dcsimg
Linux Today: Linux News On Internet Time.





More on LinuxToday


Advisories: November 15, 2005

Nov 16, 2005, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 896-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
November 15th, 2005 http://www.debian.org/security/faq


Package : linux-ftpd-ssl
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2005-3524
Debian Bug : 339074

A buffer overflow has been discovered in ftpd-ssl, a simple BSD FTP server with SSL encryption support, that could lead to the execution of arbitrary code.

The old stable distribution (woody) does not contain linux-ftpd-ssl packages.

For the stable distribution (sarge) this problem has been fixed in version 0.17.18+0.3-3sarge1

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your ftpd-ssl package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/linux-ftpd-ssl_0.17.18+0.3-3sarge1.dsc
      Size/MD5 checksum: 640 f1999dff20d8e5c7bebbdf3ae08d9fbc
    http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/linux-ftpd-ssl_0.17.18+0.3-3sarge1.diff.gz
      Size/MD5 checksum: 5157 bb183553291a97a7505dd3eba1ee28aa
    http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/linux-ftpd-ssl_0.17.18+0.3.orig.tar.gz
      Size/MD5 checksum: 61388 525f77ad02c5593fa4c5cad9abc337b7

Alpha architecture:

    http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-3sarge1_alpha.deb
      Size/MD5 checksum: 55448 5e4b657d47730305099a47ec2d8c84df

AMD64 architecture:

    http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-3sarge1_amd64.deb
      Size/MD5 checksum: 50938 87ab0d101dc0e1c14d38888231abf11f

ARM architecture:

    http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-3sarge1_arm.deb
      Size/MD5 checksum: 49478 d964f72a931cee99c560c1f348b9f733

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-3sarge1_i386.deb
      Size/MD5 checksum: 48598 6092dcf5345c383959b9b8b3a9d9b65f

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-3sarge1_ia64.deb
      Size/MD5 checksum: 65312 1f80c1ef53e6151a8d7df0ed0f2160cb

HP Precision architecture:

    http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-3sarge1_hppa.deb
      Size/MD5 checksum: 53384 a247343d426eb9ecff838905432943d8

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-3sarge1_m68k.deb
      Size/MD5 checksum: 46112 bedd079aca908ad7f31f7fb8fe0ecab7

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-3sarge1_mips.deb
      Size/MD5 checksum: 52262 fe07040d4d3db4fe2cd4e02c873131ee

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-3sarge1_mipsel.deb
      Size/MD5 checksum: 52074 5b1e112532d8b07ab278d036515d85d3

PowerPC architecture:

    http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-3sarge1_powerpc.deb
      Size/MD5 checksum: 52050 bd09d568c4e634670c698dbe33cd4775

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-3sarge1_s390.deb
      Size/MD5 checksum: 51862 d4cb84830ca8a631ed5e08344e286b18

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-3sarge1_sparc.deb
      Size/MD5 checksum: 48822 d47e7a161940d64f82a7edb87df7ff3e

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 897-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
November 15th, 2005 http://www.debian.org/security/faq


Package : phpsysinfo
Vulnerability : programming errors
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2005-0870 CVE-2005-3347 CVE-2005-3348
Debian Bug : 301118

Several vulnerabilities have been discovered in phpsysinfo, a PHP based host information application. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2005-0870

Maksymilian Arciemowicz discoverd several cross site scripting problems, of which not all were fixed in DSA 724.

CVE-2005-3347

Christopher Kunz discovered that local variables get overwritten unconditionally and are trusted later, which could lead to the inclusion of arbitrary files.

CVE-2005-3348

Christopher Kunz discovered that user-supplied input is used unsanitised, causing a HTTP Response splitting problem.

For the old stable distribution (woody) these problems have been fixed in version 2.0-3woody3.

For the stable distribution (sarge) these problems have been fixed in version 2.3-4sarge1.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your phpsysinfo package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0-3woody3.dsc
      Size/MD5 checksum: 622 c6fe8cc0dece352dead56f7319e37191
    http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0-3woody3.diff.gz
      Size/MD5 checksum: 3091 e7ce790076394c0fc0ddd9bc2fba23cf
    http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0.orig.tar.gz
      Size/MD5 checksum: 48104 abd184ebc003aeba07d9945bb9c6ff0f

Architecture independent components:

    http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0-3woody3_all.deb
      Size/MD5 checksum: 42334 4991a7c22521888a9aba3db88e79b6ce

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.3-4sarge1.dsc
      Size/MD5 checksum: 596 12c1913a974e30596f07729d8fb660f9
    http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.3-4sarge1.diff.gz
      Size/MD5 checksum: 9861 0b621fec1be1e26a5dfa160ce9612aac
    http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.3.orig.tar.gz
      Size/MD5 checksum: 163674 8e9a2b7a099e26cbd85f140475512ccc

Architecture independent components:

    http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.3-4sarge1_all.deb
      Size/MD5 checksum: 164704 2ef5fb9eb652f24ecae3f5aa4967fa3d

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Fedora Core


Fedora Update Notification
FEDORA-2005-1085
2005-11-15

Product : Fedora Core 4
Name : gdk-pixbuf
Version : 0.22.0
Release : 18.fc4.2
Summary : An image loading library used with GNOME.

Description :
The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. The GdkPixBuf library provides image loading facilities, the rendering of a GdkPixBuf into various formats (drawables or GdkRGB buffers), and a cache interface.


Update Information:

The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment.

A bug was found in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue.

Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code or crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2976 to this issue.

Ludwig Nussel also discovered an infinite-loop denial of service bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to stop responding when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2975 to this issue.

Users of gdk-pixbuf are advised to upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.


  • Mon Oct 31 2005 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-18.fc4.2
    • Prevent another integer overflow in the xpm loader (#171901, CVE-2005-2976)
    • Prevent an infinite loop in the xpm loader (#171901, CVE-2005-2976)
  • Wed Oct 19 2005 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-18.fc4.1
    • Prevent an integer overflow in the xpm loader (#171073, CVE-2005-3186)

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

7c780b05008f3e1999bf8abbb0bb7b7a SRPMS/gdk-pixbuf-0.22.0-18.fc4.2.src.rpm
599efb60ec868f5242a4ca353c0b1ef6 ppc/gdk-pixbuf-0.22.0-18.fc4.2.ppc.rpm
1f18e28bf51ab6e7fb6bd064d91cbd17 ppc/gdk-pixbuf-devel-0.22.0-18.fc4.2.ppc.rpm
1905bece6ab5f5b4c49de5ff2a39e201 ppc/gdk-pixbuf-gnome-0.22.0-18.fc4.2.ppc.rpm
eefdf10dfdd1cd5ba10f81136e0c6662 ppc/debug/gdk-pixbuf-debuginfo-0.22.0-18.fc4.2.ppc.rpm
4e478e20404e7167b5b6f30efcd80ed9 ppc/gdk-pixbuf-0.22.0-18.fc4.2.ppc64.rpm
7f2a934348fba04f2a8e9a210701406f x86_64/gdk-pixbuf-0.22.0-18.fc4.2.x86_64.rpm
861b6a186287685c4383e91f1353b77a x86_64/gdk-pixbuf-devel-0.22.0-18.fc4.2.x86_64.rpm
0e760f0a8385a1919962b9f684dabf1c x86_64/gdk-pixbuf-gnome-0.22.0-18.fc4.2.x86_64.rpm
9ef3e8849f5706bc6dc71559af1b056d x86_64/debug/gdk-pixbuf-debuginfo-0.22.0-18.fc4.2.x86_64.rpm
212ce3ac8b0fe3f767048a2186cb3766 x86_64/gdk-pixbuf-0.22.0-18.fc4.2.i386.rpm
212ce3ac8b0fe3f767048a2186cb3766 i386/gdk-pixbuf-0.22.0-18.fc4.2.i386.rpm
7e0136afe88fd82d236a2e04ab76bc9a i386/gdk-pixbuf-devel-0.22.0-18.fc4.2.i386.rpm
8128ef8c06fcf1dfb952c84912cab910 i386/gdk-pixbuf-gnome-0.22.0-18.fc4.2.i386.rpm
1fa0933b6e9c7d21fca40b96a162a623 i386/debug/gdk-pixbuf-debuginfo-0.22.0-18.fc4.2.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.



Fedora Update Notification
FEDORA-2005-1086
2005-11-15

Product : Fedora Core 3
Name : gdk-pixbuf
Version : 0.22.0
Release : 16.fc3.3
Summary : An image loading library used with GNOME.

Description :
The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. The GdkPixBuf library provides image loading facilities, the rendering of a GdkPixBuf into various formats (drawables or GdkRGB buffers), and a cache interface.


Update Information:

The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment.

A bug was found in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue.

Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code or crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2976 to this issue.

Ludwig Nussel also discovered an infinite-loop denial of service bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to stop responding when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2975 to this issue.

Users of gdk-pixbuf are advised to upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.


  • Mon Oct 31 2005 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-16.fc3.3
  • Prevent another integer overflow in the xpm loader (#171901, CVE-2005-2976)
  • Prevent an infinite loop in the xpm loader (#171901, CVE-2005-2976)
  • Wed Oct 19 2005 Matthias Clasen <mclasen@redhat.com> - 1:0.22.0-16.fc3.2
  • Prevent an integer overflow in the xpm loader (#171073, CVE-2005-3186)
  • Backport the noexecstack patch from FC-4

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

36ab9c1c4f1cd6e9b1797da558737ff7 SRPMS/gdk-pixbuf-0.22.0-16.fc3.3.src.rpm
d3246e0d9f3f4c34e0f927a1e236be25 x86_64/gdk-pixbuf-0.22.0-16.fc3.3.x86_64.rpm
9672ba672933f8b4a8f2970395afe517 x86_64/gdk-pixbuf-devel-0.22.0-16.fc3.3.x86_64.rpm
b6d4bb7e18c74776e64cb4336da1bf37 x86_64/gdk-pixbuf-gnome-0.22.0-16.fc3.3.x86_64.rpm
8932ddbd550b967b0fa527a1094ff007 x86_64/debug/gdk-pixbuf-debuginfo-0.22.0-16.fc3.3.x86_64.rpm
726dcbf604c857dd1a7e052cbd866d56 x86_64/gdk-pixbuf-0.22.0-16.fc3.3.i386.rpm
726dcbf604c857dd1a7e052cbd866d56 i386/gdk-pixbuf-0.22.0-16.fc3.3.i386.rpm
0b0866675e8a54cde5bd750fce59195f i386/gdk-pixbuf-devel-0.22.0-16.fc3.3.i386.rpm
fe1596cf330e88c2f4c15155207ea30d i386/gdk-pixbuf-gnome-0.22.0-16.fc3.3.i386.rpm
f3cf4719daf4ba9fbf6e558a45fb4c67 i386/debug/gdk-pixbuf-debuginfo-0.22.0-16.fc3.3.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.



Fedora Update Notification
FEDORA-2005-1087
2005-11-15

Product : Fedora Core 3
Name : gtk2
Version : 2.4.14
Release : 4.fc3.3
Summary : The GIMP ToolKit (GTK+), a library for creating GUIs for X.

Description :
GTK+ is a multi-platform toolkit for creating graphical user interfaces. Offering a complete set of widgets, GTK+ is suitable for projects ranging from small one-off tools to complete application suites.


Update Information:

The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System.

A bug was found in the way gtk2 processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gtk2 to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue.

Ludwig Nussel discovered an infinite-loop denial of service bug in the way gtk2 processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gtk2 to stop responding when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2975 to this issue.

Users of gtk2 are advised to upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.


  • Mon Oct 31 2005 Matthias Clasen <mclasen@redhat.com> - 2.4.14-3.fc3.3
    • Prevent an infinite loop in the xpm loader (#171905, CVE-2005-2975)
  • Wed Oct 19 2005 Matthias Clasen <mclasen@redhat.com> - 2.4.14-3.fc3.1
    • Prevent an integer overflow in the xpm loader (#171072, CAN-2005-3186)

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

44f37d231bffc16d7e516a7798007bb1 SRPMS/gtk2-2.4.14-4.fc3.3.src.rpm
1f9f05dd279c8454591bbd315cb2e542 x86_64/gtk2-2.4.14-4.fc3.3.x86_64.rpm
3aa5941eb7d4f254f4947bd795d3918a x86_64/gtk2-devel-2.4.14-4.fc3.3.x86_64.rpm
edf32a673b31f5de843243cd742c2bbf x86_64/debug/gtk2-debuginfo-2.4.14-4.fc3.3.x86_64.rpm
5c55dcfe8e8854ecf26bc915c7dce15f x86_64/gtk2-2.4.14-4.fc3.3.i386.rpm
5c55dcfe8e8854ecf26bc915c7dce15f i386/gtk2-2.4.14-4.fc3.3.i386.rpm
bcdc3b7f967cd4783c453a0fbf6c8fc9 i386/gtk2-devel-2.4.14-4.fc3.3.i386.rpm
09a8d4d38180ca97fe905bc9c0f152bb i386/debug/gtk2-debuginfo-2.4.14-4.fc3.3.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.



Fedora Update Notification
FEDORA-2005-1088
2005-11-15

Product : Fedora Core 4
Name : gtk2
Version : 2.6.10
Release : 2.fc4.4
Summary : The GIMP ToolKit (GTK+), a library for creating GUIs for X.

Description :
GTK+ is a multi-platform toolkit for creating graphical user interfaces. Offering a complete set of widgets, GTK+ is suitable for projects ranging from small one-off tools to complete application suites.


Update Information:

The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System.

A bug was found in the way gtk2 processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gtk2 to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue.

Ludwig Nussel discovered an infinite-loop denial of service bug in the way gtk2 processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gtk2 to stop responding when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2975 to this issue.

Users of gtk2 are advised to upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.


  • Mon Oct 31 2005 Matthias Clasen <mclasen@redhat.com> - 2.6.10-2.fc4.4
    • Prevent an infinite loop in the xpm loader (#171905, CVE-2005-2975)
  • Wed Oct 19 2005 Matthias Clasen <mclasen@redhat.com> - 2.6.10-2.fc4.2
    • Prevent an integer overflow in the xpm loader (#171075, CAN-2005-3186)

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

8b6c8d169a2077aec57fb1551e6b032d SRPMS/gtk2-2.6.10-2.fc4.4.src.rpm
5a1ab1b673c5a2efbdd75e23ad206945 ppc/gtk2-2.6.10-2.fc4.4.ppc.rpm
7880fe183673db71572a166571e5a91d ppc/gtk2-devel-2.6.10-2.fc4.4.ppc.rpm
52958efbd0796646ad0c1ca43a086009 ppc/debug/gtk2-debuginfo-2.6.10-2.fc4.4.ppc.rpm
ef8f41011dc23c3c1432ac81b6965632 ppc/gtk2-2.6.10-2.fc4.4.ppc64.rpm
b1e55459ebf53ad98c7c991c4a771539 x86_64/gtk2-2.6.10-2.fc4.4.x86_64.rpm
eb387f58aabad431bc6ac4e9c377c81f x86_64/gtk2-devel-2.6.10-2.fc4.4.x86_64.rpm
ed1e986aaca3a7d6fe01efaa5227de1e x86_64/debug/gtk2-debuginfo-2.6.10-2.fc4.4.x86_64.rpm
06c4edc69cd8cefc88e0745c9cbad651 x86_64/gtk2-2.6.10-2.fc4.4.i386.rpm
06c4edc69cd8cefc88e0745c9cbad651 i386/gtk2-2.6.10-2.fc4.4.i386.rpm
e9f0a994835b3666c1b85f38121e3251 i386/gtk2-devel-2.6.10-2.fc4.4.i386.rpm
d5ab5b36abd4882a3f0d6081179959d3 i386/debug/gtk2-debuginfo-2.6.10-2.fc4.4.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.


Fedora Legacy


Fedora Legacy Update Advisory

Synopsis: Updated xchat package fixes security issue
Advisory ID: FLSA:123013
Issue date: 2005-11-14
Product: Fedora Core
Keywords: Bugfix
CVE Names: CVE-2004-0409



1. Topic:

An updated xchat package that fixes a security bug is now available.

X-Chat is a graphical IRC chat client for the X Window System.

2. Relevant releases/architectures:

Fedora Core 1 - i386
Fedora Core 2 - i386

3. Problem description:

A stack buffer overflow flaw was found in the X-Chat's Socks-5 proxy code. An attacker could create a malicious Socks-5 proxy server in such a way that X-Chat would execute arbitrary code if a victim configured X-Chat to use the proxy. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2004-0409 to this issue.

Users of X-Chat should upgrade to this updated package which contains a backported security patch and is not vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123013

6. RPMs required:

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/xchat-2.0.7-1.FC1.1.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/xchat-2.0.7-1.FC1.1.legacy.i386.rpm

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/xchat-2.0.7-5.1.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/xchat-2.0.7-5.1.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name


949871bada73a7e47b412e04b296fb8e661a6889 fedora/1/updates/i386/xchat-2.0.7-1.FC1.1.legacy.i386.rpm
e9defab76a100c3c066b85a9fa83ebcd1527ce71 fedora/1/updates/SRPMS/xchat-2.0.7-1.FC1.1.legacy.src.rpm
557e51ab8c91c4e824c132b4e58fc372ba6bf4c7 fedora/2/updates/i386/xchat-2.0.7-5.1.legacy.i386.rpm
4e856255dd724c8364556e792c162b1f0fbc29ea fedora/2/updates/SRPMS/xchat-2.0.7-5.1.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0409

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org



Fedora Legacy Update Advisory

Synopsis: Updated rp-pppoe package fixes security issue
Advisory ID: FLSA:152794
Issue date: 2005-11-14
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2004-0564



1. Topic:

An updated rp-pppoe package that fixes a security vulnerability is now available.

The rp-pppoe package is a PPP over Ethernet client (for xDSL support).

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386

3. Problem description:

Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet driver from Roaring Penguin. When the program is running setuid root (which is not the case in a default Red Hat Linux or Fedora Core installation), an attacker could overwrite any file on the file system. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2004-0564 to this issue.

All users of rp-pppoe should upgrade to this updated package, which resolves this issue.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152794

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/rp-pppoe-3.3-10.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/rp-pppoe-3.3-10.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/rp-pppoe-3.5-2.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/rp-pppoe-3.5-2.2.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/rp-pppoe-3.5-8.2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/rp-pppoe-3.5-8.2.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name


3f7646466059606af82392573647db2757a07184 redhat/7.3/updates/i386/rp-pppoe-3.3-10.legacy.i386.rpm
0c9fdb6d3ad087cdedef83dc564ae1b21d8f5bab redhat/7.3/updates/SRPMS/rp-pppoe-3.3-10.legacy.src.rpm
dda91513cd724e0175550465b19c8fab00876f9a redhat/9/updates/i386/rp-pppoe-3.5-2.2.legacy.i386.rpm
a5806f7bbcb5cd62f33a9b36904d08548da976b8 redhat/9/updates/SRPMS/rp-pppoe-3.5-2.2.legacy.src.rpm
8f808a8239aeebf880c9b9b894531dd26db849a9 fedora/1/updates/i386/rp-pppoe-3.5-8.2.legacy.i386.rpm
ef55f4b9380d5551129f806ae76ba548bfb7bdb4 fedora/1/updates/SRPMS/rp-pppoe-3.5-8.2.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0564

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org



Fedora Legacy Update Advisory

Synopsis: Updated bzip2 packages fix security issues
Advisory ID: FLSA:158801
Issue date: 2005-11-14
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-0758 CVE-2005-0953 CVE-2005-1260



1. Topic:

Updated bzip2 packages that fix multiple issues are now available.

