dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


Advisories: October 12, 2005

Oct 13, 2005, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 863-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
October 12th, 2005 http://www.debian.org/security/faq


Package : xine-lib
Vulnerability : format string vulnerability
Problem type : remote
Debian-specific: no
CVE ID : CAN-2005-2967
Debian Bug : 332919

Ulf Hörnhammar from the Debian Security Audit Project discovered a format string vulnerability in the CDDB processing component of xine-lib, the xine video/media player library, that could lead to the execution of arbitrary code caused by a malicious CDDB entry.

For the old stable distribution (woody) this problem has been fixed in version 0.9.8-2woody4.

For the stable distribution (sarge) this problem has been fixed in version 1.0.1-1sarge1.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your libxine0 and libxine1 packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8-2woody4.dsc
      Size/MD5 checksum: 760 84aebc3ee4340cb3fa349e42d3aea4cd
    http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8-2woody4.diff.gz
      Size/MD5 checksum: 1597 46ad3714f12ecf6f7d7b2b636d4bf235
    http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8.orig.tar.gz
      Size/MD5 checksum: 1766178 d8fc9b30e15b50af8ab7552bbda7aeda

Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody4_alpha.deb
      Size/MD5 checksum: 260872 3bebc687e6c44bc82e50db6c2d2cd3b8
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody4_alpha.deb
      Size/MD5 checksum: 815976 7bb3fb084e92abd99744c9acf6ac22da

ARM architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody4_arm.deb
      Size/MD5 checksum: 302882 31ee75176734f2e5c6043a26adc9902f
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody4_arm.deb
      Size/MD5 checksum: 671170 cb8b14723c24239887a429bedf61e242

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody4_i386.deb
      Size/MD5 checksum: 260622 7159cbfeb050fb5fe4351dfea84c4bad
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody4_i386.deb
      Size/MD5 checksum: 807814 dfd99f47c92f915d6c5df50c23850381

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody4_ia64.deb
      Size/MD5 checksum: 260752 eb801bd263f4dbb40c225e466ae67e2b
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody4_ia64.deb
      Size/MD5 checksum: 953236 b60a296e34ea59571815ff5f275f2f2e

HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody4_hppa.deb
      Size/MD5 checksum: 260908 d0bda23bf754d3ef07800ef73d98fef9
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody4_hppa.deb
      Size/MD5 checksum: 846538 1911d208c69f6cab880942e44164a535

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody4_m68k.deb
      Size/MD5 checksum: 292614 c771ddacc9e613908ab38d8bd6479817
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody4_m68k.deb
      Size/MD5 checksum: 617486 1c45b44979c1c9eb216e3208e2116dc0

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody4_mips.deb
      Size/MD5 checksum: 299614 c674f7052bc3348c57bdfac79287e531
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody4_mips.deb
      Size/MD5 checksum: 652744 a8a7821f6d02019accc465aa46324a40

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody4_mipsel.deb
      Size/MD5 checksum: 299490 c08ae028419b54e8a25736f7e66b4467
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody4_mipsel.deb
      Size/MD5 checksum: 654564 cd4c710e0e864d4d997dad6dae9b1efc

PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody4_powerpc.deb
      Size/MD5 checksum: 261186 8c3d8bd4467ef65ecb61b6b4b1ff03da
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody4_powerpc.deb
      Size/MD5 checksum: 742266 3e1460d9cc957d625e9ff44377ae6f26

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody4_s390.deb
      Size/MD5 checksum: 302292 7216573fea366f8fef931e72b5a54282
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody4_s390.deb
      Size/MD5 checksum: 662612 f9e46c22eef8996b6347f49949df0541

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody4_sparc.deb
      Size/MD5 checksum: 261010 11123abda55e4697196811214665e73a
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody4_sparc.deb
      Size/MD5 checksum: 807562 cd819a0831e1118fd1b5742f19e385f2

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge1.dsc
      Size/MD5 checksum: 1059 8b0c1be9a18fcc5bb8924c59459aaa09
    http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge1.diff.gz
      Size/MD5 checksum: 1830 ccd0e6defc6b1a7ffef940c2093ff171
    http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
      Size/MD5 checksum: 7774954 9be804b337c6c3a2e202c5a7237cb0f8

Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge1_alpha.deb
      Size/MD5 checksum: 107494 575f2882115ac55692df0bc0f0afd315
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge1_alpha.deb
      Size/MD5 checksum: 4829040 ca32cccc95f84e96ee7c4168d2fd240b

AMD64 architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge1_amd64.deb
      Size/MD5 checksum: 107494 bdffd0330ec645316870ac0daad7547f
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge1_amd64.deb
      Size/MD5 checksum: 3932956 06514728c23a35b3cbf80770266d6fa8

ARM architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge1_arm.deb
      Size/MD5 checksum: 107542 b163252c35280ed6861106ca0b31b49f
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge1_arm.deb
      Size/MD5 checksum: 3877978 a4dcdf3af236e9ee7457bd5c1cf79898

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge1_i386.deb
      Size/MD5 checksum: 107552 a7a8a1012ba9351263fb520a013d7b9a
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge1_i386.deb
      Size/MD5 checksum: 4204476 ad45e280a9cf6d2155f48391590fed24

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge1_ia64.deb
      Size/MD5 checksum: 107496 50173acc27cbb4d4231fbde021a485e9
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge1_ia64.deb
      Size/MD5 checksum: 5620168 d2b697a37ad542af4949a198cdc5a996

HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge1_hppa.deb
      Size/MD5 checksum: 107518 f584f23d0a4a31f90286e6b4cea346dc
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge1_hppa.deb
      Size/MD5 checksum: 3598516 fabdcfc0f8fa78f33e27ff1ad2950887

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge1_m68k.deb
      Size/MD5 checksum: 107560 52729206ab986c979ef9a8a9e9d1285f
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge1_m68k.deb
      Size/MD5 checksum: 3174806 878892556bc2fc96ffdaa31002f34558

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge1_mips.deb
      Size/MD5 checksum: 107512 1b54724fbf216190fc666e5ec13c14f0
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge1_mips.deb
      Size/MD5 checksum: 4066338 e5a49aa6c8133e77cca04f6fa0501cea

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge1_mipsel.deb
      Size/MD5 checksum: 107508 f9bca3c42c901726b2fe664c57228814
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge1_mipsel.deb
      Size/MD5 checksum: 4125184 1d1bfd60a742587670570e1e5400a295

PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge1_powerpc.deb
      Size/MD5 checksum: 107532 31fbdf1bb08bcf5cef34a70f0d7ee506
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge1_powerpc.deb
      Size/MD5 checksum: 4305114 d6e1e70500f51682bc68b67b7eef4622

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge1_s390.deb
      Size/MD5 checksum: 107504 aaed81dcb09b593632bd6815621a4b51
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge1_s390.deb
      Size/MD5 checksum: 3880418 5c47a59bb53c0664c6fc2ba9def72baf

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge1_sparc.deb
      Size/MD5 checksum: 107522 fb52f99a95b795fa86c5d83374ead004
    http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge1_sparc.deb
      Size/MD5 checksum: 4360130 d0492e0848553956a8cf5e0a027e6963

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Mandriva Linux


Mandriva Linux Security Update Advisory


Package name: squirrelmail
Advisory ID: MDKSA-2005:178
Date: October 11th, 2005
Affected versions: Corporate 3.0


Problem Description:

A cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag.

The updated packages have an updated Address Add plugin to correct this problem.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3128


Updated Packages:

Corporate 3.0:
2341c318bfbd7734dc8b79034069885b corporate/3.0/RPMS/squirrelmail-1.4.2-11.2.C30mdk.noarch.rpm
944a7c659d7dd2ceef0c4eef2876628e corporate/3.0/RPMS/squirrelmail-poutils-1.4.2-11.2.C30mdk.noarch.rpm
edf57fba5bb134453ba7dbe8d18339f5 corporate/3.0/SRPMS/squirrelmail-1.4.2-11.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
ef69fe51a0b58e202cbcec5e9cfcee83 x86_64/corporate/3.0/RPMS/squirrelmail-1.4.2-11.2.C30mdk.noarch.rpm
54244c96e2f1a1c27f074fbe6ed4ea85 x86_64/corporate/3.0/RPMS/squirrelmail-poutils-1.4.2-11.2.C30mdk.noarch.rpm
edf57fba5bb134453ba7dbe8d18339f5 x86_64/corporate/3.0/SRPMS/squirrelmail-1.4.2-11.2.C30mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Update Advisory


Package name: openssl
Advisory ID: MDKSA-2005:179
Date: October 11th, 2005
Affected versions: 10.1, 10.2, 2006.0, Corporate 3.0, Corporate Server 2.1, Multi Network Firewall 2.0


Problem Description:

Yutaka Oiwa discovered vulnerability potentially affects applications that use the SSL/TLS server implementation provided by OpenSSL.

Such applications are affected if they use the option SSL_OP_MSIE_SSLV2_RSA_PADDING. This option is implied by use of SSL_OP_ALL, which is intended to work around various bugs in thirdparty software that might prevent interoperability. The SSL_OP_MSIE_SSLV2_RSA_PADDING option disables a verification step in the SSL 2.0 server supposed to prevent active protocol-version rollback attacks. With this verification step disabled, an attacker acting as a "man in the middle" can force a client and a server to negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0. The SSL 2.0 protocol is known to have severe cryptographic weaknesses and is supported as a fallback only. (CAN-2005-2969)

The current default algorithm for creating "message digests" (electronic signatures) for certificates created by openssl is MD5. However, this algorithm is not deemed secure any more, and some practical attacks have been demonstrated which could allow an attacker to forge certificates with a valid certification authority signature even if he does not know the secret CA signing key.

To address this issue, openssl has been changed to use SHA-1 by default. This is a more appropriate default algorithm for the majority of use cases. If you still want to use MD5 as default, you can revert this change by changing the two instances of "default_md = sha1" to "default_md = md5" in /usr/{lib,lib64}/ssl/openssl.cnf. (CAN-2005-2946)


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2946
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2969


Updated Packages:

Mandrivalinux 10.1:
2fa715275a4a918b15eb02e402b755bc 10.1/RPMS/libopenssl0.9.7-0.9.7d-1.3.101mdk.i586.rpm
1912f9be0eccc4b2903616ac2c0d5103 10.1/RPMS/libopenssl0.9.7-devel-0.9.7d-1.3.101mdk.i586.rpm
4d51641d38b5e0e8c6be5fcc211ffa3b 10.1/RPMS/libopenssl0.9.7-static-devel-0.9.7d-1.3.101mdk.i586.rpm
6e40220d7461ad8e711aa2ee5a772b1f 10.1/RPMS/openssl-0.9.7d-1.3.101mdk.i586.rpm
abb721aa2ccf15e555c4f84981366022 10.1/SRPMS/openssl-0.9.7d-1.3.101mdk.src.rpm

Mandrivalinux 10.1/X86_64:
5b820a306004c31fcac518aec78bfea3 x86_64/10.1/RPMS/lib64openssl0.9.7-0.9.7d-1.3.101mdk.x86_64.rpm
4b506c7086fd330fde0fe724a5bd865c x86_64/10.1/RPMS/lib64openssl0.9.7-devel-0.9.7d-1.3.101mdk.x86_64.rpm
9fb820e394e6da5db74a60d7062a6c23 x86_64/10.1/RPMS/lib64openssl0.9.7-static-devel-0.9.7d-1.3.101mdk.x86_64.rpm
f113ec9a24627d354eaa37db78784d31 x86_64/10.1/RPMS/openssl-0.9.7d-1.3.101mdk.x86_64.rpm
abb721aa2ccf15e555c4f84981366022 x86_64/10.1/SRPMS/openssl-0.9.7d-1.3.101mdk.src.rpm

Mandrivalinux 10.2:
7448f1bd46305af8ca09c794828bc14d 10.2/RPMS/libopenssl0.9.7-0.9.7e-5.2.102mdk.i586.rpm
dd17f238c7c4eeb93f330794d28fef20 10.2/RPMS/libopenssl0.9.7-devel-0.9.7e-5.2.102mdk.i586.rpm
4d6b82c86b3b7430273e9f7804b448f3 10.2/RPMS/libopenssl0.9.7-static-devel-0.9.7e-5.2.102mdk.i586.rpm
ec6b0d749ed3f7c8b2ee48cea5c104f5 10.2/RPMS/openssl-0.9.7e-5.2.102mdk.i586.rpm
14554b0fff0abfe1da54b8f9c68c8a75 10.2/SRPMS/openssl-0.9.7e-5.2.102mdk.src.rpm

Mandrivalinux 10.2/X86_64:
a34fa268399bce8d59b185df255f1d19 x86_64/10.2/RPMS/lib64openssl0.9.7-0.9.7e-5.2.102mdk.x86_64.rpm
3f403f1c36d53bb35174c04badbea2d9 x86_64/10.2/RPMS/lib64openssl0.9.7-devel-0.9.7e-5.2.102mdk.x86_64.rpm
68d2a4a298fd37719343c4ade853e22d x86_64/10.2/RPMS/lib64openssl0.9.7-static-devel-0.9.7e-5.2.102mdk.x86_64.rpm
8b53d1949aa30ca813f27c5dd3bb1062 x86_64/10.2/RPMS/openssl-0.9.7e-5.2.102mdk.x86_64.rpm
14554b0fff0abfe1da54b8f9c68c8a75 x86_64/10.2/SRPMS/openssl-0.9.7e-5.2.102mdk.src.rpm

Mandrivalinux 2006.0:
bc7f3ba61af3334757c65e1682eb0065 2006.0/RPMS/libopenssl0.9.7-0.9.7g-2.1.20060mdk.i586.rpm
a15b20362dd7437ff974642af0756d79 2006.0/RPMS/libopenssl0.9.7-devel-0.9.7g-2.1.20060mdk.i586.rpm
65bab77540badadc2152d7803d13c63f 2006.0/RPMS/libopenssl0.9.7-static-devel-0.9.7g-2.1.20060mdk.i586.rpm
d06fa459cf871d890bf3a4ff22b85cd7 2006.0/RPMS/openssl-0.9.7g-2.1.20060mdk.i586.rpm
fc0ed1a9eab0dfdb3f35c3cdb46004e8 2006.0/SRPMS/openssl-0.9.7g-2.1.20060mdk.src.rpm

Mandrivalinux 2006.0/X86_64:
3b54d300cf1b6889d764e36660d3542d x86_64/2006.0/RPMS/lib64openssl0.9.7-0.9.7g-2.1.20060mdk.x86_64.rpm
aa8e520156a9d878ed43179dfcc5210f x86_64/2006.0/RPMS/lib64openssl0.9.7-devel-0.9.7g-2.1.20060mdk.x86_64.rpm
8bece33914331ad81e9e88dfef1b4319 x86_64/2006.0/RPMS/lib64openssl0.9.7-static-devel-0.9.7g-2.1.20060mdk.x86_64.rpm
4a654cfa16e31f450493e59de0cb372c x86_64/2006.0/RPMS/openssl-0.9.7g-2.1.20060mdk.x86_64.rpm
fc0ed1a9eab0dfdb3f35c3cdb46004e8 x86_64/2006.0/SRPMS/openssl-0.9.7g-2.1.20060mdk.src.rpm

Multi Network Firewall 2.0:
60451a13eb787c55a9463322b6bdb419 mnf/2.0/RPMS/libopenssl0.9.7-0.9.7c-3.3.M20mdk.i586.rpm
3a5dae5ff129437461180df9a8dd5b0b mnf/2.0/RPMS/openssl-0.9.7c-3.3.M20mdk.i586.rpm
c89dcc035040ed512ab2823b978b5205 mnf/2.0/SRPMS/openssl-0.9.7c-3.3.M20mdk.src.rpm

Corporate Server 2.1:
7ce23e8906c2001f93afdbdb544a5659 corporate/2.1/RPMS/libopenssl0-0.9.6i-1.10.C21mdk.i586.rpm
26e569e8dd0598bd5f55d1a954989e7b corporate/2.1/RPMS/libopenssl0-devel-0.9.6i-1.10.C21mdk.i586.rpm
c54a45b3cf589095382c1399f0435353 corporate/2.1/RPMS/libopenssl0-static-devel-0.9.6i-1.10.C21mdk.i586.rpm
bc5ff8f4e044678c40b5bae08b263216 corporate/2.1/RPMS/openssl-0.9.6i-1.10.C21mdk.i586.rpm
6fa6d2e82bffdf044663ccd40b14bba3 corporate/2.1/SRPMS/openssl-0.9.6i-1.10.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
4b85f119fb4908f785ee5e4cd6f81312 x86_64/corporate/2.1/RPMS/libopenssl0-0.9.6i-1.10.C21mdk.x86_64.rpm
d366f2f72a511fbb4887de0d17303339 x86_64/corporate/2.1/RPMS/libopenssl0-devel-0.9.6i-1.10.C21mdk.x86_64.rpm
b3a4d7295c802dc5a486022bffe8f8aa x86_64/corporate/2.1/RPMS/libopenssl0-static-devel-0.9.6i-1.10.C21mdk.x86_64.rpm
cd0e605ae88e746d8124f550ff26c723 x86_64/corporate/2.1/RPMS/openssl-0.9.6i-1.10.C21mdk.x86_64.rpm
6fa6d2e82bffdf044663ccd40b14bba3 x86_64/corporate/2.1/SRPMS/openssl-0.9.6i-1.10.C21mdk.src.rpm

Corporate 3.0:
e77b2aeadf368cac390fda472f96f76d corporate/3.0/RPMS/libopenssl0.9.7-0.9.7c-3.3.C30mdk.i586.rpm
e3e077097643c9247b0e866c0ea08c9d corporate/3.0/RPMS/libopenssl0.9.7-devel-0.9.7c-3.3.C30mdk.i586.rpm
eb61ee6a8464a43e951102fa5a9df4b0 corporate/3.0/RPMS/libopenssl0.9.7-static-devel-0.9.7c-3.3.C30mdk.i586.rpm
fa6ce3b5dc685d567040061676d047ba corporate/3.0/RPMS/openssl-0.9.7c-3.3.C30mdk.i586.rpm
502e04472212778c866211c6179f4127 corporate/3.0/SRPMS/openssl-0.9.7c-3.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
bdc1b94ef64f4c0c02948d8ec08184b1 x86_64/corporate/3.0/RPMS/lib64openssl0.9.7-0.9.7c-3.3.C30mdk.x86_64.rpm
f2b65309719e499eb1a9d9f857c51921 x86_64/corporate/3.0/RPMS/lib64openssl0.9.7-devel-0.9.7c-3.3.C30mdk.x86_64.rpm
48e9d2cd78e4a44a4bd61542a47f2d5b x86_64/corporate/3.0/RPMS/lib64openssl0.9.7-static-devel-0.9.7c-3.3.C30mdk.x86_64.rpm
3aef366b6921b180f304ae1a8c10ba78 x86_64/corporate/3.0/RPMS/openssl-0.9.7c-3.3.C30mdk.x86_64.rpm
502e04472212778c866211c6179f4127 x86_64/corporate/3.0/SRPMS/openssl-0.9.7c-3.3.C30mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Update Advisory


Package name: xine-lib
Advisory ID: MDKSA-2005:180
Date: October 11th, 2005
Affected versions: 10.1, 10.2, 2006.0, Corporate 3.0


Problem Description:

When playing an Audio CD, a xine-lib based media application contacts a CDDB server to retrieve metadata like the title and artist's name. During processing of this data, a response from the server, which is located in memory on the stack, is passed to the fprintf() function as a format string. An attacker can set up a malicious CDDB server and trick the client into using this server instead of the preconfigured one. Alternatively, any user and therefore the attacker can modify entries in the official CDDB server. Using this format string vulnerability, attacker-chosen data can be written to an attacker-chosen memory location. This allows the attacker to alter the control flow and to execute malicious code with the permissions of the user running the application.

This problem was reported by Ulf Harnhammar from the Debian Security Audit Project.

The updated packages have been patched to correct this problem.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2967
http://xinehq.de/index.php/security/XSA-2005-1


Updated Packages:

Mandrivalinux 10.1:
3f07ca856ac1574af04fbe1b27ee965e 10.1/RPMS/libxine1-1-0.rc5.9.3.101mdk.i586.rpm
023408c3ee89298c373a3a6927a3061e 10.1/RPMS/libxine1-devel-1-0.rc5.9.3.101mdk.i586.rpm
f15dbebfea2af1a970b7d2efd9294553 10.1/RPMS/xine-aa-1-0.rc5.9.3.101mdk.i586.rpm
964bf0c612fdd2ad9f4d3f0189db4c5d 10.1/RPMS/xine-arts-1-0.rc5.9.3.101mdk.i586.rpm
942189b2e906e9318bb729841499714c 10.1/RPMS/xine-dxr3-1-0.rc5.9.3.101mdk.i586.rpm
d87d3f48cf4378de0cd66a763df69a22 10.1/RPMS/xine-esd-1-0.rc5.9.3.101mdk.i586.rpm
f015327c624aa069668a8faddc7989da 10.1/RPMS/xine-flac-1-0.rc5.9.3.101mdk.i586.rpm
fe16081d5be8ae716f139e7cc7971738 10.1/RPMS/xine-gnomevfs-1-0.rc5.9.3.101mdk.i586.rpm
b595c492e3d38c394a05bef235a8b50e 10.1/RPMS/xine-plugins-1-0.rc5.9.3.101mdk.i586.rpm
ae824a8ad57afa4af74d14ac36aec48f 10.1/SRPMS/xine-lib-1-0.rc5.9.3.101mdk.src.rpm

Mandrivalinux 10.1/X86_64:
c56c742c25b4e7ef55363bc433ada6b6 x86_64/10.1/RPMS/lib64xine1-1-0.rc5.9.3.101mdk.x86_64.rpm
8174e6c20c36883482a8c92ac7a32dd4 x86_64/10.1/RPMS/lib64xine1-devel-1-0.rc5.9.3.101mdk.x86_64.rpm
3f07ca856ac1574af04fbe1b27ee965e x86_64/10.1/RPMS/libxine1-1-0.rc5.9.3.101mdk.i586.rpm
c4b594b75216ec745901c2bc910aa854 x86_64/10.1/RPMS/xine-aa-1-0.rc5.9.3.101mdk.x86_64.rpm
0aa452c0c36a9a7eae6bc8276c585133 x86_64/10.1/RPMS/xine-arts-1-0.rc5.9.3.101mdk.x86_64.rpm
bf3e6970c3b37d80eee58be3804aaef1 x86_64/10.1/RPMS/xine-dxr3-1-0.rc5.9.3.101mdk.x86_64.rpm
419d4acc74bd3368f4ad7e841b71583f x86_64/10.1/RPMS/xine-esd-1-0.rc5.9.3.101mdk.x86_64.rpm
a934d38fc6bc894afcd51fc443c5387a x86_64/10.1/RPMS/xine-flac-1-0.rc5.9.3.101mdk.x86_64.rpm
c71f58dd79bbd7a67ade68f9f0c47537 x86_64/10.1/RPMS/xine-gnomevfs-1-0.rc5.9.3.101mdk.x86_64.rpm
9d2dbdaf3887b90af8f6f275956fba25 x86_64/10.1/RPMS/xine-plugins-1-0.rc5.9.3.101mdk.x86_64.rpm
ae824a8ad57afa4af74d14ac36aec48f x86_64/10.1/SRPMS/xine-lib-1-0.rc5.9.3.101mdk.src.rpm

Mandrivalinux 10.2:
b59bd74be8211752b1f8b14eaaeb4caf 10.2/RPMS/libxine1-1.0-8.2.102mdk.i586.rpm
7df88b45784d86b120232238e80c2ae9 10.2/RPMS/libxine1-devel-1.0-8.2.102mdk.i586.rpm
22f9a1ef543d6e6b8b409e995c05f549 10.2/RPMS/xine-aa-1.0-8.2.102mdk.i586.rpm
6b288c5aec71967bb93031d1d6781f18 10.2/RPMS/xine-arts-1.0-8.2.102mdk.i586.rpm
e94fbd981fa69cdf4205f73620d65d58 10.2/RPMS/xine-dxr3-1.0-8.2.102mdk.i586.rpm
4ac7f54e7442efeac8a8f27ea94cce31 10.2/RPMS/xine-esd-1.0-8.2.102mdk.i586.rpm
93fb8780846b76c53743f74113c5d789 10.2/RPMS/xine-flac-1.0-8.2.102mdk.i586.rpm
79cf02e9f22be6638927dec066926b5d 10.2/RPMS/xine-gnomevfs-1.0-8.2.102mdk.i586.rpm
fb9103583e2eb19ad301d6a3042fad86 10.2/RPMS/xine-plugins-1.0-8.2.102mdk.i586.rpm
bd90a1fe71bd91383caf9ea5d87e2abc 10.2/RPMS/xine-polyp-1.0-8.2.102mdk.i586.rpm
4067888181bc7c025901b054ec7c8fd6 10.2/RPMS/xine-smb-1.0-8.2.102mdk.i586.rpm
3d1f4d92c41f977edf895388f4784337 10.2/SRPMS/xine-lib-1.0-8.2.102mdk.src.rpm

Mandrivalinux 10.2/X86_64:
772e4a1a0aac6006474768a0601545a3 x86_64/10.2/RPMS/lib64xine1-1.0-8.2.102mdk.x86_64.rpm
c72a8b14fbe656c62f8368fbc9449931 x86_64/10.2/RPMS/lib64xine1-devel-1.0-8.2.102mdk.x86_64.rpm
f6123a88fc6b3c7edd68dccbc75efc8d x86_64/10.2/RPMS/xine-aa-1.0-8.2.102mdk.x86_64.rpm
9768022de3f23e61649671a76de6d4a3 x86_64/10.2/RPMS/xine-arts-1.0-8.2.102mdk.x86_64.rpm
6636acc15686f32d827c367ae0e0af83 x86_64/10.2/RPMS/xine-dxr3-1.0-8.2.102mdk.x86_64.rpm
bd80ab843edcb769edbe95bee307848e x86_64/10.2/RPMS/xine-esd-1.0-8.2.102mdk.x86_64.rpm
70c16130252aca43d5cac5d30d258dbc x86_64/10.2/RPMS/xine-flac-1.0-8.2.102mdk.x86_64.rpm
19546fbd231735cdb52488c78bb3138c x86_64/10.2/RPMS/xine-gnomevfs-1.0-8.2.102mdk.x86_64.rpm
e14f01a64d3080fc35ee3f7280ae9336 x86_64/10.2/RPMS/xine-plugins-1.0-8.2.102mdk.x86_64.rpm
8281c290d3e926279706b049dd4247da x86_64/10.2/RPMS/xine-polyp-1.0-8.2.102mdk.x86_64.rpm
46f8be45f38977aa67731c5da830c43b x86_64/10.2/RPMS/xine-smb-1.0-8.2.102mdk.x86_64.rpm
3d1f4d92c41f977edf895388f4784337 x86_64/10.2/SRPMS/xine-lib-1.0-8.2.102mdk.src.rpm

Mandrivalinux 2006.0:
ad0dd01a46c84cb5ce8a28ce5710da28 2006.0/RPMS/libxine1-1.1.0-8.1.20060mdk.i586.rpm
b63c878314d9d393a43082f1940fd063 2006.0/RPMS/libxine1-devel-1.1.0-8.1.20060mdk.i586.rpm
77404b4ea4908b51843f26b4face7a21 2006.0/RPMS/xine-aa-1.1.0-8.1.20060mdk.i586.rpm
efec9d133963c8c8d1d052ea8d1a811d 2006.0/RPMS/xine-arts-1.1.0-8.1.20060mdk.i586.rpm
bb1f5e764c4cc933659ebe7ba2c61d88 2006.0/RPMS/xine-dxr3-1.1.0-8.1.20060mdk.i586.rpm
b74cffa6e5683afb50ed015555b2afe8 2006.0/RPMS/xine-esd-1.1.0-8.1.20060mdk.i586.rpm
f8c48d2fc87e8f562754ce36dcf7f74a 2006.0/RPMS/xine-flac-1.1.0-8.1.20060mdk.i586.rpm
b8f365ce839aa783637edd4687f89a64 2006.0/RPMS/xine-gnomevfs-1.1.0-8.1.20060mdk.i586.rpm
2fed4fcf4867293705de055f0b2095d3 2006.0/RPMS/xine-image-1.1.0-8.1.20060mdk.i586.rpm
7ee9724ef73423691f4c2622824d50e3 2006.0/RPMS/xine-plugins-1.1.0-8.1.20060mdk.i586.rpm
732ac66a4b4a8356c8afbfc6770ac6ac 2006.0/RPMS/xine-polyp-1.1.0-8.1.20060mdk.i586.rpm
f4afb35e994c48af37529481df73df9c 2006.0/RPMS/xine-smb-1.1.0-8.1.20060mdk.i586.rpm
f8551a36e839b1c284f157d042395477 2006.0/SRPMS/xine-lib-1.1.0-8.1.20060mdk.src.rpm

Mandrivalinux 2006.0/X86_64:
c9e6b7176514f797a6b4d444d630783e x86_64/2006.0/RPMS/lib64xine1-1.1.0-8.1.20060mdk.x86_64.rpm
9997e0b3a7712a94c98964d2a387d010 x86_64/2006.0/RPMS/lib64xine1-devel-1.1.0-8.1.20060mdk.x86_64.rpm
8c32b4302fe882f057cc307ef546356e x86_64/2006.0/RPMS/xine-aa-1.1.0-8.1.20060mdk.x86_64.rpm
a18e2771a126b49d93d588d7ff57f22d x86_64/2006.0/RPMS/xine-arts-1.1.0-8.1.20060mdk.x86_64.rpm
188e16a6da35e64d77ef1007f770959e x86_64/2006.0/RPMS/xine-dxr3-1.1.0-8.1.20060mdk.x86_64.rpm
cd4045af591254a68d48dbceb5885bc5 x86_64/2006.0/RPMS/xine-esd-1.1.0-8.1.20060mdk.x86_64.rpm
40c947de3d1df3e33a0f4c26f096b0c8 x86_64/2006.0/RPMS/xine-flac-1.1.0-8.1.20060mdk.x86_64.rpm
cdd6293c4edc8751989f605eb4bb3f45 x86_64/2006.0/RPMS/xine-gnomevfs-1.1.0-8.1.20060mdk.x86_64.rpm
249af817e4dac7f580ef1d9614ec66da x86_64/2006.0/RPMS/xine-image-1.1.0-8.1.20060mdk.x86_64.rpm
4161debdffeaf757be1d97a28e9d7c02 x86_64/2006.0/RPMS/xine-plugins-1.1.0-8.1.20060mdk.x86_64.rpm
6c5c31192529ddca8794de618f4ce0f4 x86_64/2006.0/RPMS/xine-polyp-1.1.0-8.1.20060mdk.x86_64.rpm
eb1a6c7e8297098dff9d2896f83f2f2f x86_64/2006.0/RPMS/xine-smb-1.1.0-8.1.20060mdk.x86_64.rpm
f8551a36e839b1c284f157d042395477 x86_64/2006.0/SRPMS/xine-lib-1.1.0-8.1.20060mdk.src.rpm

Corporate 3.0:
e93f0caab04c2752c07faaff0f97922f corporate/3.0/RPMS/libxine1-1-0.rc3.6.5.C30mdk.i586.rpm
b7cc7339b05df194eac9ef7a17878271 corporate/3.0/RPMS/xine-arts-1-0.rc3.6.5.C30mdk.i586.rpm
0e2cfe89dd82835669dcff0780923982 corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.5.C30mdk.i586.rpm
8658f0c1e16ef59142cbe2c685043b26 corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.5.C30mdk.src.rpm

Corporate 3.0/X86_64:
f43b406288771a962829e7b9686c2eba x86_64/corporate/3.0/RPMS/lib64xine1-1-0.rc3.6.5.C30mdk.x86_64.rpm
aa294b88759a08022052f0bdff44ad6a x86_64/corporate/3.0/RPMS/xine-arts-1-0.rc3.6.5.C30mdk.x86_64.rpm
27247dc4bb05cef5bfbe97631b12de2e x86_64/corporate/3.0/RPMS/xine-plugins-1-0.rc3.6.5.C30mdk.x86_64.rpm
8658f0c1e16ef59142cbe2c685043b26 x86_64/corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.5.C30mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Update Advisory


Package name: squid
Advisory ID: MDKSA-2005:181
Date: October 11th, 2005
Affected versions: 10.1, 10.2, 2006.0, Corporate 3.0, Corporate Server 2.1, Multi Network Firewall 2.0


Problem Description:

Squid 2.5.9, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).

The updated packages have been patched to address these issues.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2917


Updated Packages:

Mandrivalinux 10.1:
2159ad83fce0c0e07abec59e859173df 10.1/RPMS/squid-2.5.STABLE9-1.4.101mdk.i586.rpm
c068938f3b353ac957c2781fdf3a668b 10.1/SRPMS/squid-2.5.STABLE9-1.4.101mdk.src.rpm

Mandrivalinux 10.1/X86_64:
5d348dff4c6af7f6fadb7a082949a625 x86_64/10.1/RPMS/squid-2.5.STABLE9-1.4.101mdk.x86_64.rpm
c068938f3b353ac957c2781fdf3a668b x86_64/10.1/SRPMS/squid-2.5.STABLE9-1.4.101mdk.src.rpm

Mandrivalinux 10.2:
c720af4bcd25b1601a78a288207dcbef 10.2/RPMS/squid-2.5.STABLE9-1.4.102mdk.i586.rpm
05710a48508987ad1a3f8610befb3545 10.2/SRPMS/squid-2.5.STABLE9-1.4.102mdk.src.rpm

Mandrivalinux 10.2/X86_64:
6652fcb5d9cb565d66e687ae8cd4621b x86_64/10.2/RPMS/squid-2.5.STABLE9-1.4.102mdk.x86_64.rpm
05710a48508987ad1a3f8610befb3545 x86_64/10.2/SRPMS/squid-2.5.STABLE9-1.4.102mdk.src.rpm

Mandrivalinux 2006.0:
b1f84290d8148feeb4243d8662842f1e 2006.0/RPMS/squid-2.5.STABLE10-10.1.20060mdk.i586.rpm
6c1db02fae65e9202b26ecbeb06600f3 2006.0/RPMS/squid-cachemgr-2.5.STABLE10-10.1.20060mdk.i586.rpm
66e697ada09d6727c0b1cce0b535519a 2006.0/SRPMS/squid-2.5.STABLE10-10.1.20060mdk.src.rpm

Mandrivalinux 2006.0/X86_64:
f8d2a35075a4515961707d52a4e54795 x86_64/2006.0/RPMS/squid-2.5.STABLE10-10.1.20060mdk.x86_64.rpm
7f21b2f3e03ee10535b6e6204bd90f66 x86_64/2006.0/RPMS/squid-cachemgr-2.5.STABLE10-10.1.20060mdk.x86_64.rpm
66e697ada09d6727c0b1cce0b535519a x86_64/2006.0/SRPMS/squid-2.5.STABLE10-10.1.20060mdk.src.rpm

Multi Network Firewall 2.0:
d50ee470ba3e48c31c1d9d182ceb94f4 mnf/2.0/RPMS/squid-2.5.STABLE9-1.4.M20mdk.i586.rpm
28c692f3fe6e26ec18e6f9c5df90247a mnf/2.0/SRPMS/squid-2.5.STABLE9-1.4.M20mdk.src.rpm

Corporate Server 2.1:
28f055d1dac940a09bf8d75739640e47 corporate/2.1/RPMS/squid-2.4.STABLE7-2.9.C21mdk.i586.rpm
1f673b3a7aad68b685463b96b8569157 corporate/2.1/SRPMS/squid-2.4.STABLE7-2.9.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
d5d6450ca3c426b16a9c36b9b4030f6c x86_64/corporate/2.1/RPMS/squid-2.4.STABLE7-2.9.C21mdk.x86_64.rpm
1f673b3a7aad68b685463b96b8569157 x86_64/corporate/2.1/SRPMS/squid-2.4.STABLE7-2.9.C21mdk.src.rpm

Corporate 3.0:
5877b6bf476c146d95b78dc62908721a corporate/3.0/RPMS/squid-2.5.STABLE9-1.4.C30mdk.i586.rpm
9ab3c4c41fb8bd2bdeb84f753e270bda corporate/3.0/SRPMS/squid-2.5.STABLE9-1.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
0d71ddfef090edb5ed2d0166a688b7a4 x86_64/corporate/3.0/RPMS/squid-2.5.STABLE9-1.4.C30mdk.x86_64.rpm
9ab3c4c41fb8bd2bdeb84f753e270bda x86_64/corporate/3.0/SRPMS/squid-2.5.STABLE9-1.4.C30mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Ubuntu Linux


Ubuntu Security Notice USN-202-1 October 12, 2005
koffice vulnerability
CAN-2005-2971

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

koffice-libs
kword

The problem can be corrected by upgrading the affected package to version 1:1.3.5-2ubuntu1.1. After a standard system upgrade you need to restart all KOffice applications to effect the necessary changes.

Details follow:

Chris Evans discovered a buffer overflow in the RTF import module of KOffice. By tricking a user into opening a specially-crafted RTF file, an attacker could exploit this to execute arbitrary code with the privileges of the AbiWord user.

Source archives:

    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice_1.3.5-2ubuntu1.1.diff.gz
      Size/MD5: 8816 85d465e2669a24b0019233221a0e15fd
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice_1.3.5-2ubuntu1.1.dsc
      Size/MD5: 999 2eaa86d2bee10bad8d0b34ed2e60d336
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice_1.3.5.orig.tar.gz
      Size/MD5: 13154501 2c9b45ecbf16a8c5d16ce9d2f51c2571

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kivio-data_1.3.5-2ubuntu1.1_all.deb
      Size/MD5: 615280 b84003db4ad4625b7266b479eaf1d50c
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-data_1.3.5-2ubuntu1.1_all.deb
      Size/MD5: 684630 3275891bff107e56d00e13687eea0e22
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-doc-html_1.3.5-2ubuntu1.1_all.deb
      Size/MD5: 305362 3edd7173b3597eec1b25a5308b509328
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice_1.3.5-2ubuntu1.1_all.deb
      Size/MD5: 13502 77d6fdda1ad2093ab9e0b45fcf5c8046

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/karbon_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5: 854530 fbb920f93b00e7c84c789f514f24773a
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kchart_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5: 673748 b7c436b6086dde8aaaed316bc52a607c
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kformula_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5: 693330 f1cf7350e87e566692db888c75fcca14
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kivio_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5: 583362 ec86ad4dbf9edc7a04341d62639e5afd
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-dev_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5: 147476 83ba665bb66e17484c3857c34001b3ec
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-libs_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5: 2134962 cff8c010e89c59855294a53e9dca965c
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koshell_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5: 51192 bce62ed710af795af1727d2f01b1d02d
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kpresenter_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5: 2536672 3b9a038cd580d80fdf4cc046f77154cd
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kspread_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5: 1754694 aab82c7ab4b5fb646dd26abfd730c9d9
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kugar_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5: 551772 762fdef125636d9272ba1945d7f2ed85
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kword_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5: 3591006 cefbf03ef13b678400082e75786881d6

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/karbon_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5: 778648 254467d67814c5ccf9cc1e3ebf65cb09
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kchart_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5: 660210 019389de3b7e2d12b0618caccf49a3cb
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kformula_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5: 689214 fe8b796c71500cfe3a51867ed7689ac7
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kivio_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5: 541344 1103a760575623d236a45f5d79ca4e6b
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-dev_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5: 147474 d7641c10c832e4b6e92b86bb4202e058
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-libs_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5: 1994548 72fadda393d3905eb81487c3e993e98f
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koshell_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5: 48998 aae5d22d053d2fde95ee844262b5ae32
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kpresenter_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5: 2503204 5114895616ae77175c1fad011a5da104
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kspread_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5: 1668520 04f4ad391680010fc843f27faceacbff
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kugar_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5: 533270 cc9ed083427380bac4a6dcff86933f24
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kword_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5: 3452150 6dbb03a9966d8ccd975e4784acf46bd8

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/karbon_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5: 826906 f7cbe8e0113ccf1b76e515a715f918a8
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kchart_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5: 651168 655d47e3d8cabf6c54f51abaf3554a23
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kformula_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5: 690552 cfe8035a78d467c60b435a95a31aed3b
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kivio_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5: 554944 5ca771ac6b28b04e8519bc2c3b87e71b
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-dev_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5: 147478 56ab71652516e78b4c98b496a33f5b52
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-libs_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5: 2022892 133bf90bb269bafb453d3da968e892eb
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koshell_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5: 51450 0024c535dafa26d19f417f8965154bc5
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kpresenter_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5: 2479510 ebc3269b6416598a5425d11146ffcca2
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kspread_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5: 1663382 9729c91b3c63d5ed36fe1523706a809d
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kugar_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5: 533568 cc0dda08cb91cf0bc2d12f447072c803
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kword_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5: 3491862 dcd9768e9ab6d04c28dbe7b5f987891b