Linux Today - Advisories, May 3, 2006

search.internet.com

Become a Marketplace Partner

internet.commerce

Be a Commerce Partner

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices

Technology Jobs

LinuxToday Newsletters

Subscribe News
Subscribe PR
Subscribe Security

internet.com

IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Current Newswire:

Easy (and amazing) Debian for the N900

Insight into GNU/Linux boot process

Reviewed: OpenOffice.org 3.2

Creating An NFS-Like Standalone Storage Server With GlusterFS On CentOS 5.4

Open Source is Not a Democracy

Open Source Gets Political

Open source and the Morevna project

Android market going down the drain?

All Done With Ubuntu

Google Offers Migration Tool for Microsoft Exchange Data

Systems Engineer Sr – Solaris – Linux – Logical Domains (CO)
Next Step Systems
US-CO-Thornton

Post A Job | Post A Resume

:Advisories, May 3, 2006

Advisories, May 3, 2006
May 4, 2006, 04 :45 UTC (0 Talkback[s]) (3548 reads)

Debian GNU/Linux

Debian Security Advisory DSA 1050-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
May 2nd, 2006 http://www.debian.org/security/faq

Package : clamav
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-1989
BugTraq ID : 17754

Ulf Hürnhammar and an anonymous researcher from Germany discovered a vulnerability in the protocol code of freshclam, a command line utility responsible for downloading and installing virus signature updates for ClamAV, the antivirus scanner for Unix. This could lead to a denial of service or potentially the execution of arbitrary code.

The old stable distribution (woody) does not contain clamav packages.

For the stable distribution (sarge) this problem has been fixed in version 0.84-2.sarge.9.

For the unstable distribution (sid) this problem has been fixed in version 0.88.2-1.

We recommend that you upgrade your clamav packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9.dsc
      Size/MD5 checksum: 876 943e000ec0e1286a3dbdf29df42d2079
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9.diff.gz
      Size/MD5 checksum: 176085 5e83632aca0a41e5e9e666d7dc9bddb1
    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
      Size/MD5 checksum: 4006624 c43213da01d510faf117daa9a4d5326c

Architecture independent components:

    http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.9_all.deb
      Size/MD5 checksum: 154874 583075812746d50b00cf393f91cf6268
    http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.9_all.deb
      Size/MD5 checksum: 690472 154f6c262b9525573acbc7d63c0fc58a
    http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.9_all.deb
      Size/MD5 checksum: 123852 431264c393cbf721d11a4c17b465984c

Alpha architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_alpha.deb
      Size/MD5 checksum: 74762 c0841b5ad9c30a0e1ab5bc852a5b4df5
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_alpha.deb
      Size/MD5 checksum: 48832 ca0177b0ad40dab6ebd5e2482dccff0c
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_alpha.deb
      Size/MD5 checksum: 2176472 9c55170dba238d910e2a76a9b9a0f90e
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_alpha.deb
      Size/MD5 checksum: 42110 91038c466a5d7da73ec408edf1d79079
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_alpha.deb
      Size/MD5 checksum: 255658 4018f5b3119dbe0a046bd3ef0eea7f5d
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_alpha.deb
      Size/MD5 checksum: 285526 dc76ca7e4f9334b55b8552e6de6144a7

AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_amd64.deb
      Size/MD5 checksum: 68840 f129489350c5dd3b700f10eae2e41e74
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_amd64.deb
      Size/MD5 checksum: 44172 dfab3e90cb2948c876a66f34688a8e54
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_amd64.deb
      Size/MD5 checksum: 2173250 bc5b91cd655eea9f62d9c997a4f33d0e
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_amd64.deb
      Size/MD5 checksum: 40002 003163f47600d0992a6c6d445919e2a5
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_amd64.deb
      Size/MD5 checksum: 176418 530c4ae72744122635ca79305d7624c8
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_amd64.deb
      Size/MD5 checksum: 259640 252a1582028a3a931d7535bcd6c08a93

ARM architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_arm.deb
      Size/MD5 checksum: 63908 daadbd0ec8dd6bbbe0efb7dea8c7c862
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_arm.deb
      Size/MD5 checksum: 39588 033e2e0cfcc9bff7560beb8a98c6d07b
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_arm.deb
      Size/MD5 checksum: 2171286 19e45af806dc2d39dbf2facc99e71414
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_arm.deb
      Size/MD5 checksum: 37304 8918504ae9fe175df5e403248df27184
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_arm.deb
      Size/MD5 checksum: 174796 ecb5d13c843235495b25cfb422dcdd1e
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_arm.deb
      Size/MD5 checksum: 249614 68a25e96c65651a742a3cdea82b6e4dc

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_i386.deb
      Size/MD5 checksum: 65208 499c59767ffef73b2e466d0ad355acd9
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_i386.deb
      Size/MD5 checksum: 40312 5c1197cfd1d386259090acd018a09d1d
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_i386.deb
      Size/MD5 checksum: 2171586 18efe0dffbe399b65f6109cf64fb4ebc
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_i386.deb
      Size/MD5 checksum: 38026 e2ea6a0007d4cb3eb89a677ced6237d0
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_i386.deb
      Size/MD5 checksum: 159514 07dc6d59c3ca44802a884ba57295f25c
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_i386.deb
      Size/MD5 checksum: 254212 8f0ac53bb73ab04cace56dacbd1f7385

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_ia64.deb
      Size/MD5 checksum: 81806 2f5e60307573c83948b364aba0b902d7
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_ia64.deb
      Size/MD5 checksum: 55248 b0836a06803e2817c62a2fb0e44bbdf2
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_ia64.deb
      Size/MD5 checksum: 2180260 67d516ba4de63b2df9a2f22ea09977cc
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_ia64.deb
      Size/MD5 checksum: 49196 eef0faa8458ad343723b2ad5ab20b85d
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_ia64.deb
      Size/MD5 checksum: 252022 44ae4643b97df4c60fc9344e978ed301
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_ia64.deb
      Size/MD5 checksum: 317594 792d635c17661ff30a98002bcbf28c20

HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_hppa.deb
      Size/MD5 checksum: 68278 e6ae93d179cf42dff2e3e21f73b791d8
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_hppa.deb
      Size/MD5 checksum: 43294 aca3a82514944bd64fe592f4c82fd3ee
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_hppa.deb
      Size/MD5 checksum: 2173750 e75c6299f3bcebf2fde0152a97964fd5
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_hppa.deb
      Size/MD5 checksum: 39444 1bcd721e1d64f1dd87d210e67dd03c8a
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_hppa.deb
      Size/MD5 checksum: 202610 6de992b66d479fc91ab9c7f2ce241fe8
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_hppa.deb
      Size/MD5 checksum: 283332 b53830c42ec5c4b4cc2f75804ee33165

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_m68k.deb
      Size/MD5 checksum: 62522 b64d3b425ff4a76e45a1ad3fda52ac93
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_m68k.deb
      Size/MD5 checksum: 38206 14a9a4a27a4b09153cce7adf167e3832
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_m68k.deb
      Size/MD5 checksum: 2170544 eda974d6e3d676f4eaffb82a73548b89
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_m68k.deb
      Size/MD5 checksum: 35058 04b9394b533707237f58a402339cd84f
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_m68k.deb
      Size/MD5 checksum: 146258 5ea523a7dbf19ff9d9d01b4ad8f31f39
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_m68k.deb
      Size/MD5 checksum: 250356 1954573109230d4898760c36a3c87ba4

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_mips.deb
      Size/MD5 checksum: 67950 27a6b985d95bb70281ad7cd842770170
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_mips.deb
      Size/MD5 checksum: 43798 c802171f2f84f4f14ef1a720ecbb8aa7
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_mips.deb
      Size/MD5 checksum: 2173032 7aa9e633b0962f5ab86ee11fb7c3974a
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_mips.deb
      Size/MD5 checksum: 37668 dec8e08fd9996962a93a1c3d752be4f0
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_mips.deb
      Size/MD5 checksum: 195430 3e94e63724ef9c2dd11a59648f4b5c97
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_mips.deb
      Size/MD5 checksum: 257462 ef59f02caa5d95c70b85022ea788bfa3

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_mipsel.deb
      Size/MD5 checksum: 67556 a8f18eb0565bba5c75370ff92ac78f38
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_mipsel.deb
      Size/MD5 checksum: 43580 59d814309d704ff91e9e07d492cc7167
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_mipsel.deb
      Size/MD5 checksum: 2172984 cb6babbbb93113c91190757557209803
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_mipsel.deb
      Size/MD5 checksum: 37966 e87c71e23e8ccd7c1250c2338dafc9ea
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_mipsel.deb
      Size/MD5 checksum: 191864 cdaf87930502971bfb89860cdef54ac1
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_mipsel.deb
      Size/MD5 checksum: 255070 50e2c374bd3bcb15ff980e1fb3251f7b

PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_powerpc.deb
      Size/MD5 checksum: 69284 4257688fc42e09118821e8958f0a6ee7
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_powerpc.deb
      Size/MD5 checksum: 44694 f3ad6da5431802cc4d397bec741eca81
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_powerpc.deb
      Size/MD5 checksum: 2173702 9b536d611b6ce4e48da03459c5071e84
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_powerpc.deb
      Size/MD5 checksum: 38886 ff6033af2c67302deb234a7f120cf779
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_powerpc.deb
      Size/MD5 checksum: 187680 227518152740d2518c5ec92105d85179
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_powerpc.deb
      Size/MD5 checksum: 264838 7f4c6eed60bdc21edd28b60fdfe4c710

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_s390.deb
      Size/MD5 checksum: 67906 8c6217c5131838abbfd7ce298556c8b1
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_s390.deb
      Size/MD5 checksum: 43564 d6af81d53141d8efddb3878d70a0e624
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_s390.deb
      Size/MD5 checksum: 2172976 993af7eba4a41c2510f5280f37d7e048
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_s390.deb
      Size/MD5 checksum: 38942 50b2b6c19597e479e1f398439018ce9c
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_s390.deb
      Size/MD5 checksum: 182606 3821257f0925fe2be95a355d3d018d88
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_s390.deb
      Size/MD5 checksum: 269406 9fe3e9dd8e7564db863a452b2ff9ffae

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_sparc.deb
      Size/MD5 checksum: 64424 df6e026c7266999f8747bc82706deb8f
    http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_sparc.deb
      Size/MD5 checksum: 39456 a426823f333ab28e49b16934f19dc346
    http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_sparc.deb
      Size/MD5 checksum: 2171178 ea328218eaa01a6ed32c2dcaff418844
    http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_sparc.deb
      Size/MD5 checksum: 36844 c92fc7b0b4249d6dcd3058482a0936c3
    http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_sparc.deb
      Size/MD5 checksum: 175782 45be5bb635f8fe1244045c429dae943f
    http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_sparc.deb
      Size/MD5 checksum: 264704 dfcbfa29904f0db5848da5de1885d1ea

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2006:081
http://www.mandriva.com/security/

Package : xorg-x11
Date : May 2, 2006
Affected: 10.2, 2006.0

Problem Description:

A problem was discovered in xorg-x11 where the X render extension would mis-calculate the size of a buffer, leading to an overflow that could possibly be exploited by clients of the X server.

The updated packages have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1526

Updated Packages:

Mandriva Linux 10.2:
a2b8586e98837e2e1944c76fb57b9ab1 10.2/RPMS/libxorg-x11-6.8.2-7.3.102mdk.i586.rpm
c40829d9ea0cfb5837019be1226c10be 10.2/RPMS/libxorg-x11-devel-6.8.2-7.3.102mdk.i586.rpm
1037572baf36062f474fc18d8ef3c479 10.2/RPMS/libxorg-x11-static-devel-6.8.2-7.3.102mdk.i586.rpm
04becfb293020cc4ff315a2ee0ebf32e 10.2/RPMS/X11R6-contrib-6.8.2-7.3.102mdk.i586.rpm
83ecbd5538b58e2e7b4b7ab1a275f232 10.2/RPMS/xorg-x11-100dpi-fonts-6.8.2-7.3.102mdk.i586.rpm
9a7d14442752f3bd569d238305e6b4c5 10.2/RPMS/xorg-x11-6.8.2-7.3.102mdk.i586.rpm
f59d28b4ccb04597bcffaefd61beddab 10.2/RPMS/xorg-x11-75dpi-fonts-6.8.2-7.3.102mdk.i586.rpm
e45d5e613005a56c083693ec06a0f42f 10.2/RPMS/xorg-x11-cyrillic-fonts-6.8.2-7.3.102mdk.i586.rpm
32f4a41dfb1160a15f00c79f6844497d 10.2/RPMS/xorg-x11-doc-6.8.2-7.3.102mdk.i586.rpm
2081fc6014b96ed43e2c7f3eff340598 10.2/RPMS/xorg-x11-glide-module-6.8.2-7.3.102mdk.i586.rpm
683ccfd056709341173fcfaca26d6093 10.2/RPMS/xorg-x11-server-6.8.2-7.3.102mdk.i586.rpm
c43fdd380205248d49dd178239b330d8 10.2/RPMS/xorg-x11-xauth-6.8.2-7.3.102mdk.i586.rpm
dd775264950082d89cdc54dcff3cd665 10.2/RPMS/xorg-x11-Xdmx-6.8.2-7.3.102mdk.i586.rpm
950dfe1df58de30e7a8978679365cf84 10.2/RPMS/xorg-x11-xfs-6.8.2-7.3.102mdk.i586.rpm
ec3b5a7752b7a3ebf6512410582d9307 10.2/RPMS/xorg-x11-Xnest-6.8.2-7.3.102mdk.i586.rpm
36d85f3ec61acf906794f460964e81ef 10.2/RPMS/xorg-x11-Xprt-6.8.2-7.3.102mdk.i586.rpm
35d88a1d859606994dcf419b5368a4ab 10.2/RPMS/xorg-x11-Xvfb-6.8.2-7.3.102mdk.i586.rpm
9186fc96840016fc20e734fc7011db41 10.2/SRPMS/xorg-x11-6.8.2-7.3.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
a780d4e331064a187377d4640d6c3f17 x86_64/10.2/RPMS/lib64xorg-x11-6.8.2-7.3.102mdk.x86_64.rpm
4a39ecfa5c3689418752402c38fa4cbf x86_64/10.2/RPMS/lib64xorg-x11-devel-6.8.2-7.3.102mdk.x86_64.rpm
7dc493ee280124d65485c371bde6d768 x86_64/10.2/RPMS/lib64xorg-x11-static-devel-6.8.2-7.3.102mdk.x86_64.rpm
a2b8586e98837e2e1944c76fb57b9ab1 x86_64/10.2/RPMS/libxorg-x11-6.8.2-7.3.102mdk.i586.rpm
c40829d9ea0cfb5837019be1226c10be x86_64/10.2/RPMS/libxorg-x11-devel-6.8.2-7.3.102mdk.i586.rpm
1037572baf36062f474fc18d8ef3c479 x86_64/10.2/RPMS/libxorg-x11-static-devel-6.8.2-7.3.102mdk.i586.rpm
e6a02cb2c3c4d9d80d47a2bf897a5eaa x86_64/10.2/RPMS/X11R6-contrib-6.8.2-7.3.102mdk.x86_64.rpm
a6b0f7a3f8fbc35be6b94d351d8d7504 x86_64/10.2/RPMS/xorg-x11-100dpi-fonts-6.8.2-7.3.102mdk.x86_64.rpm
ba547a06e55cdd70665e1f6fa16a9f21 x86_64/10.2/RPMS/xorg-x11-6.8.2-7.3.102mdk.x86_64.rpm
69025794bb59e71f19e13b2f84c9e002 x86_64/10.2/RPMS/xorg-x11-75dpi-fonts-6.8.2-7.3.102mdk.x86_64.rpm
6aa05b3fad46e506f6c0cc5a5d6b16bd x86_64/10.2/RPMS/xorg-x11-cyrillic-fonts-6.8.2-7.3.102mdk.x86_64.rpm
47789a545c49c17eb831c01784b217ec x86_64/10.2/RPMS/xorg-x11-doc-6.8.2-7.3.102mdk.x86_64.rpm
a2d447afd9360b7fc09450da3523b552 x86_64/10.2/RPMS/xorg-x11-server-6.8.2-7.3.102mdk.x86_64.rpm
c0661878d727b5c2f0cfe689748923e2 x86_64/10.2/RPMS/xorg-x11-xauth-6.8.2-7.3.102mdk.x86_64.rpm
7d0b9c84fb5b83909e1dc59e8b7ee5e2 x86_64/10.2/RPMS/xorg-x11-Xdmx-6.8.2-7.3.102mdk.x86_64.rpm
60f4063de8adafcf691ef0d4627dac95 x86_64/10.2/RPMS/xorg-x11-xfs-6.8.2-7.3.102mdk.x86_64.rpm
30612f88bb7a2a2c97a625006b8b7f8f x86_64/10.2/RPMS/xorg-x11-Xnest-6.8.2-7.3.102mdk.x86_64.rpm
6a3a87b3cf7f7a319e3d4718e157a9e8 x86_64/10.2/RPMS/xorg-x11-Xprt-6.8.2-7.3.102mdk.x86_64.rpm
ee2d660c48449e901d51d24fa220919d x86_64/10.2/RPMS/xorg-x11-Xvfb-6.8.2-7.3.102mdk.x86_64.rpm
9186fc96840016fc20e734fc7011db41 x86_64/10.2/SRPMS/xorg-x11-6.8.2-7.3.102mdk.src.rpm

