Fedora Core
Fedora Update Notification
FEDORA-2007-024
2007-01-09
Product : Fedora Core 5
Name : xterm
Version : 223
Release : 1.fc5
Summary : xterm terminal emulator for the X Window System
Description :
The xterm program is a terminal emulator for the X Window System.
It provides DEC VT102 and Tektronix 4014 compatible terminals for
programs that can’t use the window system directly.
- Mon Jan 8 2007 Miroslav Lichvar <mlichvar@redhat.com> –
223-1.fc5- update to 223
- use correct tty group (#219048)
- spec cleanup
- Thu Nov 23 2006 Miroslav Lichvar <mlichvar@redhat.com> –
213-2.fc5- fix segfault when /etc/termcap is missing (#201246)
- Wed May 31 2006 Jason Vas Dias <jvdias@redhat.com> –
213-1- Upgrade to upstream version 213 (fixes bug 192627)
- fix bug 189161 : make -r/-rv do reverseVideo with or without
xterm*{fore,back}ground set
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
a0764f07b362fdacf5fa651fb2d4c3ca8104f134
SRPMS/xterm-223-1.fc5.src.rpm
a0764f07b362fdacf5fa651fb2d4c3ca8104f134
noarch/xterm-223-1.fc5.src.rpm
10472561ece92c823f047fb8f8957180eeef5ed4
ppc/debug/xterm-debuginfo-223-1.fc5.ppc.rpm
af10fae2fad456c20b2d9a81fe9303727b05cc89
ppc/xterm-223-1.fc5.ppc.rpm
302276b509427b2bf04fa8e2882f8ba77307b84c
x86_64/xterm-223-1.fc5.x86_64.rpm
5a159f2dd831beadab4a99514b2034a644b163be
x86_64/debug/xterm-debuginfo-223-1.fc5.x86_64.rpm
c578d6cfc3234481b0118c201cbe4b42d21bdac0
i386/xterm-223-1.fc5.i386.rpm
74a02c4e0ce766523e6eb50f3d55a525374c9290
i386/debug/xterm-debuginfo-223-1.fc5.i386.rpm
This update can be installed with the ‘yum’ update program. Use
‘yum update package-name’ at the command line. For more
information, refer to ‘Managing Software with yum,’ available at
http://fedora.redhat.com/docs/yum/.
Fedora Update Notification
FEDORA-2007-031
2007-01-09
Product : Fedora Core 6
Name : xterm
Version : 223
Release : 1.fc6
Summary : xterm terminal emulator for the X Window System
Description :
The xterm program is a terminal emulator for the X Window System.
It provides DEC VT102 and Tektronix 4014 compatible terminals for
programs that can’t use the window system directly.
- Mon Jan 8 2007 Miroslav Lichvar <mlichvar@redhat.com>
223-1.fc6- update to 223
- use correct tty group (#219048)
- spec cleanup
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
3431217b0d3f5c2d2d03d320659b62cdf87859e1
SRPMS/xterm-223-1.fc6.src.rpm
3431217b0d3f5c2d2d03d320659b62cdf87859e1
noarch/xterm-223-1.fc6.src.rpm
387173920a8c7685d99756bd84f72d5520bc4e1b
ppc/debug/xterm-debuginfo-223-1.fc6.ppc.rpm
4ca7d5d956f00240327323c7a967768ebcd613dd
ppc/xterm-223-1.fc6.ppc.rpm
8305ee45b247d823fe087ef26f736e556eac60f8
x86_64/debug/xterm-debuginfo-223-1.fc6.x86_64.rpm
5c5d3841a15428e8f2acb9792f806c9869d83264
x86_64/xterm-223-1.fc6.x86_64.rpm
dff526438ad69435c586b403eafc13cc240e1fa9
i386/xterm-223-1.fc6.i386.rpm
87793e61c3d63b37e725d7377fb0347b83819a7a
i386/debug/xterm-debuginfo-223-1.fc6.i386.rpm
This update can be installed with the ‘yum’ update program. Use
‘yum update package-name’ at the command line. For more
information, refer to ‘Managing Software with yum,’ available at
http://fedora.redhat.com/docs/yum/.
Fedora Update Notification
FEDORA-2007-033
2007-01-09
Product : Fedora Core 6
Name : krb5
Version : 1.5
Release : 13
Summary : The Kerberos network authentication system.
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network’s security by eliminating the
insecure practice of cleartext passwords.
Update Information:
This update incorporates fixes for recently-announced bugs found
in the kadmind daemon.
- Tue Jan 9 2007 Nalin Dahyabhai <nalin@redhat.com> –
1.5-13- apply fixes from Tom Yu for MITKRB5-SA-2006-002 (CVE-2006-6143)
(#218456) - apply fixes from Tom Yu for MITKRB5-SA-2006-003 (CVE-2006-6144)
(#218456)
- apply fixes from Tom Yu for MITKRB5-SA-2006-002 (CVE-2006-6143)
- Mon Oct 9 2006 Nalin Dahyabhai <nalin@redhat.com> – 1.5-9
- provide docs in PDF format instead of as tex source (Enrico
Scholz, #209943)
- provide docs in PDF format instead of as tex source (Enrico
- Wed Oct 4 2006 Nalin Dahyabhai <nalin@redhat.com> – 1.5-8
- add missing shebang headers to krsh and krlogin wrapper scripts
(#209238)
- add missing shebang headers to krsh and krlogin wrapper scripts
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
43b1b9c946f30629489b903961472d9b0cdf1cd8
SRPMS/krb5-1.5-13.src.rpm
43b1b9c946f30629489b903961472d9b0cdf1cd8
noarch/krb5-1.5-13.src.rpm
42b9b525ea97d128ed22c6feb7b48cc377ca46ad
ppc/debug/krb5-debuginfo-1.5-13.ppc.rpm
51c9dfac74d9026509906e953cf92ac50e1a13c4
ppc/krb5-workstation-1.5-13.ppc.rpm
39a5ed204a75766df9daf51a66971f51700d563c
ppc/krb5-server-1.5-13.ppc.rpm
bce7df56293ae51d79ce1e054b3056d24a1ae8d5
ppc/krb5-devel-1.5-13.ppc.rpm
9097a6f8fdda32e8b976b0beb2b03ba66172327e
ppc/krb5-libs-1.5-13.ppc.rpm
51c1f15fca97f267cabd1d1a9851a349fc5a3648
x86_64/krb5-workstation-1.5-13.x86_64.rpm
7cc0d54545539827434c7975697c9c13ae9e4797
x86_64/debug/krb5-debuginfo-1.5-13.x86_64.rpm
71fcdc5dadb273576ad9e530fbb15764650cb84b
x86_64/krb5-devel-1.5-13.x86_64.rpm
bbe8f1b3e7c6077526f760b361ad6ca5d4039276
x86_64/krb5-libs-1.5-13.x86_64.rpm
e38c1dccd2310d3bab9d204226988aee627cfe0d
x86_64/krb5-server-1.5-13.x86_64.rpm
02ddf8b25bea088b4de3cc8c27fcf3eb2967efa6
i386/debug/krb5-debuginfo-1.5-13.i386.rpm
d6470636e983d8559d4378f819fba80b467af0a5
i386/krb5-libs-1.5-13.i386.rpm
278c19ec68ed47d35c5c2370df5c48807dba1224
i386/krb5-workstation-1.5-13.i386.rpm
aa72a083b60ddfb3dbc0761f13ea7147e09995f1
i386/krb5-server-1.5-13.i386.rpm
9cfd3d1d48deb0e7f83a0a13a5ddf2383386b400
i386/krb5-devel-1.5-13.i386.rpm
This update can be installed with the ‘yum’ update program. Use
‘yum update package-name’ at the command line. For more
information, refer to ‘Managing Software with yum,’ available at
http://fedora.redhat.com/docs/yum/.
