dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Advisories: September 7, 2006

Sep 08, 2006, 03:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 1171-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
September 7th, 2006 http://www.debian.org/security/faq


Package : ethereal
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-4333 CVE-2005-3241 CVE-2005-3242 CVE-2005-3243 CVE-2005-3244 CVE-2005-3246 CVE-2005-3248
Debian Bug : 384528 334880

Several remote vulnerabilities have been discovered in the Ethereal network scanner, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-4333

It was discovered that the Q.2391 dissector is vulnerable to denial of service caused by memory exhaustion.

CVE-2005-3241

It was discovered that the FC-FCS, RSVP and ISIS-LSP dissectors are vulnerable to denial of service caused by memory exhaustion.

CVE-2005-3242

It was discovered that the IrDA and SMB dissectors are vulnerable to denial of service caused by memory corruption.

CVE-2005-3243

It was discovered that the SLIMP3 and AgentX dissectors are vulnerable to code injection caused by buffer overflows.

CVE-2005-3244

It was discovered that the BER dissector is vulnerable to denial of service caused by an infinite loop.

CVE-2005-3246

It was discovered that the NCP and RTnet dissectors are vulnerable to denial of service caused by a null pointer dereference.

CVE-2005-3248

It was discovered that the X11 dissector is vulnerable denial of service caused by a division through zero.

This update also fixes a 64 bit-specific regression in the ASN.1 decoder, which has been introduced in a previous DSA.

For the stable distribution (sarge) these problems have been fixed in version 0.10.10-2sarge8.

For the unstable distribution (sid) these problems have been fixed in version 0.99.2-5.1 of wireshark, the network sniffer formerly known as ethereal.

We recommend that you upgrade your ethereal packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

   http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8.dsc
    Size/MD5 checksum: 855 159309d848ffa90cb5ae336582a8e7d4
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
    Size/MD5 checksum: 7411510 e6b74468412c17bb66cd459bfb61471c
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8.diff.gz
    Size/MD5 checksum: 177921 ee1ce43eb48106f1fc0b75bc9ff3c241

alpha architecture (DEC Alpha)

   http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_alpha.deb
    Size/MD5 checksum: 5476146 cf5b01f923e68a3f07d0080ef69f2b57
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_alpha.deb
    Size/MD5 checksum: 154566 615069b5905d6c2aec9a357eb0dd1306
   http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_alpha.deb
    Size/MD5 checksum: 106250 cfe9461049fc5e1997d68cbd1a6d6b78
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_alpha.deb
    Size/MD5 checksum: 543034 5c9eaadae44224a002902c4196847aa0

amd64 architecture (AMD x86_64 (AMD64))

   http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_amd64.deb
    Size/MD5 checksum: 154556 67cfc697c120e54c489e1552b1a58b6e
   http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_amd64.deb
    Size/MD5 checksum: 99542 09093de7c28ec1741106dac694ffcae3
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_amd64.deb
    Size/MD5 checksum: 486502 addeab1c3d70537c088574f9f68e6e6d
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_amd64.deb
    Size/MD5 checksum: 5334616 1700b3e18c2b45594cbb80ef2ea58019

arm architecture (ARM)

   http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_arm.deb
    Size/MD5 checksum: 95616 39dbfe3ac08048f95b19d74c644b780c
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_arm.deb
    Size/MD5 checksum: 154596 209d45b3ebf7ba313bb7db0c00a095bd
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_arm.deb
    Size/MD5 checksum: 472996 5f0d04db811734c1f1c8c814c93ceaaa
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_arm.deb
    Size/MD5 checksum: 4687892 5b2737d93a7e3673630e96744f648b51

hppa architecture (HP PA RISC)

   http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_hppa.deb
    Size/MD5 checksum: 5787290 f36dc8ae6a78acb2d6a8fa71b18af9cc
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_hppa.deb
    Size/MD5 checksum: 154576 5ce456fee2af8fb5b4f19d786166faf6
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_hppa.deb
    Size/MD5 checksum: 489292 71832119d10ab77eb4547840cf7d3504
   http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_hppa.deb
    Size/MD5 checksum: 98452 94aae2f351900a65edfddcae9e880bf6

i386 architecture (Intel ia32)

   http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_i386.deb
    Size/MD5 checksum: 443646 f830051bf5920e2999a8ef9bab332ed2
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_i386.deb
    Size/MD5 checksum: 4529156 4f6c8ec5448ea7b6aa826fce639a5781
   http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_i386.deb
    Size/MD5 checksum: 90878 45f09d9fe820e537fd9e140fbe86de07
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_i386.deb
    Size/MD5 checksum: 154556 a1a78549f0981eb9aa0f77fdd9ce612b

ia64 architecture (Intel ia64)

   http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_ia64.deb
    Size/MD5 checksum: 6630098 82fc3ba6dd822ee192c2050dc6f38dcf
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_ia64.deb
    Size/MD5 checksum: 674420 9b84646b4f81e1c9415656768f6dc687
   http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_ia64.deb
    Size/MD5 checksum: 129156 c3deca896916d3a3d1c1065f5e2717c8
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_ia64.deb
    Size/MD5 checksum: 154554 e8a6435b4e1287af4ebfe3cb606c74af

m68k architecture (Motorola Mc680x0)

   http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_m68k.deb
    Size/MD5 checksum: 90904 ab21fa89ad4a12f8e0c579872a1c07c4
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_m68k.deb
    Size/MD5 checksum: 154614 b384ae036ab5c2b85f62af368b689a04
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_m68k.deb
    Size/MD5 checksum: 447752 6a8378ecb8337071ef8b1199529700be
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_m68k.deb
    Size/MD5 checksum: 5565186 647220c660fd8546c9ca4a18e9d7a792

mips architecture (MIPS (Big Endian))

   http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_mips.deb
    Size/MD5 checksum: 154572 434928f40a6b3e4bf2d7dce6beb72edb
   http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_mips.deb
    Size/MD5 checksum: 94736 4eb62077c31de2ac2ec10a760199b9eb
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_mips.deb
    Size/MD5 checksum: 4723218 9c827aab812bef7a58d5429ee8287d74
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_mips.deb
    Size/MD5 checksum: 462746 fa7d8236f1407836dcc601317afa8df2

mipsel architecture (MIPS (Little Endian))

   http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_mipsel.deb
    Size/MD5 checksum: 94650 7f64290882d7c8c579818fdc1c7e215b
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_mipsel.deb
    Size/MD5 checksum: 154584 934dc675944e857216c72fc29ec46a55
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_mipsel.deb
    Size/MD5 checksum: 458030 487ea6f3a1fd7620b4ae33f4d5e8c8c3
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_mipsel.deb
    Size/MD5 checksum: 4460700 e0062d687a84b9782e645b0d72cbb248

powerpc architecture (PowerPC)

   http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_powerpc.deb
    Size/MD5 checksum: 455716 a203882270b251513b2269b688d59256
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_powerpc.deb
    Size/MD5 checksum: 5068470 7976f110d32b6bb83c00afa49fd75493
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_powerpc.deb
    Size/MD5 checksum: 154570 7622c3b6ca781d622cb305e9a485f447
   http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_powerpc.deb
    Size/MD5 checksum: 94320 5e5391b1f1dc2bc4992582930e28f2a3

s390 architecture (IBM S/390)

   http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_s390.deb
    Size/MD5 checksum: 5621642 092cf076ce4e6fd479ea09fdb14d6e87
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_s390.deb
    Size/MD5 checksum: 154566 f3dae98783c87fb3ff088be62608aef7
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_s390.deb
    Size/MD5 checksum: 479662 e4b854e30aa801eb67a33d1077eb1e9b
   http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_s390.deb
    Size/MD5 checksum: 99904 0516f4694b47ae4637b09e82d321eecc

sparc architecture (Sun SPARC/UltraSPARC)

   http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_sparc.deb
    Size/MD5 checksum: 5130234 44a97eeb06a2d82bbbcfba2712700792
   http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_sparc.deb
    Size/MD5 checksum: 93828 4f44e9be92792058641044db66993758
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_sparc.deb
    Size/MD5 checksum: 465390 42670783f2750c3d5f426fe76bd17696
   http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_sparc.deb
    Size/MD5 checksum: 154566 6f25990f50443c48e802e29881ddc3ff

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200609-05

http://security.gentoo.org/


Severity: Normal
Title: OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery
Date: September 07, 2006
Bugs: #146375, #146438
ID: 200609-05


Synopsis

OpenSSL fails to properly validate PKCS #1 v1.5 signatures.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport Layer Security protocols and a general-purpose cryptography library. The x86 emulation base libraries for AMD64 contain a vulnerable version of OpenSSL.

Affected packages


     Package                  /  Vulnerable  /              Unaffected


1 openssl < 0.9.7k >= 0.9.7k 2 emul-x86-linux-baselibs < 2.5.2 >= 2.5.2 ------------------------------------------------------------------- # Package 2 [app-emulation/emul-x86-linux-baselibs] only applies to AMD64 users. NOTE: Any packages listed without architecture tags apply to all architectures... ------------------------------------------------------------------- 2 affected packages

Description

Daniel Bleichenbacher discovered that it might be possible to forge signatures signed by RSA keys with the exponent of 3.

Impact

Since several CAs are using an exponent of 3 it might be possible for an attacker to create a key with a false CA signature.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7k"

All AMD64 x86 emulation base libraries users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-emulation/emul-x86-linux-baselibs-2.5.2"

References

[ 1 ] CVE-2006-4339

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

   http://security.gentoo.org/glsa/glsa-200609-05.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Mandriva Linux


Mandriva Linux Security Advisory MDKSA-2006:161
http://www.mandriva.com/security/


Package : openssl
Date : September 6, 2006
Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0


Problem Description:

Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures where an RSA key with a small exponent used could be vulnerable to forgery of a PKCS #1 v1.5 signature signed by that key.

Any software using OpenSSL to verify X.509 certificates is potentially vulnerable to this issue, as well as any other use of PKCS #1 v1.5, including software uses OpenSSL for SSL or TLS.

Updated packages are patched to address this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
http://www.openssl.org/news/secadv_20060905.txt


Updated Packages:

Mandriva Linux 2006.0:
8c5769bf04f65ba4c871556156e83a24 2006.0/RPMS/libopenssl0.9.7-0.9.7g-2.3.20060mdk.i586.rpm
f4f595e10bc3ca3f075847ac25e5d78b 2006.0/RPMS/libopenssl0.9.7-devel-0.9.7g-2.3.20060mdk.i586.rpm
448ca33d2bf74e29650a72c4324ee26d 2006.0/RPMS/libopenssl0.9.7-static-devel-0.9.7g-2.3.20060mdk.i586.rpm
1d084addaaed6cf3933e21a59c831f37 2006.0/RPMS/openssl-0.9.7g-2.3.20060mdk.i586.rpm
fffdadefbb4571005a0c48495eb9c112 2006.0/SRPMS/openssl-0.9.7g-2.3.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
c62f2df7b05b041498f0b8e335265d4f x86_64/2006.0/RPMS/lib64openssl0.9.7-0.9.7g-2.3.20060mdk.x86_64.rpm
3a113e1603e4827ef5ce2cc3e6fd30a8 x86_64/2006.0/RPMS/lib64openssl0.9.7-devel-0.9.7g-2.3.20060mdk.x86_64.rpm
b991400c2bc6c2f1886ed8163fc64c46 x86_64/2006.0/RPMS/lib64openssl0.9.7-static-devel-0.9.7g-2.3.20060mdk.x86_64.rpm
a1bec4a4d34fb73ea5fcd72e22a4f291 x86_64/2006.0/RPMS/openssl-0.9.7g-2.3.20060mdk.x86_64.rpm
fffdadefbb4571005a0c48495eb9c112 x86_64/2006.0/SRPMS/openssl-0.9.7g-2.3.20060mdk.src.rpm

Corporate 3.0:
89b73fa8deec7e2b87b2dc29ad854420 corporate/3.0/RPMS/libopenssl0.9.7-0.9.7c-3.5.C30mdk.i586.rpm
fad4d18975f6eba4b0534fe8b1237512 corporate/3.0/RPMS/libopenssl0.9.7-devel-0.9.7c-3.5.C30mdk.i586.rpm
3755fdc390b94c4fd3e3ccbb69e27fa4 corporate/3.0/RPMS/libopenssl0.9.7-static-devel-0.9.7c-3.5.C30mdk.i586.rpm
f1cbc11423cc40e1421b781638f1910d corporate/3.0/RPMS/openssl-0.9.7c-3.5.C30mdk.i586.rpm
2ecc834f99eceafe3567e8ed0e9277e3 corporate/3.0/SRPMS/openssl-0.9.7c-3.5.C30mdk.src.rpm

Corporate 3.0/X86_64:
f65a08626dcc23531a30f009ca6a8b52 x86_64/corporate/3.0/RPMS/lib64openssl0.9.7-0.9.7c-3.5.C30mdk.x86_64.rpm
67ac445d3ad9c1e2d19f4da624e6091f x86_64/corporate/3.0/RPMS/lib64openssl0.9.7-devel-0.9.7c-3.5.C30mdk.x86_64.rpm
70b179ba036cad4bd59d79716dd0af41 x86_64/corporate/3.0/RPMS/lib64openssl0.9.7-static-devel-0.9.7c-3.5.C30mdk.x86_64.rpm
133be57ba3ba96ca84a2d09cf661ddb8 x86_64/corporate/3.0/RPMS/openssl-0.9.7c-3.5.C30mdk.x86_64.rpm
2ecc834f99eceafe3567e8ed0e9277e3 x86_64/corporate/3.0/SRPMS/openssl-0.9.7c-3.5.C30mdk.src.rpm

Multi Network Firewall 2.0:
9c361b601f34404e9d5809a726005303 mnf/2.0/RPMS/libopenssl0.9.7-0.9.7c-3.5.M20mdk.i586.rpm
aae1f0dcdb8c3f41c417f3f4cc823363 mnf/2.0/RPMS/libopenssl0.9.7-devel-0.9.7c-3.5.M20mdk.i586.rpm
d71945758cd4cab08bba725bc7086181 mnf/2.0/RPMS/libopenssl0.9.7-static-devel-0.9.7c-3.5.M20mdk.i586.rpm
1584f0ecda9e2a57a1c8f848e8422049 mnf/2.0/RPMS/openssl-0.9.7c-3.5.M20mdk.i586.rpm
efe79e9da865fdae6fa4d1bf377fb27e mnf/2.0/SRPMS/openssl-0.9.7c-3.5.M20mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

   http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>


Mandriva Linux Security Advisory MDKSA-2006:162
http://www.mandriva.com/security/


Package : php
Date : September 7, 2006
Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0


Problem Description:

The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings (CVE-2006-4481).

Buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array (CVE-2006-4484).

The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read (CVE-2006-4485).

CVE-2006-4485 does not affect the Corporate3 or MNF2 versions of PHP.

Updated packages have been patched to correct these issues.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4485


Updated Packages:

Mandriva Linux 2006.0:
146279492bdd9a03694778e265582d65 2006.0/RPMS/libphp5_common5-5.0.4-9.14.20060mdk.i586.rpm
ca99a7740c1b47df847a56cbb25a8e80 2006.0/RPMS/php-cgi-5.0.4-9.14.20060mdk.i586.rpm
665f72c14d5c2d485047c8c288946227 2006.0/RPMS/php-cli-5.0.4-9.14.20060mdk.i586.rpm
ddb6f8354c06c2f7bd78823dc846b2b5 2006.0/RPMS/php-devel-5.0.4-9.14.20060mdk.i586.rpm
a8ba6ed38bb91aa170882a2c0ad32e32 2006.0/RPMS/php-fcgi-5.0.4-9.14.20060mdk.i586.rpm
ddc3fc12907892012c0db9df119edaab 2006.0/RPMS/php-imap-5.0.4-2.4.20060mdk.i586.rpm
7231862a27ba9135e9cfcce3c455af3a 2006.0/SRPMS/php-5.0.4-9.14.20060mdk.src.rpm
69d5c165b33b00454cc56b27bb21eba7 2006.0/SRPMS/php-imap-5.0.4-2.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
4ba33ec1fd91fdad05aaffb2d8dc766a x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.14.20060mdk.x86_64.rpm
023e44a6bc50c5edaa3abfe85a888ec3 x86_64/2006.0/RPMS/php-cgi-5.0.4-9.14.20060mdk.x86_64.rpm
29e82f10dba8da27a73e57df3ffc198b x86_64/2006.0/RPMS/php-cli-5.0.4-9.14.20060mdk.x86_64.rpm
69fd9d2282d1bc50c19078f8537e4084 x86_64/2006.0/RPMS/php-devel-5.0.4-9.14.20060mdk.x86_64.rpm
a849151feb32d3bcca9f5d175289fce5 x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.14.20060mdk.x86_64.rpm
1551e3c19dde54eaa19dabe5fe8a31db x86_64/2006.0/RPMS/php-imap-5.0.4-2.4.20060mdk.x86_64.rpm
7231862a27ba9135e9cfcce3c455af3a x86_64/2006.0/SRPMS/php-5.0.4-9.14.20060mdk.src.rpm
69d5c165b33b00454cc56b27bb21eba7 x86_64/2006.0/SRPMS/php-imap-5.0.4-2.4.20060mdk.src.rpm

Corporate 3.0:
3eb436590e289bc53b5bf6560ba04b02 corporate/3.0/RPMS/libphp_common432-4.3.4-4.20.C30mdk.i586.rpm
25e55ccb44fe52f3a2dbbded0463c344 corporate/3.0/RPMS/php432-devel-4.3.4-4.20.C30mdk.i586.rpm
b970a8c32bc44c3736173d90dc251141 corporate/3.0/RPMS/php-cgi-4.3.4-4.20.C30mdk.i586.rpm
90098a78f8376e8abc5cad6d6eab75f9 corporate/3.0/RPMS/php-cli-4.3.4-4.20.C30mdk.i586.rpm
65ec1dc0a8da743bbc8c31b02b2e0463 corporate/3.0/RPMS/php-gd-4.3.4-1.4.C30mdk.i586.rpm
f301535d5f0f4eab5b0d6a1d9b231ef8 corporate/3.0/RPMS/php-imap-4.3.4-1.4.C30mdk.i586.rpm
e7eb6f56b39b5c72b3a2dbb602ab8d46 corporate/3.0/SRPMS/php-4.3.4-4.20.C30mdk.src.rpm
55da5f48aa9e2851b88377d436fc154b corporate/3.0/SRPMS/php-gd-4.3.4-1.4.C30mdk.src.rpm
3133219ccf7cd83aec8f03823b6bcf48 corporate/3.0/SRPMS/php-imap-4.3.4-1.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
c5213371e2b3ff49c18bcb7eea366b86 x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.20.C30mdk.x86_64.rpm
48206012e77a6949d36188f3b2743afc x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.20.C30mdk.x86_64.rpm
e37a90b7ba3b52fce6bbecd6ec8960bf x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.20.C30mdk.x86_64.rpm
24ce234e4d366125e4a13ca5ac2d0bf6 x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.20.C30mdk.x86_64.rpm
60dd687ca2f9fc7b1aa8717533d1ed81 x86_64/corporate/3.0/RPMS/php-gd-4.3.4-1.4.C30mdk.x86_64.rpm
86ff3c6e121b52fd6a092c7f8e35885c x86_64/corporate/3.0/RPMS/php-imap-4.3.4-1.4.C30mdk.x86_64.rpm
e7eb6f56b39b5c72b3a2dbb602ab8d46 x86_64/corporate/3.0/SRPMS/php-4.3.4-4.20.C30mdk.src.rpm
55da5f48aa9e2851b88377d436fc154b x86_64/corporate/3.0/SRPMS/php-gd-4.3.4-1.4.C30mdk.src.rpm
3133219ccf7cd83aec8f03823b6bcf48 x86_64/corporate/3.0/SRPMS/php-imap-4.3.4-1.4.C30mdk.src.rpm

Multi Network Firewall 2.0:
90ed06dbf0316651afc4d8990477ca7d mnf/2.0/RPMS/libphp_common432-4.3.4-4.20.M20mdk.i586.rpm
bbf7116a28e92bd9c6ce531e8014cc22 mnf/2.0/RPMS/php432-devel-4.3.4-4.20.M20mdk.i586.rpm
0c5f0a2f78cdb87ddd4a2a316d107e4c mnf/2.0/RPMS/php-cgi-4.3.4-4.20.M20mdk.i586.rpm
27885acc0df6e7fa21ee1d165df8f426 mnf/2.0/RPMS/php-cli-4.3.4-4.20.M20mdk.i586.rpm
14c40d13e47645ceaddb28508008fd8f mnf/2.0/RPMS/php-gd-4.3.4-1.4.M20mdk.i586.rpm
bfdf39861fc0614d9a81889f6c0dbac6 mnf/2.0/SRPMS/php-4.3.4-4.20.M20mdk.src.rpm
1c40bfd8df9786d467993f0eabc9eff9 mnf/2.0/SRPMS/php-gd-4.3.4-1.4.M20mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

   http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Ubuntu


Ubuntu Security Notice USN-341-1 September 06, 2006
libxfont, xorg vulnerability
CVE-2006-3467

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 5.04:
libfs6 6.8.2-10.3
xserver-xorg 6.8.2-10.3

Ubuntu 5.10:
libxfont1 1:0.99.0+cvs.20050909-1.1

Ubuntu 6.06 LTS:
libxfont1 1:1.0.0-0ubuntu3.1

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

Details follow:

An integer overflow has been discovered in X.org's font handling library. By using a specially crafted font file, this could be exploited to crash the X server or execute arbitrary code with root privileges.

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xorg_6.8.2-10.3.diff.gz       Size/MD5: 1786935 aa47440ea4a03e4986e8f4033b2c66d2
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xorg_6.8.2-10.3.dsc       Size/MD5: 3422 c4e1d22e94d62fc1444d24717bbbcb40
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xorg_6.8.2.orig.tar.gz       Size/MD5: 49471925 34cba217afe2c547e3a72657a3a27e37

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/pm-dev_6.8.2-10.3_all.deb       Size/MD5: 167470 d18ee6199dd8c0dcecf6cdefe7a38453
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/x-dev_6.8.2-10.3_all.deb       Size/MD5: 224308 536d1c21dbcf4087d59562fe8f573069
    http://security.ubuntu.com/ubuntu/pool/universe/x/xorg/x-window-system_6.8.2-10.3_all.deb       Size/MD5: 166762 5c1e2d84c557df93bb4ff503981ce132
    http://security.ubuntu.com/ubuntu/pool/universe/x/xorg/xfonts-100dpi-transcoded_6.8.2-10.3_all.deb       Size/MD5: 8448302 0fdcac01809ee8aecae69e1ecc75e420
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xfonts-100dpi_6.8.2-10.3_all.deb       Size/MD5: 4555576 908a6c66950a2e3cfb98ec556b6c6ec3
    http://security.ubuntu.com/ubuntu/pool/universe/x/xorg/xfonts-75dpi-transcoded_6.8.2-10.3_all.deb       Size/MD5: 7341004 86de5c2f93d14047dfe4b7ef0d366f5a
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xfonts-75dpi_6.8.2-10.3_all.deb       Size/MD5: 4044290 afc8adaca4e2b9f8629ad8039d9ab477
    http://security.ubuntu.com/ubuntu/pool/universe/x/xorg/xfonts-base-transcoded_6.8.2-10.3_all.deb       Size/MD5: 1218644 f8f4977112a91c3383e76eae78a29103
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xfonts-base_6.8.2-10.3_all.deb       Size/MD5: 5794084 a5b9189826249e831bd1e58f1cab5f8d
    http://security.ubuntu.com/ubuntu/pool/universe/x/xorg/xfonts-cyrillic_6.8.2-10.3_all.deb       Size/MD5: 560118 5761b77f6c2fe12c8ac75e3e51a77a2f
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xfonts-scalable_6.8.2-10.3_all.deb       Size/MD5: 539656 f0405b098470674cbd5d6a16e5e745bb
    http://security.ubuntu.com/ubuntu/pool/universe/x/xorg/xfree86-common_6.8.2-10.3_all.deb       Size/MD5: 175644 0f6d0e31df57bea1d29ff08dd978bd07
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibmesa-dev_6.8.2-10.3_all.deb       Size/MD5: 166678 726eee75690e0676e3e338d6cbee8bd0
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibmesa3-dbg_6.8.2-10.3_all.deb       Size/MD5: 166696 18e7cae221317f5720df79b4bc76ac08
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs-data_6.8.2-10.3_all.deb       Size/MD5: 859864 998ba26af2c72da3b4925fdfdd97f7db
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs-dbg_6.8.2-10.3_all.deb       Size/MD5: 166746 feca7e679c4abacd73906be993876d72
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs-dev_6.8.2-10.3_all.deb       Size/MD5: 166746 1f8ec66a5bade13cc4342f3327d0bb12
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs-pic_6.8.2-10.3_all.deb       Size/MD5: 166656 50fc154459825da116711ea06c34e034
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xlibs_6.8.2-10.3_all.deb       Size/MD5: 482124 c98165eee6057c4c9d68e11f582a7946
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xorg-common_6.8.2-10.3_all.deb       Size/MD5: 842202 787b12917d0e836e35587fd31e699186
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xspecs_6.8.2-10.3_all.deb       Size/MD5: 5570998 f4caa0384243b00dd68568dfc81fdef7

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/x/xorg/lbxproxy_6.8.2-10.3_amd64.deb       Size/MD5: 264098 1fee85f4128e0733e86af9f095b7ce7c
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libdmx-dev_6.8.2-10.3_amd64.deb       Size/MD5: 202018 460111ed8c895e6d0283e1d23c807438
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libdmx1-dbg_6.8.2-10.3_amd64.deb       Size/MD5: 206062 462e87a717a23dcc08a05ac2e59cc728
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libdmx1_6.8.2-10.3_amd64.deb       Size/MD5: 179956 41229fcd14cc065c49af0e952ce82a3e
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libdps-dev_6.8.2-10.3_amd64.deb       Size/MD5: 375342 a5d59bed0576802fd5fe03e8972defc9
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libdps1-dbg_6.8.2-10.3_amd64.deb       Size/MD5: 807780 a497dca21eeaa80327988f2227403b70
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libdps1_6.8.2-10.3_amd64.deb       Size/MD5: 307832 282d5d85813263aa6cb615b5254f29f9
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libfs-dev_6.8.2-10.3_amd64.deb       Size/MD5: 198366 33522def8aeda269c731812ba780699d
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libfs6-dbg_6.8.2-10.3_amd64.deb       Size/MD5: 266526 e11de2439d6550a64d68bf82c260f108
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libfs6_6.8.2-10.3_amd64.deb       Size/MD5: 196460 2f98ebb338acb124e1b840dfb031e82d
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libice-dev_6.8.2-10.3_amd64.deb       Size/MD5: 220292 5a8f69e16d3e1c833f57ecff2e31f5a6
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libice6-dbg_6.8.2-10.3_amd64.deb       Size/MD5: 305166 2da92e7e41375d45a5e4544dd3f62bb9
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libice6_6.8.2-10.3_amd64.deb       Size/MD5: 216092 9969a65c87fbb3919a7715d0be9364df
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libsm-dev_6.8.2-10.3_amd64.deb       Size/MD5: 186664 51635adc82597cc67daca80832e97735
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libsm6-dbg_6.8.2-10.3_amd64.deb       Size/MD5: 215982 c8dc9ba68723b2c5a4c2ef8924839f2b
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libsm6_6.8.2-10.3_amd64.deb       Size/MD5: 191688 f59458910eba0b23988d559b83087b26
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libx11-6-dbg_6.8.2-10.3_amd64.deb       Size/MD5: 9745660 70b70da99fb2f92d5febfca62aaa8e7c
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libx11-6_6.8.2-10.3_amd64.deb       Size/MD5: 762546 35d80f0282a92cabc178d6d3e35b9dde
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libx11-dev_6.8.2-10.3_amd64.deb       Size/MD5: 1445736 c74068992fd2b4b8f2558958ee38084f
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxau-dev_6.8.2-10.3_amd64.deb       Size/MD5: 175562 4d4404549bcc654e505c386d20ffdc9c
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxau6-dbg_6.8.2-10.3_amd64.deb       Size/MD5: 188350 acc897a5397be04397b57f4e4c926f21
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxau6_6.8.2-10.3_amd64.deb       Size/MD5: 178626 51b9b815e44ef3190cdcfe7c03e78dda
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxaw6-dbg_6.8.2-10.3_amd64.deb       Size/MD5: 914728 776a5cfcd72c77c03ea3d4131bee857b
    http://security.ubuntu.com/ubuntu/pool/universe/x/xorg/libxaw6-dev_6.8.2-10.3_amd64.deb       Size/MD5: 455188 efaced6c490ac47ea464e5cf8840b27a
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxaw6_6.8.2-10.3_amd64.deb       Size/MD5: 304302 6f5797ffdf7a30d103304df3c863c582
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxaw7-dbg_6.8.2-10.3_amd64.deb       Size/MD5: 1055258 5e18d6ab1aca1bd48aea86771f49f7a3
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxaw7-dev_6.8.2-10.3_amd64.deb       Size/MD5: 455094 9fe66f540dbec606bcecffcbc279d748