Bzip2 is a data compressor.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386

3. Problem description:

A bug was found in the way bzgrep processes file names. If a user can be tricked into running bzgrep on a file with a carefully crafted file name, arbitrary commands could be executed as the user running bzgrep. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name CVE-2005-0758 to this issue.

A bug was found in the way bzip2 modifies file permissions during decompression. If an attacker has write access to the directory into which bzip2 is decompressing files, it is possible for them to modify permissions on files owned by the user running bzip2 (CVE-2005-0953).

A bug was found in the way bzip2 decompresses files. It is possible for an attacker to create a specially crafted bzip2 file which will cause bzip2 to cause a denial of service (by filling disk space) if decompressed by a victim (CVE-2005-1260).

Users of Bzip2 should upgrade to these updated packages, which contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=158801

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/bzip2-1.0.2-2.2.73.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/bzip2-1.0.2-2.2.73.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/bzip2-devel-1.0.2-2.2.73.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/bzip2-libs-1.0.2-2.2.73.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/bzip2-1.0.2-8.1.90.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/bzip2-1.0.2-8.1.90.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/bzip2-devel-1.0.2-8.1.90.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/bzip2-libs-1.0.2-8.1.90.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/bzip2-1.0.2-10.1.fc1.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/bzip2-1.0.2-10.1.fc1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/bzip2-devel-1.0.2-10.1.fc1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/bzip2-libs-1.0.2-10.1.fc1.legacy.i386.rpm

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/bzip2-1.0.2-12.2.fc2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/bzip2-1.0.2-12.2.fc2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/bzip2-devel-1.0.2-12.2.fc2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/bzip2-libs-1.0.2-12.2.fc2.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name


2d0d5267210ceefd6e2ed80187c2f6e3d994e4a0 redhat/7.3/updates/i386/bzip2-1.0.2-2.2.73.legacy.i386.rpm
e661f6bf518498c375918577fc3414978a190d78 redhat/7.3/updates/i386/bzip2-devel-1.0.2-2.2.73.legacy.i386.rpm
0c1bd4a4472ca70183b104438db1a9ef98db4969 redhat/7.3/updates/i386/bzip2-libs-1.0.2-2.2.73.legacy.i386.rpm
f146cb7edfa74345c42831f24cb95c7898db3064 redhat/7.3/updates/SRPMS/bzip2-1.0.2-2.2.73.legacy.src.rpm
36b3b8abb700fe93d14064ce22176ed59aef0b9b redhat/9/updates/i386/bzip2-1.0.2-8.1.90.legacy.i386.rpm
3ce61caa59d4c9a90e2412ebd5bae76500e4e462 redhat/9/updates/i386/bzip2-devel-1.0.2-8.1.90.legacy.i386.rpm
905c29052192f032dac84be0860013837b65f8d4 redhat/9/updates/i386/bzip2-libs-1.0.2-8.1.90.legacy.i386.rpm
bdbf201ea36551c1f5eacff3707656fd5e099c75 redhat/9/updates/SRPMS/bzip2-1.0.2-8.1.90.legacy.src.rpm
56b7883ada43718a80577ddcbdbc8bc24072765d fedora/1/updates/i386/bzip2-1.0.2-10.1.fc1.legacy.i386.rpm
472cee03d32c68e0a0feba56a265c42d208ea5d4 fedora/1/updates/i386/bzip2-devel-1.0.2-10.1.fc1.legacy.i386.rpm
94abc962a1b84373813c558d4d3d44993722bb16 fedora/1/updates/i386/bzip2-libs-1.0.2-10.1.fc1.legacy.i386.rpm
7ce97f2488338b9d0e4b136b63c04e80c7a27394 fedora/1/updates/SRPMS/bzip2-1.0.2-10.1.fc1.legacy.src.rpm
c2821d2326bdff302a8b38ab6baec2930da4ca6b fedora/2/updates/i386/bzip2-1.0.2-12.2.fc2.legacy.i386.rpm
d1ba1f61d62970f0d97af8813956771b471fbc81 fedora/2/updates/i386/bzip2-devel-1.0.2-12.2.fc2.legacy.i386.rpm
c8cf989f3683f4313d4a0caf7695673f48e405e7 fedora/2/updates/i386/bzip2-libs-1.0.2-12.2.fc2.legacy.i386.rpm
1ac418e19c22613a3cc4d71ee304a9d304af50e6 fedora/2/updates/SRPMS/bzip2-1.0.2-12.2.fc2.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1260

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org


Gentoo Linux


Gentoo Linux Security Advisory GLSA 200511-12

http://security.gentoo.org/


Severity: High
Title: Scorched 3D: Multiple vulnerabilities
Date: November 15, 2005
Bugs: #111421
ID: 200511-12


Synopsis

Multiple vulnerabilities in Scorched 3D allow a remote attacker to deny service or execute arbitrary code on game servers.

Background

Scorched 3D is a clone of the classic "Scorched Earth" DOS game, adding features like a 3D island environment and Internet multiplayer capabilities.

Affected packages


     Package                    /  Vulnerable  /            Unaffected

  1  games-strategy/scorched3d       <= 39.1               Vulnerable!


NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers.

Description

Luigi Auriemma discovered multiple flaws in the Scorched 3D game server, including a format string vulnerability and several buffer overflows.

Impact

A remote attacker can exploit these vulnerabilities to crash a game server or execute arbitrary code with the rights of the game server user. Users not running a Scorched 3D game server are not affected by these flaws.

Workaround

There is no known workaround at this time.

Resolution

The Scorched 3D package has been hard-masked until a new version correcting these flaws is released. In the meantime, current users are advised to unmerge the package:

    # emerge --unmerge games-strategy/scorched3d

References

[ 1 ] Original advisory

http://seclists.org/lists/fulldisclosure/2005/Nov/0079.html

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200511-12.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Red Hat Linux


Red Hat Security Advisory

Synopsis: Important: gdk-pixbuf security update
Advisory ID: RHSA-2005:810-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-810.html
Issue date: 2005-11-15
Updated on: 2005-11-15
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-3186 CVE-2005-2976 CVE-2005-2975


1. Summary:

Updated gdk-pixbuf packages that fix several security issues are now available.

This update has been rated as having important security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment.

A bug was found in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-3186 to this issue.

Ludwig Nussel discovered an integer overflow bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to execute arbitrary code or crash when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2976 to this issue.

Ludwig Nussel also discovered an infinite-loop denial of service bug in the way gdk-pixbuf processes XPM images. An attacker could create a carefully crafted XPM file in such a way that it could cause an application linked with gdk-pixbuf to stop responding when the file was opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2975 to this issue.

Users of gdk-pixbuf are advised to upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

171071 - CVE-2005-3186 XPM buffer overflow 171900 - CVE-2005-2975 Multiple XPM processing issues (CVE-2005-2976)

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el2.3.src.rpm
5bea8970a777c2e2197c343d64669f1a gdk-pixbuf-0.22.0-12.el2.3.src.rpm

i386:
28ad503e6c7cf397277bf9d60b2b64b8 gdk-pixbuf-0.22.0-12.el2.3.i386.rpm
7d4d3f1c4492eb2aaded956ad8028e2e
gdk-pixbuf-devel-0.22.0-12.el2.3.i386.rpm
54833c2b7785977352d13fa3fe534c24 gdk-pixbuf-gnome-0.22.0-12.el2.3.i386.rpm

ia64:
cc7b986a3d8513a9d6b851b7d6650158 gdk-pixbuf-0.22.0-12.el2.3.ia64.rpm
3fe74f7116a28990f296154a45dfcdd7
gdk-pixbuf-devel-0.22.0-12.el2.3.ia64.rpm
401c82d6c91904940173f42618b696ee gdk-pixbuf-gnome-0.22.0-12.el2.3.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el2.3.src.rpm
5bea8970a777c2e2197c343d64669f1a gdk-pixbuf-0.22.0-12.el2.3.src.rpm

ia64:
cc7b986a3d8513a9d6b851b7d6650158 gdk-pixbuf-0.22.0-12.el2.3.ia64.rpm
3fe74f7116a28990f296154a45dfcdd7
gdk-pixbuf-devel-0.22.0-12.el2.3.ia64.rpm
401c82d6c91904940173f42618b696ee gdk-pixbuf-gnome-0.22.0-12.el2.3.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el2.3.src.rpm
5bea8970a777c2e2197c343d64669f1a gdk-pixbuf-0.22.0-12.el2.3.src.rpm

i386:
28ad503e6c7cf397277bf9d60b2b64b8 gdk-pixbuf-0.22.0-12.el2.3.i386.rpm
7d4d3f1c4492eb2aaded956ad8028e2e
gdk-pixbuf-devel-0.22.0-12.el2.3.i386.rpm
54833c2b7785977352d13fa3fe534c24 gdk-pixbuf-gnome-0.22.0-12.el2.3.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gdk-pixbuf-0.22.0-12.el2.3.src.rpm
5bea8970a777c2e2197c343d64669f1a gdk-pixbuf-0.22.0-12.el2.3.src.rpm

i386:
28ad503e6c7cf397277bf9d60b2b64b8 gdk-pixbuf-0.22.0-12.el2.3.i386.rpm
7d4d3f1c4492eb2aaded956ad8028e2e
gdk-pixbuf-devel-0.22.0-12.el2.3.i386.rpm
54833c2b7785977352d13fa3fe534c24 gdk-pixbuf-gnome-0.22.0-12.el2.3.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gdk-pixbuf-0.22.0-13.el3.3.src.rpm
ebe0b3e9475a081fb1e440859b18aa41 gdk-pixbuf-0.22.0-13.el3.3.src.rpm

i386:
a0a20b4a1f1a026ed4c27eb4d6dcd2dd gdk-pixbuf-0.22.0-13.el3.3.i386.rpm
b9a4428f150b1a2b254c28ec1ef3ad68
gdk-pixbuf-devel-0.22.0-13.el3.3.i386.rpm
233cf43c7684265346a2870106827dbb gdk-pixbuf-gnome-0.22.0-13.el3.3.i386.rpm

ia64:
a0a20b4a1f1a026ed4c27eb4d6dcd2dd gdk-pixbuf-0.22.0-13.el3.3.i386.rpm
833a671af2cd66a28ce7e2bf12eee13e
gdk-pixbuf-0.22.0-13.el3.3.ia64.rpm
315df07a3664142ad20253967e745b88 gdk-pixbuf-devel-0.22.0-13.el3.3.ia64.rpm
470d6728d82db236cdd4ca49fe39e290
gdk-pixbuf-gnome-0.22.0-13.el3.3.ia64.rpm

ppc:
a18a4ce7200859ec784b24715c91b7b0 gdk-pixbuf-0.22.0-13.el3.3.ppc.rpm
aeeeb699b739c135e0e5c8413a171ead
gdk-pixbuf-0.22.0-13.el3.3.ppc64.rpm
c6b914ee5245697f917438fe5cb72247 gdk-pixbuf-devel-0.22.0-13.el3.3.ppc.rpm
418d51ffeb3c3b60ab3683a6b23d6b26
gdk-pixbuf-gnome-0.22.0-13.el3.3.ppc.rpm

s390:
1ee53f56d6e7a53e1b765dd67d6f21fb gdk-pixbuf-0.22.0-13.el3.3.s390.rpm
e5913217d5e52b6bcdfcc