php-4.2.3-4.7.C21mdk.x86_64.rpm
6136563a8257ef44180ca6b4401901f6 x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.7.C21mdk.x86_64.rpm
bbdb1dbdda2d70b035ef466443bfc422 x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.7.C21mdk.x86_64.rpm
5d44bf1bfea2cf67b4d8e89199163451 x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.7.C21mdk.x86_64.rpm
7dd951360a264bf5866d065a00d5238f x86_64/corporate/2.1/SRPMS/php-4.2.3-4.7.C21mdk.src.rpm

Corporate 3.0:
f888ebc54f82378b18d93215be73d644 corporate/3.0/RPMS/libphp_common432-4.3.4-4.9.C30mdk.i586.rpm
1b24d7a3868b0ad3447306d68278ea9a corporate/3.0/RPMS/php432-devel-4.3.4-4.9.C30mdk.i586.rpm
5bc5839d0a2747b4752af35136e198e7 corporate/3.0/RPMS/php-cgi-4.3.4-4.9.C30mdk.i586.rpm
d78925d4af67aa5485e5b46c41989b9c corporate/3.0/RPMS/php-cli-4.3.4-4.9.C30mdk.i586.rpm
27ef8f959b0f289b57762ff27a5ac80b corporate/3.0/SRPMS/php-4.3.4-4.9.C30mdk.src.rpm

Corporate 3.0/X86_64:
9bed4b632f00c11be8a5ad2f18f55856 x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.9.C30mdk.x86_64.rpm
46f077064f5f9c200fda31f35975a16c x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.9.C30mdk.x86_64.rpm
ed1e1bba020c45e77f29193925639e2e x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.9.C30mdk.x86_64.rpm
6bdd852998838bc68e15bd336aedd197 x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.9.C30mdk.x86_64.rpm
27ef8f959b0f289b57762ff27a5ac80b x86_64/corporate/3.0/SRPMS/php-4.3.4-4.9.C30mdk.src.rpm

Multi Network Firewall 2.0:
5addfadc57bce90e16b99fa09c8223d0 mnf/2.0/RPMS/libphp_common432-4.3.4-4.9.M20mdk.i586.rpm
68ebbc08d9225e65e7760a98a440fc50 mnf/2.0/RPMS/php432-devel-4.3.4-4.9.M20mdk.i586.rpm
c3e1085df6f3e9802d25c31201f91004 mnf/2.0/RPMS/php-cgi-4.3.4-4.9.M20mdk.i586.rpm
ae86a53032acd9d82f9dbfba561a173c mnf/2.0/RPMS/php-cli-4.3.4-4.9.M20mdk.i586.rpm
01bd5e9d8cb5520e29a9dec0358c1ecd mnf/2.0/SRPMS/php-4.3.4-4.9.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2006:029
http://www.mandriva.com/security/

Package : libast
Date : February 2, 2006
Affected: 2006.0

Problem Description:

Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X argument.

The updated packages have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0224

Updated Packages:

Mandriva Linux 2006.0:
bf46177b085a67b202f18b755e34ce60 2006.0/RPMS/libast2-0.6.1-2.1.20060mdk.i586.rpm
16fb69d856d3e877606e8551c359f80c 2006.0/RPMS/libast2-devel-0.6.1-2.1.20060mdk.i586.rpm
cc286e5022b221bc91179ac18e39f22b 2006.0/SRPMS/libast-0.6.1-2.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
63ecae854470eed332836e1ccd231fd0 x86_64/2006.0/RPMS/lib64ast2-0.6.1-2.1.20060mdk.x86_64.rpm
03cba4d84d22a70711e096bab7db33f4 x86_64/2006.0/RPMS/lib64ast2-devel-0.6.1-2.1.20060mdk.x86_64.rpm
cc286e5022b221bc91179ac18e39f22b x86_64/2006.0/SRPMS/libast-0.6.1-2.1.20060mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2006:030
http://www.mandriva.com/security/

Package : poppler
Date : February 2, 2006
Affected: 2006.0

Problem Description:

Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.

Poppler uses a copy of the xpdf code and as such has the same issues.

The updated packages have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301

Updated Packages:

Mandriva Linux 2006.0:
b6c9935f62b187a909955a7e94d1d34f 2006.0/RPMS/libpoppler0-0.4.1-3.2.20060mdk.i586.rpm
b48a8f6086718d6fd7a4a6e09ce7c8cd 2006.0/RPMS/libpoppler0-devel-0.4.1-3.2.20060mdk.i586.rpm
b7f5a900b0b1af81880363bc9c72a0e2 2006.0/RPMS/libpoppler-qt0-0.4.1-3.2.20060mdk.i586.rpm
c1a1039a47557b0e32385735e6c4bca7 2006.0/RPMS/libpoppler-qt0-devel-0.4.1-3.2.20060mdk.i586.rpm
eb69b22453d041c41552e2a6b78c2e31 2006.0/SRPMS/poppler-0.4.1-3.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
9bacddae6dffefca669460746efcc28f x86_64/2006.0/RPMS/lib64poppler0-0.4.1-3.2.20060mdk.x86_64.rpm
ceb9ce5160b23a71351175624209cba0 x86_64/2006.0/RPMS/lib64poppler0-devel-0.4.1-3.2.20060mdk.x86_64.rpm
692e19af45dae123b1df1e3336355a3e x86_64/2006.0/RPMS/lib64poppler-qt0-0.4.1-3.2.20060mdk.x86_64.rpm
7a2689f50a073c0bb1d94292797d5f9c x86_64/2006.0/RPMS/lib64poppler-qt0-devel-0.4.1-3.2.20060mdk.x86_64.rpm
eb69b22453d041c41552e2a6b78c2e31 x86_64/2006.0/SRPMS/poppler-0.4.1-3.2.20060mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2006:031
http://www.mandriva.com/security/

Package : kdegraphics
Date : February 2, 2006
Affected: 2006.0

Problem Description:

Kdegraphics-kpdf uses a copy of the xpdf code and as such has the same issues.

