---

Advisories: Feburary 28, 2005

Debian GNU/Linux


Debian Security Advisory DSA 690-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
February 25th, 2005 http://www.debian.org/security/faq


Package : bsmtpd
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0107

Bastian Blank a vulnerability in bsmtpd, a batched SMTP mailer
for sendmail and postfix. Unsanitised addresses can cause the
execution of arbitrary commands during alleged mail delivery.

For the stable distribution (woody) this problem has been fixed
in version 2.3pl8b-12woody1.

For the unstable distribution (sid) this problem has been fixed
in version 2.3pl8b-16.

We recommend that you upgrade your bsmtpd package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:


http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1.dsc

Size/MD5 checksum: 580 a52f31e37ed84f6c77334d42b285d327

http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1.diff.gz

Size/MD5 checksum: 16757 25feec8311fd898c59a187c048876331

http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b.orig.tar.gz

Size/MD5 checksum: 21212 d474faf9252f6ba381a57bb2f1aaf48d

Alpha architecture:


http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_alpha.deb

Size/MD5 checksum: 34626 7e8281efce33079aa51426283369e1fd

ARM architecture:


http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_arm.deb

Size/MD5 checksum: 32010 4d74ca73f494c8d6babf2c58b100b06b

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_i386.deb

Size/MD5 checksum: 30210 22fa9205cfd747abf64a1974efc25900

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_ia64.deb

Size/MD5 checksum: 39420 ebe934e628a84dd653b7f3f5c8d3db50

HP Precision architecture:


http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_hppa.deb

Size/MD5 checksum: 33990 9b9252f3347b7e26e6057b655f6dfe1f

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_m68k.deb

Size/MD5 checksum: 29404 1cd6143691b6f8c30d899e9a05db1be4

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_mips.deb

Size/MD5 checksum: 32212 902f889f98881692e24c5cac80ac2046

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_mipsel.deb

Size/MD5 checksum: 32270 8df7c0f9206a297352fe27ec2ed7aa10

PowerPC architecture:


http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_powerpc.deb

Size/MD5 checksum: 32036 05b57cae1bd29bae629836608ba6c6e1

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_s390.deb

Size/MD5 checksum: 31982 25e56d69999ad2023e97952dd64a6471

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_sparc.deb

Size/MD5 checksum: 34962 f29ca8fd647fe459e173f1ed68b80d49

These files will probably be moved into the stable distribution
on its next update.


For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>


Fedora Core


Fedora Update Notification
FEDORA-2005-171
2005-02-25


Product : Fedora Core 2
Name : gaim
Version : 1.1.4
Release : 0.FC2
Summary : A Gtk+ based multiprotocol instant messaging client

Description :
Gaim allows you to talk to anyone using a variety of messaging
protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN
Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols
are implemented using a modular, easy to use design. To use a
protocol, just add an account using the account editor.

Gaim supports many common features of other clients, as well as
many unique features, such as perl scripting and C plugins.

Gaim is NOT affiliated with or endorsed by America Online, Inc.,
Microsoft Corporation, or Yahoo! Inc. or other messaging service
providers.


Update Information:

This update resolves another DoS issue in parsing malformed
HTML, and a MSN related crash that folks were hitting often.


  • Thu Feb 24 2005 Warren Togami <wtogami@redhat.com>
    1:1.1.4-0.FC2

    • FC2
  • Thu Feb 24 2005 Warren Togami <wtogami@redhat.com>
    1:1.1.4-1

    • 1.1.4 with MSN crash fix, g_stat() crash workaround

      CAN-2005-0208 Gaim HTML parsing DoS (another one)

  • Tue Feb 22 2005 Warren Togami <wtogami@redhat.com>
    1:1.1.3-4

    • Test fixes for #149190 and #149304

This update can be downloaded from:


http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

6214fefe3f0d1963fe8a18d4bb0d1728
SRPMS/gaim-1.1.4-0.FC2.src.rpm
6d46e456110af368feb2671666be4576
x86_64/gaim-1.1.4-0.FC2.x86_64.rpm
d7fbdffb081e6bf463d8e09e027d8f02
x86_64/debug/gaim-debuginfo-1.1.4-0.FC2.x86_64.rpm
5440e0ef5ff96f16fa13a0580c1842aa i386/gaim-1.1.4-0.FC2.i386.rpm
6fccc876878f0566bffdc16d4ec2c1e5
i386/debug/gaim-debuginfo-1.1.4-0.FC2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.



Fedora Update Notification
FEDORA-2005-172
2005-02-25


Product : Fedora Core 3
Name : gaim
Version : 1.1.4
Release : 0.FC3
Summary : A Gtk+ based multiprotocol instant messaging client

Description :
Gaim allows you to talk to anyone using a variety of messaging
protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN
Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols
are implemented using a modular, easy to use design. To use a
protocol, just add an account using the account editor.

Gaim supports many common features of other clients, as well as
many unique features, such as perl scripting and C plugins.

Gaim is NOT affiliated with or endorsed by America Online, Inc.,
Microsoft Corporation, or Yahoo! Inc. or other messaging service
providers.


Update Information:

This update resolves another DoS issue in parsing malformed
HTML, and a MSN related crash that folks were hitting often.


  • Thu Feb 24 2005 Warren Togami <wtogami@redhat.com>
    1:1.1.4-0.FC3

    • FC3
  • Thu Feb 24 2005 Warren Togami <wtogami@redhat.com>
    1:1.1.4-1

    • 1.1.4 with MSN crash fix, g_stat() crash workaround

      CAN-2005-0208 Gaim HTML parsing DoS (another one)

  • Tue Feb 22 2005 Warren Togami <wtogami@redhat.com>
    1:1.1.3-4

    • Test fixes for #149190 and #149304

This update can be downloaded from:


http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

69048a51ec8001285f5be7ec48635ca1
SRPMS/gaim-1.1.4-0.FC3.src.rpm
865a0dd9e293e68fa16cee836e59fcb9
x86_64/gaim-1.1.4-0.FC3.x86_64.rpm
92ad90314af9b036dca2cf18365daf60
x86_64/debug/gaim-debuginfo-1.1.4-0.FC3.x86_64.rpm
255f546347b43c21d9d5d8f5d81b7c16 i386/gaim-1.1.4-0.FC3.i386.rpm
11256b0dd8026e9d9f639d039d271331
i386/debug/gaim-debuginfo-1.1.4-0.FC3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.


Fedora Legacy


Fedora Legacy Update Advisory

Synopsis: Updated kernel packages fix security issues
Advisory ID: FLSA:2336
Issue date: 2005-02-24
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2336

CVE Names: CAN-2004-0177 CAN-2004-0685 CAN-2004-0814 CAN-2004-0883
CAN-2004-0949 CAN-2004-1016 CAN-2004-1017 CAN-2004-1056
CAN-2004-1068 CAN-2004-1070 CAN-2004-1071 CAN-2004-1072
CAN-2004-1073 CAN-2004-1074 CAN-2004-1137 CAN-2004-1234
CAN-2004-1235 CAN-2005-0001



1. Topic:

Updated kernel packages that fix several security issues are now
available.

The Linux kernel handles the basic functions of the operating
system.

2. Relevant releases/architectures:

Red Hat Linux 7.3 – i386
Red Hat Linux 9 – i386
Fedora Core 1 – i386

3. Problem description:

This update includes fixes for several security issues:

The ext3 code in kernels before 2.4.26 did not properly
initialize journal descriptor blocks. A privileged local user could
read portions of kernel memory. The Common Vulnerabilities and
Exposures project (cve.mitre.org/) has assigned the name
CAN-2004-0177 to this issue.

Conectiva discovered flaws in certain USB drivers affecting
kernels prior to 2.4.27 which used the copy_to_user function on
uninitialized structures. These flaws could allow local users to
read small amounts of kernel memory. (CAN-2004-0685)

Multiple race conditions in the terminal layer could allow local
users to obtain portions of kernel data via a TIOCSETD ioctl call
to a terminal interface that is being accessed by another thread.
This could also allow remote attackers to cause a denial of service
(panic) by switching from console to PPP line discipline, then
quickly sending data that is received during the switch.
(CAN-2004-0814)

Stefan Esser discovered various flaws including buffer overflows
in the smbfs driver affecting kernels prior to 2.4.28. A local user
may be able to cause a denial of service (crash) or possibly gain
privileges. In order to exploit these flaws the user would require
control of a connected Samba server. (CAN-2004-0883,
CAN-2004-0949)

ISEC security research and Georgi Guninski independantly
discovered a flaw in the scm_send function in the auxiliary message
layer. A local user could create a carefully crafted auxiliary
message which could cause a denial of service (system hang).
(CAN-2004-1016)

Multiple overflows were discovered and corrected in the
io_edgeport driver. (CAN-2004-1017)

The Direct Rendering Manager (DRM) driver does not properly
check the DMA lock, which could allow remote attackers or local
users to cause a denial of service (X Server crash) and possibly
modify the video output. (CAN-2004-1056)

A missing serialization flaw in unix_dgram_recvmsg was
discovered that affects kernels prior to 2.4.28. A local user could
potentially make use of a race condition in order to gain
privileges. (CAN-2004-1068)

Paul Starzetz of iSEC discovered various flaws in the ELF binary
loader affecting kernels prior to 2.4.28. A local user could use
these flaws to gain read access to executable-only binaries or
possibly gain privileges. (CAN-2004-1070, CAN-2004-1071,
CAN-2004-1072, CAN-2004-1073, CAN-2004-1074)

ISEC security research discovered multiple vulnerabilities in
the IGMP functionality of the kernels. These flaws could allow a
local user to cause a denial of service (crash) or potentially gain
privileges. Where multicast applications are being used on a
system, these flaws may also allow remote users to cause a denial
of service. (CAN-2004-1137)

Kirill Korotaev found a flaw in load_elf_binary affecting
kernels prior to 2.4.26. A local user could create a carefully
crafted binary in such a way that it would cause a denial of
service (system crash). (CAN-2004-1234)

iSEC Security Research discovered a VMA handling flaw in the
uselib(2) system call of the Linux kernel. A local user could make
use of this flaw to gain elevated (root) privileges.
(CAN-2004-1235)

iSEC Security Research discovered a flaw in the page fault
handler code that could lead to local users gaining elevated (root)
privileges on multiprocessor machines. (CAN-2005-0001)

All users are advised to upgrade their kernels to the packages
associated with their machine architectures and configurations as
listed in this erratum.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

To install kernel packages manually, use “rpm -ivh
<package>” and modify system settings to boot the kernel you
have installed. To do this, edit /boot/grub/grub.conf and change
the default entry to “default=0” (or, if you have chosen to use
LILO as your boot loader, edit /etc/lilo.conf and run lilo)

Please note that this update is also available via yum and apt.
Many people find this an easier way to apply updates. To use yum
issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that
you have yum or apt-get configured for obtaining Fedora Legacy
content. Please visit http://www.fedoralegacy.org/docs
for directions on how to configure yum and apt-get.

Note that this may not automatically pull the new kernel in if
you have configured apt/yum to ignore kernels. If so, follow the
manual instructions above.

5. Bug IDs fixed:

http://bugzilla.fedora.us – bug
#2336 – Kernel bugs

6. RPMs required:

Red Hat Linux 7.3:

SRPM:

http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/kernel-2.4.20-42.7.legacy.src.rpm

i386:

http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-BOOT-2.4.20-42.7.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-doc-2.4.20-42.7.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-source-2.4.20-42.7.legacy.i386.rpm

i586:

http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i586.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.i586.rpm

i686:

http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i686.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-bigmem-2.4.20-42.7.legacy.i686.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.i686.rpm

athlon:

http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.athlon.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.athlon.rpm

Red Hat Linux 9:

SRPM:

http://download.fedoralegacy.org/redhat/9/updates/SRPMS/kernel-2.4.20-42.9.legacy.src.rpm

i386:

http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-BOOT-2.4.20-42.9.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-doc-2.4.20-42.9.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-source-2.4.20-42.9.legacy.i386.rpm

i586:

http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i586.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.i586.rpm

i686:

http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i686.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-bigmem-2.4.20-42.9.legacy.i686.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.i686.rpm

athlon:

http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.athlon.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.athlon.rpm

Fedora Core 1:

SRPM:

http://download.fedoralegacy.org/fedora/1/updates/SRPMS/kernel-2.4.22-1.2199.4.legacy.nptl.src.rpm

i386:

http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-BOOT-2.4.22-1.2199.4.legacy.nptl.i386.rpm


http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-doc-2.4.22-1.2199.4.legacy.nptl.i386.rpm


http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-source-2.4.22-1.2199.4.legacy.nptl.i386.rpm

i586:

http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i586.rpm


http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i586.rpm

i686:

http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i686.rpm


http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i686.rpm

athlon:

http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.athlon.rpm


http://download.fedoralegacy.org/fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.athlon.rpm

7. Verification:

SHA1 sum Package Name


7900b4d4608f6f23f1b19f8545a67bd733493c65
redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.athlon.rpm
dad7ced597c96a258e11d0de8437356ac82e40f3
redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i386.rpm
caea6cb5c96897341c71e023e71d90b1b01bdde9
redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i586.rpm
ffe552201b6bfdc5359596ae901bc249a365cec6
redhat/7.3/updates/i386/kernel-2.4.20-42.7.legacy.i686.rpm
4be06cfe9783c4d045fbfff4774e50f308fa6934
redhat/7.3/updates/i386/kernel-bigmem-2.4.20-42.7.legacy.i686.rpm

7d4b1b49e292ade40eb1f14e89338ae8df014981
redhat/7.3/updates/i386/kernel-BOOT-2.4.20-42.7.legacy.i386.rpm
6a17058770d6e6c2b8706232d1ceb60866b36ab0
redhat/7.3/updates/i386/kernel-doc-2.4.20-42.7.legacy.i386.rpm
b8e1b78b834e48ec35906b3924eb2bd12a33e4d6
redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.athlon.rpm

55e2477c5ddd3934c2bfbc770ff0df7cce44a6a0
redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.i586.rpm
c923851d4e460a672891db11bbc98089189a5a93
redhat/7.3/updates/i386/kernel-smp-2.4.20-42.7.legacy.i686.rpm
dfcf9626635256e898e9696b7c8e58d826069be4
redhat/7.3/updates/i386/kernel-source-2.4.20-42.7.legacy.i386.rpm

f4620b08ec8e2ae3973d5b3e555893ab3a7ce340
redhat/7.3/updates/SRPMS/kernel-2.4.20-42.7.legacy.src.rpm
2d6d73763d1d7631b61c40b8093757466dd24cd7
redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.athlon.rpm
7b1f8f93eb586ae3fbe834670801d45b999700c2
redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i386.rpm
8d472f8c69a624b310758472c7f387c258f73c02
redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i586.rpm
618c079b5c9336a0bf0c4e7342616c001eea5f15
redhat/9/updates/i386/kernel-2.4.20-42.9.legacy.i686.rpm
dcc66fd50b44cdb55c543d2d0496de595e627d7a
redhat/9/updates/i386/kernel-bigmem-2.4.20-42.9.legacy.i686.rpm
d092d4efcc10b605fdf9724c5bd65560811063c4
redhat/9/updates/i386/kernel-BOOT-2.4.20-42.9.legacy.i386.rpm
d99388a8d0f9b0b7e19aa61d25399dc4e5489427
redhat/9/updates/i386/kernel-doc-2.4.20-42.9.legacy.i386.rpm
ccfaec93e1a5145ec9d91f0d3e7eeab19a3a81a4
redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.athlon.rpm
75e49f1b57037546407f3631a3c5f75fb2d671ee
redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.i586.rpm
c7b63e8f26ccb8a237a5918d50e04b112e13f700
redhat/9/updates/i386/kernel-smp-2.4.20-42.9.legacy.i686.rpm
f1e82fb01bcf318ee1e6d48ac3119ee8caa6be11
redhat/9/updates/i386/kernel-source-2.4.20-42.9.legacy.i386.rpm
d11209f3d111ed3e633662c5f651772f11282f8e
redhat/9/updates/SRPMS/kernel-2.4.20-42.9.legacy.src.rpm
91df569f7f98a976f2686628c9a45160c8f730c6
fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.athlon.rpm

1ef2868a7a990521a080925ca81981cafa676258
fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i586.rpm

5b093d72e5f7398f3b829c6ce557eb9817042732
fedora/1/updates/i386/kernel-2.4.22-1.2199.4.legacy.nptl.i686.rpm

b66170a9431426138e454ddec7f3b98ec45a10fb
fedora/1/updates/i386/kernel-BOOT-2.4.22-1.2199.4.legacy.nptl.i386.rpm

4c5895f14271a8b5bc6e5489c053fba1f96e71f8
fedora/1/updates/i386/kernel-doc-2.4.22-1.2199.4.legacy.nptl.i386.rpm

a358e368bea67f2cbbf32a6a1c9242e1cd7dffeb
fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.athlon.rpm

c16b6217ac2ade811576e303a7eb1ddc0214d692
fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i586.rpm

d307317b04336c289cddde005e11c30b188119cb
fedora/1/updates/i386/kernel-smp-2.4.22-1.2199.4.legacy.nptl.i686.rpm

3b0301c812ad4379c6eb7bbd7970ab4f9602b37c
fedora/1/updates/i386/kernel-source-2.4.22-1.2199.4.legacy.nptl.i386.rpm

d14e7971299e22a38cdeee145028d797ea477a1c
fedora/1/updates/SRPMS/kernel-2.4.22-1.2199.4.legacy.nptl.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our
key is available from http://www.fedoralegacy
org/about/security.php

You can verify each package with the following command:

rpm –checksig -v <filename>

If you only wish to verify that each package has not been
corrupted or tampered with, examine only the sha1sum with the
following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0177

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0685

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0814

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0883

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0949

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1016

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1017

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1056

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1068

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1070

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1071

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1072

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1073

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1074

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1137

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1234

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1235

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0001

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>.
More project details at http://www.fedoralegacy.org


Gentoo Linux


Gentoo Linux Security Advisory GLSA 200502-30


http://security.gentoo.org/


Severity: Low
Title: cmd5checkpw: Local password leak vulnerability
Date: February 25, 2005
Bugs: #78256
ID: 200502-30


Synopsis

cmd5checkpw contains a flaw allowing local users to access other
users cmd5checkpw passwords.

Background

cmd5checkpw is a checkpassword compatible authentication program
that uses CRAM-MD5 authentication mode.

Affected packages


     Package               /  Vulnerable  /                 Unaffected

  1  net-mail/cmd5checkpw     <= 0.22-r1                    >= 0.22-r2

Description

Florian Westphal discovered that cmd5checkpw is installed setuid
cmd5checkpw but does not drop privileges before calling execvp(),
so the invoked program retains the cmd5checkpw euid.

Impact

Local users that know at least one valid /etc/poppasswd
user/password combination can read the /etc/poppasswd file.

Workaround

There is no known workaround at this time.

Resolution

All cmd5checkpw users should upgrade to the latest available
version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-mail/cmd5checkpw-0.22-r2"

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200502-30.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

LBA-Linux


LBA-Linux Security Advisory

Subject: Updated emacs package for LBA-Linux R2
Advisory ID: LBASA-2005:4
Date: Sunday, February 27, 2005
Product: LBA-Linux R2


Problem description:

CAN-2005-0100
Format string vulnerability in the movemail utility in (1) Emacs
20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and
earlier, allows remote malicious POP3 servers to execute arbitrary
code via crafted packets.

Updated packages:

LBA-Linux R2:

i386:

ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/emacs-21.3-10.lba.5.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/emacs-common-21.3-10.lba.5.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/emacs-el-21.3-10.lba.5.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/emacs-leim-21.3-10.lba.5.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/emacs-nox-21.3-10.lba.5.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the
Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and
    select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named emacs to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the
    UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater’s
    main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100

Copyright(c) 2001-2005 SOT


LBA-Linux Security Advisory

Subject: Updated xemacs package for LBA-Linux R2
Advisory ID: LBASA-2005:5
Date: Sunday, February 27, 2005
Product: LBA-Linux R2


Problem description:

CAN-2005-0100
Format string vulnerability in the movemail utility in (1) Emacs
20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and
earlier, allows remote malicious POP3 servers to execute arbitrary
code via crafted packets.

Updated packages:

LBA-Linux R2:

i386:

ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/xemacs-21.4.15-1.lba.3.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/xemacs-el-21.4.15-1.lba.3.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/xemacs-info-21.4.15-1.lba.3.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the
Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and
    select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named xemacs to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the
    UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater’s
    main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0100

Copyright(c) 2001-2005 SOT


LBA-Linux Security Advisory

Subject: Updated postgresql package for LBA-Linux R2
Advisory ID: LBASA-2005:6
Date: Monday, February 28, 2005
Product: LBA-Linux R2


Problem description:

CAN-2005-0227
PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local
users to load arbitrary shared libraries and execute code via the
LOAD extension.

CAN-2005-0244
PostgreSQL 8.0.0 and earlier allows local users to bypass the
EXECUTE permission check for functions by using the CREATE
AGGREGATE command.

CAN-2005-0245
Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may
allow attackers to execute arbitrary code via a large number of
arguments to a refcursor function (gram.y), which leads to a
heap-based buffer overflow, a different vulnerability than
CAN-2005-0247.

CAN-2005-0246
The intagg contrib module for PostgreSQL 8.0.0 and earlier allows
attackers to cause a denial of service (crash) via crafted
arrays.

CAN-2005-0247
Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and
earlier may allow attackers to execute arbitrary code via (1) a
large number of variables in a SQL statement being handled by the
read_sql_construct function, (2) a large number of INTO variables
in a SELECT statement being handled by the make_select_stmt
function, (3) a large number of arbitrary variables in a SELECT
statement being handled by the make_select_stmt function, and (4) a
large number of INTO variables in a FETCH statement being handled
by the make_fetch_stmt function, a different set of vulnerabilities
than CAN-2005-0245.

Updated packages:

LBA-Linux R2:

i386:

ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/postgresql-7.4.1-1.lba.4.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/postgresql-contrib-7.4.1-1.lba.4.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/postgresql-devel-7.4.1-1.lba.4.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/postgresql-docs-7.4.1-1.lba.4.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/postgresql-jdbc-7.4.1-1.lba.4.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/postgresql-libs-7.4.1-1.lba.4.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/postgresql-pl-7.4.1-1.lba.4.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/postgresql-python-7.4.1-1.lba.4.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/postgresql-server-7.4.1-1.lba.4.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/postgresql-tcl-7.4.1-1.lba.4.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/postgresql-test-7.4.1-1.lba.4.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the
Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and
    select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named postgresql to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the
    UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater’s
    main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0227

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0244

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0245

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0246

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0247

Copyright(c) 2001-2005 SOT


LBA-Linux Security Advisory

Subject: Updated mailman package for LBA-Linux R2
Advisory ID: LBASA-2005:7
Date: Monday, February 28, 2005
Product: LBA-Linux R2


Problem description:

CAN-2005-0202
Directory traversal vulnerability in the true_path function in
private.py for Mailman 2.1.5 and earlier allows remote attackers to
read arbitrary files via “…/….///” sequences, which are not
properly cleansed by regular expressions that are intended to
remove “../” and “./” sequences.

Updated packages:

LBA-Linux R2:

i386:

ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/mailman-2.1.4-2.lba.3.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the
Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and
    select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named mailman to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the
    UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater’s
    main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0202

Copyright(c) 2001-2005 SOT


LBA-Linux Security Advisory

Subject: Updated mysql package for LBA-Linux R2
Advisory ID: LBASA-2005:8
Date: Monday, February 28, 2005
Product: LBA-Linux R2


Problem description:

CAN-2005-0004
The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before
4.1.10, 5.0.x before 5.0.3, and other versions including 3.x,
allows local users to overwrite arbitrary files or read temporary
files via a symlink attack on temporary files.

Updated packages:

LBA-Linux R2:

i386:

ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/mysql-3.23.58-7.lba.4.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/mysql-bench-3.23.58-7.lba.4.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/mysql-devel-3.23.58-7.lba.4.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/mysql-server-3.23.58-7.lba.4.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the
Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and
    select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named mysql to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the
    UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater’s
    main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0004

Copyright(c) 2001-2005 SOT


LBA-Linux Security Advisory

Subject: Updated enscript package for LBA-Linux R2
Advisory ID: LBASA-2005:9
Date: Monday, February 28, 2005
Product: LBA-Linux R2


Problem description:

CAN-2004-1184
The EPSF pipe support in enscript 1.6.3 allows remote attackers or
local users to execute arbitrary commands via shell
metacharacters.

CAN-2004-1185
Enscript 1.6.3 does not sanitize filenames, which allows remote
attackers or local users to execute arbitrary commands via crafted
filenames.

CAN-2004-1186
Multiple buffer overflows in enscript 1.6.3 allow remote attackers
or local users to cause a denial of service (application
crash).

Updated packages:

LBA-Linux R2:

i386:

ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/enscript-1.6.1-25.lba.2.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the
Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and
    select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named enscript to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the
    UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater’s
    main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1184

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1185

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1186

Copyright(c) 2001-2005 SOT


LBA-Linux Security Advisory

Subject: Updated unarj package for LBA-Linux R2
Advisory ID: LBASA-2005:10
Date: Monday, February 28, 2005
Product: LBA-Linux R2


Problem description:

CAN-2004-0947
Buffer overflow in unarj before 2.63a-r2 allows remote attackers to
execute arbitrary code via an arj archive that contains long
filenames.

CAN-2004-1027
Directory traversal vulnerability in the -x (extract) command line
option in unarj allows remote attackers to overwrite arbitrary
files via an arj archive with filenames that contain .. (dot dot)
sequences.

Updated packages:

LBA-Linux R2:

i386:

ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/unarj-2.63a-5.lba.2.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the
Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and
    select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named unarj to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the
    UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater’s
    main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0947

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1027

Copyright(c) 2001-2005 SOT


LBA-Linux Security Advisory

Subject: Updated zip package for LBA-Linux R2
Advisory ID: LBASA-2005:11
Date: Monday, February 28, 2005
Product: LBA-Linux R2


Problem description:

CAN-2004-1010
Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when
using recursive folder compression, allows remote attackers to
execute arbitrary code via a ZIP file containing a long
pathname.

Updated packages:

LBA-Linux R2:

i386:

ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/zip-2.3-20.lba.2.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the
Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and
    select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named zip to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the
    UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater’s
    main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1010

Copyright(c) 2001-2005 SOT


LBA-Linux Security Advisory

Subject: Updated iptables package for LBA-Linux R2
Advisory ID: LBASA-2005:12
Date: Monday, February 28, 2005
Product: LBA-Linux R2


Problem description:

CAN-2004-0986
iptables before 1.2.11, under certain conditions, does not properly
load the required modules at system startup, which causes the
firewall rules to fail to load and protect the system from remote
attackers.

Updated packages:

LBA-Linux R2:

i386:

ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/iptables-1.2.9-2.3.lba.2.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/iptables-devel-1.2.9-2.3.lba.2.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/iptables-ipv6-1.2.9-2.3.lba.2.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the
Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and
    select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named iptables to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the
    UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater’s
    main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0986

Copyright(c) 2001-2005 SOT


LBA-Linux Security Advisory

Subject: Updated imap package for LBA-Linux R2
Advisory ID: LBASA-2005:13
Date: Monday, February 28, 2005
Product: LBA-Linux R2


Problem description:

CAN-2005-0198
A logic error in the CRAM-MD5 code for the University of Washington
IMAP (UW-IMAP) server, when Challenge-Response Authentication
Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce
all the required conditions for successful authentication, which
allows remote attackers to authenticate as arbitrary users.

Updated packages:

LBA-Linux R2:

i386:

ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/imap-2002d-3.lba.2.i386.rpm


ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/imap-devel-2002d-3.lba.2.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the
Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and
    select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named imap to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the
    UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater’s
    main toolbar.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0198

Copyright(c) 2001-2005 SOT

Ubuntu Linux


Ubuntu Security Notice USN-85-1 February 25, 2005
gaim vulnerabilities
CAN-2005-0208, CAN-2005-0472, CAN-2005-0473


A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

gaim

The problem can be corrected by upgrading the affected package
to version 1:1.0.0-1ubuntu1.2. In general, a standard system
upgrade is sufficient to effect the necessary changes.

Details follow:

The Gaim developers discovered that the HTML parser did not
sufficiently validate its input. This allowed a remote attacker to
crash the Gaim client by sending certain malformed HTML messages.
(CAN-2005-0208, CAN-2005-0473)

Another lack of sufficient input validation was found in the
“Oscar” protocol handler which is used for ICQ and AIM. By sending
specially crafted packets, remote users could trigger an infinite
loop in Gaim which caused Gaim to become unresponsive and hang.
(CAN-2005-0472)

Source archives:


http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.2.diff.gz

Size/MD5: 42432 088aa80f79950d5efa7f6afc29d2915e

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.2.dsc

Size/MD5: 853 66848ad2c5b6ef2c136e8419d9c84e72

http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0.orig.tar.gz

Size/MD5: 6985979 7dde686aace751a49dce734fd0cb7ace

amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.2_amd64.deb

Size/MD5: 3444018 f829005df6031fa36622e04bcb30968e

i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.2_i386.deb

Size/MD5: 3354146 f85b4b98fc5bc04fe494a5303f225967

powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.2_powerpc.deb

Size/MD5: 3417968 614a7816b433efb292944822479661b1

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis