:Advisories, January 4, 2007
Advisories, January 4, 2007 0 Talkback[s]
Gentoo Linux
http://security.gentoo.org/
Severity: Normal
DenyHosts does not correctly parse log entries, potentially causing a
remote Denial of Service.
DenyHosts is designed to monitor SSH servers for repeated failed login
attempts.
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that
DenyHosts used an incomplete regular expression to parse failed login
attempts.
A remote unauthenticated attacker can add arbitrary hosts to the
blacklist by attempting to login with a specially crafted username. An
attacker may use this to prevent legitimate users from accessing a host
remotely.
There is no known workaround at this time.
All DenyHosts users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/denyhosts-2.6"
[ 1 ] CVE-2006-6301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6301
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200701-01.xml
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org .
Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
http://security.gentoo.org/
Severity: Normal
Multiple vulnerabilities have been reported in Mozilla Firefox, some of
which may allow the remote execution of arbitrary code.
Mozilla Firefox is a popular open-source web browser from the Mozilla
Project.
1 www-client/mozilla-firefox < 1.5.0.9 >= 1.5.0.9
2 www-client/mozilla-firefox-bin < 1.5.0.9 >= 1.5.0.9
-------------------------------------------------------------------
2 affected packages on all of their supported architectures.
An anonymous researcher found evidence of memory corruption in the way
Mozilla Firefox handles certain types of SVG comment DOM nodes.
Additionally, Frederik Reiss discovered a heap-based buffer overflow in
the conversion of a CSS cursor. Other issues with memory corruption
were also fixed. Mozilla Firefox also contains less severe
vulnerabilities involving JavaScript and Java.
An attacker could entice a user to view a specially crafted web page
that will trigger one of the vulnerabilities, possibly leading to the
execution of arbitrary code. It is also possible for an attacker to
perform cross-site scripting attacks, leading to the exposure of
sensitive information, like user credentials.
There are no known workarounds for all the issues at this time.
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.9"
All Mozilla Firefox binary release users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.9"
[ 1 ] CVE-2006-6497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6497
[ 2 ] CVE-2006-6498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6498
[ 3 ] CVE-2006-6499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6499
[ 4 ] CVE-2006-6500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6500
[ 5 ] CVE-2006-6501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6501
[ 6 ] CVE-2006-6502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6502
[ 7 ] CVE-2006-6503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6503
[ 8 ] CVE-2006-6504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6504
[ 9 ] CVE-2006-6506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6506
[ 10 ] CVE-2006-6507
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6507
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200701-02.xml
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org .
Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
http://security.gentoo.org/
Severity: High
Multiple vulnerabilities have been reported in Mozilla Thunderbird,
some of which may allow the remote execution of arbitrary code.
Mozilla Thunderbird is a popular open-source email client from the
Mozilla Project.
1 mozilla-thunderbird < 1.5.0.9 >= 1.5.0.9
2 mozilla-thunderbird-bin < 1.5.0.9 >= 1.5.0.9
-------------------------------------------------------------------
2 affected packages on all of their supported architectures.
Georgi Guninski and David Bienvenu discovered buffer overflows in the
processing of long "Content-Type:" and long non-ASCII MIME headers.
Additionally, Frederik Reiss discovered a heap-based buffer overflow in
the conversion of a CSS cursor. Different vulnerabilities involving
memory corruption in the browser engine were also fixed. Mozilla
Thunderbird also contains less severe vulnerabilities involving
JavaScript and Java.
An attacker could entice a user to view a specially crafted email that
will trigger one of these vulnerabilities, possibly leading to the
execution of arbitrary code. An attacker could also perform cross-site
scripting attacks, leading to the exposure of sensitive information,
like user credentials. Note that the execution of JavaScript or Java
applets is disabled by default and enabling it is strongly discouraged.
There are no known workarounds for all the issues at this time.
All Mozilla Thunderbird users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-1.5.0.9"
All Mozilla Thunderbird binary release users should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-1.5.0.9"
[ 1 ] CVE-2006-6497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6497
[ 2 ] CVE-2006-6500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6500
[ 3 ] CVE-2006-6501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6501
[ 4 ] CVE-2006-6502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6502
[ 5 ] CVE-2006-6503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6503
[ 6 ] CVE-2006-6505
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6505
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200701-03.xml
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org .
Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
SUSE Linux
SUSE Security Announcement
Package: OpenOffice_org
Content of This Advisory:
Security Vulnerability Resolved:
buffer overflows in WMF and Enhanced WMF handling
Problem Description
Solution or Work-Around
Special Instructions and Notes
Package Location and Checksums
Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
Authenticity Verification and Additional Information
1) Problem Description and Brief Discussion
Security problems were fixed in the WMF and Enhanced WMF handling
in OpenOffice_org These could potentially be used to execute code
or crash OpenOffice when a user could be convinced to open specially
crafted document (for instance a document sent by E-mail).
This issue is tracked by the Mitre CVE ID CVE-2006-5870.
openSUSE 10.2 is not affected by this problem, it already contains
the fixed OpenOffice_org 2.1 version.
Additionally the OpenOffice_org 2.0 version in SLED 10 was fitted with
hooks to add OfficeXML support with a later update.
Due to the very large size of this update and mirror lag it might
take some hours or days until the updates are available on our mirrors.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
Restart OpenOffice after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
SUSE LINUX 10.1:ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-2.0.2-27.15.i586.rpm fd03f46c3cb8bef62d6bc717183204e7ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-gnome-2.0.2-27.15.i586.rpm 36bd92eac9d3fd998998625d5f812858ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-kde-2.0.2-27.15.i586.rpm 54dc58b25ed418070f58288c1950d157ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-mono-2.0.2-27.15.i586.rpm 0f89c73067b0a0bc7a387d59c5b0a83fftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/OpenOffice_org-officebean-2.0.2-27.15.i586.rpm fd487bb53472096452ae5fd9717c2743
SUSE LINUX 10.0:ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-2.0.0-1.6.i586.rpm 7aa52e528b59faca90bf67fa6831724aftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-af-2.0.0-1.6.i586.rpm 5252fe526c9c9f68e4ebc16218bfc2f0ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-ar-2.0.0-1.6.i586.rpm d491884acce7564aec4ea79601df15faftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-be-BY-2.0.0-1.6.i586.rpm 1ec60c221b4a62068ff15c89688c6f3eftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-bg-2.0.0-1.6.i586.rpm 9e985ceceee03a6ec5ac4914226d9d3aftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-ca-2.0.0-1.6.i586.rpm 6b477a12871e48ffc5d867e4010ebd5dftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-cs-2.0.0-1.6.i586.rpm e0751ca9a1fc33147a32472b65da4ed2ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-cy-2.0.0-1.6.i586.rpm 5fc86fc2b3d20c87e7d173ecc8e3e593ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-da-2.0.0-1.6.i586.rpm ecb32dd2c12a8f40f731c8e4a61daf7cftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-de-2.0.0-1.6.i586.rpm 144617276d8e8037a05490529970800cftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-el-2.0.0-1.6.i586.rpm f35a9300b2265bef11ae5bc645e70384ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-en-GB-2.0.0-1.6.i586.rpm 113395204a868a6a569679322af534a0ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-es-2.0.0-1.6.i586.rpm 7cb6394676b090106d8209ee0bc325a3ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-et-2.0.0-1.6.i586.rpm 4e5b407d15d85aabe3e9e9bd324cd317ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-fi-2.0.0-1.6.i586.rpm f9f0301702937f0e632ef5c3b27618d7ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-fr-2.0.0-1.6.i586.rpm 7c1c99dd9d2cf8ddd76739b409e88494ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-galleries-2.0.0-1.6.i586.rpm 4090e1c6a4ebee1360c71ee5693aab1bftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-gnome-2.0.0-1.6.i586.rpm c5ff202f2b5b6a0e535144536612eae0ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-gu-IN-2.0.0-1.6.i586.rpm 77495fa38f85d6f962200092e6d513bbftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-hr-2.0.0-1.6.i586.rpm d6ca238f4470aff96b5efbde4b17176aftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-hu-2.0.0-1.6.i586.rpm cb7feb287121fda60f94122bc32a0444ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-hunspell-2.0.0-1.6.i586.rpm d262f78b441f8e87293ea5a50a1e58a5ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-it-2.0.0-1.6.i586.rpm d3c3daeaf6cf06e546976352dc99af67ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-ja-2.0.0-1.6.i586.rpm e5a71e9be49f9680f59b1432e817c967ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-kde-2.0.0-1.6.i586.rpm 50cd7d91aefeb6ec80bbb94e47aa67baftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-ko-2.0.0-1.6.i586.rpm 835a4a8bca862f51d71d43f6256b2914ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-mono-2.0.0-1.6.i586.rpm d916428c9ca9218ead8aff4236cce5c2ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-nb-2.0.0-1.6.i586.rpm 02f56857fa91a306057d4fe95d79e77aftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-nl-2.0.0-1.6.i586.rpm c57e39bd151725692051efa3bf0ee7baftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-nn-2.0.0-1.6.i586.rpm 1b505a63f3e04e14d04f54ef01a4c594ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-officebean-2.0.0-1.6.i586.rpm a7e4016475dca64f9a99e5912d300cddftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-pa-IN-2.0.0-1.6.i586.rpm 57a82939688d779f5b69c3a305bafa9bftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-pl-2.0.0-1.6.i586.rpm ce7b7c36d489a78620d7685c9ba77f4eftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-pt-2.0.0-1.6.i586.rpm 61f30a3a0432232c9ea86a5f9f0366a2ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-pt-BR-2.0.0-1.6.i586.rpm 8f2a0e0dd358a3a358cabc3453e9f5beftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-ru-2.0.0-1.6.i586.rpm fe898d738217dfdced31e807a9140784ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-sk-2.0.0-1.6.i586.rpm 9c1a614619aa69627fa8bc9fa51ec4bdftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-sl-2.0.0-1.6.i586.rpm ea798171c407cb3ed1fd1347eea22a94ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-sv-2.0.0-1.6.i586.rpm 1373b5bd4d808691fcb5e8e13ac56005ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-tr-2.0.0-1.6.i586.rpm 64ca9735287b612d5e9bc858ddd82679ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-vi-2.0.0-1.6.i586.rpm d927cd43fd2301c19748be4496f20349ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-xh-2.0.0-1.6.i586.rpm cadf70db30ba45ac1a365fe318a6997aftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-zh-CN-2.0.0-1.6.i586.rpm 378b2ec63021b7fce007ac270f33d3f3ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-zh-TW-2.0.0-1.6.i586.rpm 0a096ef4bb51369ea76e496e4d00b05bftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/OpenOffice_org-zu-2.0.0-1.6.i586.rpm 891de62d7740fe3479bec3d4d9e2293e
SUSE LINUX 9.3:ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-1.1.3-4.7.i586.rpm 589951f886a3b8a71af962a440e2d5d7ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-ar-1.1.3-4.7.i586.rpm e035689819add5a79cac86c080107591ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-ca-1.1.3-4.7.i586.rpm 440b7b8abf1e26a7e1ac94bad2159fa1ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-cs-1.1.3-4.7.i586.rpm 53346bde2f7c7a61ea9e33faa9c725a7ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-da-1.1.3-4.7.i586.rpm dae5b0bf3d98f9691f1e8d8d167547ceftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-de-1.1.3-4.7.i586.rpm 16c6aa50e44a585147fcf1494caacd29ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-el-1.1.3-4.7.i586.rpm 9d289713e0104cda3bd06b5f9f5d378cftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-en-1.1.3-4.7.i586.rpm 8cf58c072f67152ba542d03b7659af78ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-es-1.1.3-4.7.i586.rpm b275c33d9881de79e8df9a060b7d846dftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-et-1.1.3-4.7.i586.rpm 82dc46d3679a4cbed5d3b56f400bd0bbftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-fi-1.1.3-4.7.i586.rpm e7d5bdc9e0faf758917d08c46e303a9eftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-fr-1.1.3-4.7.i586.rpm 0f4a918a9f6e7d33260a238cb8fc5f22ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-gnome-1.1.3-4.7.i586.rpm 5826669ac9581afff84470dfa3a772f1ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-hu-1.1.3-4.7.i586.rpm f40b061176334959bc25d4a5e015f543ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-it-1.1.3-4.7.i586.rpm a331919c158b3ea676dafed45754fb8fftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-ja-1.1.3-4.7.i586.rpm 16d77dd832360590ed456940b45e3279ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-kde-1.1.3-4.7.i586.rpm 244053050edc83cf5f1cb35836feb956ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-ko-1.1.3-4.7.i586.rpm 0289dc7444bb236959c68814227c1aabftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-nl-1.1.3-4.7.i586.rpm 5dfc28ff432aaa352178b228e26d6797ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-pl-1.1.3-4.7.i586.rpm 9c898ed84206f5653f8a19bc9abed974ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-pt-1.1.3-4.7.i586.rpm bae59314219a654dd3d197270a4cd89dftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-ru-1.1.3-4.7.i586.rpm b96857f0c6c8064fcefe41c3499ec16cftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-sk-1.1.3-4.7.i586.rpm 19587fd04412b2a6815eb3d5516178dcftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-sl-1.1.3-4.7.i586.rpm 97c4d1521086521c66e97aa37a795952ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-sv-1.1.3-4.7.i586.rpm a95c6151cb2d29e1e30cc9b9f0b3ab5cftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-tr-1.1.3-4.7.i586.rpm d4cb3dda4d2a77c306f2d2e1eebca7d8ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-zh-CN-1.1.3-4.7.i586.rpm 123313c1d70234d0224c357c3454023dftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org1-zh-TW-1.1.3-4.7.i586.rpm 8aaadec1d3220f793bc6e66ad4293050
Power PC Platform:
SUSE LINUX 10.1:ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-2.0.2-27.15.ppc.rpm 47475bcf3d13d3fe4e03a245de77299aftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-gnome-2.0.2-27.15.ppc.rpm fdcf3ab9522f5d931ab45aa361d39a71ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-kde-2.0.2-27.15.ppc.rpm c69710053fee5f830ffa0fe276237db4ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-mono-2.0.2-27.15.ppc.rpm d6ce3d25640cc1ddbd04969a72601eeaftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/OpenOffice_org-officebean-2.0.2-27.15.ppc.rpm 7fba6800f065447114d6435e96a0d799
SUSE LINUX 10.0:ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-2.0.0-1.6.ppc.rpm 75763dce1d1a4705cb22b261ba5d3260ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-af-2.0.0-1.6.ppc.rpm 1b129691c1ece1cdcf7d41fe90ab26ecftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-ar-2.0.0-1.6.ppc.rpm ce359d45fd6e73860f5b95c759667483ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-be-BY-2.0.0-1.6.ppc.rpm 737edb9a51e2308b65c806db18eb8e38ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-bg-2.0.0-1.6.ppc.rpm ab9b0121f51f6cb695c3a698da732d85ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-ca-2.0.0-1.6.ppc.rpm 262468c5a4b4681147c6ce26d5ef63caftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-cs-2.0.0-1.6.ppc.rpm 1528bd884d1d178ac48a65658f54f67eftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-cy-2.0.0-1.6.ppc.rpm 26fb36e224f72e01dfd850982c10e842ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-da-2.0.0-1.6.ppc.rpm 6b434d5882776a0b0aa832d764756030ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-de-2.0.0-1.6.ppc.rpm bcdb3136e83d9c86d3714bd63b1627a3ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-el-2.0.0-1.6.ppc.rpm 23a8b36d116bdfdb70868468d3a1a104ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-en-GB-2.0.0-1.6.ppc.rpm 3d2d276b47fab13ab328f20fcc51efa6ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-es-2.0.0-1.6.ppc.rpm 90dac95b1346bf9e91642365777e592bftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-et-2.0.0-1.6.ppc.rpm e981a11acd19a1dbfe0d4336f0b8ff7aftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-fi-2.0.0-1.6.ppc.rpm e234e2cff42a2687dae123bc62eb604dftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-fr-2.0.0-1.6.ppc.rpm fac1261ab2a6f4cb68b3893437c257b8ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-galleries-2.0.0-1.6.ppc.rpm b485220c5d75535ebd68d2458d05c328ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-gnome-2.0.0-1.6.ppc.rpm f619a868c8f67593b12b6403046970fdftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-gu-IN-2.0.0-1.6.ppc.rpm 7e3c98a3926337ab392c8f044f4e1d11ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-hr-2.0.0-1.6.ppc.rpm 4bd3ba3ba25476548e020b8ec970a6f5ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-hu-2.0.0-1.6.ppc.rpm 5e51bd0e338676d2f883aa76ce4d00e8ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-hunspell-2.0.0-1.6.ppc.rpm dd7f560e51e96e6a3a6e448f5658d8bbftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-it-2.0.0-1.6.ppc.rpm 4d037c6a9f237cadf99f3e8a88fa224aftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-ja-2.0.0-1.6.ppc.rpm 4044cd5fd5995b38f2ddc2032b3675c4ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-kde-2.0.0-1.6.ppc.rpm 7e82c539eede13763365ddfeb9739d24ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-ko-2.0.0-1.6.ppc.rpm 8e7a9b881392d2b12cc84b2cab9a19e4ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-mono-2.0.0-1.6.ppc.rpm 95028076b7fbbaccdee76d65b616fbdcftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-nb-2.0.0-1.6.ppc.rpm d7bead9618b82987401bfee42d1b5ac7ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-nl-2.0.0-1.6.ppc.rpm 3f8847780643b48c43c556b036661c45ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-nn-2.0.0-1.6.ppc.rpm 2f43aacccf2e861b2781dea0d23a4308ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-officebean-2.0.0-1.6.ppc.rpm 1b3748db1855e5946d8c62243261c927ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-pa-IN-2.0.0-1.6.ppc.rpm 37489ea414dc7def0ef1dd52097a7974ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-pl-2.0.0-1.6.ppc.rpm 4bb114f9b8b3e09fe772bbba0962e13cftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-pt-2.0.0-1.6.ppc.rpm 0b1f1f1712c0607556ab5acafbe4a379ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-pt-BR-2.0.0-1.6.ppc.rpm e32e6c3a20ebc46ecac41031d4294847ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-ru-2.0.0-1.6.ppc.rpm 7d723cba896f9f3189b01e2e7173a08cftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-sk-2.0.0-1.6.ppc.rpm 7b5b3c7d748ab396d541ac7daaa56896ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-sl-2.0.0-1.6.ppc.rpm 890f3a37ea44ad44a65bca00949a0c00ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-sv-2.0.0-1.6.ppc.rpm 773f47069a7eb2084a6c6a40ecc04814ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-tr-2.0.0-1.6.ppc.rpm 5078bca7a5184827009f569924ada80aftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-vi-2.0.0-1.6.ppc.rpm ec364edf19438461e9fdf308b260b4a6ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-xh-2.0.0-1.6.ppc.rpm 22d0387a1b523ac61f06ade13618e979ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-zh-CN-2.0.0-1.6.ppc.rpm d68bf26b23896890e38d4ea30d10813dftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-zh-TW-2.0.0-1.6.ppc.rpm acc180374ade9fd27ed844f58576fa7bftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/OpenOffice_org-zu-2.0.0-1.6.ppc.rpm 7b4a3590b94bfbb70b316dc62dac28f6
Sources:
SUSE LINUX 10.1:ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/OpenOffice_org-2.0.2-27.15.src.rpm fe0ad3c361d857bc7504bf2215ae8948
SUSE LINUX 10.0:ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/OpenOffice_org-2.0.0-1.6.src.rpm e214e34e63fc0631959d452597025514
SUSE LINUX 9.3:ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/OpenOffice_org1-1.1.3-4.7.src.rpm 66f134cb40880d6ee219c8c1a01c1a5b
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
SLE SDK 10http://support.novell.com/techcenter/psdb/5de7a5faac735ff75aae048d9aeaa21f.html
SUSE SLED 10http://support.novell.com/techcenter/psdb/5de7a5faac735ff75aae048d9aeaa21f.html
Novell Linux Desktop 9http://support.novell.com/techcenter/psdb/b38ccbe0fb2200869a3553e136fde4f2.html
SuSE Linux Desktop 1.0http://support.novell.com/techcenter/psdb/b38ccbe0fb2200869a3553e136fde4f2.html
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security@suse.de >"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and integrity of a
package needs to be verified to ensure that it has not been tampered with.
The internal RPM package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build@suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on RPMv4-based
distributions) and the gpg key ring of 'root' during installation. You can
also find it on the first installation CD and included at the end of this
announcement.
SUSE runs two security mailing lists to which any interested party may
subscribe:
security@suse.com > or <security@suse.de >.security@suse.de > public key is listed below.
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User IDsecurity@suse.de >build@suse.de >
SUSE Security Announcement
Package: mono-web
Content of This Advisory:
Security Vulnerability Resolved:
ASP.net source code disclosure
Problem Description
Solution or Work-Around
Special Instructions and Notes
Package Location and Checksums
Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
Authenticity Verification and Additional Information
1) Problem Description and Brief Discussion
A security problem was found and fixed in the Mono / C# web server
implementation.
By appending spaces to URLs attackers could download the source code
of ASP.net scripts that would normally get executed by the web server.
This issue is tracked by the Mitre CVE ID CVE-2006-6104 and only
affects SUSE Linux 10.1, openSUSE 10.2 and SUSE Linux Enterprise 10.
Older products are not affected.
The updated packages for this problem were released on December 29th 2006.
2) Solution or Work-Around
There is no known workaround, please install the update packages.
3) Special Instructions and Notes
None.
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.
x86 Platform:
openSUSE 10.2:ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/bytefx-data-mysql-1.1.18.1-12.2.i586.rpm 7871ea91da68edfcd0b33e1a65f89414ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/ibm-data-db2-1.1.18.1-12.2.i586.rpm 4dea03120df7e27db52f24e3453218d3ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/mono-core-1.1.18.1-12.2.i586.rpm 7129007767134eee66ab5f48789fa6b8ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/mono-data-1.1.18.1-12.2.i586.rpm 4aaffb7e159d5e9d0807dcbaa57f9e97ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/mono-data-firebird-1.1.18.1-12.2.i586.rpm 764d536b04339d426cda40faca9e738fftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/mono-data-oracle-1.1.18.1-12.2.i586.rpm a575de3f3340abb11283aaea3d6ccda4ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/mono-data-postgresql-1.1.18.1-12.2.i586.rpm 22667d583ed22211edb7608de92b6979ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/mono-data-sqlite-1.1.18.1-12.2.i586.rpm 1d4a805666f53d39c2150894ff72312eftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/mono-data-sybase-1.1.18.1-12.2.i586.rpm c7ae739f8bb04eb013daee44967e3589ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/mono-devel-1.1.18.1-12.2.i586.rpm 94b8c2fa29d1684d1d93368fc289131dftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/mono-extras-1.1.18.1-12.2.i586.rpm 6c9392ee56d2b8aa357c52d6f49b46a4ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/mono-jscript-1.1.18.1-12.2.i586.rpm 5ce60c49f5109ef6a869c0c3d1b5facdftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/mono-locale-extras-1.1.18.1-12.2.i586.rpm b5723ee0fae44b0de7ee7f4e98625ca5ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/mono-nunit-1.1.18.1-12.2.i586.rpm 5668807cb61dbdd3a46da9f0154a13dcftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/mono-web-1.1.18.1-12.2.i586.rpm 2f3c091bafb9c174205b9917a1c948e0ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/mono-winforms-1.1.18.1-12.2.i586.rpm 3f6b3be8eb8ed73d8a0b8348fdfcf4fc
SUSE LINUX 10.1:ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/bytefx-data-mysql-1.1.13.8-2.15.i586.rpm 7e411b0255e4b8364e1fa2e261d177bbftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/ibm-data-db2-1.1.13.8-2.15.i586.rpm 59c0e03583c5d59157b35c33a68ff610ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/mono-basic-1.1.13.8-2.15.i586.rpm eb2b47003b0232d63dcf60a54371da59ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/mono-core-1.1.13.8-2.15.i586.rpm e115c6e2da3c2b1ccfd7177752237239ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/mono-data-1.1.13.8-2.15.i586.rpm 42e8bbae01de311597b5166837ac06e1ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/mono-data-firebird-1.1.13.8-2.15.i586.rpm c3ebfde89466f76d1018afbbc2a1410eftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/mono-data-oracle-1.1.13.8-2.15.i586.rpm f6ba40eb9f4529405f21a2c5d0b39a01ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/mono-data-postgresql-1.1.13.8-2.15.i586.rpm 1018446b35dfd46b2404c12711b4e866ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/mono-data-sqlite-1.1.13.8-2.15.i586.rpm 7b864e4a21da1d12c171e168597249cbftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/mono-data-sybase-1.1.13.8-2.15.i586.rpm 86ef906b744853c4b26a266cfc7460f7ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/mono-devel-1.1.13.8-2.15.i586.rpm 37ece2cc4d73f6b55ef0b4cc6e42f006ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/mono-extras-1.1.13.8-2.15.i586.rpm c4c64d22660f77da3809a6c6d4375500ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/mono-jscript-1.1.13.8-2.15.i586.rpm 291ccf1005505b87f59c4ab3e2acb6a5ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/mono-locale-extras-1.1.13.8-2.15.i586.rpm 0d76aa220a6772796f64a058b010d90bftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/mono-nunit-1.1.13.8-2.15.i586.rpm 4a90129294c6cd3cae2e5bd3b46e22c4ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/mono-web-1.1.13.8-2.15.i586.rpm 8037c8dbfe7d5d72b918035553751d70ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/mono-winforms-1.1.13.8-2.15.i586.rpm b0333ba342c5f31e9c7d154f160faa8e
Platform Independent:
openSUSE 10.2:ftp://ftp.suse.com/pub/suse/update/10.2/rpm/noarch/mono-basic-1.1.18-9.1.noarch.rpm 563582c657915b15b4081b6f36ee37cf
Power PC Platform:
openSUSE 10.2:ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/bytefx-data-mysql-1.1.18.1-12.2.ppc.rpm 7ab0a3e1908b2ce41ce6991392c56b5aftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/ibm-data-db2-1.1.18.1-12.2.ppc.rpm 533e9f3a2a97fe56749f3409bbd1e577ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/mono-core-1.1.18.1-12.2.ppc.rpm 7388cf8363ef7b6d4d2ce495276c9b3dftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/mono-data-1.1.18.1-12.2.ppc.rpm 70833baf535bce3b2192c705266c20eaftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/mono-data-firebird-1.1.18.1-12.2.ppc.rpm 51dca3ae3f5d0276ad1a67702870adf0ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/mono-data-oracle-1.1.18.1-12.2.ppc.rpm 12a03dd8b94fb0d2cfd25266fd4d6021ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/mono-data-postgresql-1.1.18.1-12.2.ppc.rpm 5fca596e3bb72c03dfe8ed697a79217fftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/mono-data-sqlite-1.1.18.1-12.2.ppc.rpm 78fc0723c0f9be7db965583a24125b27ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/mono-data-sybase-1.1.18.1-12.2.ppc.rpm 065affeebf284637dc17663cf647505cftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/mono-devel-1.1.18.1-12.2.ppc.rpm fa9b85abb2a4d7f7b8434dfaaa88e629ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/mono-extras-1.1.18.1-12.2.ppc.rpm b6062113f1c076e53b7bb714855e4f67ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/mono-jscript-1.1.18.1-12.2.ppc.rpm 4bd211e6f9fb5f23c681179a96641b86ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/mono-locale-extras-1.1.18.1-12.2.ppc.rpm e65f00cc0a931ee23ea35cbfb0dbd567ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/mono-nunit-1.1.18.1-12.2.ppc.rpm 6cba2323367c90475a9aaf3059dba127ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/mono-web-1.1.18.1-12.2.ppc.rpm 88760a5f5b8a47209239ffbc3c06251dftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/mono-winforms-1.1.18.1-12.2.ppc.rpm f2abba637b11bbf630a6796e74cc4b76
SUSE LINUX 10.1:ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/bytefx-data-mysql-1.1.13.8-2.15.ppc.rpm df2f559a7c5971466d4e2e56610cc474ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/ibm-data-db2-1.1.13.8-2.15.ppc.rpm e25fbded3d1d80e1558b6d41dd967518ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/mono-basic-1.1.13.8-2.15.ppc.rpm 4171575ffdd03b5711b4ead378849456ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/mono-core-1.1.13.8-2.15.ppc.rpm bc13a69c38e1d5cf583b31dfd6913b47ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/mono-data-1.1.13.8-2.15.ppc.rpm 3554bf92b4f2febcadb50f4b29f23accftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/mono-data-firebird-1.1.13.8-2.15.ppc.rpm 7f1f5caae871c29169f1c76b5b7dd718ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/mono-data-oracle-1.1.13.8-2.15.ppc.rpm fe1a9b37ce0079e9c65830607403aaacftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/mono-data-postgresql-1.1.13.8-2.15.ppc.rpm a1aaa83c1c9d151bb79eed446ea5c7a1ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/mono-data-sqlite-1.1.13.8-2.15.ppc.rpm 682dfb340b1cfd4fc5518e62e76a5ee8ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/mono-data-sybase-1.1.13.8-2.15.ppc.rpm 37574a7a9be6736bd4f703e23ef2a1d3ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/mono-devel-1.1.13.8-2.15.ppc.rpm 3e9314db61dc553c95582be0b5da22a4ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/mono-extras-1.1.13.8-2.15.ppc.rpm 334b918e3281772f5bae84fde6b829a9ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/mono-jscript-1.1.13.8-2.15.ppc.rpm 83af7ef9f3fe0218b3d16ed662d9bcd4ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/mono-locale-extras-1.1.13.8-2.15.ppc.rpm 766583abd69fcf242e3ff1f6c562ea5eftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/mono-nunit-1.1.13.8-2.15.ppc.rpm a0a6c098484a9bb70f0242844188f52dftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/mono-web-1.1.13.8-2.15.ppc.rpm f98c8ccce8bb938fb325d779d7b971c6ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/mono-winforms-1.1.13.8-2.15.ppc.rpm 5d49531a71b940ca4958485e9fee72f1
x86-64 Platform:
openSUSE 10.2:ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/bytefx-data-mysql-1.1.18.1-12.2.x86_64.rpm 23591c785aaef10d3b422eebebbb1499ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/ibm-data-db2-1.1.18.1-12.2.x86_64.rpm f090dfa3c21f4071ac7312bfa0c76512ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/mono-core-1.1.18.1-12.2.x86_64.rpm 9af61b7d487a6025107dfabf76b1d307ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/mono-core-32bit-1.1.18.1-12.2.x86_64.rpm d8b8ff18dfe16e6b8a4e7eea39b46fdcftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/mono-data-1.1.18.1-12.2.x86_64.rpm 46d10714bd4534d578564b521cc4e5eeftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/mono-data-firebird-1.1.18.1-12.2.x86_64.rpm 3352eb7cae2644d12b2761d4280f6a31ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/mono-data-oracle-1.1.18.1-12.2.x86_64.rpm 8dcb7cd3e271a1a0bcbe843269ee8b52ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/mono-data-postgresql-1.1.18.1-12.2.x86_64.rpm be734ae165180a801f35d26811a5a5c4ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/mono-data-sqlite-1.1.18.1-12.2.x86_64.rpm d958bf9cdae6c32bb1e1c36df74fc9fbftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/mono-data-sybase-1.1.18.1-12.2.x86_64.rpm c9429b316e6eecb6ddc2682d01e170dcftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/mono-devel-1.1.18.1-12.2.x86_64.rpm 67567fd44fc1b7f3589ad48f31dd87adftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/mono-extras-1.1.18.1-12.2.x86_64.rpm 3b95cb4747ac42848e2daf543622770cftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/mono-jscript-1.1.18.1-12.2.x86_64.rpm 97fbb5843ff11f35edc5c54338d0ceb9ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/mono-locale-extras-1.1.18.1-12.2.x86_64.rpm 46d10243690c90812ced6b1a9d5aa041ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/mono-nunit-1.1.18.1-12.2.x86_64.rpm 0cfe47db6079f91b99f6fea86696d019ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/mono-web-1.1.18.1-12.2.x86_64.rpm 34e0a3027a6db5adb8a10560467a651eftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/mono-winforms-1.1.18.1-12.2.x86_64.rpm 6fbe5c405768ae26f9c00b9e6a353352
SUSE LINUX 10.1:ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/bytefx-data-mysql-1.1.13.8-2.15.x86_64.rpm 2019045021a97b167ea99ac0c046b101ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/ibm-data-db2-1.1.13.8-2.15.x86_64.rpm 4889570b65d8eed1283146d1adbef2c5ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/mono-basic-1.1.13.8-2.15.x86_64.rpm 3b3337acb365adeb2cdd167dc8ab11c3ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/mono-core-1.1.13.8-2.15.x86_64.rpm 54d0899c5591c4b546a4328aa023e455ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/mono-core-32bit-1.1.13.8-2.15.x86_64.rpm d61a5d6b3ad1418ae8828c632c38753fftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/mono-data-1.1.13.8-2.15.x86_64.rpm 043514968a409980de9c26bb326bcf61ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/mono-data-firebird-1.1.13.8-2.15.x86_64.rpm 79d4a0e1a3ee4ead9c32f2f2a994a3ddftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/mono-data-oracle-1.1.13.8-2.15.x86_64.rpm b094e7fc68ac93c8cea50dd8c9c9f8faftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/mono-data-postgresql-1.1.13.8-2.15.x86_64.rpm 57eca0584754764c9676f64a99318edaftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/mono-data-sqlite-1.1.13.8-2.15.x86_64.rpm 2a3bf582c8bf3b3f0e3b659b5a69fa8fftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/mono-data-sybase-1.1.13.8-2.15.x86_64.rpm e7df071bb25de0dadd8d91d1266e813bftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/mono-devel-1.1.13.8-2.15.x86_64.rpm ccb9cf8b02a3684bc523b1c8deafa132ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/mono-extras-1.1.13.8-2.15.x86_64.rpm e002218ccb079ab3b98c10c6a98e6632ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/mono-jscript-1.1.13.8-2.15.x86_64.rpm b8d6933ae2cd19aae0333385c6df7179ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/mono-locale-extras-1.1.13.8-2.15.x86_64.rpm 7d0b549bd3ff3e55363dce19060797e1ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/mono-nunit-1.1.13.8-2.15.x86_64.rpm f904919d8bb75ca477a580dc5483209dftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/mono-web-1.1.13.8-2.15.x86_64.rpm 4c3d083e708e17e0747e98d605cf2445ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/mono-winforms-1.1.13.8-2.15.x86_64.rpm acfe0ccbdf408e2800b2410b7f7f38b6
Sources:
openSUSE 10.2:ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/mono-basic-1.1.18-9.1.src.rpm 4d7e3741dccd7caa42bdc630dfe258faftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/mono-core-1.1.18.1-12.2.src.rpm 4165d9c7bfe3e9fe270a881a152d280a
SUSE LINUX 10.1:ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/mono-core-1.1.13.8-2.15.src.rpm 24e736054c58c12f64133037a8cf2f10
Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:
SUSE SLES 10http://support.novell.com/techcenter/psdb/42c27df99955c5253c97cbbfb7b56d6f.html
SLE SDK 10http://support.novell.com/techcenter/psdb/42c27df99955c5253c97cbbfb7b56d6f.html
SUSE SLED 10http://support.novell.com/techcenter/psdb/42c27df99955c5253c97cbbfb7b56d6f.html
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security@suse.de >"
where <DATE> is replaced by the date the document was signed.
If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and integrity of a
package needs to be verified to ensure that it has not been tampered with.
The internal RPM package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command
rpm -v --checksig <file.rpm>
to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build@suse.de with the key ID 9C800ACA.
This key is automatically imported into the RPM database (on RPMv4-based
distributions) and the gpg key ring of 'root' during installation. You can
also find it on the first installation CD and included at the end of this
announcement.
SUSE runs two security mailing lists to which any interested party may
subscribe:
security@suse.com > or <security@suse.de >.security@suse.de > public key is listed below.
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.
Type Bits/KeyID Date User IDsecurity@suse.de >build@suse.de >
