Debian GNU/Linux
Debian Security Advisory DSA 1229-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
December 6th, 2006 http://www.debian.org/security/faq
Package : asterisk
Vulnerability : integer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-5444
CERT advisory : VU#521252
BugTraq ID : 20617
Adam Boileau discovered an integer overflow in the Skinny
channel driver in Asterisk, an Open Source Private Branch Exchange
or telephone system, as used by Cisco SCCP phones, which allows
remote attackers to execute arbitrary code.
For the stable distribution (sarge) this problem has been fixed
in version 1.0.7.dfsg.1-2sarge4.
For the unstable distribution (sid) this problem has been fixed
in version 1.2.13~dfsg-1.
We recommend that you upgrade your asterisk packages.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4.dsc
Size/MD5 checksum: 1259
2441c1ccc8467ecefc45b58711b9602f
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4.diff.gz
Size/MD5 checksum: 70588
17c8aaae715230d9ea8d0485eb7cfe95
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1.orig.tar.gz
Size/MD5 checksum: 2929488
0d0f718ccd7a06ab998c3f637df294c0
Architecture independent components:
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-config_1.0.7.dfsg.1-2sarge4_all.deb
Size/MD5 checksum: 61616
84dd16720f492033c5c034b69f033f7f
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dev_1.0.7.dfsg.1-2sarge4_all.deb
Size/MD5 checksum: 83382
0fda6ac9d47e7d5bcd9786c7ab17ebd5
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-doc_1.0.7.dfsg.1-2sarge4_all.deb
Size/MD5 checksum: 1577766
a5ddadc5ba22723d32a74a2bc4fb9dfc
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-sounds-main_1.0.7.dfsg.1-2sarge4_all.deb
Size/MD5 checksum: 1180298
bf9fae8e20a5e299d1c24e5fce59ee96
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-web-vmail_1.0.7.dfsg.1-2sarge4_all.deb
Size/MD5 checksum: 28378
eb425bfc6db224dd17346c0a03f06853
Alpha architecture:
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_alpha.deb
Size/MD5 checksum: 1477714
2835395f4796f717330ec4bc6decca4e
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_alpha.deb
Size/MD5 checksum: 31406
03e9021f5867a19500fadd3e27563e47
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_alpha.deb
Size/MD5 checksum: 21444
06a45fc8f1407adfdcaf1453e1cd0874
AMD64 architecture:
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_amd64.deb
Size/MD5 checksum: 1333338
73a991fc324d71d53a375dd81b9eb8e2
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_amd64.deb
Size/MD5 checksum: 30832
21bde76d77e7948ec115c0752e025353
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_amd64.deb
Size/MD5 checksum: 21444
c426ea519c9a806039aec64fc58083fc
ARM architecture:
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_arm.deb
Size/MD5 checksum: 1262870
4e73f23ddaadabb52c1f06b37e1c520e
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_arm.deb
Size/MD5 checksum: 29544
7d7f780f79006309910f2f6a66e06818
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_arm.deb
Size/MD5 checksum: 21444
e50e31d85cc4835fc0023b02d4a19b39
HP Precision architecture:
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_hppa.deb
Size/MD5 checksum: 1448202
32dd05dd323f87a5e2af536e49985faa
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_hppa.deb
Size/MD5 checksum: 31476
46142d857caf78277934f9e89711b41a
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_hppa.deb
Size/MD5 checksum: 21450
56f2cebadeabe4f099cf9399f55a589f
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_i386.deb
Size/MD5 checksum: 1171606
2810bc5ffb85764e07e7ec706dc4f928
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_i386.deb
Size/MD5 checksum: 29836
0daf81e64c836885f14b2dbf0f54343b
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_i386.deb
Size/MD5 checksum: 21442
b0a56bf68687633b5965fd5bc48ada95
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_ia64.deb
Size/MD5 checksum: 1771294
ed00a12ab45bd6f81da7214fc4f0b99d
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_ia64.deb
Size/MD5 checksum: 32960
4f4e2c882189638bfee0f4e25868ab2b
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_ia64.deb
Size/MD5 checksum: 21442
1b642cf09597da3404c55d42b6ff0ae7
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_m68k.deb
Size/MD5 checksum: 1184854
de5fd7c0533e64861c7446c651777fd3
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_m68k.deb
Size/MD5 checksum: 30224
0967fd0088ec26799999c267a258bb81
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_m68k.deb
Size/MD5 checksum: 21462
5d19189f30b74bd2112d09a340946cf9
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_mips.deb
Size/MD5 checksum: 1264012
fabd550d77fe25c7e717f29bb3bf1355
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_mips.deb
Size/MD5 checksum: 29430
efd332bdb454dc03e3e2dc63bdd65ce8
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_mips.deb
Size/MD5 checksum: 21448
ff71d10748a00ef5f1c3d4b8632d929f
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_mipsel.deb
Size/MD5 checksum: 1270346
07d3e2bc2677a460f27187264fafe80e
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_mipsel.deb
Size/MD5 checksum: 29366
49499b7916c27d1ede70eddc64505be0
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_mipsel.deb
Size/MD5 checksum: 21450
530e7eb9d1a395faa2fd19dffaf2db6e
PowerPC architecture:
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_powerpc.deb
Size/MD5 checksum: 1425172
dae96f2c81168d452cd05b70316632db
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_powerpc.deb
Size/MD5 checksum: 31166
86982177ea3ab8dd23daa989e976c316
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_powerpc.deb
Size/MD5 checksum: 21444
fafe504d906ab206c8c66c558ca866c5
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_s390.deb
Size/MD5 checksum: 1312516
8b8425df65ae5d632b0f8f1da6fb4c38
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_s390.deb
Size/MD5 checksum: 30846
1ab2adb0c24b96a0c8a43480cd0a5f68
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_s390.deb
Size/MD5 checksum: 21442
0e283bcb7f6c4992e99ae7f823c557f3
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_sparc.deb
Size/MD5 checksum: 1274282
aa531e9c0c268dfabf222092b5b61e51
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_sparc.deb
Size/MD5 checksum: 29812
3a64e2bccfc0479263d2aa8d00b2cb68
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_sparc.deb
Size/MD5 checksum: 21450
c9f916ccce73e0c25360affd739543e5
These files will probably be moved into the stable distribution
on its next update.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>
Gentoo Linux
Gentoo Linux Security Advisory GLSA 200612-01
Severity: Normal
Title: wv library: Multiple integer overflows
Date: December 07, 2006
Bugs: #153800
ID: 200612-01
Synopsis
The wv library is vulnerable to multiple integer overflows which
could lead to the execution of arbitrary code.
