Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections: Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs

Partner Sites
JustLinux.com
Linux Planet
PHPBuilder
Technology Jobs

Top White Papers

  • The penetration of virtual servers is approaching 50 percent in IT infrastructures, yet administrators are only backing up, on average, 68 percent of their...
    Download
  • The number, complexity, and diversity of cyber threats are soaring. Businesses are increasingly concerned about the risks they face and 91% of organizations...
    Download

Current Newswire:

More on LinuxToday

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Justtechjobs.com Post A Job | Post A Resume

Advisories, April 24, 2006

Apr 25, 2006, 04:45 (0 Talkback[s])

Debian GNU/Linux

Debian Security Advisory DSA 1039-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
April 24th, 2006 http://www.debian.org/security/faq

Package : blender
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2005-3302 CVE-2005-4470
BugTraq ID : 15981
Debian Bugs : 330895 344398

Several vulnerabilities have been discoverd in in blender, a very fast and versatile 3D modeller/renderer. The Common Vulnerability and Exposures Project identifies the following problems:

CVE-2005-3302

Joxean Koret discovered that due to missing input validation a provides script is vulnerable to arbitrary command execution.

CVE-2005-4470

Damian Put discovered a buffer overflow that allows remote attackers to cause a denial of service and possibly execute arbitrary code.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in version 2.36-1sarge1.

For the unstable distribution (sid) this problem has been fixed in version 2.40-1.

We recommend that you upgrade your blender package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1.dsc
      Size/MD5 checksum: 748 8d4a7880a3b1c0d1c2c2b7d67b1111c7
    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1.diff.gz
      Size/MD5 checksum: 13747 1731a5fd58dfbf6eacb4f2760be9dd27
    http://security.debian.org/pool/updates/main/b/blender/blender_2.36.orig.tar.gz
      Size/MD5 checksum: 6912828 8e2237c86b12e6061935632495aec875

Alpha architecture:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_alpha.deb
      Size/MD5 checksum: 4827460 180eeefd1123722e7c4aa0a43cf47eeb

AMD64 architecture:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_amd64.deb
      Size/MD5 checksum: 4118980 be9328fd278159f218a25763553e92be

ARM architecture:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_arm.deb
      Size/MD5 checksum: 4089822 07513b5818e448697bfbc6b1bed51873

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_i386.deb
      Size/MD5 checksum: 4142046 a263f52ac839648cee6e870b3d7e451e

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_ia64.deb
      Size/MD5 checksum: 5684932 db0b5c13cd696115958e2efb528f1eed

HP Precision architecture:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_hppa.deb
      Size/MD5 checksum: 4600312 c2241dbd8f88fbbf7ccdc164193dab60

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_m68k.deb
      Size/MD5 checksum: 3655228 8728fcd27b3fb0c9bc7c1a9eaf417bd0

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_mips.deb
      Size/MD5 checksum: 4310726 37dd5199543e5a9a20fae6abff093dc2

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_mipsel.deb
      Size/MD5 checksum: 4303728 21f55618f8ee45ed18c848ebb3707dab

PowerPC architecture:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_powerpc.deb
      Size/MD5 checksum: 4173870 1c2dc631d155be939696e67b1f8b2416

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_s390.deb
      Size/MD5 checksum: 3977484 0b7f82038c3f61280c42c337188cfd47

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_sparc.deb
      Size/MD5 checksum: 3940052 b64ac521aaa356b54f6a162f6c10bc4f

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 1040-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
April 24th, 2006 http://www.debian.org/security/faq

Package : gdm
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE ID : CVE-2006-1057
BugTraq ID : 17635

A vulnerability has been identified in gdm, a display manager for X, that could allow a local attacker to gain elevated privileges by exploiting a race condition in the handling of the .ICEauthority file.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in version 2.6.0.8-1sarge2.

For the unstable distribution (sid) this problem will be fixed in version 2.14.1-1.

We recommend that you upgrade your gdm package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2.dsc
      Size/MD5 checksum: 732 5e615263c621f3166eab26233249934b
    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2.diff.gz
      Size/MD5 checksum: 258548 323d831f75f4a784b754ee4d6902120f
    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8.orig.tar.gz
      Size/MD5 checksum: 5619049 1417d176925a4a24c465c043df7b6a39

Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_alpha.deb
      Size/MD5 checksum: 3243636 3641c4ee397d6f70fa15b439da1ca29d

AMD64 architecture:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_amd64.deb
      Size/MD5 checksum: 3178276 03057b54637e652dd37f98bf94e3b575

ARM architecture:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_arm.deb
      Size/MD5 checksum: 3124804 beb9189cf49420259a51210c1864cc08

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_i386.deb
      Size/MD5 checksum: 3144008 36c7dfed8ab7ece8d5b75fa720c6120d

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_ia64.deb
      Size/MD5 checksum: 3328900 c6b11ef8670cb3f63d946e0779d65c3f

HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_hppa.deb
      Size/MD5 checksum: 3185510 486b1377061ad3655a34d17abc9ece23

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_m68k.deb
      Size/MD5 checksum: 3115464 a002336849c45be8d7a70630a9dbe714

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_mips.deb
      Size/MD5 checksum: 3155474 dea4b0e6dbb2b1a4ac0b5a90e9a93035

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_mipsel.deb
      Size/MD5 checksum: 3147934 19dc1118fec157e9ae4f7e40418a7cbb

PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_powerpc.deb
      Size/MD5 checksum: 3172026 611508441a9bcd7df2bb3ac486a20da4

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_s390.deb
      Size/MD5 checksum: 3185506 f03786d134fda10cfb7ce9c6b4e13044

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_sparc.deb
      Size/MD5 checksum: 3137658 ea03ac108174033db47559465da66184

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200604-12

http://security.gentoo.org/

Severity: Normal
Title: Mozilla Firefox: Multiple vulnerabilities
Date: April 23, 2006
Bugs: #129924
ID: 200604-12

Synopsis

Several vulnerabilities in Mozilla Firefox allow attacks ranging from execution of script code with elevated privileges to information leaks.

Background

Mozilla Firefox is the next-generation web browser from the Mozilla project.

Affected packages

     Package                         /  Vulnerable  /       Unaffected



  1  www-client/mozilla-firefox           < 1.0.8             >= 1.0.8
  2  www-client/mozilla-firefox-bin       < 1.0.8             >= 1.0.8
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.

Description

Several vulnerabilities were found in Mozilla Firefox. Versions 1.0.8 and 1.5.0.2 were released to fix them.

Impact

A remote attacker could craft malicious web pages that would leverage these issues to inject and execute arbitrary script code with elevated privileges, steal local files, cookies or other information from web pages, and spoof content. Some of these vulnerabilities might even be exploited to execute arbitrary code with the rights of the browser user.

Workaround

There are no known workarounds for all the issues at this time.

Resolution

All Mozilla Firefox users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.8"

All Mozilla Firefox binary users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.8"

References

[ 1 ] CVE-2005-4134

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134

[ 2 ] CVE-2006-0292

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292

[ 3 ] CVE-2006-0296

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296

[ 4 ] CVE-2006-0748

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0748

[ 5 ] CVE-2006-0749

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749

[ 6 ] CVE-2006-1727

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1727

[ 7 ] CVE-2006-1728

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728

[ 8 ] CVE-2006-1729

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1729

[ 9 ] CVE-2006-1730

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730

[ 10 ] CVE-2006-1731

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731

[ 11 ] CVE-2006-1732

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732

[ 12 ] CVE-2006-1733

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733

[ 13 ] CVE-2006-1734

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734

[ 14 ] CVE-2006-1735

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735

[ 15 ] CVE-2006-1736

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1736

[ 16 ] CVE-2006-1737

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1737

[ 17 ] CVE-2006-1738

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1738

[ 18 ] CVE-2006-1739

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739

[ 19 ] CVE-2006-1740

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1740

[ 20 ] CVE-2006-1741

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741

[ 21 ] CVE-2006-1742

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742

[ 22 ] CVE-2006-1790

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1790

[ 23 ] Mozilla Foundation Security Advisories

http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200604-12.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Linux Security Advisory GLSA 200604-13

http://security.gentoo.org/

Severity: Normal
Title: fbida: Insecure temporary file creation
Date: April 23, 2006
Bugs: #129470
ID: 200604-13

Synopsis

fbida is vulnerable to linking attacks, potentially allowing a local user to overwrite arbitrary files.

Background

fbida is a collection of image viewers and editors for the framebuffer console and X11.

Affected packages

     Package          /  Vulnerable  /                      Unaffected

  1  media-gfx/fbida      < 2.03-r3                         >= 2.03-r3

Description

Jan Braun has discovered that the "fbgs" script provided by fbida insecurely creates temporary files in the "/var/tmp" directory.

Impact

A local attacker could create links in the temporary file directory, pointing to a valid file somewhere on the filesystem. When an affected script is called, this could result in the file being overwritten with the rights of the user running the script.

Workaround

There is no known workaround at this time.

Resolution

All fbida users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-gfx/fbida-2.03-r3"

References

[ 1 ] CVE-2006-1695

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1695

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200604-13.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Linux Security Advisory GLSA 200604-14

http://security.gentoo.org/

Severity: Normal
Title: Dia: Arbitrary code execution through XFig import
Date: April 23, 2006
Bugs: #128107
ID: 200604-14

Synopsis

Buffer overflows in Dia's XFig import could allow remote attackers to execute arbitrary code.

Background

Dia is a GTK+ based diagram creation program.

Affected packages

     Package         /  Vulnerable  /                       Unaffected

  1  app-office/dia      < 0.94-r5                          >= 0.94-r5

Description

infamous41md discovered multiple buffer overflows in Dia's XFig file import plugin.

Impact

By enticing a user to import a specially crafted XFig file into Dia, an attacker could exploit this issue to execute arbitrary code with the rights of the user running Dia.

Workaround

There is no known workaround at this time.

Resolution

All Dia users should upgrade to the latest available version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-office/dia-0.94-r5"

References

[ 1 ] CVE-2006-1550

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1550

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200604-14.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2006:073
http://www.mandriva.com/security/

Package : cyrus-sasl
Date : April 24, 2006
Affected: 10.2, Corporate 3.0, Multi Network Firewall 2.0

Problem Description:

A vulnerability in the CMU Cyrus Simple Authentication and Security Layer (SASL) library < 2.1.21, has an unknown impact and remote unauthenticated attack vectors, related to DIGEST-MD5 negotiation. In practice, Marcus Meissner found it is possible to crash the cyrus-imapd daemon with a carefully crafted communication that leaves out "realm=..." in the reply or the initial server response.

Updated packages have been patched to address this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721

Updated Packages:

Mandriva Linux 10.2:
0f6e423a1ef3803f9b6777e827977b3d 10.2/RPMS/cyrus-sasl-2.1.19-12.1.102mdk.i586.rpm
2e37644e8b213c87f36182e4af6eb433 10.2/RPMS/libsasl2-2.1.19-12.1.102mdk.i586.rpm
2b2c4cf9ea3fd956e9de41e91e4c4fbf 10.2/RPMS/libsasl2-devel-2.1.19-12.1.102mdk.i586.rpm
2173a85249e7db834a966b7cd6e8d5b4 10.2/RPMS/libsasl2-plug-anonymous-2.1.19-12.1.102mdk.i586.rpm
7d9f04136abdfd24487209226c6ab5d7 10.2/RPMS/libsasl2-plug-crammd5-2.1.19-12.1.102mdk.i586.rpm
a0e0468a37eeb1af3e3a9a8635900d1b 10.2/RPMS/libsasl2-plug-digestmd5-2.1.19-12.1.102mdk.i586.rpm
8b752a8a31d0948f9a1b0564fbcb724e 10.2/RPMS/libsasl2-plug-gssapi-2.1.19-12.1.102mdk.i586.rpm
3fbc57415040abca570130360a25224d 10.2/RPMS/libsasl2-plug-login-2.1.19-12.1.102mdk.i586.rpm
8907de7fa38e47c4bfece4001b137aa2 10.2/RPMS/libsasl2-plug-ntlm-2.1.19-12.1.102mdk.i586.rpm
545880d896754e11d17cb372c418e778 10.2/RPMS/libsasl2-plug-otp-2.1.19-12.1.102mdk.i586.rpm
0a5882eb7e2c92c7d1fed113a7f18bd5 10.2/RPMS/libsasl2-plug-plain-2.1.19-12.1.102mdk.i586.rpm
667f46d4b52290df98b9af19ee21dee6 10.2/RPMS/libsasl2-plug-sasldb-2.1.19-12.1.102mdk.i586.rpm
df6c6c9920af062ed2cbf3ee4c1f9594 10.2/RPMS/libsasl2-plug-sql-2.1.19-12.1.102mdk.i586.rpm
cc933c21e9066d307bb30e4272dab7bb 10.2/RPMS/libsasl2-plug-srp-2.1.19-12.1.102mdk.i586.rpm
4551b0897bf06e66ac70d9f139b8765f 10.2/SRPMS/cyrus-sasl-2.1.19-12.1.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
39fd1454e83c134507ca8808da363687 x86_64/10.2/RPMS/cyrus-sasl-2.1.19-12.1.102mdk.x86_64.rpm
57afeeebed5b3fa7ff3e2b2839ccce57 x86_64/10.2/RPMS/lib64sasl2-2.1.19-12.1.102mdk.x86_64.rpm
d12ce309789ddc682e1950001ec19389 x86_64/10.2/RPMS/lib64sasl2-devel-2.1.19-12.1.102mdk.x86_64.rpm
a83ae6920b1f8e4b7bf8461cbf6c5189 x86_64/10.2/RPMS/lib64sasl2-plug-anonymous-2.1.19-12.1.102mdk.x86_64.rpm
d30a0b7d795925f2ea85b5d7f3f438b0 x86_64/10.2/RPMS/lib64sasl2-plug-crammd5-2.1.19-12.1.102mdk.x86_64.rpm
fe36af2939a515c0cfcdb060659e5205 x86_64/10.2/RPMS/lib64sasl2-plug-digestmd5-2.1.19-12.1.102mdk.x86_64.rpm
0addc7200f5c435eb831245bda7e2f10 x86_64/10.2/RPMS/lib64sasl2-plug-gssapi-2.1.19-12.1.102mdk.x86_64.rpm
00b84e5dc048bdbd201fb92578510a7d x86_64/10.2/RPMS/lib64sasl2-plug-login-2.1.19-12.1.102mdk.x86_64.rpm
fc4ab1994c1152c227d07b8ef2002bfc x86_64/10.2/RPMS/lib64sasl2-plug-ntlm-2.1.19-12.1.102mdk.x86_64.rpm
d4fd5b860b88e9da40ffbb19f7f1774d x86_64/10.2/RPMS/lib64sasl2-plug-otp-2.1.19-12.1.102mdk.x86_64.rpm
72aeb079de7722039b218cd3c2a20466 x86_64/10.2/RPMS/lib64sasl2-plug-plain-2.1.19-12.1.102mdk.x86_64.rpm
5d0a5312b270d4d3f7cef16f913904a2 x86_64/10.2/RPMS/lib64sasl2-plug-sasldb-2.1.19-12.1.102mdk.x86_64.rpm
f22d9bb0f6271ce0df23c43465e0ada9 x86_64/10.2/RPMS/lib64sasl2-plug-sql-2.1.19-12.1.102mdk.x86_64.rpm
035d220ffceae7ed7cebb283109e4b61 x86_64/10.2/RPMS/lib64sasl2-plug-srp-2.1.19-12.1.102mdk.x86_64.rpm
4551b0897bf06e66ac70d9f139b8765f x86_64/10.2/SRPMS/cyrus-sasl-2.1.19-12.1.102mdk.src.rpm

Corporate 3.0:
930ea7b485d2a0602825e46ec4834270 corporate/3.0/RPMS/cyrus-sasl-2.1.15-10.5.C30mdk.i586.rpm
e9667c09be3be825f9d67e9c608ebee9 corporate/3.0/RPMS/libsasl2-2.1.15-10.5.C30mdk.i586.rpm
26681a8fd727e325a4ab41fdf0f76d5b corporate/3.0/RPMS/libsasl2-devel-2.1.15-10.5.C30mdk.i586.rpm
531e71aabe2ba6a33db9e25b16d600b3 corporate/3.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.5.C30mdk.i586.rpm
4f2ddc1b1af415ed62216df4fa7a1990 corporate/3.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.5.C30mdk.i586.rpm
41e834325c30d3df778be78ee20936ac corporate/3.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.5.C30mdk.i586.rpm
6fb04d4b4ff321f1743afebcc4bc04af corporate/3.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.5.C30mdk.i586.rpm
2ecbbc9319c881130eee4f32c2ecd13d corporate/3.0/RPMS/libsasl2-plug-login-2.1.15-10.5.C30mdk.i586.rpm
7dd9267c007aa2d4e7477564b1d0053f corporate/3.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.5.C30mdk.i586.rpm
5022c174c4fc977a89200df7639061b3 corporate/3.0/RPMS/libsasl2-plug-otp-2.1.15-10.5.C30mdk.i586.rpm
dd5332fbaca9ed53148c514833c85662 corporate/3.0/RPMS/libsasl2-plug-plain-2.1.15-10.5.C30mdk.i586.rpm
721fddfeb6929f20c0b0a036cd94af85 corporate/3.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.5.C30mdk.i586.rpm
91fad35e0d021b48e0724f1028fdb95f corporate/3.0/RPMS/libsasl2-plug-srp-2.1.15-10.5.C30mdk.i586.rpm
a47121c61c1d764dd174fb87ba15e11e corporate/3.0/SRPMS/cyrus-sasl-2.1.15-10.5.C30mdk.src.rpm

Corporate 3.0/X86_64:
1d28b4d2b3011e989ab92bdd2567e743 x86_64/corporate/3.0/RPMS/cyrus-sasl-2.1.15-10.5.C30mdk.x86_64.rpm
d722baf79d0b9db27279db46107d7703 x86_64/corporate/3.0/RPMS/lib64sasl2-2.1.15-10.5.C30mdk.x86_64.rpm
d2e284770fc354b547e20e92795cdf00 x86_64/corporate/3.0/RPMS/lib64sasl2-devel-2.1.15-10.5.C30mdk.x86_64.rpm
d59de45402ce7290a7d4c8e305057ba5 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-anonymous-2.1.15-10.5.C30mdk.x86_64.rpm
2972d5ea5d139ebf54971a3e4b983631 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-crammd5-2.1.15-10.5.C30mdk.x86_64.rpm
201aed549c8efc3bfdd23e15d4e0c95d x86_64/corporate/3.0/RPMS/lib64sasl2-plug-digestmd5-2.1.15-10.5.C30mdk.x86_64.rpm
373cac68a6d6fe16adf4f10d27cd9b44 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-gssapi-2.1.15-10.5.C30mdk.x86_64.rpm
1382da3f31460f7596c5ce3099194c78 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-login-2.1.15-10.5.C30mdk.x86_64.rpm
ac1fc40eb0c6b613321032325c91564c x86_64/corporate/3.0/RPMS/lib64sasl2-plug-ntlm-2.1.15-10.5.C30mdk.x86_64.rpm
a6b6433706ef5316e9b38c36b5490941 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-otp-2.1.15-10.5.C30mdk.x86_64.rpm
6f845c26b0df123330a8e7dc9e41a3da x86_64/corporate/3.0/RPMS/lib64sasl2-plug-plain-2.1.15-10.5.C30mdk.x86_64.rpm
130905710e927b237b8f3b4a09c56823 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-sasldb-2.1.15-10.5.C30mdk.x86_64.rpm
1560672b155b37e4432e58065662ef25 x86_64/corporate/3.0/RPMS/lib64sasl2-plug-srp-2.1.15-10.5.C30mdk.x86_64.rpm
a47121c61c1d764dd174fb87ba15e11e x86_64/corporate/3.0/SRPMS/cyrus-sasl-2.1.15-10.5.C30mdk.src.rpm

Multi Network Firewall 2.0:
8b6d21b255eb0423935e4755b8d5e14a mnf/2.0/RPMS/cyrus-sasl-2.1.15-10.5.M20mdk.i586.rpm
fdb7603310a32f2e44bcf5138fa97a93 mnf/2.0/RPMS/libsasl2-2.1.15-10.5.M20mdk.i586.rpm
4212f51dc7713dcc2551271a4e193ae7 mnf/2.0/RPMS/libsasl2-devel-2.1.15-10.5.M20mdk.i586.rpm
34115f9f7d4da76ec1aae5e97d30e649 mnf/2.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.5.M20mdk.i586.rpm
4c3a147915c049be92c4706ee25ecf62 mnf/2.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.5.M20mdk.i586.rpm
cbdf0553d8b352920c19ec71fa657c1f mnf/2.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.5.M20mdk.i586.rpm
c9c5c214b8a08441b343b5b8f4f1f4ee mnf/2.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.5.M20mdk.i586.rpm
275828de1aa4acb4e9f425004114ddc2 mnf/2.0/RPMS/libsasl2-plug-login-2.1.15-10.5.M20mdk.i586.rpm
788c1a1134884135899e734b8071602e mnf/2.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.5.M20mdk.i586.rpm
a920489cdfd9072f9189d5bebda99c03 mnf/2.0/RPMS/libsasl2-plug-otp-2.1.15-10.5.M20mdk.i586.rpm
f184c2d1696670d5a332577535f2b6e5 mnf/2.0/RPMS/libsasl2-plug-plain-2.1.15-10.5.M20mdk.i586.rpm
4b8e4add36ce7bfb1a3b13360ee4a8c5 mnf/2.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.5.M20mdk.i586.rpm
52d4ee53157468483f15c3f58888db3b mnf/2.0/RPMS/libsasl2-plug-srp-2.1.15-10.5.M20mdk.i586.rpm
07885e682d6eb07d7316fda28f31bda5 mnf/2.0/SRPMS/cyrus-sasl-2.1.15-10.5.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2006:074
http://www.mandriva.com/security/

Package : php
Date : April 24, 2006
Affected: 10.2, 2006.0, Corporate 3.0, Multi Network Firewall 2.0

Problem Description:

A cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP <= 5.1.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed. (CVE-2006-0996)

Directory traversal vulnerability in file.c in PHP <= 5.1.2 allows local users to bypass open_basedir restrictions and allows remote attackers to create files in arbitrary directories via the tempnam function. (CVE-2006-1494)

The copy function in file.c in PHP <= 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI. (CVE-2006-1608)

Updated packages have been patched to address these issues. After upgrading these packages, please run "service httpd restart".

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1608

Updated Packages:

Mandriva Linux 10.2:
6cb691aa48c2296c57f3d65d2724f7d3 10.2/RPMS/libphp_common432-4.3.10-7.11.102mdk.i586.rpm
6c72033c47da9a215e7d9d5818bd8a4c 10.2/RPMS/php432-devel-4.3.10-7.11.102mdk.i586.rpm
2d3b41503d65dbb63afd816b82dcc4c0 10.2/RPMS/php-cgi-4.3.10-7.11.102mdk.i586.rpm
23dff1292b45e3019cfcff624988c1bf 10.2/RPMS/php-cli-4.3.10-7.11.102mdk.i586.rpm
80ea8ca3381b02fe700184e2f4996a01 10.2/SRPMS/php-4.3.10-7.11.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
b0aa527c34e84bd561028bc7be2f15f3 x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.11.102mdk.x86_64.rpm
99908ebcd99ad6fd6743dfcc7bc8f0bb x86_64/10.2/RPMS/php432-devel-4.3.10-7.11.102mdk.x86_64.rpm
1bd9fe999525590c0349daf67f091120 x86_64/10.2/RPMS/php-cgi-4.3.10-7.11.102mdk.x86_64.rpm
96c4cc779c0b95b9d657c7a22ce25a6c x86_64/10.2/RPMS/php-cli-4.3.10-7.11.102mdk.x86_64.rpm
80ea8ca3381b02fe700184e2f4996a01 x86_64/10.2/SRPMS/php-4.3.10-7.11.102mdk.src.rpm

Mandriva Linux 2006.0:
f9f92f293c9a66facd9df8d387aff8a4 2006.0/RPMS/libphp5_common5-5.0.4-9.7.20060mdk.i586.rpm
7e9966dbcae985dc1a96d504a0f62608 2006.0/RPMS/php-cgi-5.0.4-9.7.20060mdk.i586.rpm
5986088bc45b33a07cfa9040728eda4b 2006.0/RPMS/php-cli-5.0.4-9.7.20060mdk.i586.rpm
cb71d5ed6ce66a8cb8bb6eb606f41c18 2006.0/RPMS/php-devel-5.0.4-9.7.20060mdk.i586.rpm
35a8f28a1bf837da8c4cd4c7ccfbabf0 2006.0/RPMS/php-fcgi-5.0.4-9.7.20060mdk.i586.rpm
4ed1817971b580bf5158ba8c7849942a 2006.0/SRPMS/php-5.0.4-9.7.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
12034267cfa851d3cd1790147fe33a33 x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.7.20060mdk.x86_64.rpm
71fa67fd6f623cca6bef276f8698966c x86_64/2006.0/RPMS/php-cgi-5.0.4-9.7.20060mdk.x86_64.rpm
a5ae41e39b78f723e5c008f42cd94713 x86_64/2006.0/RPMS/php-cli-5.0.4-9.7.20060mdk.x86_64.rpm
26d888c996a63a6f30f1158f1f262ac5 x86_64/2006.0/RPMS/php-devel-5.0.4-9.7.20060mdk.x86_64.rpm
7bffe3e550178279eb0cf86a63135ed8 x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.7.20060mdk.x86_64.rpm
4ed1817971b580bf5158ba8c7849942a x86_64/2006.0/SRPMS/php-5.0.4-9.7.20060mdk.src.rpm

Corporate 3.0:
9465ef267ccc97c3bdb93ac1c01d4e1f corporate/3.0/RPMS/libphp_common432-4.3.4-4.15.C30mdk.i586.rpm
b93cf0957bafbe7b8fd09e389e213bd7 corporate/3.0/RPMS/php432-devel-4.3.4-4.15.C30mdk.i586.rpm
5c804ad53a5465611daf49e1a086f0e1 corporate/3.0/RPMS/php-cgi-4.3.4-4.15.C30mdk.i586.rpm
b14c50b9c0f43f187db405cc8f55cd08 corporate/3.0/RPMS/php-cli-4.3.4-4.15.C30mdk.i586.rpm
1a9f953f763ea289713cc8b456cde484 corporate/3.0/SRPMS/php-4.3.4-4.15.C30mdk.src.rpm

Corporate 3.0/X86_64:
9569da02e4cd1d854cdbad8dcf91003a x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.15.C30mdk.x86_64.rpm
476b548c9d342dac9a5a3bb230f17f33 x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.15.C30mdk.x86_64.rpm
dffb56720790f00ed138e9b66a4f9145 x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.15.C30mdk.x86_64.rpm
6549890f5a9d15a721ced4ff8991149b x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.15.C30mdk.x86_64.rpm
1a9f953f763ea289713cc8b456cde484 x86_64/corporate/3.0/SRPMS/php-4.3.4-4.15.C30mdk.src.rpm

Multi Network Firewall 2.0:
47733a5fa2b3ea413a53ce000a0bbc73 mnf/2.0/RPMS/libphp_common432-4.3.4-4.15.M20mdk.i586.rpm
9f6cdbe97597ba858c202937cc0e2999 mnf/2.0/RPMS/php432-devel-4.3.4-4.15.M20mdk.i586.rpm
181a9b0a5673f83096dddadc07a3324d mnf/2.0/RPMS/php-cgi-4.3.4-4.15.M20mdk.i586.rpm
08928ad43dccf63184d0cb9b7090a2a6 mnf/2.0/RPMS/php-cli-4.3.4-4.15.M20mdk.i586.rpm
47295c4db3710a956c489848f253ada7 mnf/2.0/SRPMS/php-4.3.4-4.15.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Slackware Linux

[slackware-security] mozilla security/EOL (SSA:2006-114-01)

New Mozilla packages are available for Slackware 10.0, 10.1, 10.2 and -current to fix multiple security issues.

More details about the issues may be found here:

http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla

Also note that this release marks the EOL (End Of Life) for the Mozilla Suite series. It's been a great run, so thanks to everyone who put in so much effort to make Mozilla a great browser suite. In the next Slackware release fans of the Mozilla Suite will be able to look forward to browsing with SeaMonkey, the Suite's successor. Anyone using an older version of Slackware may want to start thinking about migrating to another browser -- if not now, when the next problems with Mozilla are found.

Although the "sunset announcement" states that mozilla-1.7.13 is the final mozilla release, I wouldn't be too surprised to see just one more since there's a Makefile.in bug that needed to be patched here before Mozilla 1.7.13 would build. If a new release comes out and fixes only that issue, don't look for a package release on that as it's already fixed in these packages. If additional issues are fixed, then there will be new packages. Basically, if upstream un-EOLs this for a good reason, so will we.

Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/mozilla-1.7.13-i486-1.tgz: Upgraded to mozilla-1.7.13.
This upgrade fixes several possible security bugs.
For more information, see:
    http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla
This release marks the end-of-life of the Mozilla 1.7.x series:
    http://developer.mozilla.org/devnews/index.php/2006/04/12/sunset-announcement-for-fxtb-10x-and-mozilla-suite-17x/ Mozilla Corporation is recommending that users think about
migrating to Firefox and Thunderbird.
(* Security fix *)
+--------------------------+

Where to find the new packages:

Updated packages for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mozilla-1.7.13-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mozilla-plugins-1.7.13-noarch-1.tgz

Updated packages for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mozilla-1.7.13-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mozilla-plugins-1.7.13-noarch-1.tgz

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-1.7.13-i486-1.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-1.7.13-i486-1.tgz

MD5 signatures:

Slackware 10.0 packages:
68854f3ff3df3abe499554a09f5936e8 mozilla-1.7.13-i486-1.tgz
506940dd673f5f199f8b829581f70c03 mozilla-plugins-1.7.13-noarch-1.tgz

Slackware 10.1 packages:
54066af072c28489efaf080ad6751936 mozilla-1.7.13-i486-1.tgz
2296ff82e5b753f5d43da07d46850481 mozilla-plugins-1.7.13-noarch-1.tgz

Slackware 10.2 package:
ac7d2d23a475418fdf29d4c0f70929da mozilla-1.7.13-i486-1.tgz

Slackware -current package:
bc5f54cf5af6a2917c751699b06391a0 mozilla-1.7.13-i486-1.tgz

Installation instructions:

Upgrade the package as root:
# upgradepkg mozilla-1.7.13-i486-1.tgz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

Ubuntu Linux

Ubuntu Security Notice USN-272-1 April 24, 2006
cyrus-sasl2 vulnerability
CVE-2006-1721

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libsasl2-modules-gssapi-heimdal

The problem can be corrected by upgrading the affected package to version 2.1.19-1.3ubuntu0.1 (for Ubuntu 4.10), 2.1.19-1.5ubuntu1.1 (for Ubuntu 5.04), or 2.1.19-1.5ubuntu4.2 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes.

If you configured Postfix, OpenLDAP or possibly other server applications to use SASL with the DIGEST-MD5 plugin, you need to restart these services after the security upgrade.

Details follow:

A Denial of Service vulnerability has been discovered in the SASL authentication library when using the DIGEST-MD5 plugin. By sending a specially crafted realm name, a malicious SASL server could exploit this to crash the application that uses SASL.

Updated packages for Ubuntu 4.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.3ubuntu0.1.diff.gz
      Size/MD5: 31295 28e26e81bea870375a9044475339913f
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.3ubuntu0.1.dsc
      Size/MD5: 1082 4131240372a9da4d2da02c9165d63bc8
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19.orig.tar.gz
      Size/MD5: 1531667 670f9a0c0a99cf09d679cd5c859a3715

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.3ubuntu0.1_amd64.deb
      Size/MD5: 258820 86d5866babc1766104f4b66ab2fed360
    http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.3ubuntu0.1_amd64.deb
      Size/MD5: 54526 6b723bbd20889704ca2cbd95067f151d
    http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.3ubuntu0.1_amd64.deb
      Size/MD5: 54196 fd9c85128b607d7df0339033102363db
    http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.3ubuntu0.1_amd64.deb
      Size/MD5: 52524 1ef5d455faa9f522ace1c7b06aff8ca0
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.3ubuntu0.1_amd64.deb
      Size/MD5: 171254 0c0b5377e38c80bc53a36aa4bb9d38fe
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.3ubuntu0.1_amd64.deb
      Size/MD5: 264802 3a8f1cde60bc029316fc1a9948a1eeea
    http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bin_2.1.19-1.3ubuntu0.1_amd64.deb
      Size/MD5: 117620 82cdfbb8f1883a52682a2808fe4ec98e

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.3ubuntu0.1_i386.deb
      Size/MD5: 242882 26d8e5125fd2b51b67a8217bd1efa180
    http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.3ubuntu0.1_i386.deb
      Size/MD5: 52458 1e946756a860b576f046215d797e0c5b
    http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.3ubuntu0.1_i386.deb
      Size/MD5: 52298 8d3e15320e81595c47f620b84d683008
    http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.3ubuntu0.1_i386.deb
      Size/MD5: 50400 6f84abc1a297ec90540b69f017c92191
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.3ubuntu0.1_i386.deb
      Size/MD5: 152680 902f2fa39200df4c9ac4e8cfcab8d5a1
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.3ubuntu0.1_i386.deb
      Size/MD5: 258066 7033a447f8e1847b93312bfa9f9c02ec
    http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bin_2.1.19-1.3ubuntu0.1_i386.deb
      Size/MD5: 110840 64ed0e4b55f330ad24045809e72ccd06

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.3ubuntu0.1_powerpc.deb
      Size/MD5: 264940 70dd4d15d19b170f1c70d38d0bc10193
    http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.3ubuntu0.1_powerpc.deb
      Size/MD5: 56018 5b54526494ddf58a33e4bdf543bba780
    http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.3ubuntu0.1_powerpc.deb
      Size/MD5: 56380 56032db698c428dcbe75b4d757512b93
    http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.3ubuntu0.1_powerpc.deb
      Size/MD5: 55278 14739969a83cde545f3b0e66f8ce3101
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.3ubuntu0.1_powerpc.deb
      Size/MD5: 194980 c1e2415b877b8193fe354b1b94d967c6
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.3ubuntu0.1_powerpc.deb
      Size/MD5: 267870 9a90c5d48cad62a75d2407ad599fc154
    http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bin_2.1.19-1.3ubuntu0.1_powerpc.deb
      Size/MD5: 121432 f23c6ac86b2abd990251f3ea30a283bd

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.5ubuntu1.1.diff.gz
      Size/MD5: 31862 3524326b12a7f4c2a54083112a441980
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.5ubuntu1.1.dsc
      Size/MD5: 1123 6dc5725b50d570fdc3afaa31f6243fc2
    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19.orig.tar.gz
      Size/MD5: 1531667 670f9a0c0a99cf09d679cd5c859a3715

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5ubuntu1.1_amd64.deb
      Size/MD5: 259210 287831264637aedc415a393847aaa066
    http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu1.1_amd64.deb
      Size/MD5: 54948 17e37f99a905e84cd76351fcbeac834c