The updated packages have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301

Updated Packages:

Mandriva Linux 2006.0:
05cc9d9192609e6947a23751b6fb21b1 2006.0/RPMS/kdegraphics-3.4.2-11.5.20060mdk.i586.rpm
708cbdb3e41c7108db265490e5779cd3 2006.0/RPMS/kdegraphics-common-3.4.2-11.5.20060mdk.i586.rpm
6c96fdbb9db6927eba1c1fe6f4f5cf12 2006.0/RPMS/kdegraphics-kdvi-3.4.2-11.5.20060mdk.i586.rpm
d04355d153efa6c3274c106ffdb23776 2006.0/RPMS/kdegraphics-kfax-3.4.2-11.5.20060mdk.i586.rpm
377ab151f92b3ef1d02dd280010491b2 2006.0/RPMS/kdegraphics-kghostview-3.4.2-11.5.20060mdk.i586.rpm
db0ba637603ff299b83b789db9acf98f 2006.0/RPMS/kdegraphics-kiconedit-3.4.2-11.5.20060mdk.i586.rpm
314122999fcee0d62e79db850fe0876c 2006.0/RPMS/kdegraphics-kolourpaint-3.4.2-11.5.20060mdk.i586.rpm
bad7784d58903a1d7d76aa9b3ae56345 2006.0/RPMS/kdegraphics-kooka-3.4.2-11.5.20060mdk.i586.rpm
e530e96917b2296cfb289f5123a042ac 2006.0/RPMS/kdegraphics-kpaint-3.4.2-11.5.20060mdk.i586.rpm
3adf08e61864ebf9b1da4916bf4aa5b3 2006.0/RPMS/kdegraphics-kpdf-3.4.2-11.5.20060mdk.i586.rpm
92a9d22e62ca1dc95b16ba5b192881f6 2006.0/RPMS/kdegraphics-kpovmodeler-3.4.2-11.5.20060mdk.i586.rpm
6dfe5233ca18b1c1780505c203e0bb7e 2006.0/RPMS/kdegraphics-kruler-3.4.2-11.5.20060mdk.i586.rpm
926a91082443f7cf04adcf3126be09ab 2006.0/RPMS/kdegraphics-ksnapshot-3.4.2-11.5.20060mdk.i586.rpm
e502164d57e4e28cdf5f6bf7ddfd3fea 2006.0/RPMS/kdegraphics-ksvg-3.4.2-11.5.20060mdk.i586.rpm
f6274a326d1234b5cdbbe6ea6ee5074e 2006.0/RPMS/kdegraphics-kuickshow-3.4.2-11.5.20060mdk.i586.rpm
b627c6d89626522c7ac0b1db1aff60d5 2006.0/RPMS/kdegraphics-kview-3.4.2-11.5.20060mdk.i586.rpm
51f6043b09660216cf3b58183ae4c0e9 2006.0/RPMS/kdegraphics-mrmlsearch-3.4.2-11.5.20060mdk.i586.rpm
c729f766472b88783c1e7ed01c278102 2006.0/RPMS/libkdegraphics0-common-3.4.2-11.5.20060mdk.i586.rpm
31cb7fb149f7b5c9ef8d72864daa8862 2006.0/RPMS/libkdegraphics0-common-devel-3.4.2-11.5.20060mdk.i586.rpm
386c0569e197451fea5a4e397dfacec4 2006.0/RPMS/libkdegraphics0-kghostview-3.4.2-11.5.20060mdk.i586.rpm
3c4d500b7bcd7d100e50f1076feca5c6 2006.0/RPMS/libkdegraphics0-kghostview-devel-3.4.2-11.5.20060mdk.i586.rpm
6d4bea12f029996bfcfded04875479c3 2006.0/RPMS/libkdegraphics0-kooka-3.4.2-11.5.20060mdk.i586.rpm
04eb92287e1d099f8aac20796b55a22b 2006.0/RPMS/libkdegraphics0-kooka-devel-3.4.2-11.5.20060mdk.i586.rpm
838aacb3a057a7f5a6d7d8cc11458761 2006.0/RPMS/libkdegraphics0-kpovmodeler-3.4.2-11.5.20060mdk.i586.rpm
acf180efd104a8296558223d6eb8d863 2006.0/RPMS/libkdegraphics0-kpovmodeler-devel-3.4.2-11.5.20060mdk.i586.rpm
7b05741f85f1e3136435e8beb0507019 2006.0/RPMS/libkdegraphics0-ksvg-3.4.2-11.5.20060mdk.i586.rpm
6b9fed5002103f7a5b5a7018f0334cee 2006.0/RPMS/libkdegraphics0-ksvg-devel-3.4.2-11.5.20060mdk.i586.rpm
c0c2f0e7110b22b38bb5c3b84c860f09 2006.0/RPMS/libkdegraphics0-kuickshow-3.4.2-11.5.20060mdk.i586.rpm
d90c7ff03a87f7c8df35f9005671d16b 2006.0/RPMS/libkdegraphics0-kview-3.4.2-11.5.20060mdk.i586.rpm
7f09c2c76e06d81090c4a646fa602b4a 2006.0/RPMS/libkdegraphics0-kview-devel-3.4.2-11.5.20060mdk.i586.rpm
24762cf35a4cb099b04da82ed33d746f 2006.0/RPMS/libkdegraphics0-mrmlsearch-3.4.2-11.5.20060mdk.i586.rpm
1a2d59d9479691a3ccc608e37fa26e04 2006.0/SRPMS/kdegraphics-3.4.2-11.5.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
c369e1bd017e812362140e73ad38cf62 x86_64/2006.0/RPMS/kdegraphics-3.4.2-11.5.20060mdk.x86_64.rpm
0716ba07a943676453db8eb61dd392f4 x86_64/2006.0/RPMS/kdegraphics-common-3.4.2-11.5.20060mdk.x86_64.rpm
160a394b89558f0b09585748c868472b x86_64/2006.0/RPMS/kdegraphics-kdvi-3.4.2-11.5.20060mdk.x86_64.rpm
736c45f562adfcc7136e33e945b29be5 x86_64/2006.0/RPMS/kdegraphics-kfax-3.4.2-11.5.20060mdk.x86_64.rpm
a5bc85d02768c18ddeb0c147c4677d15 x86_64/2006.0/RPMS/kdegraphics-kghostview-3.4.2-11.5.20060mdk.x86_64.rpm
2b90ae6915d37dc13362ef33b0915cb1 x86_64/2006.0/RPMS/kdegraphics-kiconedit-3.4.2-11.5.20060mdk.x86_64.rpm
165c3a2e8b33be77152296874655444e x86_64/2006.0/RPMS/kdegraphics-kolourpaint-3.4.2-11.5.20060mdk.x86_64.rpm
fd5aaa8b3888807d0ec5a7dd192e671c x86_64/2006.0/RPMS/kdegraphics-kooka-3.4.2-11.5.20060mdk.x86_64.rpm
e9b0276671716cd811cdacb18b492830 x86_64/2006.0/RPMS/kdegraphics-kpaint-3.4.2-11.5.20060mdk.x86_64.rpm
0d73da118e80bec6d3d1791bb34a9bc6 x86_64/2006.0/RPMS/kdegraphics-kpdf-3.4.2-11.5.20060mdk.x86_64.rpm
a2e8103a0fd161932b99ca8f7eb517f4 x86_64/2006.0/RPMS/kdegraphics-kpovmodeler-3.4.2-11.5.20060mdk.x86_64.rpm
7378fab60dc020eedb221cb4d25ed995 x86_64/2006.0/RPMS/kdegraphics-kruler-3.4.2-11.5.20060mdk.x86_64.rpm
db7c0db8972d74c6353f1084c2dc4d9e x86_64/2006.0/RPMS/kdegraphics-ksnapshot-3.4.2-11.5.20060mdk.x86_64.rpm
3e1746013811890a9a0343f4e8e677f6 x86_64/2006.0/RPMS/kdegraphics-ksvg-3.4.2-11.5.20060mdk.x86_64.rpm
642d97e4d5a1d580374126599a9c181e x86_64/2006.0/RPMS/kdegraphics-kuickshow-3.4.2-11.5.20060mdk.x86_64.rpm
1d994fa4335d071200eba9f8122166bb x86_64/2006.0/RPMS/kdegraphics-kview-3.4.2-11.5.20060mdk.x86_64.rpm
71663aeaa0e4eaa2d7d9dc0252e8de6a x86_64/2006.0/RPMS/kdegraphics-mrmlsearch-3.4.2-11.5.20060mdk.x86_64.rpm
2f4c23ad97a4c6c4153f0b3ca70074ae x86_64/2006.0/RPMS/lib64kdegraphics0-common-3.4.2-11.5.20060mdk.x86_64.rpm
30be8ac0103fccab32ed6b50c6ff134e x86_64/2006.0/RPMS/lib64kdegraphics0-common-devel-3.4.2-11.5.20060mdk.x86_64.rpm
06084720cd58adc260ae65fb2c23440c x86_64/2006.0/RPMS/lib64kdegraphics0-kghostview-3.4.2-11.5.20060mdk.x86_64.rpm
817dfe2a4ab8d3abcb593e9532b884c8 x86_64/2006.0/RPMS/lib64kdegraphics0-kghostview-devel-3.4.2-11.5.20060mdk.x86_64.rpm
788e0915c0069225f2b023da2977bc79 x86_64/2006.0/RPMS/lib64kdegraphics0-kooka-3.4.2-11.5.20060mdk.x86_64.rpm
0b95a7b54b2356b9123eddf6acec89e7 x86_64/2006.0/RPMS/lib64kdegraphics0-kooka-devel-3.4.2-11.5.20060mdk.x86_64.rpm
219da1cd37be7e8264f8a56b286e01d3 x86_64/2006.0/RPMS/lib64kdegraphics0-kpovmodeler-3.4.2-11.5.20060mdk.x86_64.rpm
d7d1e8e2154d17caf6a9073969da8368 x86_64/2006.0/RPMS/lib64kdegraphics0-kpovmodeler-devel-3.4.2-11.5.20060mdk.x86_64.rpm
82438b1c5d006f1fc2aa16fe2d1a61a9 x86_64/2006.0/RPMS/lib64kdegraphics0-ksvg-3.4.2-11.5.20060mdk.x86_64.rpm
74214cc1a30a890dd293b9b7ce719528 x86_64/2006.0/RPMS/lib64kdegraphics0-ksvg-devel-3.4.2-11.5.20060mdk.x86_64.rpm
bb9f9ae2fb0975bfd1269e02cd3d4ce8 x86_64/2006.0/RPMS/lib64kdegraphics0-kuickshow-3.4.2-11.5.20060mdk.x86_64.rpm
4512e36dfa5f7bb9172a9b2fcf3e4618 x86_64/2006.0/RPMS/lib64kdegraphics0-kview-3.4.2-11.5.20060mdk.x86_64.rpm
40d4fb84716f36eb4e1c8b4d67d4c6b1 x86_64/2006.0/RPMS/lib64kdegraphics0-kview-devel-3.4.2-11.5.20060mdk.x86_64.rpm
3ab99c3335f68457bb0896abfc407892 x86_64/2006.0/RPMS/lib64kdegraphics0-mrmlsearch-3.4.2-11.5.20060mdk.x86_64.rpm
1a2d59d9479691a3ccc608e37fa26e04 x86_64/2006.0/SRPMS/kdegraphics-3.4.2-11.5.20060mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2006:032
http://www.mandriva.com/security/

Package : xpdf
Date : February 2, 2006
Affected: 2006.0, Corporate 3.0

Problem Description:

The updated packages have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301

Updated Packages:

Mandriva Linux 2006.0:
21b6cae8bc6307f990b3358019d9b618 2006.0/RPMS/xpdf-3.01-1.2.20060mdk.i586.rpm
bb57f993783c281c8eec21627457aa2c 2006.0/SRPMS/xpdf-3.01-1.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
f170257a90c5130f3b363abe9f215ed8 x86_64/2006.0/RPMS/xpdf-3.01-1.2.20060mdk.x86_64.rpm
bb57f993783c281c8eec21627457aa2c x86_64/2006.0/SRPMS/xpdf-3.01-1.2.20060mdk.src.rpm

Corporate 3.0:
cf0b4100d5c0b55b2ce53256226a2b47 corporate/3.0/RPMS/xpdf-3.00-5.8.C30mdk.i586.rpm
cee7a22a052ea85fc57388a801188ea3 corporate/3.0/SRPMS/xpdf-3.00-5.8.C30mdk.src.rpm

Corporate 3.0/X86_64:
8fcdf6bd62ac3a8d634c701311cdcf11 x86_64/corporate/3.0/RPMS/xpdf-3.00-5.8.C30mdk.x86_64.rpm
cee7a22a052ea85fc57388a801188ea3 x86_64/corporate/3.0/SRPMS/xpdf-3.00-5.8.C30mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2006:033
http://www.mandriva.com/security/

Package : OpenOffice.org
Date : February 2, 2006
Affected: 2006.0, Corporate 3.0

Problem Description:

OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings.

Updated packages are patched to address this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4636

Updated Packages:

Mandriva Linux 2006.0:
3dee999dd248d5b405070b078bc33587 2006.0/RPMS/OpenOffice.org-1.1.5-2.2.20060mdk.i586.rpm
a6e44f1c5ae79e6bff4f256b5605e1fb 2006.0/RPMS/OpenOffice.org-l10n-af-1.1.5-2.2.20060mdk.i586.rpm
907f4f481bf4c12258233b78bb49e1eb 2006.0/RPMS/OpenOffice.org-l10n-ar-1.1.5-2.2.20060mdk.i586.rpm
0e90101c2ac6d4b9c289c12b7dd1e248 2006.0/RPMS/OpenOffice.org-l10n-ca-1.1.5-2.2.20060mdk.i586.rpm
89049d9f8e0f34074bab49eda6ce0db3 2006.0/RPMS/OpenOffice.org-l10n-cs-1.1.5-2.2.20060mdk.i586.rpm
a940d095a539a4e52502c1c1b9bba11e 2006.0/RPMS/OpenOffice.org-l10n-cy-1.1.5-2.2.20060mdk.i586.rpm
f860093a6b0eb306f4903eb9f3f181d9 2006.0/RPMS/OpenOffice.org-l10n-da-1.1.5-2.2.20060mdk.i586.rpm
6f1992dd7dcf4c4011a087ea61f2cb03 2006.0/RPMS/OpenOffice.org-l10n-de-1.1.5-2.2.20060mdk.i586.rpm
c0d6ba0f33ccbbd6acef1ff80d264bc7 2006.0/RPMS/OpenOffice.org-l10n-el-1.1.5-2.2.20060mdk.i586.rpm
b55d67c8094d82348036b3289586d284 2006.0/RPMS/OpenOffice.org-l10n-en-1.1.5-2.2.20060mdk.i586.rpm
49c435598a3eedad90b8e1a56e7361f2 2006.0/RPMS/OpenOffice.org-l10n-es-1.1.5-2.2.20060mdk.i586.rpm
51f08254141a5bbb38b0290abe16784e 2006.0/RPMS/OpenOffice.org-l10n-et-1.1.5-2.2.20060mdk.i586.rpm
236582a21a049e403363598e07583e33 2006.0/RPMS/OpenOffice.org-l10n-eu-1.1.5-2.2.20060mdk.i586.rpm
1fe921d03ae685abae102fe044b5dd4f 2006.0/RPMS/OpenOffice.org-l10n-fi-1.1.5-2.2.20060mdk.i586.rpm
11ff5ad3d2d98e2468b52777b0c6299b 2006.0/RPMS/OpenOffice.org-l10n-fr-1.1.5-2.2.20060mdk.i586.rpm
fa73e9e25532bef45ca1dba87dc5f597 2006.0/RPMS/OpenOffice.org-l10n-he-1.1.5-2.2.20060mdk.i586.rpm
0066e690376ab789b8ded30c808d1ccf 2006.0/RPMS/OpenOffice.org-l10n-hu-1.1.5-2.2.20060mdk.i586.rpm
dddb79794a203128e505b8ee4b9ed376 2006.0/RPMS/OpenOffice.org-l10n-it-1.1.5-2.2.20060mdk.i586.rpm
a0e81d419476a0a3a095d605f3edad8f 2006.0/RPMS/OpenOffice.org-l10n-ja-1.1.5-2.2.20060mdk.i586.rpm
44ed9f09bdfa364ccf32ca24f3c3681e 2006.0/RPMS/OpenOffice.org-l10n-ko-1.1.5-2.2.20060mdk.i586.rpm
d015a5722dbe141f41f3e62fd06fae1e 2006.0/RPMS/OpenOffice.org-l10n-nb-1.1.5-2.2.20060mdk.i586.rpm
350f1ae4c81f6d102d7fa725e833facd 2006.0/RPMS/OpenOffice.org-l10n-nl-1.1.5-2.2.20060mdk.i586.rpm
27a7fec93f39822970bd0ed4783bc415 2006.0/RPMS/OpenOffice.org-l10n-nn-1.1.5-2.2.20060mdk.i586.rpm
627b05bb762b52d1388bd95db921346d 2006.0/RPMS/OpenOffice.org-l10n-ns-1.1.5-2.2.20060mdk.i586.rpm
4ba08965b4709a449b1aeb96dc41e8ad 2006.0/RPMS/OpenOffice.org-l10n-pl-1.1.5-2.2.20060mdk.i586.rpm
df4ff901584a62775afd64539f40fef4 2006.0/RPMS/OpenOffice.org-l10n-pt-1.1.5-2.2.20060mdk.i586.rpm
5035004c9dacccb1cbaec68f0b60390c 2006.0/RPMS/OpenOffice.org-l10n-pt_BR-1.1.5-2.2.20060mdk.i586.rpm
a451e3a7488edb20b48d065866fc90de 2006.0/RPMS/OpenOffice.org-l10n-ru-1.1.5-2.2.20060mdk.i586.rpm
4520ff8f7b62aa4603d204ecbd3c60a7 2006.0/RPMS/OpenOffice.org-l10n-sk-1.1.5-2.2.20060mdk.i586.rpm
a9a563fb0ad8ed3084f6026698aab08b 2006.0/RPMS/OpenOffice.org-l10n-sl-1.1.5-2.2.20060mdk.i586.rpm
6e320635bd5c6154b3378b702861edb1 2006.0/RPMS/OpenOffice.org-l10n-sv-1.1.5-2.2.20060mdk.i586.rpm
ba2763e07655b6aef443a1fecd7f13eb 2006.0/RPMS/OpenOffice.org-l10n-tr-1.1.5-2.2.20060mdk.i586.rpm
ab7f145444e399490ef1e902b525e116 2006.0/RPMS/OpenOffice.org-l10n-zh_CN-1.1.5-2.2.20060mdk.i586.rpm
8f5a6e7ad4d56700624e7e77252a6e69 2006.0/RPMS/OpenOffice.org-l10n-zh_TW-1.1.5-2.2.20060mdk.i586.rpm
9d0ab55c3af3ed5f401ae065c8a26011 2006.0/RPMS/OpenOffice.org-l10n-zu-1.1.5-2.2.20060mdk.i586.rpm
a7705f07dc82b85bd7cb050ec11aec18 2006.0/RPMS/OpenOffice.org-libs-1.1.5-2.2.20060mdk.i586.rpm
6a6f4ab1836c36fbe6715c4141d2e99a 2006.0/SRPMS/OpenOffice.org-1.1.5-2.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
3dee999dd248d5b405070b078bc33587 x86_64/2006.0/RPMS/OpenOffice.org-1.1.5-2.2.20060mdk.i586.rpm
a6e44f1c5ae79e6bff4f256b5605e1fb x86_64/2006.0/RPMS/OpenOffice.org-l10n-af-1.1.5-2.2.20060mdk.i586.rpm
907f4f481bf4c12258233b78bb49e1eb x86_64/2006.0/RPMS/OpenOffice.org-l10n-ar-1.1.5-2.2.20060mdk.i586.rpm
0e90101c2ac6d4b9c289c12b7dd1e248 x86_64/2006.0/RPMS/OpenOffice.org-l10n-ca-1.1.5-2.2.20060mdk.i586.rpm
89049d9f8e0f34074bab49eda6ce0db3 x86_64/2006.0/RPMS/OpenOffice.org-l10n-cs-1.1.5-2.2.20060mdk.i586.rpm
a940d095a539a4e52502c1c1b9bba11e x86_64/2006.0/RPMS/OpenOffice.org-l10n-cy-1.1.5-2.2.20060mdk.i586.rpm
f860093a6b0eb306f4903eb9f3f181d9 x86_64/2006.0/RPMS/OpenOffice.org-l10n-da-1.1.5-2.2.20060mdk.i586.rpm
6f1992dd7dcf4c4011a087ea61f2cb03 x86_64/2006.0/RPMS/OpenOffice.org-l10n-de-1.1.5-2.2.20060mdk.i586.rpm
c0d6ba0f33ccbbd6acef1ff80d264bc7 x86_64/2006.0/RPMS/OpenOffice.org-l10n-el-1.1.5-2.2.20060mdk.i586.rpm
b55d67c8094d82348036b3289586d284 x86_64/2006.0/RPMS/OpenOffice.org-l10n-en-1.1.5-2.2.20060mdk.i586.rpm
49c435598a3eedad90b8e1a56e7361f2 x86_64/2006.0/RPMS/OpenOffice.org-l10n-es-1.1.5-2.2.20060mdk.i586.rpm
51f08254141a5bbb38b0290abe16784e x86_64/2006.0/RPMS/OpenOffice.org-l10n-et-1.1.5-2.2.20060mdk.i586.rpm
236582a21a049e403363598e07583e33 x86_64/2006.0/RPMS/OpenOffice.org-l10n-eu-1.1.5-2.2.20060mdk.i586.rpm
1fe921d03ae685abae102fe044b5dd4f x86_64/2006.0/RPMS/OpenOffice.org-l10n-fi-1.1.5-2.2.20060mdk.i586.rpm
11ff5ad3d2d98e2468b52777b0c6299b x86_64/2006.0/RPMS/OpenOffice.org-l10n-fr-1.1.5-2.2.20060mdk.i586.rpm
fa73e9e25532bef45ca1dba87dc5f597 x86_64/2006.0/RPMS/OpenOffice.org-l10n-he-1.1.5-2.2.20060mdk.i586.rpm
0066e690376ab789b8ded30c808d1ccf x86_64/2006.0/RPMS/OpenOffice.org-l10n-hu-1.1.5-2.2.20060mdk.i586.rpm
dddb79794a203128e505b8ee4b9ed376 x86_64/2006.0/RPMS/OpenOffice.org-l10n-it-1.1.5-2.2.20060mdk.i586.rpm
a0e81d419476a0a3a095d605f3edad8f x86_64/2006.0/RPMS/OpenOffice.org-l10n-ja-1.1.5-2.2.20060mdk.i586.rpm
44ed9f09bdfa364ccf32ca24f3c3681e x86_64/2006.0/RPMS/OpenOffice.org-l10n-ko-1.1.5-2.2.20060mdk.i586.rpm
d015a5722dbe141f41f3e62fd06fae1e x86_64/2006.0/RPMS/OpenOffice.org-l10n-nb-1.1.5-2.2.20060mdk.i586.rpm
350f1ae4c81f6d102d7fa725e833facd x86_64/2006.0/RPMS/OpenOffice.org-l10n-nl-1.1.5-2.2.20060mdk.i586.rpm
27a7fec93f39822970bd0ed4783bc415 x86_64/2006.0/RPMS/OpenOffice.org-l10n-nn-1.1.5-2.2.20060mdk.i586.rpm
627b05bb762b52d1388bd95db921346d x86_64/2006.0/RPMS/OpenOffice.org-l10n-ns-1.1.5-2.2.20060mdk.i586.rpm
4ba08965b4709a449b1aeb96dc41e8ad x86_64/2006.0/RPMS/OpenOffice.org-l10n-pl-1.1.5-2.2.20060mdk.i586.rpm
df4ff901584a62775afd64539f40fef4 x86_64/2006.0/RPMS/OpenOffice.org-l10n-pt-1.1.5-2.2.20060mdk.i586.rpm
5035004c9dacccb1cbaec68f0b60390c x86_64/2006.0/RPMS/OpenOffice.org-l10n-pt_BR-1.1.5-2.2.20060mdk.i586.rpm
a451e3a7488edb20b48d065866fc90de x86_64/2006.0/RPMS/OpenOffice.org-l10n-ru-1.1.5-2.2.20060mdk.i586.rpm
4520ff8f7b62aa4603d204ecbd3c60a7 x86_64/2006.0/RPMS/OpenOffice.org-l10n-sk-1.1.5-2.2.20060mdk.i586.rpm
a9a563fb0ad8ed3084f6026698aab08b x86_64/2006.0/RPMS/OpenOffice.org-l10n-sl-1.1.5-2.2.20060mdk.i586.rpm
6e320635bd5c6154b3378b702861edb1 x86_64/2006.0/RPMS/OpenOffice.org-l10n-sv-1.1.5-2.2.20060mdk.i586.rpm
ba2763e07655b6aef443a1fecd7f13eb x86_64/2006.0/RPMS/OpenOffice.org-l10n-tr-1.1.5-2.2.20060mdk.i586.rpm
ab7f145444e399490ef1e902b525e116 x86_64/2006.0/RPMS/OpenOffice.org-l10n-zh_CN-1.1.5-2.2.20060mdk.i586.rpm
8f5a6e7ad4d56700624e7e77252a6e69 x86_64/2006.0/RPMS/OpenOffice.org-l10n-zh_TW-1.1.5-2.2.20060mdk.i586.rpm
9d0ab55c3af3ed5f401ae065c8a26011 x86_64/2006.0/RPMS/OpenOffice.org-l10n-zu-1.1.5-2.2.20060mdk.i586.rpm
a7705f07dc82b85bd7cb050ec11aec18 x86_64/2006.0/RPMS/OpenOffice.org-libs-1.1.5-2.2.20060mdk.i586.rpm
6a6f4ab1836c36fbe6715c4141d2e99a x86_64/2006.0/SRPMS/OpenOffice.org-1.1.5-2.2.20060mdk.src.rpm

Corporate 3.0:
93264fa91b20ca98991cd8a2aace3d19 corporate/3.0/RPMS/OpenOffice.org-1.1.2-9.2.C30mdk.i586.rpm
541c3bdb1b3ec51fcb27ffbe9e81a6e5 corporate/3.0/RPMS/OpenOffice.org-l10n-ar-1.1.2-9.2.C30mdk.i586.rpm
955582f49c21bf9b2f3115602f91565e corporate/3.0/RPMS/OpenOffice.org-l10n-ca-1.1.2-9.2.C30mdk.i586.rpm
a1caabf4cdec2b7a43fcd7bd32a37a04 corporate/3.0/RPMS/OpenOffice.org-l10n-cs-1.1.2-9.2.C30mdk.i586.rpm
c3bef40f84968eb1f9d0a9eb0fa9c946 corporate/3.0/RPMS/OpenOffice.org-l10n-da-1.1.2-9.2.C30mdk.i586.rpm
e35e66fffee2af1b56b09f27ac2b5d12 corporate/3.0/RPMS/OpenOffice.org-l10n-de-1.1.2-9.2.C30mdk.i586.rpm
47afa9ac9b16c541230810fcd764c354 corporate/3.0/RPMS/OpenOffice.org-l10n-el-1.1.2-9.2.C30mdk.i586.rpm
1b0065dff91d6da6fcab436b67394e0b corporate/3.0/RPMS/OpenOffice.org-l10n-en-1.1.2-9.2.C30mdk.i586.rpm
7cb92b94c58f89de10cb669d59af3606 corporate/3.0/RPMS/OpenOffice.org-l10n-es-1.1.2-9.2.C30mdk.i586.rpm
0414452819b62c48a65eb97b8c321bb0 corporate/3.0/RPMS/OpenOffice.org-l10n-et-1.1.2-9.2.C30mdk.i586.rpm
415d00f01dee43c8863521246780b85f corporate/3.0/RPMS/OpenOffice.org-l10n-eu-1.1.2-9.2.C30mdk.i586.rpm
5b2bb9b68dfebcb097f602c14fe59013 corporate/3.0/RPMS/OpenOffice.org-l10n-fi-1.1.2-9.2.C30mdk.i586.rpm
dc98b9e0bdf7faceedd5aa1c5961739d corporate/3.0/RPMS/OpenOffice.org-l10n-fr-1.1.2-9.2.C30mdk.i586.rpm
da444fb7641f0ebbf4bb363532ed6e08 corporate/3.0/RPMS/OpenOffice.org-l10n-it-1.1.2-9.2.C30mdk.i586.rpm
d0571564aa6645c7fda59ed84707b75d corporate/3.0/RPMS/OpenOffice.org-l10n-ja-1.1.2-9.2.C30mdk.i586.rpm
716d5b2fd86d3a98f5a58fcdc2af487e corporate/3.0/RPMS/OpenOffice.org-l10n-ko-1.1.2-9.2.C30mdk.i586.rpm
81f9fb71aaa9377f92671ae0b9744d29 corporate/3.0/RPMS/OpenOffice.org-l10n-nb-1.1.2-9.2.C30mdk.i586.rpm
45e29fccae67d0f8b99167177ba58639 corporate/3.0/RPMS/OpenOffice.org-l10n-nl-1.1.2-9.2.C30mdk.i586.rpm
528b83ca333fa58d986a9386597edd40 corporate/3.0/RPMS/OpenOffice.org-l10n-nn-1.1.2-9.2.C30mdk.i586.rpm
a9e1bb136cdb961f55b591790d99cf49 corporate/3.0/RPMS/OpenOffice.org-l10n-pl-1.1.2-9.2.C30mdk.i586.rpm
b0f6afd2af6bd942eb49b2356f9d82fd corporate/3.0/RPMS/OpenOffice.org-l10n-pt-1.1.2-9.2.C30mdk.i586.rpm
b460aa9e9b1cb05d6e9b32b4f18b3910 corporate/3.0/RPMS/OpenOffice.org-l10n-pt_BR-1.1.2-9.2.C30mdk.i586.rpm
5362bc6051fbd788eb7baf508645e4c5 corporate/3.0/RPMS/OpenOffice.org-l10n-ru-1.1.2-9.2.C30mdk.i586.rpm
e41ea4be138bafdda714405e23c72153 corporate/3.0/RPMS/OpenOffice.org-l10n-sk-1.1.2-9.2.C30mdk.i586.rpm
6c9ad505940d852a6e956b193767ba48 corporate/3.0/RPMS/OpenOffice.org-l10n-sv-1.1.2-9.2.C30mdk.i586.rpm
8b22927b7d9b9e71ff73ff1150c3db13 corporate/3.0/RPMS/OpenOffice.org-l10n-tr-1.1.2-9.2.C30mdk.i586.rpm
f8eeccee06baad5bf31bc2afb2d77b1a corporate/3.0/RPMS/OpenOffice.org-l10n-zh_CN-1.1.2-9.2.C30mdk.i586.rpm
384809ccad4af0c27a157ed5288234fb corporate/3.0/RPMS/OpenOffice.org-l10n-zh_TW-1.1.2-9.2.C30mdk.i586.rpm
4f97988bf5cc409f5bc200580e596430 corporate/3.0/RPMS/OpenOffice.org-libs-1.1.2-9.2.C30mdk.i586.rpm
3376b1b82dd56f6aba71ff8dee154971 corporate/3.0/SRPMS/OpenOffice.org-1.1.2-9.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
93264fa91b20ca98991cd8a2aace3d19 x86_64/corporate/3.0/RPMS/OpenOffice.org-1.1.2-9.2.C30mdk.i586.rpm
541c3bdb1b3ec51fcb27ffbe9e81a6e5 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-ar-1.1.2-9.2.C30mdk.i586.rpm
955582f49c21bf9b2f3115602f91565e x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-ca-1.1.2-9.2.C30mdk.i586.rpm
a1caabf4cdec2b7a43fcd7bd32a37a04 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-cs-1.1.2-9.2.C30mdk.i586.rpm
c3bef40f84968eb1f9d0a9eb0fa9c946 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-da-1.1.2-9.2.C30mdk.i586.rpm
e35e66fffee2af1b56b09f27ac2b5d12 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-de-1.1.2-9.2.C30mdk.i586.rpm
47afa9ac9b16c541230810fcd764c354 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-el-1.1.2-9.2.C30mdk.i586.rpm
1b0065dff91d6da6fcab436b67394e0b x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-en-1.1.2-9.2.C30mdk.i586.rpm
7cb92b94c58f89de10cb669d59af3606 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-es-1.1.2-9.2.C30mdk.i586.rpm
0414452819b62c48a65eb97b8c321bb0 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-et-1.1.2-9.2.C30mdk.i586.rpm
415d00f01dee43c8863521246780b85f x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-eu-1.1.2-9.2.C30mdk.i586.rpm
5b2bb9b68dfebcb097f602c14fe59013 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-fi-1.1.2-9.2.C30mdk.i586.rpm
dc98b9e0bdf7faceedd5aa1c5961739d x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-fr-1.1.2-9.2.C30mdk.i586.rpm
da444fb7641f0ebbf4bb363532ed6e08 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-it-1.1.2-9.2.C30mdk.i586.rpm
d0571564aa6645c7fda59ed84707b75d x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-ja-1.1.2-9.2.C30mdk.i586.rpm
716d5b2fd86d3a98f5a58fcdc2af487e x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-ko-1.1.2-9.2.C30mdk.i586.rpm
81f9fb71aaa9377f92671ae0b9744d29 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-nb-1.1.2-9.2.C30mdk.i586.rpm
45e29fccae67d0f8b99167177ba58639 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-nl-1.1.2-9.2.C30mdk.i586.rpm
528b83ca333fa58d986a9386597edd40 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-nn-1.1.2-9.2.C30mdk.i586.rpm
a9e1bb136cdb961f55b591790d99cf49 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-pl-1.1.2-9.2.C30mdk.i586.rpm
b0f6afd2af6bd942eb49b2356f9d82fd x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-pt-1.1.2-9.2.C30mdk.i586.rpm
b460aa9e9b1cb05d6e9b32b4f18b3910 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-pt_BR-1.1.2-9.2.C30mdk.i586.rpm
5362bc6051fbd788eb7baf508645e4c5 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-ru-1.1.2-9.2.C30mdk.i586.rpm
e41ea4be138bafdda714405e23c72153 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-sk-1.1.2-9.2.C30mdk.i586.rpm
6c9ad505940d852a6e956b193767ba48 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-sv-1.1.2-9.2.C30mdk.i586.rpm
8b22927b7d9b9e71ff73ff1150c3db13 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-tr-1.1.2-9.2.C30mdk.i586.rpm
f8eeccee06baad5bf31bc2afb2d77b1a x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-zh_CN-1.1.2-9.2.C30mdk.i586.rpm
384809ccad4af0c27a157ed5288234fb x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-zh_TW-1.1.2-9.2.C30mdk.i586.rpm
4f97988bf5cc409f5bc200580e596430 x86_64/corporate/3.0/RPMS/OpenOffice.org-libs-1.1.2-9.2.C30mdk.i586.rpm
3376b1b82dd56f6aba71ff8dee154971 x86_64/corporate/3.0/SRPMS/OpenOffice.org-1.1.2-9.2.C30mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Red Hat Linux

Red Hat Security Advisory

Synopsis: Critical: mozilla security update
Advisory ID: RHSA-2006:0199-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0199.html
Issue date: 2006-02-02
Updated on: 2006-02-02
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-4134 CVE-2006-0292 CVE-2006-0296

1. Summary:

Updated mozilla packages that fix several security bugs are now available.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

Igor Bukanov discovered a bug in the way Mozilla's Javascript interpreter dereferences objects. If a user visits a malicious web page, Mozilla could crash or execute arbitrary code as the user running Mozilla. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to this issue.

moz_bug_r_a4 discovered a bug in Mozilla's XULDocument.persist() function. A malicious web page could inject arbitrary RDF data into a user's localstore.rdf file, which can cause Mozilla to execute arbitrary javascript when a user runs Mozilla. (CVE-2006-0296)

Note that the Red Hat Enterprise Linux 3 packages also fix a bug when using XSLT to transform documents. Passing DOM Nodes as parameters to functions expecting an xsl:param could cause Mozilla to throw an exception.

Users of Mozilla are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

179163 - CVE-2005-4134 Very long topic history.dat DoS
179166 - CVE-2006-0292 javascript unrooted access
179169 - CVE-2006-0296 XULDocument.persist() RDF data injection

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mozilla-1.7.12-1.1.2.3.src.rpm
e7d52e1e60f9dd4c137a74aa2897df3a mozilla-1.7.12-1.1.2.3.src.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mozilla-1.7.12-1.1.2.3.src.rpm
e7d52e1e60f9dd4c137a74aa2897df3a mozilla-1.7.12-1.1.2.3.src.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mozilla-1.7.12-1.1.2.3.src.rpm
e7d52e1e60f9dd4c137a74aa2897df3a mozilla-1.7.12-1.1.2.3.src.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/mozilla-1.7.12-1.1.2.3.src.rpm
e7d52e1e60f9dd4c137a74aa2897df3a mozilla-1.7.12-1.1.2.3.src.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mozilla-1.7.12-1.1.3.4.src.rpm
8d42f63144e878e750c96eb8fcb59935 mozilla-1.7.12-1.1.3.4.src.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mozilla-1.7.12-1.1.3.4.src.rpm
8d42f63144e878e750c96eb8fcb59935 mozilla-1.7.12-1.1.3.4.src.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mozilla-1.7.12-1.1.3.4.src.rpm
8d42f63144e878e750c96eb8fcb59935 mozilla-1.7.12-1.1.3.4.src.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mozilla-1.7.12-1.1.3.4.src.rpm
8d42f63144e878e750c96eb8fcb59935 mozilla-1.7.12-1.1.3.4.src.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mozilla-1.7.12-1.4.2.src.rpm
f146483027fa2848c552517765223fbd mozilla-1.7.12-1.4.2.src.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mozilla-1.7.12-1.4.2.src.rpm
f146483027fa2848c552517765223fbd mozilla-1.7.12-1.4.2.src.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mozilla-1.7.12-1.4.2.src.rpm
f146483027fa2848c552517765223fbd mozilla-1.7.12-1.4.2.src.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mozilla-1.7.12-1.4.2.src.rpm
f146483027fa2848c552517765223fbd mozilla-1.7.12-1.4.2.src.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2006:0200-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0200.html
Issue date: 2006-02-02
Updated on: 2006-02-02
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-4134 CVE-2006-0292 CVE-2006-0296

1. Summary:

An updated firefox package that fixes several security bugs is now available.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Mozilla Firefox is an open source Web browser.

Igor Bukanov discovered a bug in the way Firefox's Javascript interpreter derefernces objects. If a user visits a malicious web page, Firefox could crash or execute arbitrary code as the user running Firefox. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to this issue.

moz_bug_r_a4 discovered a bug in Firefox's XULDocument.persist() function. A malicious web page could inject arbitrary RDF data into a user's localstore.rdf file, which can cause Firefox to execute arbitrary javascript when a user runs Firefox. (CVE-2006-0296)

This update also fixes a bug when using XSLT to transform documents. Passing DOM Nodes as parameters to functions expecting an xsl:param could cause Firefox to throw an exception.

Users of Firefox are advised to upgrade to this updated package, which contains backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

179171 - CVE-2005-4134 Very long topic history.dat DoS
179173 - CVE-2006-0292 javascript unrooted access
179175 - CVE-2006-0296 XULDocument.persist() RDF data injection

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-1.0.7-1.4.3.src.rpm
148dd8bbaba85e70c6a05966e227b9fd firefox-1.0.7-1.4.3.src.rpm

i386:
cdb90ac4fe4ea60046932066dbc5f7f8 firefox-1.0.7-1.4.3.i386.rpm

ia64:
d544e64b8393fbffabd9bace92e4e481 firefox-1.0.7-1.4.3.ia64.rpm

ppc:
0f131aaad99f69b3a887e934a049b6bb firefox-1.0.7-1.4.3.ppc.rpm

s390:
e62769654343ed7e9630f77c637cb20a firefox-1.0.7-1.4.3.s390.rpm

s390x:
6a50c3d666f51e3bcf6c633e66b4606f firefox-1.0.7-1.4.3.s390x.rpm

x86_64:
4da2ae90595cd5371f85ab03582e27c9 firefox-1.0.7-1.4.3.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-1.0.7-1.4.3.src.rpm
148dd8bbaba85e70c6a05966e227b9fd firefox-1.0.7-1.4.3.src.rpm

i386:
cdb90ac4fe4ea60046932066dbc5f7f8 firefox-1.0.7-1.4.3.i386.rpm