---

Home Security

Advisories: August 28, 2005

By

Debian Security Advisory DSA 786-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
August 26th, 2005 http://www.debian.org/security/faq

Package : simpleproxy
Vulnerability : format string vulnerability
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-1857

Ulf Harnhammar from the Debian Security Audit Project discoverd
a format string vulnerability in simpleproxy, a simple TCP proxy,
that can be exploited via replies from remote HTTP proxies.

The old stable distribution (woody) is not affected.

For the stable distribution (sarge) this problem has been fixed
in version 3.2-3sarge1.

For the unstable distribution (sid) this problem has been fixed
in version 3.2-4.

We recommend that you upgrade your simpleproxy package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1.dsc

      Size/MD5 checksum: 594
2c6aa98fb81fc04dbf0b6076fa87f4b6
    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1.diff.gz

      Size/MD5 checksum: 31814
47478adee75f80455ad446a215f49123
    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2.orig.tar.gz

      Size/MD5 checksum: 30919
d3323be4ca565eb23b9d67f4832ac47a

Alpha architecture:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_alpha.deb

      Size/MD5 checksum: 18244
bacca651f3e700842ad9a6d392c57231

AMD64 architecture:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_amd64.deb

      Size/MD5 checksum: 17096
a99039023d08f03001382af31b9b3875

ARM architecture:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_arm.deb

      Size/MD5 checksum: 14972
5ab9250a124bb40d8460c008e29aa868

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_i386.deb

      Size/MD5 checksum: 15390
bf5c2dd83f57033bba837148ce0d7c45

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_ia64.deb

      Size/MD5 checksum: 20912
3aa890e9e3c3955746cdaf8a62d1a3d6

HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_hppa.deb

      Size/MD5 checksum: 17076
d3b8e78e89ed907fe6ddb7b87a0632bb

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_m68k.deb

      Size/MD5 checksum: 14616
c37c3520bde1a32b4a656ec24ed4ec04

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_mips.deb

      Size/MD5 checksum: 16594
a409b824524147a5b2d3348b4f66cc55

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_mipsel.deb

      Size/MD5 checksum: 16682
b9ea5e19344975bcc63acbcc6f00406f

PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_powerpc.deb

      Size/MD5 checksum: 16108
fc936c14530296ae15cdf4b4292d1a24

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_s390.deb

      Size/MD5 checksum: 16730
42401e99d0fac0fda1cc51038006cd3d

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_sparc.deb

      Size/MD5 checksum: 15292
e4533f350987e6be26a9af3985dfa875

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 787-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
August 26th, 2005 http://www.debian.org/security/faq

Package : backup manager
Vulnerability : insecure permissions and tempfile
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-1855 CAN-2005-1856
Debian Bug : 308897 315582

Two bugs have been found in backup-manager, a command-line
driven backup utility. The Common Vulnerabilities and Exposures
project identifies the following problems:

CAN-2005-1855

Jeroen Vermeulen discovered that backup files are created with
default permissions making them world readable, even though they
may contain sensitive information.

CAN-2005-1856

Sven Joachim discovered that the optional CD-burning feature of
backup-manager uses a hardcoded filename in a world-writable
directory for logging. This can be subject to a symlink attack.

The old stable distribution (woody) does not provide the
backup-manager package.

For the stable distribution (sarge) these problems have been
fixed in version 0.5.7-1sarge1.

For the unstable distribution (sid) these problems have been
fixed in version 0.5.8-2.

We recommend that you upgrade your backup-manager package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.5.7-1sarge1.dsc

      Size/MD5 checksum: 631
6b20ee3cd0439df2e95819d5001f7e53
    http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.5.7-1sarge1.diff.gz

      Size/MD5 checksum: 17938
a6f1ae5f8555c17c9db3a0fc2ba9ec7a
    http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.5.7.orig.tar.gz

      Size/MD5 checksum: 35661
a97a66d03c4a05072924998f48f7b5d6

Architecture independent components:

    http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.5.7-1sarge1_all.deb

      Size/MD5 checksum: 30550
3bbe99ebf51f69ca80a93e19a64880ac

These files will probably be moved into the stable distribution
on its next update.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Fedora Core

Fedora Update Notification
FEDORA-2005-812
2005-08-26

Product : Fedora Core 3
Name : ntp
Version : 4.2.0.a.20040617
Release : 5.FC3
Summary : Synchronizes system time using the Network Time Protocol
(NTP).

Description :
The Network Time Protocol (NTP) is used to synchronize a computer’s
time with another reference time source. The ntp package contains
utilities and daemons that will synchronize your computer’s time to
Coordinated Universal Time (UTC) via the NTP protocol and NTP
servers. The ntp package includes ntpdate (a program for retrieving
the date and time from remote machines via a network) and ntpd (a
daemon which continuously adjusts system time).

Install the ntp package if you need tools for keeping your
system’s time synchronized via the NTP protocol.

Update Information:

When starting xntpd with the -u option and specifying the group
by using a string not a numeric gid the daemon uses the gid of the
user not the group. This problem is now fixed by this update.

The Common Vulnerabilities and Exposures project assigned the
name CAN-2005-2496 to this issue.

  • Fri Aug 26 2005 Jindrich Novy <jnovy@redhat.com>
    4.2.0.a.20040617-5.FC3

    • release update to fix CAN-2005-2496 (#147743)
  • Thu Apr 14 2005 Jiri Ryska <jryska@redhat.com> –
    4.2.0.a.20040617-4.FC3

    • fixed gid setting when ntpd started with -u flag

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

8ffa25a375fde2490f9066094f9b963a
SRPMS/ntp-4.2.0.a.20040617-5.FC3.src.rpm
a1df48b304321dcab2d50d1ab7ad490c
x86_64/ntp-4.2.0.a.20040617-5.FC3.x86_64.rpm
c90cc76e4a237216e1fa73099a7784f4
x86_64/debug/ntp-debuginfo-4.2.0.a.20040617-5.FC3.x86_64.rpm
19f969758a759187854a4082f939ca09
i386/ntp-4.2.0.a.20040617-5.FC3.i386.rpm
6c0067db4f0f98903d8107dee90f78ce
i386/debug/ntp-debuginfo-4.2.0.a.20040617-5.FC3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.

Fedora Update Notification
FEDORA-2005-815
2005-08-26

Product : Fedora Core 3
Name : lesstif
Version : 0.93.36
Release : 6.FC3.2
Summary : An OSF/Motif(R) clone.

Description :
LessTif is a free replacement for OSF/Motif(R), which provides a
full set of widgets for application development (menus, text entry
areas, scrolling windows, etc.). LessTif is source compatible with
OSF/Motif(R) 1.2. The widget set code is the primary focus of
development. If you are installing lesstif, you also need to
install lesstif-clients.

  • Fri May 6 2005 Thomas Woerner <twoerner@redhat.com>
    0.93-36-6.FC3.2

    • fixed possible libXpm overflows (#151640)
    • allow to write XPM files with absolute path names again
      (#140815)
  • Fri Nov 26 2004 Thomas Woerner <twoerner@redhat.com>
    0.93.36-6.FC3.1

    • fixed CAN-2004-0687 (integer overflows) and CAN-2004-0688
      (stack overflows) in embedded Xpm library (#135080)
    • latest Xpm patches: CAN-2004-0914 (#135081)

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

76df08792027e75229e837cffcbb476a
SRPMS/lesstif-0.93.36-6.FC3.2.src.rpm
013397612e73b1dc3fa6280a1ca8e599
x86_64/lesstif-0.93.36-6.FC3.2.x86_64.rpm
576eb1fe1829b35b680292d122ec0048
x86_64/lesstif-devel-0.93.36-6.FC3.2.x86_64.rpm
d83b1cedb08ff23388264006f864aa58
x86_64/debug/lesstif-debuginfo-0.93.36-6.FC3.2.x86_64.rpm
daf976dcd539551a9fcd4a6105e3b953
x86_64/lesstif-0.93.36-6.FC3.2.i386.rpm
daf976dcd539551a9fcd4a6105e3b953
i386/lesstif-0.93.36-6.FC3.2.i386.rpm
89f43a0e8fc6c30eecc1db4dcc61236b
i386/lesstif-devel-0.93.36-6.FC3.2.i386.rpm
e8dbbcccd334047d50aea2b3e6eaf134
i386/debug/lesstif-debuginfo-0.93.36-6.FC3.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200508-18

http://security.gentoo.org/

Severity: High
Title: PhpWiki: Arbitrary command execution through XML-RPC
Date: August 26, 2005
Bugs: #102380
ID: 200508-18

Synopsis

PhpWiki includes PHP XML-RPC code which is vulnerable to
arbitrary command execution.

Background

PhpWiki is an application that creates a web site where anyone
can edit the pages through HTML forms.

Affected packages

     Package           /   Vulnerable   /                   Unaffected

  1  www-apps/phpwiki      < 1.3.10-r2                    >= 1.3.10-r2

Description

Earlier versions of PhpWiki contain an XML-RPC library that
improperly handles XML-RPC requests and responses with malformed
nested tags.

Impact

A remote attacker could exploit this vulnerability to inject
arbitrary PHP script code into eval() statements by sending a
specially crafted XML document to PhpWiki.

Workaround

There is no known workaround at this time.

Resolution

All PhpWiki users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/phpwiki-1.3.10-r2"

References

[ 1 ] CAN-2005-2498

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200508-18.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Mandriva Linux

Mandriva Linux Security Update Advisory

Package name: mozilla-thunderbird
Advisory ID: MDKSA-2005:127-1
Date: August 26th, 2005
Original Advisory Date: July 28th, 2005
Affected versions: 10.2

Problem Description:

A number of vulnerabilities were reported and fixed in
Thunderbird 1.0.5 and Mozilla 1.7.9. The following vulnerabilities
have been backported and patched for this update:

The native implementations of InstallTrigger and other
XPInstallrelated javascript objects did not properly validate that
they were called on instances of the correct type. By passing other
objects, even raw numbers, the javascript interpreter would jump to
the wrong place in memory. Although no proof of concept has been
developed we believe this could be exploited (MFSA 2005-40).

moz_bug_r_a4 reported several exploits giving an attacker the
ability to install malicious code or steal data, requiring only
that the user do commonplace actions like clicking on a link or
open the context menu. The common cause in each case was privileged
UI code (“chrome”) being overly trusting of DOM nodes from the
content window. Scripts in the web page can override properties and
methods of DOM nodes and shadow the native values, unless steps are
taken to get the true underlying values (MFSA 2005-41).

Additional checks were added to make sure Javascript eval and
Script objects are run with the privileges of the context that
created them, not the potentially elevated privilege of the context
calling them in order to protect against an additional variant of
MFSA 2005-41 (MFSA 2005-44).

In several places the browser UI did not correctly distinguish
between true user events, such as mouse clicks or keystrokes, and
synthetic events genenerated by web content. The problems ranged
from minor annoyances like switching tabs or entering full-screen
mode, to a variant on MFSA 2005-34 Synthetic events are now
prevented from reaching the browser UI entirely rather than depend
on each potentially spoofed function to protect itself from
untrusted events (MFSA 2005-45).

Scripts in XBL controls from web content continued to be run
even when Javascript was disabled. By itself this causes no harm,
but it could be combined with most script-based exploits to attack
people running vulnerable versions who thought disabling javascript
would protect them. In the Thunderbird and Mozilla Suite mail
clients Javascript is disabled by default for protection against
denial-of-service attacks and worms; this vulnerability could be
used to bypass that protection (MFSA 2005-46).

When InstallVersion.compareTo() is passed an object rather than
a string it assumed the object was another InstallVersion without
verifying it. When passed a different kind of object the browser
would generally crash with an access violation. shutdown has
demonstrated that different javascript objects can be passed on
some OS versions to get control over the instruction pointer. We
assume this could be developed further to run arbitrary machine
code if the attacker can get exploit code loaded at a predictable
address (MFSA 2005-50).

A child frame can call top.focus() even if the framing page
comes from a different origin and has overridden the focus()
routine. The call is made in the context of the child frame. The
attacker would look for a target site with a framed page that makes
this call but doesn’t verify that its parent comes from the same
site. The attacker could steal cookies and passwords from the
framed page, or take actions on behalf of a signed-in user. This
attack would work only against sites that use frames in this manner
(MFSA 2005-52).

Parts of the browser UI relied too much on DOM node names
without taking different namespaces into account and verifying that
nodes really were of the expected type. An XHTML document could be
used to create fake <IMG> elements, for example, with
content-defined properties that the browser would access as if they
were the trusted built-in properties of the expected HTML elements.
The severity of the vulnerability would depend on what the attacker
could convince the victim to do, but could result in executing
user-supplied script with elevated “chrome” privileges. This could
be used to install malicious software on the victim’s machine (MFSA
2005-55).

Improper cloning of base objects allowed web content scripts to
walk up the prototype chain to get to a privileged object. This
could be used to execute code with enhanced privileges (MFSA
2005-56).

The updated packages have been patched to address these
issue.

Update:

There was a slight regression in the handling of “right-click”
menus in the packages previously released that is corrected with
this new update.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2260

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2261

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2265

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2266

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2269

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2270

http://www.mozilla.org/security/announce/mfsa2005-40.html

http://www.mozilla.org/security/announce/mfsa2005-41.html

http://www.mozilla.org/security/announce/mfsa2005-44.html

http://www.mozilla.org/security/announce/mfsa2005-45.html

http://www.mozilla.org/security/announce/mfsa2005-46.html

http://www.mozilla.org/security/announce/mfsa2005-50.html

http://www.mozilla.org/security/announce/mfsa2005-52.html

http://www.mozilla.org/security/announce/mfsa2005-55.html

http://www.mozilla.org/security/announce/mfsa2005-56.html

http://secunia.com/advisories/15549/

Updated Packages:

Mandrakelinux 10.2:
dc5d6c3678f46e575bdc215ac7aa00e3
10.2/RPMS/mozilla-thunderbird-1.0.2-3.1.102mdk.i586.rpm
d3a4170ba3535057621ee85712bacc8d
10.2/RPMS/mozilla-thunderbird-devel-1.0.2-3.1.102mdk.i586.rpm
76b14e777bffb3c9f6bfde915f79a2ad
10.2/RPMS/mozilla-thunderbird-enigmail-1.0.2-3.1.102mdk.i586.rpm

77717fb74315ae1bb54dfea91d053441
10.2/RPMS/mozilla-thunderbird-enigmime-1.0.2-3.1.102mdk.i586.rpm

da50dfbc83a1cb3067479eada1727d4e
10.2/SRPMS/mozilla-thunderbird-1.0.2-3.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
da471fbf66c976861717e0264fc46aaf
x86_64/10.2/RPMS/mozilla-thunderbird-1.0.2-3.1.102mdk.x86_64.rpm

6baf58a3cb334c6179f8d47c8255ac43
x86_64/10.2/RPMS/mozilla-thunderbird-devel-1.0.2-3.1.102mdk.x86_64.rpm

b35aaa288786860f96d4beb4b574db63
x86_64/10.2/RPMS/mozilla-thunderbird-enigmail-1.0.2-3.1.102mdk.x86_64.rpm

3728bee246d6e9aad8181e1d7529913d
x86_64/10.2/RPMS/mozilla-thunderbird-enigmime-1.0.2-3.1.102mdk.x86_64.rpm

da50dfbc83a1cb3067479eada1727d4e
x86_64/10.2/SRPMS/mozilla-thunderbird-1.0.2-3.1.102mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Mandriva Linux Security Update Advisory

Package name: lm_sensors
Advisory ID: MDKSA-2005:149
Date: August 25th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0

Problem Description:

Javier Fernandez-Sanguino Pena discovered that the pwmconfig
script in the lm_sensors package created temporary files in an
insecure manner. This could allow a symlink attack to create or
overwrite arbitrary files with full root privileges because
pwmconfig is typically executed by root.

The updated packages have been patched to correct this problem
by using mktemp to create the temporary files.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2672

Updated Packages:

Mandrakelinux 10.0:
df10273b9fba09f7c5ce627bb5e36ada
10.0/RPMS/liblm_sensors3-2.8.4-2.1.100mdk.i586.rpm
9d7b0eb57123bd343c332f7fce076397
10.0/RPMS/liblm_sensors3-devel-2.8.4-2.1.100mdk.i586.rpm
85abe9679e939b093f1bd7d77e7d7e16
10.0/RPMS/liblm_sensors3-static-devel-2.8.4-2.1.100mdk.i586.rpm
3212cbd6f8123492b47a33c70f28e67c
10.0/RPMS/lm_sensors-2.8.4-2.1.100mdk.i586.rpm
fcc02a355b53b9e922ddb26cefe0753a
10.0/SRPMS/lm_sensors-2.8.4-2.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
ec6a4717784b523a0b3359cda0576765
amd64/10.0/RPMS/lib64lm_sensors3-2.8.4-2.1.100mdk.amd64.rpm
0a72c0a128cacefe91f1f7cc49e5762f
amd64/10.0/RPMS/lib64lm_sensors3-devel-2.8.4-2.1.100mdk.amd64.rpm

24db3949ab603bfe06066e95fe332673
amd64/10.0/RPMS/lib64lm_sensors3-static-devel-2.8.4-2.1.100mdk.amd64.rpm

2e514d87df42d4aa351939c4b27e2fe7
amd64/10.0/RPMS/lm_sensors-2.8.4-2.1.100mdk.amd64.rpm
fcc02a355b53b9e922ddb26cefe0753a
amd64/10.0/SRPMS/lm_sensors-2.8.4-2.1.100mdk.src.rpm

Mandrakelinux 10.1:
1c851f52f07dd18fd84e4c47102c656f
10.1/RPMS/liblm_sensors3-2.8.7-7.1.101mdk.i586.rpm
6802ce70ffab988d04579d009b78d8a7
10.1/RPMS/liblm_sensors3-devel-2.8.7-7.1.101mdk.i586.rpm
6b59df6a1814d9300b9d590a1ab4008f
10.1/RPMS/liblm_sensors3-static-devel-2.8.7-7.1.101mdk.i586.rpm
4ab2767ada36c3eb47ec7dff9aae28df
10.1/RPMS/lm_sensors-2.8.7-7.1.101mdk.i586.rpm
e978ae8f29f593dbf3dbb59eda006db1
10.1/SRPMS/lm_sensors-2.8.7-7.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
965c42926063cd3abee729f3e3b6b850
x86_64/10.1/RPMS/lib64lm_sensors3-2.8.7-7.1.101mdk.x86_64.rpm
a470b4f7b984c5e17f579abc10edd49f
x86_64/10.1/RPMS/lib64lm_sensors3-devel-2.8.7-7.1.101mdk.x86_64.rpm

7612338836b497a6bdd3b638120e67ef
x86_64/10.1/RPMS/lib64lm_sensors3-static-devel-2.8.7-7.1.101mdk.x86_64.rpm

1805b24a8c2f2c09b0f19259f3ebcb58
x86_64/10.1/RPMS/lm_sensors-2.8.7-7.1.101mdk.x86_64.rpm
e978ae8f29f593dbf3dbb59eda006db1
x86_64/10.1/SRPMS/lm_sensors-2.8.7-7.1.101mdk.src.rpm

Mandrakelinux 10.2:
bc0221e163fa223e9f7a7e8b101209eb
10.2/RPMS/liblm_sensors3-2.9.0-4.1.102mdk.i586.rpm
90d172096a15727c0e9f55f8f6459d14
10.2/RPMS/liblm_sensors3-devel-2.9.0-4.1.102mdk.i586.rpm
92020d0fafe62fc329dfcc3d1d9ed4e6
10.2/RPMS/liblm_sensors3-static-devel-2.9.0-4.1.102mdk.i586.rpm
7c67db72576b4e623e8c0adf6f3b49aa
10.2/RPMS/lm_sensors-2.9.0-4.1.102mdk.i586.rpm
bf68836cfdf5be70f4fac4e5f928c3ae
10.2/SRPMS/lm_sensors-2.9.0-4.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
0588a52c3be2a4327042f0ef762f2677
x86_64/10.2/RPMS/lib64lm_sensors3-2.9.0-4.1.102mdk.x86_64.rpm
6f101ef435f161d6d2fd2801ea90ade2
x86_64/10.2/RPMS/lib64lm_sensors3-devel-2.9.0-4.1.102mdk.x86_64.rpm

b1d4d08c90db9fb7a5c889a88e855529
x86_64/10.2/RPMS/lib64lm_sensors3-static-devel-2.9.0-4.1.102mdk.x86_64.rpm

6c80fec8081da73a246d02be3b361fd5
x86_64/10.2/RPMS/lm_sensors-2.9.0-4.1.102mdk.x86_64.rpm
bf68836cfdf5be70f4fac4e5f928c3ae
x86_64/10.2/SRPMS/lm_sensors-2.9.0-4.1.102mdk.src.rpm

Corporate 3.0:
b992ecee206b158aa13752250f55a239
corporate/3.0/RPMS/liblm_sensors3-2.8.4-2.1.C30mdk.i586.rpm
1422d8d639631c0d82e7ffdaef8ecfb2
corporate/3.0/RPMS/liblm_sensors3-devel-2.8.4-2.1.C30mdk.i586.rpm

0c8f7b0c546748c218b6f96c14747b04
corporate/3.0/RPMS/liblm_sensors3-static-devel-2.8.4-2.1.C30mdk.i586.rpm

900cd7aabecb4af76a1900005f2cc82f
corporate/3.0/RPMS/lm_sensors-2.8.4-2.1.C30mdk.i586.rpm
42537c2b258f5d5c859e89554b18e670
corporate/3.0/SRPMS/lm_sensors-2.8.4-2.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
5f2ba067df2ffcea7460ecbbed5b9406
x86_64/corporate/3.0/RPMS/lib64lm_sensors3-2.8.4-2.1.C30mdk.x86_64.rpm

532c570adec5fddf0bc1de218f281113
x86_64/corporate/3.0/RPMS/lib64lm_sensors3-devel-2.8.4-2.1.C30mdk.x86_64.rpm

6ea29988cd83558f4acea49cc3eaa34f
x86_64/corporate/3.0/RPMS/lib64lm_sensors3-static-devel-2.8.4-2.1.C30mdk.x86_64.rpm

7a8e60e83b80043606b839119d43d26b
x86_64/corporate/3.0/RPMS/lm_sensors-2.8.4-2.1.C30mdk.x86_64.rpm

42537c2b258f5d5c859e89554b18e670
x86_64/corporate/3.0/SRPMS/lm_sensors-2.8.4-2.1.C30mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Mandriva Linux Security Update Advisory

Package name: bluez-utils
Advisory ID: MDKSA-2005:150
Date: August 25th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0

Problem Description:

A vulnerability in bluez-utils was discovered by Henryk Plotz.
Due to missing input sanitizing, it was possible for an attacker to
execute arbitrary commands supplied as a device name from the
remote bluetooth device.

The updated packages have been patched to correct this
problem.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2547

Updated Packages:

Mandrakelinux 10.0:
a363e2012cbf365604147ea094d48e51
10.0/RPMS/bluez-utils-2.4-4.1.100mdk.i586.rpm
b9836323e7edaefa139dbf803ed5b11a
10.0/SRPMS/bluez-utils-2.4-4.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
0c14d3c62ccbb9c53f88f41129883226
amd64/10.0/RPMS/bluez-utils-2.4-4.1.100mdk.amd64.rpm
b9836323e7edaefa139dbf803ed5b11a
amd64/10.0/SRPMS/bluez-utils-2.4-4.1.100mdk.src.rpm

Mandrakelinux 10.1:
ae95bbad5bb67d20a6d209500c729062
10.1/RPMS/bluez-utils-2.10-3.1.101mdk.i586.rpm
15c9d82af6f029699f5f17901277b4f5
10.1/RPMS/bluez-utils-cups-2.10-3.1.101mdk.i586.rpm
e612f6d35745cba68c362003a4c163e4
10.1/SRPMS/bluez-utils-2.10-3.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
c63fc9b66c8a6886602fcc34dcc82f0b
x86_64/10.1/RPMS/bluez-utils-2.10-3.1.101mdk.x86_64.rpm
d27d581f66ed0f4d23ad627f836e86f1
x86_64/10.1/RPMS/bluez-utils-cups-2.10-3.1.101mdk.x86_64.rpm
e612f6d35745cba68c362003a4c163e4
x86_64/10.1/SRPMS/bluez-utils-2.10-3.1.101mdk.src.rpm

Mandrakelinux 10.2:
f909df9003986b72b21a95044298ddba
10.2/RPMS/bluez-utils-2.14-1.1.102mdk.i586.rpm
c3a06b22a142cb1a5b3f9d07e7acc65f
10.2/RPMS/bluez-utils-cups-2.14-1.1.102mdk.i586.rpm
c8e48eedc86d6f3dc5e1aa97d4b819fd
10.2/SRPMS/bluez-utils-2.14-1.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
1dccad3836e309b8046d677eccc96cc5
x86_64/10.2/RPMS/bluez-utils-2.14-1.1.102mdk.x86_64.rpm
76ace2f605fccfb1570c3f74d6c1a5ef
x86_64/10.2/RPMS/bluez-utils-cups-2.14-1.1.102mdk.x86_64.rpm
c8e48eedc86d6f3dc5e1aa97d4b819fd
x86_64/10.2/SRPMS/bluez-utils-2.14-1.1.102mdk.src.rpm

Corporate 3.0:
e9db54c7ed37293e88f9a6a296ef5aa2
corporate/3.0/RPMS/bluez-utils-2.4-4.1.C30mdk.i586.rpm
68ecbc8a999f219d5613b5ddc3aed4df
corporate/3.0/SRPMS/bluez-utils-2.4-4.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
6cd0acb52a764d5ed594b616c0947db4
x86_64/corporate/3.0/RPMS/bluez-utils-2.4-4.1.C30mdk.x86_64.rpm
68ecbc8a999f219d5613b5ddc3aed4df
x86_64/corporate/3.0/SRPMS/bluez-utils-2.4-4.1.C30mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Mandriva Linux Security Update Advisory

Package name: pcre
Advisory ID: MDKSA-2005:151
Date: August 25th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate
Server 2.1, Multi Network Firewall 2.0

Problem Description:

Integer overflow in pcre_compile.c in Perl Compatible Regular
Expressions (PCRE) before 6.2, as used in multiple products, allows
attackers to execute arbitrary code via quantifier values in
regular expressions, which leads to a heap-based buffer
overflow.

The updated packages have been patched to correct this
problem.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491

Updated Packages:

Mandrakelinux 10.0:
309b57502a08710bc746463e40564c2e
10.0/RPMS/libpcre0-4.5-3.1.100mdk.i586.rpm
a7f390ea8291db6a913db92434ab4fd1
10.0/RPMS/libpcre0-devel-4.5-3.1.100mdk.i586.rpm
e7ad5f3caae546bc9f76d90c53d98131
10.0/RPMS/pcre-4.5-3.1.100mdk.i586.rpm
e832acf199d237eb25869d3e1dd1f3a5
10.0/SRPMS/pcre-4.5-3.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
5ec78978882ae59e235036f463caf728
amd64/10.0/RPMS/lib64pcre0-4.5-3.1.100mdk.amd64.rpm
c1ea77b8c96a64de277200642c0f39c4
amd64/10.0/RPMS/lib64pcre0-devel-4.5-3.1.100mdk.amd64.rpm
459960f18b926090eccfbae6faa0c84f
amd64/10.0/RPMS/pcre-4.5-3.1.100mdk.amd64.rpm
e832acf199d237eb25869d3e1dd1f3a5
amd64/10.0/SRPMS/pcre-4.5-3.1.100mdk.src.rpm

Mandrakelinux 10.1:
5fb1ddf8ac2ed8bb2268bf3e18b64529
10.1/RPMS/libpcre0-4.5-5.1.101mdk.i586.rpm
819b1b79f017971f145b8c12b78cc593
10.1/RPMS/libpcre0-devel-4.5-5.1.101mdk.i586.rpm
acb97853ce1673ad72027ff5057428c0
10.1/RPMS/pcre-4.5-5.1.101mdk.i586.rpm
f4a2d968098de33876cc7ad022f4e751
10.1/SRPMS/pcre-4.5-5.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
03249093a10cb990ec3cc5a362924841
x86_64/10.1/RPMS/lib64pcre0-4.5-5.1.101mdk.x86_64.rpm
f74eadbea48228c62d1093622c6e9bb9
x86_64/10.1/RPMS/lib64pcre0-devel-4.5-5.1.101mdk.x86_64.rpm
1a0c903d0391d7f935786a84d2fa66eb
x86_64/10.1/RPMS/pcre-4.5-5.1.101mdk.x86_64.rpm
f4a2d968098de33876cc7ad022f4e751
x86_64/10.1/SRPMS/pcre-4.5-5.1.101mdk.src.rpm

Mandrakelinux 10.2:
4b3dcaf88712905c07eb9d1eea48f426
10.2/RPMS/libpcre0-5.0-2.1.102mdk.i586.rpm
93f5253396e53c95b5aebb79a290957c
10.2/RPMS/libpcre0-devel-5.0-2.1.102mdk.i586.rpm
c42b2c321aacd8fc36aaed195aaed054
10.2/RPMS/pcre-5.0-2.1.102mdk.i586.rpm
c9bd1f6fd2816a6ff02c08533faa700a
10.2/SRPMS/pcre-5.0-2.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
9c16f12aec35bc1d32932ecf478e0672
x86_64/10.2/RPMS/lib64pcre0-5.0-2.1.102mdk.x86_64.rpm
93ff357fa977d8a26ac5a4a0ef2b6400
x86_64/10.2/RPMS/lib64pcre0-devel-5.0-2.1.102mdk.x86_64.rpm
a2ceb2799814de8984ca6707b497fce5
x86_64/10.2/RPMS/pcre-5.0-2.1.102mdk.x86_64.rpm
c9bd1f6fd2816a6ff02c08533faa700a
x86_64/10.2/SRPMS/pcre-5.0-2.1.102mdk.src.rpm

Multi Network Firewall 2.0:
39a7d2f6d40af5ca22b7a78607b3217f
mnf/2.0/RPMS/libpcre0-4.5-3.1.M20mdk.i586.rpm
de30c5803f323b1b124234c21f125b25
mnf/2.0/RPMS/pcre-4.5-3.1.M20mdk.i586.rpm
6c8e57198db4380e69017f8299ff40e5
mnf/2.0/SRPMS/pcre-4.5-3.1.M20mdk.src.rpm

Corporate Server 2.1:
de01932f1bb779c78999762bb5057653
corporate/2.1/RPMS/libpcre0-3.9-5.1.C21mdk.i586.rpm
2a7c71195755079fe3eee0fda834a7d9
corporate/2.1/RPMS/libpcre0-devel-3.9-5.1.C21mdk.i586.rpm
aae9df225a2bdafa9f60feeb397f5796
corporate/2.1/RPMS/pcre-3.9-5.1.C21mdk.i586.rpm
16ff4bcf36bba60143ac847e0ce91cb0
corporate/2.1/SRPMS/pcre-3.9-5.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
d310322b1038159b0270ae62140e8b4c
x86_64/corporate/2.1/RPMS/libpcre0-3.9-5.1.C21mdk.x86_64.rpm
7977cc9ab34756f1653e96e996abdfb4
x86_64/corporate/2.1/RPMS/libpcre0-devel-3.9-5.1.C21mdk.x86_64.rpm

aad833aca80deac98d7157de58a9ef68
x86_64/corporate/2.1/RPMS/pcre-3.9-5.1.C21mdk.x86_64.rpm
16ff4bcf36bba60143ac847e0ce91cb0
x86_64/corporate/2.1/SRPMS/pcre-3.9-5.1.C21mdk.src.rpm

Corporate 3.0:
18dd263d0c809022c870a29899eeb8b3
corporate/3.0/RPMS/libpcre0-4.5-3.2.C30mdk.i586.rpm
674b5bba9b87dc2ed6e6fafe9c53abfc
corporate/3.0/RPMS/libpcre0-devel-4.5-3.2.C30mdk.i586.rpm
d5df129d1e9d7800e1b9a97cccb96217
corporate/3.0/RPMS/pcre-4.5-3.2.C30mdk.i586.rpm
e9f3f1d4a19b0396481871aa0c398c16
corporate/3.0/SRPMS/pcre-4.5-3.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
a5a97684dac58a4bce9748039c961278
x86_64/corporate/3.0/RPMS/lib64pcre0-4.5-3.2.C30mdk.x86_64.rpm
d1dcd3f60940c3165d42b79c631b558d
x86_64/corporate/3.0/RPMS/lib64pcre0-devel-4.5-3.2.C30mdk.x86_64.rpm

bc0dae706980d75df70c6080cb1968a4
x86_64/corporate/3.0/RPMS/pcre-4.5-3.2.C30mdk.x86_64.rpm
e9f3f1d4a19b0396481871aa0c398c16
x86_64/corporate/3.0/SRPMS/pcre-4.5-3.2.C30mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Mandriva Linux Security Update Advisory

Package name: php
Advisory ID: MDKSA-2005:152
Date: August 25th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate
Server 2.1, Multi Network Firewall 2.0

Problem Description:

Integer overflow in pcre_compile.c in Perl Compatible Regular
Expressions (PCRE) before 6.2, as used in multiple products, allows
attackers to execute arbitrary code via quantifier values in
regular expressions, which leads to a heap-based buffer
overflow.

The php packages, as shipped, were built using a private copy of
pcre.

The updated packages have been rebuilt against the system pcre
libs to correct this problem.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491

Updated Packages:

Mandrakelinux 10.0:
eb0e368698b2fda5305b91ab1db8454b
10.0/RPMS/libphp_common432-4.3.4-4.6.100mdk.i586.rpm
1816cfcc76d579e46733d572b9419fce
10.0/RPMS/php-cgi-4.3.4-4.6.100mdk.i586.rpm
44eccf95b5ea20a7980bc57193fd4207
10.0/RPMS/php-cli-4.3.4-4.6.100mdk.i586.rpm
a69cc3baef9baa683242e30f6011f8e2
10.0/RPMS/php432-devel-4.3.4-4.6.100mdk.i586.rpm
a0a2f9a9e8241a515cf2b548beae4cb7
10.0/SRPMS/php-4.3.4-4.6.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
fd1a6e1293506461a19e5cc80d90eecb
amd64/10.0/RPMS/lib64php_common432-4.3.4-4.6.100mdk.amd64.rpm
f9374c5b4339d568fe6e05bfb17b81f7
amd64/10.0/RPMS/php-cgi-4.3.4-4.6.100mdk.amd64.rpm
0f811ea9666a35feaeb3176bef2145e4
amd64/10.0/RPMS/php-cli-4.3.4-4.6.100mdk.amd64.rpm
5cc1e89e7e2d2474d4249713855ab1b1
amd64/10.0/RPMS/php432-devel-4.3.4-4.6.100mdk.amd64.rpm
a0a2f9a9e8241a515cf2b548beae4cb7
amd64/10.0/SRPMS/php-4.3.4-4.6.100mdk.src.rpm

Mandrakelinux 10.1:
696d96819a573db2fc9ef77018a1cd5a
10.1/RPMS/libphp_common432-4.3.8-3.4.101mdk.i586.rpm
cd75f36ce70b59b1e7d89ec17e939c01
10.1/RPMS/php-cgi-4.3.8-3.4.101mdk.i586.rpm
190fb5d7390f421ab639f086b0d4b830
10.1/RPMS/php-cli-4.3.8-3.4.101mdk.i586.rpm
92d72f61dba2582098b490790d1dd759
10.1/RPMS/php432-devel-4.3.8-3.4.101mdk.i586.rpm
7c1fd0570af6566a47ef240e072757e3
10.1/SRPMS/php-4.3.8-3.4.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
497261e30c8f34eeb074273dff2e51cd
x86_64/10.1/RPMS/lib64php_common432-4.3.8-3.4.101mdk.x86_64.rpm
08f0ba426c68ae93549dc9617aec9fa7
x86_64/10.1/RPMS/php-cgi-4.3.8-3.4.101mdk.x86_64.rpm
beb9dfc3eabafd3491f3996f339b89a7
x86_64/10.1/RPMS/php-cli-4.3.8-3.4.101mdk.x86_64.rpm
3b9dfd200b756098165f7df0381e4fbd
x86_64/10.1/RPMS/php432-devel-4.3.8-3.4.101mdk.x86_64.rpm
7c1fd0570af6566a47ef240e072757e3
x86_64/10.1/SRPMS/php-4.3.8-3.4.101mdk.src.rpm

Mandrakelinux 10.2:
586822538c1277d23958c0ccc7ca5f5b
10.2/RPMS/libphp_common432-4.3.10-7.2.102mdk.i586.rpm
eda7407c1646e614949886cc0779c317
10.2/RPMS/php-cgi-4.3.10-7.2.102mdk.i586.rpm
cc5883ec909c52dd3c8eafd069bfefad
10.2/RPMS/php-cli-4.3.10-7.2.102mdk.i586.rpm
7ba1ae1b35dcae80c87e934f7942ba4b
10.2/RPMS/php432-devel-4.3.10-7.2.102mdk.i586.rpm
8e6141b81f2a0852338915b5b5f78f43
10.2/SRPMS/php-4.3.10-7.2.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
df8091c501dc846ee06d91843bb5bb01
x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.2.102mdk.x86_64.rpm

d6ed3306dbdf94e2d9a9331e787082c6
x86_64/10.2/RPMS/php-cgi-4.3.10-7.2.102mdk.x86_64.rpm
9fae82418ec0cb926515a401563cd6f6
x86_64/10.2/RPMS/php-cli-4.3.10-7.2.102mdk.x86_64.rpm
0a966fc75dfeba6697907a9d85365521
x86_64/10.2/RPMS/php432-devel-4.3.10-7.2.102mdk.x86_64.rpm
8e6141b81f2a0852338915b5b5f78f43
x86_64/10.2/SRPMS/php-4.3.10-7.2.102mdk.src.rpm

Multi Network Firewall 2.0:
9512ea70132f3edb788c48a4d3ac7e34
mnf/2.0/RPMS/libphp_common432-4.3.4-4.6.M20mdk.i586.rpm
5df5f70c8470ece4238d11f0cb213fb0
mnf/2.0/RPMS/php-cgi-4.3.4-4.6.M20mdk.i586.rpm
c1c3eae72209c6742cbaa204fe1174d4
mnf/2.0/SRPMS/php-4.3.4-4.6.M20mdk.src.rpm

Corporate Server 2.1:
20e4fe9664591d97bd7e87bce7abf8a1
corporate/2.1/RPMS/php-4.2.3-4.5.C21mdk.i586.rpm
b5c53e71a69a7d8812bb2871cef26aaf
corporate/2.1/RPMS/php-common-4.2.3-4.5.C21mdk.i586.rpm
483f7f2db9ec6d49e29ba7c4488996ee
corporate/2.1/RPMS/php-devel-4.2.3-4.5.C21mdk.i586.rpm
1b3cbc4961e4ef50c6304d6a8f03cd0a
corporate/2.1/RPMS/php-pear-4.2.3-4.5.C21mdk.i586.rpm
0b15baacbb3243b46143fd041a8dd8f4
corporate/2.1/SRPMS/php-4.2.3-4.5.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
734b15eebd17d63cef3e3a7f042c9fb1
x86_64/corporate/2.1/RPMS/php-4.2.3-4.5.C21mdk.x86_64.rpm
d3c6941f8c98f4e868e5b9b2366e8886
x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.5.C21mdk.x86_64.rpm

8eed243db07e3b87186598d050dcee8b
x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.5.C21mdk.x86_64.rpm
839e1b9811714d35ce87b6d7bdd4a326
x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.5.C21mdk.x86_64.rpm
0b15baacbb3243b46143fd041a8dd8f4
x86_64/corporate/2.1/SRPMS/php-4.2.3-4.5.C21mdk.src.rpm

Corporate 3.0:
0058c2f1310f1d9d96699565d285a9f2
corporate/3.0/RPMS/libphp_common432-4.3.4-4.6.C30mdk.i586.rpm
6d8a5bad11aa6891a21ed9ad3da4dc45
corporate/3.0/RPMS/php-cgi-4.3.4-4.6.C30mdk.i586.rpm
12c74a0af4df6572420c5ba18881cc3c
corporate/3.0/RPMS/php-cli-4.3.4-4.6.C30mdk.i586.rpm
e1e8b213071496d8bcd20d8c54288b4a
corporate/3.0/RPMS/php432-devel-4.3.4-4.6.C30mdk.i586.rpm
d29855cc6df3d29b38eba206acf7c1d2
corporate/3.0/SRPMS/php-4.3.4-4.6.C30mdk.src.rpm

Corporate 3.0/X86_64:
de5bbf1a212dda1610ba9cb39429ee03
x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.6.C30mdk.x86_64.rpm

bb62cee7751251be364cb9a42467066b
x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.6.C30mdk.x86_64.rpm
28a83cd6fdf175ea0e7f0907b708acd4
x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.6.C30mdk.x86_64.rpm
91d3df83d21e58d339ac5f84e97b7386
x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.6.C30mdk.x86_64.rpm

d29855cc6df3d29b38eba206acf7c1d2
x86_64/corporate/3.0/SRPMS/php-4.3.4-4.6.C30mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Mandriva Linux Security Update Advisory

Package name: gnumeric
Advisory ID: MDKSA-2005:153
Date: August 26th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0

Problem Description:

Integer overflow in pcre_compile.c in Perl Compatible Regular
Expressions (PCRE) before 6.2, as used in multiple products, allows
attackers to execute arbitrary code via quantifier values in
regular expressions, which leads to a heap-based buffer
overflow.

The gnumeric packages use a private copy of pcre code.

The updated packages have been patched to correct this
problem.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491

Updated Packages:

Mandrakelinux 10.1:
0886c3abe93a6f99e9c388a2057678e2
10.1/RPMS/gnumeric-1.2.13-3.1.101mdk.i586.rpm
1f4b803c3a19763710cfb56b141fe4d2
10.1/SRPMS/gnumeric-1.2.13-3.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
e6371dd0e84c22a47d2be3146f6efe1e
x86_64/10.1/RPMS/gnumeric-1.2.13-3.1.101mdk.x86_64.rpm
1f4b803c3a19763710cfb56b141fe4d2
x86_64/10.1/SRPMS/gnumeric-1.2.13-3.1.101mdk.src.rpm

Mandrakelinux 10.2:
9ce2fee0efdaac36d6f84374da737f61
10.2/RPMS/gnumeric-1.4.2-1.1.102mdk.i586.rpm
de0c185642dea43227c2bd8d04b05c19
10.2/SRPMS/gnumeric-1.4.2-1.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
ebf2b9f3573524f8a956f6697f08efc9
x86_64/10.2/RPMS/gnumeric-1.4.2-1.1.102mdk.x86_64.rpm
de0c185642dea43227c2bd8d04b05c19
x86_64/10.2/SRPMS/gnumeric-1.4.2-1.1.102mdk.src.rpm

Corporate 3.0:
3510cf943ed010540a3659d23627f912
corporate/3.0/RPMS/gnumeric-1.2.6-1.1.C30mdk.i586.rpm
b296c5410c6bc28c2e5774d5024d3e43
corporate/3.0/SRPMS/gnumeric-1.2.6-1.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
58aedcd44337210db29fa0ee7123f7e0
x86_64/corporate/3.0/RPMS/gnumeric-1.2.6-1.1.C30mdk.x86_64.rpm
b296c5410c6bc28c2e5774d5024d3e43
x86_64/corporate/3.0/SRPMS/gnumeric-1.2.6-1.1.C30mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Mandriva Linux Security Update Advisory

Package name: python
Advisory ID: MDKSA-2005:154
Date: August 26th, 2005
Affected versions: 10.0, 10.1, Corporate 3.0, Corporate Server 2.1,
Multi Network Firewall 2.0

Problem Description:

Integer overflow in pcre_compile.c in Perl Compatible Regular
Expressions (PCRE) before 6.2, as used in multiple products, allows
attackers to execute arbitrary code via quantifier values in
regular expressions, which leads to a heap-based buffer
overflow.

The python packages use a private copy of pcre code.

The updated packages have been patched to correct this
problem.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491

Updated Packages:

Mandrakelinux 10.0:
5254d6dd2c29d04b93742943d850d5a6
10.0/RPMS/libpython2.3-2.3.3-2.2.100mdk.i586.rpm
01e76259abbca381185552182c755ebc
10.0/RPMS/libpython2.3-devel-2.3.3-2.2.100mdk.i586.rpm
4c0842a0ae3c0d00af9f238aba27b2c6
10.0/RPMS/python-2.3.3-2.2.100mdk.i586.rpm
fb6a33cc69d04f8edd53ce8026fa1a11
10.0/RPMS/python-base-2.3.3-2.2.100mdk.i586.rpm
4775225e6c25405c162599ff27391d35
10.0/RPMS/python-docs-2.3.3-2.2.100mdk.i586.rpm
82530135e527cd8ac99193368a81c3fb
10.0/RPMS/xchat-python-2.0.7-6.1.100mdk.i586.rpm
917165c654a81f44cc974b0f6adeba35
10.0/RPMS/tkinter-2.3.3-2.2.100mdk.i586.rpm
06ab77bf8c3a95864d73018485f7a22a
10.0/SRPMS/python-2.3.3-2.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
36deaedf901b5c30f68ba81aef492728
amd64/10.0/RPMS/lib64python2.3-2.3.3-2.2.100mdk.amd64.rpm
4be95cd1143d2f255b334b43e410e98b
amd64/10.0/RPMS/lib64python2.3-devel-2.3.3-2.2.100mdk.amd64.rpm
385fbba2bdf856e2acbb186a6977f6f0
amd64/10.0/RPMS/python-2.3.3-2.2.100mdk.amd64.rpm
bba1e1f45eaa5d557be977fdec1ef752
amd64/10.0/RPMS/python-base-2.3.3-2.2.100mdk.amd64.rpm
6f9b5d5076ba084325a108df2dd3523f
amd64/10.0/RPMS/python-docs-2.3.3-2.2.100mdk.amd64.rpm
0466472b41b2fd02802bfc5a3fe5b7a9
amd64/10.0/RPMS/tkinter-2.3.3-2.2.100mdk.amd64.rpm
06ab77bf8c3a95864d73018485f7a22a
amd64/10.0/SRPMS/python-2.3.3-2.2.100mdk.src.rpm

Mandrakelinux 10.1:
0c2619eb2e9864ef420ec89ae78dba12
10.1/RPMS/libpython2.3-2.3.4-6.2.101mdk.i586.rpm
ed9f6fee4ec8ab8d8e2388f9c92f66ef
10.1/RPMS/libpython2.3-devel-2.3.4-6.2.101mdk.i586.rpm
e71c5ad5f0718e61c81a93c98667deaf
10.1/RPMS/python-2.3.4-6.2.101mdk.i586.rpm
4e8831f2dab035e3c67afc53f702108f
10.1/RPMS/python-base-2.3.4-6.2.101mdk.i586.rpm
7a4822ce3f46a48ead29363f23adfcd5
10.1/RPMS/python-docs-2.3.4-6.2.101mdk.i586.rpm
6b15b0c9b116db6b38623cb15f868fe6
10.1/RPMS/tkinter-2.3.4-6.2.101mdk.i586.rpm
b965827276d1efd49fc403dda0df33e8
10.1/SRPMS/python-2.3.4-6.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
a19885472aaa03aad5c3dac1b8d668b4
x86_64/10.1/RPMS/lib64python2.3-2.3.4-6.2.101mdk.x86_64.rpm
79e3aaa88ec98d9007d20c37cee2cccd
x86_64/10.1/RPMS/lib64python2.3-devel-2.3.4-6.2.101mdk.x86_64.rpm

2a3eee71bcd5b63fa1cc39775e3d514d
x86_64/10.1/RPMS/python-2.3.4-6.2.101mdk.x86_64.rpm
318cec7614713c4410393ec50425bebb
x86_64/10.1/RPMS/python-base-2.3.4-6.2.101mdk.x86_64.rpm
494b1c0a96a211dacfd4f75f803014ae
x86_64/10.1/RPMS/python-docs-2.3.4-6.2.101mdk.x86_64.rpm
08bfe8c623d71cb66a5d84f5579eeac5
x86_64/10.1/RPMS/tkinter-2.3.4-6.2.101mdk.x86_64.rpm
b965827276d1efd49fc403dda0df33e8
x86_64/10.1/SRPMS/python-2.3.4-6.2.101mdk.src.rpm

Multi Network Firewall 2.0:
12396f1a0b719b02e058926dee6a62c8
mnf/2.0/RPMS/libpython2.3-2.3.3-2.2.M20mdk.i586.rpm
646799aea341177d9118e55254c2508f
mnf/2.0/RPMS/python-2.3.3-2.2.M20mdk.i586.rpm
c031bc315c2a580557c5ef970cb9ff42
mnf/2.0/RPMS/python-base-2.3.3-2.2.M20mdk.i586.rpm
788f1f58cb6efbd1d44fb13df757587f
mnf/2.0/SRPMS/python-2.3.3-2.2.M20mdk.src.rpm

Corporate Server 2.1:
5a0c02b33df517b05732d15e52674218
corporate/2.1/RPMS/libpython2.2-2.2.1-14.6.C21mdk.i586.rpm
d4b45fdea45bcb3997cc33464411c0c5
corporate/2.1/RPMS/libpython2.2-devel-2.2.1-14.6.C21mdk.i586.rpm

dfcd6f26c5d4a2fa9863ff385db02add
corporate/2.1/RPMS/python-2.2.1-14.6.C21mdk.i586.rpm
b4f8157fd19d0d1a815dda9e46a51cbe
corporate/2.1/RPMS/python-base-2.2.1-14.6.C21mdk.i586.rpm
9ae1eabfc50a8e142e4f8c71a4942650
corporate/2.1/RPMS/python-docs-2.2.1-14.6.C21mdk.i586.rpm
fb5201c0f5a7d0c961699c8a11b678a8
corporate/2.1/RPMS/tkinter-2.2.1-14.6.C21mdk.i586.rpm
4278bc8a7bccc81af2e2a5d3f2ceef75
corporate/2.1/SRPMS/python-2.2.1-14.6.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
0637dd1d56b1325764fb76e7971cb8b8
x86_64/corporate/2.1/RPMS/libpython2.2-2.2.1-14.6.C21mdk.x86_64.rpm

4d58b57f2084fe45e8eb5f94165b1560
x86_64/corporate/2.1/RPMS/libpython2.2-devel-2.2.1-14.6.C21mdk.x86_64.rpm

efb6243e3d36f7efbb49d9aba35da8a7
x86_64/corporate/2.1/RPMS/python-2.2.1-14.6.C21mdk.x86_64.rpm
cf919649caf1ff241ad7b5bfe1723fcd
x86_64/corporate/2.1/RPMS/python-base-2.2.1-14.6.C21mdk.x86_64.rpm

349e2813c1646a5b912d15ba9b9a6f9e
x86_64/corporate/2.1/RPMS/python-docs-2.2.1-14.6.C21mdk.x86_64.rpm

87bb6b2752730ccc16d4f618a8b629e1
x86_64/corporate/2.1/RPMS/tkinter-2.2.1-14.6.C21mdk.x86_64.rpm
4278bc8a7bccc81af2e2a5d3f2ceef75
x86_64/corporate/2.1/SRPMS/python-2.2.1-14.6.C21mdk.src.rpm

Corporate 3.0:
c1f03087db68fdd46699568578f679e3
corporate/3.0/RPMS/libpython2.3-2.3.3-2.2.C30mdk.i586.rpm
d9944ec5da6e803e7196fa4ec06506c1
corporate/3.0/RPMS/libpython2.3-devel-2.3.3-2.2.C30mdk.

Complete Story
Previous article
Next article

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.