dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Advisories, February 6, 2006

Feb 07, 2006, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 965-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 6th, 2006 http://www.debian.org/security/faq


Package : ipsec-tools
Vulnerability : null dereference
Problem type : remote
Debian-specific: no
CVE ID : CVE-2005-3732
BugTraq ID : 15523
Debian Bug : 340584

The Internet Key Exchange version 1 (IKEv1) implementation in racoon from ipsec-tools, IPsec tools for Linux, try to dereference a NULL pointer under certain conditions which allows a remote attacker to cause a denial of service.

The old stable distribution (woody) does not contain ipsec-tools.

For the stable distribution (sarge) this problem has been fixed in version 0.5.2-1sarge1.

For the unstable distribution (sid) this problem has been fixed in version 0.6.3-1.

We recommend that you upgrade your racoon package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1.dsc
      Size/MD5 checksum: 685 7172e2477ce0e0778eac29236595a0c0
    http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1.diff.gz
      Size/MD5 checksum: 43453 8ec2e0ed865ca4185f84cc8d27cf3dba
    http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2.orig.tar.gz
      Size/MD5 checksum: 887818 50dccd981710182c8cf86666783b0df2

Alpha architecture:

    http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1_alpha.deb
      Size/MD5 checksum: 91708 9de3f085231197a7de53a5b50307dc07
    http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.5.2-1sarge1_alpha.deb
      Size/MD5 checksum: 358712 8283c9b4ce54d46caf0aecd01365d7e9

AMD64 architecture:

    http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1_amd64.deb
      Size/MD5 checksum: 81642 de97d7d0cf493d6fd8f710cdfcacf485
    http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.5.2-1sarge1_amd64.deb
      Size/MD5 checksum: 304980 e3ce0db5d01427525969a4fa16c4b18c

ARM architecture:

    http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1_arm.deb
      Size/MD5 checksum: 82078 d96dd62daec9798c3928f4d9629c90af
    http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.5.2-1sarge1_arm.deb
      Size/MD5 checksum: 293006 0584e9e94346fbc2b959461204f49a68

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1_i386.deb
      Size/MD5 checksum: 78114 7696967815385e56dce90c53db5bfead
    http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.5.2-1sarge1_i386.deb
      Size/MD5 checksum: 291490 4c2cb51dd43c7d778b63227708b27e42

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1_ia64.deb
      Size/MD5 checksum: 103870 f85f08d8b87206013639945a64180315
    http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.5.2-1sarge1_ia64.deb
      Size/MD5 checksum: 408352 78b6511d113e672f06f245a5e2b0fd91

HP Precision architecture:

    http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1_hppa.deb
      Size/MD5 checksum: 87206 e82d46a0e3387d8f9e7b5f648f30c985
    http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.5.2-1sarge1_hppa.deb
      Size/MD5 checksum: 313098 e542429284c183d56906fd68f5120ef5

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1_m68k.deb
      Size/MD5 checksum: 75294 f787affc6a598da295ba47833ac11f96
    http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.5.2-1sarge1_m68k.deb
      Size/MD5 checksum: 261904 3a667a087f2b1b0749df956953809787

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1_mips.deb
      Size/MD5 checksum: 81512 78b1984c4f7e1767e9e0a5f7973826da
    http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.5.2-1sarge1_mips.deb
      Size/MD5 checksum: 311252 711e7eef2b62eb3f3c62c2731682014a

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1_mipsel.deb
      Size/MD5 checksum: 81722 4cb4cfefd80785ddd08ac56f6a29d8a2
    http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.5.2-1sarge1_mipsel.deb
      Size/MD5 checksum: 314398 755b9cbcfa80716d3b67518995cecc57

PowerPC architecture:

    http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1_powerpc.deb
      Size/MD5 checksum: 84182 f93222817a08ee9b134b2227e9710c9c
    http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.5.2-1sarge1_powerpc.deb
      Size/MD5 checksum: 299802 fa4286b36de4c4cdb344501bca93cec7

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1_s390.deb
      Size/MD5 checksum: 84358 4739bc0a2a512d911e77e905254ab7e9
    http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.5.2-1sarge1_s390.deb
      Size/MD5 checksum: 299502 2e01eac11fe42c459efcbc3ecf949cc4

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1_sparc.deb
      Size/MD5 checksum: 81038 f40757af48fd04929715dc486feff3fe
    http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.5.2-1sarge1_sparc.deb
      Size/MD5 checksum: 284678 67368918e5be7f007e8ce1c0d9f9f335

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Fedora Core


Fedora Update Notification
FEDORA-2006-098
2006-02-06

Product : Fedora Core 4
Name : unzip
Version : 5.51
Release : 13.fc4
Summary : A utility for unpacking zip files.

Description :
The unzip utility is used to list, test, or extract files from a zip archive. Zip archives are commonly found on MS-DOS systems. The zip utility, included in the zip package, creates zip archives. Zip and unzip are both compatible with archives created by PKWARE(R)'s PKZIP for MS-DOS, but the programs' options and default behaviors do differ in some respects.

Install the unzip package if you need to list, test or extract files from a zip archive.


  • Mon Feb 6 2006 Ivana Varekova <varekova@redhat.com> 5.51-13.fc4
    • fix bug 178961 - CVE-2005-4667 - unzip long file name buffer overflow
  • Wed Aug 3 2005 Ivana Varekova <varekova@redhat.com> 5.51-12.fc4
    • fix bug 164928 - TOCTOU issue in unzip
  • Mon May 9 2005 Ivana Varekova <varekova@redhat.com> 5.51-11
    • fix bug 156959 â€Â" invalid file mode on created files

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

0b621ba9565ce4507c6809e342dfdfea2cceec46 SRPMS/unzip-5.51-13.fc4.src.rpm
e8f67af74893566142d7c4a957fd1f6ca6aca209 ppc/unzip-5.51-13.fc4.ppc.rpm
268b5b2e62fdd4263b4849cac5d3ae915f5095d7 ppc/debug/unzip-debuginfo-5.51-13.fc4.ppc.rpm
5fe96c87893982f2752d0f528e1691591d8b655e x86_64/unzip-5.51-13.fc4.x86_64.rpm
47676a08bd382d976c08ea3927b51fd07cb67850 x86_64/debug/unzip-debuginfo-5.51-13.fc4.x86_64.rpm
69cf5c0e4faf82e7e5305abe5cf7feb8d480ba99 i386/unzip-5.51-13.fc4.i386.rpm
c7260e51f7b60ffbf92a99c44caa928e5cb50df6 i386/debug/unzip-debuginfo-5.51-13.fc4.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200602-01

http://security.gentoo.org/


Severity: Normal
Title: GStreamer FFmpeg plugin: Heap-based buffer overflow
Date: February 05, 2006
Bugs: #119512
ID: 200602-01


Synopsis

The GStreamer FFmpeg plugin is vulnerable to a buffer overflow that may be exploited by attackers to execute arbitrary code.

Background

The GStreamer FFmpeg plugin uses code from the FFmpeg library to provide fast colorspace conversion and multimedia decoders to the GStreamer open source media framework.

Affected packages


     Package                           /  Vulnerable  /     Unaffected

  1  media-plugins/gst-plugins-ffmpeg     < 0.8.7-r1       >= 0.8.7-r1

Description

The GStreamer FFmpeg plugin contains derived code from the FFmpeg library, which is vulnerable to a heap overflow in the "avcodec_default_get_buffer()" function discovered by Simon Kilvington (see GLSA 200601-06).

Impact

A remote attacker could entice a user to run an application using the GStreamer FFmpeg plugin on a maliciously crafted PIX_FMT_PAL8 format image file (like PNG images), possibly leading to the execution of arbitrary code with the permissions of the user running the application.

Workaround

There is no known workaround at this time.

Resolution

All GStreamer FFmpeg plugin users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-plugins/gst-plugins-ffmpeg-0.8.7-r1"

References

[ 1 ] CVE-2005-4048

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048

[ 2 ] GLSA 200601-06

http://www.gentoo.org/security/en/glsa/glsa-200601-06.xml

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200602-01.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200602-02

http://security.gentoo.org/


Severity: Normal
Title: ADOdb: PostgresSQL command injection
Date: February 06, 2006
Bugs: #120215
ID: 200602-02


Synopsis

ADOdb is vulnerable to SQL injections if used in conjunction with a PostgreSQL database.

Background

ADOdb is an abstraction library for PHP creating a common API for a wide range of database backends.

Affected packages


     Package        /  Vulnerable  /                        Unaffected

  1  dev-php/adodb       < 4.71                                >= 4.71

Description

Andy Staudacher discovered that ADOdb does not properly sanitize all parameters.

Impact

By sending specifically crafted requests to an application that uses ADOdb and a PostgreSQL backend, an attacker might exploit the flaw to execute arbitrary SQL queries on the host.

Workaround

There is no known workaround at this time.

Resolution

All ADOdb users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-php/adodb-4.71"

References

[ 1 ] CVE-2006-0410

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0410

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200602-02.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200602-03

http://security.gentoo.org/


Severity: Normal
Title: Apache: Multiple vulnerabilities
Date: February 06, 2006
Bugs: #115324, #118875
ID: 200602-03


Synopsis

Apache can be exploited for cross-site scripting attacks and is vulnerable to a Denial of Service attack.

Background

The Apache HTTP server is one of the most popular web servers on the Internet. mod_imap provides support for server-side image maps; mod_ssl provides secure HTTP connections.

Affected packages


     Package         /   Vulnerable   /                     Unaffected

  1  net-www/apache      < 2.0.55-r1                      >= 2.0.55-r1
                                                        *>= 2.0.54-r16
                                                          == 1.3.34-r2
                                                        *>= 1.3.34-r11

Description

Apache's mod_imap fails to properly sanitize the "Referer" directive of imagemaps in some cases, leaving the HTTP Referer header unescaped. A flaw in mod_ssl can lead to a NULL pointer dereference if the site uses a custom "Error 400" document. These vulnerabilities were reported by Marc Cox and Hartmut Keil, respectively.

Impact

A remote attacker could exploit mod_imap to inject arbitrary HTML or JavaScript into a user's browser to gather sensitive information. Attackers could also cause a Denial of Service on hosts using the SSL module (Apache 2.0.x only).

Workaround

There is no known workaround at this time.

Resolution

All Apache users should upgrade to the latest version, depending on whether they still use the old configuration style (/etc/apache/conf/*.conf) or the new one (/etc/apache2/httpd.conf).

2.0.x users, new style config:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-www/apache-2.0.55-r1"

2.0.x users, old style config:

    # emerge --sync
    # emerge --ask --oneshot --verbose "=net-www/apache-2.0.54-r16"

1.x users, new style config:

    # emerge --sync
    # emerge --ask --oneshot --verbose "=net-www/apache-1.3.34-r11"

1.x users, old style config:

    # emerge --sync
    # emerge --ask --oneshot --verbose "=net-www/apache-1.3.34-r2"

References

[ 1 ] CVE-2005-3352

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352

[ 2 ] CVE-2005-3357

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200602-03.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Mandriva Linux


Mandriva Linux Security Advisory MDKSA-2006:033
http://www.mandriva.com/security/


Package : OpenOffice.org
Date : February 2, 2006
Affected: 2006.0, Corporate 3.0


Problem Description:

OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings.

Updated packages are patched to address this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4636


Updated Packages:

Mandriva Linux 2006.0:
3dee999dd248d5b405070b078bc33587 2006.0/RPMS/OpenOffice.org-1.1.5-2.2.20060mdk.i586.rpm
a6e44f1c5ae79e6bff4f256b5605e1fb 2006.0/RPMS/OpenOffice.org-l10n-af-1.1.5-2.2.20060mdk.i586.rpm
907f4f481bf4c12258233b78bb49e1eb 2006.0/RPMS/OpenOffice.org-l10n-ar-1.1.5-2.2.20060mdk.i586.rpm
0e90101c2ac6d4b9c289c12b7dd1e248 2006.0/RPMS/OpenOffice.org-l10n-ca-1.1.5-2.2.20060mdk.i586.rpm
89049d9f8e0f34074bab49eda6ce0db3 2006.0/RPMS/OpenOffice.org-l10n-cs-1.1.5-2.2.20060mdk.i586.rpm
a940d095a539a4e52502c1c1b9bba11e 2006.0/RPMS/OpenOffice.org-l10n-cy-1.1.5-2.2.20060mdk.i586.rpm
f860093a6b0eb306f4903eb9f3f181d9 2006.0/RPMS/OpenOffice.org-l10n-da-1.1.5-2.2.20060mdk.i586.rpm
6f1992dd7dcf4c4011a087ea61f2cb03 2006.0/RPMS/OpenOffice.org-l10n-de-1.1.5-2.2.20060mdk.i586.rpm
c0d6ba0f33ccbbd6acef1ff80d264bc7 2006.0/RPMS/OpenOffice.org-l10n-el-1.1.5-2.2.20060mdk.i586.rpm
b55d67c8094d82348036b3289586d284 2006.0/RPMS/OpenOffice.org-l10n-en-1.1.5-2.2.20060mdk.i586.rpm
49c435598a3eedad90b8e1a56e7361f2 2006.0/RPMS/OpenOffice.org-l10n-es-1.1.5-2.2.20060mdk.i586.rpm
51f08254141a5bbb38b0290abe16784e 2006.0/RPMS/OpenOffice.org-l10n-et-1.1.5-2.2.20060mdk.i586.rpm
236582a21a049e403363598e07583e33 2006.0/RPMS/OpenOffice.org-l10n-eu-1.1.5-2.2.20060mdk.i586.rpm
1fe921d03ae685abae102fe044b5dd4f 2006.0/RPMS/OpenOffice.org-l10n-fi-1.1.5-2.2.20060mdk.i586.rpm
11ff5ad3d2d98e2468b52777b0c6299b 2006.0/RPMS/OpenOffice.org-l10n-fr-1.1.5-2.2.20060mdk.i586.rpm
fa73e9e25532bef45ca1dba87dc5f597 2006.0/RPMS/OpenOffice.org-l10n-he-1.1.5-2.2.20060mdk.i586.rpm
0066e690376ab789b8ded30c808d1ccf 2006.0/RPMS/OpenOffice.org-l10n-hu-1.1.5-2.2.20060mdk.i586.rpm
dddb79794a203128e505b8ee4b9ed376 2006.0/RPMS/OpenOffice.org-l10n-it-1.1.5-2.2.20060mdk.i586.rpm
a0e81d419476a0a3a095d605f3edad8f 2006.0/RPMS/OpenOffice.org-l10n-ja-1.1.5-2.2.20060mdk.i586.rpm
44ed9f09bdfa364ccf32ca24f3c3681e 2006.0/RPMS/OpenOffice.org-l10n-ko-1.1.5-2.2.20060mdk.i586.rpm
d015a5722dbe141f41f3e62fd06fae1e 2006.0/RPMS/OpenOffice.org-l10n-nb-1.1.5-2.2.20060mdk.i586.rpm
350f1ae4c81f6d102d7fa725e833facd 2006.0/RPMS/OpenOffice.org-l10n-nl-1.1.5-2.2.20060mdk.i586.rpm
27a7fec93f39822970bd0ed4783bc415 2006.0/RPMS/OpenOffice.org-l10n-nn-1.1.5-2.2.20060mdk.i586.rpm
627b05bb762b52d1388bd95db921346d 2006.0/RPMS/OpenOffice.org-l10n-ns-1.1.5-2.2.20060mdk.i586.rpm
4ba08965b4709a449b1aeb96dc41e8ad 2006.0/RPMS/OpenOffice.org-l10n-pl-1.1.5-2.2.20060mdk.i586.rpm
df4ff901584a62775afd64539f40fef4 2006.0/RPMS/OpenOffice.org-l10n-pt-1.1.5-2.2.20060mdk.i586.rpm
5035004c9dacccb1cbaec68f0b60390c 2006.0/RPMS/OpenOffice.org-l10n-pt_BR-1.1.5-2.2.20060mdk.i586.rpm
a451e3a7488edb20b48d065866fc90de 2006.0/RPMS/OpenOffice.org-l10n-ru-1.1.5-2.2.20060mdk.i586.rpm
4520ff8f7b62aa4603d204ecbd3c60a7 2006.0/RPMS/OpenOffice.org-l10n-sk-1.1.5-2.2.20060mdk.i586.rpm
a9a563fb0ad8ed3084f6026698aab08b 2006.0/RPMS/OpenOffice.org-l10n-sl-1.1.5-2.2.20060mdk.i586.rpm
6e320635bd5c6154b3378b702861edb1 2006.0/RPMS/OpenOffice.org-l10n-sv-1.1.5-2.2.20060mdk.i586.rpm
ba2763e07655b6aef443a1fecd7f13eb 2006.0/RPMS/OpenOffice.org-l10n-tr-1.1.5-2.2.20060mdk.i586.rpm
ab7f145444e399490ef1e902b525e116 2006.0/RPMS/OpenOffice.org-l10n-zh_CN-1.1.5-2.2.20060mdk.i586.rpm
8f5a6e7ad4d56700624e7e77252a6e69 2006.0/RPMS/OpenOffice.org-l10n-zh_TW-1.1.5-2.2.20060mdk.i586.rpm
9d0ab55c3af3ed5f401ae065c8a26011 2006.0/RPMS/OpenOffice.org-l10n-zu-1.1.5-2.2.20060mdk.i586.rpm
a7705f07dc82b85bd7cb050ec11aec18 2006.0/RPMS/OpenOffice.org-libs-1.1.5-2.2.20060mdk.i586.rpm
6a6f4ab1836c36fbe6715c4141d2e99a 2006.0/SRPMS/OpenOffice.org-1.1.5-2.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
3dee999dd248d5b405070b078bc33587 x86_64/2006.0/RPMS/OpenOffice.org-1.1.5-2.2.20060mdk.i586.rpm
a6e44f1c5ae79e6bff4f256b5605e1fb x86_64/2006.0/RPMS/OpenOffice.org-l10n-af-1.1.5-2.2.20060mdk.i586.rpm
907f4f481bf4c12258233b78bb49e1eb x86_64/2006.0/RPMS/OpenOffice.org-l10n-ar-1.1.5-2.2.20060mdk.i586.rpm
0e90101c2ac6d4b9c289c12b7dd1e248 x86_64/2006.0/RPMS/OpenOffice.org-l10n-ca-1.1.5-2.2.20060mdk.i586.rpm
89049d9f8e0f34074bab49eda6ce0db3 x86_64/2006.0/RPMS/OpenOffice.org-l10n-cs-1.1.5-2.2.20060mdk.i586.rpm
a940d095a539a4e52502c1c1b9bba11e x86_64/2006.0/RPMS/OpenOffice.org-l10n-cy-1.1.5-2.2.20060mdk.i586.rpm
f860093a6b0eb306f4903eb9f3f181d9 x86_64/2006.0/RPMS/OpenOffice.org-l10n-da-1.1.5-2.2.20060mdk.i586.rpm
6f1992dd7dcf4c4011a087ea61f2cb03 x86_64/2006.0/RPMS/OpenOffice.org-l10n-de-1.1.5-2.2.20060mdk.i586.rpm
c0d6ba0f33ccbbd6acef1ff80d264bc7 x86_64/2006.0/RPMS/OpenOffice.org-l10n-el-1.1.5-2.2.20060mdk.i586.rpm
b55d67c8094d82348036b3289586d284 x86_64/2006.0/RPMS/OpenOffice.org-l10n-en-1.1.5-2.2.20060mdk.i586.rpm
49c435598a3eedad90b8e1a56e7361f2 x86_64/2006.0/RPMS/OpenOffice.org-l10n-es-1.1.5-2.2.20060mdk.i586.rpm
51f08254141a5bbb38b0290abe16784e x86_64/2006.0/RPMS/OpenOffice.org-l10n-et-1.1.5-2.2.20060mdk.i586.rpm
236582a21a049e403363598e07583e33 x86_64/2006.0/RPMS/OpenOffice.org-l10n-eu-1.1.5-2.2.20060mdk.i586.rpm
1fe921d03ae685abae102fe044b5dd4f x86_64/2006.0/RPMS/OpenOffice.org-l10n-fi-1.1.5-2.2.20060mdk.i586.rpm
11ff5ad3d2d98e2468b52777b0c6299b x86_64/2006.0/RPMS/OpenOffice.org-l10n-fr-1.1.5-2.2.20060mdk.i586.rpm
fa73e9e25532bef45ca1dba87dc5f597 x86_64/2006.0/RPMS/OpenOffice.org-l10n-he-1.1.5-2.2.20060mdk.i586.rpm
0066e690376ab789b8ded30c808d1ccf x86_64/2006.0/RPMS/OpenOffice.org-l10n-hu-1.1.5-2.2.20060mdk.i586.rpm
dddb79794a203128e505b8ee4b9ed376 x86_64/2006.0/RPMS/OpenOffice.org-l10n-it-1.1.5-2.2.20060mdk.i586.rpm
a0e81d419476a0a3a095d605f3edad8f x86_64/2006.0/RPMS/OpenOffice.org-l10n-ja-1.1.5-2.2.20060mdk.i586.rpm
44ed9f09bdfa364ccf32ca24f3c3681e x86_64/2006.0/RPMS/OpenOffice.org-l10n-ko-1.1.5-2.2.20060mdk.i586.rpm
d015a5722dbe141f41f3e62fd06fae1e x86_64/2006.0/RPMS/OpenOffice.org-l10n-nb-1.1.5-2.2.20060mdk.i586.rpm
350f1ae4c81f6d102d7fa725e833facd x86_64/2006.0/RPMS/OpenOffice.org-l10n-nl-1.1.5-2.2.20060mdk.i586.rpm
27a7fec93f39822970bd0ed4783bc415 x86_64/2006.0/RPMS/OpenOffice.org-l10n-nn-1.1.5-2.2.20060mdk.i586.rpm
627b05bb762b52d1388bd95db921346d x86_64/2006.0/RPMS/OpenOffice.org-l10n-ns-1.1.5-2.2.20060mdk.i586.rpm
4ba08965b4709a449b1aeb96dc41e8ad x86_64/2006.0/RPMS/OpenOffice.org-l10n-pl-1.1.5-2.2.20060mdk.i586.rpm
df4ff901584a62775afd64539f40fef4 x86_64/2006.0/RPMS/OpenOffice.org-l10n-pt-1.1.5-2.2.20060mdk.i586.rpm
5035004c9dacccb1cbaec68f0b60390c x86_64/2006.0/RPMS/OpenOffice.org-l10n-pt_BR-1.1.5-2.2.20060mdk.i586.rpm
a451e3a7488edb20b48d065866fc90de x86_64/2006.0/RPMS/OpenOffice.org-l10n-ru-1.1.5-2.2.20060mdk.i586.rpm
4520ff8f7b62aa4603d204ecbd3c60a7 x86_64/2006.0/RPMS/OpenOffice.org-l10n-sk-1.1.5-2.2.20060mdk.i586.rpm
a9a563fb0ad8ed3084f6026698aab08b x86_64/2006.0/RPMS/OpenOffice.org-l10n-sl-1.1.5-2.2.20060mdk.i586.rpm
6e320635bd5c6154b3378b702861edb1 x86_64/2006.0/RPMS/OpenOffice.org-l10n-sv-1.1.5-2.2.20060mdk.i586.rpm
ba2763e07655b6aef443a1fecd7f13eb x86_64/2006.0/RPMS/OpenOffice.org-l10n-tr-1.1.5-2.2.20060mdk.i586.rpm
ab7f145444e399490ef1e902b525e116 x86_64/2006.0/RPMS/OpenOffice.org-l10n-zh_CN-1.1.5-2.2.20060mdk.i586.rpm
8f5a6e7ad4d56700624e7e77252a6e69 x86_64/2006.0/RPMS/OpenOffice.org-l10n-zh_TW-1.1.5-2.2.20060mdk.i586.rpm
9d0ab55c3af3ed5f401ae065c8a26011 x86_64/2006.0/RPMS/OpenOffice.org-l10n-zu-1.1.5-2.2.20060mdk.i586.rpm
a7705f07dc82b85bd7cb050ec11aec18 x86_64/2006.0/RPMS/OpenOffice.org-libs-1.1.5-2.2.20060mdk.i586.rpm
6a6f4ab1836c36fbe6715c4141d2e99a x86_64/2006.0/SRPMS/OpenOffice.org-1.1.5-2.2.20060mdk.src.rpm

Corporate 3.0:
93264fa91b20ca98991cd8a2aace3d19 corporate/3.0/RPMS/OpenOffice.org-1.1.2-9.2.C30mdk.i586.rpm
541c3bdb1b3ec51fcb27ffbe9e81a6e5 corporate/3.0/RPMS/OpenOffice.org-l10n-ar-1.1.2-9.2.C30mdk.i586.rpm
955582f49c21bf9b2f3115602f91565e corporate/3.0/RPMS/OpenOffice.org-l10n-ca-1.1.2-9.2.C30mdk.i586.rpm
a1caabf4cdec2b7a43fcd7bd32a37a04 corporate/3.0/RPMS/OpenOffice.org-l10n-cs-1.1.2-9.2.C30mdk.i586.rpm
c3bef40f84968eb1f9d0a9eb0fa9c946 corporate/3.0/RPMS/OpenOffice.org-l10n-da-1.1.2-9.2.C30mdk.i586.rpm
e35e66fffee2af1b56b09f27ac2b5d12 corporate/3.0/RPMS/OpenOffice.org-l10n-de-1.1.2-9.2.C30mdk.i586.rpm
47afa9ac9b16c541230810fcd764c354 corporate/3.0/RPMS/OpenOffice.org-l10n-el-1.1.2-9.2.C30mdk.i586.rpm
1b0065dff91d6da6fcab436b67394e0b corporate/3.0/RPMS/OpenOffice.org-l10n-en-1.1.2-9.2.C30mdk.i586.rpm
7cb92b94c58f89de10cb669d59af3606 corporate/3.0/RPMS/OpenOffice.org-l10n-es-1.1.2-9.2.C30mdk.i586.rpm
0414452819b62c48a65eb97b8c321bb0 corporate/3.0/RPMS/OpenOffice.org-l10n-et-1.1.2-9.2.C30mdk.i586.rpm
415d00f01dee43c8863521246780b85f corporate/3.0/RPMS/OpenOffice.org-l10n-eu-1.1.2-9.2.C30mdk.i586.rpm
5b2bb9b68dfebcb097f602c14fe59013 corporate/3.0/RPMS/OpenOffice.org-l10n-fi-1.1.2-9.2.C30mdk.i586.rpm
dc98b9e0bdf7faceedd5aa1c5961739d corporate/3.0/RPMS/OpenOffice.org-l10n-fr-1.1.2-9.2.C30mdk.i586.rpm
da444fb7641f0ebbf4bb363532ed6e08 corporate/3.0/RPMS/OpenOffice.org-l10n-it-1.1.2-9.2.C30mdk.i586.rpm
d0571564aa6645c7fda59ed84707b75d corporate/3.0/RPMS/OpenOffice.org-l10n-ja-1.1.2-9.2.C30mdk.i586.rpm
716d5b2fd86d3a98f5a58fcdc2af487e corporate/3.0/RPMS/OpenOffice.org-l10n-ko-1.1.2-9.2.C30mdk.i586.rpm
81f9fb71aaa9377f92671ae0b9744d29 corporate/3.0/RPMS/OpenOffice.org-l10n-nb-1.1.2-9.2.C30mdk.i586.rpm
45e29fccae67d0f8b99167177ba58639 corporate/3.0/RPMS/OpenOffice.org-l10n-nl-1.1.2-9.2.C30mdk.i586.rpm
528b83ca333fa58d986a9386597edd40 corporate/3.0/RPMS/OpenOffice.org-l10n-nn-1.1.2-9.2.C30mdk.i586.rpm
a9e1bb136cdb961f55b591790d99cf49 corporate/3.0/RPMS/OpenOffice.org-l10n-pl-1.1.2-9.2.C30mdk.i586.rpm
b0f6afd2af6bd942eb49b2356f9d82fd corporate/3.0/RPMS/OpenOffice.org-l10n-pt-1.1.2-9.2.C30mdk.i586.rpm
b460aa9e9b1cb05d6e9b32b4f18b3910 corporate/3.0/RPMS/OpenOffice.org-l10n-pt_BR-1.1.2-9.2.C30mdk.i586.rpm
5362bc6051fbd788eb7baf508645e4c5 corporate/3.0/RPMS/OpenOffice.org-l10n-ru-1.1.2-9.2.C30mdk.i586.rpm
e41ea4be138bafdda714405e23c72153 corporate/3.0/RPMS/OpenOffice.org-l10n-sk-1.1.2-9.2.C30mdk.i586.rpm
6c9ad505940d852a6e956b193767ba48 corporate/3.0/RPMS/OpenOffice.org-l10n-sv-1.1.2-9.2.C30mdk.i586.rpm
8b22927b7d9b9e71ff73ff1150c3db13 corporate/3.0/RPMS/OpenOffice.org-l10n-tr-1.1.2-9.2.C30mdk.i586.rpm
f8eeccee06baad5bf31bc2afb2d77b1a corporate/3.0/RPMS/OpenOffice.org-l10n-zh_CN-1.1.2-9.2.C30mdk.i586.rpm
384809ccad4af0c27a157ed5288234fb corporate/3.0/RPMS/OpenOffice.org-l10n-zh_TW-1.1.2-9.2.C30mdk.i586.rpm
4f97988bf5cc409f5bc200580e596430 corporate/3.0/RPMS/OpenOffice.org-libs-1.1.2-9.2.C30mdk.i586.rpm
3376b1b82dd56f6aba71ff8dee154971 corporate/3.0/SRPMS/OpenOffice.org-1.1.2-9.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
93264fa91b20ca98991cd8a2aace3d19 x86_64/corporate/3.0/RPMS/OpenOffice.org-1.1.2-9.2.C30mdk.i586.rpm
541c3bdb1b3ec51fcb27ffbe9e81a6e5 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-ar-1.1.2-9.2.C30mdk.i586.rpm
955582f49c21bf9b2f3115602f91565e x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-ca-1.1.2-9.2.C30mdk.i586.rpm
a1caabf4cdec2b7a43fcd7bd32a37a04 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-cs-1.1.2-9.2.C30mdk.i586.rpm
c3bef40f84968eb1f9d0a9eb0fa9c946 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-da-1.1.2-9.2.C30mdk.i586.rpm
e35e66fffee2af1b56b09f27ac2b5d12 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-de-1.1.2-9.2.C30mdk.i586.rpm
47afa9ac9b16c541230810fcd764c354 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-el-1.1.2-9.2.C30mdk.i586.rpm
1b0065dff91d6da6fcab436b67394e0b x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-en-1.1.2-9.2.C30mdk.i586.rpm
7cb92b94c58f89de10cb669d59af3606 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-es-1.1.2-9.2.C30mdk.i586.rpm
0414452819b62c48a65eb97b8c321bb0 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-et-1.1.2-9.2.C30mdk.i586.rpm
415d00f01dee43c8863521246780b85f x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-eu-1.1.2-9.2.C30mdk.i586.rpm
5b2bb9b68dfebcb097f602c14fe59013 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-fi-1.1.2-9.2.C30mdk.i586.rpm
dc98b9e0bdf7faceedd5aa1c5961739d x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-fr-1.1.2-9.2.C30mdk.i586.rpm
da444fb7641f0ebbf4bb363532ed6e08 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-it-1.1.2-9.2.C30mdk.i586.rpm
d0571564aa6645c7fda59ed84707b75d x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-ja-1.1.2-9.2.C30mdk.i586.rpm
716d5b2fd86d3a98f5a58fcdc2af487e x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-ko-1.1.2-9.2.C30mdk.i586.rpm
81f9fb71aaa9377f92671ae0b9744d29 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-nb-1.1.2-9.2.C30mdk.i586.rpm
45e29fccae67d0f8b99167177ba58639 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-nl-1.1.2-9.2.C30mdk.i586.rpm
528b83ca333fa58d986a9386597edd40 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-nn-1.1.2-9.2.C30mdk.i586.rpm
a9e1bb136cdb961f55b591790d99cf49 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-pl-1.1.2-9.2.C30mdk.i586.rpm
b0f6afd2af6bd942eb49b2356f9d82fd x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-pt-1.1.2-9.2.C30mdk.i586.rpm
b460aa9e9b1cb05d6e9b32b4f18b3910 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-pt_BR-1.1.2-9.2.C30mdk.i586.rpm
5362bc6051fbd788eb7baf508645e4c5 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-ru-1.1.2-9.2.C30mdk.i586.rpm
e41ea4be138bafdda714405e23c72153 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-sk-1.1.2-9.2.C30mdk.i586.rpm
6c9ad505940d852a6e956b193767ba48 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-sv-1.1.2-9.2.C30mdk.i586.rpm
8b22927b7d9b9e71ff73ff1150c3db13 x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-tr-1.1.2-9.2.C30mdk.i586.rpm
f8eeccee06baad5bf31bc2afb2d77b1a x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-zh_CN-1.1.2-9.2.C30mdk.i586.rpm
384809ccad4af0c27a157ed5288234fb x86_64/corporate/3.0/RPMS/OpenOffice.org-l10n-zh_TW-1.1.2-9.2.C30mdk.i586.rpm
4f97988bf5cc409f5bc200580e596430 x86_64/corporate/3.0/RPMS/OpenOffice.org-libs-1.1.2-9.2.C30mdk.i586.rpm
3376b1b82dd56f6aba71ff8dee154971 x86_64/corporate/3.0/SRPMS/OpenOffice.org-1.1.2-9.2.C30mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Advisory MDKSA-2006:034
http://www.mandriva.com/security/


Package : openssh
Date : February 6, 2006
Affected: 10.1, 10.2, 2006.0, Corporate 3.0, Multi Network Firewall 2.0


Problem Description:

A flaw was discovered in the scp local-to-local copy implementation where filenames that contain shell metacharacters or spaces are expanded twice, which could lead to the execution of arbitrary commands if a local user could be tricked into a scp'ing a specially crafted filename.

The provided updates bump the OpenSSH version to the latest release version of 4.3p1. A number of differences exist, primarily dealing with PAM authentication over the version included in Corporate 3.0 and MNF2. In particular, the default sshd_config now only accepts protocol 2 connections and UsePAM is now disabled by default.

On systems using alternate authentication methods (ie. LDAP) that use the PAM stack for authentication, you will need to enable UsePAM. Note that the default /etc/pam.d/sshd file has also been modified to use the pam_listfile.so module which will deny access to any users listed in /etc/ssh/denyusers (by default, this is only the root user). This is required to preserve the expected behaviour when using "PermitRootLogin without-password"; otherwise it would still be possible to obtain a login prompt and login without using keys.

Mandriva Linux 10.1 and newer already have these changes in their shipped versions. There are new features in OpenSSH and users are encouraged to review the new sshd_config and ssh_config files when upgrading.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225


Updated Packages:

Mandriva Linux 10.1:
4f1958566f5258886743a45f22ef1e34 10.1/RPMS/openssh-4.3p1-0.1.101mdk.i586.rpm
f817eb7108f59f33beb454ca6e443229 10.1/RPMS/openssh-askpass-4.3p1-0.1.101mdk.i586.rpm
db84193dba5e3f5c1e225275abe8b641 10.1/RPMS/openssh-askpass-gnome-4.3p1-0.1.101mdk.i586.rpm
a9ce7f968bcff665f647262a2ccd5d75 10.1/RPMS/openssh-clients-4.3p1-0.1.101mdk.i586.rpm
72ca79bc593835e75bf9d8996d4dd900 10.1/RPMS/openssh-server-4.3p1-0.1.101mdk.i586.rpm
33d2f96a7696b009e218ae0b721252f7 10.1/SRPMS/openssh-4.3p1-0.1.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
4f1030c6ee3a954d2edfc74e33e42ecb x86_64/10.1/RPMS/openssh-4.3p1-0.1.101mdk.x86_64.rpm
d53686d7ede0f71a113cd129b9251b61 x86_64/10.1/RPMS/openssh-askpass-4.3p1-0.1.101mdk.x86_64.rpm
519e7a06bcd2dab1faeea0f890f87b17 x86_64/10.1/RPMS/openssh-askpass-gnome-4.3p1-0.1.101mdk.x86_64.rpm
77bf38dce2398fad97c67527bfecce98 x86_64/10.1/RPMS/openssh-clients-4.3p1-0.1.101mdk.x86_64.rpm
78e6936ccd813adfb65878c9ddf171e3 x86_64/10.1/RPMS/openssh-server-4.3p1-0.1.101mdk.x86_64.rpm
33d2f96a7696b009e218ae0b721252f7 x86_64/10.1/SRPMS/openssh-4.3p1-0.1.101mdk.src.rpm

Mandriva Linux 10.2:
e9d694810e62424f76bbfd8289dde78d 10.2/RPMS/openssh-4.3p1-0.1.102mdk.i586.rpm
f20adbb972331bd47cd7757438d57b04 10.2/RPMS/openssh-askpass-4.3p1-0.1.102mdk.i586.rpm
7f3c599cce33a46f1dc3cee971809cd2 10.2/RPMS/openssh-askpass-gnome-4.3p1-0.1.102mdk.i586.rpm
cab8ee8878caa0be59a9fce2436ca108 10.2/RPMS/openssh-clients-4.3p1-0.1.102mdk.i586.rpm
89b36beb1e7efc313f7a7072e93f4fa8 10.2/RPMS/openssh-server-4.3p1-0.1.102mdk.i586.rpm
59d044910a86509f132504e08c8c6ca3 10.2/SRPMS/openssh-4.3p1-0.1.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
0c78958b6a0c0a2dede35971d1aade4f x86_64/10.2/RPMS/openssh-4.3p1-0.1.102mdk.x86_64.rpm
b010db3117a2af7f0ffa2782065fec64 x86_64/10.2/RPMS/openssh-askpass-4.3p1-0.1.102mdk.x86_64.rpm
41b6f95151ca2c26ff9011e1b37e227f x86_64/10.2/RPMS/openssh-askpass-gnome-4.3p1-0.1.102mdk.x86_64.rpm
2bdb612317f7711a79bec1f66ed400b6 x86_64/10.2/RPMS/openssh-clients-4.3p1-0.1.102mdk.x86_64.rpm
3430540fb77be153a105c624dc8d1ffb x86_64/10.2/RPMS/openssh-server-4.3p1-0.1.102mdk.x86_64.rpm
59d044910a86509f132504e08c8c6ca3 x86_64/10.2/SRPMS/openssh-4.3p1-0.1.102mdk.src.rpm

Mandriva Linux 2006.0:
c14c845b293b5de9eef2fd38fa664cf0 2006.0/RPMS/openssh-4.3p1-0.1.20060mdk.i586.rpm
b4e9bce08d4cb9fd6ea58bfb22582322 2006.0/RPMS/openssh-askpass-4.3p1-0.1.20060mdk.i586.rpm
f3b06a0f7582893da708eb731f20ddfc 2006.0/RPMS/openssh-askpass-gnome-4.3p1-0.1.20060mdk.i586.rpm
56b7d3d829cfbadc16727b4cd70435f5 2006.0/RPMS/openssh-clients-4.3p1-0.1.20060mdk.i586.rpm
a39dcb6136735a992de272af885b969d 2006.0/RPMS/openssh-server-4.3p1-0.1.20060mdk.i586.rpm
a10d5c3b02ded996721063187635f15a 2006.0/SRPMS/openssh-4.3p1-0.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
dbb50e2feb0dacec89f455830307c91a x86_64/2006.0/RPMS/openssh-4.3p1-0.1.20060mdk.x86_64.rpm
9e85c473bbde1843ebb6c9c1c6500540 x86_64/2006.0/RPMS/openssh-askpass-4.3p1-0.1.20060mdk.x86_64.rpm
5d9900f6f1daa7a2a9f27579f9605eba x86_64/2006.0/RPMS/openssh-askpass-gnome-4.3p1-0.1.20060mdk.x86_64.rpm
2c77e52059848c5e83a3e55c4474edfc x86_64/2006.0/RPMS/openssh-clients-4.3p1-0.1.20060mdk.x86_64.rpm
031bcfc66f716724bfbcca9c95959757 x86_64/2006.0/RPMS/openssh-server-4.3p1-0.1.20060mdk.x86_64.rpm
a10d5c3b02ded996721063187635f15a x86_64/2006.0/SRPMS/openssh-4.3p1-0.1.20060mdk.src.rpm

Corporate 3.0:
546cd58b29300de4500804cff32af1a7 corporate/3.0/RPMS/openssh-4.3p1-0.1.C30mdk.i586.rpm
095a74722e96addb091b5cfba0c21dbe corporate/3.0/RPMS/openssh-askpass-4.3p1-0.1.C30mdk.i586.rpm
1bab5ca1b302bfe34f797e869915f3ca corporate/3.0/RPMS/openssh-askpass-gnome-4.3p1-0.1.C30mdk.i586.rpm
89e4dce7994c4689b38e215e952a730a corporate/3.0/RPMS/openssh-clients-4.3p1-0.1.C30mdk.i586.rpm
10292199734d88055ace14e2c8e3599e corporate/3.0/RPMS/openssh-server-4.3p1-0.1.C30mdk.i586.rpm
9ce440e371ba9b2d0363d49176ae5648 corporate/3.0/SRPMS/openssh-4.3p1-0.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
82c9e80e32db96a4ff26a4292b559176 x86_64/corporate/3.0/RPMS/openssh-4.3p1-0.1.C30mdk.x86_64.rpm
b9bbe12e01d44953d6c86cd3a9f65af6 x86_64/corporate/3.0/RPMS/openssh-askpass-4.3p1-0.1.C30mdk.x86_64.rpm
5870347a3396863c94d87368cd819934 x86_64/corporate/3.0/RPMS/openssh-askpass-gnome-4.3p1-0.1.C30mdk.x86_64.rpm
d5ea4c7e2595f4ba547b3764d76cdee3 x86_64/corporate/3.0/RPMS/openssh-clients-4.3p1-0.1.C30mdk.x86_64.rpm
dd16b1d8f78ad1d048b3cb5e1f30a80d x86_64/corporate/3.0/RPMS/openssh-server-4.3p1-0.1.C30mdk.x86_64.rpm
9ce440e371ba9b2d0363d49176ae5648 x86_64/corporate/3.0/SRPMS/openssh-4.3p1-0.1.C30mdk.src.rpm

Multi Network Firewall 2.0:
43cee91113a305f010918b320147452c mnf/2.0/RPMS/openssh-4.3p1-0.1.M20mdk.i586.rpm
26ea50f3c198a9a4be7935c67fd853a6 mnf/2.0/RPMS/openssh-askpass-4.3p1-0.1.M20mdk.i586.rpm
97be92c62eccef50269d25d92b0297c1 mnf/2.0/RPMS/openssh-askpass-gnome-4.3p1-0.1.M20mdk.i586.rpm
8d733406cf0897e6206fdfeb0b18e7f9 mnf/2.0/RPMS/openssh-clients-4.3p1-0.1.M20mdk.i586.rpm
91b5423db76153e8aa26429057ef663d mnf/2.0/RPMS/openssh-server-4.3p1-0.1.M20mdk.i586.rpm
8a7c07cd3738c99742c00480232acd10 mnf/2.0/SRPMS/openssh-4.3p1-0.1.M20mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Red Hat Linux


Red Hat Security Advisory

Synopsis: Critical: mozilla security update
Advisory ID: RHSA-2006:0199-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0199.html
Issue date: 2006-02-02
Updated on: 2006-02-02
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-4134 CVE-2006-0292 CVE-2006-0296


1. Summary:

Updated mozilla packages that fix several security bugs are now available.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

Igor Bukanov discovered a bug in the way Mozilla's Javascript interpreter dereferences objects. If a user visits a malicious web page, Mozilla could crash or execute arbitrary code as the user running Mozilla. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to this issue.

moz_bug_r_a4 discovered a bug in Mozilla's XULDocument.persist() function. A malicious web page could inject arbitrary RDF data into a user's localstore.rdf file, which can cause Mozilla to execute arbitrary javascript when a user runs Mozilla. (CVE-2006-0296)

A denial of service bug was found in the way Mozilla saves history information. If a user visits a web page with a very long title, it is possible Mozilla will crash or take a very long time the next time it is run. (CVE-2005-4134)

Note that the Red Hat Enterprise Linux 3 packages also fix a bug when using XSLT to transform documents. Passing DOM Nodes as parameters to functions expecting an xsl:param could cause Mozilla to throw an exception.

Users of Mozilla are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

179163 - CVE-2005-4134 Very long topic history.dat DoS
179166 - CVE-2006-0292 javascript unrooted access
179169 - CVE-2006-0296 XULDocument.persist() RDF data injection

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mozilla-1.7.12-1.1.2.3.src.rpm
e7d52e1e60f9dd4c137a74aa2897df3a mozilla-1.7.12-1.1.2.3.src.rpm

i386:
bbb46a40bf0b414884ee9ce82c8789c6 mozilla-1.7.12-1.1.2.3.i386.rpm
c1529e9660ffd7d9f9d7a26e55653419
mozilla-chat-1.7.12-1.1.2.3.i386.rpm
d94138bf53ae6eef4af4f2cbbc0d6d6d mozilla-devel-1.7.12-1.1.2.3.i386.rpm
0bc7e20b1d84ea22374e4f230b4c7b59
mozilla-dom-inspector-1.7.12-1.1.2.3.i386.rpm
c554a5424e47670c572add84d65fec00 mozilla-js-debugger-1.7.12-1.1.2.3.i386.rpm
b4059391e4cf4286e54d3f188b7c95ff
mozilla-mail-1.7.12-1.1.2.3.i386.rpm
c9e30bb93c65dd247e9f94d30ef9bf9f mozilla-nspr-1.7.12-1.1.2.3.i386.rpm
94f495167cbe4205282dd9380c5c7f14
mozilla-nspr-devel-1.7.12-1.1.2.3.i386.rpm
a14fe0e2870b9f831e825fa89b9dc31a mozilla-nss-1.7.12-1.1.2.3.i386.rpm
f4767e26c279035dad16d922fd269f63
mozilla-nss-devel-1.7.12-1.1.2.3.i386.rpm

ia64:
05331aada7aef098e3ee53583be054c7 mozilla-1.7.12-1.1.2.3.ia64.rpm
d05da61a9d51674573b413b9eb0544fa
mozilla-chat-1.7.12-1.1.2.3.ia64.rpm
c3f9fc0b1768e1f39824b559cdc0e982 mozilla-devel-1.7.12-1.1.2.3.ia64.rpm
bae71c9a536dc56c279955f11de9fa32
mozilla-dom-inspector-1.7.12-1.1.2.3.ia64.rpm
163862486f0f4d1cfa13aac132a61d52 mozilla-js-debugger-1.7.12-1.1.2.3.ia64.rpm
89639b65f128f736cd43db528a93f1e6
mozilla-mail-1.7.12-1.1.2.3.ia64.rpm
3e4f84bb3b6befb6a57e84b4a27c4a99 mozilla-nspr-1.7.12-1.1.2.3.ia64.rpm
5ed8dca0caa2c09691a740d720247a5c
mozilla-nspr-devel-1.7.12-1.1.2.3.ia64.rpm
5b49bb9bede479ad6f82d4ab0ea3bea8 mozilla-nss-1.7.12-1.1.2.3.ia64.rpm
6f1da9b5f589ac372d2a5821ba696752
mozilla-nss-devel-1.7.12-1.1.2.3.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mozilla-1.7.12-1.1.2.3.src.rpm
e7d52e1e60f9dd4c137a74aa2897df3a mozilla-1.7.12-1.1.2.3.src.rpm

ia64:
05331aada7aef098e3ee53583be054c7 mozilla-1.7.12-1.1.2.3.ia64.rpm
d05da61a9d51674573b413b9eb0544fa
mozilla-chat-1.7.12-1.1.2.3.ia64.rpm
c3f9fc0b1768e1f39824b559cdc0e982 mozilla-devel-1.7.12-1.1.2.3.ia64.rpm
bae71c9a536dc56c279955f11de9fa32
mozilla-dom-inspector-1.7.12-1.1.2.3.ia64.rpm
163862486f0f4d1cfa13aac132a61d52 mozilla-js-debugger-1.7.12-1.1.2.3.ia64.rpm
89639b65f128f736cd43db528a93f1e6
mozilla-mail-1.7.12-1.1.2.3.ia64.rpm
3e4f84bb3b6befb6a57e84b4a27c4a99 mozilla-nspr-1.7.12-1.1.2.3.ia64.rpm
5ed8dca0caa2c09691a740d720247a5c
mozilla-nspr-devel-1.7.12-1.1.2.3.ia64.rpm
5b49bb9bede479ad6f82d4ab0ea3bea8 mozilla-nss-1.7.12-1.1.2.3.ia64.rpm
6f1da9b5f589ac372d2a5821ba696752
mozilla-nss-devel-1.7.12-1.1.2.3.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mozilla-1.7.12-1.1.2.3.src.rpm
e7d52e1e60f9dd4c137a74aa2897df3a mozilla-1.7.12-1.1.2.3.src.rpm

i386:
bbb46a40bf0b414884ee9ce82c8789c6 mozilla-1.7.12-1.1.2.3.i386.rpm
c1529e9660ffd7d9f9d7a26e55653419
mozilla-chat-1.7.12-1.1.2.3.i386.rpm
d94138bf53ae6eef4af4f2cbbc0d6d6d mozilla-devel-1.7.12-1.1.2.3.i386.rpm
0bc7e20b1d84ea22374e4f230b4c7b59
mozilla-dom-inspector-1.7.12-1.1.2.3.i386.rpm
c554a5424e47670c572add84d65fec00 mozilla-js-debugger-1.7.12-1.1.2.3.i386.rpm
b4059391e4cf4286e54d3f188b7c95ff
mozilla-mail-1.7.12-1.1.2.3.i386.rpm
c9e30bb93c65dd247e9f94d30ef9bf9f mozilla-nspr-1.7.12-1.1.2.3.i386.rpm
94f495167cbe4205282dd9380c5c7f14
mozilla-nspr-devel-1.7.12-1.1.2.3.i386.rpm
a14fe0e2870b9f831e825fa89b9dc31a mozilla-nss-1.7.12-1.1.2.3.i386.rpm
f4767e26c279035dad16d922fd269f63
mozilla-nss-devel-1.7.12-1.1.2.3.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/mozilla-1.7.12-1.1.2.3.src.rpm
e7d52e1e60f9dd4c137a74aa2897df3a mozilla-1.7.12-1.1.2.3.src.rpm

i386:
bbb46a40bf0b414884ee9ce82c8789c6 mozilla-1.7.12-1.1.2.3.i386.rpm
c1529e9660ffd7d9f9d7a26e55653419
mozilla-chat-1.7.12-1.1.2.3.i386.rpm
d94138bf53ae6eef4af4f2cbbc0d6d6d mozilla-devel-1.7.12-1.1.2.3.i386.rpm
0bc7e20b1d84ea22374e4f230b4c7b59
mozilla-dom-inspector-1.7.12-1.1.2.3.i386.rpm
c554a5424e47670c572add84d65fec00 mozilla-js-debugger-1.7.12-1.1.2.3.i386.rpm
b4059391e4cf4286e54d3f188b7c95ff
mozilla-mail-1.7.12-1.1.2.3.i386.rpm
c9e30bb93c65dd247e9f94d30ef9bf9f mozilla-nspr-1.7.12-1.1.2.3.i386.rpm
94f495167cbe4205282dd9380c5c7f14
mozilla-nspr-devel-1.7.12-1.1.2.3.i386.rpm
a14fe0e2870b9f831e825fa89b9dc31a mozilla-nss-1.7.12-1.1.2.3.i386.rpm
f4767e26c279035dad16d922fd269f63
mozilla-nss-devel-1.7.12-1.1.2.3.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mozilla-1.7.12-1.1.3.4.src.rpm
8d42f63144e878e750c96eb8fcb59935 mozilla-1.7.12-1.1.3.4.src.rpm

i386:
abd902b7d0072f496457f469f35952e1 mozilla-1.7.12-1.1.3.4.i386.rpm
eb95b297d445a0af5908cc4a3ebe39ba
mozilla-chat-1.7.12-1.1.3.4.i386.rpm
a937919904bd233e1153c0635bb31e3d mozilla