Background
wv is a library for conversion of MS Word DOC and RTF files.
Affected packages
Package / Vulnerable / Unaffected
1 app-text/wv < 1.2.3-r1 >= 1.2.3-r1
Description
The wv library fails to do proper arithmetic checks in multiple
places, possibly leading to integer overflows.
Impact
An attacker could craft a malicious file that, when handled with
the wv library, could lead to the execution of arbitrary code with
the permissions of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All wv library users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-text/wv-1.2.3-r1"
References
[ 1 ] CVE-2006-4513
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4513
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200612-01.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Mandriva Linux
Mandriva Linux Security Advisory MDKSA-2006:224
http://www.mandriva.com/security/
Package : xine-lib
Date : December 5, 2006
Affected: 2007.0, Corporate 3.0
Problem Description:
Buffer overflow in the asmrp_eval function for the Real Media
input plugin allows remote attackers to cause a denial of service
and possibly execute arbitrary code via a rulebook with a large
number of rulematches.
Updated packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6172
Updated Packages:
Mandriva Linux 2007.0:
b0aa36d10d1ee53184b345c4a48b6fcb
2007.0/i586/libxine1-1.1.2-3.2mdv2007.0.i586.rpm
0c67ca2d47ea5594d2978573205c158f
2007.0/i586/libxine1-devel-1.1.2-3.2mdv2007.0.i586.rpm
ee79849493b4b40f207e0e135dc9f4ca
2007.0/i586/xine-aa-1.1.2-3.2mdv2007.0.i586.rpm
f0d942949cf3938287e3f4ec44275807
2007.0/i586/xine-arts-1.1.2-3.2mdv2007.0.i586.rpm
db80c09dc6050a920aeae2e410ab4471
2007.0/i586/xine-dxr3-1.1.2-3.2mdv2007.0.i586.rpm
79f07b0afcbf4682752919829bde6fcf
2007.0/i586/xine-esd-1.1.2-3.2mdv2007.0.i586.rpm
51688356ab263c95b051712ed0f70def
2007.0/i586/xine-flac-1.1.2-3.2mdv2007.0.i586.rpm
74cd9a178d86754b337e4b1217874863
2007.0/i586/xine-gnomevfs-1.1.2-3.2mdv2007.0.i586.rpm
3f331ce5c5463512038ad69a785c9dbe
2007.0/i586/xine-image-1.1.2-3.2mdv2007.0.i586.rpm
f147438cd7f07aaf70e1178bd2343133
2007.0/i586/xine-plugins-1.1.2-3.2mdv2007.0.i586.rpm
7cb84dbcf336d715b04812fbedb349cf
2007.0/i586/xine-sdl-1.1.2-3.2mdv2007.0.i586.rpm
860fe1ca635d076e9bfa1819e7b603cd
2007.0/i586/xine-smb-1.1.2-3.2mdv2007.0.i586.rpm
c7a995ee090abd62b6a580b53e3c3364
2007.0/SRPMS/xine-lib-1.1.2-3.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
a1a3e704ff2f356784ad084f95d41f74
2007.0/x86_64/lib64xine1-1.1.2-3.2mdv2007.0.x86_64.rpm
ee81c8526e7baf295f214338fa3d45cd
2007.0/x86_64/lib64xine1-devel-1.1.2-3.2mdv2007.0.x86_64.rpm
bdb0a918df1d9239016741bde0027f3a
2007.0/x86_64/xine-aa-1.1.2-3.2mdv2007.0.x86_64.rpm
6cc4cc4b46b3dbeb22364ecc15d9c7d6
2007.0/x86_64/xine-arts-1.1.2-3.2mdv2007.0.x86_64.rpm
4d9ce5c5ef2814e2c18dcc60e6270322
2007.0/x86_64/xine-dxr3-1.1.2-3.2mdv2007.0.x86_64.rpm
38fe8e37988df8307028778421029349
2007.0/x86_64/xine-esd-1.1.2-3.2mdv2007.0.x86_64.rpm
53ccedaeef04ff9b15bcf3d63cdb8663
2007.0/x86_64/xine-flac-1.1.2-3.2mdv2007.0.x86_64.rpm
b090fb7ac33b25d310dc8cfc4758062b
2007.0/x86_64/xine-gnomevfs-1.1.2-3.2mdv2007.0.x86_64.rpm
51d280def3f6c87276e9b4892c807d38
2007.0/x86_64/xine-image-1.1.2-3.2mdv2007.0.x86_64.rpm
fdbfa62329ac6fadba0277db33b71cff
2007.0/x86_64/xine-plugins-1.1.2-3.2mdv2007.0.x86_64.rpm
af8dda72b12c9a36d7a51d3d5916bb38
2007.0/x86_64/xine-sdl-1.1.2-3.2mdv2007.0.x86_64.rpm
dea73578f285ebe1b1aac769cc0a549a
2007.0/x86_64/xine-smb-1.1.2-3.2mdv2007.0.x86_64.rpm
c7a995ee090abd62b6a580b53e3c3364
2007.0/SRPMS/xine-lib-1.1.2-3.2mdv2007.0.src.rpm
Corporate 3.0:
e27a1f3f0a92a65ea9673d0aa7bd9660
corporate/3.0/i586/libxine1-1-0.rc3.6.14.C30mdk.i586.rpm
cef9a906baabe8c8e18bbe45762268fd
corporate/3.0/i586/libxine1-devel-1-0.rc3.6.14.C30mdk.i586.rpm
5260c623ea029663a3166c8e350b6306
corporate/3.0/i586/xine-aa-1-0.rc3.6.14.C30mdk.i586.rpm
aa8ed9640d1e42608f1cd531d4d00dd6
corporate/3.0/i586/xine-arts-1-0.rc3.6.14.C30mdk.i586.rpm
1d311b51dc2ea55a1590ef409bfd9d9f
corporate/3.0/i586/xine-dxr3-1-0.rc3.6.14.C30mdk.i586.rpm
d8602b10e1b5b0ea29959c981bf5866e
corporate/3.0/i586/xine-esd-1-0.rc3.6.14.C30mdk.i586.rpm
ba65fc2fa69c85b848f7fe5728381003
corporate/3.0/i586/xine-flac-1-0.rc3.6.14.C30mdk.i586.rpm
bbf13c446ebf132b6a474a9bf4a300cd
corporate/3.0/i586/xine-gnomevfs-1-0.rc3.6.14.C30mdk.i586.rpm
18168e188258d645ba33103a743af3cb
corporate/3.0/i586/xine-plugins-1-0.rc3.6.14.C30mdk.i586.rpm
11ff55c81b52559ff1b08bab917d63db
corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.14.C30mdk.src.rpm
Corporate 3.0/X86_64:
fad4ae51ebdd06fe3b3f7848994bc7f0
corporate/3.0/x86_64/lib64xine1-1-0.rc3.6.14.C30mdk.x86_64.rpm
0aeb5bb0a613d0fa13788c7f2c64c871
corporate/3.0/x86_64/lib64xine1-devel-1-0.rc3.6.14.C30mdk.x86_64.rpm
755ab190b656fdbb9313189cce7f5a80
corporate/3.0/x86_64/xine-aa-1-0.rc3.6.14.C30mdk.x86_64.rpm
ecf0b4ee0c12d1506432c297080bbb67
corporate/3.0/x86_64/xine-arts-1-0.rc3.6.14.C30mdk.x86_64.rpm
8433359eaa5ec8987efe65e6ada96132
corporate/3.0/x86_64/xine-esd-1-0.rc3.6.14.C30mdk.x86_64.rpm
bbb1ac4807f1e8a7960d8704c79c6134
corporate/3.0/x86_64/xine-flac-1-0.rc3.6.14.C30mdk.x86_64.rpm
356f64f53ce7d552acc239cde30b60ea
corporate/3.0/x86_64/xine-gnomevfs-1-0.rc3.6.14.C30mdk.x86_64.rpm
4661d21604ad2b6d2443e1ba357a9491
corporate/3.0/x86_64/xine-plugins-1-0.rc3.6.14.C30mdk.x86_64.rpm
11ff55c81b52559ff1b08bab917d63db
corporate/3.0/SRPMS/xine-lib-1-0.rc3.6.14.C30mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Mandriva Linux Security Advisory MDKSA-2006:225
http://www.mandriva.com/security/
Package : ruby
Date : December 6, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
Problem Description:
Another vulnerability has been discovered in the CGI library
(cgi.rb) that ships with Ruby which could be used by a malicious
user to create a denial of service attack (DoS).
