Debian Security Advisory DSA 710-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
April 18th, 2005 http://www.debian.org/security/faq
Package : gtkhtml
Vulnerability : null pointer dereference Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2003-0541
Debian Bug : 279726
Alan Cox discovered a problem in gtkhtml, an HTML rendering
widget used by the Evolution mail reader. Certain malformed
messages could cause a cras due to a null pointer dereference.
For the stable distribution (woody) this problem has been fixed
in version 1.0.2-1.woody1.
For the unstable distribution (sid) this problem has been fixed
in version 1.0.4-6.2.
We recommend that you upgrade your gtkhtml package and restart
Evolution.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1.dsc
Size/MD5 checksum: 1125 6988f7d4a99fb8d11718ffe378f43b3b
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1.diff.gz
Size/MD5 checksum: 7774 1c2ba9567085f2f53be68f90c83ca1b0
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2.orig.tar.gz
Size/MD5 checksum: 1303882 5276fcca2007f2d1a9da912f167da942
Architecture independent components:
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml-data_1.0.2-1.woody1_all.deb
Size/MD5 checksum: 110140 201592f40c1af63858d3eeaa86199aff
Alpha architecture:
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1_alpha.deb
Size/MD5 checksum: 183820 5ee322b2a611a805024d111d4f09294b
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml-dev_1.0.2-1.woody1_alpha.deb
Size/MD5 checksum: 471328 af1ab4aa1163476af6934311a17cc20a
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml20_1.0.2-1.woody1_alpha.deb
Size/MD5 checksum: 265262 647cc727c44ea8f7b20deae2b92ecde9
ARM architecture:
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1_arm.deb
Size/MD5 checksum: 161032 cb49c5d6f69fe2586cdb67635e2389de
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml-dev_1.0.2-1.woody1_arm.deb
Size/MD5 checksum: 369672 3f62dab704cbcbe4b42ca92f6ee9c8c2
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml20_1.0.2-1.woody1_arm.deb
Size/MD5 checksum: 228732 d7c6e04d352fa685923897c90390124b
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1_i386.deb
Size/MD5 checksum: 161342 764b98a643e95cd6c71c63321558f09b
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml-dev_1.0.2-1.woody1_i386.deb
Size/MD5 checksum: 327032 73c654db1df353ceba333cb360fd4371
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml20_1.0.2-1.woody1_i386.deb
Size/MD5 checksum: 211340 1121bd3c7c999475e29318d5b51d7893
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1_ia64.deb
Size/MD5 checksum: 220844 a76275284742a70e1ef531f116031c41
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml-dev_1.0.2-1.woody1_ia64.deb
Size/MD5 checksum: 521132 a2a818095e2b1269c76d51000e83a94d
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml20_1.0.2-1.woody1_ia64.deb
Size/MD5 checksum: 365282 5b2435c82e113857df3f071b3523da9a
HP Precision architecture:
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1_hppa.deb
Size/MD5 checksum: 181092 840d582a8ccc53b53e8ae2a5386cb581
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml-dev_1.0.2-1.woody1_hppa.deb
Size/MD5 checksum: 459262 0f1d29d73b8e3d4c4f0ac1cfaa9ca75f
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml20_1.0.2-1.woody1_hppa.deb
Size/MD5 checksum: 301290 dda8c4920f558bc87db7d49516e1d0a8
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1_m68k.deb
Size/MD5 checksum: 156492 f1c02dc230f2015b44fa828d527d7284
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml-dev_1.0.2-1.woody1_m68k.deb
Size/MD5 checksum: 321408 1d4eccc30bc5b16ec0226c26ff938491
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml20_1.0.2-1.woody1_m68k.deb
Size/MD5 checksum: 218960 798d4773c9a416366aee3b8f8a20e96e
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1_mips.deb
Size/MD5 checksum: 158670 48616031e2b54586d474574a15569330
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml-dev_1.0.2-1.woody1_mips.deb
Size/MD5 checksum: 424980 0824af5b2aea3d06cbc26b74734deabc
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml20_1.0.2-1.woody1_mips.deb
Size/MD5 checksum: 228374 f5b41b3662fc916ca55c33ee73853bde
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1_mipsel.deb
Size/MD5 checksum: 157646 256efff4ab081d37dc693fc30384c30b
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml-dev_1.0.2-1.woody1_mipsel.deb
Size/MD5 checksum: 418884 7fcfe4003100d1d59c51577eb76cbfb9
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml20_1.0.2-1.woody1_mipsel.deb
Size/MD5 checksum: 226316 c8cd02352947788665d3a8ee341d5975
PowerPC architecture:
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1_powerpc.deb
Size/MD5 checksum: 159592 db5e3e20547b5d8ef7be23424d4b846f
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml-dev_1.0.2-1.woody1_powerpc.deb
Size/MD5 checksum: 392412 a6c3956e372ce45f707e42c5fbe831de
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml20_1.0.2-1.woody1_powerpc.deb
Size/MD5 checksum: 240908 a48a52556fb17012df3d6921982597c5
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1_s390.deb
Size/MD5 checksum: 160992 8c619e5d0bfb20ad019a332fd5057202
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml-dev_1.0.2-1.woody1_s390.deb
Size/MD5 checksum: 350854 7b8292d0fd63d0f6857859db343ddcd0
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml20_1.0.2-1.woody1_s390.deb
Size/MD5 checksum: 243026 8e27d879237c8c194bd3b4e74d80c63f
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1_sparc.deb
Size/MD5 checksum: 165438 4d2ce3c43769b52723137ad5bf72430a
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml-dev_1.0.2-1.woody1_sparc.deb
Size/MD5 checksum: 369240 76a7721207df6f4b9b9478d2bea4389f
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml20_1.0.2-1.woody1_sparc.deb
Size/MD5 checksum: 232952 ae95aec6f4e069ea36f7faf69ec888f7
These files will probably be moved into the stable distribution
on its next update.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>
Fedora Update Notification
FEDORA-2005-315
2005-04-15
Product : Fedora Core 3
Name : php
Version : 4.3.11
Release : 2.4
Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext
Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP
also offers built-in database integration for several commercial
and non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and
process the embedded PHP language in Web pages.
Update Information:
This update includes the latest stable release of PHP 4.3,
including a number of security fixes to the exif extension (CVE
CAN-2005-1042 and CAN-2005-1043) and the getimagesize() function
(CVE CAN-2005-0524), along with many bug fixes.
* Wed Apr 6 2005 Joe Orton <jorton@redhat.com> 4.3.11-2.4
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
37ba9891122583c69a5086c9d2fd2102
SRPMS/php-4.3.11-2.4.src.rpm
5f55d6dba7e02348783348b6759242f9
x86_64/php-4.3.11-2.4.x86_64.rpm
6a78adae0f8f9bba54387847b100fd96
x86_64/php-devel-4.3.11-2.4.x86_64.rpm
c078f4c78928558bac77a8b182cbabb2
x86_64/php-pear-4.3.11-2.4.x86_64.rpm
e437dcd4b70e0df01febae880a5bc70f
x86_64/php-imap-4.3.11-2.4.x86_64.rpm
1dbef89de378f779061e49e8cb2d0e94
x86_64/php-ldap-4.3.11-2.4.x86_64.rpm
d5ae259075870e63d316229604957da8
x86_64/php-mysql-4.3.11-2.4.x86_64.rpm
a451afd4a2349c35c423db1905a768c9
x86_64/php-pgsql-4.3.11-2.4.x86_64.rpm
2e66b7cf8d2e933a069cec155c183f31
x86_64/php-odbc-4.3.11-2.4.x86_64.rpm
cfe08c4c4f8d43a7818aa8b48325ecd1
x86_64/php-snmp-4.3.11-2.4.x86_64.rpm
a51bfe897fae0a405ed2b6903cddcd50
x86_64/php-domxml-4.3.11-2.4.x86_64.rpm
0716c2c04d3bba58731b32d3d65e6770
x86_64/php-xmlrpc-4.3.11-2.4.x86_64.rpm
0eedc210d61bb40387b14061ead7d417
x86_64/php-mbstring-4.3.11-2.4.x86_64.rpm
ef1b4ca7890d51e8d75a890b4fd7fe60
x86_64/php-ncurses-4.3.11-2.4.x86_64.rpm
4dc74e7d7fd46e2ec241c12d25451c21
x86_64/php-gd-4.3.11-2.4.x86_64.rpm
b5156d2cadc5fcd4bee9a86e7610b211
x86_64/debug/php-debuginfo-4.3.11-2.4.x86_64.rpm
bd225ddda74ef2431da1ee38eb85871b i386/php-4.3.11-2.4.i386.rpm
40a45386cd76b9386efd22e09be8467a
i386/php-devel-4.3.11-2.4.i386.rpm
421d85b05c9aab1d1eba602f39f50c6a
i386/php-pear-4.3.11-2.4.i386.rpm
3553b774daa0a991be9eaae9815c0ddb
i386/php-imap-4.3.11-2.4.i386.rpm
d102699b4264c735af2cfa0a305c9cca
i386/php-ldap-4.3.11-2.4.i386.rpm
326bb7af88a83aeff7937601fbe35835
i386/php-mysql-4.3.11-2.4.i386.rpm
d917f68f2c53192eec915854c11432b8
i386/php-pgsql-4.3.11-2.4.i386.rpm
9721e9f984e8e56cdad453f5ab03182e
i386/php-odbc-4.3.11-2.4.i386.rpm
8853467943485b20226e82cffb1dd321
i386/php-snmp-4.3.11-2.4.i386.rpm
c414f1735ae0fa589f20db0a8dfa88e0
i386/php-domxml-4.3.11-2.4.i386.rpm
ecfbcbb670aa6e764bd3d4c4d1a51a3c
i386/php-xmlrpc-4.3.11-2.4.i386.rpm
a5d78f1be3481e3f08e634bee8141f0f
i386/php-mbstring-4.3.11-2.4.i386.rpm
8a89a49c4e7e9b94067885eaa0953bb8
i386/php-ncurses-4.3.11-2.4.i386.rpm
ce51c0cda3d383b2feb27082fbfe06be
i386/php-gd-4.3.11-2.4.i386.rpm
54b1730c9ce4b17df7a8f3531f27cc83
i386/debug/php-debuginfo-4.3.11-2.4.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.
Gentoo Linux Security Advisory GLSA 200504-15
Severity: High
Title: PHP: Multiple vulnerabilities
Date: April 18, 2005
Bugs: #87517
ID: 200504-15
Several vulnerabilities were found and fixed in PHP image
handling functions, potentially resulting in Denial of Service
conditions or the remote execution of arbitrary code.
PHP is a general-purpose scripting language widely used to
develop web-based applications. It can run inside a web server
using the mod_php module or the CGI version of PHP, or can run
stand-alone in a CLI.
Package / Vulnerable / Unaffected
1 dev-php/php < 4.3.11 >= 4.3.11
2 dev-php/mod_php < 4.3.11 >= 4.3.11
3 dev-php/php-cgi < 4.3.11 >= 4.3.11
-------------------------------------------------------------------
3 affected packages on all of their supported architectures.
An integer overflow and an unbound recursion were discovered in
the processing of Image File Directory tags in PHP’s EXIF module
(CAN-2005-1042, CAN-2005-1043). Furthermore, two infinite loops
have been discovered in the getimagesize() function when processing
IFF or JPEG images (CAN-2005-0524, CAN-2005-0525).
A remote attacker could craft an image file with a malicious
EXIF IFD tag, a large IFD nesting level or invalid size parameters
and send it to a web application that would process this
user-provided image using one of the affected functions. This could
result in denying service on the attacked server and potentially
executing arbitrary code with the rights of the web server.
There is no known workaround at this time.
All PHP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-php/php-4.3.11"
All mod_php users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-php/mod_php-4.3.11"
All php-cgi users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-php/php-cgi-4.3.11"
[ 1 ] PHP 4.3.11 Release Announcement
http://www.php.net/release_4_3_11.php
[ 2 ] CAN-2005-0524
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0524
[ 3 ] CAN-2005-0525
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0525
[ 4 ] CAN-2005-1042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1042
[ 5 ] CAN-2005-1043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1043
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200504-15.xml
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
Gentoo Linux Security Advisory GLSA 200504-16
Severity: High
Title: CVS: Multiple vulnerabilities
Date: April 18, 2005
Bugs: #86476
ID: 200504-16
Several serious vulnerabilities have been found in CVS, which
may allow an attacker to remotely compromise a CVS server or cause
a DoS.
CVS (Concurrent Versions System) is an open-source
network-transparent version control system. It contains both a
client utility and a server.
Package / Vulnerable / Unaffected
1 dev-util/cvs < 1.11.18-r1 >= 1.11.18-r1
Alen Zukich has discovered several serious security issues in
CVS, including at least one buffer overflow (CAN-2005-0753), memory
leaks and a NULL pointer dereferencing error.
An attacker could exploit these vulnerabilities to cause a
Denial of Service or execute arbitrary code with the permissions of
the CVS pserver or the authenticated user (depending on the
connection method used).
There is no known workaround at this time.
All CVS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/cvs-1.11.18-r1"
[ 1 ] CAN-2005-0753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200504-16.xml
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
SUSE Security Announcement
Package: cvs
Announcement-ID: SUSE-SA:2005:024
Date: Monday, Apr 18st 2005 13:30 MEST
Affected products: 8.2, 9.0, 9.1, 9.2, 9.3 SUSE CORE 9 for x86 SuSE
Linux Enterprise Server 8, 9 UnitedLinux 1.0 School-Server 1
Open-Enterprise-Server 9
Vulnerability Type: remote code execution
Severity (1-10): 6
SUSE default package: No
Cross References: CAN-2005-0753
Content of this advisory:
1) problem description, brief discussion
The Concurrent Versions System (CVS) offers tools which allow
developers to share and maintain large software projects. The
current maintainer of CVS reported various problems within CVS such
as a buffer overflow and memory access problems which have been
fixed within the available updates. The CVE project has assigned
the CAN number CAN-2005-0753.
2) solution/workaround
There is no easy workaround except shutting down the CVS
server.
3) special instructions and notes
No special actions need to be taken after installing this
update.
4) package location and checksums
Download the update package for your distribution and verify its
integrity by the methods listed in section 3) of this announcement.
Then, install the package using the command “rpm -Fhv file.rpm” to
apply the update.
Our maintenance customers are being notified individually. The
packages are being offered for installation from the maintenance
web.
x86 Platform:
SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/cvs-1.12.11-4.2.i586.rpm
8e27dd3b7a9867940830aa9dd8fd95bc
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/cvs-1.12.11-4.2.i586.patch.rpm
acd6904641df500ca50da8147ee54019
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/cvs-1.12.11-4.2.src.rpm
6a075a97c2bd30ade965e90e0f9671c4
SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/cvs-1.12.9-2.2.i586.rpm
7192dce3bb42cd51c98a3510e9e5e73a
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/cvs-1.12.9-2.2.i586.patch.rpm
ae4b8f9096b50e7f1c3a15e715e4c8e7
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/cvs-1.12.9-2.2.src.rpm
cebc4e07ac34f6a6f76789d6ce0eba37
SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/cvs-1.11.14-24.10.i586.rpm
07778aea3050bcf05c96ae680b9d01e4
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/cvs-1.11.14-24.10.i586.patch.rpm
60591530555521e34d798a0d0365686a
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/cvs-1.11.14-24.10.src.rpm
bd4b0324b51cee45f247e41f2f6139d4
SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/cvs-1.11.6-85.i586.rpm
795f6e5a6849706bb439366129833841
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/cvs-1.11.6-85.i586.patch.rpm
ec2bb29f912831f9d5e7dd15ec950d9b
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/cvs-1.11.6-85.src.rpm
a3695ffd8f741a9f376e5e3244d412c8
SUSE Linux 8.2:
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/cvs-1.11.5-116.i586.rpm
6fc24ea4712d10855e60d26b9262f48c
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/cvs-1.11.5-116.i586.patch.rpm
7b4e1cae79c33c4965b53159bd888a70
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/cvs-1.11.5-116.src.rpm
401896062510804b79ba75a5e800d9e2
x86-64 Platform:
SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/cvs-1.12.11-4.2.x86_64.rpm
db2665d2e95762aa2c376fed929c44f1
patch rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/cvs-1.12.11-4.2.x86_64.patch.rpm
8b3070a29bd15c430980937b53928640
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/src/cvs-1.12.11-4.2.src.rpm
6a075a97c2bd30ade965e90e0f9671c4
SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/cvs-1.12.9-2.2.x86_64.rpm
21518326918a0a7e42176b60544e214e
patch rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/cvs-1.12.9-2.2.x86_64.patch.rpm
8bbb9b4bda742cb62836b6a6453aef2c
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/src/cvs-1.12.9-2.2.src.rpm
cebc4e07ac34f6a6f76789d6ce0eba37
SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/cvs-1.11.14-24.10.x86_64.rpm
7543263ca5374da3a9926cde6c8bd58c
patch rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/cvs-1.11.14-24.10.x86_64.patch.rpm
1b245e5669be7b6e082c67d5e094466a
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/cvs-1.11.14-24.10.src.rpm
8c399e20f6046faa3de70ae0fc133060
SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/cvs-1.11.6-85.x86_64.rpm
708318fbf0d27efd212c16ac26f63003
patch rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/cvs-1.11.6-85.x86_64.patch.rpm
7d5f303351ae584f07998847cc476f7c
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/cvs-1.11.6-85.src.rpm
ff6eddc0257dfd8dfa1b97653117d2c7
5) Pending vulnerabilities in SUSE Distributions and
Workarounds:
Problems with the IDN / punycode handling that allows non-ASCII
domain names were reported for every browser.
We have released Mozilla Firefox and KDE / konqueror updates for
this problem, the others (mozilla suite and opera) are still
pending.
Additional PostgreSQL problems were reported:
We are still working on updates for this problem.
Several new Mozilla browser security problems have been
reported.
We are currently addressing these issues.
We are preparing updates for this issue.
6) standard appendix: authenticity verification, additional
information
SUSE update packages are available on many mirror ftp servers
all over the world. While this service is being considered valuable
and important to the free and open source software community, many
users wish to be sure about the origin of the package and its
content before installing the package. There are two verification
methods that can be used independently from each other to prove the
authenticity of a downloaded file or rpm package:
For general information or the frequently asked questions (faq)
send mail to:
<suse-security-info@suse.com>
or <suse-security-faq@suse.com>
respectively.
SUSE’s security contact is <security@suse.com> or
<security@suse.de>. The
<security@suse.de>
public key is listed below.
The information in this advisory may be distributed or
reproduced, provided that the advisory is not modified in any way.
In particular, it is desired that the clear-text signature shows
proof of the authenticity of the text.
SUSE Linux AG makes no warranties of any kind whatsoever with
respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.