Mandriva Linux 2006.0:
1f422d4db438f8af71d37be16aa31dd8 2006.0/RPMS/libxorg-x11-6.9.0-5.5.20060mdk.i586.rpm
567fe8719887e0018da7c0c931b006be 2006.0/RPMS/libxorg-x11-devel-6.9.0-5.5.20060mdk.i586.rpm
bc6948084d15e2db685570435e6c578f 2006.0/RPMS/libxorg-x11-static-devel-6.9.0-5.5.20060mdk.i586.rpm
b0caee00bf81ead022e6ba43e936b3e4 2006.0/RPMS/X11R6-contrib-6.9.0-5.5.20060mdk.i586.rpm
bf84187d9c8c1359addc677d06f75bb0 2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.5.20060mdk.i586.rpm
a8894744dec0a8141a525689911dc2ed 2006.0/RPMS/xorg-x11-6.9.0-5.5.20060mdk.i586.rpm
6ae694eb99ce727d4de310da9b52792e 2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.5.20060mdk.i586.rpm
3972988a2e0575da6ed11f6f9941ef70 2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.5.20060mdk.i586.rpm
8c6bf7c477a4603425f4dda1b16e2dc8 2006.0/RPMS/xorg-x11-doc-6.9.0-5.5.20060mdk.i586.rpm
1ae0cd43a6e86cd2e2880c2efc3b2425 2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.5.20060mdk.i586.rpm
f105a31d5bffc0bc9542309a6f74d3e7 2006.0/RPMS/xorg-x11-server-6.9.0-5.5.20060mdk.i586.rpm
7f74a7dc4beaa4805ef9ac2383c27e98 2006.0/RPMS/xorg-x11-xauth-6.9.0-5.5.20060mdk.i586.rpm
efc90de7405cef98c7eaea966beb4aae 2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.5.20060mdk.i586.rpm
ddee5ef185307f2791ea92696784c87a 2006.0/RPMS/xorg-x11-xfs-6.9.0-5.5.20060mdk.i586.rpm
0741c8b6834f7a48d955894b4d0b92e2 2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.5.20060mdk.i586.rpm
6e6defaf5940866929820b52d6de7711 2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.5.20060mdk.i586.rpm
ccc8c50d51b3e7a51aeeb6808b9ba155 2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.5.20060mdk.i586.rpm
5b61c9d922940a39907dc210b866d9b6 2006.0/SRPMS/xorg-x11-6.9.0-5.5.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
7af0c66f8ea216d5425754079a55160d x86_64/2006.0/RPMS/lib64xorg-x11-6.9.0-5.5.20060mdk.x86_64.rpm
acbb8ca5144ff18f0771e2cca2a7285d x86_64/2006.0/RPMS/lib64xorg-x11-devel-6.9.0-5.5.20060mdk.x86_64.rpm
9b66265d4e68509cfe6ab1a1c47da1a0 x86_64/2006.0/RPMS/lib64xorg-x11-static-devel-6.9.0-5.5.20060mdk.x86_64.rpm
1f422d4db438f8af71d37be16aa31dd8 x86_64/2006.0/RPMS/libxorg-x11-6.9.0-5.5.20060mdk.i586.rpm
567fe8719887e0018da7c0c931b006be x86_64/2006.0/RPMS/libxorg-x11-devel-6.9.0-5.5.20060mdk.i586.rpm
bc6948084d15e2db685570435e6c578f x86_64/2006.0/RPMS/libxorg-x11-static-devel-6.9.0-5.5.20060mdk.i586.rpm
6bae0bca551ee54302f7b02da07bf15f x86_64/2006.0/RPMS/X11R6-contrib-6.9.0-5.5.20060mdk.x86_64.rpm
b2b420a89f9347ca74124f0abe57c522 x86_64/2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.5.20060mdk.x86_64.rpm
f375d21d32bf2d07a94abbfedaac570c x86_64/2006.0/RPMS/xorg-x11-6.9.0-5.5.20060mdk.x86_64.rpm
124ac772e205af0a172cfa8504cf3eb5 x86_64/2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.5.20060mdk.x86_64.rpm
90a65f969a8857564f0f633613b52af3 x86_64/2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.5.20060mdk.x86_64.rpm
61b0387372dc4ed0426037949f02a5d8 x86_64/2006.0/RPMS/xorg-x11-doc-6.9.0-5.5.20060mdk.x86_64.rpm
803854e97100d7f256d9f0b0d701f71d x86_64/2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.5.20060mdk.x86_64.rpm
dc55e788b02ddb008b4e8da1c3fc1f21 x86_64/2006.0/RPMS/xorg-x11-server-6.9.0-5.5.20060mdk.x86_64.rpm
ad63a44856bb360fffff35774c738bfb x86_64/2006.0/RPMS/xorg-x11-xauth-6.9.0-5.5.20060mdk.x86_64.rpm
d0961ffa49b85cbbfc297e321c1bccbb x86_64/2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.5.20060mdk.x86_64.rpm
47ede4df893f6ee7ad53011d51f633fa x86_64/2006.0/RPMS/xorg-x11-xfs-6.9.0-5.5.20060mdk.x86_64.rpm
5d971c554acd6dccaaa6804c7b21c295 x86_64/2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.5.20060mdk.x86_64.rpm
e63a6853f525479bd08489cf4bfef4a0 x86_64/2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.5.20060mdk.x86_64.rpm
2f93fa75efd11814b9c4b40838e1ae6b x86_64/2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.5.20060mdk.x86_64.rpm
5b61c9d922940a39907dc210b866d9b6 x86_64/2006.0/SRPMS/xorg-x11-6.9.0-5.5.20060mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2006:082
http://www.mandriva.com/security/

Package : libtiff
Date : May 3, 2006
Affected: 10.2, 2006.0, Corporate 3.0, Multi Network Firewall 2.0

Problem Description:

Several bugs were discovered in libtiff that can lead to remote Denial of Service attacks. These bugs can only be triggered by a user using an application that uses libtiff to process malformed TIFF images.

The updated packages have been patched to correct these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2120

Updated Packages:

Mandriva Linux 10.2:
08aa5454f03ea0daaf88792f1b28492d 10.2/RPMS/libtiff3-3.6.1-11.3.102mdk.i586.rpm
edca378c1e3a3af275353828c8ba5746 10.2/RPMS/libtiff3-devel-3.6.1-11.3.102mdk.i586.rpm
de9380639ecb80528e12cdfcc9b1f506 10.2/RPMS/libtiff3-static-devel-3.6.1-11.3.102mdk.i586.rpm
6f3f3f8a152efa131e1fb1801452fc2c 10.2/RPMS/libtiff-progs-3.6.1-11.3.102mdk.i586.rpm
c8add100f4b65e0a836f4b224f75fa38 10.2/SRPMS/libtiff-3.6.1-11.3.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
70df79d86316f9935d974d8e13a87b9b x86_64/10.2/RPMS/lib64tiff3-3.6.1-11.3.102mdk.x86_64.rpm
7e514fbb60efb31fdb095a364dab688e x86_64/10.2/RPMS/lib64tiff3-devel-3.6.1-11.3.102mdk.x86_64.rpm
42a6f0ab6296f393c56425650dcb8001 x86_64/10.2/RPMS/lib64tiff3-static-devel-3.6.1-11.3.102mdk.x86_64.rpm
08aa5454f03ea0daaf88792f1b28492d x86_64/10.2/RPMS/libtiff3-3.6.1-11.3.102mdk.i586.rpm
edca378c1e3a3af275353828c8ba5746 x86_64/10.2/RPMS/libtiff3-devel-3.6.1-11.3.102mdk.i586.rpm
de9380639ecb80528e12cdfcc9b1f506 x86_64/10.2/RPMS/libtiff3-static-devel-3.6.1-11.3.102mdk.i586.rpm
cb843af331e738e4366d08c9aa10d254 x86_64/10.2/RPMS/libtiff-progs-3.6.1-11.3.102mdk.x86_64.rpm
c8add100f4b65e0a836f4b224f75fa38 x86_64/10.2/SRPMS/libtiff-3.6.1-11.3.102mdk.src.rpm

Mandriva Linux 2006.0:
b312c637a3f8eaadd3ffef2f16106c61 2006.0/RPMS/libtiff3-3.6.1-12.2.20060mdk.i586.rpm
0c78fe6412dd5d34e3be74f8e64bfcbe 2006.0/RPMS/libtiff3-devel-3.6.1-12.2.20060mdk.i586.rpm
7985656ea5af359dc92d27a8f683511c 2006.0/RPMS/libtiff3-static-devel-3.6.1-12.2.20060mdk.i586.rpm
6c9aad5364d6bbaafe838490c3de4149 2006.0/RPMS/libtiff-progs-3.6.1-12.2.20060mdk.i586.rpm
8ebe45e1b516c5422078bccdc540fb90 2006.0/SRPMS/libtiff-3.6.1-12.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
3741640beefd9ceb2741dd894c00c5e7 x86_64/2006.0/RPMS/lib64tiff3-3.6.1-12.2.20060mdk.x86_64.rpm
630cf4538bd6af1271128b0f842daf06 x86_64/2006.0/RPMS/lib64tiff3-devel-3.6.1-12.2.20060mdk.x86_64.rpm
cdbe7a7912cc50b3e956ed4788cdf340 x86_64/2006.0/RPMS/lib64tiff3-static-devel-3.6.1-12.2.20060mdk.x86_64.rpm
b312c637a3f8eaadd3ffef2f16106c61 x86_64/2006.0/RPMS/libtiff3-3.6.1-12.2.20060mdk.i586.rpm
0c78fe6412dd5d34e3be74f8e64bfcbe x86_64/2006.0/RPMS/libtiff3-devel-3.6.1-12.2.20060mdk.i586.rpm
7985656ea5af359dc92d27a8f683511c x86_64/2006.0/RPMS/libtiff3-static-devel-3.6.1-12.2.20060mdk.i586.rpm
c18a79a99fd471ced4b9915a3f9cd02e x86_64/2006.0/RPMS/libtiff-progs-3.6.1-12.2.20060mdk.x86_64.rpm
8ebe45e1b516c5422078bccdc540fb90 x86_64/2006.0/SRPMS/libtiff-3.6.1-12.2.20060mdk.src.rpm

Corporate 3.0:
5b1cab786292da88043f192f544711d4 corporate/3.0/RPMS/libtiff3-3.5.7-11.9.C30mdk.i586.rpm
07778376fbe909b72f11c72408802fce corporate/3.0/RPMS/libtiff3-devel-3.5.7-11.9.C30mdk.i586.rpm
2ce6f04f2ceb4e0c116b7f7a286b12e8 corporate/3.0/RPMS/libtiff3-static-devel-3.5.7-11.9.C30mdk.i586.rpm
d070d7982ab041207bb3cbed78cdfedf corporate/3.0/RPMS/libtiff-progs-3.5.7-11.9.C30mdk.i586.rpm
b1d24c6cf07a8af24f162554bc891678 corporate/3.0/SRPMS/libtiff-3.5.7-11.9.C30mdk.src.rpm

Corporate 3.0/X86_64:
28e50e45ffbd233c2613455e5e128bae x86_64/corporate/3.0/RPMS/lib64tiff3-3.5.7-11.9.C30mdk.x86_64.rpm
e43553c5fe9b72c12ba5538b4f5cae9a x86_64/corporate/3.0/RPMS/lib64tiff3-devel-3.5.7-11.9.C30mdk.x86_64.rpm
160b42be0ce2429fd6d14fca71d193a2 x86_64/corporate/3.0/RPMS/lib64tiff3-static-devel-3.5.7-11.9.C30mdk.x86_64.rpm
5b1cab786292da88043f192f544711d4 x86_64/corporate/3.0/RPMS/libtiff3-3.5.7-11.9.C30mdk.i586.rpm
2e301111d4c1920dfb9a83324492bec7 x86_64/corporate/3.0/RPMS/libtiff-progs-3.5.7-11.9.C30mdk.x86_64.rpm
b1d24c6cf07a8af24f162554bc891678 x86_64/corporate/3.0/SRPMS/libtiff-3.5.7-11.9.C30mdk.src.rpm

Multi Network Firewall 2.0:
7f6bd8706a7b6ffc36649aad2f4e199d mnf/2.0/RPMS/libtiff3-3.5.7-11.9.M20mdk.i586.rpm
320c31cfb0f44f1d3b43baf8f486e260 mnf/2.0/SRPMS/libtiff-3.5.7-11.9.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Red Hat Linux

Red Hat Security Advisory

Synopsis: Moderate: dia security update
Advisory ID: RHSA-2006:0280-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0280.html
Issue date: 2006-05-03
Updated on: 2006-05-03
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-1550

1. Summary:

An updated Dia package that fixes several buffer overflow bugs are now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

3. Problem description:

The Dia drawing program is designed to draw various types of diagrams.

infamous41md discovered three buffer overflow bugs in Dia's xfig file format importer. If an attacker is able to trick a Dia user into opening a carefully crafted xfig file, it may be possible to execute arbitrary code as the user running Dia. (CVE-2006-1550)

Users of Dia should update to these erratum packages, which contain backported patches and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

187401 - CVE-2006-1550 Dia multiple buffer overflows

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/dia-0.88.1-3.3.src.rpm
a2bcfd1db5b67912d03cc8377d0efa4e dia-0.88.1-3.3.src.rpm

i386:
3a1e3f98594ec1039dbcc4055d2d6426 dia-0.88.1-3.3.i386.rpm

ia64:
f0fc2b254fcabcf6aa4e8e0ea94f02f9 dia-0.88.1-3.3.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/dia-0.88.1-3.3.src.rpm
a2bcfd1db5b67912d03cc8377d0efa4e dia-0.88.1-3.3.src.rpm

ia64:
f0fc2b254fcabcf6aa4e8e0ea94f02f9 dia-0.88.1-3.3.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/dia-0.88.1-3.3.src.rpm
a2bcfd1db5b67912d03cc8377d0efa4e dia-0.88.1-3.3.src.rpm

i386:
3a1e3f98594ec1039dbcc4055d2d6426 dia-0.88.1-3.3.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/dia-0.88.1-3.3.src.rpm
a2bcfd1db5b67912d03cc8377d0efa4e dia-0.88.1-3.3.src.rpm

i386:
3a1e3f98594ec1039dbcc4055d2d6426 dia-0.88.1-3.3.i386.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/dia-0.94-5.4.src.rpm
97d5aaa13d19483c21cbc329dc00001b dia-0.94-5.4.src.rpm

i386:
6ee8860a0ba1fb695198f9562f422473 dia-0.94-5.4.i386.rpm
04f3ac7cb40626b4836dfd4a45135276 dia-debuginfo-0.94-5.4.i386.rpm

ia64:
03205912eecd5ae3f2d65f91769593a3 dia-0.94-5.4.ia64.rpm
e572ed6ba3b0d936cc38c0de14ebae88 dia-debuginfo-0.94-5.4.ia64.rpm

ppc:
af35c1218f2bede5aa806b8a335b2715 dia-0.94-5.4.ppc.rpm
e93f1a08b58a636e8e55a538776d2d52 dia-debuginfo-0.94-5.4.ppc.rpm

s390:
c59cce80c5e6b5a3f0564abe61098156 dia-0.94-5.4.s390.rpm
03159e17a741914c405d88ae6b5dea43 dia-debuginfo-0.94-5.4.s390.rpm

s390x:
25656c7e6ab95af3f159bd25f8002627 dia-0.94-5.4.s390x.rpm
82df44848401aa6fcb162b3a874aff55 dia-debuginfo-0.94-5.4.s390x.rpm

x86_64:
3fac8491faa94d85be7b13e9d16ad1fb dia-0.94-5.4.x86_64.rpm
3e41ac343a6fcb2c589863020ecbe139 dia-debuginfo-0.94-5.4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/dia-0.94-5.4.src.rpm
97d5aaa13d19483c21cbc329dc00001b dia-0.94-5.4.src.rpm

i386:
6ee8860a0ba1fb695198f9562f422473 dia-0.94-5.4.i386.rpm
04f3ac7cb40626b4836dfd4a45135276 dia-debuginfo-0.94-5.4.i386.rpm

x86_64:
3fac8491faa94d85be7b13e9d16ad1fb dia-0.94-5.4.x86_64.rpm
3e41ac343a6fcb2c589863020ecbe139 dia-debuginfo-0.94-5.4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/dia-0.94-5.4.src.rpm
97d5aaa13d19483c21cbc329dc00001b dia-0.94-5.4.src.rpm

i386:
6ee8860a0ba1fb695198f9562f422473 dia-0.94-5.4.i386.rpm
04f3ac7cb40626b4836dfd4a45135276 dia-debuginfo-0.94-5.4.i386.rpm

ia64:
03205912eecd5ae3f2d65f91769593a3 dia-0.94-5.4.ia64.rpm
e572ed6ba3b0d936cc38c0de14ebae88 dia-debuginfo-0.94-5.4.ia64.rpm

x86_64:
3fac8491faa94d85be7b13e9d16ad1fb dia-0.94-5.4.x86_64.rpm
3e41ac343a6fcb2c589863020ecbe139 dia-debuginfo-0.94-5.4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/dia-0.94-5.4.src.rpm
97d5aaa13d19483c21cbc329dc00001b dia-0.94-5.4.src.rpm

i386:
6ee8860a0ba1fb695198f9562f422473 dia-0.94-5.4.i386.rpm
04f3ac7cb40626b4836dfd4a45135276 dia-debuginfo-0.94-5.4.i386.rpm

ia64:
03205912eecd5ae3f2d65f91769593a3 dia-0.94-5.4.ia64.rpm
e572ed6ba3b0d936cc38c0de14ebae88 dia-debuginfo-0.94-5.4.ia64.rpm

x86_64:
3fac8491faa94d85be7b13e9d16ad1fb dia-0.94-5.4.x86_64.rpm
3e41ac343a6fcb2c589863020ecbe139 dia-debuginfo-0.94-5.4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1550
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Red Hat Security Advisory

Synopsis: Moderate: squirrelmail security update
Advisory ID: RHSA-2006:0283-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0283.html
Issue date: 2006-05-03
Updated on: 2006-05-03
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-0188 CVE-2006-0195 CVE-2006-0377

1. Summary:

An updated squirrelmail package that fixes three security and many other bug issues is now available. This update contains bug fixes of upstream squirrelmail 1.4.6 with some additional improvements to international language support.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - noarch
Red Hat Desktop version 3 - noarch
Red Hat Enterprise Linux ES version 3 - noarch
Red Hat Enterprise Linux WS version 3 - noarch
Red Hat Enterprise Linux AS version 4 - noarch
Red Hat Enterprise Linux Desktop version 4 - noarch
Red Hat Enterprise Linux ES version 4 - noarch
Red Hat Enterprise Linux WS version 4 - noarch

3. Problem description:

SquirrelMail is a standards-based webmail package written in PHP4.

A bug was found in the way SquirrelMail presents the right frame to the user. If a user can be tricked into opening a carefully crafted URL, it is possible to present the user with arbitrary HTML data. (CVE-2006-0188)

A bug was found in the way SquirrelMail filters incoming HTML email. It is possible to cause a victim's web browser to request remote content by opening a HTML email while running a web browser that processes certain types of invalid style sheets. Only Internet Explorer is known to process such malformed style sheets. (CVE-2006-0195)

A bug was found in the way SquirrelMail processes a request to select an IMAP mailbox. If a user can be tricked into opening a carefully crafted URL, it is possible to execute arbitrary IMAP commands as the user viewing their mail with SquirrelMail. (CVE-2006-0377)

Users of SquirrelMail are advised to upgrade to this updated package, which contains SquirrelMail version 1.4.6 and is not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

182579 - CVE-2006-0188 Possible XSS through right_frame parameter in webmail.php
182581 - CVE-2006-0195 Possible XSS in MagicHTML (IE only)
182584 - CVE-2006-0377 IMAP injection in sqimap_mailbox_select mailbox parameter

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/squirrelmail-1.4.6-5.el3.src.rpm
1fe10ab0c6fc8f80035d1cf309047f90 squirrelmail-1.4.6-5.el3.src.rpm

noarch:
248e27d4444f0325d0147d4182d578b6 squirrelmail-1.4.6-5.el3.noarch.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/squirrelmail-1.4.6-5.el3.src.rpm
1fe10ab0c6fc8f80035d1cf309047f90 squirrelmail-1.4.6-5.el3.src.rpm

noarch:
248e27d4444f0325d0147d4182d578b6 squirrelmail-1.4.6-5.el3.noarch.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/squirrelmail-1.4.6-5.el3.src.rpm
1fe10ab0c6fc8f80035d1cf309047f90 squirrelmail-1.4.6-5.el3.src.rpm

noarch:
248e27d4444f0325d0147d4182d578b6 squirrelmail-1.4.6-5.el3.noarch.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/squirrelmail-1.4.6-5.el3.src.rpm
1fe10ab0c6fc8f80035d1cf309047f90 squirrelmail-1.4.6-5.el3.src.rpm

noarch:
248e27d4444f0325d0147d4182d578b6 squirrelmail-1.4.6-5.el3.noarch.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/squirrelmail-1.4.6-5.el4.src.rpm
c8163c92c42c98ce77fae36cf84e1f52 squirrelmail-1.4.6-5.el4.src.rpm

noarch:
8552e96fa6ebb15ae9e033115b8f0fc3 squirrelmail-1.4.6-5.el4.noarch.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/squirrelmail-1.4.6-5.el4.src.rpm
c8163c92c42c98ce77fae36cf84e1f52 squirrelmail-1.4.6-5.el4.src.rpm

noarch:
8552e96fa6ebb15ae9e033115b8f0fc3 squirrelmail-1.4.6-5.el4.noarch.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/squirrelmail-1.4.6-5.el4.src.rpm
c8163c92c42c98ce77fae36cf84e1f52 squirrelmail-1.4.6-5.el4.src.rpm

noarch:
8552e96fa6ebb15ae9e033115b8f0fc3 squirrelmail-1.4.6-5.el4.noarch.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/squirrelmail-1.4.6-5.el4.src.rpm
c8163c92c42c98ce77fae36cf84e1f52 squirrelmail-1.4.6-5.el4.src.rpm

noarch:
8552e96fa6ebb15ae9e033115b8f0fc3 squirrelmail-1.4.6-5.el4.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0377
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Red Hat Security Advisory

Synopsis: Moderate: ethereal security update
Advisory ID: RHSA-2006:0420-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0420.html
Issue date: 2006-05-03
Updated on: 2006-05-03
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-1932 CVE-2006-1933 CVE-2006-1934 CVE-2006-1935 CVE-2006-1936 CVE-2006-1937 CVE-2006-1938 CVE-2006-1939 CVE-2006-1940

1. Summary:

Updated Ethereal packages that fix various security vulnerabilities are now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Ethereal is a program for monitoring network traffic.

Several denial of service bugs were found in Ethereal's protocol dissectors. Ethereal could crash or stop responding if it reads a malformed packet off the network. (CVE-2006-1932, CVE-2006-1933, CVE-2006-1937, CVE-2006-1938, CVE-2006-1939, CVE-2006-1940)

Several buffer overflow bugs were found in Ethereal's COPS, telnet, and ALCAP dissectors as well as Network Instruments file code and NetXray/Windows Sniffer file code. Ethereal could crash or execute arbitrary code if it reads a malformed packet off the network. (CVE-2006-1934, CVE-2006-1935, CVE-2006-1936)

Users of ethereal should upgrade to these updated packages containing version 0.99.0, which is not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

189906 - CVE-2006-1932 Multiple ethereal issues (CVE-2006-1933, CVE-2006-1934, CVE-2006-1935, CVE-2006-1936, CVE-2006-1937, CVE-2006-1938, CVE-2006-1939, CVE-2006-1940)

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/ethereal-0.99.0-AS21.2.src.rpm
b5455c25efc4a410310c0c085c00b706 ethereal-0.99.0-AS21.2.src.rpm

i386:
4567c68e42a3e12b1db52450c4ef774f ethereal-0.99.0-AS21.2.i386.rpm
960c7259c6f670a2e0b1313a62e66230 ethereal-gnome-0.99.0-AS21.2.i386.rpm

ia64:
2c7cf48fd665437ca174ab1691c3e001 ethereal-0.99.0-AS21.2.ia64.rpm
8d9ece756ff3abe8fc079addaabf8026 ethereal-gnome-0.99.0-AS21.2.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/ethereal-0.99.0-AS21.2.src.rpm
b5455c25efc4a410310c0c085c00b706 ethereal-0.99.0-AS21.2.src.rpm

ia64:
2c7cf48fd665437ca174ab1691c3e001 ethereal-0.99.0-AS21.2.ia64.rpm
8d9ece756ff3abe8fc079addaabf8026 ethereal-gnome-0.99.0-AS21.2.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/ethereal-0.99.0-AS21.2.src.rpm
b5455c25efc4a410310c0c085c00b706 ethereal-0.99.0-AS21.2.src.rpm

i386:
4567c68e42a3e12b1db52450c4ef774f ethereal-0.99.0-AS21.2.i386.rpm
960c7259c6f670a2e0b1313a62e66230 ethereal-gnome-0.99.0-AS21.2.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/ethereal-0.99.0-AS21.2.src.rpm
b5455c25efc4a410310c0c085c00b706 ethereal-0.99.0-AS21.2.src.rpm

i386:
4567c68e42a3e12b1db52450c4ef774f ethereal-0.99.0-AS21.2.i386.rpm
960c7259c6f670a2e0b1313a62e66230 ethereal-gnome-0.99.0-AS21.2.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/ethereal-0.99.0-EL3.2.src.rpm
e906f4a6af6daa5097657281addd8ae6 ethereal-0.99.0-EL3.2.src.rpm

i386:
5eb5b51532d13f0c7116154ee2a41830 ethereal-0.99.0-EL3.2.i386.rpm
75d5926d345bf264d58752acf75b5dfe ethereal-debuginfo-0.99.0-EL3.2.i386.rpm
dec7d4558104ee04721b12b52371edb2 ethereal-gnome-0.99.0-EL3.2.i386.rpm

ia64:
5153ded0c31c46c5cf40cad68f639e26 ethereal-0.99.0-EL3.2.ia64.rpm
0471283519223fa3b275ed3d0c7534b9 ethereal-debuginfo-0.99.0-EL3.2.ia64.rpm
0cea4366de8984b618983029774c0d5d ethereal-gnome-0.99.0-EL3.2.ia64.rpm

ppc:
c9ff55fa2e166a05c5c7f3428bb5e891 ethereal-0.99.0-EL3.2.ppc.rpm
764bba0ccea009a3c547cce70ecf411d ethereal-debuginfo-0.99.0-EL3.2.ppc.rpm
ebd68ade788dab1fb3d27c81f7580d14 ethereal-gnome-0.99.0-EL3.2.ppc.rpm

s390:
a08608a5c614f563f50b550d57a957db ethereal-0.99.0-EL3.2.s390.rpm
523295b0c60d6f6504ab4c46f7976afb ethereal-debuginfo-0.99.0-EL3.2.s390.rpm
a377e876c9cf40432a0a1187c426554e ethereal-gnome-0.99.0-EL3.2.s390.rpm

s390x:
e9b06433b7f4d008c73ee81538d6d25f ethereal-0.99.0-EL3.2.s390x.rpm
c97aad0a50408f55976301b2d71280a1 ethereal-debuginfo-0.99.0-EL3.2.s390x.rpm
88aa3cffd429159bdc626b70d035d538 ethereal-gnome-0.99.0-EL3.2.s390x.rpm

x86_64:
309c8d38e5d4e93f249334042280cea4 ethereal-0.99.0-EL3.2.x86_64.rpm
ff1d9ed2ded34799c437d3bb26ca0fb7 ethereal-debuginfo-0.99.0-EL3.2.x86_64.rpm
8449be413e04b25fd845f24e22296e32 ethereal-gnome-0.99.0-EL3.2.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/ethereal-0.99.0-EL3.2.src.rpm
e906f4a6af6daa5097657281addd8ae6 ethereal-0.99.0-EL3.2.src.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/ethereal-0.99.0-EL3.2.src.rpm
e906f4a6af6daa5097657281addd8ae6 ethereal-0.99.0-EL3.2.src.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/ethereal-0.99.0-EL3.2.src.rpm
e906f4a6af6daa5097657281addd8ae6 ethereal-0.99.0-EL3.2.src.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/ethereal-0.99.0-EL4.2.src.rpm
11c84a1dffe6e776982f1894ec5cf408 ethereal-0.99.0-EL4.2.src.rpm

i386:
0e681119d0612fde2ba2eba5c37d48a5 ethereal-0.99.0-EL4.2.i386.rpm
d007c48bfaa674ec6a0b08c91fa773a7 ethereal-debuginfo-0.99.0-EL4.2.i386.rpm
edfe88be11e00c7bab18e67d8532eccb ethereal-gnome-0.99.0-EL4.2.i386.rpm

ia64:
728dc11278e78320d26696c253168d4b ethereal-0.99.0-EL4.2.ia64.rpm
80a07e377c6c925028ae22f6a6a9416c ethereal-debuginfo-0.99.0-EL4.2.ia64.rpm
8059bb8d6f03b25f01293cf60804c57e ethereal-gnome-0.99.0-EL4.2.ia64.rpm

ppc:
39c0e6dfa0ccaef541145abcd22450e6 ethereal-0.99.0-EL4.2.ppc.rpm
b89d4cc27c7e1de7cbd93c59e89f1ae3 ethereal-debuginfo-0.99.0-EL4.2.ppc.rpm
205a0abde7810f83121dad614bf552ae ethereal-gnome-0.99.0-EL4.2.ppc.rpm

s390:
a42541a4898353df730628e4ca12574b ethereal-0.99.0-EL4.2.s390.rpm
c4b6c5f1ad245c32011ebcb7704c82eb ethereal-debuginfo-0.99.0-EL4.2.s390.rpm
56a5a8f29f450100af22588c098b9e4f ethereal-gnome-0.99.0-EL4.2.s390.rpm

s390x:
005c36983735d8ea5efebd53f40819e8 ethereal-0.99.0-EL4.2.s390x.rpm
d62b01a26b31ac7d583e2bf3deb3f86b ethereal-debuginfo-0.99.0-EL4.2.s390x.rpm
dcb5432d4b10df325781a5d7285fa9b4 ethereal-gnome-0.99.0-EL4.2.s390x.rpm

x86_64:
5ebe9b3c26db1f789d9ca53a11be3fdb ethereal-0.99.0-EL4.2.x86_64.rpm
37a665b1f8bf7b8787238aa55f33713a ethereal-debuginfo-0.99.0-EL4.2.x86_64.rpm
f881c98450c85c7d7cf29cf5f2c38bf9 ethereal-gnome-0.99.0-EL4.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/ethereal-0.99.0-EL4.2.src.rpm
11c84a1dffe6e776982f1894ec5cf408 ethereal-0.99.0-EL4.2.src.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/ethereal-0.99.0-EL4.2.src.rpm
11c84a1dffe6e776982f1894ec5cf408 ethereal-0.99.0-EL4.2.src.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/ethereal-0.99.0-EL4.2.src.rpm
11c84a1dffe6e776982f1894ec5cf408 ethereal-0.99.0-EL4.2.src.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Slackware Linux

[slackware-security] xorg server overflow (SSA:2006-123-01)

New xorg and xorg-devel packages are available for Slackware 10.1, 10.2, and -current to fix a security issue. A typo in the X render extension in X.Org 6.8.0 or later allows an X client to crash the server and possibly to execute arbitrary code as the X server user (typically this is "root".)

More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1526

The advisory from X.Org may be found here:

http://lists.freedesktop.org/archives/xorg/2006-May/015136.html

Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/x11-6.8.2-i486-5.tgz:
Patched with x11r6.9.0-mitri.diff and recompiled.
A typo in the X render extension allows an X client to crash the server
and possibly to execute arbitrary code as the X server user (typically
this is "root".)
The CVE entry for this issue may be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1526
The advisory from X.Org may be found here:
http://lists.freedesktop.org/archives/xorg/2006-May/015136.html
(* Security fix *)
patches/packages/x11-devel-6.8.2-i486-5.tgz:
Patched and recompiled libXrender.
(* Security fix *)
+--------------------------+

Where to find the new packages:

Updated packages for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/x11-6.8.1-i486-5.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/x11-devel-6.8.1-i486-5.tgz

Updated packages for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-6.8.2-i486-5.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/x11-devel-6.8.2-i486-5.tgz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/x11-6.9.0-i486-4.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/x11-devel-6.9.0-i486-4.tgz

MD5 signatures:

Slackware 10.1 packages:
0adae00722f78242961ebdd8e874a97e x11-6.8.1-i486-5.tgz
7e1072009150f2d02bb958fdbf8920ed x11-devel-6.8.1-i486-5.tgz

Slackware 10.2 packages:
95a228488f09978c4a3468fb027a49c8 x11-6.8.2-i486-5.tgz
86f2fe06649b2d120f8f0fb1ad76f341 x11-devel-6.8.2-i486-5.tgz

Slackware -current packages:
2aa5db26d003137c01d2688e644d0b9d x11-6.9.0-i486-4.tgz
39b4feb60a97e79100962ebec50d9208 x11-devel-6.9.0-i486-4.tgz

Installation instructions:

Upgrade the packages as root:
# upgradepkg x11-6.8.2-i486-5.tgz x11-devel-6.8.2-i486-5.tgz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

SUSE Linux

SUSE Security Announcement

Package: xorg-x11-server
Announcement ID: SUSE-SA:2006:023
Date: Wed, 03 May 2006 10:00:00 +0000
Affected Products: SUSE LINUX 10.0 SUSE LINUX 9.3 SUSE LINUX 9.2
Vulnerability Type: local privilege escalation
Severity (1-10): 7
SUSE Default Package: yes
Cross-References: CVE-2006-1526

Content of This Advisory:

Security Vulnerability Resolved: Buffer overflow in the X.Org X11 server Problem Description
Solution or Work-Around
Special Instructions and Notes
Package Location and Checksums
Pending Vulnerabilities, Solutions, and Work-Arounds:
- See SUSE Security Summary Report
Authenticity Verification and Additional Information

1) Problem Description and Brief Discussion

Miscalculation of a buffer size in the X Render extension of the X.Org X11 server could potentially be exploited by users to cause a buffer overflow and run code with elevated privileges.

2) Solution or Work-Around

There is no known workaround, please install the update packages.

3) Special Instructions and Notes

Please restart the X server by logging out or rebooting after the update.

4) Package Location and Checksums

The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command

rpm -Fhv <file.rpm>

to apply the update, replacing <file.rpm> with the filename of the downloaded RPM package.

x86 Platform:

SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xorg-x11-server-6.8.2-100.5.i586.rpm 44c3b8dcb2b6a402d76364fd1d93494c

SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/xorg-x11-server-6.8.2-30.5.i586.rpm f741187e9f45443f6da22f6c581eb2a9

SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/xorg-x11-server-6.8.1-15.10.i586.rpm 4809ccda14af35911d03d58cca61d734

Power PC Platform:

SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/xorg-x11-server-6.8.2-100.5.ppc.rpm 0cb1e49e97ad623163649b8dd7052032

x86-64 Platform:

SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xorg-x11-server-6.8.2-100.5.x86_64.rpm fc09f74f782b734692934b74cf7f0da5

SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/xorg-x11-server-6.8.2-30.5.x86_64.rpm 1ee01c4d810ebf997caf767390ca1743

SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/xorg-x11-server-6.8.1-15.10.x86_64.rpm db7c539b47dd0cbd0d190a5c587a2d09

5) Pending Vulnerabilities, Solutions, and Work-Arounds:

See SUSE Security Summary Report

6) Authenticity Verification and Additional Information

Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file and run the command
gpg --verify <file>
replacing <file> with the name of the file where you saved the announcement. The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team <security@suse.de>"

where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with.
There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package:
1. Using the internal gpg signatures of the rpm package
2. MD5 checksums as provided in this announcement
1. The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command
  rpm -v --checksig <file.rpm>
  to verify the signature of the package, replacing <file.rpm> with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement.
2. If you need an alternative means of verification, use the md5sum
  command to verify the authenticity of the packages. Execute the command
  md5sum <filename.rpm>
  after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security@suse.de), the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified.
SUSE runs two security mailing lists to which any interested party may subscribe:
suse-security@suse.com
General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list. To subscribe, send an e-mail to
<suse-security-subscribe@suse.com>.
suse-security-announce@suse.com
SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to
<suse-security-announce-subscribe@suse.com>.

For general information or the frequently asked questions (FAQ), send mail to <suse-security-info@suse.com> or <suse-security-faq@suse.com>.

SUSE's security contact is <security@suse.com> or <security@suse.de>.
The <security@suse.de> public key is listed below.

The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text.

SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory.

Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>

Ubuntu Linux

Ubuntu Security Notice USN-276-1 May 03, 2006
mozilla-thunderbird vulnerabilities
CVE-2006-0292, CVE-2006-0296, CVE-2006-0748, CVE-2006-0749, CVE-2006-0884, CVE-2006-1045, CVE-2006-1727, CVE-2006-1728, CVE-2006-1730, CVE-2006-1731, CVE-2006-1732, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1741, CVE-2006-1742, CVE-2006-1790

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

mozilla-thunderbird

The problem can be corrected by upgrading the affected package to version 1.0.8-0ubuntu05.04 (for Ubuntu 5.04) or 1.0.8-0ubuntu05.10.1 (for Ubuntu 5.10). After a standard system upgrade you need to restart Thunderbird to effect the necessary changes.

Details follow:

Igor Bukanov discovered that the JavaScript engine did not properly declare some temporary variables. Under some rare circumstances, a malicious mail with embedded JavaScript could exploit this to execute arbitrary code with the privileges of the user. (CVE-2006-0292, CVE-2006-1742)

The function XULDocument.persist() did not sufficiently validate the names of attributes. An attacker could exploit this to inject arbitrary XML code into the file 'localstore.rdf', which is read and evaluated at startup. This could include JavaScript commands that would be run with the user's privileges. (CVE-2006-0296)

Due to a flaw in the HTML tag parser a specific sequence of HTML tags caused memory corruption. A malicious HTML email could exploit this to crash the browser or even execute arbitrary code with the user's privileges. (CVE-2006-0748)

An invalid ordering of table-related tags caused Thunderbird to use a negative array index. A malicious HTML email could exploit this to execute arbitrary code with the privileges of the user. (CVE-2006-0749)

Georgi Guninski discovered that forwarding mail in-line while using the default HTML "rich mail" editor executed JavaScript embedded in the email message. Forwarding mail in-line is not the default setting but it is easily accessed through the "Forward As" menu item. (CVE-2006-0884)

As a privacy measure to prevent senders (primarily spammers) from tracking when email is read Thunderbird does not load remote content referenced from an HTML mail message until a user tells it to do so. This normally includes the content of frames and CSS files. It was discovered that it was possible to bypass this restriction by indirectly including remote content through an intermediate inline CSS script or frame. (CVE-2006-1045)

Georgi Guninski discovered that embedded XBL scripts could escalate their (normally reduced) privileges to get full privileges of the user if the email is viewed with "Print Preview". (CVE-2006-1727)

The crypto.generateCRMFRequest() function had a flaw which could be exploited to run arbitrary code with the user's privileges. (CVE-2006-1728)

An integer overflow was detected in the handling of the CSS property "letter-spacing". A malicious HTML email could exploit this to run arbitrary code with the user's privileges. (CVE-2006-1730)

The methods valueOf.call() and .valueOf.apply() returned an object whose privileges were not properly confined to those of the caller, which made them vulnerable to cross-site scripting attacks. A malicious email with embedded JavaScript code could exploit this to modify the contents or steal confidential data (such as passwords) from other opened web pages. (CVE-2006-1731) The window.controllers array variable (CVE-2006-1732) and event handlers (CVE-2006-1741) were vulnerable to a similar attack.

The privileged built-in XBL bindings were not fully protected from web content and could be accessed by calling valueOf.call() and valueOf.apply() on a method of that binding. A malicious email could exploit this to run arbitrary JavaScript code with the user's privileges. (CVE-2006-1733)

It was possible to use the Object.watch() method to access an internal function object (the "clone parent"). A malicious email containing JavaScript code could exploit this to execute arbitrary code with the user's privileges. (CVE-2006-1734)

By calling the XBL.method.eval/() method in a special way it was possible to create JavaScript functions that would get compiled with the wrong privileges. A malicious email could exploit this to execute arbitrary JavaScript code with the user's privileges. (CVE-2006-1735)

Several crashes have been fixed which could be triggered by specially crafted HTML content and involve memory corruption. These could potentially be exploited to execute arbitrary code with the user's privileges. (CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790)

The "enigmail" plugin has been updated to work with the new Thunderbird and Mozilla versions.

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.04.diff.gz
      Size/MD5: 76623 e2c82d7f468caa965e5621ad18b77a69
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.04.dsc
      Size/MD5: 942 4931c6ed9945f46bad16162d90837282
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8.orig.tar.gz
      Size/MD5: 32849510 ae345f1b722d8f3a977af4fd358d27b0
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92.1-0ubuntu05.04.1.diff.gz
      Size/MD5: 16967 0d21f085cb14cc87f8dd2d3e1f066c00
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92.1-0ubuntu05.04.1.dsc
      Size/MD5: 900 e90119b58ffbc055a79dbf8c27974890
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92.1.orig.tar.gz
      Size/MD5: 2041938 5225bb1b406e9242c38cf9ac6c3d6dd0

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.8-0ubuntu05.04_amd64.deb
      Size/MD5: 3346316 4838ce489a4512185c2e8619c36803af
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.8-0ubuntu05.04_amd64.deb
      Size/MD5: 144566 5e8664ddac5eb2d360dfe7cf5693b5ca
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.8-0ubuntu05.04_amd64.deb
      Size/MD5: 27052 8ee5b7fa38567d6b56b94263c6b214ae
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.8-0ubuntu05.04_amd64.deb
      Size/MD5: 82044 33b3f22708c85cfe4afc45d6309b7a39
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.04_amd64.deb
      Size/MD5: 11955310 6816901f94b36fe12c17a5e77a91cdd1
    http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92.1-0ubuntu05.04.1_amd64.deb
      Size/MD5: 327162 ae60497d3d11bc53d6844a7e6b54b2fc
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92.1-0ubuntu05.04.1_amd64.deb
      Size/MD5: 333180 7d3b0e50d3d274f341502cb447983794

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.8-0ubuntu05.04_i386.deb
      Size/MD5: 3339820 40cfb23ff33a24a1e002e5ae6e319a55
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.8-0ubuntu05.04_i386.deb
      Size/MD5: 139624 5a3929b65c1e9384ca953f6f28f86991
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.8-0ubuntu05.04_i386.deb
      Size/MD5: 27040 ee1123d1e2bb0b46a7212679de65ccd6
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.8-0ubuntu05.04_i386.deb
      Size/MD5: 79778 84622dd3db2690375b0e073448841e91
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.04_i386.deb
      Size/MD5: 10906934 55712d19a5b6cb3806b13fc465ad60b4
    http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92.1-0ubuntu05.04.1_i386.deb
      Size/MD5: 310964 0f4d71ae7dc7b613cde1e1759fa29dbb
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92.1-0ubuntu05.04.1_i386.deb
      Size/MD5: 318594 78b3bcfa57d384908226868b1ad426ce

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.8-0ubuntu05.04_powerpc.deb
      Size/MD5: 3335256 c56ffb4e645d66c08e7102b12fe18c83
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.8-0ubuntu05.04_powerpc.deb
      Size/MD5: 138410 107186f5ec6c4048a4bc8ebd510abfa5
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.8-0ubuntu05.04_powerpc.deb
      Size/MD5: 27044 7587ace6fd17ffb10799c5b7546e8262
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.8-0ubuntu05.04_powerpc.deb
      Size/MD5: 73992 5c50490392e962e7d5e21fa1d1ef6c4d
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.04_powerpc.deb
      Size/MD5: 10449994 1787f118606df90c056107248d39e98f
    http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92.1-0ubuntu05.04.1_powerpc.deb
      Size/MD5: 313234 83451690ecff28aa21b302659ab67e3a
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92.1-0ubuntu05.04.1_powerpc.deb
      Size/MD5: 320344 bd8cacb157b0391f95e47b7f55049ad9

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.10.1.diff.gz
      Size/MD5: 78589 a81e704914bb097722eef1eb1951bbd0
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.10.1.dsc
      Size/MD5: 918 c30bd87fbee4cd0f0c3ab1e1a549f210
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8.orig.tar.gz
      Size/MD5: 32849510 ae345f1b722d8f3a977af4fd358d27b0
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92.1-0ubuntu05.10.1.diff.gz
      Size/MD5: 16998 45dd732ea8a6e94cc72329cb5fd8abfd
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92.1-0ubuntu05.10.1.dsc
      Size/MD5: 866 88c6273adbf2f0bf648aae9d919529dd
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/enigmail_0.92.1.orig.tar.gz
      Size/MD5: 2041938 5225bb1b406e9242c38cf9ac6c3d6dd0

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.8-0ubuntu05.10.1_amd64.deb
      Size/MD5: 3293534 a5466ae79562b66ab65516bd786cc4c1
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.8-0ubuntu05.10.1_amd64.deb
      Size/MD5: 146062 85510c5277f233cf543bb24629cf2791
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.8-0ubuntu05.10.1_amd64.deb
      Size/MD5: 27556 1ed57f5b19fffaa589f2c63cc38b8d34
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.8-0ubuntu05.10.1_amd64.deb
      Size/MD5: 85568 4ef141fb9d6cfe98cc3596c4fd0be89b
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.10.1_amd64.deb
      Size/MD5: 11976142 a69cb1d98a768049462499b178f5a99f
    http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92.1-0ubuntu05.10.1_amd64.deb
      Size/MD5: 328698 a8b8a3c072d452f9574c956de3a8805e
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92.1-0ubuntu05.10.1_amd64.deb
      Size/MD5: 334412 5338fb2503077e60e317a7555640aef7

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.8-0ubuntu05.10.1_i386.deb
      Size/MD5: 3287228 96f7b87993b15341908028905fc93679
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.8-0ubuntu05.10.1_i386.deb
      Size/MD5: 139624 b268fad24d8c35ed9a05c9c97e01bb5e
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.8-0ubuntu05.10.1_i386.deb
      Size/MD5: 27552 a38be0266866af883b525a50d8672ac3
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.8-0ubuntu05.10.1_i386.deb
      Size/MD5: 76942 1e2b0b0163b12d52af2881720978ca7d
    http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.8-0ubuntu05.10.1_i386.deb
      Size/MD5: 10374514 32e541a406bed650de919d15f089a3aa
    http://security.ubuntu.com/ubuntu/pool/universe/e/enigmail/mozilla-enigmail_0.92.1-0ubuntu05.10.1_i386.deb
      Size/MD5: 311056 4d8ecdff00ada64fde35baa64c6362a5
    http://security.ubuntu.com/ubuntu/pool/main/e/enigmail/mozilla-thunderbird-enigmail_0.92.1-0ubuntu05.10.1_i386.deb
      Size/MD5: 318578 4fb5630d72f0442a33554ca364b6cede

powerpc architecture (Apple Macintosh G3/G4/G5)

Ubuntu Security Notice USN-277-1 May 03, 2006
tiff vulnerabilities
CVE-2006-2024, CVE-2006-2025, CVE-2006-2026, CVE-2006-2120

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libtiff4

The problem can be corrected by upgrading the affected package to version 3.6.1-5ubuntu0.3 (for Ubuntu 5.04), or 3.7.3-1ubuntu1.1 (for Ubuntu 5.10). After a standard system upgrade you need to reboot your computer to effect the necessary changes, since this library is used by many client and server applications.

Details follow:

Tavis Ormandy and Andrey Kiselev discovered that libtiff did not sufficiently verify the validity of TIFF files. By tricking an user into opening a specially crafted TIFF file with any application that uses libtiff, an attacker could exploit this to crash the application or even execute arbitrary code with the application's privileges.

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.3.diff.gz
      Size/MD5: 25844 bf3bb894195ad17e5c860daf0b52e1ce
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.3.dsc
      Size/MD5: 681 7ca48c0c729b1ed1eaf448c8f25f3fd9
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1.orig.tar.gz
      Size/MD5: 848760 bd252167a20ac7910ab3bd2b3ee9e955

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.3_amd64.deb
      Size/MD5: 172968 2ffca24fa53dc7bfb5c5901e193a104c
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.3_amd64.deb
      Size/MD5: 459186 3bb686188917d73793abc5f812d388b9
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.3_amd64.deb
      Size/MD5: 112794 309519051cbeac5ee4970c17c95f873f

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.3_i386.deb
      Size/MD5: 155950 dd997be32c7b3379260bf9f9ff9576c8
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.3_i386.deb
      Size/MD5: 440500 16622a398c014cf6035494e0ff29d660
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.3_i386.deb
      Size/MD5: 103712 fe939d6535627e0fc713fb43fefa399e

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.3_powerpc.deb
      Size/MD5: 188176 88838f14d7d5da36f1f403f4c0a39b66
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.3_powerpc.deb
      Size/MD5: 463658 3aa8bf134de05702211eafa321b06503
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.3_powerpc.deb
      Size/MD5: 114124 de1c205214d625b875ae75c18c18078a

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.1.diff.gz
      Size/MD5: 10710 2bd5f0ece5925350446d84ee8189e071
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.1.dsc
      Size/MD5: 756 6189550944c0b45fc86c910ed0dbcf26
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3.orig.tar.gz
      Size/MD5: 1268182 48fbef3d76a6253699f28f49c8f25a8b

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.1_amd64.deb
      Size/MD5: 47954 af59fddd16097f942f3e0e30191d28d0
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.1_amd64.deb
      Size/MD5: 219564 3ed70fe840906f3f2a1c3911a7361e29
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.1_amd64.deb
      Size/MD5: 281560 1e221cf189548ff8d6e5d1493800c05d
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.1_amd64.deb
      Size/MD5: 471914 5736f410bb8db26c4249a4921491be9a
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.1_amd64.deb
      Size/MD5: 42792 139dc849797a3d1075afb782d6bd6c70

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.1_i386.deb
      Size/MD5: 47346 5eddb50954c66c612b7f3512782dda0f
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.1_i386.deb
      Size/MD5: 204506 18fdd790464fad763946019e3eacf08d
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.1_i386.deb
      Size/MD5: 258138 7034f05b5208a7e12d08f0f0f617c267
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.1_i386.deb
      Size/MD5: 457970 6ff93fae3665cc4d755e00193bc3878d
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.1_i386.deb
      Size/MD5: 42792 b8171ab19a074a0bb824bbf9b7e6878c

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.1_powerpc.deb
      Size/MD5: 49658 ce5d543ec0f79778d91c35621a21cfb2
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.1_powerpc.deb
      Size/MD5: 238916 80c0907f7bcc9ce449ab7c290f4de184
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.1_powerpc.deb
      Size/MD5: 286772 43624f7226b1b4f7805b6824afabce4d
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.1_powerpc.deb
      Size/MD5: 472118 0bbe31b13584e60800c85e9a1e2fd462
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.1_powerpc.deb
      Size/MD5: 44986 11c16855448a486adbdd3520006845dd

Ubuntu Security Notice USN-278-1 May 03, 2006
gdm vulnerabilitiy
CVE-2006-1057

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

gdm

The problem can be corrected by upgrading the affected package to 2.6.0.7-0ubuntu7.1 (for Ubuntu 5.04) or 2.8.0.5-0ubuntu1.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Marcus Meissner discovered a race condition in gdm's handling of the ~/.ICEauthority file permissions. A local attacker could exploit this to become the owner of an arbitrary file in the system. When getting control over automatically executed scripts (like cron jobs), the attacker could eventually leverage this flaw to execute arbitrary commands with root privileges.

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.6.0.7-0ubuntu7.1.diff.gz
      Size/MD5: 68630 07276634f63f6cf6e3d3946661cf2939
    http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.6.0.7-0ubuntu7.1.dsc
      Size/MD5: 787 6e666f8da0735aee929c25a9818dd53a
    http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.6.0.7.orig.tar.gz
      Size/MD5: 5594495 50254890d9fbbec6b2d3455d4343f6e0

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.6.0.7-0ubuntu7.1_amd64.deb
Size/MD5: 1382686 716ba56c1177162685a7198b46a28667

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.6.0.7-0ubuntu7.1_i386.deb
Size/MD5: 1343230 9bb1a76e6d0a8658f49ce787f6a66606

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.6.0.7-0ubuntu7.1_powerpc.deb
Size/MD5: 1379750 bcaec993d57ce53221c920245495d3b8

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.8.0.5-0ubuntu1.1.diff.gz
      Size/MD5: 65777 3181d42210c694ab595840f1359d5735
    http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.8.0.5-0ubuntu1.1.dsc
      Size/MD5: 820 0165df3317618487e8d39e60b5174c83
    http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.8.0.5.orig.tar.gz
      Size/MD5: 4226618 349b76492113ab814f2732d4ce3a49c2

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.8.0.5-0ubuntu1.1_amd64.deb
Size/MD5: 1618080 7aa6c967d046d2876e577975e5c6759f

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.8.0.5-0ubuntu1.1_i386.deb
Size/MD5: 1559770 3dc875b89062d5572b2b2e84a8354434

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.8.0.5-0ubuntu1.1_powerpc.deb
Size/MD5: 1571404 1ca7c072d5460d694af449719f2abc57

Ubuntu Security Notice USN-279-1 May 03, 2006
libnasl vulnerability
CVE-2006-2093

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libnasl2

The problem can be corrected by upgrading the affected package to version 2.2.3-1ubuntu0.1 (libnasl-dev and libnasl2) and 2.2.4-1ubuntu0.1 (libnasl-dev and libnasl2). After a standard system upgrade you need to restart nessusd to effect the necessary changes.

Details follow:

Jayesh KS discovered that the nasl_split() function in the NASL (Nessus Attack Scripting Language) library did not check for a zero-length separator argument, which lead to an invalid memory allocation. This library is primarily used in the Nessus security scanner; a remote attacker could exploit this vulnerability to cause the Nessus daemon to crash.

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl_2.2.3-1ubuntu0.1.diff.gz
      Size/MD5: 325024 934e559032064bdbfaf178e0e64b347d
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl_2.2.3-1ubuntu0.1.dsc
      Size/MD5: 758 3326827ac8f9245a9188222ac517224d
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl_2.2.3.orig.tar.gz
      Size/MD5: 360918 ee66b86f0a808c9eb1e1756490e5c067

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl-dev_2.2.3-1ubuntu0.1_amd64.deb
      Size/MD5: 334004 81c12b0e563175c9add90f462d55c46d
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl2_2.2.3-1ubuntu0.1_amd64.deb
      Size/MD5: 101580 63413de59bcc9efe8cacbcc34380df67

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl-dev_2.2.3-1ubuntu0.1_i386.deb
      Size/MD5: 312834 8c0bfa1daf1854ef200cc9bb4e50a54c
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl2_2.2.3-1ubuntu0.1_i386.deb
      Size/MD5: 95840 4d8e2c1a91d8fc991f2fd1716b8583cb

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl-dev_2.2.3-1ubuntu0.1_powerpc.deb
      Size/MD5: 338600 33be5486ddf9ca014d27bf77281200f0
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl2_2.2.3-1ubuntu0.1_powerpc.deb
      Size/MD5: 99624 98dcfe611e5029dc619caf72dfd4da86

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl_2.2.4-1ubuntu0.1.diff.gz
      Size/MD5: 325052 1a6cb2d4eba535bf7d04c86e28753fce
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl_2.2.4-1ubuntu0.1.dsc
      Size/MD5: 758 77166e15fa4998fccb44c731649318b9
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnasl/libnasl_2.2.4.orig.tar.gz
      Size/MD5: 361551 47de3e86725b5f54f5752233a4bc1ea8