Updated packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6303
Updated Packages:
Mandriva Linux 2006.0:
cf4eb0abe6d54c41a9b7e94adbd894ab
2006.0/i586/ruby-1.8.2-7.5.20060mdk.i586.rpm
42a501b32ad7f9c1140d2665a8c35bdf
2006.0/i586/ruby-devel-1.8.2-7.5.20060mdk.i586.rpm
fadf1005a3cecb41da322d6472023562
2006.0/i586/ruby-doc-1.8.2-7.5.20060mdk.i586.rpm
6754c4c9f5047d032a15819820595fcb
2006.0/i586/ruby-tk-1.8.2-7.5.20060mdk.i586.rpm
fb133b0d4f1b5eb27e67f0eb39772564
2006.0/SRPMS/ruby-1.8.2-7.5.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
a68db589ace220742904a49587e65087
2006.0/x86_64/ruby-1.8.2-7.5.20060mdk.x86_64.rpm
7f14ec97214b7f501c7bcd8963ad2b0a
2006.0/x86_64/ruby-devel-1.8.2-7.5.20060mdk.x86_64.rpm
5b6604fd9628a2312ee2b7f3b4371f45
2006.0/x86_64/ruby-doc-1.8.2-7.5.20060mdk.x86_64.rpm
ba38430b90e8b454c7b2228073c4d3dd
2006.0/x86_64/ruby-tk-1.8.2-7.5.20060mdk.x86_64.rpm
fb133b0d4f1b5eb27e67f0eb39772564
2006.0/SRPMS/ruby-1.8.2-7.5.20060mdk.src.rpm
Mandriva Linux 2007.0:
b126d91632869a7a659f7044cbca180c
2007.0/i586/ruby-1.8.5-2.2mdv2007.0.i586.rpm
a1414e09dcb3d0c858e3fc5070608e47
2007.0/i586/ruby-devel-1.8.5-2.2mdv2007.0.i586.rpm
d6bf66762039af18a6c5f0a8b27d2bfa
2007.0/i586/ruby-doc-1.8.5-2.2mdv2007.0.i586.rpm
017468bee38279e7f42adad194866cff
2007.0/i586/ruby-tk-1.8.5-2.2mdv2007.0.i586.rpm
45e958263f67f96797318621052f1e3f
2007.0/SRPMS/ruby-1.8.5-2.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
2721a9103870075c0e64dd1a7c01b9a5
2007.0/x86_64/ruby-1.8.5-2.2mdv2007.0.x86_64.rpm
6b6bd12e97b4ddf070849603bea45623
2007.0/x86_64/ruby-devel-1.8.5-2.2mdv2007.0.x86_64.rpm
2e163941297e43e62d2f798a93efe960
2007.0/x86_64/ruby-doc-1.8.5-2.2mdv2007.0.x86_64.rpm
d953012dc537a4f6e8343138d8f32f31
2007.0/x86_64/ruby-tk-1.8.5-2.2mdv2007.0.x86_64.rpm
45e958263f67f96797318621052f1e3f
2007.0/SRPMS/ruby-1.8.5-2.2mdv2007.0.src.rpm
Corporate 3.0:
95abd86462f84450392cd41ab5946666
corporate/3.0/i586/ruby-1.8.1-1.8.C30mdk.i586.rpm
174fe6c12a1a6a7dbf03f755cf0a57cd
corporate/3.0/i586/ruby-devel-1.8.1-1.8.C30mdk.i586.rpm
2d0e7d3f950e7040f6e6c19a921bdb78
corporate/3.0/i586/ruby-doc-1.8.1-1.8.C30mdk.i586.rpm
37fe39a689b25aa2caf193994a5dbf05
corporate/3.0/i586/ruby-tk-1.8.1-1.8.C30mdk.i586.rpm
71b024abd10b00f7e278e39492f98aa6
corporate/3.0/SRPMS/ruby-1.8.1-1.8.C30mdk.src.rpm
Corporate 3.0/X86_64:
366a4003551813d500eec00996981abf
corporate/3.0/x86_64/ruby-1.8.1-1.8.C30mdk.x86_64.rpm
ef95e042be0f3a881ae6a66502c1c905
corporate/3.0/x86_64/ruby-devel-1.8.1-1.8.C30mdk.x86_64.rpm
d72e56164f0a0fcb99b190dbb2ce7c2c
corporate/3.0/x86_64/ruby-doc-1.8.1-1.8.C30mdk.x86_64.rpm
81c6c9a396d26dea3bd683c2207eb96b
corporate/3.0/x86_64/ruby-tk-1.8.1-1.8.C30mdk.x86_64.rpm
71b024abd10b00f7e278e39492f98aa6
corporate/3.0/SRPMS/ruby-1.8.1-1.8.C30mdk.src.rpm
Corporate 4.0:
9796f3458efc694c98ab821158a0599b
corporate/4.0/i586/ruby-1.8.2-7.5.20060mlcs4.i586.rpm
3578dc2bd6735967f79f43b21b14f8b2
corporate/4.0/i586/ruby-devel-1.8.2-7.5.20060mlcs4.i586.rpm
4505b6152a025ecef599e48c4ef11763
corporate/4.0/i586/ruby-doc-1.8.2-7.5.20060mlcs4.i586.rpm
466b48eb68199179c044b8a0fe5f7a3f
corporate/4.0/i586/ruby-tk-1.8.2-7.5.20060mlcs4.i586.rpm
b7f41e2f4f5f71e3c2f214c041957533
corporate/4.0/SRPMS/ruby-1.8.2-7.5.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
2771fffe29e377ea0bcf594bb94a0f7b
corporate/4.0/x86_64/ruby-1.8.2-7.5.20060mlcs4.x86_64.rpm
2d0b06a00590a0dfae303be8079f852a
corporate/4.0/x86_64/ruby-devel-1.8.2-7.5.20060mlcs4.x86_64.rpm
87d597d03cc146b1b9ac89e29b7a2879
corporate/4.0/x86_64/ruby-doc-1.8.2-7.5.20060mlcs4.x86_64.rpm
ec2d09506bfebab08d523fd258f8136b
corporate/4.0/x86_64/ruby-tk-1.8.2-7.5.20060mlcs4.x86_64.rpm
b7f41e2f4f5f71e3c2f214c041957533
corporate/4.0/SRPMS/ruby-1.8.2-7.5.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Red Hat Linux
Red Hat Security Advisory
Synopsis: Low: mod_auth_kerb security update
Advisory ID: RHSA-2006:0746-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0746.html
Issue date: 2006-12-06
Updated on: 2006-12-06
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-5989
1. Summary:
Updated mod_auth_kerb packages that fix a security flaw and a
bug in multiple realm handling are now available for Red Hat
Enterprise Linux 4.
This update has been rated as having low security impact by the
Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 – i386, x86_64
Red Hat Enterprise Linux ES version 4 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 – i386, ia64, x86_64
3. Problem description:
mod_auth_kerb is module for the Apache HTTP Server designed to
provide Kerberos authentication over HTTP.
An off by one flaw was found in the way mod_auth_kerb handles
certain Kerberos authentication messages. A remote client could
send a specially crafted authentication request which could crash
an httpd child process (CVE-2006-5989).
A bug in the handling of multiple realms configured using the
“KrbAuthRealms” directive has also been fixed.
All users of mod_auth_kerb should upgrade to these updated
packages, which contain backported patches that resolve these
issues.
4. Solution:
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat
Network, launch the Red Hat Update Agent with the following
command:
up2date
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
216482 – CVE-2006-5989 mod_auth_kerb segfault with FC6
client
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mod_auth_kerb-5.0-1.3.src.rpm
24131bdecf30d669d2fb2692dbcfad27
mod_auth_kerb-5.0-1.3.src.rpm
i386:
1d5e62b7225a6e2000af86b789045413
mod_auth_kerb-5.0-1.3.i386.rpm
fed4a53b16b7bfd7a4a0dfaca62f5be6
mod_auth_kerb-debuginfo-5.0-1.3.i386.rpm
ia64:
443b99ef514df01db87733b155f93650
mod_auth_kerb-5.0-1.3.ia64.rpm
e0779dc88b1b5091cb40636b8837b530
mod_auth_kerb-debuginfo-5.0-1.3.ia64.rpm
ppc:
5436a1f27cf066c1726129704acc40cd
mod_auth_kerb-5.0-1.3.ppc.rpm
eef5905de44e82c650de1c10e58587db
mod_auth_kerb-debuginfo-5.0-1.3.ppc.rpm
s390:
2fcd997ce2d9993f1cf3a934be8495c9
mod_auth_kerb-5.0-1.3.s390.rpm
bf7c624895dcbad7e5e571110ed20e2a
mod_auth_kerb-debuginfo-5.0-1.3.s390.rpm
s390x:
e689f54999dd02f97d39ac840f009ede
mod_auth_kerb-5.0-1.3.s390x.rpm
af70fab7de73d73652f33a8a6b74b493
mod_auth_kerb-debuginfo-5.0-1.3.s390x.rpm
x86_64:
f586b2f0183882e66b848020a0226b9c
mod_auth_kerb-5.0-1.3.x86_64.rpm
407aa8cbe7e8feb41b3f8a567d8b5a8d
mod_auth_kerb-debuginfo-5.0-1.3.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mod_auth_kerb-5.0-1.3.src.rpm
24131bdecf30d669d2fb2692dbcfad27
mod_auth_kerb-5.0-1.3.src.rpm
i386:
1d5e62b7225a6e2000af86b789045413
mod_auth_kerb-5.0-1.3.i386.rpm
fed4a53b16b7bfd7a4a0dfaca62f5be6
mod_auth_kerb-debuginfo-5.0-1.3.i386.rpm
x86_64:
f586b2f0183882e66b848020a0226b9c
mod_auth_kerb-5.0-1.3.x86_64.rpm
407aa8cbe7e8feb41b3f8a567d8b5a8d
mod_auth_kerb-debuginfo-5.0-1.3.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mod_auth_kerb-5.0-1.3.src.rpm
24131bdecf30d669d2fb2692dbcfad27
mod_auth_kerb-5.0-1.3.src.rpm
i386:
1d5e62b7225a6e2000af86b789045413
mod_auth_kerb-5.0-1.3.i386.rpm
fed4a53b16b7bfd7a4a0dfaca62f5be6
mod_auth_kerb-debuginfo-5.0-1.3.i386.rpm
ia64:
443b99ef514df01db87733b155f93650
mod_auth_kerb-5.0-1.3.ia64.rpm
e0779dc88b1b5091cb40636b8837b530
mod_auth_kerb-debuginfo-5.0-1.3.ia64.rpm
x86_64:
f586b2f0183882e66b848020a0226b9c
mod_auth_kerb-5.0-1.3.x86_64.rpm
407aa8cbe7e8feb41b3f8a567d8b5a8d
mod_auth_kerb-debuginfo-5.0-1.3.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mod_auth_kerb-5.0-1.3.src.rpm
24131bdecf30d669d2fb2692dbcfad27
mod_auth_kerb-5.0-1.3.src.rpm
i386:
1d5e62b7225a6e2000af86b789045413
mod_auth_kerb-5.0-1.3.i386.rpm
fed4a53b16b7bfd7a4a0dfaca62f5be6
mod_auth_kerb-debuginfo-5.0-1.3.i386.rpm
ia64:
443b99ef514df01db87733b155f93650
mod_auth_kerb-5.0-1.3.ia64.rpm
e0779dc88b1b5091cb40636b8837b530
mod_auth_kerb-debuginfo-5.0-1.3.ia64.rpm
x86_64:
f586b2f0183882e66b848020a0226b9c
mod_auth_kerb-5.0-1.3.x86_64.rpm
407aa8cbe7e8feb41b3f8a567d8b5a8d
mod_auth_kerb-debuginfo-5.0-1.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5989
http://www.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
Red Hat Security Advisory
Synopsis: Important: gnupg security update
Advisory ID: RHSA-2006:0754-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0754.html
Issue date: 2006-12-06
Updated on: 2006-12-06
Product: Red Hat Enterprise Linux
Keywords: printable string decrypt heap overflow
CVE Names: CVE-2006-6169 CVE-2006-6235
1. Summary:
Updated GnuPG packages that fix two security issues are now
available.
This update has been rated as having important security impact
by the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 –
i386, ia64
Red Hat Linux Advanced Workstation 2.1 – ia64
Red Hat Enterprise Linux ES version 2.1 – i386
Red Hat Enterprise Linux WS version 2.1 – i386
Red Hat Enterprise Linux AS version 3 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Desktop version 3 – i386, x86_64
Red Hat Enterprise Linux ES version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 – i386, x86_64
Red Hat Enterprise Linux ES version 4 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 – i386, ia64, x86_64
3. Problem description:
GnuPG is a utility for encrypting data and creating digital
signatures.
Tavis Ormandy discovered a stack overwrite flaw in the way GnuPG
decrypts messages. An attacker could create carefully crafted
message that could cause GnuPG to execute arbitrary code if a
victim attempts to decrypt the message. (CVE-2006-6235)
A heap based buffer overflow flaw was found in the way GnuPG
constructs messages to be written to the terminal during an
interactive session. An attacker could create a carefully crafted
message which with user interaction could cause GnuPG to execute
arbitrary code with the permissions of the user running GnuPG.
(CVE-2006-6169)
All users of GnuPG are advised to upgrade to this updated
package, which contains a backported patch to correct these
issues.
4. Solution:
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat
Network, launch the Red Hat Update Agent with the following
command:
up2date
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
218505 – CVE-2006-6169 GnuPG heap overflow
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/gnupg-1.0.7-20.src.rpm
55f3008c00505b9ed691a1621f9f679b gnupg-1.0.7-20.src.rpm
i386:
25113e54fca82c67a1adb0d14c536aa9 gnupg-1.0.7-20.i386.rpm
ia64:
6a3a3c6dc0e4b65fd5eddc75a422fead gnupg-1.0.7-20.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/gnupg-1.0.7-20.src.rpm
55f3008c00505b9ed691a1621f9f679b gnupg-1.0.7-20.src.rpm
ia64:
6a3a3c6dc0e4b65fd5eddc75a422fead gnupg-1.0.7-20.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/gnupg-1.0.7-20.src.rpm
55f3008c00505b9ed691a1621f9f679b gnupg-1.0.7-20.src.rpm
i386:
25113e54fca82c67a1adb0d14c536aa9 gnupg-1.0.7-20.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/gnupg-1.0.7-20.src.rpm
55f3008c00505b9ed691a1621f9f679b gnupg-1.0.7-20.src.rpm
i386:
25113e54fca82c67a1adb0d14c536aa9 gnupg-1.0.7-20.i386.rpm
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/gnupg-1.2.1-19.src.rpm
2006add6d6ece17f59f4a9397d621665 gnupg-1.2.1-19.src.rpm
i386:
39045347836c30667687d601a58965a9 gnupg-1.2.1-19.i386.rpm
e1a346200fd6628fefcdcc721083e91f
gnupg-debuginfo-1.2.1-19.i386.rpm
ia64:
978ff04512ff5e7706d505e0fa46e0eb gnupg-1.2.1-19.ia64.rpm
03269279b06d98af518bd405c3313bad
gnupg-debuginfo-1.2.1-19.ia64.rpm
ppc:
7f21902fb2f508d735bbc430a01765f4 gnupg-1.2.1-19.ppc.rpm
e8019cb279d04aa65a9faf52ab0a46c0
gnupg-debuginfo-1.2.1-19.ppc.rpm
s390:
d9fefbd2ef988552d9b1b3b0a890acef gnupg-1.2.1-19.s390.rpm
5efc90cef0cac23eda451e1508e09fd2
gnupg-debuginfo-1.2.1-19.s390.rpm
s390x:
5fe40389e0aeb86ab0b9b1d413e899d1 gnupg-1.2.1-19.s390x.rpm
0353ea95434201e538e81809117fab33
gnupg-debuginfo-1.2.1-19.s390x.rpm
x86_64:
4cd47c1ff13aecfc4fb235e98b156e06 gnupg-1.2.1-19.x86_64.rpm
1a327c028d1e44f3747c890f6c926d9a
gnupg-debuginfo-1.2.1-19.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/gnupg-1.2.1-19.src.rpm
2006add6d6ece17f59f4a9397d621665 gnupg-1.2.1-19.src.rpm
i386:
39045347836c30667687d601a58965a9 gnupg-1.2.1-19.i386.rpm
e1a346200fd6628fefcdcc721083e91f
gnupg-debuginfo-1.2.1-19.i386.rpm
x86_64:
4cd47c1ff13aecfc4fb235e98b156e06 gnupg-1.2.1-19.x86_64.rpm
1a327c028d1e44f3747c890f6c926d9a
gnupg-debuginfo-1.2.1-19.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/gnupg-1.2.1-19.src.rpm
2006add6d6ece17f59f4a9397d621665 gnupg-1.2.1-19.src.rpm
i386:
39045347836c30667687d601a58965a9 gnupg-1.2.1-19.i386.rpm
e1a346200fd6628fefcdcc721083e91f
gnupg-debuginfo-1.2.1-19.i386.rpm
ia64:
978ff04512ff5e7706d505e0fa46e0eb gnupg-1.2.1-19.ia64.rpm
03269279b06d98af518bd405c3313bad
gnupg-debuginfo-1.2.1-19.ia64.rpm
x86_64:
4cd47c1ff13aecfc4fb235e98b156e06 gnupg-1.2.1-19.x86_64.rpm
1a327c028d1e44f3747c890f6c926d9a
gnupg-debuginfo-1.2.1-19.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/gnupg-1.2.1-19.src.rpm
2006add6d6ece17f59f4a9397d621665 gnupg-1.2.1-19.src.rpm
i386:
39045347836c30667687d601a58965a9 gnupg-1.2.1-19.i386.rpm
e1a346200fd6628fefcdcc721083e91f
gnupg-debuginfo-1.2.1-19.i386.rpm
ia64:
978ff04512ff5e7706d505e0fa46e0eb gnupg-1.2.1-19.ia64.rpm
03269279b06d98af518bd405c3313bad
gnupg-debuginfo-1.2.1-19.ia64.rpm
x86_64:
4cd47c1ff13aecfc4fb235e98b156e06 gnupg-1.2.1-19.x86_64.rpm
1a327c028d1e44f3747c890f6c926d9a
gnupg-debuginfo-1.2.1-19.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gnupg-1.2.6-8.src.rpm
4d919fce07aa4051c6a8ec5f871430c8 gnupg-1.2.6-8.src.rpm
i386:
640862942e412f7070f4633cef6a480e gnupg-1.2.6-8.i386.rpm
b389e7abc34289a7ed4b302893c10396
gnupg-debuginfo-1.2.6-8.i386.rpm
ia64:
0d1191dcf30c72a93282dfec862dbef6 gnupg-1.2.6-8.ia64.rpm
840fcfbd4a0078df5390cf206efe7c27
gnupg-debuginfo-1.2.6-8.ia64.rpm
ppc:
1c64e01d7a0e6adbf2c069303f28c66b gnupg-1.2.6-8.ppc.rpm
56d59005e8c51bda61edd99e75ef692b
gnupg-debuginfo-1.2.6-8.ppc.rpm
s390:
6f007a82e0b769988ba97132db09053b gnupg-1.2.6-8.s390.rpm
ac9c8f7fcd9313dc2ec9d53d206227de
gnupg-debuginfo-1.2.6-8.s390.rpm
s390x:
bbf9eab34a9282fd30698bc0d27ff11f gnupg-1.2.6-8.s390x.rpm
6dd7b0cb8904abf3216de58be7bbb110
gnupg-debuginfo-1.2.6-8.s390x.rpm
x86_64:
800e7c982ba81ae0651b0091fdf61a63 gnupg-1.2.6-8.x86_64.rpm
fb3f183d427aea368b331b8e008122d7
gnupg-debuginfo-1.2.6-8.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gnupg-1.2.6-8.src.rpm
4d919fce07aa4051c6a8ec5f871430c8 gnupg-1.2.6-8.src.rpm
i386:
640862942e412f7070f4633cef6a480e gnupg-1.2.6-8.i386.rpm
b389e7abc34289a7ed4b302893c10396
gnupg-debuginfo-1.2.6-8.i386.rpm
x86_64:
800e7c982ba81ae0651b0091fdf61a63 gnupg-1.2.6-8.x86_64.rpm
fb3f183d427aea368b331b8e008122d7
gnupg-debuginfo-1.2.6-8.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gnupg-1.2.6-8.src.rpm
4d919fce07aa4051c6a8ec5f871430c8 gnupg-1.2.6-8.src.rpm
i386:
640862942e412f7070f4633cef6a480e gnupg-1.2.6-8.i386.rpm
b389e7abc34289a7ed4b302893c10396
gnupg-debuginfo-1.2.6-8.i386.rpm
ia64:
0d1191dcf30c72a93282dfec862dbef6 gnupg-1.2.6-8.ia64.rpm
840fcfbd4a0078df5390cf206efe7c27
gnupg-debuginfo-1.2.6-8.ia64.rpm
x86_64:
800e7c982ba81ae0651b0091fdf61a63 gnupg-1.2.6-8.x86_64.rpm
fb3f183d427aea368b331b8e008122d7
gnupg-debuginfo-1.2.6-8.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gnupg-1.2.6-8.src.rpm
4d919fce07aa4051c6a8ec5f871430c8 gnupg-1.2.6-8.src.rpm
i386:
640862942e412f7070f4633cef6a480e gnupg-1.2.6-8.i386.rpm
b389e7abc34289a7ed4b302893c10396
gnupg-debuginfo-1.2.6-8.i386.rpm
ia64:
0d1191dcf30c72a93282dfec862dbef6 gnupg-1.2.6-8.ia64.rpm
840fcfbd4a0078df5390cf206efe7c27
gnupg-debuginfo-1.2.6-8.ia64.rpm
x86_64:
800e7c982ba81ae0651b0091fdf61a63 gnupg-1.2.6-8.x86_64.rpm
fb3f183d427aea368b331b8e008122d7
gnupg-debuginfo-1.2.6-8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235
http://www.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
rPath Linux
rPath Security Advisory: 2006-0226-1
Published: 2006-12-06
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification: Local Root Non-deterministic
Privilege Escalation
Updated Versions:
kernel=/conary.rpath.com@rpl:devel//1/2.6.17.14-0.4-1
kernel=/conary.rpath.com@rpl:devel//1-xen/2.6.16.29-0.11-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5751
https://issues.rpath.com/browse/RPL-803
https://issues.rpath.com/browse/RPL-837
Description:
Previous versions of the kernel package are vulnerable to a
local denial of service or privilege escalation attack by
unprivileged users if any network bridge interface has been
configured with more than two interfaces. The attacker can cause
the system to crash, and is believed to be able to provide
arbitrary code that may (with undetermined probability) run in
kernel context. Xen dom0 instances in the default bridging
configuration are vulnerable.
Previous versions of the Xen dom0 kernel did not embed the
firmware for QLogic 2XXX Fibre Channel adapters, disabling Xen dom0
on those systems.
This update requires a system reboot to implement the fixes.
rPath Security Advisory: 2006-0227-1
Published: 2006-12-06
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification: Indirect Deterministic Privilege
Escalation
Updated Versions:
gnupg=/conary.rpath.com@rpl:devel//1/1.4.6-0.1-
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6235
https://issues.rpath.com/browse/RPL-835
Description:
Previous versions of the gnupg package will execute
attacker-provided code found in intentionally malformed OpenPGP
packets. This allows an attacker to run arbitrary code as the user
invoking gpg on the file that contains the malformed packets.
Ubuntu
Ubuntu Security Notice USN-390-2 December 06, 2006
evince vulnerability
CVE-2006-5864
A security issue affects the following Ubuntu releases:
Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.10:
evince 0.4.0-0ubuntu4.3
Ubuntu 6.06 LTS:
evince 0.5.2-0ubuntu3.2
Ubuntu 6.10:
evince 0.6.1-0ubuntu1.2
In general, a standard system upgrade is sufficient to effect
the necessary changes.
Details follow:
USN-390-1 fixed a vulnerability in evince. The original fix did
not fully solve the problem, allowing for a denial of service in
certain situations.
Original advisory details:
A buffer overflow was discovered in the PostScript processor
included in evince. By tricking a user into opening a specially
crafted PS file, an attacker could crash evince or execute
arbitrary code with the user’s privileges.
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.4.0-0ubuntu4.3.diff.gz
Size/MD5: 11703
57da8bfc0ad787ae9c8ecd69c517249c
http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.4.0-0ubuntu4.3.dsc
Size/MD5: 1873
72d17a9bdb8a65e1a240834099cfdbe6
http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.4.0.orig.tar.gz
Size/MD5: 1172276
9c1009e3dae55bcda1bc5204f021ad1b
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.4.0-0ubuntu4.3_amd64.deb
Size/MD5: 652508
2815d3389a1260c6388485b71c3bb5b1
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.4.0-0ubuntu4.3_i386.deb
Size/MD5: 602688
3f7768319e1d5f8f3a3131cf23856c86
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.4.0-0ubuntu4.3_powerpc.deb
Size/MD5: 637256
0c2653001eb6c40e0a3228f8dd49598f
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/e/evince/evince_0.4.0-0ubuntu4.3_sparc.deb
Size/MD5: 616900
ade92071c11fd148af61ec3f57900ea3
Updated packages for Ubuntu 6.06 LTS:
Source archives: