Linux Today - Advisories, September 10, 2006

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices

Technology Jobs

LinuxToday Newsletters

Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com

Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

Current Newswire:

Raspberry Pi benchmarked against Beagleboard, low price is long term

20 popular Ubuntu Linux apps you may want to try

A Selection of the Very Best Open Source Tutorials and Tools

Android Ice Cream Sandwich ported to x86 tablets, netbooks and notebooks

SECURITY: Google Chrome 17 Improves Security

How to read a CSV file in Perl?

Red Hat Brings Gluster to Amazon Cloud

New Linux kernel fixes power-saving issues

Using Wii remote with Android Device- Taking Gaming to the Next Level

Commercial Support now available for the open-source NGINX Web server

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Post A Job | Post A Resume

:Advisories, September 10, 2006

Advisories, September 10, 2006
Sep 11, 2006, 04 :30 UTC (0 Talkback[s]) (2155 reads)

Debian GNU/Linux

Debian Security Advisory DSA 1159-2 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 8th, 2006 http://www.debian.org/security/faq

Package : mozilla-thunderbird
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-2779 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810
CERT advisories: VU#466673 VU#655892 VU#687396 VU#876420 VU#911004
BugTraq IDs : 18228 19181

The latest security updates of Mozilla Thunderbird introduced a regression that led to a disfunctional attachment panel which warrants a correction to fix this issue. For reference please find below the original advisory text:

Several security related problems have been discovered in Mozilla and derived products such as Mozilla Thunderbird. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:

CVE-2006-2779

Mozilla team members discovered several crashes during testing of the browser engine showing evidence of memory corruption which may also lead to the execution of arbitrary code. The last bit of this problem will be corrected with the next update. You can prevent any trouble by disabling Javascript. [MFSA-2006-32]

CVE-2006-3805

The Javascript engine might allow remote attackers to execute arbitrary code. [MFSA-2006-50]

CVE-2006-3806

Multiple integer overflows in the Javascript engine might allow remote attackers to execute arbitrary code. [MFSA-2006-50]

CVE-2006-3807

Specially crafted Javascript allows remote attackers to execute arbitrary code. [MFSA-2006-51]

CVE-2006-3808

Remote AutoConfig (PAC) servers could execute code with elevated privileges via a specially crafted PAC script. [MFSA-2006-52]

CVE-2006-3809

Scripts with the UniversalBrowserRead privilege could gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data. [MFSA-2006-53]

CVE-2006-3810

A cross-site scripting vulnerability allows remote attackers to inject arbitrary web script or HTML. [MFSA-2006-54]

For the stable distribution (sarge) these problems have been fixed in version 1.0.2-2.sarge1.0.8b.2.

For the unstable distribution (sid) these problems have been fixed in version 1.5.0.5-1.

We recommend that you upgrade your mozilla-thunderbird package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2.dsc
      Size/MD5 checksum: 1003 359853df29b29253164e9aef34d18066 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2.diff.gz
      Size/MD5 checksum: 486593 3759fe23473ecb6cee532cb47cdd4e63 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
      Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4

Alpha architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_alpha.deb
      Size/MD5 checksum: 12849016 fdf32dcb741195378d9079231aba21cd http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_alpha.deb
      Size/MD5 checksum: 3279426 879ae924d100517f98ee7f39a84e1bb2 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_alpha.deb
      Size/MD5 checksum: 151696 dd6911608eb54bebc7fbcdb58e5d63bb http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_alpha.deb
      Size/MD5 checksum: 33138 9581f8f0be21162692672e55d5f00640 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_alpha.deb
      Size/MD5 checksum: 89106 06a2f4752c619fb6a80d15d8fd1741de

AMD64 architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_amd64.deb
      Size/MD5 checksum: 12255346 0ef80084b8dc8f3aeab523b3ce03009e http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_amd64.deb
      Size/MD5 checksum: 3280646 de3c980f39e86509f62348d39ffb65f5 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_amd64.deb
      Size/MD5 checksum: 150662 369341b36fb2a2bcf3178c5bf788c72c http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_amd64.deb
      Size/MD5 checksum: 33132 42ef7496ee17221749feff905c1eb3ce http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_amd64.deb
      Size/MD5 checksum: 88892 15554699cf57f756e7e615910c36e705

ARM architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_arm.deb
      Size/MD5 checksum: 10343074 0716c5639dc5b76dfee6f2aac33378f1 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_arm.deb
      Size/MD5 checksum: 3271558 0df9cfaf413911576ab6cbda7a366dc5 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_arm.deb
      Size/MD5 checksum: 142846 59248b09ddba4eea5c15f3a8e441c8b8 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_arm.deb
      Size/MD5 checksum: 33160 e0292cee475239b5660a1db8a60e9599 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_arm.deb
      Size/MD5 checksum: 80938 12eae1b21352bdbe21499d74f2ee3bc7

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_hppa.deb
      Size/MD5 checksum: 13564760 ac59239f3cd97d1ae63616335e86b755 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_hppa.deb
      Size/MD5 checksum: 3284788 9c9ed05edb7b5d15c444347f27d997b6 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_hppa.deb
      Size/MD5 checksum: 152898 39997b48bfa96256946015464c4cabb9 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_hppa.deb
      Size/MD5 checksum: 33144 9f7a34db227b65158d2907e7030c0a35 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_hppa.deb
      Size/MD5 checksum: 97012 3b4cf017d74aa8a47d723b4c2f196735

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_i386.deb
      Size/MD5 checksum: 11564254 30581baff08ebcf78cb7a805078238c3 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_i386.deb
      Size/MD5 checksum: 3507668 46a7e9a8d982b9df0a3ac2c0d0f2f9e6 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_i386.deb
      Size/MD5 checksum: 146348 b8c2a88b083683e63ee7e83846aff346 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_i386.deb
      Size/MD5 checksum: 33150 5f56019ede768d9132def0798ea1c1fb http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_i386.deb
      Size/MD5 checksum: 87708 c51a3dc04f9bcba7fdfd486474d63966

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_ia64.deb
      Size/MD5 checksum: 14624280 55e21c6d9b9590b7b02646071e3d4881 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_ia64.deb
      Size/MD5 checksum: 3291092 d6cfb0e457c509cfd558b41d6db45e61 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_ia64.deb
      Size/MD5 checksum: 155048 12b7efd38b79c5e152757c1ae2861344 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_ia64.deb
      Size/MD5 checksum: 33144 b941a4303b34f97550744026b347e711 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_ia64.deb
      Size/MD5 checksum: 106840 e5e09e738134c8a7494a2b15e95c40df

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_m68k.deb
      Size/MD5 checksum: 10791360 246f9f51609b2848c2d54f3183e07d5d http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_m68k.deb
      Size/MD5 checksum: 3271086 ad5796c388daa8f0965fdb8a353ba90d http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_m68k.deb
      Size/MD5 checksum: 144660 486d2b72286e105a670c40c4982857fd http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_m68k.deb
      Size/MD5 checksum: 33174 feca51e39ec459f867e412e788308687 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_m68k.deb
      Size/MD5 checksum: 82198 a2252137e94259eb8e699bf4d7a84ab7

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_mips.deb
      Size/MD5 checksum: 11943666 7d1fc9df6d4bb496bbed6b5f10353db3 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_mips.deb
      Size/MD5 checksum: 3278862 02a47eea657b6d287a860f98bb54c11e http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_mips.deb
      Size/MD5 checksum: 147602 07157e5a5dd3af8d299f7b4e060b357e http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_mips.deb
      Size/MD5 checksum: 33146 1d945a5ae87a049a5d12f604f5ecf83f http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_mips.deb
      Size/MD5 checksum: 84410 53d48b348d8d62b2aa2a2f03cf92e84d

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_mipsel.deb
      Size/MD5 checksum: 11811276 e8b1890107fb3c3e9410d396dd6fee51 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_mipsel.deb
      Size/MD5 checksum: 3279782 c0daeff4c21f2bc5a47731cb06ae51aa http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_mipsel.deb
      Size/MD5 checksum: 147156 f240918563f055e8da73d60aff27b63f http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_mipsel.deb
      Size/MD5 checksum: 33132 7d1aa8886a3d0b7857298944b03a55ba http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_mipsel.deb
      Size/MD5 checksum: 84270 74cbaa157220d3012e421f9427041216

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_powerpc.deb
      Size/MD5 checksum: 10908472 a7120c11e497b2e280562b3611e0ba55 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_powerpc.deb
      Size/MD5 checksum: 3269516 58f62e16cbcc5988ef169c44b746e51a http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_powerpc.deb
      Size/MD5 checksum: 144672 a62727479a514dbde5394e455a9bf055 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_powerpc.deb
      Size/MD5 checksum: 33136 b839ba3f926ac102c3c322e4e140e40f http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_powerpc.deb
      Size/MD5 checksum: 81046 9251eb44207d2610bef616e409951937

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_s390.deb
      Size/MD5 checksum: 12702008 ce1773912bae44fdb1473a86b31ffddf http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_s390.deb
      Size/MD5 checksum: 3280008 d20c17b61ae08aacb9bcf2578ffd2d03 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_s390.deb
      Size/MD5 checksum: 150980 a7936545066775c99d0cec4cff187ba2 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_s390.deb
      Size/MD5 checksum: 33140 8389760a91f3444c6170d5ed32867bd1 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_s390.deb
      Size/MD5 checksum: 88926 d237c5c35347449b6695f352f25b112a

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_sparc.deb
      Size/MD5 checksum: 11176470 9d792595c891df352238de0e1b4f7639 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_sparc.deb
      Size/MD5 checksum: 3275230 164f9abf5ca1a11a2ca5d0a69cc4a93f http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_sparc.deb
      Size/MD5 checksum: 144318 e79b826ed1d778023f567fee90730446 http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_sparc.deb
      Size/MD5 checksum: 33148 7d029003df1ee859d52ceacd8ba1142f http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_sparc.deb
      Size/MD5 checksum: 82746 b308910b4e9c4025b0488d44424b85f3

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 1171-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
September 7th, 2006 http://www.debian.org/security/faq

Package : ethereal
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-4333 CVE-2005-3241 CVE-2005-3242 CVE-2005-3243 CVE-2005-3244 CVE-2005-3246 CVE-2005-3248
Debian Bug : 384528 334880

Several remote vulnerabilities have been discovered in the Ethereal network scanner, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-4333

It was discovered that the Q.2391 dissector is vulnerable to denial of service caused by memory exhaustion.

CVE-2005-3241

It was discovered that the FC-FCS, RSVP and ISIS-LSP dissectors are vulnerable to denial of service caused by memory exhaustion.

CVE-2005-3242

It was discovered that the IrDA and SMB dissectors are vulnerable to denial of service caused by memory corruption.

CVE-2005-3243

It was discovered that the SLIMP3 and AgentX dissectors are vulnerable to code injection caused by buffer overflows.

CVE-2005-3244

It was discovered that the BER dissector is vulnerable to denial of service caused by an infinite loop.

CVE-2005-3246

It was discovered that the NCP and RTnet dissectors are vulnerable to denial of service caused by a null pointer dereference.

CVE-2005-3248

It was discovered that the X11 dissector is vulnerable denial of service caused by a division through zero.

This update also fixes a 64 bit-specific regression in the ASN.1 decoder, which has been introduced in a previous DSA.

For the stable distribution (sarge) these problems have been fixed in version 0.10.10-2sarge8.

For the unstable distribution (sid) these problems have been fixed in version 0.99.2-5.1 of wireshark, the network sniffer formerly known as ethereal.

We recommend that you upgrade your ethereal packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8.dsc Size/MD5 checksum: 855 159309d848ffa90cb5ae336582a8e7d4 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz Size/MD5 checksum: 7411510 e6b74468412c17bb66cd459bfb61471c http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8.diff.gz Size/MD5 checksum: 177921 ee1ce43eb48106f1fc0b75bc9ff3c241

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_alpha.deb Size/MD5 checksum: 5476146 cf5b01f923e68a3f07d0080ef69f2b57 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_alpha.deb Size/MD5 checksum: 154566 615069b5905d6c2aec9a357eb0dd1306 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_alpha.deb Size/MD5 checksum: 106250 cfe9461049fc5e1997d68cbd1a6d6b78 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_alpha.deb Size/MD5 checksum: 543034 5c9eaadae44224a002902c4196847aa0

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_amd64.deb Size/MD5 checksum: 154556 67cfc697c120e54c489e1552b1a58b6e http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_amd64.deb Size/MD5 checksum: 99542 09093de7c28ec1741106dac694ffcae3 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_amd64.deb Size/MD5 checksum: 486502 addeab1c3d70537c088574f9f68e6e6d http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_amd64.deb Size/MD5 checksum: 5334616 1700b3e18c2b45594cbb80ef2ea58019

arm architecture (ARM)

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_arm.deb Size/MD5 checksum: 95616 39dbfe3ac08048f95b19d74c644b780c http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_arm.deb Size/MD5 checksum: 154596 209d45b3ebf7ba313bb7db0c00a095bd http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_arm.deb Size/MD5 checksum: 472996 5f0d04db811734c1f1c8c814c93ceaaa http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_arm.deb Size/MD5 checksum: 4687892 5b2737d93a7e3673630e96744f648b51

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_hppa.deb Size/MD5 checksum: 5787290 f36dc8ae6a78acb2d6a8fa71b18af9cc http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_hppa.deb Size/MD5 checksum: 154576 5ce456fee2af8fb5b4f19d786166faf6 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_hppa.deb Size/MD5 checksum: 489292 71832119d10ab77eb4547840cf7d3504 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_hppa.deb Size/MD5 checksum: 98452 94aae2f351900a65edfddcae9e880bf6

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_i386.deb Size/MD5 checksum: 443646 f830051bf5920e2999a8ef9bab332ed2 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_i386.deb Size/MD5 checksum: 4529156 4f6c8ec5448ea7b6aa826fce639a5781 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_i386.deb Size/MD5 checksum: 90878 45f09d9fe820e537fd9e140fbe86de07 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_i386.deb Size/MD5 checksum: 154556 a1a78549f0981eb9aa0f77fdd9ce612b

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_ia64.deb Size/MD5 checksum: 6630098 82fc3ba6dd822ee192c2050dc6f38dcf http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_ia64.deb Size/MD5 checksum: 674420 9b84646b4f81e1c9415656768f6dc687 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_ia64.deb Size/MD5 checksum: 129156 c3deca896916d3a3d1c1065f5e2717c8 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_ia64.deb Size/MD5 checksum: 154554 e8a6435b4e1287af4ebfe3cb606c74af

m68k architecture (Motorola Mc680x0)

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_m68k.deb Size/MD5 checksum: 90904 ab21fa89ad4a12f8e0c579872a1c07c4 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_m68k.deb Size/MD5 checksum: 154614 b384ae036ab5c2b85f62af368b689a04 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_m68k.deb Size/MD5 checksum: 447752 6a8378ecb8337071ef8b1199529700be http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_m68k.deb Size/MD5 checksum: 5565186 647220c660fd8546c9ca4a18e9d7a792

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_mips.deb Size/MD5 checksum: 154572 434928f40a6b3e4bf2d7dce6beb72edb http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_mips.deb Size/MD5 checksum: 94736 4eb62077c31de2ac2ec10a760199b9eb http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_mips.deb Size/MD5 checksum: 4723218 9c827aab812bef7a58d5429ee8287d74 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_mips.deb Size/MD5 checksum: 462746 fa7d8236f1407836dcc601317afa8df2

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_mipsel.deb Size/MD5 checksum: 94650 7f64290882d7c8c579818fdc1c7e215b http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_mipsel.deb Size/MD5 checksum: 154584 934dc675944e857216c72fc29ec46a55 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_mipsel.deb Size/MD5 checksum: 458030 487ea6f3a1fd7620b4ae33f4d5e8c8c3 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_mipsel.deb Size/MD5 checksum: 4460700 e0062d687a84b9782e645b0d72cbb248

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_powerpc.deb Size/MD5 checksum: 455716 a203882270b251513b2269b688d59256 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_powerpc.deb Size/MD5 checksum: 5068470 7976f110d32b6bb83c00afa49fd75493 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_powerpc.deb Size/MD5 checksum: 154570 7622c3b6ca781d622cb305e9a485f447 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_powerpc.deb Size/MD5 checksum: 94320 5e5391b1f1dc2bc4992582930e28f2a3

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_s390.deb Size/MD5 checksum: 5621642 092cf076ce4e6fd479ea09fdb14d6e87 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_s390.deb Size/MD5 checksum: 154566 f3dae98783c87fb3ff088be62608aef7 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_s390.deb Size/MD5 checksum: 479662 e4b854e30aa801eb67a33d1077eb1e9b http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_s390.deb Size/MD5 checksum: 99904 0516f4694b47ae4637b09e82d321eecc

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_sparc.deb Size/MD5 checksum: 5130234 44a97eeb06a2d82bbbcfba2712700792 http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_sparc.deb Size/MD5 checksum: 93828 4f44e9be92792058641044db66993758 http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_sparc.deb Size/MD5 checksum: 465390 42670783f2750c3d5f426fe76bd17696 http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_sparc.deb Size/MD5 checksum: 154566 6f25990f50443c48e802e29881ddc3ff

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 1172-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
September 9th, 2006 http://www.debian.org/security/faq

Package : bind9
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-4095 CVE-2006-4096
CERT advisories: VU#697164 VU#915404

Two vulnerabilities have been discovered in BIND9, the Berkeley Internet Name Domain server. The first relates to SIG query processing and the second relates to a condition that can trigger an INSIST failure, both lead to a denial of service.

For the stable distribution (sarge) these problems have been fixed in version 9.2.4-1sarge1.

For the unstable distribution (sid) these problems have been fixed in version 9.3.2-P1-1.

We recommend that you upgrade your bind9 package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge1.dsc
      Size/MD5 checksum: 742 1c1f68802373715b71c85df3a4e42959 http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge1.diff.gz
      Size/MD5 checksum: 91537 dccd8daf65751535821c1d5feb007782 http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4.orig.tar.gz
      Size/MD5 checksum: 4564219 2ccbddbab59aedd6b8711b628b5472bd

Architecture independent components:

http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.2.4-1sarge1_all.deb
Size/MD5 checksum: 156816 df36851fe572ba9372f51c42225434e8

Alpha architecture:

AMD64 architecture:

ARM architecture:

HP Precision architecture:

Intel IA-32 architecture:

Intel IA-64 architecture:

Motorola 680x0 architecture:

Big endian MIPS architecture:

Little endian MIPS architecture:

PowerPC architecture:

IBM S/390 architecture:

Sun Sparc architecture:

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 1173-1 security@debian.org
http://www.debian.org/security/ Noah Meyerhans
September 10th, 2006 http://www.debian.org/security/faq

Package : openssl
Problem-Type : local
Vulnerability : Cryptographic weakness
Debian-specific: no
CVE ID : CVE-2006-4339
BugTraq ID : 19849
Debian Bug : 386247

Daniel Bleichenbacher discovered a flaw in OpenSSL cryptographic package that could allow an attacker to generate a forged signature that OpenSSL will accept as valid.

For the stable distribution (sarge) this problem has been fixed in version 0.9.7e-3sarge2

For the unstable distribution (sid) this problem has been fixed in version 0.9.8b-3

We recommend that you upgrade your openssl packages. Note that services linking against the openssl shared libraries will need to be restarted. Common examples of such services include most Mail Transport Agents, SSH servers, and web servers.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2.dsc
      Size/MD5 checksum: 639 a6d3c0f1fae595b8c2f7a45ca76dff1f http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2.diff.gz
      Size/MD5 checksum: 27435 16d02ad2e1e531617e5d533553340a83 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e.orig.tar.gz
      Size/MD5 checksum: 3043231 a8777164bca38d84e5eb2b1535223474

Alpha architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_alpha.deb
      Size/MD5 checksum: 3339496 917761204c442b6470cc84364a1d5227 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_alpha.deb
      Size/MD5 checksum: 2445696 6d894629524dcefbefa0f813cb588bef http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_alpha.deb
      Size/MD5 checksum: 929948 117af21021dfea510ac09e9a09c1dfd9

AMD64 architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_amd64.deb
      Size/MD5 checksum: 2693336 c45662184c5ed338e179f3ec5e39289e http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_amd64.deb
      Size/MD5 checksum: 769324 e216b2d3b89634457906140fcff4c5ac http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_amd64.deb
      Size/MD5 checksum: 903454 52d2ce0e5d967ca1a77a33f9417fd798

ARM architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_arm.deb
      Size/MD5 checksum: 2555074 fd529ad701cfbbde50845aa3e0ba4d5e http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_arm.deb
      Size/MD5 checksum: 689548 a626529a0d9f52d069e6fcb1ec3a2513 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_arm.deb
      Size/MD5 checksum: 893880 58bcc0001bf7e014b6a1d7ab9849cf2c

HP Precision architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_hppa.deb
      Size/MD5 checksum: 2694850 7dd819a9adddc660268d260df3e8cea2 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_hppa.deb
      Size/MD5 checksum: 790570 06a37ff4879fab7ee26ac35f6526d7c3 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_hppa.deb
      Size/MD5 checksum: 914188 74e469de973e495e93455816587b63db

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_i386.deb
      Size/MD5 checksum: 2553346 946eaef80a1dc82af47e10d4913153b3 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_i386.deb
      Size/MD5 checksum: 2262628 a4e5d09c7086373d2a76370c71542ce0 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_i386.deb
      Size/MD5 checksum: 908336 e850093346e148d2132d59db3184d398

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_ia64.deb
      Size/MD5 checksum: 3394850 a43e3948b612ea7b48cdcb267fb26ef5 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_ia64.deb
      Size/MD5 checksum: 1037694 e4cda7f8044cbc72ebbef123124461ea http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_ia64.deb
      Size/MD5 checksum: 974802 a6dcd78bc35ca46bb21ac24ac1ccde1b

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_m68k.deb
      Size/MD5 checksum: 2316460 403eae3e2c3f396a0e789069e8896036 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_m68k.deb
      Size/MD5 checksum: 661108 eeb8f5b59f10b7c5ed5187f25b1505e6 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_m68k.deb
      Size/MD5 checksum: 889522 07baf9c082693a1bbf7d81d49f5dd216

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_mips.deb
      Size/MD5 checksum: 2778514 ef833284a26b9ad69eb22c169dcb822f http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_mips.deb
      Size/MD5 checksum: 705952 57a2075ffd4746c1c989c06be4e5587e http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_mips.deb
      Size/MD5 checksum: 896456 0d93ca64cbc1608c5a8345a574b47ada

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_mipsel.deb
      Size/MD5 checksum: 2766270 1d197335ffe887e31525c04466dfd66c http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_mipsel.deb
      Size/MD5 checksum: 693836 45f358db6b4e149982a16cced46eb1d7 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_mipsel.deb
      Size/MD5 checksum: 895636 60f63815017772f9dcbcfce2d8aa9138

PowerPC architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_powerpc.deb
      Size/MD5 checksum: 2774840 012631d48936597d2bdb35a2c9e597cc http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_powerpc.deb
      Size/MD5 checksum: 778946 3e0d5b50e5c3a1b00faf6c7c18a8ac4f http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_powerpc.deb
      Size/MD5 checksum: 908016 8bfe8de155f113aef3edca883cd72dac

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_s390.deb
      Size/MD5 checksum: 2716386 e8744dd7d49acabdd664bdd505e9efae http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_s390.deb
      Size/MD5 checksum: 813542 05846cc017a99f250d8104c406f2a609 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_s390.deb
      Size/MD5 checksum: 918208 f78b15dae8f8072339e601793707c4eb

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_sparc.deb
      Size/MD5 checksum: 2629368 4532f9940cf010b00b0d1404c11f9da5 http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_sparc.deb
      Size/MD5 checksum: 1884394 f7a8f112bb7e09c8c1dacc68c923cd40 http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_sparc.deb
      Size/MD5 checksum: 924208 a5e3e93b474e23a0f858eaa3a329d2de

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2006:163
http://www.mandriva.com/security/

Package : bind
Date : September 8, 2006
Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0

Problem Description:

A vulnerability in BIND was discovered where it did not sufficiently verify particular requests and responses from other name servers and users. This could be exploited by sending a specially crafted packet to crash the name server.

Updated packages have been patched to address these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4096

Updated Packages:

Mandriva Linux 2006.0:
f14e95ff19bfa75c7929ee3b21798a95 2006.0/RPMS/bind-9.3.1-4.1.20060mdk.i586.rpm
38f966e11d12de632500bfd2800c1623 2006.0/RPMS/bind-devel-9.3.1-4.1.20060mdk.i586.rpm
198704fc19b3e67915d77f97cf419b48 2006.0/RPMS/bind-utils-9.3.1-4.1.20060mdk.i586.rpm
152c8a9ecbe966090d662b1846bfe60e 2006.0/SRPMS/bind-9.3.1-4.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
4643bbda03257d26c1f1357d583d9874 x86_64/2006.0/RPMS/bind-9.3.1-4.1.20060mdk.x86_64.rpm
644fd85e5ba97de405a2fad3104160ef x86_64/2006.0/RPMS/bind-devel-9.3.1-4.1.20060mdk.x86_64.rpm
38b5633ab5f389a3a7d016bad9e8aed5 x86_64/2006.0/RPMS/bind-utils-9.3.1-4.1.20060mdk.x86_64.rpm
152c8a9ecbe966090d662b1846bfe60e x86_64/2006.0/SRPMS/bind-9.3.1-4.1.20060mdk.src.rpm

Corporate 3.0:
266e42515e70f0f18c52c0995e373734 corporate/3.0/RPMS/bind-9.2.3-6.1.C30mdk.i586.rpm
cc4cff0ef231e51c91a4a8a5b7fcc1ab corporate/3.0/RPMS/bind-devel-9.2.3-6.1.C30mdk.i586.rpm
8646f8d5e9e5b4a0bb5c647634c9a505 corporate/3.0/RPMS/bind-utils-9.2.3-6.1.C30mdk.i586.rpm
3eeb44b4945e7ddc8a88c8face7ad8ee corporate/3.0/SRPMS/bind-9.2.3-6.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
5074018335e826c9f144c32bae33d1a1 x86_64/corporate/3.0/RPMS/bind-9.2.3-6.1.C30mdk.x86_64.rpm
457f01b9c2fb71e52d5fda98d39e6a50 x86_64/corporate/3.0/RPMS/bind-devel-9.2.3-6.1.C30mdk.x86_64.rpm
e1bd6a27addb41c1f40751eda2b97b39 x86_64/corporate/3.0/RPMS/bind-utils-9.2.3-6.1.C30mdk.x86_64.rpm
3eeb44b4945e7ddc8a88c8face7ad8ee x86_64/corporate/3.0/SRPMS/bind-9.2.3-6.1.C30mdk.src.rpm

Multi Network Firewall 2.0:
73a6f4e4b2b88017aab39159930b951c mnf/2.0/RPMS/bind-9.2.3-6.1.M20mdk.i586.rpm
f061e1e2fee72bc8e354fe9de6a28999 mnf/2.0/RPMS/bind-utils-9.2.3-6.1.M20mdk.i586.rpm
889150fc6c3befeb2c6b0f06b266d276 mnf/2.0/SRPMS/bind-9.2.3-6.1.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Red Hat Linux

Red Hat Security Advisory

Synopsis: Moderate: mailman security update
Advisory ID: RHSA-2006:0600-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0600.html
Issue date: 2006-09-06
Updated on: 2006-09-06
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-2941 CVE-2006-3636

1. Summary:

Updated mailman packages that fix security issues are now available for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Mailman is a program used to help manage email discussion lists.

A flaw was found in the way Mailman handled MIME multipart messages. An attacker could send a carefully crafted MIME multipart email message to a mailing list run by Mailman which caused that particular mailing list to stop working. (CVE-2006-2941)

Several cross-site scripting (XSS) issues were found in Mailman. An attacker could exploit these issues to perform cross-site scripting attacks against the Mailman administrator. (CVE-2006-3636)

Red Hat would like to thank Barry Warsaw for disclosing these vulnerabilities.

Users of Mailman should upgrade to these updated packages, which contain backported patches to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

198344 - CVE-2006-2941 Mailman DoS
203704 - CVE-2006-3636 Mailman XSS issues

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mailman-2.1.5.1-25.rhel3.7.src.rpm
aadc1f8f782b3bb77723aaf58f3075dd mailman-2.1.5.1-25.rhel3.7.src.rpm

i386:
06ad7a3f4da347456466fa4f5e2fa7c3 mailman-2.1.5.1-25.rhel3.7.i386.rpm
c11347caf70b2d35f6ee3e5ad85a1e2a mailman-debuginfo-2.1.5.1-25.rhel3.7.i386.rpm

ia64:
930f1caafb3f9a52df581ec287688b77 mailman-2.1.5.1-25.rhel3.7.ia64.rpm
506a05ea921cc2db4a6bd780fe675984 mailman-debuginfo-2.1.5.1-25.rhel3.7.ia64.rpm

ppc:
3b25506baa71db64e4b5f46891995348 mailman-2.1.5.1-25.rhel3.7.ppc.rpm
7b88f8c12c8b1a8dc847bfb847cbd6be mailman-debuginfo-2.1.5.1-25.rhel3.7.ppc.rpm

s390:
10d5202c49895d7cd7735fd26a631a18 mailman-2.1.5.1-25.rhel3.7.s390.rpm
644052a0ec97d49a7e6f304dcd8d3103 mailman-debuginfo-2.1.5.1-25.rhel3.7.s390.rpm

s390x:
c5db1d523b4ab0107c073d08da7fa067 mailman-2.1.5.1-25.rhel3.7.s390x.rpm
99eb2c04ffa8bbc4d5cc39e580a91036 mailman-debuginfo-2.1.5.1-25.rhel3.7.s390x.rpm

x86_64:
13322c51c7935facde94c51751d9cfed mailman-2.1.5.1-25.rhel3.7.x86_64.rpm
e558b981f58e456777900935c586acc5 mailman-debuginfo-2.1.5.1-25.rhel3.7.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mailman-2.1.5.1-25.rhel3.7.src.rpm
aadc1f8f782b3bb77723aaf58f3075dd mailman-2.1.5.1-25.rhel3.7.src.rpm

i386:
06ad7a3f4da347456466fa4f5e2fa7c3 mailman-2.1.5.1-25.rhel3.7.i386.rpm
c11347caf70b2d35f6ee3e5ad85a1e2a mailman-debuginfo-2.1.5.1-25.rhel3.7.i386.rpm

x86_64:
13322c51c7935facde94c51751d9cfed mailman-2.1.5.1-25.rhel3.7.x86_64.rpm
e558b981f58e456777900935c586acc5 mailman-debuginfo-2.1.5.1-25.rhel3.7.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mailman-2.1.5.1-25.rhel3.7.src.rpm
aadc1f8f782b3bb77723aaf58f3075dd mailman-2.1.5.1-25.rhel3.7.src.rpm

i386:
06ad7a3f4da347456466fa4f5e2fa7c3 mailman-2.1.5.1-25.rhel3.7.i386.rpm
c11347caf70b2d35f6ee3e5ad85a1e2a mailman-debuginfo-2.1.5.1-25.rhel3.7.i386.rpm

ia64:
930f1caafb3f9a52df581ec287688b77 mailman-2.1.5.1-25.rhel3.7.ia64.rpm
506a05ea921cc2db4a6bd780fe675984 mailman-debuginfo-2.1.5.1-25.rhel3.7.ia64.rpm

x86_64:
13322c51c7935facde94c51751d9cfed mailman-2.1.5.1-25.rhel3.7.x86_64.rpm
e558b981f58e456777900935c586acc5 mailman-debuginfo-2.1.5.1-25.rhel3.7.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mailman-2.1.5.1-25.rhel3.7.src.rpm
aadc1f8f782b3bb77723aaf58f3075dd mailman-2.1.5.1-25.rhel3.7.src.rpm

i386:
06ad7a3f4da347456466fa4f5e2fa7c3 mailman-2.1.5.1-25.rhel3.7.i386.rpm
c11347caf70b2d35f6ee3e5ad85a1e2a mailman-debuginfo-2.1.5.1-25.rhel3.7.i386.rpm

ia64:
930f1caafb3f9a52df581ec287688b77 mailman-2.1.5.1-25.rhel3.7.ia64.rpm
506a05ea921cc2db4a6bd780fe675984 mailman-debuginfo-2.1.5.1-25.rhel3.7.ia64.rpm

x86_64:
13322c51c7935facde94c51751d9cfed mailman-2.1.5.1-25.rhel3.7.x86_64.rpm
e558b981f58e456777900935c586acc5 mailman-debuginfo-2.1.5.1-25.rhel3.7.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mailman-2.1.5.1-34.rhel4.5.src.rpm
c93f0d4ba430ee583e22565d46ad4ca7 mailman-2.1.5.1-34.rhel4.5.src.rpm

i386:
9ab4155e1c5510abf085c9af828f57eb mailman-2.1.5.1-34.rhel4.5.i386.rpm
269153aac17ce9e233f78b3ffe8e2aef mailman-debuginfo-2.1.5.1-34.rhel4.5.i386.rpm

ia64:
a42338d32e130205035d1ffe852fa2d1 mailman-2.1.5.1-34.rhel4.5.ia64.rpm
b32a43800a955c99aaaa63ba45cf723d mailman-debuginfo-2.1.5.1-34.rhel4.5.ia64.rpm

ppc:
44ad39bb47c903413d8b6ffd930263dd mailman-2.1.5.1-34.rhel4.5.ppc.rpm
4f2378bf60f794714437f5ae230dba35 mailman-debuginfo-2.1.5.1-34.rhel4.5.ppc.rpm

s390:
338423bc0323023b04f177447ba01fb7 mailman-2.1.5.1-34.rhel4.5.s390.rpm
733544b11b96726a0bade226ddd66abe mailman-debuginfo-2.1.5.1-34.rhel4.5.s390.rpm

s390x:
e2f64e5975246be9b939d0a6e878fa61 mailman-2.1.5.1-34.rhel4.5.s390x.rpm
aaa1f9d30a557cd0a05e17795372e7ce mailman-debuginfo-2.1.5.1-34.rhel4.5.s390x.rpm

x86_64:
92921797e6bdab3c60f739a386e47d0b mailman-2.1.5.1-34.rhel4.5.x86_64.rpm
eff45cff79d327333feac959ebf3e9a4 mailman-debuginfo-2.1.5.1-34.rhel4.5.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mailman-2.1.5.1-34.rhel4.5.src.rpm
c93f0d4ba430ee583e22565d46ad4ca7 mailman-2.1.5.1-34.rhel4.5.src.rpm

i386:
9ab4155e1c5510abf085c9af828f57eb mailman-2.1.5.1-34.rhel4.5.i386.rpm
269153aac17ce9e233f78b3ffe8e2aef mailman-debuginfo-2.1.5.1-34.rhel4.5.i386.rpm

x86_64:
92921797e6bdab3c60f739a386e47d0b mailman-2.1.5.1-34.rhel4.5.x86_64.rpm
eff45cff79d327333feac959ebf3e9a4 mailman-debuginfo-2.1.5.1-34.rhel4.5.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mailman-2.1.5.1-34.rhel4.5.src.rpm
c93f0d4ba430ee583e22565d46ad4ca7 mailman-2.1.5.1-34.rhel4.5.src.rpm

i386:
9ab4155e1c5510abf085c9af828f57eb mailman-2.1.5.1-34.rhel4.5.i386.rpm
269153aac17ce9e233f78b3ffe8e2aef mailman-debuginfo-2.1.5.1-34.rhel4.5.i386.rpm

ia64:
a42338d32e130205035d1ffe852fa2d1 mailman-2.1.5.1-34.rhel4.5.ia64.rpm
b32a43800a955c99aaaa63ba45cf723d mailman-debuginfo-2.1.5.1-34.rhel4.5.ia64.rpm

x86_64:
92921797e6bdab3c60f739a386e47d0b mailman-2.1.5.1-34.rhel4.5.x86_64.rpm
eff45cff79d327333feac959ebf3e9a4 mailman-debuginfo-2.1.5.1-34.rhel4.5.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mailman-2.1.5.1-34.rhel4.5.src.rpm
c93f0d4ba430ee583e22565d46ad4ca7 mailman-2.1.5.1-34.rhel4.5.src.rpm

i386:
9ab4155e1c5510abf085c9af828f57eb mailman-2.1.5.1-34.rhel4.5.i386.rpm
269153aac17ce9e233f78b3ffe8e2aef mailman-debuginfo-2.1.5.1-34.rhel4.5.i386.rpm

ia64:
a42338d32e130205035d1ffe852fa2d1 mailman-2.1.5.1-34.rhel4.5.ia64.rpm
b32a43800a955c99aaaa63ba45cf723d mailman-debuginfo-2.1.5.1-34.rhel4.5.ia64.rpm

x86_64:
92921797e6bdab3c60f739a386e47d0b mailman-2.1.5.1-34.rhel4.5.x86_64.rpm
eff45cff79d327333feac959ebf3e9a4 mailman-debuginfo-2.1.5.1-34.rhel4.5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3636
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Red Hat Security Advisory

Synopsis: Important: openssl security update
Advisory ID: RHSA-2006:0661-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0661.html
Issue date: 2006-09-06
Updated on: 2006-09-06
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-4339

1. Summary:

Updated OpenSSL packages are now available to correct a security issue.

This update has been rated as having important security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature.

The Google Security Team discovered that OpenSSL is vulnerable to this attack. This issue affects applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339)

This errata also resolves a problem where a customized ca-bundle.crt file was overwritten when the openssl package was upgraded.

Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

Note: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.

4. Solution:

Users of Red Hat Enterprise Linux 2.1 may need to use the command "up2date openssl openssl095a openssl096" to install these updated packages on their systems. This is due to a conflict between Galeon and the recent Seamonkey update. We will provide updated Galeon packages to fix this conflict in a future erratum.

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

170740 - Custom ca-bundle.crt overwritten on upgrade
175811 - Custom ca-bundle.crt overwritten on upgrade
205180 - CVE-2006-4339 RSA signature forgery

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl-0.9.6b-43.src.rpm
9c4e224d4d81207af0b89e368f18dc4e openssl-0.9.6b-43.src.rpm
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl095a-0.9.5a-29.src.rpm
9783a1849141d3f7239ca7380ca65c80 openssl095a-0.9.5a-29.src.rpm
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/openssl096-0.9.6-29.src.rpm
84ba18ccae05d9cd15196b7097428720 openssl096-0.9.6-29.src.rpm

i386:
9546f50bcc58bdc77dbc553fddc15cae openssl-0.9.6b-43.i386.rpm
44e1a5814a8585403858e7b0efd459e9 openssl-0.9.6b-43.i686.rpm
c327293080363dc5b634c37412b97e03 openssl-devel-0.9.6b-43.i386.rpm
c8321b57d63a633b18f778ed9c124058 openssl-perl-0.9.6b-43.i386.rpm
222f84f8d36e67a4d0e3fc233d5a2b4e openssl095a-0.9.5a-29.i386.rpm
08b51e19ef3227b369d6a017dbddf8f8 openssl096-0.9.6-29.i386.rpm

ia64:
42d7c7305a7c57bb9f20ae9784680589 openssl-0.9.6b-43.ia64.rpm
691d93e0296e97596610419eb6d3ad4a openssl-devel-0.9.6b-43.ia64.rpm
d5850aa9c7d3671610dde63bebff2642 openssl-perl-0.9.6b-43.ia64.rpm
14f5eb8463137d39b9c80ebf5140f34a openssl095a-0.9.5a-29.ia64.rpm
bf9b84dce7408a3cb6b06d736f03a4af openssl096-0.9.6-29.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl-0.9.6b-43.src.rpm
9c4e224d4d81207af0b89e368f18dc4e openssl-0.9.6b-43.src.rpm
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl095a-0.9.5a-29.src.rpm
9783a1849141d3f7239ca7380ca65c80 openssl095a-0.9.5a-29.src.rpm
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/openssl096-0.9.6-29.src.rpm
84ba18ccae05d9cd15196b7097428720 openssl096-0.9.6-29.src.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/openssl-0.9.6b-43.src.rpm
9c4e224d4d81207af0b89e368f18dc4e openssl-0.9.6b-43.src.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/openssl-0.9.6b-43.src.rpm
9c4e224d4d81207af0b89e368f18dc4e openssl-0.9.6b-43.src.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl-0.9.7a-33.18.src.rpm
7931255997a1d848ce2a7005bc9e6b86 openssl-0.9.7a-33.18.src.rpm
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openssl096b-0.9.6b-16.43.src.rpm
3b6be5625565bb346d52fb6a5623d63d openssl096b-0.9.6b-16.43.src.rpm

i386:
6e0aad070d322d10c2d52791b9da9e33 openssl-0.9.7a-33.18.i386.rpm
ac5c706e41e44d719eed51f218b14713 openssl-0.9.7a-33.18.i686.rpm
247713eecc4918ebbfd972f9cf90d01b openssl-debuginfo-0.9.7a-33.18.i386.rpm
32de88952091f31acbbc456185dbf0de openssl-debuginfo-0.9.7a-33.18.i686.rpm
c628920238cff2b40b2c0858c4c47e00 openssl-devel-0.9.7a-33.18.i386.rpm
e1b3654ce80d8bcfb16fa6e29aa8c2b2 openssl-perl-0.9.7a-33.18.i386.rpm
625a6a769cc075e8cc7826f3924a397a openssl096b-0.9.6b-16.43.i386.rpm
61279408c2d1985066192a1a2f209f48 openssl096b-debuginfo-0.9.6b-16.43.i386.rpm

ia64:
ac5c706e41e44d719eed51f218b14713 openssl-0.9.7a-33.18.i686.rpm
14901c99907185c4bbe8b2c0e276427b openssl-0.9.7a-33.18.ia64.rpm
32de88952091f31acbbc456185dbf0de openssl-debuginfo-0.9.7a-33.18.i686.rpm
85865b7f4cea96538753c96561a270de openssl-debuginfo-0.9.7a-33.18.ia64.rpm
fcff948e8fc9685baff13d1d3801f202 openssl-devel-0.9.7a-33.18.ia64.rpm
acaecb0841c5a7de3231cc15d5b68c21 openssl-perl-0.9.7a-33.18.ia64.rpm
625a6a769cc075e8cc7826f3924a397a openssl096b-0.9.6b-16.43.i386.rpm
56ac07e7577ccfbc08c1c0cda848e454 openssl096b-0.9.6b-16.43.ia64.rpm
61279408c2d1985066192a1a2f209f48 openssl096b-debuginfo-0.9.6b-16.43.i386.rpm
c9773fbd54e57e7793c218a92e7f95c3 openssl096b-debuginfo-0.9.6b-16.43.ia64.rpm

ppc:
f9b728d0c51d36cff1c10bfbb96e857c openssl-0.9.7a-33.18.ppc.rpm
640c4cba8094f18cfe1230af30060408 openssl-0.9.7a-33.18.ppc64.rpm
6eec594344eb96473e3b0dee580f9e8c openssl-debuginfo-0.9.7a-33.18.ppc.rpm
e293490ebe6b1f0b72cff0326796a003 openssl-debuginfo-0.9.7a-33.18.ppc64.rpm
1fb4c48a10d2cceb58a638dfcca690ba openssl-devel-0.9.7a-33.18.ppc.rpm
0719de47a6d77500d8b57fba3c84cf29 openssl-perl-0.9.7a-33.18.ppc.rpm
c4c15926b9e6771b6cbc7bcb621d07ab openssl096b-0.9.6b-16.43.ppc.rpm
ff0d64fe7f9cdc158f589c8d40dae562 openssl096b-debuginfo-0.9.6b-16.43.ppc.rpm

s390:
712cdf7448cd56f4086592ac99d9efd0 openssl-0.9.7a-33.18.s390.rpm
022e6a6b04a783810a83a2b16e6e825e openssl-debuginfo-0.9.7a-33.18.s390.rpm
11c69ed43437826d702db6bad93ad97a openssl-devel-0.9.7a-33.18.s390.rpm
051f9b48e2359ad0683bf6e968f9891c openssl-perl-0.9.7a-33.18.s390.rpm
2090930263494a9145d6a37ee7ef2d1d openssl096b-0.9.6b-16.43.s390.rpm
d8ea7e52db03ddedc572009cf0af18fd openssl096b-debuginfo-0.9.6b-16.43.s390.rpm

s390x:
712cdf7448cd56f4086592ac99d9efd0 openssl-0.9.7a-33.18.s390.rpm
3f0695e5419f99424070eb2d33912d16 openssl-0.9.7a-33.18.s390x.rpm
022e6a6b04a783810a83a2b16e6e825e openssl-debuginfo-0.9.7a-33.18.s390.rpm
7fc543d1a1abe509433de3d2a14a52b3 openssl-debuginfo-0.9.7a-33.18.s390x.rpm
cd7d012078096bae3317459e6b80161f openssl-devel-0.9.7a-33.18.s390x.rpm
17c5f5ee7d49a1ebc1e3d04127d3a363 openssl-perl-0.9.7a-33.18.s390x.rpm
2090930263494a9145d6a37ee7ef2d1d openssl096b-0.9.6b-16.43.s390.rpm
d8ea7e52db03ddedc572009cf0af18fd openssl096b-debuginfo-0.9.6b-16.43.s390.rpm

x86_64:
ac5c706e41e44d719eed51f218b14713 openssl-0.9.7a-33.18.i686.rpm
2794780bd750f59abf8b1a1a5ca7cc81 openssl-0.9.7a-33.18.x86_64.rpm
32de88952091f31acbbc456185dbf0de openssl-debuginfo-0.9.7a-33.18.i686.rpm
17d327233e162a434578dee74a6554f0 openssl-debuginfo-0.9.7a-33.18.x86_64.rpm
12b7d2a240d5fd33f1814e2600aa30ae openssl-devel-0.9.7a-33.18.x86_64.rpm
473ef89363b88b74d80fa1dd285fe7b9 openssl-perl-0.9.7a-33.18.x86_64.rpm
625a6a769cc075e8cc7826f3924a397a openssl096b-0.9.6b-16.43.i386.rpm
02d32812e2b348d7ffacf91a5c91775d openssl096b-0.9.6b-16.43.x86_64.rpm
61279408c2d1985066192a1a2f209f48 openssl096b-debuginfo-0.9.6b-16.43.i386.rpm
6f7c059e7066f622004d6d897292d34b openssl096b-debuginfo-0.9.6b-16.43.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openssl-0.9.7a-33.18.src.rpm
7931255997a1d848ce2a7005bc9e6b86 openssl-0.9.7a-33.18.src.rpm
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openssl096b-0.9.6b-16.43.src.rpm
3b6be5625565bb346d52fb6a5623d63d openssl096b-0.9.6b-16.43.src.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl-0.9.7a-33.18.src.rpm
7931255997a1d848ce2a7005bc9e6b86 openssl-0.9.7a-33.18.src.rpm
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openssl096b-0.9.6b-16.43.src.rpm
3b6be5625565bb346d52fb6a5623d63d openssl096b-0.9.6b-16.43.src.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl-0.9.7a-33.18.src.rpm
7931255997a1d848ce2a7005bc9e6b86 openssl-0.9.7a-33.18.src.rpm
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openssl096b-0.9.6b-16.43.src.rpm
3b6be5625565bb346d52fb6a5623d63d openssl096b-0.9.6b-16.43.src.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openssl-0.9.7a-43.11.src.rpm
513f9d07d6d6bc0ba7c6207937e54623 openssl-0.9.7a-43.11.src.rpm
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openssl096b-0.9.6b-22.43.src.rpm
5cb693bd507574dfd15ce06cedd87ddf openssl096b-0.9.6b-22.43.src.rpm

i386:
bb2a2bdf02f86cabb4cffdcfb7a549ab openssl-0.9.7a-43.11.i386.rpm
68435a368c5e4a16bea0e9490071e4e6 openssl-0.9.7a-43.11.i686.rpm
307f10712e6e705f1d362070651048c6 openssl-debuginfo-0.9.7a-43.11.i386.rpm
eea0ce533d4e519d0d35598ab905e0bd openssl-debuginfo-0.9.7a-43.11.i686.rpm
d0be647345ea50df30f8e2e63472b33c openssl-devel-0.9.7a-43.11.i386.rpm
56b168515a7de33a58e8010319cf9632 openssl-perl-0.9.7a-43.11.i386.rpm
9602f5a7a448051483fae33fdc37588e openssl096b-0.9.6b-22.43.i386.rpm
090d964626678038573111011bfefb4a openssl096b-debuginfo-0.9.6b-22.43.i386.rpm

ia64:
68435a368c5e4a16bea0e9490071e4e6 openssl-0.9.7a-43.11.i686.rpm
56eed948b83ed31a4f1de958e2955a61 openssl-0.9.7a-43.11.ia64.rpm
eea0ce533d4e519d0d35598ab905e0bd openssl-debuginfo-0.9.7a-43.11.i686.rpm
28b4a02dc1986a73dcb5706ff0196b17 openssl-debuginfo-0.9.7a-43.11.ia64.rpm
5248cae306e916fcf5abbfdd1d7298dc openssl-devel-0.9.7a-43.11.ia64.rpm
2531e237bc267743e361138e88db7a04 openssl-perl-0.9.7a-43.11.ia64.rpm
9602f5a7a448051483fae33fdc37588e openssl096b-0.9.6b-22.43.i386.rpm
79be24a710203ffc87cab0bc3e231d63 openssl096b-0.9.6b-22.43.ia64.rpm
090d964626678038573111011bfefb4a openssl096b-debuginfo-0.9.6b-22.43.i386.rpm
f787693cd6bd019ee5b9d51cde546472 openssl096b-debuginfo-0.9.6b-22.43.ia64.rpm

ppc:
cac5437c4d7060416c3a32fa5e31c26c openssl-0.9.7a-43.11.ppc.rpm
2b2cd841eff757488d5044a236ce887b openssl-0.9.7a-43.11.ppc64.rpm
3787e18ae85ccadcbc642deb3f164053 openssl-debuginfo-0.9.7a-43.11.ppc.rpm
e5e1dff01b89af7b5e55092051612078 openssl-debuginfo-0.9.7a-43.11.ppc64.rpm
ec77cf71b67e8659771f7c5f46170865 openssl-devel-0.9.7a-43.11.ppc.rpm
044e340c377e4c1802ba6605d6aefe30 openssl-perl-0.9.7a-43.11.ppc.rpm
efb205dcb0b4bc899c61dd50b259c16d openssl096b-0.9.6b-22.43.ppc.rpm
ade6e9a331c6985e2dc453bce4246e5a openssl096b-debuginfo-0.9.6b-22.43.ppc.rpm

s390:
2a4e830e5436218f61e717796e83f578 openssl-0.9.7a-43.11.s390.rpm
c46352344951616cf744d93d23f5c6e9 openssl-debuginfo-0.9.7a-43.11.s390.rpm
d9df0e940141b967f35d8a2d4208118c openssl-devel-0.9.7a-43.11.s390.rpm
ddf3a3c5db63df101812044a04f9fab6 openssl-perl-0.9.7a-43.11.s390.rpm
9988eb45264b6d783850af7397856ae1 openssl096b-0.9.6b-22.43.s390.rpm
10afecd873114dc711b66b5748c258b3 openssl096b-debuginfo-0.9.6b-22.43.s390.rpm

s390x:
2a4e830e5436218f61e717796e83f578 openssl-0.9.7a-43.11.s390.rpm
7b650ece5f5ff839af962b9d4a0f0c88 openssl-0.9.7a-43.11.s390x.rpm
c46352344951616cf744d93d23f5c6e9 openssl-debuginfo-0.9.7a-43.11.s390.rpm
450f8d757a8688ba09af7fcb796e1d47 openssl-debuginfo-0.9.7a-43.11.s390x.rpm
7018d29c78b8c372175809caca7716c5 openssl-devel-0.9.7a-43.11.s390x.rpm
2579a0b769724ae488ea42c19fcbc9de openssl-perl-0.9.7a-43.11.s390x.rpm
9988eb45264b6d783850af7397856ae1 openssl096b-0.9.6b-22.43.s390.rpm
10afecd873114dc711b66b5748c258b3 openssl096b-debuginfo-0.9.6b-22.43.s390.rpm

x86_64:
68435a368c5e4a16bea0e9490071e4e6 openssl-0.9.7a-43.11.i686.rpm
555fc3ef8e135ab8f637e50975536cc2 openssl-0.9.7a-43.11.x86_64.rpm
eea0ce533d4e519d0d35598ab905e0bd openssl-debuginfo-0.9.7a-43.11.i686.rpm
5857957b14b46469d97224108f7c0a93 openssl-debuginfo-0.9.7a-43.11.x86_64.rpm
9fc39618899eead5b14d7ae433b84e2f openssl-devel-0.9.7a-43.11.x86_64.rpm
bc291c59edffb66c6dd4a7db50929c8f openssl-perl-0.9.7a-43.11.x86_64.rpm
9602f5a7a448051483fae33fdc37588e openssl096b-0.9.6b-22.43.i386.rpm
368e81fde3b0d7d99eedb0576e24d579 openssl096b-0.9.6b-22.43.x86_64.rpm
090d964626678038573111011bfefb4a openssl096b-debuginfo-0.9.6b-22.43.i386.rpm
8480f9954d290d8ac363de7a520e5b83 openssl096b-debuginfo-0.9.6b-22.43.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openssl-0.9.7a-43.11.src.rpm
513f9d07d6d6bc0ba7c6207937e54623 openssl-0.9.7a-43.11.src.rpm
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openssl096b-0.9.6b-22.43.src.rpm
5cb693bd507574dfd15ce06cedd87ddf openssl096b-0.9.6b-22.43.src.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openssl-0.9.7a-43.11.src.rpm
513f9d07d6d6bc0ba7c6207937e54623 openssl-0.9.7a-43.11.src.rpm
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openssl096b-0.9.6b-22.43.src.rpm
5cb693bd507574dfd15ce06cedd87ddf openssl096b-0.9.6b-22.43.src.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openssl-0.9.7a-43.11.src.rpm
513f9d07d6d6bc0ba7c6207937e54623 openssl-0.9.7a-43.11.src.rpm
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openssl096b-0.9.6b-22.43.src.rpm
5cb693bd507574dfd15ce06cedd87ddf openssl096b-0.9.6b-22.43.src.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
http://www.openssl.org/news/secadv_20060905.txt
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

rPath Linux

rPath Security Advisory: 2006-0165-1
Published: 2006-09-08
Products: rPath Linux 1
Rating: Major
Exposure Level Classification: Remote Deterministic Weakness
Updated Versions: mailman=/conary.rpath.com@rpl:devel//1/2.1.6-14.2-1

References:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2941
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3636
https://issues.rpath.com/browse/RPL-623

Description:

Previous versions of the mailman package are vulnerable to a cross-site-scripting (XSS) attack (CVE-2006-2941) that can allow one mailman user to subvert other mailman users' web browsers. (Those versions are not vulnerable to CVE-2006-3636, a remote Denial of Service attack.)

The upstream mailman project has the relevant security fixes only in a new 2.1.9rc1 release that is officially deprecated for production use. After the upstream project releases 2.1.9 for production use, rPath will update this advisory and release the new upstream production version.

rPath Security Advisory: 2006-0166-1
Published: 2006-09-08
Products: rPath Linux 1
Rating: Major
Exposure Level Classification: Remote Deterministic Denial of Service Updated Versions: bind=/conary.rpath.com@rpl:devel//1/9.3.2_P1-0.1-1
bind-utils=/conary.rpath.com@rpl:devel//1/9.3.2_P1-0.1-1

References:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4095
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4096 https://issues.rpath.com/browse/RPL-626

Description:

Previous versions of the bind package are vulnerable to to multiple remote denial of service attacks.

Ubuntu

Ubuntu Security Notice USN-343-1 September 07, 2006
bind9 vulnerabilities
CVE-2006-4095, CVE-2006-4096

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.04:
bind9 1:9.2.4-1ubuntu1.1

Ubuntu 5.10:
bind9 1:9.3.1-2ubuntu1.1

Ubuntu 6.06 LTS:
bind9 1:9.3.2-2ubuntu1.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

bind did not sufficiently verify particular requests and responses from other name servers and users. By sending a specially crafted packet, a remote attacker could exploit this to crash the name server.

Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.2.4-1ubuntu1.1.diff.gz
      Size/MD5: 91339 974f57903aa0403bc7973699848820de http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.2.4-1ubuntu1.1.dsc
      Size/MD5: 746 196a4a6177368697c5bae6cd688ec40a http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.2.4.orig.tar.gz
      Size/MD5: 4564219 2ccbddbab59aedd6b8711b628b5472bd

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-doc_9.2.4-1ubuntu1.1_all.deb
Size/MD5: 157054 9de9c53dd907c72093eb3cac4cb58e57

amd64 architecture (Athlon64, Opteron, EM64T Xeon)