Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections: Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs

Partner Sites
JustLinux.com
Linux Planet
PHPBuilder
Technology Jobs

Top White Papers

Current Newswire:

More on LinuxToday

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Justtechjobs.com Post A Job | Post A Resume

Advisories, May 7, 2006

May 08, 2006, 05:30 (0 Talkback[s])

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200605-05

http://security.gentoo.org/

Severity: High
Title: rsync: Potential integer overflow
Date: May 06, 2006
Bugs: #131631
ID: 200605-05

Synopsis

An attacker having write access to an rsync module might be able to execute arbitrary code on an rsync server.

Background

rsync is a server and client utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree.

Affected packages

     Package         /  Vulnerable  /                       Unaffected

  1  net-misc/rsync       < 2.6.8                             >= 2.6.8

Description

An integer overflow was found in the receive_xattr function from the extended attributes patch (xattr.c) for rsync. The vulnerable function is only present when the "acl" USE flag is set.

Impact

A remote attacker with write access to an rsync module could craft malicious extended attributes which would trigger the integer overflow, potentially resulting in the execution of arbitrary code with the rights of the rsync daemon.

Workaround

Do not provide write access to an rsync module to untrusted parties.

Resolution

All rsync users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-misc/rsync-2.6.8"

References

[ 1 ] CVE-2006-2083

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2083

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200605-05.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Linux Security Advisory GLSA 200605-06

http://security.gentoo.org/

Severity: Normal
Title: Mozilla Firefox: Potential remote code execution
Date: May 06, 2006
Bugs: #131138
ID: 200605-06

Synopsis

The Mozilla Firefox 1.5 line is vulnerable to a buffer overflow in the JavaScript extension which may in theory lead to remote execution of arbitrary code.

Background

Mozilla Firefox is the next-generation web browser from the Mozilla project.

Affected packages

     Package                         /  Vulnerable  /       Unaffected



  1  www-client/mozilla-firefox          < 1.5.0.3          >= 1.5.0.3
                                                                 < 1.5
  2  www-client/mozilla-firefox-bin      < 1.5.0.3          >= 1.5.0.3
                                                                 < 1.5
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.

Description

Martijn Wargers and Nick Mott discovered a vulnerability when rendering malformed JavaScript content. The Mozilla Firefox 1.0 line is not affected.

Impact

If JavaScript is enabled, by tricking a user into visiting a malicious web page which would send a specially crafted HTML script that contains references to deleted objects with the "designMode" property enabled, an attacker can crash the web browser and in theory manage to execute arbitrary code with the rights of the user running the browser.

Workaround

There is no known workaround at this time.

Resolution

All Mozilla Firefox 1.5 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.3"

All Mozilla Firefox 1.5 binary users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.3"

References

[ 1 ] CVE-2006-1993

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1993

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200605-06.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2006:081-1
http://www.mandriva.com/security/

Package : xorg-x11
Date : May 4, 2006
Affected: 2006.0

Problem Description:

A problem was discovered in xorg-x11 where the X render extension would mis-calculate the size of a buffer, leading to an overflow that could possibly be exploited by clients of the X server.

Update:

Rafael Bermudez noticed that the patch for 2006 was mis-applied. This update resolves that issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1526

Updated Packages:

Mandriva Linux 2006.0:
fc3e3a6a825dd0ed259803f0ec585514 2006.0/RPMS/libxorg-x11-6.9.0-5.6.20060mdk.i586.rpm
d81df0a49bd2c7178e93229756009bfe 2006.0/RPMS/libxorg-x11-devel-6.9.0-5.6.20060mdk.i586.rpm
f48af91d6c0cac186af5459d7ab84aaf 2006.0/RPMS/libxorg-x11-static-devel-6.9.0-5.6.20060mdk.i586.rpm
61090a0da61aa8be2df3df679069fbcb 2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.6.20060mdk.i586.rpm
76a44a4b56266c1a3782c437fa1f879a 2006.0/RPMS/xorg-x11-6.9.0-5.6.20060mdk.i586.rpm
93c2772c76d3c862d97b2e5b020e30a3 2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.6.20060mdk.i586.rpm
e7e765f1477cb88637aae30fb50fe626 2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.6.20060mdk.i586.rpm
272c396e96c45676792a6a453c65e7a6 2006.0/RPMS/xorg-x11-doc-6.9.0-5.6.20060mdk.i586.rpm
f956116db27ef01ca1f1f73bd720149e 2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.6.20060mdk.i586.rpm
d13be66590a678292d640625d40fa923 2006.0/RPMS/xorg-x11-server-6.9.0-5.6.20060mdk.i586.rpm
d6bda749c3aecfd11e143bcf2450967e 2006.0/RPMS/xorg-x11-xauth-6.9.0-5.6.20060mdk.i586.rpm
b3f05df67c81766894fa4adc6c9744fd 2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.6.20060mdk.i586.rpm
13b62b9ca1e8405c5b7fd4204a206a4c 2006.0/RPMS/xorg-x11-xfs-6.9.0-5.6.20060mdk.i586.rpm
7258f0fa58ea03ebe26d72e8f039eb82 2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.6.20060mdk.i586.rpm
ae9801aa6faf4ab58cfaf8fc590a6133 2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.6.20060mdk.i586.rpm
509555c18dbdb0337bd1d00e72c7bfd6 2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.6.20060mdk.i586.rpm
e333b8894ec5d3fbca38c95741d95935 2006.0/SRPMS/xorg-x11-6.9.0-5.6.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
505ab1a243407f7397e208a29228dd89 x86_64/2006.0/RPMS/lib64xorg-x11-6.9.0-5.6.20060mdk.x86_64.rpm
4e50a1d049a699571c6b509700721557 x86_64/2006.0/RPMS/lib64xorg-x11-devel-6.9.0-5.6.20060mdk.x86_64.rpm
955c4dbfaafe890868f60f34bf088da9 x86_64/2006.0/RPMS/lib64xorg-x11-static-devel-6.9.0-5.6.20060mdk.x86_64.rpm
fc3e3a6a825dd0ed259803f0ec585514 x86_64/2006.0/RPMS/libxorg-x11-6.9.0-5.6.20060mdk.i586.rpm
d81df0a49bd2c7178e93229756009bfe x86_64/2006.0/RPMS/libxorg-x11-devel-6.9.0-5.6.20060mdk.i586.rpm
f48af91d6c0cac186af5459d7ab84aaf x86_64/2006.0/RPMS/libxorg-x11-static-devel-6.9.0-5.6.20060mdk.i586.rpm
c7b65a75d52abde5e3634078eb84842d x86_64/2006.0/RPMS/X11R6-contrib-6.9.0-5.6.20060mdk.x86_64.rpm
caad39791829b2ef86bef852021c3490 x86_64/2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.6.20060mdk.x86_64.rpm
d004173e376cd1fc441fb23d367fe597 x86_64/2006.0/RPMS/xorg-x11-6.9.0-5.6.20060mdk.x86_64.rpm
cd364f6c76eedfba39a10c4ddf81cfb0 x86_64/2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.6.20060mdk.x86_64.rpm
1f6c50c0665c21a78b07d3440ffd43c2 x86_64/2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.6.20060mdk.x86_64.rpm
f135965f13fcc76d4ca07fa128bd7620 x86_64/2006.0/RPMS/xorg-x11-doc-6.9.0-5.6.20060mdk.x86_64.rpm
3304d60e7288911924951718c74afa30 x86_64/2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.6.20060mdk.x86_64.rpm
2d73dbacee80e596f3dbdf0db8a5ffda x86_64/2006.0/RPMS/xorg-x11-server-6.9.0-5.6.20060mdk.x86_64.rpm
8793a61a6824c7ad5c0c8bffe4ce8ee5 x86_64/2006.0/RPMS/xorg-x11-xauth-6.9.0-5.6.20060mdk.x86_64.rpm
674f714d7fa826c12fb0b59429718d1f x86_64/2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.6.20060mdk.x86_64.rpm
a07559d45b7622c3c9b0eed36a6c1000 x86_64/2006.0/RPMS/xorg-x11-xfs-6.9.0-5.6.20060mdk.x86_64.rpm
87abf49419cc1417f56e45227034f7bf x86_64/2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.6.20060mdk.x86_64.rpm
fcfcded879d21656bfddb8ecb91b47e2 x86_64/2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.6.20060mdk.x86_64.rpm
efaeb4f777b5372d55fd8d9128bb80b6 x86_64/2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.6.20060mdk.x86_64.rpm
e333b8894ec5d3fbca38c95741d95935 x86_64/2006.0/SRPMS/xorg-x11-6.9.0-5.6.20060mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Trustix Secure Linux

Trustix Secure Linux Security Advisory #2006-0024

Package names: clamav, cyrus-sasl, kernel, libtiff, rsync, xorg-x11
Summary: Multiple vulnerabilities
Date: 2006-05-05
Affected versions: Trustix Secure Linux 2.2 Trustix Secure Linux 3.0 Trustix Operating System - Enterprise Server 2

Package description:
clamav
Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with package, which you can use with your own software.

cyrus-sasl
The cyrus-sasl package contains the Cyrus implementation of SASL. SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols.

kernel
The kernel package contains the Linux kernel (vmlinuz), the core of your Trustix Secure Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

libtiff
The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large.

rsync
Rsync uses a quick and reliable algorithm to very quickly bring remote and host files into sync. Rsync is fast because it just sends the differences in the files over the network (instead of sending the complete files). Rsync is often used as a very powerful mirroring process or just as a more capable replacement for the rcp command. A technical report which describes the rsync algorithm is included in this package.

xorg-x11
X.org X11 is an open source implementation of the X Window System. It provides the basic low level functionality which full fledged graphical user interfaces (GUIs) such as GNOME and KDE are designed upon.

Problem description:
clamav < TSL 3.0 > < TSL 2.2 >

  • New Upstream.
  • SECURITY Fix: A vulnerability has been reported in ClamAV caused due to a boundary error within the HTTP client in the Freshclam command line utility. This can be exploited to cause a stack-based buffer overflow when the HTTP headers received from a web server exceeds 8KB.

    The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-1989 this issue.

cyrus-sasl < TSL 3.0 > < TSL 2.2 > < TSEL 2 >

  • SECURITY Fix: Mu Security has reported a vulnerability in Cyrus SASL library, which can be exploited by malicious people to cause a DoS. The vulnerability is caused due to an unspecified error during DIGEST-MD5 negotiation.

    The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-1721 this issue.

kernel < TSL 3.0 >

  • New Upstream.
  • SECURITY Fix: A vulnerability has been reported in Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to missing checks on SCTP chunk sizes in the SCTP-netfilter code and may result in an infinite loop exhausting system resources.
  • Directory traversal vulnerability in CIFS which allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\" sequences.

    The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names CVE-2006-1527 and CVE-2006-1863 to these issues.

libtiff < TSL 3.0 > < TSL 2.2 > < TSEL 2 >

  • SECURITY Fix: Tavis Ormandy has reported some vulnerabilities in LibTIFF, which can be exploited by malicious people to cause a DoS and potentially to compromise a user's system.
  • Several unspecified errors in the "TIFFFetchAnyArray()" function and in the cleanup functions can be exploited to crash an application linked against LibTIFF when a specially crafted TIFF image is processed.
  • Integer overflow in the TIFFFetchData function in tif_dirread.c allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.
  • A double free error in tif_jpeg.c within the setfield/getfield methods in the cleanup functions can be exploited to crash an application linked against LibTIFF and may allow arbitrary code execution when a specially crafted TIFF image is processed.
  • The TIFFToRGB function in libtiff allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.

    The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names CVE-2006-2024, CVE-2006-2025, CVE-2006-2026 and CVE-2006-2120 these issues.

rsync < TSL 3.0 > < TSL 2.2 > < TSEL 2 >

  • New Upstream.
  • SECURITY Fix: A vulnerability has been reported in rsync caused due to an integer overflow error in the "receive_xattr()" function within the xattrs.diff patch. This can be exploited to cause a buffer overflow and may allow arbitrary code execution via specially crafted extended attributes.

    The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-2083 this issue.

xorg-x11 < TSL 3.0 >

  • SECURITY Fix: A buffer overflow in the XRender extension allows any X.Org user to execute arbitrary code with elevated privileges. A typo causes the code to mis-compute the size of memory allocations in the XRenderCompositeTriStrip and XRenderCompositeTriFan requests.

    The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-1526 this issue.

Action:
We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system.

Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>

About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater.

Automatic updates:
Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'.

Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>

Verification:
This advisory along with all Trustix packages are signed with the TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>

The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.2/> and
<URI:http://www.trustix.org/errata/trustix-3.0/>
or directly at
<URI:http://www.trustix.org/errata/2006/0024/>

MD5sums of the packages:

8f9fd0f2b05c574bf2f42841eb84bb05 3.0/rpms/clamav-0.88.2-1tr.i586.rpm
f018f1d168962aca4312c6fe17d2b133 3.0/rpms/clamav-devel-0.88.2-1tr.i586.rpm
975e9e4a862f0518d892aded818d870d 3.0/rpms/cyrus-sasl-2.1.20-15tr.i586.rpm
10484d9cfc683b883bdbb5b20a02681d 3.0/rpms/cyrus-sasl-devel-2.1.20-15tr.i586.rpm
ed57cdfd3c9b21d3ee244d4825a61fc0 3.0/rpms/cyrus-sasl-md5-2.1.20-15tr.i586.rpm
bb6bd68737f8e2fa31489b88ca6163bd 3.0/rpms/cyrus-sasl-otp-2.1.20-15tr.i586.rpm
393f554144e646017016f813bbcaaf06 3.0/rpms/cyrus-sasl-plain-2.1.20-15tr.i586.rpm
6422bf4c3007cad3a35e5c6eecb29889 3.0/rpms/cyrus-sasl-sql-2.1.20-15tr.i586.rpm
29f1fc6b4dd34e6efc0314b38874c1a4 3.0/rpms/cyrus-sasl-utils-2.1.20-15tr.i586.rpm
fc0f1ce0337ef359fddce5c48610574c 3.0/rpms/kernel-2.6.16.13-1tr.i586.rpm
128a17a5ee280460228ff973d044c2d6 3.0/rpms/kernel-doc-2.6.16.13-1tr.i586.rpm
40b294479e91c9a35e68ce9e2b1e300d 3.0/rpms/kernel-headers-2.6.16.13-1tr.i586.rpm
a82b83e463fab1f07f3c11fa56e86055 3.0/rpms/kernel-smp-2.6.16.13-1tr.i586.rpm
a78d4799876d39e0ce5b3cba16454f69 3.0/rpms/kernel-smp-headers-2.6.16.13-1tr.i586.rpm
9eb0e5c0c63288246a4816d79b8c7d55 3.0/rpms/kernel-source-2.6.16.13-1tr.i586.rpm
cdde0ae2d48aa534dbaf20c67eb2eca6 3.0/rpms/kernel-utils-2.6.16.13-1tr.i586.rpm
8dbc912920dda86e2f9d623f6f88c5af 3.0/rpms/libtiff-3.7.3-2tr.i586.rpm
8e9a0e6917f9529c3720a3dcb101fe2c 3.0/rpms/libtiff-devel-3.7.3-2tr.i586.rpm
abb3f9444f533b610873eeb22100f2f3 3.0/rpms/libtiff-docs-3.7.3-2tr.i586.rpm
fc3d971697486d9cba85f81e617120cd 3.0/rpms/rsync-2.6.8-1tr.i586.rpm
fc722769b558d7f4d22e00bb929a4f5b 3.0/rpms/rsync-server-2.6.8-1tr.i586.rpm
c48de68cf51aaa7e97b3bc7727bb83cc 3.0/rpms/xorg-x11-6.8.2-11tr.i586.rpm
5d8bff276211197de40e04f19046d00f 3.0/rpms/xorg-x11-devel-6.8.2-11tr.i586.rpm
3a346ecc4f058d0c5fd1936b4b8c7826 3.0/rpms/xorg-x11-doc-6.8.2-11tr.i586.rpm
038487208366b11b1064feb8af2700ed 3.0/rpms/xorg-x11-fonts-100dpi-6.8.2-11tr.i586.rpm
f5768dab5cb3017630804184e150435e 3.0/rpms/xorg-x11-fonts-6.8.2-11tr.i586.rpm
d873cb5592008211ec7047e1c32ee857 3.0/rpms/xorg-x11-fonts-75dpi-6.8.2-11tr.i586.rpm
87f9a7b00656d1ee91df99a09eb96791 3.0/rpms/xorg-x11-fonts-cid-6.8.2-11tr.i586.rpm
5781bca9e84dc2339e83610254a456c3 3.0/rpms/xorg-x11-fonts-cyrillic-6.8.2-11tr.i586.rpm
58d6470e0fb229c87d2073dc15c21726 3.0/rpms/xorg-x11-fonts-otf-6.8.2-11tr.i586.rpm
ab6be3f5dbc41b1ba945188aafe76ba5 3.0/rpms/xorg-x11-fonts-speedo-6.8.2-11tr.i586.rpm
6f87b1cf6e840b10b8710427722db3d2 3.0/rpms/xorg-x11-fonts-ttf-6.8.2-11tr.i586.rpm
cee4c07f06da1ecf68a802d0a4d68bea 3.0/rpms/xorg-x11-fonts-type1-6.8.2-11tr.i586.rpm
10944512010fbd199a864d00c3383615 3.0/rpms/xorg-x11-libs-6.8.2-11tr.i586.rpm
9ea9d3e411b25eee89af0d65ccdf0eb5 3.0/rpms/xorg-x11-sdk-6.8.2-11tr.i586.rpm

4ce128f09ab5a6aebc814a4a8389cd51 2.2/rpms/clamav-0.88.2-1tr.i586.rpm
7c29e1c6eab44f4380af89384e18ce67 2.2/rpms/clamav-devel-0.88.2-1tr.i586.rpm
251875bae4da0c8812f392645454afeb 2.2/rpms/cyrus-sasl-2.1.20-7tr.i586.rpm
94398d80360b5166a71adc02a700846b 2.2/rpms/cyrus-sasl-devel-2.1.20-7tr.i586.rpm
0c6fe11ab11c80df5725a738b8500eb2 2.2/rpms/cyrus-sasl-md5-2.1.20-7tr.i586.rpm
058d6dc0df428df3c1453df769428e9c 2.2/rpms/cyrus-sasl-otp-2.1.20-7tr.i586.rpm
30d784607cb89d03aaaa860e2ded2902 2.2/rpms/cyrus-sasl-plain-2.1.20-7tr.i586.rpm
0f794362b7795c05d75f2847bcf1245b 2.2/rpms/cyrus-sasl-sql-2.1.20-7tr.i586.rpm
0d064a6ff40a2ae53cd93bfd14dbe10c 2.2/rpms/cyrus-sasl-utils-2.1.20-7tr.i586.rpm
21f4458df3cc75524d89c0ca050d6860 2.2/rpms/libtiff-3.7.3-2tr.i586.rpm
cb29f7ab911871682000de6316b8ee01 2.2/rpms/libtiff-devel-3.7.3-2tr.i586.rpm
c2f1d749f54379f1a60202eb7e71e79e 2.2/rpms/rsync-2.6.8-1tr.i586.rpm
a2ed791cd851db257914372034f448be 2.2/rpms/rsync-server-2.6.8-1tr.i586.rpm

Trustix Security Team