dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


Advisories, October 1, 2006

Oct 02, 2006, 04:30 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 1186-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
September 30th, 2006 http://www.debian.org/security/faq


Package : cscope
Vulnerability : buffer overflows
Problem-Type : local(remote)
Debian-specific: no
CVE ID : CVE-2006-4262
Debian Bug : 385893

Will Drewry of the Google Security Team discovered several buffer overflows in cscope, a source browsing tool, which might lead to the execution of arbitrary code.

For the stable distribution (sarge) this problem has been fixed in version cscope_15.5-1.1sarge2.

For the unstable distribution (sid) this problem has been fixed in version 15.5+cvs20060902-1.

We recommend that you upgrade your cscope package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2.dsc
      Size/MD5 checksum: 597 288d126f1a8e75401bec5758d21fca6e
    http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2.diff.gz
      Size/MD5 checksum: 22685 efce07e2dbfdba7329ec88a143c811ad
    http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5.orig.tar.gz
      Size/MD5 checksum: 243793 beb6032a301bb11524aec74bfb5e4840

Alpha architecture:

    http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_alpha.deb
      Size/MD5 checksum: 164514 0a49e059085c6b7935d19ade91441abf

AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_amd64.deb
      Size/MD5 checksum: 152934 a10ede3f65739ef21806fd2eb139c572

ARM architecture:

    http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_arm.deb
      Size/MD5 checksum: 147224 05f695127f6fcc7a934a4835c18d215c

HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_hppa.deb
      Size/MD5 checksum: 158482 faf5225195dcb6b89fb22711ff45547e

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_i386.deb
      Size/MD5 checksum: 143350 94dda40490e976fb3ba9a7aac7ea92d7

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_ia64.deb
      Size/MD5 checksum: 181116 52a1b55bcaa05bfe5731e53c14316620

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_m68k.deb
      Size/MD5 checksum: 140118 762aebb7ffbdee7c6787c750b53cd02e

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_mips.deb
      Size/MD5 checksum: 157354 87e2ffcf7dc6ebc10523391b29e1ab27

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_mipsel.deb
      Size/MD5 checksum: 155750 a566cbfcd6689dca81b8730148f59965

PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_powerpc.deb
      Size/MD5 checksum: 154680 2a959a398cff553b7a7c51ce554b516e

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_s390.deb
      Size/MD5 checksum: 154500 6dd06b7d5ba9b119a1daf0f23fc65d79

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_sparc.deb
      Size/MD5 checksum: 148314 585ad5bb0f6e591e7f54ce8c147d1cfb

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 1187-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
September 30th, 2006 http://www.debian.org/security/faq


Package : migrationtools
Vulnerability : insecure temporary files
Problem-Type : local
Debian-specific: no
CVE ID : CVE-2006-0512
Debian Bug : 338920

Jason Hoover discovered that migrationtools, a collection of scripts to migrate user data to LDAP creates several temporary files insecurely, which might lead to denial of service through a symlink attack.

For the stable distribution (sarge) this problem has been fixed in version 46-1sarge1.

For the unstable distribution (sid) this problem has been fixed in version 46-2.1.

We recommend that you upgrade your migrationtools package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/m/migrationtools/migrationtools_46-1sarge1.dsc
      Size/MD5 checksum: 612 5a355cf02190e34db6b1ce980451f834
    http://security.debian.org/pool/updates/main/m/migrationtools/migrationtools_46-1sarge1.diff.gz
      Size/MD5 checksum: 7507 9ac40aa23b34c01679b706fe8cd2805f
    http://security.debian.org/pool/updates/main/m/migrationtools/migrationtools_46.orig.tar.gz
      Size/MD5 checksum: 21069 dc80548f76d6aeba2b51b15751e08b21

Architecture independent components:

    http://security.debian.org/pool/updates/main/m/migrationtools/migrationtools_46-1sarge1_all.deb
      Size/MD5 checksum: 23284 762bca33fb8b2bf74efabe0735a490b8

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

rPath Linux

rPath Security Advisory: 2006-0175-2
Published: 2006-09-28
Updated:

2006-09-29 Resolved issue in patch for CVE-2006-2940 Products: rPath Linux 1
Rating: Major
Exposure Level Classification: Remote Deterministic Unauthorized Access
Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1
openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1

References:

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
    http://issues.rpath.com/browse/RPL-613

Description:

Previous versions of the openssl package are vulnerable to multiple attacks. Three of the vulnerabilities are denials of service, but the other is a buffer overflow that is expected to create remote unauthorized access vulnerabilities in other applications. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

29 September 2006 Update: The initial fix for this vulnerability was incomplete, and the fault in the fix could enable a Denial of Service attack in some cases of the attack described in CVE-2006-2940.

rPath Security Advisory: 2006-0176-1
Published: 2006-09-29
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification: Local Deterministic Privilege Escalation
Updated Versions: openldap=/conary.rpath.com@rpl:devel//1/2.2.26-8.4-1
openldap-clients=/conary.rpath.com@rpl:devel//1/2.2.26-8.4-1
openldap-servers=/conary.rpath.com@rpl:devel//1/2.2.26-8.4-1

References:

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4600
    https://issues.rpath.com/browse/RPL-667

Description:

Previous versions of the openldap package contain a slapd daemon which allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN), a privilege escalation vulnerability.

Slackware Linux

[slackware-security] openssl (SSA:2006-272-01)

New openssl packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues.

More details about these issues may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343

Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/openssl-0.9.7l-i486-1_slack10.2.tgz:
Upgraded to shared libraries from openssl-0.9.7l.
See openssl package update below.
(* Security fix *)
patches/packages/openssl-0.9.7l-i486-1_slack10.2.tgz:
Upgraded to openssl-0.9.7l.
This fixes a few security related issues:
During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory (CVE-2006-2937). (This issue did not affect OpenSSL versions prior to 0.9.7)
Thanks to Dr S. N. Henson of Open Network Security and NISCC. Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack (CVE-2006-2940).
Thanks to Dr S. N. Henson of Open Network Security and NISCC. A buffer overflow was discovered in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that uses this function and overrun a buffer. (CVE-2006-3738)
Thanks to Tavis Ormandy and Will Drewry of the Google Security Team. A flaw in the SSLv2 client code was discovered. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash (CVE-2006-4343). Thanks to Tavis Ormandy and Will Drewry of the Google Security Team. Links to the CVE entries will be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
(* Security fix *)
+--------------------------+

Where to find the new packages:

HINT: Getting slow download speeds from ftp ftp.slackware.com? Give slackware.osuosl.org/ a try. This is another primary FTP site for Slackware that can be considerably faster than downloading from ftp.slackware.com/.

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssl-solibs-0.9.7l-i386-1_slack9.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssl-0.9.7l-i386-1_slack9.0.tgz

Updated packages for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssl-solibs-0.9.7l-i486-1_slack9.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssl-0.9.7l-i486-1_slack9.1.tgz

Updated packages for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/openssl-solibs-0.9.7l-i486-1_slack10.0.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/openssl-0.9.7l-i486-1_slack10.0.tgz

Updated packages for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/openssl-solibs-0.9.7l-i486-1_slack10.1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/openssl-0.9.7l-i486-1_slack10.1.tgz

Updated packages for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/openssl-solibs-0.9.7l-i486-1_slack10.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/openssl-0.9.7l-i486-1_slack10.2.tgz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-0.9.8d-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-0.9.8d-i486-1.tgz

MD5 signatures:

Slackware 9.0 packages:
3b17c8be79ca99cb16321d2675f2885d openssl-0.9.7l-i386-1_slack9.0.tgz
a7cb86681f01b57f7bff49842b393a67 openssl-solibs-0.9.7l-i386-1_slack9.0.tgz

Slackware 9.1 packages:
f222c26925ce542a25a93df674e8106c openssl-0.9.7l-i486-1_slack9.1.tgz
fca221391f0b591373b6e38f1d732d63 openssl-solibs-0.9.7l-i486-1_slack9.1.tgz

Slackware 10.0 packages:
a1013cef56210154a2259c5135f1d047 openssl-0.9.7l-i486-1_slack10.0.tgz
35c40208e50ca4bcd7e7e16ce5db1526 openssl-solibs-0.9.7l-i486-1_slack10.0.tgz

Slackware 10.1 packages:
6c87f5baca8855cd07031824b747fe80 openssl-0.9.7l-i486-1_slack10.1.tgz
3ae63bd5b7178f880e8ed5a3af602b50 openssl-solibs-0.9.7l-i486-1_slack10.1.tgz

Slackware 10.2 packages:
a97c874a4bf6dc4ca6a4617966108a45 openssl-0.9.7l-i486-1_slack10.2.tgz
06b462fad82d28af4fba3f35f2ed25a1 openssl-solibs-0.9.7l-i486-1_slack10.2.tgz

Slackware -current package:
88264ebbe45eb908c2d3f3f32c367cf6 openssl-solibs-0.9.8d-i486-1.tgz
9f9d2d98fefd5cbd9334cfa374934efa openssl-0.9.8d-i486-1.tgz

Installation instructions:

Upgrade the packages as root:
# upgradepkg openssl-solibs-0.9.7l-i486-1_slack10.2.tgz openssl-0.9.7l-i486-1_slack10.2.tgz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

[slackware-security] openssh (SSA:2006-272-02)

New openssh packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues.

More details about these issues may be found in the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052

Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/openssh-4.4p1-i486-1_slack10.2.tgz:
Upgraded to openssh-4.4p1.
This fixes a few security related issues. From the release notes found at http://www.openssh.com/txt/release-4.4:

  • Fix a pre-authentication denial of service found by Tavis Ormandy, that would cause sshd(8) to spin until the login grace time expired.
  • Fix an unsafe signal hander reported by Mark Dowd. The signal handler was vulnerable to a race condition that could be exploited to perform a pre-authentication denial of service. On portable OpenSSH, this vulnerability could theoretically lead to pre-authentication remote code execution if GSSAPI authentication is enabled, but the likelihood of successful exploitation appears remote.
  • On portable OpenSSH, fix a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms.
Links to the CVE entries will be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052
After this upgrade, make sure the permissions on /etc/rc.d/rc.sshd are set the way you want them. Future upgrades will respect the existing permissions settings. Thanks to Manuel Reimer for pointing out that upgrading openssh would enable a previously disabled sshd daemon.
Do better checking of passwd, shadow, and group to avoid adding redundant entries to these files. Thanks to Menno Duursma.
(* Security fix *)
+--------------------------+

Where to find the new packages:

HINT: Getting slow download speeds from ftp ftp.slackware.com? Give slackware.osuosl.org/ a try. This is another primary FTP site for Slackware that can be considerably faster than downloading from ftp.slackware.com/.

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssh-4.4p1-i386-1_slack8.1.tgz

Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssh-4.4p1-i386-1_slack9.0.tgz

Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssh-4.4p1-i486-1_slack9.1.tgz

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/openssh-4.4p1-i486-1_slack10.0.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/openssh-4.4p1-i486-1_slack10.1.tgz

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/openssh-4.4p1-i486-1_slack10.2.tgz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssh-4.4p1-i486-1.tgz

MD5 signatures:

Slackware 8.1 package:
0a42fb286fd722f019dfc5f167d69ced openssh-4.4p1-i386-1_slack8.1.tgz

Slackware 9.0 package:
92563664845d902251d7b19254b3dda1 openssh-4.4p1-i386-1_slack9.0.tgz

Slackware 9.1 package:
5814a00eefa0b1e1fe7673862525788e openssh-4.4p1-i486-1_slack9.1.tgz

Slackware 10.0 package:
24ce8b2013b8759a173e5ccd7db54289 openssh-4.4p1-i486-1_slack10.0.tgz

Slackware 10.1 package:
e7950e6a357871092514ce07051f055e openssh-4.4p1-i486-1_slack10.1.tgz

Slackware 10.2 package:
b8d2d67276a662de40d6adf9bfe00bce openssh-4.4p1-i486-1_slack10.2.tgz

Slackware -current package:
6f2c30b503db9685180af6f4a87eadcc openssh-4.4p1-i486-1.tgz

Installation instructions:

Upgrade the package as root:
# upgradepkg openssh-4.4p1-i486-1_slack10.2.tgz

If you are running an sshd daemon, restart it:

sh /etc/rc.d/rc.sshd restart

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

Trustix Secure Linux


Trustix Secure Linux Security Advisory #2006-0054

Package names: openssh, openssl
Summary: Multiple vulnerabilities
Date: 2006-09-29
Affected versions: Trustix Secure Linux 2.2 Trustix Secure Linux 3.0 Trustix Operating System - Enterprise Server 2


Package description:
openssh
Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel.

openssl
A C library that provides various crytographic algorithms and protocols, including DES, RC4, RSA, and SSL. Includes shared libraries.

Problem description:
openssh < TSL 3.0 > < TSL 2.2 > < TSEL 2 >

  • New Upstream.
  • SECURITY Fix: Tavis Ormandy of Google Security Team has reported a vulnerability in OpenSSH, which can be exploited by malicious people to cause a DoS. If ssh protocol 1 is enabled, this can be exploited to cause a DoS due to CPU consumption by sending specially crafted ssh packets.

The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names CVE-2006-4924 to this issue.

openssl < TSL 3.0 > < TSL 2.2 > < TSEL 2 >

  • New Upstream.
  • SECURITY Fix: Dr. S. N. Henson has discovered vulnerabilities in OpenSSL which could be exploited by attackers to cause denial of service.
  • During the parsing of certain invalid ASN.1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory.
  • Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack.
  • Tavis Ormandy and Will Drewry of the Google Security Team has discovered the following two vulnerabilities in OpenSSL :
  • Fix buffer overflow in SSL_get_shared_ciphers() utility function which could allow an attacker to send a list of ciphers to an application that uses it and overrun a buffer.
  • A flaw in the SSLv2 client code was discovered. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash.

The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 and CVE-2006-4343 to these issues.

Action:
We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system.

Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>

About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater.

Automatic updates:
Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'.

Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>

Verification:
This advisory along with all Trustix packages are signed with the TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>

The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.2/> and
<URI:http://www.trustix.org/errata/trustix-3.0/>
or directly at
<URI:http://www.trustix.org/errata/2006/0054/>

MD5sums of the packages:


a5faf9779658846330be8773282dee9a 3.0/rpms/openssh-4.4p1-1tr.i586.rpm
ea107d839fe1fd92a95cc36617f867d1 3.0/rpms/openssh-clients-4.4p1-1tr.i586.rpm
eb6af35b4723fdf43e4a5d503fb81eac 3.0/rpms/openssh-server-4.4p1-1tr.i586.rpm
67b5e440f4084a4b13c7d09616825c28 3.0/rpms/openssh-server-config-4.4p1-1tr.i586.rpm
95b5a4684f0a369b0608fd8cc1498689 3.0/rpms/openssl-0.9.7l-1tr.i586.rpm
4c91ef39f6e6fcf4c5f6a115ed303dc6 3.0/rpms/openssl-devel-0.9.7l-1tr.i586.rpm
4fa743c599b1360261331fbc5ac952fb 3.0/rpms/openssl-support-0.9.7l-1tr.i586.rpm

d015c23204973ef4faf7a2eda3b7cb18 2.2/rpms/openssh-4.4p1-1tr.i586.rpm
99a628780c247c3e41b3935bf00191d8 2.2/rpms/openssh-clients-4.4p1-1tr.i586.rpm
c5edde90178f272bc02eff144e5b09e7 2.2/rpms/openssh-server-4.4p1-1tr.i586.rpm
d3e5fe47d1b5f029759e91b7a546418a 2.2/rpms/openssh-server-config-4.4p1-1tr.i586.rpm
6dae40c79d72bb1ea9cd6070fcb23406 2.2/rpms/openssl-0.9.7e-8tr.i586.rpm
5bf290097a23b03d6722bd0f87ce521f 2.2/rpms/openssl-devel-0.9.7e-8tr.i586.rpm
1c2549f24bad413591c1c641191f4596 2.2/rpms/openssl-python-0.9.7e-8tr.i586.rpm
564b7888352bd078a0cfa6e7705b9b24 2.2/rpms/openssl-support-0.9.7e-8tr.i586.rpm


Trustix Security Team