Linux Today - Advisories, February 7, 2007

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices

Technology Jobs

LinuxToday Newsletters

Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com

Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

Current Newswire:

Raspberry Pi benchmarked against Beagleboard, low price is long term

20 popular Ubuntu Linux apps you may want to try

A Selection of the Very Best Open Source Tutorials and Tools

Android Ice Cream Sandwich ported to x86 tablets, netbooks and notebooks

SECURITY: Google Chrome 17 Improves Security

How to read a CSV file in Perl?

Red Hat Brings Gluster to Amazon Cloud

New Linux kernel fixes power-saving issues

Using Wii remote with Android Device- Taking Gaming to the Next Level

Commercial Support now available for the open-source NGINX Web server

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Post A Job | Post A Resume

:Advisories, February 7, 2007

Advisories, February 7, 2007
Feb 8, 2007, 04 :45 UTC (0 Talkback[s]) (3783 reads)

Debian GNU/Linux

Debian Security Advisory DSA 1258-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 7th, 2007 http://www.debian.org/security/faq

Package : mozilla-firefox
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-6497 CVE-2006-6498 CVE-2006-6499 CVE-2006-6501 CVE-2006-6502 CVE-2006-6503
CERT advisories: VU#263412 VU#405092 VU#427972 VU#428500 VU#447772 VU#606260
BugTraq ID : 21668
Debian Bug :

Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:

CVE-2006-6497

Several vulnerabilities in the layout engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. [MFSA 2006-68]

CVE-2006-6498

Several vulnerabilities in the JavaScript engine allow remote attackers to cause a denial of service and possibly permit them to execute arbitrary code. [MFSA 2006-68]

CVE-2006-6499

A bug in the js_dtoa function allows remote attackers to cause a denial of service. [MFSA 2006-68]

CVE-2006-6501

"shutdown" discovered a vulnerability that allows remote attackers to gain privileges and install malicious code via the watch JavaScript function. [MFSA 2006-70]

CVE-2006-6502

Steven Michaud discovered a programming bug that allows remote attackers to cause a denial of service. [MFSA 2006-71]

CVE-2006-6503

"moz_bug_r_a4" reported that the src attribute of an IMG element could be used to inject JavaScript code. [MFSA 2006-72]

For the stable distribution (sarge) these problems have been fixed in version 1.0.2-2.sarge1.0.8e.2.

For the testing (etch) and unstable (sid) distribution these problems have been fixed in version 1.5.0.9.dfsg1-1 of icedove.

We recommend that you upgrade your Mozilla Thunderbird and Icedove packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2.dsc
      Size/MD5 checksum: 1003 98589a4dcffac076c95e1d3aa3aebadf
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2.diff.gz
      Size/MD5 checksum: 565274 897aa9e909e426a86d23314b34979440
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
      Size/MD5 checksum: 33288906 806175393a226670aa66060452d31df4

Alpha architecture:

AMD64 architecture:

ARM architecture:

HP Precision architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_hppa.deb
      Size/MD5 checksum: 13585836 22bf188382e0b9eeab3e8668a7829313
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_hppa.deb
      Size/MD5 checksum: 3288674 1b5ec46286ea477290c18e168a6275ef
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_hppa.deb
      Size/MD5 checksum: 154352 c6729cc890884a0eca77f05ccd6bab0b
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_hppa.deb
      Size/MD5 checksum: 34628 3f84dfddd9efddaaa4f21d58a3653df4
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_hppa.deb
      Size/MD5 checksum: 98454 6e6decf81bddd8ea00c1368fa2b5e723

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_i386.deb
      Size/MD5 checksum: 11586880 f38dd2061ea093c4b6cbc0a080d1c40e
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_i386.deb
      Size/MD5 checksum: 3512118 61c00c5bccc32bd011e274249d921696
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_i386.deb
      Size/MD5 checksum: 147880 80d5872d2028eb50208cf8eea839abe7
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_i386.deb
      Size/MD5 checksum: 34624 3338dcfb4c556496ac4a4ca7d3ab2a2d
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_i386.deb
      Size/MD5 checksum: 89148 9ebbc2a0746e072cdeab95fd5c89f09d

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_ia64.deb
      Size/MD5 checksum: 14647370 452343151d070c164e7974fe2ee7a5c2
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_ia64.deb
      Size/MD5 checksum: 3294046 088221d0e1a94ab9ff9a85abf0c9dce0
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_ia64.deb
      Size/MD5 checksum: 156478 c1f0352991dda272adc4e98a01f6da04
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_ia64.deb
      Size/MD5 checksum: 34622 01497338dcbd76afba7b6f92ab600218
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_ia64.deb
      Size/MD5 checksum: 108286 5e996c3ce7ebb544fce21ee4a0b3be3e

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_m68k.deb
      Size/MD5 checksum: 10805538 1cd3d59f940e597ae5ea9db2b500b397
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_m68k.deb
      Size/MD5 checksum: 3276902 3b842492ea6b0510d0f866a1f6cd35c5
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_m68k.deb
      Size/MD5 checksum: 146114 fa6030acf9a09eaa56642dcd0a83d168
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_m68k.deb
      Size/MD5 checksum: 34644 3e8274232a5009226ecd918b5109dd9a
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_m68k.deb
      Size/MD5 checksum: 83626 90453c4ceba1fef2d6606114d86baf7e

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_mips.deb
      Size/MD5 checksum: 11964534 d8d5e25f49f281f37dee2bdab77ff4fa
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_mips.deb
      Size/MD5 checksum: 3284032 92daac0ef32ad9b1eebfb991c7e106b7
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_mips.deb
      Size/MD5 checksum: 149104 d27168040c767a4769cae0cbebd1e724
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_mips.deb
      Size/MD5 checksum: 34628 96b3a511bde2f35bd66af2aa1ec26591
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_mips.deb
      Size/MD5 checksum: 85876 48c7aed4c0150b96e6ef362c695d16ef

Little endian MIPS architecture:

PowerPC architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_powerpc.deb
      Size/MD5 checksum: 10925170 b65fa19b09ee136eae77143c5375809e
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_powerpc.deb
      Size/MD5 checksum: 3274902 9fd696884a285d20aca2042e652d2c03
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_powerpc.deb
      Size/MD5 checksum: 146098 72c75a293110e574660fc29ccfac63d7
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_powerpc.deb
      Size/MD5 checksum: 34622 3010036628ed737082f983a4fc94c766
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_powerpc.deb
      Size/MD5 checksum: 82550 bf8330d7bce0096b4fe2e34f8d820b80

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_s390.deb
      Size/MD5 checksum: 12716512 c5657cead6d10fe6234e5887853859c5
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_s390.deb
      Size/MD5 checksum: 3284924 3b6f541bebc35dcf3e840496bd3f04d4
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_s390.deb
      Size/MD5 checksum: 152464 7036fdf6dbf83b7b746c6cb63b33371c
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_s390.deb
      Size/MD5 checksum: 34616 2ac4013bd1c1bc9c6fd95b20acb482d8
    http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_s390.deb
      Size/MD5 checksum: 90350 f1609d45f781904ef39c22524c1c5f89

Sun Sparc architecture:

These files will probably be moved into the stable distribution on its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Fedora Core

Fedora Update Notification
FEDORA-2007-207
2007-02-06

Product : Fedora Core 5
Name : wireshark
Version : 0.99.5
Release : 1.fc5
Summary : Network traffic analyzer
Description : Wireshark is a network traffic analyzer for Unix-ish operating systems.

This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package.

Update Information:

multiple security issues fixed (#227140)
CVE-2007-0459 - The TCP dissector could hang or crash while reassembling HTTP packets
CVE-2007-0459 - The HTTP dissector could crash.
CVE-2007-0457 - On some systems, the IEEE 802.11 dissector could crash.
CVE-2007-0456 - On some systems, the LLT dissector could crash.

Mon Feb 5 2007 Radek Vokäl <rvokal@redhat.com> 0.99.5-1
- multiple security issues fixed (#227140)
- CVE-2007-0459 - The TCP dissector could hang or crash while reassembling HTTP packets
- CVE-2007-0459 - The HTTP dissector could crash.
- CVE-2007-0457 - On some systems, the IEEE 802.11 dissector could crash.
- CVE-2007-0456 - On some systems, the LLT dissector could crash.
Wed Nov 1 2006 Radek Vokäl <rvokal@redhat.com> 0.99.4-1.fc5
- upgrade to 0.99.4, fixes multiple security issues
- use dist tag
- CVE-2006-5468 - The HTTP dissector could dereference a null pointer.
- CVE-2006-5469 - The WBXML dissector could crash.
- CVE-2006-5470 - The LDAP dissector (and possibly others) could crash.
- CVE-2006-4805 - Basic DoS, The XOT dissector could attempt to allocate a large amount of memory and crash.
- CVE-2006-4574 - Single byte overflow written onto the heap
Fri Aug 25 2006 Radek Vokal <rvokal@redhat.com> 0.99.3-fc5.1
- upgrade to 0.99.3-1
- CVE-2006-4330 Wireshark security issues (CVE-2006-4333 CVE-2006-4332 CVE-2006-4331)
Wed Jul 26 2006 Radek Vokal <rvokal@redhat.com> 0.99.2-fc5.2
- fix BuildRequires
Tue Jul 25 2006 Radek Vokal <rvokal@redhat.com> 0.99.2-fc5.1
- build for FC5
Tue Jul 18 2006 Radek Vokäl <rvokal@redhat.com> 0.99.2-1
- upgrade to 0.99.2
Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.99.2-0.pre1.1
- rebuild
Tue Jul 11 2006 Radek Vokäl <rvokal@redhat.com> 0.99.2-0.pre1
- upgrade to 0.99.2pre1, fixes (#198242)
Tue Jun 13 2006 Radek Vokal <rvokal@redhat.com> 0.99.1-0.pre1
- spec file changes
Fri Jun 9 2006 Radek Vokal <rvokal@redhat.com> 0.99.1pre1-1
- initial build for Fedora Core

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

d47c9073007904d43c852880b68050a90cdbee29 SRPMS/wireshark-0.99.5-1.fc5.src.rpm
d47c9073007904d43c852880b68050a90cdbee29 noarch/wireshark-0.99.5-1.fc5.src.rpm
e0106642b608752314e390fd63f694206a7d40ca ppc/debug/wireshark-debuginfo-0.99.5-1.fc5.ppc.rpm
e598f274c7291478ac9d2e1db16c402dfe0192d0 ppc/wireshark-0.99.5-1.fc5.ppc.rpm
afdb854f38f4629cd346c5e44582b1abd8cc6999 ppc/wireshark-gnome-0.99.5-1.fc5.ppc.rpm
f9db362d081a40c08fe089c6f09c588ba3911f7f x86_64/wireshark-0.99.5-1.fc5.x86_64.rpm
b2426e3ababe0bd30f8dcf8bd931a99920c528ee x86_64/wireshark-gnome-0.99.5-1.fc5.x86_64.rpm
44a9179cbbd6efe531a6e9fb643354ca10fc69e2 x86_64/debug/wireshark-debuginfo-0.99.5-1.fc5.x86_64.rpm
24e9c722719305b4b4a1c55bc75b617a0691665a i386/debug/wireshark-debuginfo-0.99.5-1.fc5.i386.rpm
c2ae37004d933a1d4cf9ae2ce0fc0e5a71ae7e2c i386/wireshark-gnome-0.99.5-1.fc5.i386.rpm
4fa778c631268a2c21017279a24979c5b795c46a i386/wireshark-0.99.5-1.fc5.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.

Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2007:035
http://www.mandriva.com/security/

Package : gd
Date : February 6, 2007
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0

Problem Description:

Buffer overflow in the gdImageStringFTEx function in gdft.c in the GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.

Packages have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455

Updated Packages:

Mandriva Linux 2006.0:
bb5df1fd9874cb4538bd24ba722849c3 2006.0/i586/gd-utils-2.0.33-3.2.20060mdk.i586.rpm
311dbbc55d0d4d80d47305b397dccdfa 2006.0/i586/libgd2-2.0.33-3.2.20060mdk.i586.rpm
6d9f985a8266df26f4642dd985afd3c8 2006.0/i586/libgd2-devel-2.0.33-3.2.20060mdk.i586.rpm
cb18cfd4467243366179b50f60877683 2006.0/i586/libgd2-static-devel-2.0.33-3.2.20060mdk.i586.rpm f4ed9e9a93903a69682da9f898127575 2006.0/SRPMS/gd-2.0.33-3.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
ffe7cb2190e4d347f82b477b4b90617f 2006.0/x86_64/gd-utils-2.0.33-3.2.20060mdk.x86_64.rpm
92e96a8d5004b396aab5acc4cc853d8e 2006.0/x86_64/lib64gd2-2.0.33-3.2.20060mdk.x86_64.rpm
6a7247cbd5dfd03e51181711404f8dc5 2006.0/x86_64/lib64gd2-devel-2.0.33-3.2.20060mdk.x86_64.rpm
cedc398df2eae9a72c4c967b421ceb32 2006.0/x86_64/lib64gd2-static-devel-2.0.33-3.2.20060mdk.x86_64.rpm f4ed9e9a93903a69682da9f898127575 2006.0/SRPMS/gd-2.0.33-3.2.20060mdk.src.rpm

Mandriva Linux 2007.0:
efddec174f28af4832a9fb488292a9ab 2007.0/i586/gd-utils-2.0.33-5.1mdv2007.0.i586.rpm
4f97206e59ac7f365c458a825a0548f6 2007.0/i586/libgd2-2.0.33-5.1mdv2007.0.i586.rpm
466025b4339876efbfee2a7466a46fa2 2007.0/i586/libgd2-devel-2.0.33-5.1mdv2007.0.i586.rpm
8a662acf86e0dc6ef7ef6207f8e1ec5d 2007.0/i586/libgd2-static-devel-2.0.33-5.1mdv2007.0.i586.rpm c9690844ec1145ed47053e1194fe9dc3 2007.0/SRPMS/gd-2.0.33-5.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
0442cd89cc1fc63d34afc1d7e05576fa 2007.0/x86_64/gd-utils-2.0.33-5.1mdv2007.0.x86_64.rpm
10cdbd6617bfef0029cafdc7a9650761 2007.0/x86_64/lib64gd2-2.0.33-5.1mdv2007.0.x86_64.rpm
3d02da82cf6e5a9885126709b0318c1a 2007.0/x86_64/lib64gd2-devel-2.0.33-5.1mdv2007.0.x86_64.rpm
b696d03707bee9f0c107e88de26f0bf5 2007.0/x86_64/lib64gd2-static-devel-2.0.33-5.1mdv2007.0.x86_64.rpm c9690844ec1145ed47053e1194fe9dc3 2007.0/SRPMS/gd-2.0.33-5.1mdv2007.0.src.rpm

Corporate 3.0:
47ba42ab82d3d625626a00c65e79effc corporate/3.0/i586/gd-utils-2.0.15-4.3.C30mdk.i586.rpm
02256e730c508cff7acee1204f761512 corporate/3.0/i586/libgd2-2.0.15-4.3.C30mdk.i586.rpm
082545ff3f1596c9ae30d5842442f29e corporate/3.0/i586/libgd2-devel-2.0.15-4.3.C30mdk.i586.rpm
371c86bd9b0eecc7331dfbf72cd0ddd5 corporate/3.0/i586/libgd2-static-devel-2.0.15-4.3.C30mdk.i586.rpm 50b89a63317d23b8712efea59d6fd121 corporate/3.0/SRPMS/gd-2.0.15-4.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
9786831c164719c081bf7d56c276a157 corporate/3.0/x86_64/gd-utils-2.0.15-4.3.C30mdk.x86_64.rpm
141d9ff878b727046f2484e931f662f7 corporate/3.0/x86_64/lib64gd2-2.0.15-4.3.C30mdk.x86_64.rpm
84823810c9c592e0505862cc5882b131 corporate/3.0/x86_64/lib64gd2-devel-2.0.15-4.3.C30mdk.x86_64.rpm
c53cef0bf475c4eeeb59bf4e5c4a11aa corporate/3.0/x86_64/lib64gd2-static-devel-2.0.15-4.3.C30mdk.x86_64.rpm 50b89a63317d23b8712efea59d6fd121 corporate/3.0/SRPMS/gd-2.0.15-4.3.C30mdk.src.rpm

Corporate 4.0:
58ca4f9b316790c648400059a73e53cd corporate/4.0/i586/gd-utils-2.0.33-3.2.20060mlcs4.i586.rpm
57f262fc41dc138a2b01b513e7a6977d corporate/4.0/i586/libgd2-2.0.33-3.2.20060mlcs4.i586.rpm
dfeb2d6e537bcd39e8c4f4dc3cc97782 corporate/4.0/i586/libgd2-devel-2.0.33-3.2.20060mlcs4.i586.rpm
fdd201797572fc130767b6dfa3aaefa5 corporate/4.0/i586/libgd2-static-devel-2.0.33-3.2.20060mlcs4.i586.rpm 91e6169527be92d0a4e1ef4a62bc4dd4 corporate/4.0/SRPMS/gd-2.0.33-3.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
572ae62589b39a2bf9d4dd5b7c34e827 corporate/4.0/x86_64/gd-utils-2.0.33-3.2.20060mlcs4.x86_64.rpm
ca43f6e9a811f49cf442b73c845c8d64 corporate/4.0/x86_64/lib64gd2-2.0.33-3.2.20060mlcs4.x86_64.rpm
8111cbbe7d7fc966fdb8f3c310cf6653 corporate/4.0/x86_64/lib64gd2-devel-2.0.33-3.2.20060mlcs4.x86_64.rpm
32e355162f4e68f339cf98f1c1baf53d corporate/4.0/x86_64/lib64gd2-static-devel-2.0.33-3.2.20060mlcs4.x86_64.rpm 91e6169527be92d0a4e1ef4a62bc4dd4 corporate/4.0/SRPMS/gd-2.0.33-3.2.20060mlcs4.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2007:036
http://www.mandriva.com/security/

Package : libwmf
Date : February 6, 2007
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0

Problem Description:

Libwmf uses an embedded copy of the gd source and may also be affected by this issue.

Packages have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455

Updated Packages:

Mandriva Linux 2006.0:
e20256e67b230fb391ecc25b462eeab2 2006.0/i586/libwmf-0.2.8.3-6.4.20060mdk.i586.rpm
d0d0c26789f2e17e5b86cf4ecb4e0f38 2006.0/i586/libwmf0.2_7-0.2.8.3-6.4.20060mdk.i586.rpm
ed27e474fc154203677111795fbb8d55 2006.0/i586/libwmf0.2_7-devel-0.2.8.3-6.4.20060mdk.i586.rpm 1e51660d73213b67ba80967c945d0d49 2006.0/SRPMS/libwmf-0.2.8.3-6.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
d2fbbdf43ce91c6d347e381be6b81d74 2006.0/x86_64/lib64wmf0.2_7-0.2.8.3-6.4.20060mdk.x86_64.rpm
c4f2e16dd585c2d3d3418e965baf4f7f 2006.0/x86_64/lib64wmf0.2_7-devel-0.2.8.3-6.4.20060mdk.x86_64.rpm
ec618bd5ddaf3abf11736ba6f7bb312e 2006.0/x86_64/libwmf-0.2.8.3-6.4.20060mdk.x86_64.rpm 1e51660d73213b67ba80967c945d0d49 2006.0/SRPMS/libwmf-0.2.8.3-6.4.20060mdk.src.rpm

Mandriva Linux 2007.0:
6ddcf6fa9d07430b6506c6e539750490 2007.0/i586/libwmf-0.2.8.4-6.1mdv2007.0.i586.rpm
bca845804d4da48c5945a558d88991ba 2007.0/i586/libwmf0.2_7-0.2.8.4-6.1mdv2007.0.i586.rpm
e88b4e66f7ba43445578922a77c0af0a 2007.0/i586/libwmf0.2_7-devel-0.2.8.4-6.1mdv2007.0.i586.rpm b6fc7246891a9635e260061666f8d1bc 2007.0/SRPMS/libwmf-0.2.8.4-6.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
9b6632e5918d5984abc3cdc1c3659e47 2007.0/x86_64/lib64wmf0.2_7-0.2.8.4-6.1mdv2007.0.x86_64.rpm
476cae147f1eefc4cff0d328cc235cfb 2007.0/x86_64/lib64wmf0.2_7-devel-0.2.8.4-6.1mdv2007.0.x86_64.rpm
b16363e12139fc6786d22a6cfc549bab 2007.0/x86_64/libwmf-0.2.8.4-6.1mdv2007.0.x86_64.rpm b6fc7246891a9635e260061666f8d1bc 2007.0/SRPMS/libwmf-0.2.8.4-6.1mdv2007.0.src.rpm

Corporate 3.0:
8ab58c9932da307fc45301d4c43952d0 corporate/3.0/i586/libwmf-0.2.8-6.4.C30mdk.i586.rpm
8e7d0ab58e3c307b6bb723545d378d1d corporate/3.0/i586/libwmf0.2_7-0.2.8-6.4.C30mdk.i586.rpm
c82ea507536b900652218a7ab9d3d69c corporate/3.0/i586/libwmf0.2_7-devel-0.2.8-6.4.C30mdk.i586.rpm e390b914857d4d67bdb2ef45545a82fd corporate/3.0/SRPMS/libwmf-0.2.8-6.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
ef2f38e688ac821550a8cef7e5ccc48e corporate/3.0/x86_64/lib64wmf0.2_7-0.2.8-6.4.C30mdk.x86_64.rpm
440c29e0dac1fd3e980c270e18f53f0f corporate/3.0/x86_64/lib64wmf0.2_7-devel-0.2.8-6.4.C30mdk.x86_64.rpm
3125547bd6cdc7eb6fde1a768d9ce771 corporate/3.0/x86_64/libwmf-0.2.8-6.4.C30mdk.x86_64.rpm e390b914857d4d67bdb2ef45545a82fd corporate/3.0/SRPMS/libwmf-0.2.8-6.4.C30mdk.src.rpm

Corporate 4.0:
01ea7b987e96e79f3246cec473e44415 corporate/4.0/i586/libwmf-0.2.8.3-6.4.20060mlcs4.i586.rpm
82a459c50db3e1042eb489d13c036871 corporate/4.0/i586/libwmf0.2_7-0.2.8.3-6.4.20060mlcs4.i586.rpm
aef7018051548a36066c65ef59de1571 corporate/4.0/i586/libwmf0.2_7-devel-0.2.8.3-6.4.20060mlcs4.i586.rpm 5a04c278fdcb28320aac0cc08e802f14 corporate/4.0/SRPMS/libwmf-0.2.8.3-6.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
32bf6a4902c45c2d18de1a025f6cadcc corporate/4.0/x86_64/lib64wmf0.2_7-0.2.8.3-6.4.20060mlcs4.x86_64.rpm
db7d2b330c682d23bff9dd852bd6a7ef corporate/4.0/x86_64/lib64wmf0.2_7-devel-0.2.8.3-6.4.20060mlcs4.x86_64.rpm
ffb6e68cde364f02cf11f15889fca672 corporate/4.0/x86_64/libwmf-0.2.8.3-6.4.20060mlcs4.x86_64.rpm 5a04c278fdcb28320aac0cc08e802f14 corporate/4.0/SRPMS/libwmf-0.2.8.3-6.4.20060mlcs4.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2007:037
http://www.mandriva.com/security/

Package : postgresql
Date : February 6, 2007
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0

Problem Description:

Jeff Trout discovered that the PostgreSQL server did not sufficiently check data types of SQL function arguments in some cases. A user could then exploit this to crash the database server or read out arbitrary locations of the server's memory, which could be used to retrieve database contents that the user should not be able to see. Note that a user must be authenticated in order to exploit this (CVE-2007-0555).

As well, Jeff Trout also discovered that the query planner did not verify that a table was still compatible with a previously-generated query plan, which could be exploted to read out arbitrary locations of the server's memory by using ALTER COLUMN TYPE during query execution. Again, a user must be authenticated in order to exploit this (CVE-2007-0556).

Updated packages have been patched to correct these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556

Updated Packages:

Mandriva Linux 2006.0:
e60813d14a97195111e2f441c035c0a4 2006.0/i586/libecpg5-8.0.11-0.1.20060mdk.i586.rpm
98471eae4a56f506629b7b78858df05b 2006.0/i586/libecpg5-devel-8.0.11-0.1.20060mdk.i586.rpm
649d620612706f772506250aa074f105 2006.0/i586/libpq4-8.0.11-0.1.20060mdk.i586.rpm
33be3c14364154f423ef63d1bbef52ed 2006.0/i586/libpq4-devel-8.0.11-0.1.20060mdk.i586.rpm
4c9ed409c90110a0b22d6faf3a3c0fcd 2006.0/i586/postgresql-8.0.11-0.1.20060mdk.i586.rpm
072d1dc81f3a430c76b0a2e2c9f2b9bc 2006.0/i586/postgresql-contrib-8.0.11-0.1.20060mdk.i586.rpm
ecc54ed5ec7bdab8fdbfc19eff109703 2006.0/i586/postgresql-devel-8.0.11-0.1.20060mdk.i586.rpm
c46c90969f5322c37ecb58fce0aadaac 2006.0/i586/postgresql-docs-8.0.11-0.1.20060mdk.i586.rpm
e788e7e5036e49ff126ef0dd1264f72c 2006.0/i586/postgresql-jdbc-8.0.11-0.1.20060mdk.i586.rpm
da908fc8bea59bdab1ec5bd75bc71aa3 2006.0/i586/postgresql-pl-8.0.11-0.1.20060mdk.i586.rpm
3689716149fd60406f71ce6371c4994a 2006.0/i586/postgresql-plperl-8.0.11-0.1.20060mdk.i586.rpm
cd28d3b208ad2fd90ccb0ee7b26acd73 2006.0/i586/postgresql-plpgsql-8.0.11-0.1.20060mdk.i586.rpm
85fe6864b2ab743023a0b3f9ef055dba 2006.0/i586/postgresql-plpython-8.0.11-0.1.20060mdk.i586.rpm
b09b01ee09433cb2276694c1a7769a58 2006.0/i586/postgresql-pltcl-8.0.11-0.1.20060mdk.i586.rpm
3ee91ea236e04f2a911ad69868bf3f29 2006.0/i586/postgresql-server-8.0.11-0.1.20060mdk.i586.rpm
d5d9d33f248cadef71bff48dd1f7c81a 2006.0/i586/postgresql-test-8.0.11-0.1.20060mdk.i586.rpm 2f456c000cba2ac5f98ab05bb1c8b400 2006.0/SRPMS/postgresql-8.0.11-0.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
04e172cf72fef2efc12d43d4906f2408 2006.0/x86_64/lib64ecpg5-8.0.11-0.1.20060mdk.x86_64.rpm
623fed2a8d785d71658705abd7d5d1f4 2006.0/x86_64/lib64ecpg5-devel-8.0.11-0.1.20060mdk.x86_64.rpm
ad035cd1c9c11346a683febb2cc56783 2006.0/x86_64/lib64pq4-8.0.11-0.1.20060mdk.x86_64.rpm
3762497183d1b702f6f4f9683e871c88 2006.0/x86_64/lib64pq4-devel-8.0.11-0.1.20060mdk.x86_64.rpm
ab263a98ce0b7179bfb834889c9facb0 2006.0/x86_64/postgresql-8.0.11-0.1.20060mdk.x86_64.rpm
af4b6e09c92f53d6541390c04e922f4d 2006.0/x86_64/postgresql-contrib-8.0.11-0.1.20060mdk.x86_64.rpm
9f2a34e6162f77dddcc185552e9cb619 2006.0/x86_64/postgresql-devel-8.0.11-0.1.20060mdk.x86_64.rpm
8ce393a46d3eff9c5ea7d632d139c8e2 2006.0/x86_64/postgresql-docs-8.0.11-0.1.20060mdk.x86_64.rpm
eee613b2b2df9565bc34dd70b4f4af3e 2006.0/x86_64/postgresql-jdbc-8.0.11-0.1.20060mdk.x86_64.rpm
6fbf3a35951d64936597a16e6aef59c5 2006.0/x86_64/postgresql-pl-8.0.11-0.1.20060mdk.x86_64.rpm
610fc142482dc119816bc37edbd16427 2006.0/x86_64/postgresql-plperl-8.0.11-0.1.20060mdk.x86_64.rpm
e63db598dd5c07c9abe67834c242cec4 2006.0/x86_64/postgresql-plpgsql-8.0.11-0.1.20060mdk.x86_64.rpm
f1398990db7f8fc80f31938c69f64153 2006.0/x86_64/postgresql-plpython-8.0.11-0.1.20060mdk.x86_64.rpm
612afa01e019d0da5b3fdd7e9c5579f0 2006.0/x86_64/postgresql-pltcl-8.0.11-0.1.20060mdk.x86_64.rpm
730a1ce6785ca112c63ee6367999e491 2006.0/x86_64/postgresql-server-8.0.11-0.1.20060mdk.x86_64.rpm
dd5931e07b71f7d39147061bef39d177 2006.0/x86_64/postgresql-test-8.0.11-0.1.20060mdk.x86_64.rpm 2f456c000cba2ac5f98ab05bb1c8b400 2006.0/SRPMS/postgresql-8.0.11-0.1.20060mdk.src.rpm

Mandriva Linux 2007.0:
d077be222aa54f1bf37f55a2b426a487 2007.0/i586/libecpg5-8.1.7-1.1mdv2007.0.i586.rpm
39c5c0d8ccfe2b16e04c71f63ca676dd 2007.0/i586/libecpg5-devel-8.1.7-1.1mdv2007.0.i586.rpm
b5509203ec7f9ef453341117305dcdb9 2007.0/i586/libpq4-8.1.7-1.1mdv2007.0.i586.rpm
1c9a4e7f08038413cc0f4ec7885a42a7 2007.0/i586/libpq4-devel-8.1.7-1.1mdv2007.0.i586.rpm
2dc5c3369f280892ce430f4cd64281ab 2007.0/i586/postgresql-8.1.7-1.1mdv2007.0.i586.rpm
7f32f50497435ec064c3aec25551a0af 2007.0/i586/postgresql-contrib-8.1.7-1.1mdv2007.0.i586.rpm
f5f3ac5638eea527abb3f945585cece7 2007.0/i586/postgresql-devel-8.1.7-1.1mdv2007.0.i586.rpm
3ab61d16063667f699326a6604303b50 2007.0/i586/postgresql-docs-8.1.7-1.1mdv2007.0.i586.rpm
dbc683ac58c893ffef301545ae5091ea 2007.0/i586/postgresql-pl-8.1.7-1.1mdv2007.0.i586.rpm
c34d1891abe81af46de910bd9d8c7a2d 2007.0/i586/postgresql-plperl-8.1.7-1.1mdv2007.0.i586.rpm
520adbe4ed1a43d0aa88f89bcd3a90e2 2007.0/i586/postgresql-plpgsql-8.1.7-1.1mdv2007.0.i586.rpm
6eca2470426328ebcdf83e6bd6acaf0a 2007.0/i586/postgresql-plpython-8.1.7-1.1mdv2007.0.i586.rpm
2cad17701ab6467d6bea6b95ed39b0d2 2007.0/i586/postgresql-pltcl-8.1.7-1.1mdv2007.0.i586.rpm
5c3166ca9b13c992aa3460899291a728 2007.0/i586/postgresql-server-8.1.7-1.1mdv2007.0.i586.rpm
52dc82a5c745e1f46a76ebf32ac3e2e5 2007.0/i586/postgresql-test-8.1.7-1.1mdv2007.0.i586.rpm b8229227cba3278c0e40a99f6ef39883 2007.0/SRPMS/postgresql-8.1.7-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
5315b2c35a453b577ee7847e019a846a 2007.0/x86_64/lib64ecpg5-8.1.7-1.1mdv2007.0.x86_64.rpm
2fe21dd9a0498b7001c9138cd9218159 2007.0/x86_64/lib64ecpg5-devel-8.1.7-1.1mdv2007.0.x86_64.rpm
dc4e1420d0d36ebcd56c196989fb6694 2007.0/x86_64/lib64pq4-8.1.7-1.1mdv2007.0.x86_64.rpm
e2efe03361910444fe6d684b4648876f 2007.0/x86_64/lib64pq4-devel-8.1.7-1.1mdv2007.0.x86_64.rpm
9b44f853f77f48a0088eb7943756b64e 2007.0/x86_64/postgresql-8.1.7-1.1mdv2007.0.x86_64.rpm
02a87ed9b62c4dd6206de8021755dea0 2007.0/x86_64/postgresql-contrib-8.1.7-1.1mdv2007.0.x86_64.rpm
82ade12fa019f039c989740b6484baee 2007.0/x86_64/postgresql-devel-8.1.7-1.1mdv2007.0.x86_64.rpm
d6a5eb5f86263626f4f7d94d145bb108 2007.0/x86_64/postgresql-docs-8.1.7-1.1mdv2007.0.x86_64.rpm
b7bad9fbe23450fb07c94ffa4135fed7 2007.0/x86_64/postgresql-pl-8.1.7-1.1mdv2007.0.x86_64.rpm
79a363334dba592ca80cac1017a45b1c 2007.0/x86_64/postgresql-plperl-8.1.7-1.1mdv2007.0.x86_64.rpm
38ea142b1a812fa734947a629e740151 2007.0/x86_64/postgresql-plpgsql-8.1.7-1.1mdv2007.0.x86_64.rpm
a623495f6bfc957139669a29ee13fb58 2007.0/x86_64/postgresql-plpython-8.1.7-1.1mdv2007.0.x86_64.rpm
e777974b7b49296dae095363b5448cc5 2007.0/x86_64/postgresql-pltcl-8.1.7-1.1mdv2007.0.x86_64.rpm
90e65a9ac76430df828265d6ea1d4c23 2007.0/x86_64/postgresql-server-8.1.7-1.1mdv2007.0.x86_64.rpm
eb7e03b7a74491f60bc4e4dd0ba9aff2 2007.0/x86_64/postgresql-test-8.1.7-1.1mdv2007.0.x86_64.rpm b8229227cba3278c0e40a99f6ef39883 2007.0/SRPMS/postgresql-8.1.7-1.1mdv2007.0.src.rpm

Corporate 3.0:
25505c19ece576fefeba90b64caacfad corporate/3.0/i586/libecpg3-7.4.1-2.8.C30mdk.i586.rpm
ef8a317c21785512de3144da1c9edff0 corporate/3.0/i586/libecpg3-devel-7.4.1-2.8.C30mdk.i586.rpm
45906f492059f08e3b5e0aa2595b5888 corporate/3.0/i586/libpgtcl2-7.4.1-2.8.C30mdk.i586.rpm
c44595a37d655f17c8f97e5a2e5cc5fa corporate/3.0/i586/libpgtcl2-devel-7.4.1-2.8.C30mdk.i586.rpm
3b962bc41a1bbddfee5eef2fc554c7fb corporate/3.0/i586/libpq3-7.4.1-2.8.C30mdk.i586.rpm
d8daf6f07762ff1a041761fe13591828 corporate/3.0/i586/libpq3-devel-7.4.1-2.8.C30mdk.i586.rpm
30c7d21119850ba8d84eb169c369723c corporate/3.0/i586/postgresql-7.4.1-2.8.C30mdk.i586.rpm
a1a5653a3199fa56ce05d58a43636627 corporate/3.0/i586/postgresql-contrib-7.4.1-2.8.C30mdk.i586.rpm
aa51e081c03b40018ab21d0821c71fea corporate/3.0/i586/postgresql-devel-7.4.1-2.8.C30mdk.i586.rpm
b13e32723f494af7bf0d28e6fab484a2 corporate/3.0/i586/postgresql-docs-7.4.1-2.8.C30mdk.i586.rpm
b64b66c52913c251fd920b7c932ede54 corporate/3.0/i586/postgresql-jdbc-7.4.1-2.8.C30mdk.i586.rpm
1fa995965d510d83b49ef5adb7d0fb30 corporate/3.0/i586/postgresql-pl-7.4.1-2.8.C30mdk.i586.rpm
b76e6848ef3e48239e9fadce93d4cf1e corporate/3.0/i586/postgresql-server-7.4.1-2.8.C30mdk.i586.rpm
830a2abbba11c2a3888bb207ce1f2657 corporate/3.0/i586/postgresql-tcl-7.4.1-2.8.C30mdk.i586.rpm
6de4c509e8f30449de71ee847a72cc0b corporate/3.0/i586/postgresql-test-7.4.1-2.8.C30mdk.i586.rpm cb9f633aa33f20592c22d808d243e7f4 corporate/3.0/SRPMS/postgresql-7.4.1-2.8.C30mdk.src.rpm

Corporate 3.0/X86_64:
b96b64db68a43bd86803a7f625d98c2e corporate/3.0/x86_64/lib64ecpg3-7.4.1-2.8.C30mdk.x86_64.rpm
37b035c411b06a3d4fbfd2479ded71cf corporate/3.0/x86_64/lib64ecpg3-devel-7.4.1-2.8.C30mdk.x86_64.rpm
37f965d055dfc9b9243a667f876b3799 corporate/3.0/x86_64/lib64pgtcl2-7.4.1-2.8.C30mdk.x86_64.rpm
b127a439b633f1af2bb6a20475185f54 corporate/3.0/x86_64/lib64pgtcl2-devel-7.4.1-2.8.C30mdk.x86_64.rpm
3b2f7f2ada985794e9489f9049b00eb8 corporate/3.0/x86_64/lib64pq3-7.4.1-2.8.C30mdk.x86_64.rpm
0cf784d8f003c5956f19446032d97e29 corporate/3.0/x86_64/lib64pq3-devel-7.4.1-2.8.C30mdk.x86_64.rpm
bcd4e668928ab31ab0333dbd1212149f corporate/3.0/x86_64/postgresql-7.4.1-2.8.C30mdk.x86_64.rpm
fee8199f9dff5f0d6a4a38e39f5b0777 corporate/3.0/x86_64/postgresql-contrib-7.4.1-2.8.C30mdk.x86_64.rpm
158768a27c1c8294e778599533d7a3c6 corporate/3.0/x86_64/postgresql-devel-7.4.1-2.8.C30mdk.x86_64.rpm
667ca4ec5ac29289c920af54a5f0cdeb corporate/3.0/x86_64/postgresql-docs-7.4.1-2.8.C30mdk.x86_64.rpm
617d2d2cba98ad6079057f9262db16db corporate/3.0/x86_64/postgresql-jdbc-7.4.1-2.8.C30mdk.x86_64.rpm
e849e37ba7648ba47b00bfeef98e2bdf corporate/3.0/x86_64/postgresql-pl-7.4.1-2.8.C30mdk.x86_64.rpm
5d834d6bb8a0736fafdde2ba4ced93a0 corporate/3.0/x86_64/postgresql-server-7.4.1-2.8.C30mdk.x86_64.rpm
9744b6d4b67486a1319605f8738de97d corporate/3.0/x86_64/postgresql-tcl-7.4.1-2.8.C30mdk.x86_64.rpm
836a7ab39147cbbde85473848756c2ea corporate/3.0/x86_64/postgresql-test-7.4.1-2.8.C30mdk.x86_64.rpm cb9f633aa33f20592c22d808d243e7f4 corporate/3.0/SRPMS/postgresql-7.4.1-2.8.C30mdk.src.rpm

Corporate 4.0:
457ceff22a6c29fe8f7bb0b4a4cc3df5 corporate/4.0/i586/libecpg5-8.1.7-0.1.20060mlcs4.i586.rpm
2dee4d9b77250de0f5d79c9037ce4848 corporate/4.0/i586/libecpg5-devel-8.1.7-0.1.20060mlcs4.i586.rpm
4f1911b331aff03b1eedcc2967057f9f corporate/4.0/i586/libpq4-8.1.7-0.1.20060mlcs4.i586.rpm
2d5d829588b7a2ff81f6f364fb194618 corporate/4.0/i586/libpq4-devel-8.1.7-0.1.20060mlcs4.i586.rpm
3077227d7bee4836cabfc94113a39128 corporate/4.0/i586/postgresql-8.1.7-0.1.20060mlcs4.i586.rpm
a4612b1ef4e8142e9f41c4760b8df2ec corporate/4.0/i586/postgresql-contrib-8.1.7-0.1.20060mlcs4.i586.rpm
6389bd557862c884c037300230f1d31c corporate/4.0/i586/postgresql-devel-8.1.7-0.1.20060mlcs4.i586.rpm
494f2995b8596943902d78796d25c2f4 corporate/4.0/i586/postgresql-docs-8.1.7-0.1.20060mlcs4.i586.rpm
9d85c833eb5881d97934f8a40cee08a5 corporate/4.0/i586/postgresql-pl-8.1.7-0.1.20060mlcs4.i586.rpm
3faa914bb1127a5eff6fc61630e790ba corporate/4.0/i586/postgresql-plperl-8.1.7-0.1.20060mlcs4.i586.rpm
accb18c13908b0dc72ade4f40ebf2d45 corporate/4.0/i586/postgresql-plpgsql-8.1.7-0.1.20060mlcs4.i586.rpm
e11f6aeb959c6567433706a07cc353f0 corporate/4.0/i586/postgresql-plpython-8.1.7-0.1.20060mlcs4.i586.rpm
3e899419b6b6fb47a9e1820db71c15b0 corporate/4.0/i586/postgresql-pltcl-8.1.7-0.1.20060mlcs4.i586.rpm
875f0e29feb28ba52b70d73979c3d429 corporate/4.0/i586/postgresql-server-8.1.7-0.1.20060mlcs4.i586.rpm
0fe3ea03a120de6624f186bf5cac455c corporate/4.0/i586/postgresql-test-8.1.7-0.1.20060mlcs4.i586.rpm fbb03a99b9795af2ebb6dde46545326d corporate/4.0/SRPMS/postgresql-8.1.7-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
626c0bfcc24162f9f29081ba1c605d13 corporate/4.0/x86_64/lib64ecpg5-8.1.7-0.1.20060mlcs4.x86_64.rpm
32e767d1264b2d6fbfaf659f0f98d02e corporate/4.0/x86_64/lib64ecpg5-devel-8.1.7-0.1.20060mlcs4.x86_64.rpm
3ae4b9b8ad30f358d486cbaa3c6d489d corporate/4.0/x86_64/lib64pq4-8.1.7-0.1.20060mlcs4.x86_64.rpm
87b7ebb3f9ce5c9bd62f5738c3b0b1b6 corporate/4.0/x86_64/lib64pq4-devel-8.1.7-0.1.20060mlcs4.x86_64.rpm
f2337cb010b7e1d2f75867fb6e909a9f corporate/4.0/x86_64/postgresql-8.1.7-0.1.20060mlcs4.x86_64.rpm
428d3b26f7700141a7772e42395c8e36 corporate/4.0/x86_64/postgresql-contrib-8.1.7-0.1.20060mlcs4.x86_64.rpm
a064cf7e03d4b1d42b3b3738d5cc08bb corporate/4.0/x86_64/postgresql-devel-8.1.7-0.1.20060mlcs4.x86_64.rpm
d33e4335306ac9bc001f52365c22906c corporate/4.0/x86_64/postgresql-docs-8.1.7-0.1.20060mlcs4.x86_64.rpm
644e77f4587a6123609888e127b00c40 corporate/4.0/x86_64/postgresql-pl-8.1.7-0.1.20060mlcs4.x86_64.rpm
bffedbcd41eebb83c2752184a5eebc21 corporate/4.0/x86_64/postgresql-plperl-8.1.7-0.1.20060mlcs4.x86_64.rpm
8ab83c15fa0513cbe7c13b8b101a37c6 corporate/4.0/x86_64/postgresql-plpgsql-8.1.7-0.1.20060mlcs4.x86_64.rpm
bf7f711a4b5d444bd625829e61bd385e corporate/4.0/x86_64/postgresql-plpython-8.1.7-0.1.20060mlcs4.x86_64.rpm
d3951b5e225842f185ed14e2c381ea9f corporate/4.0/x86_64/postgresql-pltcl-8.1.7-0.1.20060mlcs4.x86_64.rpm
3ba6e069c883bb138a4eb0d1ece4c31f corporate/4.0/x86_64/postgresql-server-8.1.7-0.1.20060mlcs4.x86_64.rpm
de212c2885533ddd6d011589e5701a2b corporate/4.0/x86_64/postgresql-test-8.1.7-0.1.20060mlcs4.x86_64.rpm fbb03a99b9795af2ebb6dde46545326d corporate/4.0/SRPMS/postgresql-8.1.7-0.1.20060mlcs4.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2007:038
http://www.mandriva.com/security/

Package : php
Date : February 6, 2007
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,

Multi Network Firewall 2.0

Problem Description:

PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. (CVE-2006-6383)

Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. PHP uses an embedded copy of GD and may be susceptible to the same issue. (CVE-2007-0455)

Updated packages have been patched to correct these issues. Users must restart Apache for the changes to take effect.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6383 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455

Updated Packages:

Mandriva Linux 2006.0:
f4975722488c515d7701f3f2475c45c1 2006.0/i586/libphp5_common5-5.0.4-9.18.20060mdk.i586.rpm
df6d91c7fb6deadd6447c68d41a7a57f 2006.0/i586/php-cgi-5.0.4-9.18.20060mdk.i586.rpm
861b613a3caa594e9d18de2f66711c1c 2006.0/i586/php-cli-5.0.4-9.18.20060mdk.i586.rpm
aa74ed178e6523b28d6f0ee1cfb2b9a6 2006.0/i586/php-devel-5.0.4-9.18.20060mdk.i586.rpm
cdc33f50531e2815c3f39a2f12eca69d 2006.0/i586/php-fcgi-5.0.4-9.18.20060mdk.i586.rpm
0df45677da595137066ec38171463402 2006.0/i586/php-gd-5.0.4-2.1.20060mdk.i586.rpm 09416e0ce824f667f9f247950e3f6b87 2006.0/SRPMS/php-5.0.4-9.18.20060mdk.src.rpm
9caab8fb262742b7fdc8e2787db26e49 2006.0/SRPMS/php-gd-5.0.4-2.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
94d70f0d65bebd9b8b235ec523bef3c4 2006.0/x86_64/lib64php5_common5-5.0.4-9.18.20060mdk.x86_64.rpm
3e145f94684bd8aaae230b181a3bab18 2006.0/x86_64/php-cgi-5.0.4-9.18.20060mdk.x86_64.rpm
5a460212062d85cc35c52c6c42e3babc 2006.0/x86_64/php-cli-5.0.4-9.18.20060mdk.x86_64.rpm
a31b6a63963f4486ee7839e449fb60ef 2006.0/x86_64/php-devel-5.0.4-9.18.20060mdk.x86_64.rpm
6c0ae39e3a6b8cb07a44271e5b128e2f 2006.0/x86_64/php-fcgi-5.0.4-9.18.20060mdk.x86_64.rpm
228bb108271c28550034b39b9f6cafee 2006.0/x86_64/php-gd-5.0.4-2.1.20060mdk.x86_64.rpm 09416e0ce824f667f9f247950e3f6b87 2006.0/SRPMS/php-5.0.4-9.18.20060mdk.src.rpm
9caab8fb262742b7fdc8e2787db26e49 2006.0/SRPMS/php-gd-5.0.4-2.1.20060mdk.src.rpm

Mandriva Linux 2007.0:
c8879f538ab9a93f1999c9dc8aa2f6c7 2007.0/i586/libphp5_common5-5.1.6-1.4mdv2007.0.i586.rpm
e8c050d86574fb1d2a52a5b3ec85a255 2007.0/i586/php-cgi-5.1.6-1.4mdv2007.0.i586.rpm
92391d48bd18ab9e20e64039a4a9f2ff 2007.0/i586/php-cli-5.1.6-1.4mdv2007.0.i586.rpm
d7b3ddc58da98113342434d45e04c3a8 2007.0/i586/php-devel-5.1.6-1.4mdv2007.0.i586.rpm
a5dd9b692fbd9c41be42fa2d59539c1d 2007.0/i586/php-fcgi-5.1.6-1.4mdv2007.0.i586.rpm
a2d2a3091d51ffc74793760ed31a1faa 2007.0/i586/php-gd-5.1.6-1.1mdv2007.0.i586.rpm 719976944ad1da508b9dd10eb1068e41 2007.0/SRPMS/php-5.1.6-1.4mdv2007.0.src.rpm
af2f0370851c3d3729b89586d9eded8e 2007.0/SRPMS/php-gd-5.1.6-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
5bf3650bbe564873a14ea8b6bf3ade06 2007.0/x86_64/lib64php5_common5-5.1.6-1.4mdv2007.0.x86_64.rpm
34ed4aa6be49dcb88f7bbc0a5c2e8690 2007.0/x86_64/php-cgi-5.1.6-1.4mdv2007.0.x86_64.rpm
608fc651103e04774dd99542ac9c24e3 2007.0/x86_64/php-cli-5.1.6-1.4mdv2007.0.x86_64.rpm
ade70a35519251e33fece3b184a5e42c 2007.0/x86_64/php-devel-5.1.6-1.4mdv2007.0.x86_64.rpm
32a0cd75a40a80b04d4f62e7a5695cf6 2007.0/x86_64/php-fcgi-5.1.6-1.4mdv2007.0.x86_64.rpm
b65ee3000cc55d6835bde68de1285708 2007.0/x86_64/php-gd-5.1.6-1.1mdv2007.0.x86_64.rpm 719976944ad1da508b9dd10eb1068e41 2007.0/SRPMS/php-5.1.6-1.4mdv2007.0.src.rpm
af2f0370851c3d3729b89586d9eded8e 2007.0/SRPMS/php-gd-5.1.6-1.1mdv2007.0.src.rpm

Corporate 3.0:
a4d72dc3de251851206c67e9706432a6 corporate/3.0/i586/libphp_common432-4.3.4-4.23.C30mdk.i586.rpm
b8e1d56bb999975f9ea0a66d8877847f corporate/3.0/i586/php-cgi-4.3.4-4.23.C30mdk.i586.rpm
433ae81fdc6d1238c0931e43f6989a9b corporate/3.0/i586/php-cli-4.3.4-4.23.C30mdk.i586.rpm
2a1717d00d78a6a6f34cddb987c0f279 corporate/3.0/i586/php-gd-4.3.4-1.5.C30mdk.i586.rpm
44c2653add5bf2cc23a2d8f6bfa3b31e corporate/3.0/i586/php432-devel-4.3.4-4.23.C30mdk.i586.rpm b8efd05ff96d101323b6253aa08b5e93 corporate/3.0/SRPMS/php-4.3.4-4.23.C30mdk.src.rpm
d18944ac47e27e3653fe99e134ecba18 corporate/3.0/SRPMS/php-gd-4.3.4-1.5.C30mdk.src.rpm

Corporate 3.0/X86_64:
cfd5971fec1866bf5fe3c5e23adaba58 corporate/3.0/x86_64/lib64php_common432-4.3.4-4.23.C30mdk.x86_64.rpm
14be94ecf6ddc1f3b910b802624de67c corporate/3.0/x86_64/php-cgi-4.3.4-4.23.C30mdk.x86_64.rpm
b016f2131f015adf8a0d0da27033569f corporate/3.0/x86_64/php-cli-4.3.4-4.23.C30mdk.x86_64.rpm
9355a4e63f1e5193f43f5048541885bf corporate/3.0/x86_64/php-gd-4.3.4-1.5.C30mdk.x86_64.rpm
77c18b09786f412789f63d6094a4fd23 corporate/3.0/x86_64/php432-devel-4.3.4-4.23.C30mdk.x86_64.rpm b8efd05ff96d101323b6253aa08b5e93 corporate/3.0/SRPMS/php-4.3.4-4.23.C30mdk.src.rpm
d18944ac47e27e3653fe99e134ecba18 corporate/3.0/SRPMS/php-gd-4.3.4-1.5.C30mdk.src.rpm

Corporate 4.0:
64274f70614e93e30b479a7ba0613e8a corporate/4.0/i586/libphp4_common4-4.4.4-1.3.20060mlcs4.i586.rpm
43f22e53482c4451a24f3008a7ba75eb corporate/4.0/i586/libphp5_common5-5.1.6-1.3.20060mlcs4.i586.rpm
2c1b8b75b49bf78b6a677d36832e116c corporate/4.0/i586/php-cgi-5.1.6-1.3.20060mlcs4.i586.rpm
64261b179e2db73b5838d96020835cae corporate/4.0/i586/php-cli-5.1.6-1.3.20060mlcs4.i586.rpm
dfd172a482e20943dabd3b3fbef9ba95 corporate/4.0/i586/php-devel-5.1.6-1.3.20060mlcs4.i586.rpm
1a57eb8f5b70cd4ea28b98b462493e51 corporate/4.0/i586/php-fcgi-5.1.6-1.3.20060mlcs4.i586.rpm
bd060ffd97d1ede4a3c9453de8287970 corporate/4.0/i586/php-gd-5.1.6-1.1.20060mlcs4.i586.rpm
e7d645e78c829242e3f81ab16aa8903d corporate/4.0/i586/php4-cgi-4.4.4-1.3.20060mlcs4.i586.rpm
1379c35acd8c2a414d482d5d0f5c782a corporate/4.0/i586/php4-cli-4.4.4-1.3.20060mlcs4.i586.rpm
10f753850f58ea02962272a4a30b8ed0 corporate/4.0/i586/php4-devel-4.4.4-1.3.20060mlcs4.i586.rpm ab1bc26c56c8d5c0c82544bd189ccb06 corporate/4.0/SRPMS/php-5.1.6-1.3.20060mlcs4.src.rpm
528acaacac81d6ca4c195355fd5935c1 corporate/4.0/SRPMS/php-gd-5.1.6-1.1.20060mlcs4.src.rpm
6fea47535848cb3eeb381d8e9ceaf278 corporate/4.0/SRPMS/php4-4.4.4-1.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
a667b24b7182332997da97d003095bf4 corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.3.20060mlcs4.x86_64.rpm
96860c73274abe165290ad70a1f8bbec corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.3.20060mlcs4.x86_64.rpm
e53ed6e99e23219f351b9dd0faf1fbf8 corporate/4.0/x86_64/php-cgi-5.1.6-1.3.20060mlcs4.x86_64.rpm
2894870436518afda0788313f6fe9d6e corporate/4.0/x86_64/php-cli-5.1.6-1.3.20060mlcs4.x86_64.rpm
3e78d378968a67edda64f8a1db752b21 corporate/4.0/x86_64/php-devel-5.1.6-1.3.20060mlcs4.x86_64.rpm
16b8070a55f06ede6cce10bbac1f5706 corporate/4.0/x86_64/php-fcgi-5.1.6-1.3.20060mlcs4.x86_64.rpm
f3fccbe495f311fb13e64b3c2532323b corporate/4.0/x86_64/php-gd-5.1.6-1.1.20060mlcs4.x86_64.rpm
e8825bc14914ae4f896b28ab1b04e7ae corporate/4.0/x86_64/php4-cgi-4.4.4-1.3.20060mlcs4.x86_64.rpm
1249dfd5f50a707ac6a31c18dec924e0 corporate/4.0/x86_64/php4-cli-4.4.4-1.3.20060mlcs4.x86_64.rpm
f38d55e2315ba81db68dcb237a783ef0 corporate/4.0/x86_64/php4-devel-4.4.4-1.3.20060mlcs4.x86_64.rpm ab1bc26c56c8d5c0c82544bd189ccb06 corporate/4.0/SRPMS/php-5.1.6-1.3.20060mlcs4.src.rpm
528acaacac81d6ca4c195355fd5935c1 corporate/4.0/SRPMS/php-gd-5.1.6-1.1.20060mlcs4.src.rpm
6fea47535848cb3eeb381d8e9ceaf278 corporate/4.0/SRPMS/php4-4.4.4-1.3.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
1a5b0a4fa1fe65d9b01ac1fcb87e57f4 mnf/2.0/i586/libphp_common432-4.3.4-4.23.M20mdk.i586.rpm
1ca60ff9165bc3fc897f5a4fac0a27ab mnf/2.0/i586/php-cgi-4.3.4-4.23.M20mdk.i586.rpm
5ecb69d1ba9a1aefb943fdf00922a67e mnf/2.0/i586/php-cli-4.3.4-4.23.M20mdk.i586.rpm
43adb03ed86a75a3e90387c075f36bea mnf/2.0/i586/php-gd-4.3.4-1.5.M20mdk.i586.rpm
e83875b4d3307b9d16602bf2da0c245a mnf/2.0/i586/php432-devel-4.3.4-4.23.M20mdk.i586.rpm fb782af12ca499a56594703feb6bed2c mnf/2.0/SRPMS/php-4.3.4-4.23.M20mdk.src.rpm
fb344c42cba2a62c03c42b864b2e3151 mnf/2.0/SRPMS/php-gd-4.3.4-1.5.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2007:039
http://www.mandriva.com/security/

Package : gtk+2.0
Date : February 7, 2007
Affected: 2007.0, Corporate 3.0, Corporate 4.0

Problem Description:

The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) allows context-dependent attackers to cause a denial of service (crash) via a malformed image file. (CVE-2007-0010)

The version of libgtk+2.0 shipped with Mandriva Linux 2007 fails various portions of the lsb-test-desktop test suite, part of LSB 3.1 certification testing.

The updated packages also address the following issues:

The Home and Desktop entries in the GTK File Chooser are not always visible (#26644).

GTK+-based applications (which includes all the Mandriva Linux configuration tools, for example) crash (instead of falling back to the default theme) when an invalid icon theme is selected. (#27013)

Additional patches from GNOME CVS have been included to address the following issues from the GNOME bugzilla:

357132 - fix RGBA colormap issue
359537,357280,359052 - fix various printer bugs
357566,353736,357050,363437,379503 - fix various crashes
372527 - fix fileselector bug +

potential deadlock

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0010 http://qa.mandriva.com/show_bug.cgi?id=26644 http://qa.mandriva.com/show_bug.cgi?id=27013

Updated Packages:

Mandriva Linux 2007.0:
6b0b76ba984d8432cca4e8d938c51844 2007.0/i586/gtk+2.0-2.10.3-5.3mdv2007.0.i586.rpm
015aa62677f20cf6b9f89301014ccf4d 2007.0/i586/libgdk_pixbuf2.0_0-2.10.3-5.3mdv2007.0.i586.rpm
8f6bc5e09ee08263633e3601d1d21069 2007.0/i586/libgdk_pixbuf2.0_0-devel-2.10.3-5.3mdv2007.0.i586.rpm
ef1f5a96362f5fafb982520897283919 2007.0/i586/libgtk+-x11-2.0_0-2.10.3-5.3mdv2007.0.i586.rpm
b96eeb174cba468e8064890668b43a56 2007.0/i586/libgtk+2.0_0-2.10.3-5.3mdv2007.0.i586.rpm
65f2ea83177a38b1682f4d4e5e633aea 2007.0/i586/libgtk+2.0_0-devel-2.10.3-5.3mdv2007.0.i586.rpm 4f15cba4c1c1b6e37dfe9f0b5b73401c 2007.0/SRPMS/gtk+2.0-2.10.3-5.3mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
b2470dc8cd884cf15dc47e29dbdb36de 2007.0/x86_64/gtk+2.0-2.10.3-5.3mdv2007.0.x86_64.rpm
11d3f44a7f55f4899984e33a07c8f722 2007.0/x86_64/lib64gdk_pixbuf2.0_0-2.10.3-5.3mdv2007.0.x86_64.rpm
33c26bea1a14b147f41e45467d6894e3 2007.0/x86_64/lib64gdk_pixbuf2.0_0-devel-2.10.3-5.3mdv2007.0.x86_64.rpm
2e3855166383646465a01bd56e1529b7 2007.0/x86_64/lib64gtk+-x11-2.0_0-2.10.3-5.3mdv2007.0.x86_64.rpm
4fea83682012ad4c5571e205b04dc7d1 2007.0/x86_64/lib64gtk+2.0_0-2.10.3-5.3mdv2007.0.x86_64.rpm
04f7f152d4e99d6c71043554e2adfa3a 2007.0/x86_64/lib64gtk+2.0_0-devel-2.10.3-5.3mdv2007.0.x86_64.rpm 4f15cba4c1c1b6e37dfe9f0b5b73401c 2007.0/SRPMS/gtk+2.0-2.10.3-5.3mdv2007.0.src.rpm

Corporate 3.0:
7d4501132efb62d24276152ccc23a2e0 corporate/3.0/i586/gtk+2.0-2.2.4-10.6.C30mdk.i586.rpm
f8828f652ae310e3de135f181e3c6f19 corporate/3.0/i586/libgdk_pixbuf2.0_0-2.2.4-10.6.C30mdk.i586.rpm
d99f6327006f96e8b170c20500d64985 corporate/3.0/i586/libgdk_pixbuf2.0_0-devel-2.2.4-10.6.C30mdk.i586.rpm
f2a98b2036167b780e87e2cd0d105983 corporate/3.0/i586/libgtk+-linuxfb-2.0_0-2.2.4-10.6.C30mdk.i586.rpm
e28fbfc9664db29c37517ca8957647c0 corporate/3.0/i586/libgtk+-linuxfb-2.0_0-devel-2.2.4-10.6.C30mdk.i586.rpm
8b80464f88674e0bf5f7ed06efafcb72 corporate/3.0/i586/libgtk+-x11-2.0_0-2.2.4-10.6.C30mdk.i586.rpm
b154589c077c790b1f71379194ed84a6 corporate/3.0/i586/libgtk+2.0_0-2.2.4-10.6.C30mdk.i586.rpm
819ee9fa563420c37d7cae612c3a6bec corporate/3.0/i586/libgtk+2.0_0-devel-2.2.4-10.6.C30mdk.i586.rpm dbe156cf5e976fc744b635eab3e88884 corporate/3.0/SRPMS/gtk+2.0-2.2.4-10.6.C30mdk.src.rpm

Corporate 3.0/X86_64:
bed655ae3c4d6635e87488eefebe7e12 corporate/3.0/x86_64/gtk+2.0-2.2.4-10.6.C30mdk.x86_64.rpm
369daff90b35687abae6ad34cf513af3 corporate/3.0/x86_64/lib64gdk_pixbuf2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm
3675f57dd8e738cd1674db6518cd7c0d corporate/3.0/x86_64/lib64gdk_pixbuf2.0_0-devel-2.2.4-10.6.C30mdk.x86_64.rpm
28dfaebd73dacca8fc2497caeac619a5 corporate/3.0/x86_64/lib64gtk+-linuxfb-2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm
22b487085911cce6fa8a5f2d6557009b corporate/3.0/x86_64/lib64gtk+-linuxfb-2.0_0-devel-2.2.4-10.6.C30mdk.x86_64.rpm
e0cf2152fc480ab73e4236de7a186d23 corporate/3.0/x86_64/lib64gtk+-x11-2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm
512547fd9c3efca43b7c000fdbaedec3 corporate/3.0/x86_64/lib64gtk+2.0_0-2.2.4-10.6.C30mdk.x86_64.rpm
4aac840549a80fa69f5f527ce6b09421 corporate/3.0/x86_64/lib64gtk+2.0_0-devel-2.2.4-10.6.C30mdk.x86_64.rpm dbe156cf5e976fc744b635eab3e88884 corporate/3.0/SRPMS/gtk+2.0-2.2.4-10.6.C30mdk.src.rpm

Corporate 4.0:
ab946717fc68226a2fbb8964fa4a9cb4 corporate/4.0/i586/gtk+2.0-2.8.3-4.3.20060mlcs4.i586.rpm
28f5073f9effbb65613c2f7b6ceae180 corporate/4.0/i586/libgdk_pixbuf2.0_0-2.8.3-4.3.20060mlcs4.i586.rpm
0b32eb04192333a7ae6c297befca476f corporate/4.0/i586/libgdk_pixbuf2.0_0-devel-2.8.3-4.3.20060mlcs4.i586.rpm
d2054c43e2fcc262c35ae3bd18736b69 corporate/4.0/i586/libgtk+-x11-2.0_0-2.8.3-4.3.20060mlcs4.i586.rpm
28f6ac38124b6a46a22e83f870c93693 corporate/4.0/i586/libgtk+2.0_0-2.8.3-4.3.20060mlcs4.i586.rpm
f9cd95997500fe783119dd1fe797bf85 corporate/4.0/i586/libgtk+2.0_0-devel-2.8.3-4.3.20060mlcs4.i586.rpm fd9738d1b171f76decea52a1abd344a2 corporate/4.0/SRPMS/gtk+2.0-2.8.3-4.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
0e705604eb73b7c181d3b7663e39e664 corporate/4.0/x86_64/gtk+2.0-2.8.3-4.3.20060mlcs4.x86_64.rpm
808a4be8218c00b62057de06edae248c corporate/4.0/x86_64/lib64gdk_pixbuf2.0_0-2.8.3-4.3.20060mlcs4.x86_64.rpm
379c2977cf755ab760d5693dcaa28be0 corporate/4.0/x86_64/lib64gdk_pixbuf2.0_0-devel-2.8.3-4.3.20060mlcs4.x86_64.rpm
193c57c8073552decc25d755536db21d corporate/4.0/x86_64/lib64gtk+-x11-2.0_0-2.8.3-4.3.20060mlcs4.x86_64.rpm
1c2e7713425fc786bd7a60b4fe106d28 corporate/4.0/x86_64/lib64gtk+2.0_0-2.8.3-4.3.20060mlcs4.x86_64.rpm
b8436740a32a0fce48bdb9df3234b1f6 corporate/4.0/x86_64/lib64gtk+2.0_0-devel-2.8.3-4.3.20060mlcs4.x86_64.rpm fd9738d1b171f76decea52a1abd344a2 corporate/4.0/SRPMS/gtk+2.0-2.8.3-4.3.20060mlcs4.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2007:040
http://www.mandriva.com/security/

Package : kernel
Date : February 7, 2007
Affected: 2007.0

Problem Description:

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel:

The isdn_pppccp_resetalloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4, as well as the 2.6 kernel, does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash. (CVE-2006-5749)

The listxattr syscall can corrupt user space under certain circumstances. The problem seems to be related to signed/unsigned conversion during size promotion. (CVE-2006-5753)

The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext3 stream with malformed data structures. (CVE-2006-6053)

The mincore function in the Linux kernel before 2.4.33.6, as well as the 2.6 kernel, does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock. (CVE-2006-4814)

The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels immediately and reboot to effect the fixes.

In addition to these security fixes, other fixes have been included such as:

Add Ralink RT2571W/RT2671 WLAN USB support (rt73 module) - Fix sys_msync() to report -ENOMEM as before when an unmapped area falls within its range, and not to overshoot (LSB regression) - Avoid disk sector_t overflow for >2TB ext3 filesystem - USB: workaround to fix HP scanners detection (#26728) - USB: unusual_devs.h for Sony floppy
(#28378) - Add preliminary ICH9 support - Add TI sd card reader support - Add RT61 driver - KVM update - Fix bttv vbi offset

To update your kernel, please follow the directions located at:

http://www.mandriva.com/en/security/kernelupdate

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5749 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5753 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4814

Updated Packages:

Mandriva Linux 2007.0:
ad34fe5a73feafdd8e69b504ebf93946 2007.0/i586/kernel-2.6.17.10mdv-1-1mdv2007.0.i586.rpm
d9e55a7e4f1008da15c67d1287956969 2007.0/i586/kernel-doc-2.6.17.10mdv-1-1mdv2007.0.i586.rpm
a9c50df979df9e3689873978436bd16f 2007.0/i586/kernel-enterprise-2.6.17.10mdv-1-1mdv2007.0.i586.rpm
f533abc7ea70bd3faaa9e6b28a99ab28 2007.0/i586/kernel-legacy-2.6.17.10mdv-1-1mdv2007.0.i586.rpm
b8ff79d0ab16056f2d254e9d679984f7 2007.0/i586/kernel-source-2.6.17.10mdv-1-1mdv2007.0.i586.rpm
850dbb1496700b2f93ef37e4540164cc 2007.0/i586/kernel-source-stripped-2.6.17.10mdv-1-1mdv2007.0.i586.rpm
6e5109401747d368e768bb7ccce1c6e3 2007.0/i586/kernel-xen0-2.6.17.10mdv-1-1mdv2007.0.i586.rpm
0982fc7135735d78b4805c2af67ffe19 2007.0/i586/kernel-xenU-2.6.17.10mdv-1-1mdv2007.0.i586.rpm 2cfb0d90ab5aea99bacf8a721552554b 2007.0/SRPMS/kernel-2.6.17.10mdv-1-1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
8228636d0969cdb0de42baeab61ece09 2007.0/x86_64/kernel-2.6.17.10mdv-1-1mdv2007.0.x86_64.rpm
935eb44188aa2784386dd8bcc93dfd78 2007.0/x86_64/kernel-doc-2.6.17.10mdv-1-1mdv2007.0.x86_64.rpm
9abb549acacc17385051ceebcb3331fe 2007.0/x86_64/kernel-source-2.6.17.10mdv-1-1mdv2007.0.x86_64.rpm
7e3667b9f28f3214669f831955ef059d 2007.0/x86_64/kernel-source-stripped-2.6.17.10mdv-1-1mdv2007.0.x86_64.rpm
648ae5f919580ce2df42f6a522aba7c9 2007.0/x86_64/kernel-xen0-2.6.17.10mdv-1-1mdv2007.0.x86_64.rpm
0ad1d27a9232f5f7cf8ae218bef5a618 2007.0/x86_64/kernel-xenU-2.6.17.10mdv-1-1mdv2007.0.x86_64.rpm 2cfb0d90ab5aea99bacf8a721552554b 2007.0/SRPMS/kernel-2.6.17.10mdv-1-1mdv2007.0.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Red Hat Linux

Red Hat Security Advisory

Synopsis: Moderate: bind security update
Advisory ID: RHSA-2007:0044-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0044.html
Issue date: 2007-02-06
Updated on: 2007-02-06
Product: Red Hat Enterprise Linux
Keywords: named bind dnssec
CVE Names: CVE-2007-0494

1. Summary:

Updated bind packages that fix a security issue and a bug are now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols.

A flaw was found in the way BIND processed certain DNS query responses. On servers that had enabled DNSSEC validation, this could allow an remote attacker to cause a denial of service. (CVE-2007-0494)

For users of Red Hat Enterprise Linux 3, the previous BIND update caused an incompatible change to the default configuration that resulted in rndc not sharing the key with the named daemon. This update corrects this bug and restores the behavior prior to that update.

Updating the bind package in Red Hat Enterprise Linux 3 could result in nonfunctional configuration in case the bind-libs package was not updated. This update corrects this bug by adding the correct dependency on bind-libs.

Users of BIND are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

202012 - rndc.conf change breaks working bind config
225222 - CVE-2007-0494 BIND dnssec denial of service

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/bind-9.2.1-8.EL2.src.rpm
d8f23376454f32474f0e53bdbdbb5d4b bind-9.2.1-8.EL2.src.rpm

i386:
1ecd0d71d82fbe8a75ff7c592ac346e0 bind-9.2.1-8.EL2.i386.rpm
6fd8e75bd3c756929a302be674e7fa97 bind-devel-9.2.1-8.EL2.i386.rpm
7b23dca5b2a20899ba12020447f403f6 bind-utils-9.2.1-8.EL2.i386.rpm

ia64:
3a362d35294d9d5b6e8a62d4afa9ef26 bind-9.2.1-8.EL2.ia64.rpm
ad3959b76e8b76fda231b607351b0ca1 bind-devel-9.2.1-8.EL2.ia64.rpm
93707a5cabc11ad87bc9956bffdcc44c bind-utils-9.2.1-8.EL2.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/bind-9.2.1-8.EL2.src.rpm
d8f23376454f32474f0e53bdbdbb5d4b bind-9.2.1-8.EL2.src.rpm

ia64:
3a362d35294d9d5b6e8a62d4afa9ef26 bind-9.2.1-8.EL2.ia64.rpm
ad3959b76e8b76fda231b607351b0ca1 bind-devel-9.2.1-8.EL2.ia64.rpm
93707a5cabc11ad87bc9956bffdcc44c bind-utils-9.2.1-8.EL2.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/bind-9.2.1-8.EL2.src.rpm
d8f23376454f32474f0e53bdbdbb5d4b bind-9.2.1-8.EL2.src.rpm

i386:
1ecd0d71d82fbe8a75ff7c592ac346e0 bind-9.2.1-8.EL2.i386.rpm
6fd8e75bd3c756929a302be674e7fa97 bind-devel-9.2.1-8.EL2.i386.rpm
7b23dca5b2a20899ba12020447f403f6 bind-utils-9.2.1-8.EL2.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/bind-9.2.1-8.EL2.src.rpm
d8f23376454f32474f0e53bdbdbb5d4b bind-9.2.1-8.EL2.src.rpm

i386:
1ecd0d71d82fbe8a75ff7c592ac346e0 bind-9.2.1-8.EL2.i386.rpm
6fd8e75bd3c756929a302be674e7fa97 bind-devel-9.2.1-8.EL2.i386.rpm
7b23dca5b2a20899ba12020447f403f6 bind-utils-9.2.1-8.EL2.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/bind-9.2.4-20.EL3.src.rpm
86154451b9917da4c516c2797c62034d bind-9.2.4-20.EL3.src.rpm

i386:
aa9cf2d30927dc26204d40945739c711 bind-9.2.4-20.EL3.i386.rpm
7b6bdb8c6c09e8040c0545e5969833d0 bind-chroot-9.2.4-20.EL3.i386.rpm
dfa2459b65f894c4359c30b2c9c561e5 bind-debuginfo-9.2.4-20.EL3.i386.rpm
0218a4b812d490f1781756ffb5335d87 bind-devel-9.2.4-20.EL3.i386.rpm
b13f3a6d5b894f336e64a4555d7cc570 bind-libs-9.2.4-20.EL3.i386.rpm
1748b51a80e9b89442b206810f3d34cb bind-utils-9.2.4-20.EL3.i386.rpm

ia64:
3cfdd704604a915aeb47fd55759a0bd3 bind-9.2.4-20.EL3.ia64.rpm
4353ae639bd6c8caf24f412cf7d9220a bind-chroot-9.2.4-20.EL3.ia64.rpm
0f7d4a3e48a64ce96ca276b5c1096530 bind-debuginfo-9.2.4-20.EL3.ia64.rpm
d7c7669d4c4dc6c49da3c5f1d1865d3a bind-devel-9.2.4-20.EL3.ia64.rpm
179e956f5dd9d6389a57e09ee9a69f79 bind-libs-9.2.4-20.EL3.ia64.rpm
eed06f490bad07b63e7bcffa4ce24076 bind-utils-9.2.4-20.EL3.ia64.rpm

ppc:
b657f03f423bf3dbcb7761756f2bd1a4 bind-9.2.4-20.EL3.ppc.rpm
33885a49f1f3283d4c2f76da9810ce1d bind-chroot-9.2.4-20.EL3.ppc.rpm
1de0d3172a1769e51fad19f251313737 bind-debuginfo-9.2.4-20.EL3.ppc.rpm
694359505aaa6803bd7560318e735c62 bind-devel-9.2.4-20.EL3.ppc.rpm
67543414af6e004531458a4d8a00e9c2 bind-libs-9.2.4-20.EL3.ppc.rpm
80575df758ee6d37325737eabe317392 bind-utils-9.2.4-20.EL3.ppc.rpm

s390:
955078ffe299267e176767f121a373e6 bind-9.2.4-20.EL3.s390.rpm
f7f65929398c5df4437a18f882d05d9b bind-chroot-9.2.4-20.EL3.s390.rpm
f8c87445d3f119038e8eff40d1f88b20 bind-debuginfo-9.2.4-20.EL3.s390.rpm
268b388ee7d61930e39775d37a7243d2 bind-devel-9.2.4-20.EL3.s390.rpm
0d4232214c386ec6b7e320f0580f7667 bind-libs-9.2.4-20.EL3.s390.rpm
a2a7f9a702e938d0bd592c02e402a773 bind-utils-9.2.4-20.EL3.s390.rpm

s390x:
0be6b0ccce519b544f3841c083377ad5 bind-9.2.4-20.EL3.s390x.rpm
900aec59eaba438a6678e74f4f75bfa6 bind-chroot-9.2.4-20.EL3.s390x.rpm
cac62bac6fb7c9b9c50ea13cd7ac79c3 bind-debuginfo-9.2.4-20.EL3.s390x.rpm
57a33e40e44cfe58917a1f1b74babac1 bind-devel-9.2.4-20.EL3.s390x.rpm
78e48aa9c917e255fbc45655e7be210e bind-libs-9.2.4-20.EL3.s390x.rpm
8d86be29736fc979594b7200ffc281f8 bind-utils-9.2.4-20.EL3.s390x.rpm

x86_64:
faf9aa94d6a15e02770e705173203e24 bind-9.2.4-20.EL3.x86_64.rpm
ce8c3b43e5fd310a5a8b17523e16feb4 bind-chroot-9.2.4-20.EL3.x86_64.rpm
cd4dfb09cc28fea3b4f9db03e07683b0 bind-debuginfo-9.2.4-20.EL3.x86_64.rpm
e28df6b0fa20cccd0ef2831c7bcd2616 bind-devel-9.2.4-20.EL3.x86_64.rpm
9bd2134f9d5b9b926b864aee75bbbb6f bind-libs-9.2.4-20.EL3.x86_64.rpm
6af11c62abf53246aa2a94e2b4f6d2f4 bind-utils-9.2.4-20.EL3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/bind-9.2.4-20.EL3.src.rpm
86154451b9917da4c516c2797c62034d bind-9.2.4-20.EL3.src.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/bind-9.2.4-20.EL3.src.rpm
86154451b9917da4c516c2797c62034d bind-9.2.4-20.EL3.src.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/bind-9.2.4-20.EL3.src.rpm
86154451b9917da4c516c2797c62034d bind-9.2.4-20.EL3.src.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/bind-9.2.4-24.EL4.src.rpm
b24bb090564eed7ebe3912aa09b2afe8 bind-9.2.4-24.EL4.src.rpm

i386:
e02951cd8d9f0b20eba6102f1ef00a63 bind-9.2.4-24.EL4.i386.rpm
c9bb30b159f43872a80990707ea36cc5 bind-chroot-9.2.4-24.EL4.i386.rpm
6994110b5ebb27d87da059595c55b43f bind-debuginfo-9.2.4-24.EL4.i386.rpm
310db855329308d52a4d14be04c46367 bind-devel-9.2.4-24.EL4.i386.rpm
e48227ce06d2db58b624df3d5110954b bind-libs-9.2.4-24.EL4.i386.rpm
d25aa4b19ca25ac900feb4bdf82a3d15 bind-utils-9.2.4-24.EL4.i386.rpm

ia64:
084a024f66924681ed5f901478c7faf0 bind-9.2.4-24.EL4.ia64.rpm
4e0ebc0073e63d6b644bf4117fa5e693 bind-chroot-9.2.4-24.EL4.ia64.rpm
6994110b5ebb27d87da059595c55b43f bind-debuginfo-9.2.4-24.EL4.i386.rpm
1c0b2f86d522f8c2e9d12967e24909da bind-debuginfo-9.2.4-24.EL4.ia64.rpm
0068fdfc7da9d7fbcac3acf3df08930d bind-devel-9.2.4-24.EL4.ia64.rpm
e48227ce06d2db58b624df3d5110954b bind-libs-9.2.4-24.EL4.i386.rpm
e6c70d9194dace735807704654921f5c bind-libs-9.2.4-24.EL4.ia64.rpm
05e0546d57ce1b8aaeeb28bdcb180227 bind-utils-9.2.4-24.EL4.ia64.rpm

ppc:
c7c4c90d28e3e128492e6f4a5456a46f bind-9.2.4-24.EL4.ppc.rpm
c324cc605d72559965f81171dff2a6a7 bind-chroot-9.2.4-24.EL4.ppc.rpm
8b1f474b65316c68dbae4b718b00f7a7 bind-debuginfo-9.2.4-24.EL4.ppc.rpm
614ebb698a29d043cb5613e04c48315a bind-debuginfo-9.2.4-24.EL4.ppc64.rpm
86dc14e14766c665cee3b0df918cce30 bind-devel-9.2.4-24.EL4.ppc.rpm
06d83702b8b980ec2f4de4a9ae00d214 bind-libs-9.2.4-24.EL4.ppc.rpm
3158cf6bdc227f10477e5fcad06477a1 bind-libs-9.2.4-24.EL4.ppc64.rpm
e040c41481d056ab39004c1adb76fc72 bind-utils-9.2.4-24.EL4.ppc.rpm

s390:
9c7e2e5caecfb4f0fba6206feca653f9 bind-9.2.4-24.EL4.s390.rpm
7eb1bf234761567f869bff912d940a41 bind-chroot-9.2.4-24.EL4.s390.rpm
7fc1e58d1a0d1bf6188f867bda8c8241 bind-debuginfo-9.2.4-24.EL4.s390.rpm
431bb0c9c0dbcb602bc17185e03eeb9b bind-devel-9.2.4-24.EL4.s390.rpm
2ce9af4352ce0dc7219cb5be563ab0f5 bind-libs-9.2.4-24.EL4.s390.rpm
32f69d8c58f97cf24dff193828da022b bind-utils-9.2.4-24.EL4.s390.rpm

s390x:
30c5d48974ac46890c0097e01cec7e6d bind-9.2.4-24.EL4.s390x.rpm
b8e1b3dc11809820cd531f021418d8fc bind-chroot-9.2.4-24.EL4.s390x.rpm
7fc1e58d1a0d1bf6188f867bda8c8241 bind-debuginfo-9.2.4-24.EL4.s390.rpm
9b85730bd941ceb2e705576ce93753de bind-debuginfo-9.2.4-24.EL4.s390x.rpm
c97be39876b59a90415d4887e11f8116 bind-devel-9.2.4-24.EL4.s390x.rpm
2ce9af4352ce0dc7219cb5be563ab0f5 bind-libs-9.2.4-24.EL4.s390.rpm
4cc6444b475baa074b389b2d77fa2a3a bind-libs-9.2.4-24.EL4.s390x.rpm
b99e3793a36691cd03b04b71af4aaef0 bind-utils-9.2.4-24.EL4.s390x.rpm

x86_64:
bc0d3418346e09497bb182087e755fd4 bind-9.2.4-24.EL4.x86_64.rpm
1486a89146bb82bb4b7b4b0fe5b4c13e bind-chroot-9.2.4-24.EL4.x86_64.rpm
6994110b5ebb27d87da059595c55b43f bind-debuginfo-9.2.4-24.EL4.i386.rpm
a5c4110d8fa344486aae996ce996cd1b bind-debuginfo-9.2.4-24.EL4.x86_64.rpm
04425eb5c43c0c272f4afc41bc441bd1 bind-devel-9.2.4-24.EL4.x86_64.rpm
e48227ce06d2db58b624df3d5110954b bind-libs-9.2.4-24.EL4.i386.rpm
6c45d578e492b8bd79b5ce6996e95374 bind-libs-9.2.4-24.EL4.x86_64.rpm
47ac06d9cf2d56985f0baaf155f9e472 bind-utils-9.2.4-24.EL4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/bind-9.2.4-24.EL4.src.rpm
b24bb090564eed7ebe3912aa09b2afe8 bind-9.2.4-24.EL4.src.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/bind-9.2.4-24.EL4.src.rpm
b24bb090564eed7ebe3912aa09b2afe8 bind-9.2.4-24.EL4.src.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/bind-9.2.4-24.EL4.src.rpm
b24bb090564eed7ebe3912aa09b2afe8 bind-9.2.4-24.EL4.src.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494
http://marc.theaimsgroup.com/?l=bind-announce&m=116968519300764
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Red Hat Security Advisory

Synopsis: Critical: java-1.4.2-ibm security update
Advisory ID: RHSA-2007:0062-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0062.html
Issue date: 2007-02-07
Updated on: 2007-02-07
Product: Red Hat Enterprise Linux Extras
CVE Names: CVE-2006-4339 CVE-2006-6731 CVE-2006-6736 CVE-2006-6737 CVE-2006-6745

1. Summary:

Updated java-1.4.2-ibm packages to correct several security issues are now available for Red Hat Enterprise Linux 3 and 4 Extras.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 Extras - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 Extras - i386, x86_64
Red Hat Enterprise Linux ES version 3 Extras - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 Extras - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 Extras - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, ia64, x86_64

3. Problem description:

IBM's 1.4.2 SR7 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.

A number of security issues were found:

Vulnerabilities were discovered in the Java Runtime Environment. An untrusted applet could use these vulnerabilities to access data from other applets. (CVE-2006-6736, CVE-2006-6737)

Serialization flaws were discovered in the Java Runtime Environment. An untrusted applet or application could use these flaws to elevate its privileges. (CVE-2006-6745)

Buffer overflow vulnerabilities were discovered in the Java Runtime Environment. An untrusted applet could use these flaws to elevate its privileges, possibly reading and writing local files or executing local applications. (CVE-2006-6731)

Daniel Bleichenbacher discovered an attack on PKCS #1 v1.5 signatures. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. (CVE-2006-4339)

All users of java-1.4.2-ibm should upgrade to these updated packages, which contain IBM's 1.4.2 SR7 Java release which resolves these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

226981 - CVE-2006-6736 Multiple JRE flaws (CVE-2006-6737 CVE-2006-6745 CVE-2006-6731 CVE-2006-4339)
226984 - CVE-2006-6736 Multiple JRE flaws (CVE-2006-6737 CVE-2006-6745 CVE-2006-6731 CVE-2006-4339)

6. RPMs required:

Red Hat Enterprise Linux AS version 3 Extras:

i386:
e7450b145da72cd7df3d7b9eabb672dc java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.i386.rpm
a0658fd7cf3543965f2b6a3ff7a675ae java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.i386.rpm
32f05440f20c1f7a45736beba22d7bd2 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.i386.rpm
8c664c87d87efd40e937b9ad2ae659d5 java-1.4.2-ibm-jdbc-1.4.2.7-1jpp.4.el3.i386.rpm
9174b55fd33680c3eaa09c2def109753 java-1.4.2-ibm-plugin-1.4.2.7-1jpp.4.el3.i386.rpm
395153b4b890249469b8e1f18673f66d java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.i386.rpm

ia64:
9571ca41f69035894760e4e9e6de61a1 java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.ia64.rpm
6cce9e4c37e6bc1b52e2201bad040ac0 java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.ia64.rpm
e0dd38c2639885d1ccf964cf4e045289 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.ia64.rpm
6e859d8ca4885c93cf08ff4d22e10b0f java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.ia64.rpm

ppc:
69ded60046e91ba9348ccff2e52ebf17 java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.ppc.rpm
550284dbfa734add72eca30901d83c1f java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.ppc.rpm
9aa5ee3ec845826d39af26f6883f3a1b java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.ppc.rpm
244ca4300d6836baedda66db772fc496 java-1.4.2-ibm-jdbc-1.4.2.7-1jpp.4.el3.ppc.rpm
c73781419d273f37f97d8ce82b311e06 java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.ppc.rpm

s390:
75cd8c41222044a08be04ee95cac3a69 java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.s390.rpm
d9515b48f0e376124b95f863a0e119b1 java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.s390.rpm
7ab30161aa45ba80855b0d2e076d26c7 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.s390.rpm
9e6b279d59ca128a8dbd13d3d606c9fe java-1.4.2-ibm-jdbc-1.4.2.7-1jpp.4.el3.s390.rpm
a4bb1c49be860aab8e93b19a8176ff6c java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.s390.rpm

s390x:
12c5031365228f5f19eee8a215ef9ee4 java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.s390x.rpm
8409692fe20686679d58f612d717e40a java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.s390x.rpm
d2d32c3276a9c00ac4734a2a8f1ffb96 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.s390x.rpm
8a16cefe0fbb4f8247759f09cdcf6785 java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.s390x.rpm

x86_64:
82547c355444694fd0b2b8dbb6287a12 java-1.4.2-ibm-1.4.2.7-1jpp.4.el3.x86_64.rpm
0d47bf67675dfee8814d9f5cbd430f35 java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el3.x86_64.rpm
120deecf68b62f7263bcebbd65c6bd89 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el3.x86_64.rpm
7be9dc42fac394d88d3b0692e8b55d88 java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el3.x86_64.rpm

Red Hat Desktop version 3 Extras:

Red Hat Enterprise Linux ES version 3 Extras:

Red Hat Enterprise Linux WS version 3 Extras:

Red Hat Enterprise Linux AS version 4 Extras:

i386:
b7264df6d752971972379c417acdd542 java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.i386.rpm
c74450baebca6f946e30e75f38675e15 java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.i386.rpm
5e28c4902e574860651c603b26f8e437 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.i386.rpm
130198d2be48375779e309cd7aa9ddcd java-1.4.2-ibm-javacomm-1.4.2.7-1jpp.4.el4.i386.rpm
76f4fe9ec6e40c550d04ba215b56649a java-1.4.2-ibm-jdbc-1.4.2.7-1jpp.4.el4.i386.rpm
06f53b5223f6cb0989eb6d2c1c709ace java-1.4.2-ibm-plugin-1.4.2.7-1jpp.4.el4.i386.rpm
3937cebe4d2430437d8376c071ff3f6e java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.i386.rpm

ia64:
91095470fd69f0f9d7632236120e7d0a java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.ia64.rpm
971f88fbd24d4bc41f20291aa4386347 java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.ia64.rpm
40425175a220f0f780eb5dca44dfa55e java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.ia64.rpm
753c21317025a630423d2c205968c1ea java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.ia64.rpm

ppc:
d6df0373e049ef2b4603b7ae51d133a3 java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.ppc.rpm
b2c6b236dafbb63472bd3fce88593fb6 java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.ppc.rpm
09c905c7b0997db62830bc2cb0c087f4 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.ppc.rpm
2d75e1570dcf7d9bd40ade448a652583 java-1.4.2-ibm-javacomm-1.4.2.7-1jpp.4.el4.ppc.rpm
c0a9a08712bc162e66ecd4c21962c083 java-1.4.2-ibm-jdbc-1.4.2.7-1jpp.4.el4.ppc.rpm
6fb51c79625fc5e7d2e0657211dc372c java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.ppc.rpm

s390:
1047e8cd790022fb4d4a9e4e51689d89 java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.s390.rpm
cbf3ee99f0d886ee7b286bfc327fa33e java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.s390.rpm
f5bd779019897c4d7acaca6db3ec3ddf java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.s390.rpm
e85b10f20043b11acc4143dfb23da242 java-1.4.2-ibm-jdbc-1.4.2.7-1jpp.4.el4.s390.rpm
9f86a4f4e4a7d0a774e3e720c2a3ebfb java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.s390.rpm

s390x:
c5d86501250a1bc8626b1a9840f2ef0a java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.s390x.rpm
d900d6335508f7ec99262ad8e76b35dc java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.s390x.rpm
5e0d2f22106c6737eba6ebed99ed63b4 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.s390x.rpm
c5f5a4b28adf551cffc4a3872b65420c java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.s390x.rpm

x86_64:
e0efba6fedf580dc163d3363f1f58f9d java-1.4.2-ibm-1.4.2.7-1jpp.4.el4.x86_64.rpm
7d2ea6f7b85d9b6679418735388463bd java-1.4.2-ibm-demo-1.4.2.7-1jpp.4.el4.x86_64.rpm
04ca69cd86facb7e6da94dca5f7c4741 java-1.4.2-ibm-devel-1.4.2.7-1jpp.4.el4.x86_64.rpm
6686e763dbe66aa089d9f5952af474af java-1.4.2-ibm-javacomm-1.4.2.7-1jpp.4.el4.x86_64.rpm
e6ac211159748fac80c30ea6838b769a java-1.4.2-ibm-src-1.4.2.7-1jpp.4.el4.x86_64.rpm

Red Hat Desktop version 4 Extras:

Red Hat Enterprise Linux ES version 4 Extras:

Red Hat Enterprise Linux WS version 4 Extras:

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6745
http://www-128.ibm.com/developerworks/java/jdk/alerts/
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Red Hat Security Advisory

Synopsis: Moderate: postgresql security update
Advisory ID: RHSA-2007:0064-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0064.html
Issue date: 2007-02-07
Updated on: 2007-02-07
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-5540 CVE-2007-0555

1. Summary:

Updated postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

PostgreSQL is an advanced Object-Relational database management system (DBMS).

A flaw was found in the way the PostgreSQL server handles certain SQL-language functions. An authenticated user could execute a sequence of commands which could crash the PostgreSQL server or possibly read from arbitrary memory locations. A user would need to have permissions to drop and add database tables to be able to exploit this issue (CVE-2007-0555).

A denial of service flaw was found affecting the PostgreSQL server running on Red Hat Enterprise Linux 4 systems. An authenticated user could execute an SQL command which could crash the PostgreSQL server. (CVE-2006-5540)

Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 7.4.16 or 7.3.18, which correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

212358 - CVE-2006-5540 New version fixes three different crash vulnerabilities
225493 - CVE-2007-0555 PostgreSQL arbitrary memory read flaw

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/rh-postgresql-7.3.18-1.src.rpm
3275a2557c4ad39c9c9f53cc76e5f7bc rh-postgresql-7.3.18-1.src.rpm

i386:
07bfd36f8e45296c5b4e33d615ee9343 rh-postgresql-7.3.18-1.i386.rpm
dc21c7da6c845058294585502f631420 rh-postgresql-contrib-7.3.18-1.i386.rpm
b67653f6df46561770f1ee413f51cac8 rh-postgresql-debuginfo-7.3.18-1.i386.rpm
f62cfeac0ff29d1d32faf896718e5f2e rh-postgresql-devel-7.3.18-1.i386.rpm
87dffab9c50b6e2409fc797d32e64a5e rh-postgresql-docs-7.3.18-1.i386.rpm
2aaadefdf7b6cda3617abede5fa4a763 rh-postgresql-jdbc-7.3.18-1.i386.rpm
7c80e948422e8d8427c691984f6434c5 rh-postgresql-libs-7.3.18-1.i386.rpm
f8d5e41ebcf932af8a1e040d0783a210 rh-postgresql-pl-7.3.18-1.i386.rpm
d32d4ffce4ae666c3bbb448ede1388c2 rh-postgresql-python-7.3.18-1.i386.rpm
94576318c381fee5d6b430414f469609 rh-postgresql-server-7.3.18-1.i386.rpm
6d489d71e7e330363297b491cdf47f54 rh-postgresql-tcl-7.3.18-1.i386.rpm
0182f21585ad849e276648b2bc82cdac rh-postgresql-test-7.3.18-1.i386.rpm

ia64:
3aa0bb037fcf18b83ddf9002256d8ecc rh-postgresql-7.3.18-1.ia64.rpm
45e3b1fc6850b257071934b1edcdc8e9 rh-postgresql-contrib-7.3.18-1.ia64.rpm
b67653f6df46561770f1ee413f51cac8 rh-postgresql-debuginfo-7.3.18-1.i386.rpm
d09929204400d5f2aa128daa46ccf6e4 rh-postgresql-debuginfo-7.3.18-1.ia64.rpm
8483a2e5a04b6a0254657d7e09d53600 rh-postgresql-devel-7.3.18-1.ia64.rpm
e88384674c0a7c03a6ecdad56183756f rh-postgresql-docs-7.3.18-1.ia64.rpm
a07adee41977e353df00b60667b57122 rh-postgresql-jdbc-7.3.18-1.ia64.rpm
7c80e948422e8d8427c691984f6434c5 rh-postgresql-libs-7.3.18-1.i386.rpm
7d680b89fbb6fc1cb04f1af0cc024d47 rh-postgresql-libs-7.3.18-1.ia64.rpm
69d1e056d772e5c4aaef43b0b3b9fe31 rh-postgresql-pl-7.3.18-1.ia64.rpm
103492f6397b850f60aa2716c7cc8fc2 rh-postgresql-python-7.3.18-1.ia64.rpm
b9de4dfaf45f2ac9e628b58b28738eed rh-postgresql-server-7.3.18-1.ia64.rpm
1e4a962996cbe5ae9a51e7d0aa043c9f rh-postgresql-tcl-7.3.18-1.ia64.rpm
93c1c209fd0b6bdc803c2efad52ba084 rh-postgresql-test-7.3.18-1.ia64.rpm

ppc:
6ac35c71017f2cfa4f28d89c09e72226 rh-postgresql-7.3.18-1.ppc.rpm
bd0e549be7d5d4a4a5fa6d6beeb47029 rh-postgresql-contrib-7.3.18-1.ppc.rpm
4d5d9b244a12462edd63bb4cc582d8e2 rh-postgresql-debuginfo-7.3.18-1.ppc.rpm
b840e7408c505deefd0db60b0c1c655b rh-postgresql-devel-7.3.18-1.ppc.rpm
ce9c55c776b4860dc031911582d9463c rh-postgresql-docs-7.3.18-1.ppc.rpm
7893fd579ea46d40a4a48d44e1ed665a rh-postgresql-jdbc-7.3.18-1.ppc.rpm
6f0c68a0fa42598d3e60cad1ab966935 rh-postgresql-libs-7.3.18-1.ppc.rpm
046afb031ed44ebbe2bc8f5e86c2269e rh-postgresql-libs-7.3.18-1.ppc64.rpm
3921950f1290649247cca74b0eb299a8 rh-postgresql-pl-7.3.18-1.ppc.rpm
1fc2ad9440e30ded50ce9a4fdc3b9bcb rh-postgresql-python-7.3.18-1.ppc.rpm
3a48d916575f5566ffcdd4233c2e3b63 rh-postgresql-server-7.3.18-1.ppc.rpm
bb939e05eded435ffdbbff5837f5459e rh-postgresql-tcl-7.3.18-1.ppc.rpm
cc57d8e7434c590c6a7c267311975000 rh-postgresql-test-7.3.18-1.ppc.rpm

s390:
e339da66604d31ed3b70987903e07bc8 rh-postgresql-7.3.18-1.s390.rpm
2b7ff072f02a34687d5b47300de65448 rh-postgresql-contrib-7.3.18-1.s390.rpm
d71efd6d63373870509418a77f5f6894 rh-postgresql-debuginfo-7.3.18-1.s390.rpm
c6bd20f30874d92e160db6c4421b0c77 rh-postgresql-devel-7.3.18-1.s390.rpm
b8f04e2c1855d1e6d00bed1221c27521 rh-postgresql-docs-7.3.18-1.s390.rpm
72cca384288384cfb53bdd31b4ec3472 rh-postgresql-jdbc-7.3.18-1.s390.rpm
a6c232bd32c4dcb4ff80f202e0bb86ce rh-postgresql-libs-7.3.18-1.s390.rpm
04822d3c08b5a097857035dd58058284 rh-postgresql-pl-7.3.18-1.s390.rpm
7eca3b4295d74d773b189d0b021b03a4 rh-postgresql-python-7.3.18-1.s390.rpm
cb24f0a2ae8c38a4d3f5edb779617fe3 rh-postgresql-server-7.3.18-1.s390.rpm
08ea17c6b7969f316600e6d5c5e048d1 rh-postgresql-tcl-7.3.18-1.s390.rpm
3c0facbe7839ebbd615f85fb4c1aca94 rh-postgresql-test-7.3.18-1.s390.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/rh-postgresql-7.3.18-1.src.rpm
3275a2557c4ad39c9c9f53cc76e5f7bc rh-postgresql-7.3.18-1.src.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/rh-postgresql-7.3.18-1.src.rpm
3275a2557c4ad39c9c9f53cc76e5f7bc rh-postgresql-7.3.18-1.src.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/rh-postgresql-7.3.18-1.src.rpm
3275a2557c4ad39c9c9f53cc76e5f7bc rh-postgresql-7.3.18-1.src.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/postgresql-7.4.16-1.RHEL4.1.src.rpm
e1ce8e27d5284fea7d628438ba056933 postgresql-7.4.16-1.RHEL4.1.src.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/postgresql-7.4.16-1.RHEL4.1.src.rpm
e1ce8e27d5284fea7d628438ba056933 postgresql-7.4.16-1.RHEL4.1.src.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/postgresql-7.4.16-1.RHEL4.1.src.rpm
e1ce8e27d5284fea7d628438ba056933 postgresql-7.4.16-1.RHEL4.1.src.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/postgresql-7.4.16-1.RHEL4.1.src.rpm
e1ce8e27d5284fea7d628438ba056933 postgresql-7.4.16-1.RHEL4.1.src.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Red Hat Security Advisory

Synopsis: Moderate: postgresql security update
Advisory ID: RHSA-2007:0067-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0067.html
Issue date: 2007-02-07
Updated on: 2007-02-07
Product: Red Hat Application Stack
CVE Names: CVE-2007-0555 CVE-2007-0556 CVE-2006-5540 CVE-2006-5541 CVE-2006-5542

1. Summary:

Updated postgresql packages that fix several security vulnerabilities are now available for the Red Hat Application Stack.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64
Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64

3. Problem description:

PostgreSQL is an advanced Object-Relational database management system (DBMS).

Two flaws were found in the way the PostgreSQL server handles certain SQL-language functions. An authenticated user could execute a sequence of command which could crash the PostgreSQL server or possibly read from arbitrary memory locations. A user must have permissions to drop and add database tables to exploit this flaw. (CVE-2007-0555, CVE-2007-0556)

Several denial of service flaws were found in the PostgreSQL server. An authenticated user could execute an SQL command which could crash the PostgreSQL server. (CVE-2006-5540, CVE-2006-5541, CVE-2006-5542)

Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 8.1.7, which corrects these issues.

Note: The original PostgreSQL 8.1.7 security patch contained an error; this release includes the updated patch and so is equivalent to the soon-to-be-released 8.1.8.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

225543 - CVE-2007-0555 PostgreSQL arbitrary memory read flaws (CVE-2007-0556)
227299 - CVE-2006-5540 New version fixes three different crash vulnerabilities (CVE-2006-5541, CVE-2006-5542)
227542 - Attribute type error when updating varchar column

6. RPMs required:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4):

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/postgresql-8.1.7-3.el4s1.1.src.rpm
45bcce54c270fd2f45d2699acff84f15 postgresql-8.1.7-3.el4s1.1.src.rpm

Red Hat Application Stack v1 for Enterprise Linux ES (v.4):

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/postgresql-8.1.7-3.el4s1.1.src.rpm
45bcce54c270fd2f45d2699acff84f15 postgresql-8.1.7-3.el4s1.1.src.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5540
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5542
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

rPath Linux

rPath Security Advisory: 2007-0025-1
Published: 2007-02-06
Products: rPath Linux 1
Rating: Major
Exposure Level Classification: Local User Deterministic Vulnerability
Updated Versions:
postgresql=/conary.rpath.com@rpl:devel//1/8.1.7-0.1-1
postgresql-server=/conary.rpath.com@rpl:devel//1/8.1.7-0.1-1

References:
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556
    https://issues.rpath.com/browse/RPL-830

Description:

Previous versions of the postgresql package are vulnerable to two attacks in which an authenticated database user can cause the database server process to crash (Denial of Service), and possibly also read privileged database content (Information Exposure).

rPath Security Advisory: 2007-0026-1
Published: 2007-02-07
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification: Local Deterministic Denial of Service Updated Versions: samba=/conary.rpath.com@rpl:devel//1/3.0.24-0.1-1
samba-swat=/conary.rpath.com@rpl:devel//1/3.0.24-0.1-1

References:

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0453
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454
    https://issues.rpath.com/browse/RPL-1005

Description:

Previous versions of the samba package are vulnerable to a Denial of Service attack from authenticated users only (CVE-2007-0452). Two other vulnerabilities resolved in samba 3.0.24 do not apply to rPath Linux 1 (CVE-2007-0453 and CVE-2007-0454).

Ubuntu

Ubuntu Security Notice USN-417-1 February 05, 2007
postgresql-7.4/-8.0/-8.1 vulnerabilities
CVE-2007-0555, CVE-2007-0556

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.10:

postgresql-7.4 1:7.4.8-17ubuntu1.4
postgresql-8.0 8.0.3-15ubuntu2.3

Ubuntu 6.06 LTS:
postgresql-8.1 8.1.4-0ubuntu1.2

Ubuntu 6.10:
postgresql-8.1 8.1.4-7ubuntu0.2

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Jeff Trout discovered that the PostgreSQL server did not sufficiently check data types of SQL function arguments in some cases. An authenticated attacker could exploit this to crash the database server or read out arbitrary locations in the server's memory, which could allow retrieving database content the attacker should not be able to see. (CVE-2007-0555)

Jeff Trout reported that the query planner did not verify that a table was still compatible with a previously made query plan. By using ALTER COLUMN TYPE during query execution, an attacker could exploit this to read out arbitrary locations in the server's memory, which could allow retrieving database content the attacker should not be able to see. (CVE-2007-0556)

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-7.4_7.4.8-17ubuntu1.4.diff.gz
      Size/MD5: 61660 f0b8038e545f4cac15356c31e8a45d57
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-7.4_7.4.8-17ubuntu1.4.dsc
      Size/MD5: 1038 7f3660a4b9f9e427f6acea9f475e1d31
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-7.4_7.4.8.orig.tar.gz
      Size/MD5: 9947820 50ee979019622f8852444cfd67b58e7e
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-8.0_8.0.3-15ubuntu2.3.diff.gz
      Size/MD5: 68920 011160d5414c9a25bdf904484c6549a4
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-8.0_8.0.3-15ubuntu2.3.dsc
      Size/MD5: 1115 972244c3e7fdba5d92963a757ab60d8b
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-8.0_8.0.3.orig.tar.gz
      Size/MD5: 10786924 73c804e7e55dd916732ce6807cc13318

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-7.4/postgresql-doc-7.4_7.4.8-17ubuntu1.4_all.deb
      Size/MD5: 1062840 27ed7b68501e2b0bd549f7e671a1433a
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.0/postgresql-doc-8.0_8.0.3-15ubuntu2.3_all.deb
      Size/MD5: 1170106 56e437def51d06712e899fe95ff4c085
    http://security.ubuntu.com/ubuntu/pool/universe/p/postgresql-7.4/postgresql-server-dev-7.4_7.4.8-17ubuntu1.4_all.deb
      Size/MD5: 423444 709e6862b1dd30176be73fe8e7b9feac

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

i386 architecture (x86 compatible Intel/AMD)

powerpc architecture (Apple Macintosh G3/G4/G5)

sparc architecture (Sun SPARC/UltraSPARC)

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.2.diff.gz
      Size/MD5: 39286 30100a406c1549df3f0a228bf870478f
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-0ubuntu1.2.dsc
      Size/MD5: 1113 271b6388eebd702db1f9ad406bdde0f8
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4.orig.tar.gz
      Size/MD5: 11312643 c6554a0ef948ab2b18b617954e1788fe

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.4-0ubuntu1.2_all.deb
Size/MD5: 1441736 9219794105987e13e481af8149515193

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

i386 architecture (x86 compatible Intel/AMD)

powerpc architecture (Apple Macintosh G3/G4/G5)

sparc architecture (Sun SPARC/UltraSPARC)

Updated packages for Ubuntu 6.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-7ubuntu0.2.diff.gz
      Size/MD5: 47590 2fe36c155e5364ecaeaacbcfde0f0852
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4-7ubuntu0.2.dsc
      Size/MD5: 1176 d94f343c8a0680c7c7aeda425c3cb671
    http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-8.1_8.1.4.orig.tar.gz
      Size/MD5: 11312643 c6554a0ef948ab2b18b617954e1788fe

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.4-7ubuntu0.2_all.deb
Size/MD5: 1442792 ad3230bb78f269c02be57a044b70f322

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

i386 architecture (x86 compatible Intel/AMD)

powerpc architecture (Apple Macintosh G3/G4/G5)

sparc architecture (Sun SPARC/UltraSPARC)

Ubuntu Security Notice USN-418-1 February 05, 2007
bind9 vulnerabilities
CVE-2007-0493, CVE-2007-0494

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.10:
libdns20 1:9.3.1-2ubuntu1.2

Ubuntu 6.06 LTS:
libdns21 1:9.3.2-2ubuntu1.2

Ubuntu 6.10:
libdns21 1:9.3.2-2ubuntu3.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

A flaw was discovered in Bind's DNSSEC validation code. Remote attackers could send a specially crafted DNS query which would cause the Bind server to crash, resulting in a denial of service. Only servers configured to use DNSSEC extensions were vulnerable.

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.1-2ubuntu1.2.diff.gz
      Size/MD5: 88369 2eefc488d6319c5801f1fbb97ce382d1
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.1-2ubuntu1.2.dsc
      Size/MD5: 796 06cfe2d861a359d6b2de9f3e7929aa65
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.1.orig.tar.gz
      Size/MD5: 4673603 9ff3204eea27184ea0722f37e43fc95d

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-doc_9.3.1-2ubuntu1.2_all.deb
Size/MD5: 173878 dc064def324a0c95769e249f0bf1153b

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

i386 architecture (x86 compatible Intel/AMD)

powerpc architecture (Apple Macintosh G3/G4/G5)

sparc architecture (Sun SPARC/UltraSPARC)

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2-2ubuntu1.2.diff.gz
      Size/MD5: 90211 53d3b60d1c79de883203c56ea0434b0b
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2-2ubuntu1.2.dsc
      Size/MD5: 764 95fc843ff1cfa77a5883c61dc0ea71cf
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2.orig.tar.gz
      Size/MD5: 5302112 55e709501a7780233c36e25ccd15ece2

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-doc_9.3.2-2ubuntu1.2_all.deb
Size/MD5: 180490 7961fe2cd528871f4c4467ce6ddf9ed6

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

i386 architecture (x86 compatible Intel/AMD)

powerpc architecture (Apple Macintosh G3/G4/G5)

sparc architecture (Sun SPARC/UltraSPARC)

Updated packages for Ubuntu 6.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2-2ubuntu3.1.diff.gz
      Size/MD5: 90728 13b2078f71dcdfc732a6fad6d7d2ebcf
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2-2ubuntu3.1.dsc
      Size/MD5: 765 1624151441e071b5ae1c6c1d27ac7c58
    http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9_9.3.2.orig.tar.gz
      Size/MD5: 5302112 55e709501a7780233c36e25ccd15ece2

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/b/bind9/bind9-doc_9.3.2-2ubuntu3.1_all.deb
Size/MD5: 180734 18c5e53ea8998a7e27bdf0b995b806ca

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

i386 architecture (x86 compatible Intel/AMD)

powerpc architecture (Apple Macintosh G3/G4/G5)

sparc architecture (Sun SPARC/UltraSPARC)

Ubuntu Security Notice USN-419-1 February 06, 2007
samba vulnerabilities
CVE-2007-0452, CVE-2007-0454

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.10:
samba 3.0.14a-6ubuntu1.2

Ubuntu 6.06 LTS:
samba 3.0.22-1ubuntu3.2

Ubuntu 6.10:
samba 3.0.22-1ubuntu4.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

A flaw was discovered in Samba's file opening code, which in certain situations could lead to an endless loop, resulting in a denial of service. (CVE-2007-0452)

A format string overflow was discovered in Samba's ACL handling on AFS shares. Remote users with access to an AFS share could create crafted filenames and execute arbitrary code with root privileges. (CVE-2007-0454)

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.14a-6ubuntu1.2.diff.gz
      Size/MD5: 129404 9c80fb3ac45c4e0f976ee8b6e73811a7
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.14a-6ubuntu1.2.dsc
      Size/MD5: 1111 30b5876aa6db4a2e59645eb82cb014f2
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.14a.orig.tar.gz
      Size/MD5: 15605851 ebee37e66a8b5f6fd328967dc09088e8

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc_3.0.14a-6ubuntu1.2_all.deb
Size/MD5: 12121544 9140b22154ec280441bbe05155d58b7e

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

i386 architecture (x86 compatible Intel/AMD)

powerpc architecture (Apple Macintosh G3/G4/G5)

sparc architecture (Sun SPARC/UltraSPARC)

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.22-1ubuntu3.2.diff.gz
      Size/MD5: 147923 8ff05eb08bd9996cc745814ac236d94a
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.22-1ubuntu3.2.dsc
      Size/MD5: 1195 54fb5c491fabacd6eb4f2bf07f0f0869
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.22.orig.tar.gz
      Size/MD5: 17542657 5c39505af17cf5caf3d6ed8bab135036

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc-pdf_3.0.22-1ubuntu3.2_all.deb
      Size/MD5: 6593736 417e4ac796b3e677aae6deaa60d5bf31
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc_3.0.22-1ubuntu3.2_all.deb
      Size/MD5: 6901226 afe1adf43ef2fcd6cf2063da436bf067

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

i386 architecture (x86 compatible Intel/AMD)

powerpc architecture (Apple Macintosh G3/G4/G5)

sparc architecture (Sun SPARC/UltraSPARC)

Updated packages for Ubuntu 6.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.22-1ubuntu4.1.diff.gz
      Size/MD5: 147929 049c3aebc17efcf67f9277dc28f5fcd8
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.22-1ubuntu4.1.dsc
      Size/MD5: 1196 28d64c9bde36c4b36dc86b6a0dedb1f7
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.22.orig.tar.gz
      Size/MD5: 17542657 5c39505af17cf5caf3d6ed8bab135036

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc-pdf_3.0.22-1ubuntu4.1_all.deb
      Size/MD5: 6593776 6346aa8d09a5f0a840dc02442c2c76e1
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc_3.0.22-1ubuntu4.1_all.deb
      Size/MD5: 6901300 169211b8e9ca41cdb7dc4ed546d155fb

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

i386 architecture (x86 compatible Intel/AMD)

powerpc architecture (Apple Macintosh G3/G4/G5)

sparc architecture (Sun SPARC/UltraSPARC)

Ubuntu Security Notice USN-420-1 February 06, 2007
kdelibs vulnerability
CVE-2007-0537

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.10:
kdelibs4c2 4:3.4.3-0ubuntu2.2

Ubuntu 6.06 LTS:
kdelibs4c2a 4:3.5.2-0ubuntu18.2

Ubuntu 6.10:
kdelibs4c2a 4:3.5.5-0ubuntu3.1

After a standard system upgrade you need to restart your session to effect the necessary changes.

Details follow:

Jose Avila III and Robert Tasarz discovered that the KDE HTML library did not correctly parse HTML comments inside the "title" tag. By tricking a Konqueror user into visiting a malicious website, an attacker could bypass cross-site scripting protections.

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.2.diff.gz
      Size/MD5: 330443 7bf67340aef75bbafe1bf0f517ad0677
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.2.dsc
      Size/MD5: 1523 9a013d5dc8f7953036af99dd264f9811
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3.orig.tar.gz
      Size/MD5: 19981388 36e7a8320bd95760b41c4849da170100

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.4.3-0ubuntu2.2_all.deb
      Size/MD5: 6970448 a0a541bd78cb848da8aa97ac4b29d0fe
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.4.3-0ubuntu2.2_all.deb
      Size/MD5: 29298458 f04629ca27bafeaa897a86839fc6e645
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.2_all.deb
      Size/MD5: 30714 8ec392ba5ba0f78e9b12dd9d025019d6

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_amd64.deb
      Size/MD5: 926668 3e7c767a9eeb80d0a85640d7dbfb53d7
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_amd64.deb
      Size/MD5: 1309046 e73c5de672193ac0385a28dd3accf646
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_amd64.deb
      Size/MD5: 22552842 287114119aee64a256f8fce295e9d034
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_amd64.deb
      Size/MD5: 9109026 aa34fe2f02d9772ad8e25bb36e573505

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_i386.deb
      Size/MD5: 814498 1eace86f58caf3f936c77e749a45ffc6
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_i386.deb
      Size/MD5: 1305652 0ce209d9c2c5ed846dbb1edc16fe5606
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_i386.deb
      Size/MD5: 19410566 85751508b7f13b790cbda8d795930a72
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_i386.deb
      Size/MD5: 8072650 9caf6a826bb790e309036555f40b9b8d

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_powerpc.deb
      Size/MD5: 909782 0a1cbec28532ca006c7ddcb6990a6e65
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_powerpc.deb
      Size/MD5: 1310430 f31f57e3c37f8c12e586cfa0084dc203
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_powerpc.deb
      Size/MD5: 22763768 b1aba1f6b9ef2c454f2172d442302b49
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_powerpc.deb
      Size/MD5: 8433768 18b2c898ed6d40844c19635d8b85e8a2

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_sparc.deb
      Size/MD5: 831058 158b90fe780e29e6618cf4b7f9f96bc8
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_sparc.deb
      Size/MD5: 1307028 b1c14bf29a7622ac3844c68a652bf21c
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_sparc.deb
      Size/MD5: 20031538 f2778deea8ef14eb9b3e90f5ed97ab50
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_sparc.deb
      Size/MD5: 8241130 26c0145f1abb71b0a3ea5a89214df223

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.2.diff.gz
      Size/MD5: 477706 5d236a3b69a4bae7b81d337e58a2c3fe
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.2.dsc
      Size/MD5: 1609 0a27d1f21c1374d8abf8ea0dba0abf79
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2.orig.tar.gz
      Size/MD5: 18775353 00c878d449522fb8aa2769a4c5ae1fde

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.2-0ubuntu18.2_all.deb
      Size/MD5: 7083858 f74b97726f683b5eca3798bd8f7ae2a1
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.2-0ubuntu18.2_all.deb
      Size/MD5: 41496444 87e2fc31c4dd95cd7d87aeee51dec330
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.2_all.deb
      Size/MD5: 35748 636e14773798c30ddf4c0a87b3d5cd39

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_amd64.deb
      Size/MD5: 925624 1ba9b88fc6456c6dac97693532412fde
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_amd64.deb
      Size/MD5: 26451886 2eaed22c02f68909ebe219629a774dc6
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_amd64.deb
      Size/MD5: 1355626 1458250a60303a07ad551ce343ae23ec
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_amd64.deb
      Size/MD5: 9406898 7f952f591c7345216bfc0bb42277875d

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_i386.deb
      Size/MD5: 814970 cc6ae65176411013a8dea78a77151e25
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_i386.deb
      Size/MD5: 22925204 60d4c71b837e82da16d2b1ad75cbf628
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_i386.deb
      Size/MD5: 1352256 1ceee31122ff0fe680fbdbebbd6c8ced
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_i386.deb
      Size/MD5: 8334452 427cd25652287fc52ba2bdbd028c2f33

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_powerpc.deb
      Size/MD5: 905950 4b29acb4cc1a8fb52ff9bb7b3715b0d3
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_powerpc.deb
      Size/MD5: 26718664 f92f6f62ab9b9bbd0da8cb649dbeb132
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_powerpc.deb
      Size/MD5: 1356968 a6e62679f09dbafa54137204af905494
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_powerpc.deb
      Size/MD5: 8689506 0b3b6f533712eb6a8143827d2b01b015

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_sparc.deb
      Size/MD5: 827096 17f46503797d14c6be17c7fd890ac843
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_sparc.deb
      Size/MD5: 23623320 36aefb75ec36a60d3308392842556130
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_sparc.deb
      Size/MD5: 1353298 9627c92acea5abc671668d0b5ecfd744
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_sparc.deb
      Size/MD5: 8491558 dd2fe11d276e78bb16bd42bc34452c20

Updated packages for Ubuntu 6.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1.diff.gz
      Size/MD5: 734200 8d5db0d6c6070468a32841b75a9e0d83
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1.dsc
      Size/MD5: 1691 7a23f4f003e66e4a4fb90f620a0de347
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5.orig.tar.gz
      Size/MD5: 18926397 65e455d5814142ee992097230ffe7e80

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.5-0ubuntu3.1_all.deb
      Size/MD5: 7210528 1e62a8249a44e98da5ba24c1eaa1d4f0
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.5-0ubuntu3.1_all.deb
      Size/MD5: 39981890 5469fd4b98d68f0e01ddb4bd5ba7d904
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1_all.deb
      Size/MD5: 37742 2b1ebdb5648cbd390ecd1fa8d6b2d7e4

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_amd64.deb
      Size/MD5: 27050664 b7884e4a85307416811f755e2ed967aa
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_amd64.deb
      Size/MD5: 1345432 c2cd5e2b9433e629ae366965b47c30c6
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_amd64.deb
      Size/MD5: 10401586 f02e2f09dfd27d09f2a00daaaa6a7969

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_i386.deb
      Size/MD5: 26229446 ae021c2a0a95f237a934962a39e13821
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_i386.deb
      Size/MD5: 1343076 5e46eaa9d38a6876671efd18ac052ef5
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_i386.deb
      Size/MD5: 9555316 4573d9f461ff2a441a13ac744e8f27e5

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_powerpc.deb
      Size/MD5: 28018226 74bc9b1b1e11817b33e3027213462fa0
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_powerpc.deb
      Size/MD5: 1347170 df48d8bc10826c2805d607f4d52eb738
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_powerpc.deb
      Size/MD5: 9782346 4d5986ecf7ace1bd5bf275d101f98e03

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_sparc.deb
      Size/MD5: 25362410 e80c7336df062cac6690d745d91730fc
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_sparc.deb
      Size/MD5: 1343134 cc62c0d393cacc36a552c304cee9b2a1
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_sparc.deb
      Size/MD5: 9473018 dfff27cb2bcb323d51d4b16e11453d49

No talkbacks posted.

Home | Search Talkbacks | Customize View

Top of Page

Enter your comments below:

All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux, Apache and PHP

Terms of Service | Licensing & Permissions | Privacy Policy
About the Developer.com Network | Advertise

Terms of Service | Licensing & Permissions | Privacy Policy
About the IT Business Edge Network | Advertise

Acceptable Use Policy

Terms of Service | Licensing & Permissions | Privacy Policy
About the Developer.com Network | Advertise

Acceptable Use Policy

Terms of Service | Licensing & Permissions | Privacy Policy
About the IT Business Edge Network | Advertise