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxaw7_6.8.2-10.3_amd64.deb       Size/MD5: 359806 ae691d1eb077131d6520b2c11de4b455
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxaw8-dbg_6.8.2-10.3_amd64.deb       Size/MD5: 1088908 47e071aeade97c697427386de502e544
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxaw8-dev_6.8.2-10.3_amd64.deb       Size/MD5: 455102 dd22e3db939e5f77e12b323a0c14e26d
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxaw8_6.8.2-10.3_amd64.deb       Size/MD5: 362398 1e609ac0b6cde8250aa4c30a30b74421
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxcomposite-dev_6.8.2-10.3_amd64.deb       Size/MD5: 170670 0e05d835a8d10f54f725b607e0c22692
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxcomposite1-dbg_6.8.2-10.3_amd64.deb       Size/MD5: 203164 4bf81fd210668b7a2530f68434129a91
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxcomposite1_6.8.2-10.3_amd64.deb       Size/MD5: 177860 f01ca965f11a5bdce5fd33fa6861b29d
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxdamage-dev_6.8.2-10.3_amd64.deb       Size/MD5: 171072 fcb9febc7053b083096965ec93550536
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxdamage1-dbg_6.8.2-10.3_amd64.deb       Size/MD5: 205802 75215e90bbb98b95f3ea16544523782c
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxdamage1_6.8.2-10.3_amd64.deb       Size/MD5: 178064 363f520f9fc5e77c00544a4b05505974
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxdmcp-dev_6.8.2-10.3_amd64.deb       Size/MD5: 178306 ace84d1ddebc3b265d5d6050a1c07f6f
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxdmcp6-dbg_6.8.2-10.3_amd64.deb       Size/MD5: 194902 e0c9dc14722a25e4be9033199e9c4fe2
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxdmcp6_6.8.2-10.3_amd64.deb       Size/MD5: 182618 d4e20232ab3e06bf417cf545d3c9a63f
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxevie-dev_6.8.2-10.3_amd64.deb       Size/MD5: 171732 8c7b150a87d5b2e2171407bd976b598d
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxevie1-dbg_6.8.2-10.3_amd64.deb       Size/MD5: 197048 c7d8c4d74274c7bf58de7f1b8e54e013
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxevie1_6.8.2-10.3_amd64.deb       Size/MD5: 169194 03464883e15c644cae58a197bd5fc4d1
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxext-dev_6.8.2-10.3_amd64.deb       Size/MD5: 259764 bb82e1113832d4302c0abef3d97447eb
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxext6-dbg_6.8.2-10.3_amd64.deb       Size/MD5: 521436 f7ed33a4b63746b3a23da40943efb9c8
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxext6_6.8.2-10.3_amd64.deb       Size/MD5: 199114 8b0de9765e2a07ec06f431600d7b98ba
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxfixes-dev_6.8.2-10.3_amd64.deb       Size/MD5: 179044 4b08cf377baebdf394f968bba6c4676e
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxfixes3-dbg_6.8.2-10.3_amd64.deb       Size/MD5: 304460 9c1206c4b282fb7473ced0a3cee725b9
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxfixes3_6.8.2-10.3_amd64.deb       Size/MD5: 181286 5bec0c680207677cc62ccc82134d740f
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxi-dev_6.8.2-10.3_amd64.deb       Size/MD5: 240376 4774f11c782b6c7a980d73be79ee6b82
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxi6-dbg_6.8.2-10.3_amd64.deb       Size/MD5: 1177820 ced2f02cc087f5f93b199a6ec0ef6491
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxi6_6.8.2-10.3_amd64.deb       Size/MD5: 188816 b0c51affe117ef431ade9937d29bb893
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxinerama-dev_6.8.2-10.3_amd64.deb       Size/MD5: 170738 0967f24b839ca96721f8897bd9974834
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxinerama1-dbg_6.8.2-10.3_amd64.deb       Size/MD5: 203210 31c8fbd08a453e4589936c38090e61a6
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/libxinerama1_6