Fedora Update Notification
FEDORA-2007-034
2007-01-09
Product : Fedora Core 5
Name : krb5
Version : 1.4.3
Release : 5.3
Summary : The Kerberos network authentication system.
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network’s security by eliminating the
insecure practice of cleartext passwords.
Update Information:
This update incorporates a fix for a recently-announced bug
found in the kadmind daemon.
- Tue Jan 9 2007 Nalin Dahyabhai <nalin@redhat.com>
1.4.3-5.3- apply patch from Tom Yu to fix MITKRB-SA-2006-002
(CVE-2006-6143)
- apply patch from Tom Yu to fix MITKRB-SA-2006-002
- Fri Aug 18 2006 Nalin Dahyabhai <nalin@redhat.com>
1.4.3-5.2- switch to the updated patch for MITKRB-SA-2006-001
- Tue Aug 8 2006 Nalin Dahyabhai <nalin@redhat.com>
1.4.3-5.1- apply patch to address MITKRB-SA-2006-001 (CVE-2006-3084)
- Fri Apr 14 2006 Stepan Kasal <skasal@redhat.com> –
1.4.3-5- Fix formatting typo in kinit.1 (krb5-kinit-man-typo.patch)
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
7793a2b82312ff8cd74eed932f19fd140fde8dbc
SRPMS/krb5-1.4.3-5.3.src.rpm
7793a2b82312ff8cd74eed932f19fd140fde8dbc
noarch/krb5-1.4.3-5.3.src.rpm
80872f714bccacb4a0fe819cf056d08b8b6f2acb
ppc/debug/krb5-debuginfo-1.4.3-5.3.ppc.rpm
be455c361d844ed4ec7ff77babef73bf0f1fc135
ppc/krb5-devel-1.4.3-5.3.ppc.rpm
03c13c6e72b3712c81ae4e7a8204c18c8844827a
ppc/krb5-libs-1.4.3-5.3.ppc.rpm
f9407fb7e90f1110b0292c16c3396283cf31de00
ppc/krb5-server-1.4.3-5.3.ppc.rpm
c8b605fca4374ed90477c56db750e1071e255857
ppc/krb5-workstation-1.4.3-5.3.ppc.rpm
fad46a7c60b6eb14fb7be738a8f0aecfe5f43e91
x86_64/krb5-devel-1.4.3-5.3.x86_64.rpm
60fe48a00502de2943e3dd0a638905365fb2fcc5
x86_64/krb5-libs-1.4.3-5.3.x86_64.rpm
8e25791a803d4a33dd86bce562d4280b00afaeb3
x86_64/debug/krb5-debuginfo-1.4.3-5.3.x86_64.rpm
5a7ec7ebdeb2e76becec5d525824c44a6a50c3ba
x86_64/krb5-workstation-1.4.3-5.3.x86_64.rpm
2fe1049372d5c4b932995fd11f17f954ea778aa6
x86_64/krb5-server-1.4.3-5.3.x86_64.rpm
d284d66778ff2f1f379f82743fcdd8101123c5a6
i386/krb5-server-1.4.3-5.3.i386.rpm
ce685e8dc97cefb790da2a9660d12c42d0ba44c2
i386/krb5-libs-1.4.3-5.3.i386.rpm
bbf873cfbc83e1a1f3ed5e4058b90fef0ba725e3
i386/krb5-devel-1.4.3-5.3.i386.rpm
83f98440fe6ea3012d4534453b3348914c255709
i386/debug/krb5-debuginfo-1.4.3-5.3.i386.rpm
239fd28094e8e8b95f8cadff7adebcc19cde1f11
i386/krb5-workstation-1.4.3-5.3.i386.rpm
This update can be installed with the ‘yum’ update program. Use
‘yum update package-name’ at the command line. For more
information, refer to ‘Managing Software with yum,’ available at
http://fedora.redhat.com/docs/yum/.
Mandriva Linux
Mandriva Linux Security Advisory MDKSA-2007:003
http://www.mandriva.com/security/
Package : avahi
Date : January 8, 2007
Affected: 2007.0
Problem Description:
The consume_labels function in avahi-core/dns.c in Avahi before
0.6.16 allows remote attackers to cause a denial of service
(infinite loop) via a crafted compressed DNS response with a label
that points to itself.
Updated packages are patched to address this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6870
Updated Packages:
Mandriva Linux 2007.0:
3d85bef8519f2b3bc87fa4689c9f1c3c
2007.0/i586/avahi-0.6.13-4.2mdv2007.0.i586.rpm
4d3917128ec852b8f2bc87c5b5d8666a
2007.0/i586/avahi-dnsconfd-0.6.13-4.2mdv2007.0.i586.rpm
4edbbf9d64e96b142568b053f04c6616
2007.0/i586/avahi-python-0.6.13-4.2mdv2007.0.i586.rpm
4d712e30c2fbd4418f3fcf5b6d1b4c0c
2007.0/i586/avahi-sharp-0.6.13-4.2mdv2007.0.i586.rpm
880684acb045144595581fb339136930
2007.0/i586/avahi-x11-0.6.13-4.2mdv2007.0.i586.rpm
652be4f82f97c1524a6d0f2986b2cdeb
2007.0/i586/libavahi-client3-0.6.13-4.2mdv2007.0.i586.rpm
0cda97099767a99a24bfa7055ce2c841
2007.0/i586/libavahi-client3-devel-0.6.13-4.2mdv2007.0.i586.rpm
aa8c01ebe391edb965ec3ef278601bb1
2007.0/i586/libavahi-common3-0.6.13-4.2mdv2007.0.i586.rpm
23fec0b43f0d2f287023cc8262034488
2007.0/i586/libavahi-common3-devel-0.6.13-4.2mdv2007.0.i586.rpm
0bf0ec7072425a530a426b117d625845
2007.0/i586/libavahi-compat-howl0-0.6.13-4.2mdv2007.0.i586.rpm
2d4aca55b435b5b586c8157bd00e298c
2007.0/i586/libavahi-compat-howl0-devel-0.6.13-4.2mdv2007.0.i586.rpm
491e90b47e58faa7f1136756c2eb56b1
2007.0/i586/libavahi-compat-libdns_sd1-0.6.13-4.2mdv2007.0.i586.rpm
821a9132a8b03b05a5efab32be3addd5
2007.0/i586/libavahi-compat-libdns_sd1-devel-0.6.13-4.2mdv2007.0.i586.rpm
7f602260a514a21a2211cabd22c1e6aa
2007.0/i586/libavahi-core4-0.6.13-4.2mdv2007.0.i586.rpm
ffa377ad89f47e07112d94400698bbae
2007.0/i586/libavahi-core4-devel-0.6.13-4.2mdv2007.0.i586.rpm
01dc5e308f1e94f8fda051511ba470b1
2007.0/i586/libavahi-glib1-0.6.13-4.2mdv2007.0.i586.rpm
4a90fb91f7a5ff1ca36cbdb9375dd2b2
2007.0/i586/libavahi-glib1-devel-0.6.13-4.2mdv2007.0.i586.rpm
00e29620a63da300e1032c8f37c7837f
2007.0/i586/libavahi-qt3_1-0.6.13-4.2mdv2007.0.i586.rpm
01a5534cccae9a70a1ba915a38a82952
2007.0/i586/libavahi-qt3_1-devel-0.6.13-4.2mdv2007.0.i586.rpm
acfec3f7a3d07f6dc07a449f4d1387a3
2007.0/i586/libavahi-qt4_1-0.6.13-4.2mdv2007.0.i586.rpm
d1b583ff8eda500d3058da1138ab8407
2007.0/i586/libavahi-qt4_1-devel-0.6.13-4.2mdv2007.0.i586.rpm
40e5ad83bf3a3064c1bccf229a5c6bbf
2007.0/SRPMS/avahi-0.6.13-4.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
75a40fbced632bdc8babb3709f01f294
2007.0/x86_64/avahi-0.6.13-4.2mdv2007.0.x86_64.rpm
e17b41b7649c696a747ec06b430e688a
2007.0/x86_64/avahi-dnsconfd-0.6.13-4.2mdv2007.0.x86_64.rpm
6186acf41ae8f0466158c9baeb46b688
2007.0/x86_64/avahi-python-0.6.13-4.2mdv2007.0.x86_64.rpm
a810ca0d5eefc79882a2922c4d2b1819
2007.0/x86_64/avahi-sharp-0.6.13-4.2mdv2007.0.x86_64.rpm
ad25b467a05edd773045c4710dfe3802
2007.0/x86_64/avahi-x11-0.6.13-4.2mdv2007.0.x86_64.rpm
8ca2ef2791379beec855af78a4c9ddc6
2007.0/x86_64/lib64avahi-client3-0.6.13-4.2mdv2007.0.x86_64.rpm
45217f18c88ce547cb1a7376e97e3567
2007.0/x86_64/lib64avahi-client3-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
453dbcd08a1fe2413e32cac3b5cb2f11
2007.0/x86_64/lib64avahi-common3-0.6.13-4.2mdv2007.0.x86_64.rpm
fadf1a660490adcf1c47f4ea3d42ba33
2007.0/x86_64/lib64avahi-common3-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
4247e04c65d855d36e5273bed281b463
2007.0/x86_64/lib64avahi-compat-howl0-0.6.13-4.2mdv2007.0.x86_64.rpm
f0cb08bf33d91165d5298223de11f026
2007.0/x86_64/lib64avahi-compat-howl0-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
6652bacf267ea46b4d06a6bed7d504b8
2007.0/x86_64/lib64avahi-compat-libdns_sd1-0.6.13-4.2mdv2007.0.x86_64.rpm
69600fd816780de31621c4b5e86a4644
2007.0/x86_64/lib64avahi-compat-libdns_sd1-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
587258202393cd826826a94af80cbe17
2007.0/x86_64/lib64avahi-core4-0.6.13-4.2mdv2007.0.x86_64.rpm
9b048c8a6dfbc0c42bc088fa6983fe7b
2007.0/x86_64/lib64avahi-core4-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
332e5e3e44ac035cef0d03b26b5d1d6c
2007.0/x86_64/lib64avahi-glib1-0.6.13-4.2mdv2007.0.x86_64.rpm
cfeda3f7394c4cd28074cc393cdb140d
2007.0/x86_64/lib64avahi-glib1-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
b95bec83a950e8ac19ab9d10b24052cd
2007.0/x86_64/lib64avahi-qt3_1-0.6.13-4.2mdv2007.0.x86_64.rpm
be3469df6e708ee450de14911c60d617
2007.0/x86_64/lib64avahi-qt3_1-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
1ccbdfd8ca4f491ef0463da7681ad502
2007.0/x86_64/lib64avahi-qt4_1-0.6.13-4.2mdv2007.0.x86_64.rpm
871d9ba7088fb9eb9140d80c4de8bd62
2007.0/x86_64/lib64avahi-qt4_1-devel-0.6.13-4.2mdv2007.0.x86_64.rpm
40e5ad83bf3a3064c1bccf229a5c6bbf
2007.0/SRPMS/avahi-0.6.13-4.2mdv2007.0.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Mandriva Linux Security Advisory MDKSA-2007:004
http://www.mandriva.com/security/
Package : geoip
Date : January 8, 2007
Affected: Corporate 4.0
Problem Description:
Dean Gaudet discovered the geoipupdate utility fails to do
sanity checking on the filename returned by “GET
/app/update_getfilename?product_id=%s”.
Updated packages are patched to address this issue.
References:
http://arctic.org/~dean/patches/GeoIP-1.4.0-update-vulnerability.patch
Updated Packages:
Corporate 4.0:
fa1f121647c2537c612bd06cb696bf45
corporate/4.0/i586/geoip-1.4.0-2.1.20060mlcs4.i586.rpm
b7121479dd6061d651e1596d6d088742
corporate/4.0/i586/libgeoip1-1.4.0-2.1.20060mlcs4.i586.rpm
4672680cd19c237b0972c31428b5643d
corporate/4.0/i586/libgeoip1-devel-1.4.0-2.1.20060mlcs4.i586.rpm
e5df2bdfcdcf1da47ff30756fe6515cb
corporate/4.0/i586/libgeoipupdate0-1.4.0-2.1.20060mlcs4.i586.rpm
2ebfd111dd8511dc3cec4ade7ce39f73
corporate/4.0/SRPMS/geoip-1.4.0-2.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
fee7fd2c73be1c3a8b86c83e9b614192
corporate/4.0/x86_64/geoip-1.4.0-2.1.20060mlcs4.x86_64.rpm
0232c0ff1b9463ccddb155de4095fd47
corporate/4.0/x86_64/lib64geoip1-1.4.0-2.1.20060mlcs4.x86_64.rpm
a29ebe06132643a78ae9948fff1eb0bd
corporate/4.0/x86_64/lib64geoip1-devel-1.4.0-2.1.20060mlcs4.x86_64.rpm
97ef3b059e9771b7c0783c66f0106f29
corporate/4.0/x86_64/lib64geoipupdate0-1.4.0-2.1.20060mlcs4.x86_64.rpm
2ebfd111dd8511dc3cec4ade7ce39f73
corporate/4.0/SRPMS/geoip-1.4.0-2.1.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Mandriva Linux Security Advisory MDKSA-2007-005
http://www.mandriva.com/security/
Package : xorg-x11
Date : January 9, 2007
Affected: 2007.0, Corporate 3.0, Corporate 4.0
Problem Description:
Sean Larsson of iDefense Labs discovered several vulnerabilities
in X.Org/XFree86:
Local exploitation of a memory corruption vulnerability in the
‘ProcRenderAddGlyphs()’ function in the X.Org and XFree86 X server
could allow an attacker to execute arbitrary code with privileges
of the X server, typically root. (CVE-2006-6101)
Local exploitation of a memory corruption vulnerability in the
‘ProcDbeGetVisualInfo()’ function in the X.Org and XFree86 X server
could allow an attacker to execute arbitrary code with privileges
of the X server, typically root. (CVE-2006-6102)
Local exploitation of a memory corruption vulnerability in the
‘ProcDbeSwapBuffers()’ function in the X.Org and XFree86 X server
could allow an attacker to execute arbitrary code with privileges
of the X server, typically root. (CVE-2006-6103)
Updated packages are patched to address these issues.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6103
Updated Packages:
Mandriva Linux 2007.0:
e9cfeae65ae50e767d8ccb17dddd71eb
2007.0/i586/x11-server-1.1.1-11.2mdv2007.0.i586.rpm
863a88c753a9d2d221fbac1b3310a65c
2007.0/i586/x11-server-common-1.1.1-11.2mdv2007.0.i586.rpm
52a30990b2bb31c6409c2d8d54bf86d3
2007.0/i586/x11-server-devel-1.1.1-11.2mdv2007.0.i586.rpm
3e1b9a8ddadf5096fff9dac82c578b1c
2007.0/i586/x11-server-xati-1.1.1-11.2mdv2007.0.i586.rpm
e99acd2df14c8328bc995433fad93324
2007.0/i586/x11-server-xchips-1.1.1-11.2mdv2007.0.i586.rpm
243ff8044e9c0e0770d736b2e2ffbdcd
2007.0/i586/x11-server-xdmx-1.1.1-11.2mdv2007.0.i586.rpm
2046ca8e10b87e2c357484c62d7ec745
2007.0/i586/x11-server-xephyr-1.1.1-11.2mdv2007.0.i586.rpm
3eaeb966c8a4484704efa87b470e9459
2007.0/i586/x11-server-xepson-1.1.1-11.2mdv2007.0.i586.rpm
9bf052af77fe144ee1b7b317f5c3bf94
2007.0/i586/x11-server-xfake-1.1.1-11.2mdv2007.0.i586.rpm
50012156051dd4080a42a2d3620d9623
2007.0/i586/x11-server-xfbdev-1.1.1-11.2mdv2007.0.i586.rpm
27e32328d5f2b4d6ad3ba8e72ade0b4b
2007.0/i586/x11-server-xi810-1.1.1-11.2mdv2007.0.i586.rpm
1739591ec6d79eeaa99216e1d1f5f50e
2007.0/i586/x11-server-xmach64-1.1.1-11.2mdv2007.0.i586.rpm
8f4c2520f8d5d046a23deff082ab301c
2007.0/i586/x11-server-xmga-1.1.1-11.2mdv2007.0.i586.rpm
64209b3e7013c2acee4c6dfe13688d03
2007.0/i586/x11-server-xneomagic-1.1.1-11.2mdv2007.0.i586.rpm
5a69978a79ba5893fcfabf779c877163
2007.0/i586/x11-server-xnest-1.1.1-11.2mdv2007.0.i586.rpm
857b758e0b246cc42824166e5f37c1e2
2007.0/i586/x11-server-xnvidia-1.1.1-11.2mdv2007.0.i586.rpm
b2ad469ef5e89b71b8ecef82d2272ebe
2007.0/i586/x11-server-xorg-1.1.1-11.2mdv2007.0.i586.rpm
2aeba4167d8668a01910b91553f9ae71
2007.0/i586/x11-server-xpm2-1.1.1-11.2mdv2007.0.i586.rpm
169b0ac813d81830f52e7b8e9b1cc639
2007.0/i586/x11-server-xprt-1.1.1-11.2mdv2007.0.i586.rpm
feeb76d3b0f116ee7dfe3ac0391ad050
2007.0/i586/x11-server-xr128-1.1.1-11.2mdv2007.0.i586.rpm
50167c3c324a2dd52a9eb4213f437d43
2007.0/i586/x11-server-xsdl-1.1.1-11.2mdv2007.0.i586.rpm
1623181b5bd6a0abf68929b9bd12b70f
2007.0/i586/x11-server-xsmi-1.1.1-11.2mdv2007.0.i586.rpm
6a8b39a6f4c0f10d2ec6e5cb217f56a2
2007.0/i586/x11-server-xvesa-1.1.1-11.2mdv2007.0.i586.rpm
37d90882ac4864086a54f619cd037b9e
2007.0/i586/x11-server-xvfb-1.1.1-11.2mdv2007.0.i586.rpm
7622c3a9b1ab0a62d6046324081f1e46
2007.0/i586/x11-server-xvia-1.1.1-11.2mdv2007.0.i586.rpm
991736d620094e091cd09658881fd7f8
2007.0/SRPMS/x11-server-1.1.1-11.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
624a8b074db6605206d0a7b16cb01892
2007.0/x86_64/x11-server-1.1.1-11.2mdv2007.0.x86_64.rpm
52f61bd6297e082b93d42492dc7c9920
2007.0/x86_64/x11-server-common-1.1.1-11.2mdv2007.0.x86_64.rpm
843eeac61cba5d88654c24e1464e94c6
2007.0/x86_64/x11-server-devel-1.1.1-11.2mdv2007.0.x86_64.rpm
b3aeed35380974bd01c4078ee0b2b687
2007.0/x86_64/x11-server-xdmx-1.1.1-11.2mdv2007.0.x86_64.rpm
4de253b9405097c7bad41b7842a2827a
2007.0/x86_64/x11-server-xephyr-1.1.1-11.2mdv2007.0.x86_64.rpm
ddeeaf830dce542cfbef3f8e236e9216
2007.0/x86_64/x11-server-xfake-1.1.1-11.2mdv2007.0.x86_64.rpm
88e5e3f7c453ab113705a3b3b528862f
2007.0/x86_64/x11-server-xfbdev-1.1.1-11.2mdv2007.0.x86_64.rpm
f0aea95d2330be1619434a6ca97ac6a0
2007.0/x86_64/x11-server-xnest-1.1.1-11.2mdv2007.0.x86_64.rpm
6f1da00becac710b69cbfe7d8df013b5
2007.0/x86_64/x11-server-xorg-1.1.1-11.2mdv2007.0.x86_64.rpm
bddf7d82635be497b546afe2c4d352c2
2007.0/x86_64/x11-server-xprt-1.1.1-11.2mdv2007.0.x86_64.rpm
d43d53671b7b05071dc7f5fc56ffad33
2007.0/x86_64/x11-server-xsdl-1.1.1-11.2mdv2007.0.x86_64.rpm
fd29c26ca80cdf0908ef06931e7ff54f
2007.0/x86_64/x11-server-xvfb-1.1.1-11.2mdv2007.0.x86_64.rpm
991736d620094e091cd09658881fd7f8
2007.0/SRPMS/x11-server-1.1.1-11.2mdv2007.0.src.rpm
Corporate 3.0:
9148c6038e8c967aba90a92a1a8958c1
corporate/3.0/i586/X11R6-contrib-4.3-32.10.C30mdk.i586.rpm
89211ef83bfad6813228f0f27b9ef817
corporate/3.0/i586/XFree86-100dpi-fonts-4.3-32.10.C30mdk.i586.rpm
5faeb0a6e17115455c47f6fb166ba7eb
corporate/3.0/i586/XFree86-4.3-32.10.C30mdk.i586.rpm
ce5906b0b96e0bcd9d4ed63bfd9d7016
corporate/3.0/i586/XFree86-75dpi-fonts-4.3-32.10.C30mdk.i586.rpm
0cadc3a5cd34d63dc5c1afbd5897fa20
corporate/3.0/i586/XFree86-Xnest-4.3-32.10.C30mdk.i586.rpm
3b003d55b3e46df3d3a14f173e42bbb1
corporate/3.0/i586/XFree86-Xvfb-4.3-32.10.C30mdk.i586.rpm
bfd0693e954aae7aee49d0e4399ba4e0
corporate/3.0/i586/XFree86-cyrillic-fonts-4.3-32.10.C30mdk.i586.rpm
1a4c609b26c26c99848340cc40b407bc
corporate/3.0/i586/XFree86-doc-4.3-32.10.C30mdk.i586.rpm
3fd3517036524b311646a882164a7d30
corporate/3.0/i586/XFree86-glide-module-4.3-32.10.C30mdk.i586.rpm
44f0e5d20c7ee87552d2e746f6dfa534
corporate/3.0/i586/XFree86-server-4.3-32.10.C30mdk.i586.rpm
937aec7feb3b3d4da364e320c1f758fc
corporate/3.0/i586/XFree86-xfs-4.3-32.10.C30mdk.i586.rpm
75c05caec92af135695ae8f15a2488fb
corporate/3.0/i586/libxfree86-4.3-32.10.C30mdk.i586.rpm
6fc75fe45b1245d54cc4fb06bfe762bb
corporate/3.0/i586/libxfree86-devel-4.3-32.10.C30mdk.i586.rpm
d1c3a5fc42a38516b5834a8e35b6f49e
corporate/3.0/i586/libxfree86-static-devel-4.3-32.10.C30mdk.i586.rpm
1b8bceb7a2642f2e3a971d531b193007
corporate/3.0/SRPMS/XFree86-4.3-32.10.C30mdk.src.rpm
Corporate 3.0/X86_64:
7ee0237dc34c37d4c73388d57a2d3c52
corporate/3.0/x86_64/X11R6-contrib-4.3-32.10.C30mdk.x86_64.rpm
e3f5145bc9a2ccbc0b9d9b30e54969c3
corporate/3.0/x86_64/XFree86-100dpi-fonts-4.3-32.10.C30mdk.x86_64.rpm
5e9c303e5690eb4a9109e7935eb50a85
corporate/3.0/x86_64/XFree86-4.3-32.10.C30mdk.x86_64.rpm
b0808240fe585b84dc2aed1324d1fd27
corporate/3.0/x86_64/XFree86-75dpi-fonts-4.3-32.10.C30mdk.x86_64.rpm
2e2c1b00c7a4287d87a33723c23ef11a
corporate/3.0/x86_64/XFree86-Xnest-4.3-32.10.C30mdk.x86_64.rpm
6c326e1c535ca70df484ae34b80fcf0d
corporate/3.0/x86_64/XFree86-Xvfb-4.3-32.10.C30mdk.x86_64.rpm
34def7b4bd2ed971f9a69e7fe26a7372
corporate/3.0/x86_64/XFree86-cyrillic-fonts-4.3-32.10.C30mdk.x86_64.rpm
1b9e3720b03e0ffca7944bfcd9536e3b
corporate/3.0/x86_64/XFree86-doc-4.3-32.10.C30mdk.x86_64.rpm
a3df7a48a2f25edc0efa27234dfb2128
corporate/3.0/x86_64/XFree86-server-4.3-32.10.C30mdk.x86_64.rpm
5f8fcba19fc2fe479ed557dc4125ef6c
corporate/3.0/x86_64/XFree86-xfs-4.3-32.10.C30mdk.x86_64.rpm
2d01f64e908ce7dd1411001e23018c24
corporate/3.0/x86_64/lib64xfree86-4.3-32.10.C30mdk.x86_64.rpm
9ec4b9cc7c4117305de1e0cbb17ea8b3
corporate/3.0/x86_64/lib64xfree86-devel-4.3-32.10.C30mdk.x86_64.rpm
b77985da421c22202680742b4ccc5447
corporate/3.0/x86_64/lib64xfree86-static-devel-4.3-32.10.C30mdk.x86_64.rpm
1b8bceb7a2642f2e3a971d531b193007
corporate/3.0/SRPMS/XFree86-4.3-32.10.C30mdk.src.rpm
Corporate 4.0:
8e089a4ef68aff1789ed2c4cef972d24
corporate/4.0/i586/X11R6-contrib-6.9.0-5.12.20060mlcs4.i586.rpm
0dac18db189becad7a67346cede0183e
corporate/4.0/i586/libxorg-x11-6.9.0-5.12.20060mlcs4.i586.rpm
0dc25305748b721645175c5caf75689c
corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.12.20060mlcs4.i586.rpm
c5490bd924f095a0e22a50e96aad80a0
corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.12.20060mlcs4.i586.rpm
12da75d63b793a02a7b77f938f297a82
corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.12.20060mlcs4.i586.rpm
d6ecee6c2985b18775451d513bd1a493
corporate/4.0/i586/xorg-x11-6.9.0-5.12.20060mlcs4.i586.rpm
da73771814b81998f776a169734f0a20
corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.12.20060mlcs4.i586.rpm
35249bddab011696dba37b0565eff898
corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.12.20060mlcs4.i586.rpm
55a0dff2f82b465538027f7e0e91a964
corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.12.20060mlcs4.i586.rpm
144603da06de8d39336e007557b9f0b2
corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.12.20060mlcs4.i586.rpm
cd27e5f31b7250b1a4c4ce925029abf8
corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.12.20060mlcs4.i586.rpm
b0ead40c84ce739ca1d24e50b5868b27
corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.12.20060mlcs4.i586.rpm
4683f1fb09d96f0c0b450cccd4e9f5c6
corporate/4.0/i586/xorg-x11-doc-6.9.0-5.12.20060mlcs4.i586.rpm
0090f847fef749717d1bc91b98ddc422
corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.12.20060mlcs4.i586.rpm
220f2da365172f202119f574dfab4d63
corporate/4.0/i586/xorg-x11-server-6.9.0-5.12.20060mlcs4.i586.rpm
d12721c806bcd7a9c56c83e7784727ba
corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.12.20060mlcs4.i586.rpm
b6a8bbd3f577c9896c3bae077300815c
corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.12.20060mlcs4.i586.rpm
f2d6cf5768697c0fbdedd0bbd135e5b9
corporate/4.0/SRPMS/xorg-x11-6.9.0-5.12.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
f18da535850b7efdb893643149b6995a
corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.12.20060mlcs4.x86_64.rpm
66cb4d3742369b513f267dd161680ae6
corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.12.20060mlcs4.x86_64.rpm
1e817400f6a8518f50c85d01ca6948a6
corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.12.20060mlcs4.x86_64.rpm
e6865185911db47e1e1fcd070518bc66
corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.12.20060mlcs4.x86_64.rpm
72ede3d265866735cd2fea75a0231f3e
corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.12.20060mlcs4.x86_64.rpm
8b74da5fe3e5c3d818e260b2cb0f15b1
corporate/4.0/x86_64/xorg-x11-6.9.0-5.12.20060mlcs4.x86_64.rpm
bd44c5154c7f13b55e7ede7b8ee3ed3e
corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.12.20060mlcs4.x86_64.rpm
b42ead884af565eab5ae9c2ef8fb2ef8
corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.12.20060mlcs4.x86_64.rpm
df09a744989a85f1fb89def14439593d
corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.12.20060mlcs4.x86_64.rpm
ef662618647d0b780866fec114bd7f4a
corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.12.20060mlcs4.x86_64.rpm
816ea88bd0adff1ba57ee83efe7c53bd
corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.12.20060mlcs4.x86_64.rpm
806c2a631d90b61df24881da03d5ad91
corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.12.20060mlcs4.x86_64.rpm
edbad883642363e64c55d520d162f2b9
corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.12.20060mlcs4.x86_64.rpm
7f328aefd48e2c60c7c2e87ad7639dcc
corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.12.20060mlcs4.x86_64.rpm
57beb2c5e9a40c0c5634668df97387a1
corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.12.20060mlcs4.x86_64.rpm
69f4c61e918f7672c09bc9c286bdc5f8
corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.12.20060mlcs4.x86_64.rpm
3e6c1d7675edbcda662359608b7bed6a
corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.12.20060mlcs4.x86_64.rpm
f2d6cf5768697c0fbdedd0bbd135e5b9
corporate/4.0/SRPMS/xorg-x11-6.9.0-5.12.20060mlcs4.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Red Hat Linux
Red Hat Security Advisory
Synopsis: Moderate: flash-plugin security update
Advisory ID: RHSA-2007:0009-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0009.html
Issue date: 2007-01-09
Updated on: 2007-01-09
Product: Red Hat Enterprise Linux Extras
CVE Names: CVE-2006-5330
1. Summary:
An updated Adobe Flash Player package that fixes a security
issue is now available.
This update has been rated as having moderate security impact by
the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 Extras – i386
Red Hat Desktop version 3 Extras – i386
Red Hat Enterprise Linux ES version 3 Extras – i386
Red Hat Enterprise Linux WS version 3 Extras – i386
Red Hat Enterprise Linux AS version 4 Extras – i386
Red Hat Desktop version 4 Extras – i386
Red Hat Enterprise Linux ES version 4 Extras – i386
Red Hat Enterprise Linux WS version 4 Extras – i386
3. Problem description:
The flash-plugin package contains a Firefox-compatible Adobe
Flash Player browser plug-in.
A flaw was found in the way the Adobe Flash Player generates
HTTP requests. It was possible for a malicious Adobe Flash file to
modify the HTTP header of the client request, which could be
leveraged to exploit certain HTTP proxy and web server flaws.
(CVE-2006-5330)
Users of Adobe Flash Player should upgrade to this updated
package, which contains version 7.0.69 and is not vulnerable to
this issue.
4. Solution:
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat
Network, launch the Red Hat Update Agent with the following
command:
up2date
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
218973 – CVE-2006-5330 Flash Player HTTP header injection
6. RPMs required:
Red Hat Enterprise Linux AS version 3 Extras:
i386:
bec87a6871c31f6e6ce7c813bd628fd2
flash-plugin-7.0.69-1.el3.i386.rpm
Red Hat Desktop version 3 Extras:
i386:
bec87a6871c31f6e6ce7c813bd628fd2
flash-plugin-7.0.69-1.el3.i386.rpm
Red Hat Enterprise Linux ES version 3 Extras:
i386:
bec87a6871c31f6e6ce7c813bd628fd2
flash-plugin-7.0.69-1.el3.i386.rpm
Red Hat Enterprise Linux WS version 3 Extras:
i386:
bec87a6871c31f6e6ce7c813bd628fd2
flash-plugin-7.0.69-1.el3.i386.rpm
Red Hat Enterprise Linux AS version 4 Extras:
i386:
f7f989fcad193b5d58ef544a826616aa
flash-plugin-7.0.69-1.el4.i386.rpm
Red Hat Desktop version 4 Extras:
i386:
f7f989fcad193b5d58ef544a826616aa
flash-plugin-7.0.69-1.el4.i386.rpm
Red Hat Enterprise Linux ES version 4 Extras:
i386:
f7f989fcad193b5d58ef544a826616aa
flash-plugin-7.0.69-1.el4.i386.rpm
Red Hat Enterprise Linux WS version 4 Extras:
i386:
f7f989fcad193b5d58ef544a826616aa
flash-plugin-7.0.69-1.el4.i386.rpm
These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5330
http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
rPath Linux
rPath Security Advisory: 2007-0003-1
Published: 2007-01-09
Products: rPath Linux 1
Rating: Major
Exposure Level Classification: Indirect User Information
Exposure
Updated Versions:
fetchmail=/conary.rpath.com@rpl:devel//1/6.3.6-0.1-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867
https://issues.rpath.com/browse/RPL-919
Description:
Previous versions of the fetchmail package inappropriately send
passwords in clear text rather than encrypted, allowing attackers
to read the password from network traffic. They also may not detect
man-in-the-middle attacks. Because email passwords are often the
same as login passwords, this may indirectly enable remote
unauthorized access.
rPath Security Advisory: 2007-0004-1
Published: 2007-01-09
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification: Local Non-deterministic Unauthorized
Access
Updated Versions:
bzip2=/conary.rpath.com@rpl:devel//1/1.0.4-1-0.1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0953
https://issues.rpath.com/browse/RPL-921
Description:
Previous versions of the bzip2 package are vulnerable to a race
condition that allows local users to modify permissions on
arbitrary files that the user running bzip2 is allowed to
change.
rPath Security Advisory: 2007-0005-1
Published: 2007-01-09
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification: Local Deterministic Denial of
Service
Updated Versions:
xorg-x11=/conary.rpath.com@rpl:devel//1/6.8.2-30.3-1
xorg-x11-fonts=/conary.rpath.com@rpl:devel//1/6.8.2-30.3-1
xorg-x11-tools=/conary.rpath.com@rpl:devel//1/6.8.2-30.3-1
xorg-x11-xfs=/conary.rpath.com@rpl:devel//1/6.8.2-30.3-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6101
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6102
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6103
https://issues.rpath.com/browse/RPL-920
Description:
Previous versions of the xorg-x11 package are vulnerable to an
attack which allows authenticated X connections to provide
intentionally malformed data which the X server does not fully
validate before using. This vulnerability is known to enable a
Denial of Service attack; any process with an authenticated
connection to the X server can cause the entire X server process to
crash. (It may enable other attacks as well; the full extent of
vulnerabilities created by these faults is not completely
analyzed.)
SUSE Linux
SUSE Security Announcement
Package: Sun Java
Announcement ID: SUSE-SA:2007:003
Date: Tue, 09 Jan 2007 12:00:00 +0000
Affected Products: Novell Linux Desktop 9 Novell Linux POS 9 Open
Enterprise Server openSUSE 10.2 SUSE LINUX 10.1 SUSE LINUX 10.0
SUSE LINUX 9.3 SuSE Linux Desktop 1.0 SuSE Linux Enterprise Server
8 SuSE Linux Openexchange Server 4 SUSE LINUX Retail Solution 8
SuSE Linux School Server SuSE Linux Standard Server 8 SUSE SLED 10
SUSE SLES 10 SUSE SLES 9 UnitedLinux 1.0
Vulnerability Type: remote code execution
Severity (1-10): 8
SUSE Default Package: yes
Cross-References: CVE-2006-6731, CVE-2006-6736, CVE-2006-6737
CVE-2006-6745
Content of This Advisory:
- Security Vulnerability Resolved: Sun Java various security
problems Problem Description - Solution or Work-Around
- Special Instructions and Notes
- Package Location and Checksums
- Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE
Security Summary Report. - Authenticity Verification and Additional Information
1) Problem Description and Brief Discussion
The SUN Java packages have been upgraded to fix security
problems.
SUN Java was upgraded on all affected distributions:
- The Java 1.3 version to 1.3.1_19 for SUSE Linux Enterprise
Server 8. - The Java 1.4 version (also known as Java 2) to 1.4.2_13 for
SUSE Linux Enterprise Desktop 1, SUSE Linux Enterprise Server 9,
SUSE Linux 9.3, 10.0, 10.1 and openSUSE 10.2. - The Java 1.5 version (also known as Java 5) to 1.5.0_10 for
SUSE Linux 9.3, 10.0, 10.1 and openSUSE 10.2.
While Sun does not publish the vulnerabilities fixed for this
specific update, it published the bugs fixed previously, text
snippets verbatim from the Mitre CVE DB:
CVE-2006-6731:Multiple buffer overflows in Sun Java Development
Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and
earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and
earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow
attackers to develop Java applets that read, write, or execute
local files, possibly related to (1) integer overflows in the
Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and
awt_parseColorModel functions; (2) a stack overflow in the
Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3)
improper handling of certain negative values in the
Java_sun_font_SunLayoutEngine_nativeLayout function.
CVE-2006-6736: Unspecified vulnerability in Sun Java Development
Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and
earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and
earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows
attackers to attackers to use untrusted applets to “access data in
other applets,” aka “The second issue.”
CVE-2006-6737: Unspecified vulnerability in Sun Java Development
Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 5 and
earlier, Java System Development Kit (SDK) and JRE 1.4.2_10 and
earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows
attackers to use untrusted applets to “access data in other
applets,” aka “The first issue.”
CVE-2006-6745: Multiple unspecified vulnerabilities in Sun Java
Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update
7 and earlier, and Java System Development Kit (SDK) and JRE
1.4.2_12 and earlier 1.4.x versions, allow attackers to develop
Java applets or applications that are able to gain privileges,
related to serialization in JRE.
2) Solution or Work-Around
A potential workaround would be to disable Java Applets in all
browsers.
In general we recommend installing the updated packages. 3)
Special Instructions and Notes
Please close and restart all running instances of Java using
programs (web browsers) after the update.
4) Package Location and Checksums
The preferred method for installing security updates is to use
the YaST Online Update (YOU) tool. YOU detects which updates are
required and automatically performs the necessary steps to verify
and install them. Alternatively, download the update packages for
your distribution manually and verify their integrity by the
methods listed in Section 6 of this announcement. Then install the
packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing <file.rpm> with the
filename of the downloaded RPM package.
x86 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-1.4.2_update13-3.1.i586.rpm
81c565319263d8c7c58e9e01d13f704a
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-alsa-1.4.2_update13-3.1.i586.rpm
3d80e29e86da461750d4f81aebf468ff
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-devel-1.4.2_update13-3.1.i586.rpm
9167d98e8dc65249a9d07060f6a74765
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-jdbc-1.4.2_update13-3.1.i586.rpm
0abe0b6df38b505babea046b29ec984f
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_4_2-sun-plugin-1.4.2_update13-3.1.i586.rpm
d0adc2abc1aaa827c50f3d537bf81278
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-1.5.0_update10-2.1.i586.rpm
491bc2c41e4d45ea7ed8bb49d994cbe8
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-alsa-1.5.0_update10-2.1.i586.rpm
2e463e24dc019506bdfb56ae74d28397
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-devel-1.5.0_update10-2.1.i586.rpm
d5839f4872e763210d8070edaa5b3b18
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_update10-2.1.i586.rpm
2371d8ae5ddc400193bb691f6952ec63
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/java-1_5_0-sun-plugin-1.5.0_update10-2.1.i586.rpm
d33b4bc3c465d34c268a387946ea8ce5
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-1.4.2.13-0.2.i586.rpm
ab731afee0d28a896d684fa5216290a8
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-alsa-1.4.2.13-0.2.i586.rpm
dbe701794214d79ae5bd5e85dc892e64
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-demo-1.4.2.13-0.2.i586.rpm
5aac3f025f2f4a026fd29dd9fa3bb3f2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-devel-1.4.2.13-0.2.i586.rpm
43e6cf1a0c090b45a4a409bcdbd8f736
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-jdbc-1.4.2.13-0.2.i586.rpm
71e2ad7281293cd9618935496d61b5d3
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-plugin-1.4.2.13-0.2.i586.rpm
c86d75d765c23e4d58de79d8bc1089df
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_4_2-sun-src-1.4.2.13-0.2.i586.rpm
cd2debb1e6c4e9d11856db3fe519841a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-1.5.0_10-0.1.i586.rpm
9b7e3eaa1d0c55d58eda3f7aa97e9441
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-alsa-1.5.0_10-0.1.i586.rpm
5f5f12ad1670e4a35ad250c5feb2e9be
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-demo-1.5.0_10-0.1.i586.rpm
84b962fe0178668e4aa8d5f9bb969bbc
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-devel-1.5.0_10-0.1.i586.rpm
f4e699c71718c3901a9897a33b20df0d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_10-0.1.i586.rpm
23e0cfc6b4539e61e3843c7349f1bcae
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-plugin-1.5.0_10-0.1.i586.rpm
c7b41e40785eed1fbeafabcc80061e5d
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/java-1_5_0-sun-src-1.5.0_10-0.1.i586.rpm
d3126e7ccaac8eb959b3a63bee316280
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-1.4.2.13-0.1.i586.rpm
01c42908922ef09a7db9e94b80c4f36a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-alsa-1.4.2.13-0.1.i586.rpm
6db1f2255fb32dc5a205907c7515bcd8
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-demo-1.4.2.13-0.1.i586.rpm
76c296ed9a0c10c5d5d70141badbaf4f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-devel-1.4.2.13-0.1.i586.rpm
e8201238c0d522f9ae2d877d6115c89d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-jdbc-1.4.2.13-0.1.i586.rpm
6ce914b04c9f64db3be56ac79fee8b2b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-plugin-1.4.2.13-0.1.i586.rpm
39735a1837bccd86d2f6aaaa13d5e7a9
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/java-1_4_2-sun-src-1.4.2.13-0.1.i586.rpm
770a5e25c80be675c5d9079a055763f2
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-1.4.2.13-0.1.i586.rpm
a12bc6b3eef904121096c57b9fec0578
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-alsa-1.4.2.13-0.1.i586.rpm
479caeebe4f56179a11851e29625c78c
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-demo-1.4.2.13-0.1.i586.rpm
5847d503752a299655bfe1c713c84f8b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-devel-1.4.2.13-0.1.i586.rpm
1c42d0d68ec84f54980e110cb1d7851b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-jdbc-1.4.2.13-0.1.i586.rpm
d8a089d92655d8f0c0f99facbb00b6f2
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-plugin-1.4.2.13-0.1.i586.rpm
dcf3226d5eb96725725445703a32f1d3
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-src-1.4.2.13-0.1.i586.rpm
0e39ae7c8ed7be6db647c104f202ef41
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_5_0-sun-1.5.0_10-0.1.i586.rpm
ede1d5b840059e0ef4397ce9934217fd
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_5_0-sun-alsa-1.5.0_10-0.1.i586.rpm
0e8aba2703badd0b0023ea7a1c413ee7
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_5_0-sun-demo-1.5.0_10-0.1.i586.rpm
feaa9180c7deaf538fa303ef6991b0e7
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_5_0-sun-devel-1.5.0_10-0.1.i586.rpm
2c783a72645b218f7b39219f263a1119
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_5_0-sun-jdbc-1.5.0_10-0.1.i586.rpm
350e2e6cbc13ce0551363e03219c71f7
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_5_0-sun-plugin-1.5.0_10-0.1.i586.rpm
d34d9b8728be32b459429c2e4f5ebb02
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_5_0-sun-src-1.5.0_10-0.1.i586.rpm
129fff7e8359cc26f7eec6b7a4da2274
x86-64 Platform:
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-1.5.0_update10-2.1.x86_64.rpm
d95af4791d768248d85a879a9af1c60c
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-alsa-1.5.0_update10-2.1.x86_64.rpm
fdfe5e8925ec1ec2fa02ac4b7011c104
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-devel-1.5.0_update10-2.1.x86_64.rpm
189972c8c315424a77044f8582256a59
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/java-1_5_0-sun-jdbc-1.5.0_update10-2.1.x86_64.rpm
ce9d5527a989388b2102985820ac85f1
SUSE LINUX 10.1:
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-1.5.0_10-0.1.x86_64.rpm
d4d5307be992866ee9728e4a2d95c3b2
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-alsa-1.5.0_10-0.1.x86_64.rpm
fa667f16d6be5893e345402f457bc1e5
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-demo-1.5.0_10-0.1.x86_64.rpm
79371a930adb81aac20f0bd0388b03b6
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-devel-1.5.0_10-0.1.x86_64.rpm
7f724100d575096819838bbfe052655a
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-jdbc-1.5.0_10-0.1.x86_64.rpm
eefe320b0695b0cce838fa1ae8aa4d93
ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/java-1_5_0-sun-src-1.5.0_10-0.1.x86_64.rpm
434855da573f6ae2bd710c81bf9ab286
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm