Debian GNU/Linux
Debian Security Advisory DSA 1039-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
April 24th, 2006 http://www.debian.org/security/faq
Package : blender
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2005-3302 CVE-2005-4470
BugTraq ID : 15981
Debian Bugs : 330895 344398
Several vulnerabilities have been discoverd in in blender, a
very fast and versatile 3D modeller/renderer. The Common
Vulnerability and Exposures Project identifies the following
problems:
CVE-2005-3302
Joxean Koret discovered that due to missing input validation a
provides script is vulnerable to arbitrary command execution.
CVE-2005-4470
Damian Put discovered a buffer overflow that allows remote
attackers to cause a denial of service and possibly execute
arbitrary code.
The old stable distribution (woody) is not affected by this
problem.
For the stable distribution (sarge) this problem has been fixed
in version 2.36-1sarge1.
For the unstable distribution (sid) this problem has been fixed
in version 2.40-1.
We recommend that you upgrade your blender package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1.dsc
Size/MD5 checksum: 748
8d4a7880a3b1c0d1c2c2b7d67b1111c7
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1.diff.gz
Size/MD5 checksum: 13747
1731a5fd58dfbf6eacb4f2760be9dd27
http://security.debian.org/pool/updates/main/b/blender/blender_2.36.orig.tar.gz
Size/MD5 checksum: 6912828
8e2237c86b12e6061935632495aec875
Alpha architecture:
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_alpha.deb
Size/MD5 checksum: 4827460
180eeefd1123722e7c4aa0a43cf47eeb
AMD64 architecture:
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_amd64.deb
Size/MD5 checksum: 4118980
be9328fd278159f218a25763553e92be
ARM architecture:
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_arm.deb
Size/MD5 checksum: 4089822
07513b5818e448697bfbc6b1bed51873
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_i386.deb
Size/MD5 checksum: 4142046
a263f52ac839648cee6e870b3d7e451e
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_ia64.deb
Size/MD5 checksum: 5684932
db0b5c13cd696115958e2efb528f1eed
HP Precision architecture:
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_hppa.deb
Size/MD5 checksum: 4600312
c2241dbd8f88fbbf7ccdc164193dab60
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_m68k.deb
Size/MD5 checksum: 3655228
8728fcd27b3fb0c9bc7c1a9eaf417bd0
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_mips.deb
Size/MD5 checksum: 4310726
37dd5199543e5a9a20fae6abff093dc2
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_mipsel.deb
Size/MD5 checksum: 4303728
21f55618f8ee45ed18c848ebb3707dab
PowerPC architecture:
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_powerpc.deb
Size/MD5 checksum: 4173870
1c2dc631d155be939696e67b1f8b2416
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_s390.deb
Size/MD5 checksum: 3977484
0b7f82038c3f61280c42c337188cfd47
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_sparc.deb
Size/MD5 checksum: 3940052
b64ac521aaa356b54f6a162f6c10bc4f
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 1040-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
April 24th, 2006 http://www.debian.org/security/faq
Package : gdm
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE ID : CVE-2006-1057
BugTraq ID : 17635
A vulnerability has been identified in gdm, a display manager
for X, that could allow a local attacker to gain elevated
privileges by exploiting a race condition in the handling of the
.ICEauthority file.
The old stable distribution (woody) is not affected by this
problem.
For the stable distribution (sarge) this problem has been fixed
in version 2.6.0.8-1sarge2.
For the unstable distribution (sid) this problem will be fixed
in version 2.14.1-1.
We recommend that you upgrade your gdm package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2.dsc
Size/MD5 checksum: 732
5e615263c621f3166eab26233249934b
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2.diff.gz
Size/MD5 checksum: 258548
323d831f75f4a784b754ee4d6902120f
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8.orig.tar.gz
Size/MD5 checksum: 5619049
1417d176925a4a24c465c043df7b6a39
Alpha architecture:
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_alpha.deb
Size/MD5 checksum: 3243636
3641c4ee397d6f70fa15b439da1ca29d
AMD64 architecture:
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_amd64.deb
Size/MD5 checksum: 3178276
03057b54637e652dd37f98bf94e3b575
ARM architecture:
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_arm.deb
Size/MD5 checksum: 3124804
beb9189cf49420259a51210c1864cc08
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_i386.deb
Size/MD5 checksum: 3144008
36c7dfed8ab7ece8d5b75fa720c6120d
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_ia64.deb
Size/MD5 checksum: 3328900
c6b11ef8670cb3f63d946e0779d65c3f
HP Precision architecture:
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_hppa.deb
Size/MD5 checksum: 3185510
486b1377061ad3655a34d17abc9ece23
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_m68k.deb
Size/MD5 checksum: 3115464
a002336849c45be8d7a70630a9dbe714
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_mips.deb
Size/MD5 checksum: 3155474
dea4b0e6dbb2b1a4ac0b5a90e9a93035
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_mipsel.deb
Size/MD5 checksum: 3147934
19dc1118fec157e9ae4f7e40418a7cbb
PowerPC architecture:
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_powerpc.deb
Size/MD5 checksum: 3172026
611508441a9bcd7df2bb3ac486a20da4
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_s390.deb
Size/MD5 checksum: 3185506
f03786d134fda10cfb7ce9c6b4e13044
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_sparc.deb
Size/MD5 checksum: 3137658
ea03ac108174033db47559465da66184
These files will probably be moved into the stable distribution
on its next update.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>
Gentoo Linux
Gentoo Linux Security Advisory GLSA 200604-12
Severity: Normal
Title: Mozilla Firefox: Multiple vulnerabilities
Date: April 23, 2006
Bugs: #129924
ID: 200604-12
Synopsis
Several vulnerabilities in Mozilla Firefox allow attacks ranging
from execution of script code with elevated privileges to
information leaks.
Background
Mozilla Firefox is the next-generation web browser from the
Mozilla project.
Affected packages
Package / Vulnerable / Unaffected
1 www-client/mozilla-firefox < 1.0.8 >= 1.0.8 2 www-client/mozilla-firefox-bin < 1.0.8 >= 1.0.8 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures.
Description
Several vulnerabilities were found in Mozilla Firefox. Versions
1.0.8 and 1.5.0.2 were released to fix them.
Impact
A remote attacker could craft malicious web pages that would
leverage these issues to inject and execute arbitrary script code
with elevated privileges, steal local files, cookies or other
information from web pages, and spoof content. Some of these
vulnerabilities might even be exploited to execute arbitrary code
with the rights of the browser user.
Workaround
There are no known workarounds for all the issues at this
time.
Resolution
All Mozilla Firefox users should upgrade to the latest
version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.8"
All Mozilla Firefox binary users should upgrade to the latest
version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.8"
References
[ 1 ] CVE-2005-4134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134
[ 2 ] CVE-2006-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292
[ 3 ] CVE-2006-0296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296
[ 4 ] CVE-2006-0748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0748
[ 5 ] CVE-2006-0749
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0749
[ 6 ] CVE-2006-1727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1727
[ 7 ] CVE-2006-1728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1728
[ 8 ] CVE-2006-1729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1729
[ 9 ] CVE-2006-1730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1730
[ 10 ] CVE-2006-1731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1731
[ 11 ] CVE-2006-1732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1732
[ 12 ] CVE-2006-1733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1733
[ 13 ] CVE-2006-1734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1734
[ 14 ] CVE-2006-1735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1735
[ 15 ] CVE-2006-1736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1736
[ 16 ] CVE-2006-1737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1737
[ 17 ] CVE-2006-1738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1738
[ 18 ] CVE-2006-1739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1739
[ 19 ] CVE-2006-1740
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1740
[ 20 ] CVE-2006-1741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1741
[ 21 ] CVE-2006-1742
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1742
[ 22 ] CVE-2006-1790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1790
[ 23 ] Mozilla Foundation Security Advisories
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200604-12.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
Gentoo Linux Security Advisory GLSA 200604-13
Severity: Normal
Title: fbida: Insecure temporary file creation
Date: April 23, 2006
Bugs: #129470
ID: 200604-13
Synopsis
fbida is vulnerable to linking attacks, potentially allowing a
local user to overwrite arbitrary files.
Background
fbida is a collection of image viewers and editors for the
framebuffer console and X11.
Affected packages
Package / Vulnerable / Unaffected
1 media-gfx/fbida < 2.03-r3 >= 2.03-r3
Description
Jan Braun has discovered that the “fbgs” script provided by
fbida insecurely creates temporary files in the “/var/tmp”
directory.
Impact
A local attacker could create links in the temporary file
directory, pointing to a valid file somewhere on the filesystem.
When an affected script is called, this could result in the file
being overwritten with the rights of the user running the
script.
Workaround
There is no known workaround at this time.
Resolution
All fbida users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/fbida-2.03-r3"
References
[ 1 ] CVE-2006-1695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1695
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200604-13.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
Gentoo Linux Security Advisory GLSA 200604-14
Severity: Normal
Title: Dia: Arbitrary code execution through XFig import
Date: April 23, 2006
Bugs: #128107
ID: 200604-14
Synopsis
Buffer overflows in Dia’s XFig import could allow remote
attackers to execute arbitrary code.
Background
Dia is a GTK+ based diagram creation program.
Affected packages
Package / Vulnerable / Unaffected
1 app-office/dia < 0.94-r5 >= 0.94-r5
Description
infamous41md discovered multiple buffer overflows in Dia’s XFig
file import plugin.
Impact
By enticing a user to import a specially crafted XFig file into
Dia, an attacker could exploit this issue to execute arbitrary code
with the rights of the user running Dia.
Workaround
There is no known workaround at this time.
Resolution
All Dia users should upgrade to the latest available
version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-office/dia-0.94-r5"
References
[ 1 ] CVE-2006-1550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1550
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200604-14.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
Mandriva Linux
Mandriva Linux Security Advisory MDKSA-2006:073
http://www.mandriva.com/security/
Package : cyrus-sasl
Date : April 24, 2006
Affected: 10.2, Corporate 3.0, Multi Network Firewall 2.0
Problem Description:
A vulnerability in the CMU Cyrus Simple Authentication and
Security Layer (SASL) library < 2.1.21, has an unknown impact
and remote unauthenticated attack vectors, related to DIGEST-MD5
negotiation. In practice, Marcus Meissner found it is possible to
crash the cyrus-imapd daemon with a carefully crafted communication
that leaves out “realm=…” in the reply or the initial server
response.
Updated packages have been patched to address this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1721
Updated Packages:
Mandriva Linux 10.2:
0f6e423a1ef3803f9b6777e827977b3d
10.2/RPMS/cyrus-sasl-2.1.19-12.1.102mdk.i586.rpm
2e37644e8b213c87f36182e4af6eb433
10.2/RPMS/libsasl2-2.1.19-12.1.102mdk.i586.rpm
2b2c4cf9ea3fd956e9de41e91e4c4fbf
10.2/RPMS/libsasl2-devel-2.1.19-12.1.102mdk.i586.rpm
2173a85249e7db834a966b7cd6e8d5b4
10.2/RPMS/libsasl2-plug-anonymous-2.1.19-12.1.102mdk.i586.rpm
7d9f04136abdfd24487209226c6ab5d7
10.2/RPMS/libsasl2-plug-crammd5-2.1.19-12.1.102mdk.i586.rpm
a0e0468a37eeb1af3e3a9a8635900d1b
10.2/RPMS/libsasl2-plug-digestmd5-2.1.19-12.1.102mdk.i586.rpm
8b752a8a31d0948f9a1b0564fbcb724e
10.2/RPMS/libsasl2-plug-gssapi-2.1.19-12.1.102mdk.i586.rpm
3fbc57415040abca570130360a25224d
10.2/RPMS/libsasl2-plug-login-2.1.19-12.1.102mdk.i586.rpm
8907de7fa38e47c4bfece4001b137aa2
10.2/RPMS/libsasl2-plug-ntlm-2.1.19-12.1.102mdk.i586.rpm
545880d896754e11d17cb372c418e778
10.2/RPMS/libsasl2-plug-otp-2.1.19-12.1.102mdk.i586.rpm
0a5882eb7e2c92c7d1fed113a7f18bd5
10.2/RPMS/libsasl2-plug-plain-2.1.19-12.1.102mdk.i586.rpm
667f46d4b52290df98b9af19ee21dee6
10.2/RPMS/libsasl2-plug-sasldb-2.1.19-12.1.102mdk.i586.rpm
df6c6c9920af062ed2cbf3ee4c1f9594
10.2/RPMS/libsasl2-plug-sql-2.1.19-12.1.102mdk.i586.rpm
cc933c21e9066d307bb30e4272dab7bb
10.2/RPMS/libsasl2-plug-srp-2.1.19-12.1.102mdk.i586.rpm
4551b0897bf06e66ac70d9f139b8765f
10.2/SRPMS/cyrus-sasl-2.1.19-12.1.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
39fd1454e83c134507ca8808da363687
x86_64/10.2/RPMS/cyrus-sasl-2.1.19-12.1.102mdk.x86_64.rpm
57afeeebed5b3fa7ff3e2b2839ccce57
x86_64/10.2/RPMS/lib64sasl2-2.1.19-12.1.102mdk.x86_64.rpm
d12ce309789ddc682e1950001ec19389
x86_64/10.2/RPMS/lib64sasl2-devel-2.1.19-12.1.102mdk.x86_64.rpm
a83ae6920b1f8e4b7bf8461cbf6c5189
x86_64/10.2/RPMS/lib64sasl2-plug-anonymous-2.1.19-12.1.102mdk.x86_64.rpm
d30a0b7d795925f2ea85b5d7f3f438b0
x86_64/10.2/RPMS/lib64sasl2-plug-crammd5-2.1.19-12.1.102mdk.x86_64.rpm
fe36af2939a515c0cfcdb060659e5205
x86_64/10.2/RPMS/lib64sasl2-plug-digestmd5-2.1.19-12.1.102mdk.x86_64.rpm
0addc7200f5c435eb831245bda7e2f10
x86_64/10.2/RPMS/lib64sasl2-plug-gssapi-2.1.19-12.1.102mdk.x86_64.rpm
00b84e5dc048bdbd201fb92578510a7d
x86_64/10.2/RPMS/lib64sasl2-plug-login-2.1.19-12.1.102mdk.x86_64.rpm
fc4ab1994c1152c227d07b8ef2002bfc
x86_64/10.2/RPMS/lib64sasl2-plug-ntlm-2.1.19-12.1.102mdk.x86_64.rpm
d4fd5b860b88e9da40ffbb19f7f1774d
x86_64/10.2/RPMS/lib64sasl2-plug-otp-2.1.19-12.1.102mdk.x86_64.rpm
72aeb079de7722039b218cd3c2a20466
x86_64/10.2/RPMS/lib64sasl2-plug-plain-2.1.19-12.1.102mdk.x86_64.rpm
5d0a5312b270d4d3f7cef16f913904a2
x86_64/10.2/RPMS/lib64sasl2-plug-sasldb-2.1.19-12.1.102mdk.x86_64.rpm
f22d9bb0f6271ce0df23c43465e0ada9
x86_64/10.2/RPMS/lib64sasl2-plug-sql-2.1.19-12.1.102mdk.x86_64.rpm
035d220ffceae7ed7cebb283109e4b61
x86_64/10.2/RPMS/lib64sasl2-plug-srp-2.1.19-12.1.102mdk.x86_64.rpm
4551b0897bf06e66ac70d9f139b8765f
x86_64/10.2/SRPMS/cyrus-sasl-2.1.19-12.1.102mdk.src.rpm
Corporate 3.0:
930ea7b485d2a0602825e46ec4834270
corporate/3.0/RPMS/cyrus-sasl-2.1.15-10.5.C30mdk.i586.rpm
e9667c09be3be825f9d67e9c608ebee9
corporate/3.0/RPMS/libsasl2-2.1.15-10.5.C30mdk.i586.rpm
26681a8fd727e325a4ab41fdf0f76d5b
corporate/3.0/RPMS/libsasl2-devel-2.1.15-10.5.C30mdk.i586.rpm
531e71aabe2ba6a33db9e25b16d600b3
corporate/3.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.5.C30mdk.i586.rpm
4f2ddc1b1af415ed62216df4fa7a1990
corporate/3.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.5.C30mdk.i586.rpm
41e834325c30d3df778be78ee20936ac
corporate/3.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.5.C30mdk.i586.rpm
6fb04d4b4ff321f1743afebcc4bc04af
corporate/3.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.5.C30mdk.i586.rpm
2ecbbc9319c881130eee4f32c2ecd13d
corporate/3.0/RPMS/libsasl2-plug-login-2.1.15-10.5.C30mdk.i586.rpm
7dd9267c007aa2d4e7477564b1d0053f
corporate/3.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.5.C30mdk.i586.rpm
5022c174c4fc977a89200df7639061b3
corporate/3.0/RPMS/libsasl2-plug-otp-2.1.15-10.5.C30mdk.i586.rpm
dd5332fbaca9ed53148c514833c85662
corporate/3.0/RPMS/libsasl2-plug-plain-2.1.15-10.5.C30mdk.i586.rpm
721fddfeb6929f20c0b0a036cd94af85
corporate/3.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.5.C30mdk.i586.rpm
91fad35e0d021b48e0724f1028fdb95f
corporate/3.0/RPMS/libsasl2-plug-srp-2.1.15-10.5.C30mdk.i586.rpm
a47121c61c1d764dd174fb87ba15e11e
corporate/3.0/SRPMS/cyrus-sasl-2.1.15-10.5.C30mdk.src.rpm
Corporate 3.0/X86_64:
1d28b4d2b3011e989ab92bdd2567e743
x86_64/corporate/3.0/RPMS/cyrus-sasl-2.1.15-10.5.C30mdk.x86_64.rpm
d722baf79d0b9db27279db46107d7703
x86_64/corporate/3.0/RPMS/lib64sasl2-2.1.15-10.5.C30mdk.x86_64.rpm
d2e284770fc354b547e20e92795cdf00
x86_64/corporate/3.0/RPMS/lib64sasl2-devel-2.1.15-10.5.C30mdk.x86_64.rpm
d59de45402ce7290a7d4c8e305057ba5
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-anonymous-2.1.15-10.5.C30mdk.x86_64.rpm
2972d5ea5d139ebf54971a3e4b983631
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-crammd5-2.1.15-10.5.C30mdk.x86_64.rpm
201aed549c8efc3bfdd23e15d4e0c95d
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-digestmd5-2.1.15-10.5.C30mdk.x86_64.rpm
373cac68a6d6fe16adf4f10d27cd9b44
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-gssapi-2.1.15-10.5.C30mdk.x86_64.rpm
1382da3f31460f7596c5ce3099194c78
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-login-2.1.15-10.5.C30mdk.x86_64.rpm
ac1fc40eb0c6b613321032325c91564c
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-ntlm-2.1.15-10.5.C30mdk.x86_64.rpm
a6b6433706ef5316e9b38c36b5490941
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-otp-2.1.15-10.5.C30mdk.x86_64.rpm
6f845c26b0df123330a8e7dc9e41a3da
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-plain-2.1.15-10.5.C30mdk.x86_64.rpm
130905710e927b237b8f3b4a09c56823
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-sasldb-2.1.15-10.5.C30mdk.x86_64.rpm
1560672b155b37e4432e58065662ef25
x86_64/corporate/3.0/RPMS/lib64sasl2-plug-srp-2.1.15-10.5.C30mdk.x86_64.rpm
a47121c61c1d764dd174fb87ba15e11e
x86_64/corporate/3.0/SRPMS/cyrus-sasl-2.1.15-10.5.C30mdk.src.rpm
Multi Network Firewall 2.0:
8b6d21b255eb0423935e4755b8d5e14a
mnf/2.0/RPMS/cyrus-sasl-2.1.15-10.5.M20mdk.i586.rpm
fdb7603310a32f2e44bcf5138fa97a93
mnf/2.0/RPMS/libsasl2-2.1.15-10.5.M20mdk.i586.rpm
4212f51dc7713dcc2551271a4e193ae7
mnf/2.0/RPMS/libsasl2-devel-2.1.15-10.5.M20mdk.i586.rpm
34115f9f7d4da76ec1aae5e97d30e649
mnf/2.0/RPMS/libsasl2-plug-anonymous-2.1.15-10.5.M20mdk.i586.rpm
4c3a147915c049be92c4706ee25ecf62
mnf/2.0/RPMS/libsasl2-plug-crammd5-2.1.15-10.5.M20mdk.i586.rpm
cbdf0553d8b352920c19ec71fa657c1f
mnf/2.0/RPMS/libsasl2-plug-digestmd5-2.1.15-10.5.M20mdk.i586.rpm
c9c5c214b8a08441b343b5b8f4f1f4ee
mnf/2.0/RPMS/libsasl2-plug-gssapi-2.1.15-10.5.M20mdk.i586.rpm
275828de1aa4acb4e9f425004114ddc2
mnf/2.0/RPMS/libsasl2-plug-login-2.1.15-10.5.M20mdk.i586.rpm
788c1a1134884135899e734b8071602e
mnf/2.0/RPMS/libsasl2-plug-ntlm-2.1.15-10.5.M20mdk.i586.rpm
a920489cdfd9072f9189d5bebda99c03
mnf/2.0/RPMS/libsasl2-plug-otp-2.1.15-10.5.M20mdk.i586.rpm
f184c2d1696670d5a332577535f2b6e5
mnf/2.0/RPMS/libsasl2-plug-plain-2.1.15-10.5.M20mdk.i586.rpm
4b8e4add36ce7bfb1a3b13360ee4a8c5
mnf/2.0/RPMS/libsasl2-plug-sasldb-2.1.15-10.5.M20mdk.i586.rpm
52d4ee53157468483f15c3f58888db3b
mnf/2.0/RPMS/libsasl2-plug-srp-2.1.15-10.5.M20mdk.i586.rpm
07885e682d6eb07d7316fda28f31bda5
mnf/2.0/SRPMS/cyrus-sasl-2.1.15-10.5.M20mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Mandriva Linux Security Advisory MDKSA-2006:074
http://www.mandriva.com/security/
Package : php
Date : April 24, 2006
Affected: 10.2, 2006.0, Corporate 3.0, Multi Network Firewall
2.0
Problem Description:
A cross-site scripting (XSS) vulnerability in phpinfo (info.c)
in PHP <= 5.1.2 allows remote attackers to inject arbitrary web
script or HTML via long array variables, including (1) a large
number of dimensions or (2) long values, which prevents HTML tags
from being removed. (CVE-2006-0996)
Directory traversal vulnerability in file.c in PHP <= 5.1.2
allows local users to bypass open_basedir restrictions and allows
remote attackers to create files in arbitrary directories via the
tempnam function. (CVE-2006-1494)
The copy function in file.c in PHP <= 5.1.2 allows local
users to bypass safe mode and read arbitrary files via a source
argument containing a compress.zlib:// URI. (CVE-2006-1608)
Updated packages have been patched to address these issues.
After upgrading these packages, please run “service httpd
restart”.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1608
Updated Packages:
Mandriva Linux 10.2:
6cb691aa48c2296c57f3d65d2724f7d3
10.2/RPMS/libphp_common432-4.3.10-7.11.102mdk.i586.rpm
6c72033c47da9a215e7d9d5818bd8a4c
10.2/RPMS/php432-devel-4.3.10-7.11.102mdk.i586.rpm
2d3b41503d65dbb63afd816b82dcc4c0
10.2/RPMS/php-cgi-4.3.10-7.11.102mdk.i586.rpm
23dff1292b45e3019cfcff624988c1bf
10.2/RPMS/php-cli-4.3.10-7.11.102mdk.i586.rpm
80ea8ca3381b02fe700184e2f4996a01
10.2/SRPMS/php-4.3.10-7.11.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
b0aa527c34e84bd561028bc7be2f15f3
x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.11.102mdk.x86_64.rpm
99908ebcd99ad6fd6743dfcc7bc8f0bb
x86_64/10.2/RPMS/php432-devel-4.3.10-7.11.102mdk.x86_64.rpm
1bd9fe999525590c0349daf67f091120
x86_64/10.2/RPMS/php-cgi-4.3.10-7.11.102mdk.x86_64.rpm
96c4cc779c0b95b9d657c7a22ce25a6c
x86_64/10.2/RPMS/php-cli-4.3.10-7.11.102mdk.x86_64.rpm
80ea8ca3381b02fe700184e2f4996a01
x86_64/10.2/SRPMS/php-4.3.10-7.11.102mdk.src.rpm
Mandriva Linux 2006.0:
f9f92f293c9a66facd9df8d387aff8a4
2006.0/RPMS/libphp5_common5-5.0.4-9.7.20060mdk.i586.rpm
7e9966dbcae985dc1a96d504a0f62608
2006.0/RPMS/php-cgi-5.0.4-9.7.20060mdk.i586.rpm
5986088bc45b33a07cfa9040728eda4b
2006.0/RPMS/php-cli-5.0.4-9.7.20060mdk.i586.rpm
cb71d5ed6ce66a8cb8bb6eb606f41c18
2006.0/RPMS/php-devel-5.0.4-9.7.20060mdk.i586.rpm
35a8f28a1bf837da8c4cd4c7ccfbabf0
2006.0/RPMS/php-fcgi-5.0.4-9.7.20060mdk.i586.rpm
4ed1817971b580bf5158ba8c7849942a
2006.0/SRPMS/php-5.0.4-9.7.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
12034267cfa851d3cd1790147fe33a33
x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.7.20060mdk.x86_64.rpm
71fa67fd6f623cca6bef276f8698966c
x86_64/2006.0/RPMS/php-cgi-5.0.4-9.7.20060mdk.x86_64.rpm
a5ae41e39b78f723e5c008f42cd94713
x86_64/2006.0/RPMS/php-cli-5.0.4-9.7.20060mdk.x86_64.rpm
26d888c996a63a6f30f1158f1f262ac5
x86_64/2006.0/RPMS/php-devel-5.0.4-9.7.20060mdk.x86_64.rpm
7bffe3e550178279eb0cf86a63135ed8
x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.7.20060mdk.x86_64.rpm
4ed1817971b580bf5158ba8c7849942a
x86_64/2006.0/SRPMS/php-5.0.4-9.7.20060mdk.src.rpm
Corporate 3.0:
9465ef267ccc97c3bdb93ac1c01d4e1f
corporate/3.0/RPMS/libphp_common432-4.3.4-4.15.C30mdk.i586.rpm
b93cf0957bafbe7b8fd09e389e213bd7
corporate/3.0/RPMS/php432-devel-4.3.4-4.15.C30mdk.i586.rpm
5c804ad53a5465611daf49e1a086f0e1
corporate/3.0/RPMS/php-cgi-4.3.4-4.15.C30mdk.i586.rpm
b14c50b9c0f43f187db405cc8f55cd08
corporate/3.0/RPMS/php-cli-4.3.4-4.15.C30mdk.i586.rpm
1a9f953f763ea289713cc8b456cde484
corporate/3.0/SRPMS/php-4.3.4-4.15.C30mdk.src.rpm
Corporate 3.0/X86_64:
9569da02e4cd1d854cdbad8dcf91003a
x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.15.C30mdk.x86_64.rpm
476b548c9d342dac9a5a3bb230f17f33
x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.15.C30mdk.x86_64.rpm
dffb56720790f00ed138e9b66a4f9145
x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.15.C30mdk.x86_64.rpm
6549890f5a9d15a721ced4ff8991149b
x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.15.C30mdk.x86_64.rpm
1a9f953f763ea289713cc8b456cde484
x86_64/corporate/3.0/SRPMS/php-4.3.4-4.15.C30mdk.src.rpm
Multi Network Firewall 2.0:
47733a5fa2b3ea413a53ce000a0bbc73
mnf/2.0/RPMS/libphp_common432-4.3.4-4.15.M20mdk.i586.rpm
9f6cdbe97597ba858c202937cc0e2999
mnf/2.0/RPMS/php432-devel-4.3.4-4.15.M20mdk.i586.rpm
181a9b0a5673f83096dddadc07a3324d
mnf/2.0/RPMS/php-cgi-4.3.4-4.15.M20mdk.i586.rpm
08928ad43dccf63184d0cb9b7090a2a6
mnf/2.0/RPMS/php-cli-4.3.4-4.15.M20mdk.i586.rpm
47295c4db3710a956c489848f253ada7
mnf/2.0/SRPMS/php-4.3.4-4.15.M20mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Slackware Linux
[slackware-security] mozilla security/EOL (SSA:2006-114-01)
New Mozilla packages are available for Slackware 10.0, 10.1,
10.2 and -current to fix multiple security issues.
More details about the issues may be found here:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla
Also note that this release marks the EOL (End Of Life) for the
Mozilla Suite series. It’s been a great run, so thanks to everyone
who put in so much effort to make Mozilla a great browser suite. In
the next Slackware release fans of the Mozilla Suite will be able
to look forward to browsing with SeaMonkey, the Suite’s successor.
Anyone using an older version of Slackware may want to start
thinking about migrating to another browser — if not now, when the
next problems with Mozilla are found.
Although the “sunset announcement” states that mozilla-1.7.13 is
the final mozilla release, I wouldn’t be too surprised to see just
one more since there’s a Makefile.in bug that needed to be patched
here before Mozilla 1.7.13 would build. If a new release comes out
and fixes only that issue, don’t look for a package release on that
as it’s already fixed in these packages. If additional issues are
fixed, then there will be new packages. Basically, if upstream
un-EOLs this for a good reason, so will we.
Here are the details from the Slackware 10.2 ChangeLog:
+————————–+
patches/packages/mozilla-1.7.13-i486-1.tgz: Upgraded to
mozilla-1.7.13.
This upgrade fixes several possible security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla
This release marks the end-of-life of the Mozilla 1.7.x series:
http://developer.mozilla.org/devnews/index.php/2006/04/12/sunset-announcement-for-fxtb-10x-and-mozilla-suite-17x/
Mozilla Corporation is recommending that users think about
migrating to Firefox and Thunderbird.
(* Security fix *)
+————————–+
Where to find the new
packages:
Updated packages for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mozilla-1.7.13-i486-1.tgz
Updated packages for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mozilla-1.7.13-i486-1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-1.7.13-i486-1.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-1.7.13-i486-1.tgz
MD5 signatures:
Slackware 10.0 packages:
68854f3ff3df3abe499554a09f5936e8 mozilla-1.7.13-i486-1.tgz
506940dd673f5f199f8b829581f70c03
mozilla-plugins-1.7.13-noarch-1.tgz
Slackware 10.1 packages:
54066af072c28489efaf080ad6751936 mozilla-1.7.13-i486-1.tgz
2296ff82e5b753f5d43da07d46850481
mozilla-plugins-1.7.13-noarch-1.tgz
Slackware 10.2 package:
ac7d2d23a475418fdf29d4c0f70929da mozilla-1.7.13-i486-1.tgz
Slackware -current package:
bc5f54cf5af6a2917c751699b06391a0 mozilla-1.7.13-i486-1.tgz
Installation instructions:
Upgrade the package as root:
# upgradepkg mozilla-1.7.13-i486-1.tgz
+—–+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
Ubuntu Linux
Ubuntu Security Notice USN-272-1 April 24, 2006
cyrus-sasl2 vulnerability
CVE-2006-1721
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
libsasl2-modules-gssapi-heimdal
The problem can be corrected by upgrading the affected package
to version 2.1.19-1.3ubuntu0.1 (for Ubuntu 4.10),
2.1.19-1.5ubuntu1.1 (for Ubuntu 5.04), or 2.1.19-1.5ubuntu4.2 (for
Ubuntu 5.10). In general, a standard system upgrade is sufficient
to effect the necessary changes.
If you configured Postfix, OpenLDAP or possibly other server
applications to use SASL with the DIGEST-MD5 plugin, you need to
restart these services after the security upgrade.
Details follow:
A Denial of Service vulnerability has been discovered in the
SASL authentication library when using the DIGEST-MD5 plugin. By
sending a specially crafted realm name, a malicious SASL server
could exploit this to crash the application that uses SASL.
Updated packages for Ubuntu 4.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.3ubuntu0.1.diff.gz
Size/MD5: 31295
28e26e81bea870375a9044475339913f
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.3ubuntu0.1.dsc
Size/MD5: 1082
4131240372a9da4d2da02c9165d63bc8
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19.orig.tar.gz
Size/MD5: 1531667
670f9a0c0a99cf09d679cd5c859a3715
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.3ubuntu0.1_amd64.deb
Size/MD5: 258820
86d5866babc1766104f4b66ab2fed360
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.3ubuntu0.1_amd64.deb
Size/MD5: 54526
6b723bbd20889704ca2cbd95067f151d
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.3ubuntu0.1_amd64.deb
Size/MD5: 54196
fd9c85128b607d7df0339033102363db
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.3ubuntu0.1_amd64.deb
Size/MD5: 52524
1ef5d455faa9f522ace1c7b06aff8ca0
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.3ubuntu0.1_amd64.deb
Size/MD5: 171254
0c0b5377e38c80bc53a36aa4bb9d38fe
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.3ubuntu0.1_amd64.deb
Size/MD5: 264802
3a8f1cde60bc029316fc1a9948a1eeea
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bin_2.1.19-1.3ubuntu0.1_amd64.deb
Size/MD5: 117620
82cdfbb8f1883a52682a2808fe4ec98e
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.3ubuntu0.1_i386.deb
Size/MD5: 242882
26d8e5125fd2b51b67a8217bd1efa180
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.3ubuntu0.1_i386.deb
Size/MD5: 52458
1e946756a860b576f046215d797e0c5b
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.3ubuntu0.1_i386.deb
Size/MD5: 52298
8d3e15320e81595c47f620b84d683008
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.3ubuntu0.1_i386.deb
Size/MD5: 50400
6f84abc1a297ec90540b69f017c92191
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.3ubuntu0.1_i386.deb
Size/MD5: 152680
902f2fa39200df4c9ac4e8cfcab8d5a1
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.3ubuntu0.1_i386.deb
Size/MD5: 258066
7033a447f8e1847b93312bfa9f9c02ec
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bin_2.1.19-1.3ubuntu0.1_i386.deb
Size/MD5: 110840
64ed0e4b55f330ad24045809e72ccd06
powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 264940
70dd4d15d19b170f1c70d38d0bc10193
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.3ubuntu0.1_powerpc.deb
Size/MD5: 56018
5b54526494ddf58a33e4bdf543bba780
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.3ubuntu0.1_powerpc.deb
Size/MD5: 56380
56032db698c428dcbe75b4d757512b93
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.3ubuntu0.1_powerpc.deb
Size/MD5: 55278
14739969a83cde545f3b0e66f8ce3101
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.3ubuntu0.1_powerpc.deb
Size/MD5: 194980
c1e2415b877b8193fe354b1b94d967c6
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2_2.1.19-1.3ubuntu0.1_powerpc.deb
Size/MD5: 267870
9a90c5d48cad62a75d2407ad599fc154
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/sasl2-bin_2.1.19-1.3ubuntu0.1_powerpc.deb
Size/MD5: 121432
f23c6ac86b2abd990251f3ea30a283bd
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.5ubuntu1.1.diff.gz
Size/MD5: 31862
3524326b12a7f4c2a54083112a441980
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.5ubuntu1.1.dsc
Size/MD5: 1123
6dc5725b50d570fdc3afaa31f6243fc2
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19.orig.tar.gz
Size/MD5: 1531667
670f9a0c0a99cf09d679cd5c859a3715
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5ubuntu1.1_amd64.deb
Size/MD5: 259210
287831264637aedc415a393847aaa066
http://security.ubuntu.com/ubuntu/pool/universe/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5ubuntu1.1_amd64.deb