Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Advisories, November 26, 2006

Nov 27, 2006, 05:30 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 1220-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
November 26th, 2006 http://www.debian.org/security/faq


Package : pstotext
Vulnerability : insecure file name quoting
Problem-Type : local(remote)
Debian-specific: no
CVE ID : CVE-2006-5869
Debian Bug : 356988

Brian May discovered that pstotext, a utility to extract plain text from Postscript and PDF files, performs insufficient quoting of file names, which allows execution of arbitrary shell commands.

For the stable distribution (sarge) this problem has been fixed in version 1.9-1sarge2. The build for the mipsel architecture is not yet available due to technical problems with the build host.

For the upcoming stable distribution (etch) this problem has been fixed in version 1.9-4.

For the unstable distribution (sid) this problem has been fixed in version 1.9-4.

We recommend that you upgrade your pstotext package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2.dsc
      Size/MD5 checksum: 566 56e79abcf02e841e78267bda1faff734
    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2.diff.gz
      Size/MD5 checksum: 8857 4efb7277f17fca5ebd20573d93b11a83
    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9.orig.tar.gz
      Size/MD5 checksum: 37461 64576e8a10ff5514e285d98b3898ae78

Alpha architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_alpha.deb
      Size/MD5 checksum: 34218 57b121ba1a0f5d53412ab5587c611d68

AMD64 architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_amd64.deb
      Size/MD5 checksum: 33872 cc72441f0565d8225ae1e97a7df34a82

ARM architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_arm.deb
      Size/MD5 checksum: 32532 9a3cf4674a2632ac1742551cb27cbe39

HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_hppa.deb
      Size/MD5 checksum: 34492 f8a9db92d0ad4d81d58fcc6e763faf47

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_i386.deb
      Size/MD5 checksum: 32864 13c32d5164243e60e2ef00878c973c2f

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_ia64.deb
      Size/MD5 checksum: 38038 dcfae670ad3dd9911d5085bcc177a8eb

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_m68k.deb
      Size/MD5 checksum: 31552 9dcd158543df00f1a13012647ec842bb

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_mips.deb
      Size/MD5 checksum: 34404 32922b44fef79abce8ca78587eb55453

PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_powerpc.deb
      Size/MD5 checksum: 33636 75f0beb7494479f926c19a1f7e2b8297

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_s390.deb
      Size/MD5 checksum: 33218 096e0022136b767152d2da4a1563edc5

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_sparc.deb
      Size/MD5 checksum: 33246 5e47a79b9092cae3878294f49bf211c2

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200611-17

http://security.gentoo.org/


Severity: Normal
Title: fvwm: fvwm-menu-directory fvwm command injection
Date: November 23, 2006
Bugs: #155078
ID: 200611-17


Synopsis

A flaw in fvwm-menu-directory may permit a local attacker to execute arbitrary commands with the privileges of another user.

Background

fvwm is a highly configurable virtual window manager for X11 desktops. fvwm-menu-directory allows fvwm users to browse directories from within fvwm.

Affected packages


     Package      /   Vulnerable   /                        Unaffected

  1  x11-wm/fvwm      < 2.5.18-r1                         >= 2.5.18-r1

Description

Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that fvwm-menu-directory does not sufficiently sanitise directory names prior to generating menus.

Impact

A local attacker who can convince an fvwm-menu-directory user to browse a directory they control could cause fvwm commands to be executed with the privileges of the fvwm user. Fvwm commands can be used to execute arbitrary shell commands.

Workaround

There is no known workaround at this time.

Resolution

All fvwm users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=x11-wm/fvwm-2.5.18-r1"

References

[ 1 ] CVE-2006-5969

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5969

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200611-17.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200611-18

http://security.gentoo.org/


Severity: Normal
Title: TIN: Multiple buffer overflows
Date: November 24, 2006
Bugs: #150229
ID: 200611-18


Synopsis

Multiple buffer overflows have been reported in TIN, possibly leading to the execution of arbitrary code.

Background

TIN is a threaded NNTP and spool based UseNet newsreader for a variety of platforms.

Affected packages


     Package       /  Vulnerable  /                         Unaffected

  1  net-nntp/tin       < 1.8.2                               >= 1.8.2

Description

Urs Janssen and Aleksey Salow have reported multiple buffer overflows in TIN. Additionally, the OpenPKG project has reported an allocation off-by-one flaw which can lead to a buffer overflow.

Impact

An attacker could entice a TIN user to read a specially crafted news article, and execute arbitrary code with the rights of the user running TIN.

Workaround

There is no known workaround at this time.

Resolution

All TIN users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-nntp/tin-1.8.2"

References

[ 1 ] OpenPKG Advisory

http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.005-tin.html

[ 2 ] CVE-2006-0804

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0804

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200611-18.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200611-19

http://security.gentoo.org/


Severity: Normal
Title: ImageMagick: PALM and DCM buffer overflows
Date: November 24, 2006
Bugs: #152672
ID: 200611-19


Synopsis

ImageMagick improperly handles PALM and DCM images, potentially resulting in the execution of arbitrary code.

Background

ImageMagick is a software suite to create, edit, and compose bitmap images, that can also read, write, and convert images in many other formats.

Affected packages


     Package                /  Vulnerable  /                Unaffected

  1  media-gfx/imagemagick      < 6.3.0.5                   >= 6.3.0.5

Description

M. Joonas Pihlaja has reported that a boundary error exists within the ReadDCMImage() function of coders/dcm.c, causing the improper handling of DCM images. Pihlaja also reported that there are several boundary errors in the ReadPALMImage() function of coders/palm.c, similarly causing the improper handling of PALM images.

Impact

An attacker could entice a user to open a specially crafted DCM or PALM image with ImageMagick, and possibly execute arbitrary code with the privileges of the user running ImageMagick.

Workaround

There is no known workaround at this time.

Resolution

All ImageMagick users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.3.0.5"

References

[ 1 ] CVE-2006-5456

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200611-19.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200611-20

http://security.gentoo.org/


Severity: Normal
Title: GNU gv: Stack overflow
Date: November 24, 2006
Bugs: #154573
ID: 200611-20


Synopsis

GNU gv improperly handles user-supplied data possibly allowing for the execution of arbitrary code.

Background

GNU gv is a viewer for PostScript and PDF documents.

Affected packages


     Package      /  Vulnerable  /                          Unaffected

  1  app-text/gv     < 3.6.2-r1                            >= 3.6.2-r1

Description

GNU gv does not properly boundary check user-supplied data before copying it into process buffers.

Impact

An attacker could entice a user to open a specially crafted document with GNU gv and execute arbitrary code with the rights of the user on the system.

Workaround

There is no known workaround at this time.

Resolution

All gv users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/gv-3.6.2-r1"

References

[ 1 ] CVE-2006-5864

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5864

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200611-20.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Mandriva Linux


Mandriva Linux Security Advisory MDKSA-2006:208-1
http://www.mandriva.com/security/


Package : openldap
Date : November 21, 2006
Affected: Corporate 4.0


Problem Description:

An unspecified vulnerability in OpenLDAP allows remote attackers to cause a denial of service (daemon crash) via a certain combination of SASL Bind requests that triggers an assertion failure in libldap.

Packages have been patched to correct this issue.

Update:

Packages for Corp4 were built from the wrong src.rpm, breaking Heimdal Kerboros and possibly other support. Updated packages are being provided to correct this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5779


Updated Packages:

Corporate 4.0:
272efe4fb9ea4dfd82bdf9dc396544f2 corporate/4.0/i586/libldap2.3_0-2.3.27-1.2.20060mlcs4.i586.rpm
c938570eaa2f35720e51c10f0229f046 corporate/4.0/i586/libldap2.3_0-devel-2.3.27-1.2.20060mlcs4.i586.rpm
725ae4b4369e685db80a05a98d25ce34 corporate/4.0/i586/libldap2.3_0-static-devel-2.3.27-1.2.20060mlcs4.i586.rpm
8f3ae006488a7f239c544e99cc32ff54 corporate/4.0/i586/openldap-2.3.27-1.2.20060mlcs4.i586.rpm
aff2fcffa4e1fdf341954531273a24b5 corporate/4.0/i586/openldap-clients-2.3.27-1.2.20060mlcs4.i586.rpm
30025ae0794372d1cf0b8f690d2437c0 corporate/4.0/i586/openldap-doc-2.3.27-1.2.20060mlcs4.i586.rpm
2caf9b165be747d47379de69cabb6c85 corporate/4.0/i586/openldap-servers-2.3.27-1.2.20060mlcs4.i586.rpm
a743b7e2980cc647a03c0b164d919056 corporate/4.0/SRPMS/openldap-2.3.27-1.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
e0e14d15ac3d5e3289741b7d9cdaf49b corporate/4.0/x86_64/lib64ldap2.3_0-2.3.27-1.2.20060mlcs4.x86_64.rpm
cf663a417761ba7164459eaedfd9e70e corporate/4.0/x86_64/lib64ldap2.3_0-devel-2.3.27-1.2.20060mlcs4.x86_64.rpm
ed535216119821e63473f6f0f349ba1a corporate/4.0/x86_64/lib64ldap2.3_0-static-devel-2.3.27-1.2.20060mlcs4.x86_64.rpm
153411b3f4f39e77dd7e5c37de79217b corporate/4.0/x86_64/openldap-2.3.27-1.2.20060mlcs4.x86_64.rpm
de2dbf35e5dd78ddcd4f9c38e3c2093a corporate/4.0/x86_64/openldap-clients-2.3.27-1.2.20060mlcs4.x86_64.rpm
344c24cb39357180d333da9615862c16 corporate/4.0/x86_64/openldap-doc-2.3.27-1.2.20060mlcs4.x86_64.rpm
eb89fcde11209131b7eb0031aaabc5c2 corporate/4.0/x86_64/openldap-servers-2.3.27-1.2.20060mlcs4.x86_64.rpm
a743b7e2980cc647a03c0b164d919056 corporate/4.0/SRPMS/openldap-2.3.27-1.2.20060mlcs4.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Advisory MDKSA-2006:218
http://www.mandriva.com/security/


Package : apache-mod_auth_kerb
Date : November 23, 2006
Affected: Corporate 4.0


Problem Description:

An off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array.

Packages have been patched to correct this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5989


Updated Packages:

Corporate 4.0:
8ce7379b083881bad524a8f2c0f14e26 corporate/4.0/i586/apache-mod_auth_kerb-5.0-2.1.20060mlcs4.i586.rpm
7b3c02468f28a21609fa86c53af50951 corporate/4.0/SRPMS/apache-mod_auth_kerb-5.0-2.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
0200c4ac02a6217d22edc05c74db3378 corporate/4.0/x86_64/apache-mod_auth_kerb-5.0-2.1.20060mlcs4.x86_64.rpm
7b3c02468f28a21609fa86c53af50951 corporate/4.0/SRPMS/apache-mod_auth_kerb-5.0-2.1.20060mlcs4.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Ubuntu


Ubuntu Security Notice USN-381-1 November 16, 2006
firefox vulnerabilities
CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.10:

firefox 1.5.dfsg+1.5.0.8-0ubuntu0.5.10
firefox-dev 1.5.dfsg+1.5.0.8-0ubuntu0.5.10

Ubuntu 6.06 LTS:

firefox 1.5.dfsg+1.5.0.8-0ubuntu0.6.06
firefox-dev 1.5.dfsg+1.5.0.8-0ubuntu0.6.06
libnspr-dev 1.5.dfsg+1.5.0.8-0ubuntu0.6.06
libnspr4 1.5.dfsg+1.5.0.8-0ubuntu0.6.06
libnss-dev 1.5.dfsg+1.5.0.8-0ubuntu0.6.06
libnss3 1.5.dfsg+1.5.0.8-0ubuntu0.6.06

After a standard system upgrade you need to restart Firefox to effect the necessary changes.

Details follow:

USN-351-1 fixed a flaw in the verification of PKCS certificate signatures. Ulrich Kuehn discovered a variant of the original attack which the original fix did not cover. (CVE-2006-5462)

Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript. (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.5.10.diff.gz
      Size/MD5: 177335 10b377fae580ae8f70363ffd70e47269
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.5.10.dsc
      Size/MD5: 1056 5db441b8802f27c49571095404b73bb7
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8.orig.tar.gz
      Size/MD5: 44080423 9716c747d634997ec34dbf5f2e9ed80f

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_all.deb
      Size/MD5: 49586 9c0480fccb28d05f504b4b07811bccc1
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_all.deb
      Size/MD5: 50476 ad8be2b891ceb1884c64b04057201418

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_amd64.deb
      Size/MD5: 82786 7c57efcd467f65b5fddb99045f368cde
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_amd64.deb
      Size/MD5: 10228966 98741e95215a819e389680e91f18e72e
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_amd64.deb
      Size/MD5: 3152342 e0ab77c6e143bb59b43fd92d34b68900
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_amd64.deb
      Size/MD5: 216484 8c13b0af86b6f83f5ee92e6367a887d7

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_i386.deb
      Size/MD5: 210022 38257be6e6a43928bb10802118a264af
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_i386.deb
      Size/MD5: 75156 0d8a65e5fa64cb0e4230e85e975a05d7
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_i386.deb
      Size/MD5: 3152316 f4b306a5bf76d7788c581ae969a754d0
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_i386.deb
      Size/MD5: 8651302 6f375546f6d948932f4a1652b3569e70

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_powerpc.deb
      Size/MD5: 3152444 7293cd7542ea90e41823b76b822a6e8b
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_powerpc.deb
      Size/MD5: 213430 b274f35517ffb38ce880679d79764a52
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_powerpc.deb
      Size/MD5: 78406 41578a0497fce59bee796ff4fcdaab3c
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_powerpc.deb
      Size/MD5: 9831168 0aabf7e840fef774adc05edef039caad

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_sparc.deb
      Size/MD5: 76784 d69cac5024601a5ea20074e9964e288e
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_sparc.deb
      Size/MD5: 9166628 27f5d52e3c828c8b1604b0982dda7cc3
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_sparc.deb
      Size/MD5: 210978 4a5ffba99714c584ca8e349b988c4400
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.5.10_sparc.deb
      Size/MD5: 3152400 65ee6a126404960525e73d7c32d587d7

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.6.06.diff.gz
      Size/MD5: 175871 52f1c28309ee6c7ef8c2f1d43d963cf8
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.6.06.dsc
      Size/MD5: 1113 cd1281da2de45441a5a3e6034a38ab13
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8.orig.tar.gz
      Size/MD5: 44080423 9716c747d634997ec34dbf5f2e9ed80f

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_all.deb
      Size/MD5: 49602 ab797aec8733b6c3e2280cdb09b64d1a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_all.deb
      Size/MD5: 50490 1b3e5005f5e3fa797b3682b200cc50d4

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb
      Size/MD5: 47328882 934c4351e36288e88e1168c041542f5a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb
      Size/MD5: 2798910 7ee44fb3180623ce8a3a1f9efeb0d419
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb
      Size/MD5: 216552 92a1743a061e332e080a626dbd399570
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb
      Size/MD5: 82776 7d4b77da6a355c5e9f0113aaba778b03
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb
      Size/MD5: 9420500 dc95e234fc1c321b64073816aa347550
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb
      Size/MD5: 219228 e12302edf6ea04accaf83a8879dff274
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb
      Size/MD5: 162300 35187fec0d3be43ef0aa9bd83dfabd6b
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb
      Size/MD5: 236150 c98d56050fe2e27e3915acf2662aa8d4
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_amd64.deb
      Size/MD5: 757954 8ee38f642969b44e7d342d89e0c91dfd

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb
      Size/MD5: 43902878 41afd17ae29b433ff26e51ef80e04599
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb
      Size/MD5: 2798856 219ca82f455cad14a0021c0f66d6e8c0
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb
      Size/MD5: 209962 02b36bc31e994256b74dd3d84dba7254
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb
      Size/MD5: 75136 388a11c39a72e0a9a1969a5a1c0a48f8
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb
      Size/MD5: 7932082 d6b266569d4bf056aa04a760459b8fc8
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb
      Size/MD5: 219220 38b33e647137f579876b9047657fe390
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb
      Size/MD5: 146980 57afd15fd3b17f8d5bf53b72592889e4
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb
      Size/MD5: 236146 3936122367330caea7cf573973bdb0a2
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_i386.deb
      Size/MD5: 670102 67a930f2102173f1c84dd0ddf751b388

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb
      Size/MD5: 48721788 ad5ed6cebb6c5c97521e8416cbb6ba06
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb
      Size/MD5: 2798932 aa5d623d34acb2bea9e7a1dc21e891dc
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb
      Size/MD5: 213390 0323fadebfa079e9724e1cf3e930b977
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb
      Size/MD5: 78300 fda19c102717648e93f332314c0d8020
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb
      Size/MD5: 9031548 360d013efe74f061ba266d4ae7ff9177
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb
      Size/MD5: 219224 7385d32cb21f0b83933822c4495a6783
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb
      Size/MD5: 159522 ee71fefedbaade594b3b0064524db684
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb
      Size/MD5: 236156 8ea5d14656d349724f5b254e035dfc2f
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_powerpc.deb
      Size/MD5: 768836 19b4c155f8c00ccff6656590d4ffc3be

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb
      Size/MD5: 45291164 417432698e5e51ae96d59ac90cc8390a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb
      Size/MD5: 2798918 6d3cfdc63c80688263b567e06e876d74
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb
      Size/MD5: 210898 d8884f2ae360e55fdcad1b1ef8b3e338
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb
      Size/MD5: 76754 68db0c6ff37422083ed5f0a46103a723
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb
      Size/MD5: 8425346 ea28be8619f1411eaff2f7fba07a47f5
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb
      Size/MD5: 219232 a81a2dedef311f71a8c3ae1b96d7b9d1
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb
      Size/MD5: 149470 08152c38d3129bc6bf3164d6f48727cc
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb
      Size/MD5: 236140 3b742ce49bbb397b1de45a8371672828
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.8-0ubuntu0.6.06_sparc.deb
      Size/MD5: 682188 d4155e8163fed88108c17a31d0320e69