Applications Management Engineer Sr (NYC) Next Step Systems US-NY-New York Post A Job | Post A Resume

Debian GNU/Linux

Debian Security Advisory DSA 1229-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
December 6th, 2006 http://www.debian.org/security/faq

Package : asterisk
Vulnerability : integer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-5444
CERT advisory : VU#521252
BugTraq ID : 20617

Adam Boileau discovered an integer overflow in the Skinny channel driver in Asterisk, an Open Source Private Branch Exchange or telephone system, as used by Cisco SCCP phones, which allows remote attackers to execute arbitrary code.

For the stable distribution (sarge) this problem has been fixed in version 1.0.7.dfsg.1-2sarge4.

For the unstable distribution (sid) this problem has been fixed in version 1.2.13~dfsg-1.

We recommend that you upgrade your asterisk packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4.dsc
      Size/MD5 checksum: 1259 2441c1ccc8467ecefc45b58711b9602f
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4.diff.gz
      Size/MD5 checksum: 70588 17c8aaae715230d9ea8d0485eb7cfe95
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1.orig.tar.gz
      Size/MD5 checksum: 2929488 0d0f718ccd7a06ab998c3f637df294c0

Architecture independent components:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-config_1.0.7.dfsg.1-2sarge4_all.deb
      Size/MD5 checksum: 61616 84dd16720f492033c5c034b69f033f7f
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dev_1.0.7.dfsg.1-2sarge4_all.deb
      Size/MD5 checksum: 83382 0fda6ac9d47e7d5bcd9786c7ab17ebd5
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-doc_1.0.7.dfsg.1-2sarge4_all.deb
      Size/MD5 checksum: 1577766 a5ddadc5ba22723d32a74a2bc4fb9dfc
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-sounds-main_1.0.7.dfsg.1-2sarge4_all.deb
      Size/MD5 checksum: 1180298 bf9fae8e20a5e299d1c24e5fce59ee96
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-web-vmail_1.0.7.dfsg.1-2sarge4_all.deb
      Size/MD5 checksum: 28378 eb425bfc6db224dd17346c0a03f06853

Alpha architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_alpha.deb
      Size/MD5 checksum: 1477714 2835395f4796f717330ec4bc6decca4e
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_alpha.deb
      Size/MD5 checksum: 31406 03e9021f5867a19500fadd3e27563e47
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_alpha.deb
      Size/MD5 checksum: 21444 06a45fc8f1407adfdcaf1453e1cd0874

AMD64 architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_amd64.deb
      Size/MD5 checksum: 1333338 73a991fc324d71d53a375dd81b9eb8e2
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_amd64.deb
      Size/MD5 checksum: 30832 21bde76d77e7948ec115c0752e025353
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_amd64.deb
      Size/MD5 checksum: 21444 c426ea519c9a806039aec64fc58083fc

ARM architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_arm.deb
      Size/MD5 checksum: 1262870 4e73f23ddaadabb52c1f06b37e1c520e
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_arm.deb
      Size/MD5 checksum: 29544 7d7f780f79006309910f2f6a66e06818
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_arm.deb
      Size/MD5 checksum: 21444 e50e31d85cc4835fc0023b02d4a19b39

HP Precision architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_hppa.deb
      Size/MD5 checksum: 1448202 32dd05dd323f87a5e2af536e49985faa
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_hppa.deb
      Size/MD5 checksum: 31476 46142d857caf78277934f9e89711b41a
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_hppa.deb
      Size/MD5 checksum: 21450 56f2cebadeabe4f099cf9399f55a589f

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_i386.deb
      Size/MD5 checksum: 1171606 2810bc5ffb85764e07e7ec706dc4f928
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_i386.deb
      Size/MD5 checksum: 29836 0daf81e64c836885f14b2dbf0f54343b
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_i386.deb
      Size/MD5 checksum: 21442 b0a56bf68687633b5965fd5bc48ada95

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_ia64.deb
      Size/MD5 checksum: 1771294 ed00a12ab45bd6f81da7214fc4f0b99d
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_ia64.deb
      Size/MD5 checksum: 32960 4f4e2c882189638bfee0f4e25868ab2b
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_ia64.deb
      Size/MD5 checksum: 21442 1b642cf09597da3404c55d42b6ff0ae7

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_m68k.deb
      Size/MD5 checksum: 1184854 de5fd7c0533e64861c7446c651777fd3
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_m68k.deb
      Size/MD5 checksum: 30224 0967fd0088ec26799999c267a258bb81
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_m68k.deb
      Size/MD5 checksum: 21462 5d19189f30b74bd2112d09a340946cf9

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_mips.deb
      Size/MD5 checksum: 1264012 fabd550d77fe25c7e717f29bb3bf1355
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_mips.deb
      Size/MD5 checksum: 29430 efd332bdb454dc03e3e2dc63bdd65ce8
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_mips.deb
      Size/MD5 checksum: 21448 ff71d10748a00ef5f1c3d4b8632d929f

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_mipsel.deb
      Size/MD5 checksum: 1270346 07d3e2bc2677a460f27187264fafe80e
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_mipsel.deb
      Size/MD5 checksum: 29366 49499b7916c27d1ede70eddc64505be0
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_mipsel.deb
      Size/MD5 checksum: 21450 530e7eb9d1a395faa2fd19dffaf2db6e

PowerPC architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_powerpc.deb
      Size/MD5 checksum: 1425172 dae96f2c81168d452cd05b70316632db
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_powerpc.deb
      Size/MD5 checksum: 31166 86982177ea3ab8dd23daa989e976c316
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_powerpc.deb
      Size/MD5 checksum: 21444 fafe504d906ab206c8c66c558ca866c5

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_s390.deb
      Size/MD5 checksum: 1312516 8b8425df65ae5d632b0f8f1da6fb4c38
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_s390.deb
      Size/MD5 checksum: 30846 1ab2adb0c24b96a0c8a43480cd0a5f68
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_s390.deb
      Size/MD5 checksum: 21442 0e283bcb7f6c4992e99ae7f823c557f3

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_sparc.deb
      Size/MD5 checksum: 1274282 aa531e9c0c268dfabf222092b5b61e51
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_sparc.deb
      Size/MD5 checksum: 29812 3a64e2bccfc0479263d2aa8d00b2cb68
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_sparc.deb
      Size/MD5 checksum: 21450 c9f916ccce73e0c25360affd739543e5

These files will probably be moved into the stable distribution on its next update.

Gentoo Linux

http://security.gentoo.org/

Severity: Normal
Title: wv library: Multiple integer overflows
Date: December 07, 2006
Bugs: #153800
ID: 200612-01

Synopsis

The wv library is vulnerable to multiple integer overflows which could lead to the execution of arbitrary code.

Background

wv is a library for conversion of MS Word DOC and RTF files.

Affected packages

     Package      /  Vulnerable  /                          Unaffected

  1  app-text/wv     < 1.2.3-r1                            >= 1.2.3-r1

Description

The wv library fails to do proper arithmetic checks in multiple places, possibly leading to integer overflows.

Impact

An attacker could craft a malicious file that, when handled with the wv library, could lead to the execution of arbitrary code with the permissions of the user running the application.

Workaround

There is no known workaround at this time.

Resolution

All wv library users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/wv-1.2.3-r1"

References

[ 1 ] CVE-2006-4513

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4513

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200612-01.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2006:224
http://www.mandriva.com/security/

Package : xine-lib
Date : December 5, 2006
Affected: 2007.0, Corporate 3.0

Problem Description:

Buffer overflow in the asmrp_eval function for the Real Media input plugin allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches.

Updated packages have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6172

Updated Packages:

Mandriva Linux 2007.0:
b0aa36d10d1ee53184b345c4a48b6fcb 2007.0/i586/libxine1-1.1.2-3.2mdv2007.0.i586.rpm
0c67ca2d47ea5594d2978573205c158f 2007.0/i586/libxine1-devel-1.1.2-3.2mdv2007.0.i586.rpm
ee79849493b4b40f207e0e135dc9f4ca 2007.0/i586/xine-aa-1.1.2-3.2mdv2007.0.i586.rpm
f0d942949cf3938287e3f4ec44275807 2007.0/i586/xine-arts-1.1.2-3.2mdv2007.0.i586.rpm
db80c09dc6050a920aeae2e410ab4471 2007.0/i586/xine-dxr3-1.1.2-3.2mdv2007.0.i586.rpm
79f07b0afcbf4682752919829bde6fcf 2007.0/i586/xine-esd-1.1.2-3.2mdv2007.0.i586.rpm
51688356ab263c95b051712ed0f70def 2007.0/i586/xine-flac-1.1.2-3.2mdv2007.0.i586.rpm
74cd9a178d86754b337e4b1217874863 2007.0/i586/xine-gnomevfs-1.1.2-3.2mdv2007.0.i586.rpm
3f331ce5c5463512038ad69a785c9dbe 2007.0/i586/xine-image-1.1.2-3.2mdv2007.0.i586.rpm
f147438cd7f07aaf70e1178bd2343133 2007.0/i586/xine-plugins-1.1.2-3.2mdv2007.0.i586.rpm
7cb84dbcf336d715b04812fbedb349cf 2007.0/i586/xine-sdl-1.1.2-3.2mdv2007.0.i586.rpm
860fe1ca635d076e9bfa1819e7b603cd 2007.0/i586/xine-smb-1.1.2-3.2mdv2007.0.i586.rpm
c7a995ee090abd62b6a580b53e3c3364 2007.0/SRPMS/xine-lib-1.1.2-3.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
a1a3e704ff2f356784ad084f95d41f74 2007.0/x86_64/lib64xine1-1.1.2-3.2mdv2007.0.x86_64.rpm
ee81c8526e7baf295f214338fa3d45cd 2007.0/x86_64/lib64xine1-devel-1.1.2-3.2mdv2007.0.x86_64.rpm
bdb0a918df1d9239016741bde0027f3a 2007.0/x86_64/xine-aa-1.1.2-3.2mdv2007.0.x86_64.rpm
6cc4cc4b46b3dbeb22364ecc15d9c7d6 2007.0/x86_64/xine-arts-1.1.2-3.2mdv2007.0.x86_64.rpm
4d9ce5c5ef2814e2c18dcc60e6270322 2007.0/x86_64/xine-dxr3-1.1.2-3.2mdv2007.0.x86_64.rpm
38fe8e37988df8307028778421029349 2007.0/x86_64/xine-esd-1.1.2-3.2mdv2007.0.x86_64.rpm
53ccedaeef04ff9b15bcf3d63cdb8663 2007.0/x86_64/xine-flac-1.1.2-3.2mdv2007.0.x86_64.rpm
b090fb7ac33b25d310dc8cfc4758062b 2007.0/x86_64/xine-gnomevfs-1.1.2-3.2mdv2007.0.x86_64.rpm
51d280def3f6c87276e9b4892c807d38 2007.0/x86_64/xine-image-1.1.2-3.2mdv2007.0.x86_64.rpm
fdbfa62329ac6fadba0277db33b71cff 2007.0/x86_64/xine-plugins-1.1.2-3.2mdv2007.0.x86_64.rpm
af8dda72b12c9a36d7a51d3d5916bb38 2007.0/x86_64/xine-sdl-1.1.2-3.2mdv2007.0.x86_64.rpm
dea73578f285ebe1b1aac769cc0a549a 2007.0/x86_64/xine-smb-1.1.2-3.2mdv2007.0.x86_64.rpm
c7a995ee090abd62b6a580b53e3c3364 2007.0/SRPMS/xine-lib-1.1.2-3.2mdv2007.0.src.rpm

Corporate 3.0:
e27a1f3f0a92a65ea9673d0aa7bd9660 corporate/3.0/i586/libxine1-1-0.rc3.6.14.C30mdk.i586.rpm
cef9a906baabe8c8e18bbe45762268fd corporate/3.0/i586/libxine1-devel-1-0.rc3.6.14.C30mdk.i586.rpm
5260c623ea029663a3166c8e350b6306 corporate/3.0/i586/xine-aa-1-0.rc3.6.14.C30mdk.i586.rpm
aa8ed9640d1e42608f1cd531d4d00dd6 corporate/3.0/i586/xine-arts-1-0.rc3.6.14.C30mdk.i586.rpm
1d311b51dc2ea55a1590ef409bfd9d9f corporate/3.0/i586/xine-dxr3-1-0.rc3.6.14.C30mdk.i586.rpm
d8602b10e1b5b0ea29959c981bf5866e corporate/3.0/i586/xine-esd-1-0.rc3.6.14.C30mdk.i586.rpm
ba65fc2fa69c85b848f7fe5728381003 corporate/3.0/i586/xine-flac-1-0.rc3.6.14.C30mdk.i586.rpm
bbf13c446ebf132b6a474a9bf4a300cd corporate/3.0/i586/xine-gnomevfs-1-0.rc3.6.14.C30mdk.i586.rpm
18168e188258d645ba33103a743af3cb corporate/3.0/i586/xine-plugins-1-0.rc3.6.14.C30mdk.i586.rpm
11ff55c81b52559ff1b08bab917d63db corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.14.C30mdk.src.rpm

Corporate 3.0/X86_64:
fad4ae51ebdd06fe3b3f7848994bc7f0 corporate/3.0/x86_64/lib64xine1-1-0.rc3.6.14.C30mdk.x86_64.rpm
0aeb5bb0a613d0fa13788c7f2c64c871 corporate/3.0/x86_64/lib64xine1-devel-1-0.rc3.6.14.C30mdk.x86_64.rpm
755ab190b656fdbb9313189cce7f5a80 corporate/3.0/x86_64/xine-aa-1-0.rc3.6.14.C30mdk.x86_64.rpm
ecf0b4ee0c12d1506432c297080bbb67 corporate/3.0/x86_64/xine-arts-1-0.rc3.6.14.C30mdk.x86_64.rpm
8433359eaa5ec8987efe65e6ada96132 corporate/3.0/x86_64/xine-esd-1-0.rc3.6.14.C30mdk.x86_64.rpm
bbb1ac4807f1e8a7960d8704c79c6134 corporate/3.0/x86_64/xine-flac-1-0.rc3.6.14.C30mdk.x86_64.rpm
356f64f53ce7d552acc239cde30b60ea corporate/3.0/x86_64/xine-gnomevfs-1-0.rc3.6.14.C30mdk.x86_64.rpm
4661d21604ad2b6d2443e1ba357a9491 corporate/3.0/x86_64/xine-plugins-1-0.rc3.6.14.C30mdk.x86_64.rpm
11ff55c81b52559ff1b08bab917d63db corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.14.C30mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2006:225
http://www.mandriva.com/security/

Package : ruby
Date : December 6, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0

Problem Description:

Another vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS).

Updated packages have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6303

Updated Packages:

Mandriva Linux 2006.0:
cf4eb0abe6d54c41a9b7e94adbd894ab 2006.0/i586/ruby-1.8.2-7.5.20060mdk.i586.rpm
42a501b32ad7f9c1140d2665a8c35bdf 2006.0/i586/ruby-devel-1.8.2-7.5.20060mdk.i586.rpm
fadf1005a3cecb41da322d6472023562 2006.0/i586/ruby-doc-1.8.2-7.5.20060mdk.i586.rpm
6754c4c9f5047d032a15819820595fcb 2006.0/i586/ruby-tk-1.8.2-7.5.20060mdk.i586.rpm
fb133b0d4f1b5eb27e67f0eb39772564 2006.0/SRPMS/ruby-1.8.2-7.5.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
a68db589ace220742904a49587e65087 2006.0/x86_64/ruby-1.8.2-7.5.20060mdk.x86_64.rpm
7f14ec97214b7f501c7bcd8963ad2b0a 2006.0/x86_64/ruby-devel-1.8.2-7.5.20060mdk.x86_64.rpm
5b6604fd9628a2312ee2b7f3b4371f45 2006.0/x86_64/ruby-doc-1.8.2-7.5.20060mdk.x86_64.rpm
ba38430b90e8b454c7b2228073c4d3dd 2006.0/x86_64/ruby-tk-1.8.2-7.5.20060mdk.x86_64.rpm
fb133b0d4f1b5eb27e67f0eb39772564 2006.0/SRPMS/ruby-1.8.2-7.5.20060mdk.src.rpm

Mandriva Linux 2007.0:
b126d91632869a7a659f7044cbca180c 2007.0/i586/ruby-1.8.5-2.2mdv2007.0.i586.rpm
a1414e09dcb3d0c858e3fc5070608e47 2007.0/i586/ruby-devel-1.8.5-2.2mdv2007.0.i586.rpm
d6bf66762039af18a6c5f0a8b27d2bfa 2007.0/i586/ruby-doc-1.8.5-2.2mdv2007.0.i586.rpm
017468bee38279e7f42adad194866cff 2007.0/i586/ruby-tk-1.8.5-2.2mdv2007.0.i586.rpm
45e958263f67f96797318621052f1e3f 2007.0/SRPMS/ruby-1.8.5-2.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
2721a9103870075c0e64dd1a7c01b9a5 2007.0/x86_64/ruby-1.8.5-2.2mdv2007.0.x86_64.rpm
6b6bd12e97b4ddf070849603bea45623 2007.0/x86_64/ruby-devel-1.8.5-2.2mdv2007.0.x86_64.rpm
2e163941297e43e62d2f798a93efe960 2007.0/x86_64/ruby-doc-1.8.5-2.2mdv2007.0.x86_64.rpm
d953012dc537a4f6e8343138d8f32f31 2007.0/x86_64/ruby-tk-1.8.5-2.2mdv2007.0.x86_64.rpm
45e958263f67f96797318621052f1e3f 2007.0/SRPMS/ruby-1.8.5-2.2mdv2007.0.src.rpm

Corporate 3.0:
95abd86462f84450392cd41ab5946666 corporate/3.0/i586/ruby-1.8.1-1.8.C30mdk.i586.rpm
174fe6c12a1a6a7dbf03f755cf0a57cd corporate/3.0/i586/ruby-devel-1.8.1-1.8.C30mdk.i586.rpm
2d0e7d3f950e7040f6e6c19a921bdb78 corporate/3.0/i586/ruby-doc-1.8.1-1.8.C30mdk.i586.rpm
37fe39a689b25aa2caf193994a5dbf05 corporate/3.0/i586/ruby-tk-1.8.1-1.8.C30mdk.i586.rpm
71b024abd10b00f7e278e39492f98aa6 corporate/3.0/SRPMS/ruby-1.8.1-1.8.C30mdk.src.rpm

Corporate 3.0/X86_64:
366a4003551813d500eec00996981abf corporate/3.0/x86_64/ruby-1.8.1-1.8.C30mdk.x86_64.rpm
ef95e042be0f3a881ae6a66502c1c905 corporate/3.0/x86_64/ruby-devel-1.8.1-1.8.C30mdk.x86_64.rpm
d72e56164f0a0fcb99b190dbb2ce7c2c corporate/3.0/x86_64/ruby-doc-1.8.1-1.8.C30mdk.x86_64.rpm
81c6c9a396d26dea3bd683c2207eb96b corporate/3.0/x86_64/ruby-tk-1.8.1-1.8.C30mdk.x86_64.rpm
71b024abd10b00f7e278e39492f98aa6 corporate/3.0/SRPMS/ruby-1.8.1-1.8.C30mdk.src.rpm

Corporate 4.0:
9796f3458efc694c98ab821158a0599b corporate/4.0/i586/ruby-1.8.2-7.5.20060mlcs4.i586.rpm
3578dc2bd6735967f79f43b21b14f8b2 corporate/4.0/i586/ruby-devel-1.8.2-7.5.20060mlcs4.i586.rpm
4505b6152a025ecef599e48c4ef11763 corporate/4.0/i586/ruby-doc-1.8.2-7.5.20060mlcs4.i586.rpm
466b48eb68199179c044b8a0fe5f7a3f corporate/4.0/i586/ruby-tk-1.8.2-7.5.20060mlcs4.i586.rpm
b7f41e2f4f5f71e3c2f214c041957533 corporate/4.0/SRPMS/ruby-1.8.2-7.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
2771fffe29e377ea0bcf594bb94a0f7b corporate/4.0/x86_64/ruby-1.8.2-7.5.20060mlcs4.x86_64.rpm
2d0b06a00590a0dfae303be8079f852a corporate/4.0/x86_64/ruby-devel-1.8.2-7.5.20060mlcs4.x86_64.rpm
87d597d03cc146b1b9ac89e29b7a2879 corporate/4.0/x86_64/ruby-doc-1.8.2-7.5.20060mlcs4.x86_64.rpm
ec2d09506bfebab08d523fd258f8136b corporate/4.0/x86_64/ruby-tk-1.8.2-7.5.20060mlcs4.x86_64.rpm
b7f41e2f4f5f71e3c2f214c041957533 corporate/4.0/SRPMS/ruby-1.8.2-7.5.20060mlcs4.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Red Hat Linux

Red Hat Security Advisory

Synopsis: Low: mod_auth_kerb security update
Advisory ID: RHSA-2006:0746-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0746.html
Issue date: 2006-12-06
Updated on: 2006-12-06
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-5989

1. Summary:

Updated mod_auth_kerb packages that fix a security flaw and a bug in multiple realm handling are now available for Red Hat Enterprise Linux 4.

This update has been rated as having low security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

mod_auth_kerb is module for the Apache HTTP Server designed to provide Kerberos authentication over HTTP.

An off by one flaw was found in the way mod_auth_kerb handles certain Kerberos authentication messages. A remote client could send a specially crafted authentication request which could crash an httpd child process (CVE-2006-5989).

A bug in the handling of multiple realms configured using the "KrbAuthRealms" directive has also been fixed.

All users of mod_auth_kerb should upgrade to these updated packages, which contain backported patches that resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

216482 - CVE-2006-5989 mod_auth_kerb segfault with FC6 client

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mod_auth_kerb-5.0-1.3.src.rpm
24131bdecf30d669d2fb2692dbcfad27 mod_auth_kerb-5.0-1.3.src.rpm

i386:
1d5e62b7225a6e2000af86b789045413 mod_auth_kerb-5.0-1.3.i386.rpm
fed4a53b16b7bfd7a4a0dfaca62f5be6 mod_auth_kerb-debuginfo-5.0-1.3.i386.rpm

ia64:
443b99ef514df01db87733b155f93650 mod_auth_kerb-5.0-1.3.ia64.rpm
e0779dc88b1b5091cb40636b8837b530 mod_auth_kerb-debuginfo-5.0-1.3.ia64.rpm

ppc:
5436a1f27cf066c1726129704acc40cd mod_auth_kerb-5.0-1.3.ppc.rpm
eef5905de44e82c650de1c10e58587db mod_auth_kerb-debuginfo-5.0-1.3.ppc.rpm

s390:
2fcd997ce2d9993f1cf3a934be8495c9 mod_auth_kerb-5.0-1.3.s390.rpm
bf7c624895dcbad7e5e571110ed20e2a mod_auth_kerb-debuginfo-5.0-1.3.s390.rpm

s390x:
e689f54999dd02f97d39ac840f009ede mod_auth_kerb-5.0-1.3.s390x.rpm
af70fab7de73d73652f33a8a6b74b493 mod_auth_kerb-debuginfo-5.0-1.3.s390x.rpm

x86_64:
f586b2f0183882e66b848020a0226b9c mod_auth_kerb-5.0-1.3.x86_64.rpm
407aa8cbe7e8feb41b3f8a567d8b5a8d mod_auth_kerb-debuginfo-5.0-1.3.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mod_auth_kerb-5.0-1.3.src.rpm
24131bdecf30d669d2fb2692dbcfad27 mod_auth_kerb-5.0-1.3.src.rpm

i386:
1d5e62b7225a6e2000af86b789045413 mod_auth_kerb-5.0-1.3.i386.rpm
fed4a53b16b7bfd7a4a0dfaca62f5be6 mod_auth_kerb-debuginfo-5.0-1.3.i386.rpm

x86_64:
f586b2f0183882e66b848020a0226b9c mod_auth_kerb-5.0-1.3.x86_64.rpm
407aa8cbe7e8feb41b3f8a567d8b5a8d mod_auth_kerb-debuginfo-5.0-1.3.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mod_auth_kerb-5.0-1.3.src.rpm
24131bdecf30d669d2fb2692dbcfad27 mod_auth_kerb-5.0-1.3.src.rpm

i386:
1d5e62b7225a6e2000af86b789045413 mod_auth_kerb-5.0-1.3.i386.rpm
fed4a53b16b7bfd7a4a0dfaca62f5be6 mod_auth_kerb-debuginfo-5.0-1.3.i386.rpm

ia64:
443b99ef514df01db87733b155f93650 mod_auth_kerb-5.0-1.3.ia64.rpm
e0779dc88b1b5091cb40636b8837b530 mod_auth_kerb-debuginfo-5.0-1.3.ia64.rpm

x86_64:
f586b2f0183882e66b848020a0226b9c mod_auth_kerb-5.0-1.3.x86_64.rpm
407aa8cbe7e8feb41b3f8a567d8b5a8d mod_auth_kerb-debuginfo-5.0-1.3.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mod_auth_kerb-5.0-1.3.src.rpm
24131bdecf30d669d2fb2692dbcfad27 mod_auth_kerb-5.0-1.3.src.rpm

i386:
1d5e62b7225a6e2000af86b789045413 mod_auth_kerb-5.0-1.3.i386.rpm
fed4a53b16b7bfd7a4a0dfaca62f5be6 mod_auth_kerb-debuginfo-5.0-1.3.i386.rpm

ia64:
443b99ef514df01db87733b155f93650 mod_auth_kerb-5.0-1.3.ia64.rpm
e0779dc88b1b5091cb40636b8837b530 mod_auth_kerb-debuginfo-5.0-1.3.ia64.rpm

x86_64:
f586b2f0183882e66b848020a0226b9c mod_auth_kerb-5.0-1.3.x86_64.rpm
407aa8cbe7e8feb41b3f8a567d8b5a8d mod_auth_kerb-debuginfo-5.0-1.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5989
http://www.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.

Red Hat Security Advisory

Synopsis: Important: gnupg security update
Advisory ID: RHSA-2006:0754-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0754.html
Issue date: 2006-12-06
Updated on: 2006-12-06
Product: Red Hat Enterprise Linux
Keywords: printable string decrypt heap overflow
CVE Names: CVE-2006-6169 CVE-2006-6235

1. Summary:

Updated GnuPG packages that fix two security issues are now available.

This update has been rated as having important security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

GnuPG is a utility for encrypting data and creating digital signatures.

Tavis Ormandy discovered a stack overwrite flaw in the way GnuPG decrypts messages. An attacker could create carefully crafted message that could cause GnuPG to execute arbitrary code if a victim attempts to decrypt the message. (CVE-2006-6235)

A heap based buffer overflow flaw was found in the way GnuPG constructs messages to be written to the terminal during an interactive session. An attacker could create a carefully crafted message which with user interaction could cause GnuPG to execute arbitrary code with the permissions of the user running GnuPG. (CVE-2006-6169)

All users of GnuPG are advised to upgrade to this updated package, which contains a backported patch to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

218505 - CVE-2006-6169 GnuPG heap overflow

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gnupg-1.0.7-20.src.rpm
55f3008c00505b9ed691a1621f9f679b gnupg-1.0.7-20.src.rpm

i386:
25113e54fca82c67a1adb0d14c536aa9 gnupg-1.0.7-20.i386.rpm

ia64:
6a3a3c6dc0e4b65fd5eddc75a422fead gnupg-1.0.7-20.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gnupg-1.0.7-20.src.rpm
55f3008c00505b9ed691a1621f9f679b gnupg-1.0.7-20.src.rpm

ia64:
6a3a3c6dc0e4b65fd5eddc75a422fead gnupg-1.0.7-20.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gnupg-1.0.7-20.src.rpm
55f3008c00505b9ed691a1621f9f679b gnupg-1.0.7-20.src.rpm

i386:
25113e54fca82c67a1adb0d14c536aa9 gnupg-1.0.7-20.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gnupg-1.0.7-20.src.rpm
55f3008c00505b9ed691a1621f9f679b gnupg-1.0.7-20.src.rpm

i386:
25113e54fca82c67a1adb0d14c536aa9 gnupg-1.0.7-20.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gnupg-1.2.1-19.src.rpm
2006add6d6ece17f59f4a9397d621665 gnupg-1.2.1-19.src.rpm

i386:
39045347836c30667687d601a58965a9 gnupg-1.2.1-19.i386.rpm
e1a346200fd6628fefcdcc721083e91f gnupg-debuginfo-1.2.1-19.i386.rpm

ia64:
978ff04512ff5e7706d505e0fa46e0eb gnupg-1.2.1-19.ia64.rpm
03269279b06d98af518bd405c3313bad gnupg-debuginfo-1.2.1-19.ia64.rpm

ppc:
7f21902fb2f508d735bbc430a01765f4 gnupg-1.2.1-19.ppc.rpm
e8019cb279d04aa65a9faf52ab0a46c0 gnupg-debuginfo-1.2.1-19.ppc.rpm

s390:
d9fefbd2ef988552d9b1b3b0a890acef gnupg-1.2.1-19.s390.rpm
5efc90cef0cac23eda451e1508e09fd2 gnupg-debuginfo-1.2.1-19.s390.rpm

s390x:
5fe40389e0aeb86ab0b9b1d413e899d1 gnupg-1.2.1-19.s390x.rpm
0353ea95434201e538e81809117fab33 gnupg-debuginfo-1.2.1-19.s390x.rpm

x86_64:
4cd47c1ff13aecfc4fb235e98b156e06 gnupg-1.2.1-19.x86_64.rpm
1a327c028d1e44f3747c890f6c926d9a gnupg-debuginfo-1.2.1-19.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gnupg-1.2.1-19.src.rpm
2006add6d6ece17f59f4a9397d621665 gnupg-1.2.1-19.src.rpm

i386:
39045347836c30667687d601a58965a9 gnupg-1.2.1-19.i386.rpm
e1a346200fd6628fefcdcc721083e91f gnupg-debuginfo-1.2.1-19.i386.rpm

x86_64:
4cd47c1ff13aecfc4fb235e98b156e06 gnupg-1.2.1-19.x86_64.rpm
1a327c028d1e44f3747c890f6c926d9a gnupg-debuginfo-1.2.1-19.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gnupg-1.2.1-19.src.rpm
2006add6d6ece17f59f4a9397d621665 gnupg-1.2.1-19.src.rpm

i386:
39045347836c30667687d601a58965a9 gnupg-1.2.1-19.i386.rpm
e1a346200fd6628fefcdcc721083e91f gnupg-debuginfo-1.2.1-19.i386.rpm

ia64:
978ff04512ff5e7706d505e0fa46e0eb gnupg-1.2.1-19.ia64.rpm
03269279b06d98af518bd405c3313bad gnupg-debuginfo-1.2.1-19.ia64.rpm

x86_64:
4cd47c1ff13aecfc4fb235e98b156e06 gnupg-1.2.1-19.x86_64.rpm
1a327c028d1e44f3747c890f6c926d9a gnupg-debuginfo-1.2.1-19.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gnupg-1.2.1-19.src.rpm
2006add6d6ece17f59f4a9397d621665 gnupg-1.2.1-19.src.rpm

i386:
39045347836c30667687d601a58965a9 gnupg-1.2.1-19.i386.rpm
e1a346200fd6628fefcdcc721083e91f gnupg-debuginfo-1.2.1-19.i386.rpm

ia64:
978ff04512ff5e7706d505e0fa46e0eb gnupg-1.2.1-19.ia64.rpm
03269279b06d98af518bd405c3313bad gnupg-debuginfo-1.2.1-19.ia64.rpm

x86_64:
4cd47c1ff13aecfc4fb235e98b156e06 gnupg-1.2.1-19.x86_64.rpm
1a327c028d1e44f3747c890f6c926d9a gnupg-debuginfo-1.2.1-19.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gnupg-1.2.6-8.src.rpm
4d919fce07aa4051c6a8ec5f871430c8 gnupg-1.2.6-8.src.rpm

i386:
640862942e412f7070f4633cef6a480e gnupg-1.2.6-8.i386.rpm
b389e7abc34289a7ed4b302893c10396 gnupg-debuginfo-1.2.6-8.i386.rpm

ia64:
0d1191dcf30c72a93282dfec862dbef6 gnupg-1.2.6-8.ia64.rpm
840fcfbd4a0078df5390cf206efe7c27 gnupg-debuginfo-1.2.6-8.ia64.rpm

ppc:
1c64e01d7a0e6adbf2c069303f28c66b gnupg-1.2.6-8.ppc.rpm
56d59005e8c51bda61edd99e75ef692b gnupg-debuginfo-1.2.6-8.ppc.rpm

s390:
6f007a82e0b769988ba97132db09053b gnupg-1.2.6-8.s390.rpm
ac9c8f7fcd9313dc2ec9d53d206227de gnupg-debuginfo-1.2.6-8.s390.rpm

s390x:
bbf9eab34a9282fd30698bc0d27ff11f gnupg-1.2.6-8.s390x.rpm
6dd7b0cb8904abf3216de58be7bbb110 gnupg-debuginfo-1.2.6-8.s390x.rpm

x86_64:
800e7c982ba81ae0651b0091fdf61a63 gnupg-1.2.6-8.x86_64.rpm
fb3f183d427aea368b331b8e008122d7 gnupg-debuginfo-1.2.6-8.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gnupg-1.2.6-8.src.rpm
4d919fce07aa4051c6a8ec5f871430c8 gnupg-1.2.6-8.src.rpm

i386:
640862942e412f7070f4633cef6a480e gnupg-1.2.6-8.i386.rpm
b389e7abc34289a7ed4b302893c10396 gnupg-debuginfo-1.2.6-8.i386.rpm

x86_64:
800e7c982ba81ae0651b0091fdf61a63 gnupg-1.2.6-8.x86_64.rpm
fb3f183d427aea368b331b8e008122d7 gnupg-debuginfo-1.2.6-8.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gnupg-1.2.6-8.src.rpm
4d919fce07aa4051c6a8ec5f871430c8 gnupg-1.2.6-8.src.rpm

i386:
640862942e412f7070f4633cef6a480e gnupg-1.2.6-8.i386.rpm
b389e7abc34289a7ed4b302893c10396 gnupg-debuginfo-1.2.6-8.i386.rpm

ia64:
0d1191dcf30c72a93282dfec862dbef6 gnupg-1.2.6-8.ia64.rpm
840fcfbd4a0078df5390cf206efe7c27 gnupg-debuginfo-1.2.6-8.ia64.rpm

x86_64:
800e7c982ba81ae0651b0091fdf61a63 gnupg-1.2.6-8.x86_64.rpm
fb3f183d427aea368b331b8e008122d7 gnupg-debuginfo-1.2.6-8.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gnupg-1.2.6-8.src.rpm
4d919fce07aa4051c6a8ec5f871430c8 gnupg-1.2.6-8.src.rpm

i386:
640862942e412f7070f4633cef6a480e gnupg-1.2.6-8.i386.rpm
b389e7abc34289a7ed4b302893c10396 gnupg-debuginfo-1.2.6-8.i386.rpm

ia64:
0d1191dcf30c72a93282dfec862dbef6 gnupg-1.2.6-8.ia64.rpm
840fcfbd4a0078df5390cf206efe7c27 gnupg-debuginfo-1.2.6-8.ia64.rpm

x86_64:
800e7c982ba81ae0651b0091fdf61a63 gnupg-1.2.6-8.x86_64.rpm
fb3f183d427aea368b331b8e008122d7 gnupg-debuginfo-1.2.6-8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.

rPath Linux

rPath Security Advisory: 2006-0226-1
Published: 2006-12-06
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification: Local Root Non-deterministic Privilege Escalation
Updated Versions: kernel=/conary.rpath.com@rpl:devel//1/2.6.17.14-0.4-1
kernel=/conary.rpath.com@rpl:devel//1-xen/2.6.16.29-0.11-1

References:

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5751
    https://issues.rpath.com/browse/RPL-803
    https://issues.rpath.com/browse/RPL-837

Description:

Previous versions of the kernel package are vulnerable to a local denial of service or privilege escalation attack by unprivileged users if any network bridge interface has been configured with more than two interfaces. The attacker can cause the system to crash, and is believed to be able to provide arbitrary code that may (with undetermined probability) run in kernel context. Xen dom0 instances in the default bridging configuration are vulnerable.

Previous versions of the Xen dom0 kernel did not embed the firmware for QLogic 2XXX Fibre Channel adapters, disabling Xen dom0 on those systems.

This update requires a system reboot to implement the fixes.

rPath Security Advisory: 2006-0227-1
Published: 2006-12-06
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification: Indirect Deterministic Privilege Escalation
Updated Versions: gnupg=/conary.rpath.com@rpl:devel//1/1.4.6-0.1-

References:

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235
    https://issues.rpath.com/browse/RPL-835

Description:

Previous versions of the gnupg package will execute attacker-provided code found in intentionally malformed OpenPGP packets. This allows an attacker to run arbitrary code as the user invoking gpg on the file that contains the malformed packets.

Ubuntu

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.10:
evince 0.4.0-0ubuntu4.3

Ubuntu 6.06 LTS:
evince 0.5.2-0ubuntu3.2

Ubuntu 6.10:
evince 0.6.1-0ubuntu1.2

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

USN-390-1 fixed a vulnerability in evince. The original fix did not fully solve the problem, allowing for a denial of service in certain situations.

Original advisory details:

A buffer overflow was discovered in the PostScript processor included in evince. By tricking a user into opening a specially crafted PS file, an attacker could crash evince or execute arbitrary code with the user's privileges.

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.4.0-0ubuntu4.3.diff.gz
      Size/MD5: 11703 57da8bfc0ad787ae9c8ecd69c517249c
    http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.4.0-0ubuntu4.3.dsc
      Size/MD5: 1873 72d17a9bdb8a65e1a240834099cfdbe6
    http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.4.0.orig.tar.gz
      Size/MD5: 1172276 9c1009e3dae55bcda1bc5204f021ad1b

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.4.0-0ubuntu4.3_amd64.deb
      Size/MD5: 652508 2815d3389a1260c6388485b71c3bb5b1

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.4.0-0ubuntu4.3_i386.deb
      Size/MD5: 602688 3f7768319e1d5f8f3a3131cf23856c86

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.4.0-0ubuntu4.3_powerpc.deb
      Size/MD5: 637256 0c2653001eb6c40e0a3228f8dd49598f

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.4.0-0ubuntu4.3_sparc.deb
      Size/MD5: 616900 ade92071c11fd148af61ec3f57900ea3

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.5.2-0ubuntu3.2.diff.gz
      Size/MD5: 11818 e485f45171c5558cb7d7fec930f050ba
    http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.5.2-0ubuntu3.2.dsc
      Size/MD5: 1977 15a5db1f73061fbf0d468e9c4a8fe0c7
    http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.5.2.orig.tar.gz
      Size/MD5: 1362513 5020afb1768d89c251ad8c2a233d9fcf

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.5.2-0ubuntu3.2_amd64.deb
      Size/MD5: 747902 8f75cb0125481699918dfd23c3d81718

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.5.2-0ubuntu3.2_i386.deb
      Size/MD5: 692882 392d072d36c0c200f14ff44c5dd40858

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.5.2-0ubuntu3.2_powerpc.deb
      Size/MD5: 729070 d5053fd093002988670243a050f8be1f

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.5.2-0ubuntu3.2_sparc.deb
      Size/MD5: 704756 19aa53d800f922641d8660417a982fc4

Updated packages for Ubuntu 6.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.6.1-0ubuntu1.2.diff.gz
      Size/MD5: 7742 31f26b98ab68c5c9f7bb9a133ddec8f3
    http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.6.1-0ubuntu1.2.dsc
      Size/MD5: 1679 6e3252457e5c8703932a04804c2af514
    http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.6.1.orig.tar.gz
      Size/MD5: 1687870 665387e278d4da97f7540aeddeaae57d

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.6.1-0ubuntu1.2_amd64.deb
      Size/MD5: 944244 bbcc0ea3a31c4f71c528dbf4d144f0e3

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.6.1-0ubuntu1.2_i386.deb
      Size/MD5: 901854 ab0b5badc19b9c7665dee69ab937dd02

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.6.1-0ubuntu1.2_powerpc.deb
      Size/MD5: 926276 fda07c35d1f38589f515720772888785

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.6.1-0ubuntu1.2_sparc.deb
      Size/MD5: 895824 f94e53b05c5985f9b4fa0889ac2b55c8

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS:
evince-gtk 0.5.2-0ubuntu2.1

Ubuntu 6.10:
evince-gtk 0.5.2-0ubuntu4.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

USN-390-2 fixed vulnerabilities in evince. This update provides the corresponding update for evince-gtk.

Original advisory details:

A buffer overflow was discovered in the PostScript processor included in evince. By tricking a user into opening a specially crafted PS file, an attacker could crash evince or execute arbitrary code with the user's privileges.

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2-0ubuntu2.1.diff.gz
      Size/MD5: 22511 0cf118d6918268ba4f53c9b21c2e4abc
    http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2-0ubuntu2.1.dsc
      Size/MD5: 893 6bd5d56c1d26042f0882ad1c8f35d8c4
    http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2.orig.tar.gz
      Size/MD5: 1362513 5020afb1768d89c251ad8c2a233d9fcf

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2-0ubuntu2.1_amd64.deb
      Size/MD5: 311524 9afc1a61adb192c0c115bcc8231008c1

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2-0ubuntu2.1_i386.deb
      Size/MD5: 282212 15a8292c95bed93d2af5d4917172ca8c

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2-0ubuntu2.1_powerpc.deb
      Size/MD5: 299064 510f7b8c93b8a8a65f71cae17176cd59

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2-0ubuntu2.1_sparc.deb
      Size/MD5: 287254 f75088c1015e44cf7ed2633340d0d24f

Updated packages for Ubuntu 6.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2-0ubuntu4.1.diff.gz
      Size/MD5: 22622 194a824da15c50fe472762f960f2b9fb
    http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2-0ubuntu4.1.dsc
      Size/MD5: 893 24d9a86b4a012fd133ee37b538e9156c
    http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2.orig.tar.gz
      Size/MD5: 1362513 5020afb1768d89c251ad8c2a233d9fcf

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2-0ubuntu4.1_amd64.deb
      Size/MD5: 305732 af144ed0736a7ef77aba67ef9cbbeaae

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2-0ubuntu4.1_i386.deb
      Size/MD5: 286362 21f58e429f79a605fa2bff0c36a7cbb6

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2-0ubuntu4.1_powerpc.deb
      Size/MD5: 293918 c9e00c6154cddae33bd8c99afbace8fd

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/e/evince-gtk/evince-gtk_0.5.2-0ubuntu4.1_sparc.deb
      Size/MD5: 282784 596cfcc780feac5016866a46375cbc42

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.10:
gnupg 1.4.1-1ubuntu1.6

Ubuntu 6.06 LTS:
gnupg 1.4.2.2-1ubuntu2.4

Ubuntu 6.10:
gnupg 1.4.3-2ubuntu3.2

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Tavis Ormandy discovered that gnupg was incorrectly using the stack. If a user were tricked into processing a specially crafted message, an attacker could execute arbitrary code with the user's privileges.

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.6.diff.gz
      Size/MD5: 23701 7a9033efbfb1f0028f53cef54f1a6522
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.6.dsc
      Size/MD5: 684 4740552c8acbe2143bfff11dbfaee85b
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1.orig.tar.gz
      Size/MD5: 4059170 1cc77c6943baaa711222e954bbd785e5

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.6_amd64.deb
      Size/MD5: 1136698 64e954a21f51c939792b140f5a0fc5df
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.6_amd64.udeb
      Size/MD5: 152276 c703faddbf82858fa85560912ea3f7b0

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.6_i386.deb
      Size/MD5: 1044848 6dc25f6204f754f80b15f90bac175a25
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.6_i386.udeb
      Size/MD5: 130672 3a69e1804fb1234a70d9715d42b929e1

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.6_powerpc.deb
      Size/MD5: 1120042 16103aee54c188b9e74b81d776537bc4
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.6_powerpc.udeb
      Size/MD5: 140218 fcc41df5bf7d7336ac00ab8a1edaa665

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.1-1ubuntu1.6_sparc.deb
      Size/MD5: 1064838 8c78b6bca94a9bc62a9d7a9f5a8ae298
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.1-1ubuntu1.6_sparc.udeb
      Size/MD5: 139598 830785d65ea4bdb0d8ed8d123fcb2d6f

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.4.diff.gz
      Size/MD5: 22621 3e45e6fe65cd1334a12d6bfbc9d26f2b
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.4.dsc
      Size/MD5: 690 1ce5bd388f35b6bdd48e12719308cea5
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2.orig.tar.gz
      Size/MD5: 4222685 50d8fd9c5715ff78b7db0e5f20d08550

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.4_amd64.deb
      Size/MD5: 1066564 f3c60d096d2ea85b02f8898660ab7997
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.4_amd64.udeb
      Size/MD5: 140308 5f18581d5ab54d33f2d69b079985c599

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.4_i386.deb
      Size/MD5: 981652 8497f389c4feb73d10ff8c82810b2659
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.4_i386.udeb
      Size/MD5: 120282 a0001759aec7eb6317d8bd0656078ff6

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.4_powerpc.deb
      Size/MD5: 1054114 565e5af4a14baed975050837af3d600b
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.4_powerpc.udeb
      Size/MD5: 130160 d97f253e9f24a3f831b31d1fae25a67c

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.2.2-1ubuntu2.4_sparc.deb
      Size/MD5: 994418 15ec9d7565fd5a2ba18ca8cbd03357f8
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.2.2-1ubuntu2.4_sparc.udeb
      Size/MD5: 127412 028eaa2d4ca1c8d96eefaa663f853290

Updated packages for Ubuntu 6.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3-2ubuntu3.2.diff.gz
      Size/MD5: 27943 c2dd800ba7a267e9ec69316c7d5c5326
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3-2ubuntu3.2.dsc
      Size/MD5: 697 c095b5eee6408adc65d88a26b124c026
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3.orig.tar.gz
      Size/MD5: 4320394 fcdf572a33dd037653707b128dd150a7

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg/gnupg-udeb_1.4.3-2ubuntu3.2_amd64.udeb
      Size/MD5: 379922 56441176d8767b88d240284ea8c10b20
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3-2ubuntu3.2_amd64.deb
      Size/MD5: 1112292 1ff2c321882324dc5d8b1b527a4131e2
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.3-2ubuntu3.2_amd64.udeb
      Size/MD5: 142630 a0d0bbb95df1652697e8c5dfce3abd6d

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg/gnupg-udeb_1.4.3-2ubuntu3.2_i386.udeb
      Size/MD5: 357610 2b83faf2418ae37d1f9b9d05948b98e2
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3-2ubuntu3.2_i386.deb
      Size/MD5: 1055760 8034b6cd5cd73f7de7e7325b4e7d4603
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.3-2ubuntu3.2_i386.udeb
      Size/MD5: 129146 deb3e977a44c7ec6e9ebd279285d391c

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg/gnupg-udeb_1.4.3-2ubuntu3.2_powerpc.udeb
      Size/MD5: 372524 1385f1d9a1874d457ec7f41bb6f88028
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3-2ubuntu3.2_powerpc.deb
      Size/MD5: 1107338 38c9a6fca86bf659781f8117ac80fa0b
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.3-2ubuntu3.2_powerpc.udeb
      Size/MD5: 136288 002befb66b791fdac4889095dbc67d1b

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnupg/gnupg-udeb_1.4.3-2ubuntu3.2_sparc.udeb
      Size/MD5: 366204 f350d40bceeebaf01a0f525aa33bb9ac
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gnupg_1.4.3-2ubuntu3.2_sparc.deb
      Size/MD5: 1042454 4b2f85afdea3cce9d837982badf7eb61
    http://security.ubuntu.com/ubuntu/pool/main/g/gnupg/gpgv-udeb_1.4.3-2ubuntu3.2_sparc.udeb
      Size/MD5: 132764 194f8cb7439efed249d84d39e4d27abc