Security
SHARE
Facebook X Pinterest WhatsApp

Advisories: March 6, 2005

Written By
thumbnail
Web Webster
Web Webster
Mar 7, 2005

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200503-10

http://security.gentoo.org/

Severity: Normal
Title: Mozilla Firefox: Various vulnerabilities
Date: March 04, 2005
Bugs: #83267
ID: 200503-10

Synopsis

Mozilla Firefox is vulnerable to a local file deletion issue and
to various issues allowing to trick the user into trusting fake web
sites or interacting with privileged content.

Background

Mozilla Firefox is the popular next-generation browser from the
Mozilla project.

Affected packages

     Package                      /  Vulnerable  /          Unaffected

  1  net-www/mozilla-firefox           < 1.0.1                >= 1.0.1
  2  net-www/mozilla-firefox-bin       < 1.0.1                >= 1.0.1
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.

Description

The following vulnerabilities were found and fixed in Mozilla
Firefox:

  • Michael Krax reported that plugins can be used to load
    privileged content and trick the user to interact with it
    (CAN-2005-0232, CAN-2005-0527)
  • Michael Krax also reported potential spoofing or
    cross-site-scripting issues through overlapping windows, image
    drag-and-drop, and by dropping javascript: links on tabs
    (CAN-2005-0230, CAN-2005-0231, CAN-2005-0591)
  • Daniel de Wildt and Gael Delalleau discovered a memory
    overwrite in a string library (CAN-2005-0255)
  • Wind Li discovered a possible heap overflow in UTF8 to Unicode
    conversion (CAN-2005-0592)
  • Eric Johanson reported that Internationalized Domain Name (IDN)
    features allow homograph attacks (CAN-2005-0233)
  • Mook, Doug Turner, Kohei Yoshino and M. Deaudelin reported
    various ways of spoofing the SSL “secure site” indicator
    (CAN-2005-0593)
  • Matt Brubeck reported a possible Autocomplete data leak
    (CAN-2005-0589)
  • Georgi Guninski discovered that XSLT can include stylesheets
    from arbitrary hosts (CAN-2005-0588)
  • Secunia discovered a way of injecting content into a popup
    opened by another website (CAN-2004-1156)
  • Phil Ringnalda reported a possible way to spoof Install source
    with user:pass@host (CAN-2005-0590)
  • Jakob Balle from Secunia discovered a possible way of spoofing
    the Download dialog source (CAN-2005-0585)
  • Christian Schmidt reported a potential spoofing issue in HTTP
    auth prompt tab (CAN-2005-0584)
  • Andreas Sanblad from Secunia discovered a possible way of
    spoofing the Download dialog using the Content-Disposition header
    (CAN-2005-0586)
  • Finally, Tavis Ormandy of the Gentoo Linux Security Audit Team
    discovered that Firefox insecurely creates temporary filenames in
    /tmp/plugtmp (CAN-2005-0578)

Impact

  • By setting up malicious websites and convincing users to follow
    untrusted links or obey very specific drag-and-drop or download
    instructions, attackers may leverage the various spoofing issues to
    fake other websites to get access to confidential information, push
    users to download malicious files or make them interact with their
    browser preferences.
  • The temporary directory issue allows local attackers to
    overwrite arbitrary files with the rights of another local
    user.
  • The overflow issues, while not thought to be exploitable, may
    allow a malicious downloaded page to execute arbitrary code with
    the rights of the user viewing the page.

Workaround

There is no known workaround at this time.

Resolution

All Firefox users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-1.0.1"

All Firefox binary users should upgrade to the latest
version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-bin-1.0.1"

References

[ 1 ] CAN-2004-1156

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1156

[ 2 ] CAN-2005-0230

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0230

[ 3 ] CAN-2005-0231

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0231

[ 4 ] CAN-2005-0232

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0232

[ 5 ] CAN-2005-0233

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0233

[ 6 ] CAN-2005-0255

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0255

[ 7 ] CAN-2005-0527

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0527

[ 8 ] CAN-2005-0578

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0578

[ 9 ] CAN-2005-0584

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0584

[ 10 ] CAN-2005-0585

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0585

[ 11 ] CAN-2005-0586

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0586

[ 12 ] CAN-2005-0588

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0588

[ 13 ] CAN-2005-0589

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0589

[ 14 ] CAN-2005-0590

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0590

[ 15 ] CAN-2005-0591

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0591

[ 16 ] CAN-2005-0592

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0592

[ 17 ] CAN-2005-0593

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0593

[ 18 ] Mozilla Security Advisories


http://www.mozilla.org/projects/security/known-vulnerabilities.html

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200503-10.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Linux Security Advisory GLSA 200503-09

http://security.gentoo.org/

Severity: Normal
Title: xv: Filename handling vulnerability
Date: March 04, 2005
Bugs: #83686
ID: 200503-09

Synopsis

xv contains a format string vulnerability, potentially resulting
in the execution of arbitrary code.

Background

xv is an interactive image manipulation package for X11.

Affected packages

     Package       /   Vulnerable   /                       Unaffected

  1  media-gfx/xv      < 3.10a-r10                        >= 3.10a-r10

Description

Tavis Ormandy of the Gentoo Linux Security Audit Team identified
a flaw in the handling of image filenames by xv.

Impact

Successful exploitation would require a victim to process a
specially crafted image with a malformed filename, potentially
resulting in the execution of arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All xv users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-gfx/xv-3.10a-r10"

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200503-09.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Linux Security Advisory GLSA 200503-08

http://security.gentoo.org/

Severity: Normal
Title: OpenMotif, LessTif: New libXpm buffer overflows
Date: March 04, 2005
Bugs: #83655, #83656
ID: 200503-08

Synopsis

A new vulnerability has been discovered in libXpm, which is
included in OpenMotif and LessTif, that can potentially lead to
remote code execution.

Background

LessTif is a clone of OSF/Motif, which is a standard user
interface toolkit available on Unix and Linux. OpenMotif also
provides a free version of the Motif toolkit for open source
applications.

Affected packages

     Package             /   Vulnerable   /                 Unaffected

  1  x11-libs/openmotif      < 2.2.3-r3                    >= 2.2.3-r3
                                                         *>= 2.1.30-r9
  2  x11-libs/lesstif        < 0.94.0-r2                  >= 0.94.0-r2
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.

Description

Chris Gilbert discovered potentially exploitable buffer overflow
cases in libXpm that weren’t fixed in previous libXpm security
advisories.

Impact

A carefully-crafted XPM file could crash applications making use
of the OpenMotif or LessTif toolkits, potentially allowing the
execution of arbitrary code with the privileges of the user running
the application.

Workaround

There is no known workaround at this time.

Resolution

All OpenMotif users should upgrade to an unaffected version:

    # emerge --sync
    # emerge --ask --oneshot --verbose x11-libs/openmotif

All LessTif users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=x11-libs/lesstif-0.94.0-r2"

References

[ 1 ] CAN-2005-0605

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0605

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200503-08.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Mandrakelinux

Mandrakelinux Security Update Advisory

Package name: gftp
Advisory ID: MDKSA-2005:050
Date: March 4th, 2005
Affected versions: 10.0, 10.1, Corporate 3.0, Corporate Server
2.1

Problem Description:

A vulnerability in gftp could allow a malicious FTP server to
overwrite files on the local system as the user running gftp due to
improper handling of filenames containing slashes.

The updated packages are patched to deal with these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0372

Updated Packages:

Mandrakelinux 10.0:
b39b15034eb4d3581c44e100af5d50f0
10.0/RPMS/gftp-2.0.16-4.1.100mdk.i586.rpm
bee5bf5c5003046e739cc8dcd763b5b9
10.0/SRPMS/gftp-2.0.16-4.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
28e4cdeac10a8e809de0f9f5372f516a
amd64/10.0/RPMS/gftp-2.0.16-4.1.100mdk.amd64.rpm
bee5bf5c5003046e739cc8dcd763b5b9
amd64/10.0/SRPMS/gftp-2.0.16-4.1.100mdk.src.rpm

Mandrakelinux 10.1:
629737a4dce0aa18c5c8682f4bc7dc76
10.1/RPMS/gftp-2.0.17-4.1.101mdk.i586.rpm
a412997b5076bbfd58c53c5df23c7897
10.1/SRPMS/gftp-2.0.17-4.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
4d9ceebce6f39c2b426021301bfad778
x86_64/10.1/RPMS/gftp-2.0.17-4.1.101mdk.x86_64.rpm
a412997b5076bbfd58c53c5df23c7897
x86_64/10.1/SRPMS/gftp-2.0.17-4.1.101mdk.src.rpm

Corporate Server 2.1:
812d8ec7003e0efb5ed4f31fade5461e
corporate/2.1/RPMS/gftp-2.0.13-2.1.C21mdk.i586.rpm
73d1194548966c40acfa2f863b590778
corporate/2.1/SRPMS/gftp-2.0.13-2.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
0e62f8cf63c1dfe52a8059c8890efe7d
x86_64/corporate/2.1/RPMS/gftp-2.0.13-2.1.C21mdk.x86_64.rpm
73d1194548966c40acfa2f863b590778
x86_64/corporate/2.1/SRPMS/gftp-2.0.13-2.1.C21mdk.src.rpm

Corporate 3.0:
340f5735280f121bc35301b706d6077e
corporate/3.0/RPMS/gftp-2.0.16-4.1.C30mdk.i586.rpm
15bc999abc88794605dc5df20adb50a4
corporate/3.0/SRPMS/gftp-2.0.16-4.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
9e21985c7ba6224eaa90fbdf9be50cd1
x86_64/corporate/3.0/RPMS/gftp-2.0.16-4.1.C30mdk.x86_64.rpm
15bc999abc88794605dc5df20adb50a4
x86_64/corporate/3.0/SRPMS/gftp-2.0.16-4.1.C30mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>

Mandrakelinux Security Update Advisory

Package name: kdegraphics
Advisory ID: MDKSA-2005:052
Date: March 4th, 2005
Affected versions: 10.0, 10.1, Corporate 3.0

Problem Description:

Previous updates to correct integer overflow issues affecting
xpdf overlooked certain conditions when built for a 64 bit
platform. (formerly CAN-2004-0888). This also affects applications
like kdegraphics, that use embedded versions of xpdf.
(CAN-2005-0206)

In addition, previous libtiff updates overlooked kdegraphics,
which contains and embedded libtiff used for kfax. This update
includes patches to address: CAN-2004-0803, CAN-2004-0804,
CAN-2004-0886, CAN-2004-1183, CAN-2004-1308.

The updated packages are patched to deal with these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0206

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1183

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1308

Updated Packages:

Mandrakelinux 10.0:
2c044b45de1c9f814bbf03111f88d055
10.0/RPMS/kdegraphics-3.2-15.7.100mdk.i586.rpm
908786d8ada468aded38d166eb79ff37
10.0/RPMS/kdegraphics-common-3.2-15.7.100mdk.i586.rpm
0c08afbffb983a561c3b84b247bf30a1
10.0/RPMS/kdegraphics-kdvi-3.2-15.7.100mdk.i586.rpm
3ce44449e5ca09eb227eb585008748ec
10.0/RPMS/kdegraphics-kfax-3.2-15.7.100mdk.i586.rpm
429d0bfc9993be0808459dc365b612f2
10.0/RPMS/kdegraphics-kghostview-3.2-15.7.100mdk.i586.rpm
75a8df358ecde03a64501dfabef6cbbd
10.0/RPMS/kdegraphics-kiconedit-3.2-15.7.100mdk.i586.rpm
ff9f857e97b2d65ac23d03a30c34c0ed
10.0/RPMS/kdegraphics-kooka-3.2-15.7.100mdk.i586.rpm
f2383fae2a858fc40f5a3968f729a11c
10.0/RPMS/kdegraphics-kpaint-3.2-15.7.100mdk.i586.rpm
c87fdba83e3f462b46653488f6ad3a7a
10.0/RPMS/kdegraphics-kpdf-3.2-15.7.100mdk.i586.rpm
bcb98870c086189c5087887639b5c5fa
10.0/RPMS/kdegraphics-kpovmodeler-3.2-15.7.100mdk.i586.rpm
ae091363ed78b826045e2b49d2d0ddf1
10.0/RPMS/kdegraphics-kruler-3.2-15.7.100mdk.i586.rpm
6b8eb615b7e0b978665da59334fe9bc0
10.0/RPMS/kdegraphics-ksnapshot-3.2-15.7.100mdk.i586.rpm
2616416638e57dc6408f8491c87f4785
10.0/RPMS/kdegraphics-ksvg-3.2-15.7.100mdk.i586.rpm
620339d42c7467569c31cd18c61519a5
10.0/RPMS/kdegraphics-kuickshow-3.2-15.7.100mdk.i586.rpm
6a5fe174f4dbe123c96b94c8e0580e91
10.0/RPMS/kdegraphics-kview-3.2-15.7.100mdk.i586.rpm
48eb166d94d89b8d8ef6f47295a657e1
10.0/RPMS/kdegraphics-mrmlsearch-3.2-15.7.100mdk.i586.rpm
b517cf8603ff96100a421ce50a73772e
10.0/RPMS/libkdegraphics0-common-3.2-15.7.100mdk.i586.rpm
f5910e936bf142e3ef990964ea34d56e
10.0/RPMS/libkdegraphics0-common-devel-3.2-15.7.100mdk.i586.rpm
ae509f0d76d796f81285ebf64ccedf91
10.0/RPMS/libkdegraphics0-kooka-3.2-15.7.100mdk.i586.rpm
6aabff02fcbfcddadebd447a2aff4424
10.0/RPMS/libkdegraphics0-kooka-devel-3.2-15.7.100mdk.i586.rpm
f2bdcff31443a512b2e83f80aeff1aca
10.0/RPMS/libkdegraphics0-kpovmodeler-3.2-15.7.100mdk.i586.rpm
8c52d2120120481554503e5fcd4f7454
10.0/RPMS/libkdegraphics0-kpovmodeler-devel-3.2-15.7.100mdk.i586.rpm

3afe028d8586c0343d90a7c3f154d9a2
10.0/RPMS/libkdegraphics0-ksvg-3.2-15.7.100mdk.i586.rpm
b83c4ad0cf21e8da9e4627cf41a087c0
10.0/RPMS/libkdegraphics0-ksvg-devel-3.2-15.7.100mdk.i586.rpm
71487ed6ab5e6efffca26395da24925e
10.0/RPMS/libkdegraphics0-kuickshow-3.2-15.7.100mdk.i586.rpm
36d0bd5d469e2b584e82e8d60b1b847c
10.0/RPMS/libkdegraphics0-kview-3.2-15.7.100mdk.i586.rpm
ba0e3b2449ee2c65d840492deed81000
10.0/RPMS/libkdegraphics0-kview-devel-3.2-15.7.100mdk.i586.rpm
5874053668b501622eca870e1221f8d9
10.0/RPMS/libkdegraphics0-mrmlsearch-3.2-15.7.100mdk.i586.rpm
09299cd03a5918802d99e789225ffcf5
10.0/SRPMS/kdegraphics-3.2-15.7.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
1bca697e2a04046e98f5999082764573
amd64/10.0/RPMS/kdegraphics-3.2-15.7.100mdk.amd64.rpm
7d41ec8890268f088c933622cc66e27c
amd64/10.0/RPMS/kdegraphics-common-3.2-15.7.100mdk.amd64.rpm
f255a2cfebfd0108ea9996068b311d2d
amd64/10.0/RPMS/kdegraphics-kdvi-3.2-15.7.100mdk.amd64.rpm
7da2484c8f8d616dd05aa805d364a00c
amd64/10.0/RPMS/kdegraphics-kfax-3.2-15.7.100mdk.amd64.rpm
0e4e0397bf5292cc524b8434a569113d
amd64/10.0/RPMS/kdegraphics-kghostview-3.2-15.7.100mdk.amd64.rpm

dbe26320bb91bca66b700ebb57c80f26
amd64/10.0/RPMS/kdegraphics-kiconedit-3.2-15.7.100mdk.amd64.rpm
0f72abc67165349ff743898de6478791
amd64/10.0/RPMS/kdegraphics-kooka-3.2-15.7.100mdk.amd64.rpm
cb565badfb24e5bb1bac9049f5a00faa
amd64/10.0/RPMS/kdegraphics-kpaint-3.2-15.7.100mdk.amd64.rpm
55b9e23bb507d545dd1f3019b95d3f42
amd64/10.0/RPMS/kdegraphics-kpdf-3.2-15.7.100mdk.amd64.rpm
b715fe65eefad799229c584a01d74d02
amd64/10.0/RPMS/kdegraphics-kpovmodeler-3.2-15.7.100mdk.amd64.rpm

634fdf99dbd919ac00de30a315ce7129
amd64/10.0/RPMS/kdegraphics-kruler-3.2-15.7.100mdk.amd64.rpm
a5a6d738e83e172e43f0dead1f81ea5a
amd64/10.0/RPMS/kdegraphics-ksnapshot-3.2-15.7.100mdk.amd64.rpm
3cf4cabbca00c13b073fa089ab7a0f3b
amd64/10.0/RPMS/kdegraphics-ksvg-3.2-15.7.100mdk.amd64.rpm
f25489b6f86e44a2ef386ee635c61c74
amd64/10.0/RPMS/kdegraphics-kuickshow-3.2-15.7.100mdk.amd64.rpm
cab16221e3c4b4490f20cb943460bbdf
amd64/10.0/RPMS/kdegraphics-kview-3.2-15.7.100mdk.amd64.rpm
841a13b3b15673bf7523eb7132949a10
amd64/10.0/RPMS/kdegraphics-mrmlsearch-3.2-15.7.100mdk.amd64.rpm

686753ba7de12a113fb137c82051334a
amd64/10.0/RPMS/lib64kdegraphics0-common-3.2-15.7.100mdk.amd64.rpm

52dc25f72492444826705c11ae06974d
amd64/10.0/RPMS/lib64kdegraphics0-common-devel-3.2-15.7.100mdk.amd64.rpm

fd868a1fa919fb615edbf47427a46744
amd64/10.0/RPMS/lib64kdegraphics0-kooka-3.2-15.7.100mdk.amd64.rpm

ddbe5d93fdb49c2a8d562c5bd51bf574
amd64/10.0/RPMS/lib64kdegraphics0-kooka-devel-3.2-15.7.100mdk.amd64.rpm

1448d97f8a0f343f8642434396c0a0bd
amd64/10.0/RPMS/lib64kdegraphics0-kpovmodeler-3.2-15.7.100mdk.amd64.rpm

2c726c2664944d2362acd0d1f5d7f051
amd64/10.0/RPMS/lib64kdegraphics0-kpovmodeler-devel-3.2-15.7.100mdk.amd64.rpm

c914f7ad392b5902b0bbe876d3d2e3d8
amd64/10.0/RPMS/lib64kdegraphics0-ksvg-3.2-15.7.100mdk.amd64.rpm

22db1e8b0a645f9dac1340cb0d8f2191
amd64/10.0/RPMS/lib64kdegraphics0-ksvg-devel-3.2-15.7.100mdk.amd64.rpm

d51c46b7840554bbf56f75db82005ce3
amd64/10.0/RPMS/lib64kdegraphics0-kuickshow-3.2-15.7.100mdk.amd64.rpm

c319d7bf5feba22fd385b0f0a45c68f7
amd64/10.0/RPMS/lib64kdegraphics0-kview-3.2-15.7.100mdk.amd64.rpm

581d3624b0fded098d698d0350ec0b76
amd64/10.0/RPMS/lib64kdegraphics0-kview-devel-3.2-15.7.100mdk.amd64.rpm

ab37317d9765dd0d1cb8ca691df782e7
amd64/10.0/RPMS/lib64kdegraphics0-mrmlsearch-3.2-15.7.100mdk.amd64.rpm

09299cd03a5918802d99e789225ffcf5
amd64/10.0/SRPMS/kdegraphics-3.2-15.7.100mdk.src.rpm

Mandrakelinux 10.1:
cffaba3cf977ea184adf80456d494642
10.1/RPMS/kdegraphics-3.2.3-17.6.101mdk.i586.rpm
20bd54b363b9075be147c9710697c1c7
10.1/RPMS/kdegraphics-common-3.2.3-17.6.101mdk.i586.rpm
dcfe2b43ee6f1d4ce60d8e191a72f508
10.1/RPMS/kdegraphics-kdvi-3.2.3-17.6.101mdk.i586.rpm
01602508615c6fc503a4cb4ff421dbba
10.1/RPMS/kdegraphics-kfax-3.2.3-17.6.101mdk.i586.rpm
4347ad2eae597f46dd18c745d5792b75
10.1/RPMS/kdegraphics-kghostview-3.2.3-17.6.101mdk.i586.rpm
ddefae520018c92032cb58cd61432eeb
10.1/RPMS/kdegraphics-kiconedit-3.2.3-17.6.101mdk.i586.rpm
95f4efefc6749dd40952757fc4ea6f7c
10.1/RPMS/kdegraphics-kooka-3.2.3-17.6.101mdk.i586.rpm
dd6730e44be4f4f9c90ad502c0c152e3
10.1/RPMS/kdegraphics-kpaint-3.2.3-17.6.101mdk.i586.rpm
ffc2231be866cae811f7c2940b191e55
10.1/RPMS/kdegraphics-kpdf-3.2.3-17.6.101mdk.i586.rpm
75ef94f6090d2717763997ae342c9d87
10.1/RPMS/kdegraphics-kpovmodeler-3.2.3-17.6.101mdk.i586.rpm
22c3701bd4dfcd15b8d3020bf0463300
10.1/RPMS/kdegraphics-kruler-3.2.3-17.6.101mdk.i586.rpm
f1db088ac6ae6f1401c8989eb26dffe6
10.1/RPMS/kdegraphics-ksnapshot-3.2.3-17.6.101mdk.i586.rpm
f701b39a1410c309f28e58c51cb3691a
10.1/RPMS/kdegraphics-ksvg-3.2.3-17.6.101mdk.i586.rpm
f53ab2d020b23355371dd71e2d7cc5c5
10.1/RPMS/kdegraphics-kuickshow-3.2.3-17.6.101mdk.i586.rpm
809ad101d6883a2cf1b24268165da31a
10.1/RPMS/kdegraphics-kview-3.2.3-17.6.101mdk.i586.rpm
e57872a0c2494dcdca1dc59276fe1791
10.1/RPMS/kdegraphics-mrmlsearch-3.2.3-17.6.101mdk.i586.rpm
ba351b5fc8f9ac39644dd2c8116af7af
10.1/RPMS/libkdegraphics0-common-3.2.3-17.6.101mdk.i586.rpm
554141a04daa621ce46e27516bac81cf
10.1/RPMS/libkdegraphics0-common-devel-3.2.3-17.6.101mdk.i586.rpm

08e819b29d9c878555b2eca829d3ed43
10.1/RPMS/libkdegraphics0-kghostview-3.2.3-17.6.101mdk.i586.rpm
2fd131d2217f7b0a6d8f6f27f4706ce4
10.1/RPMS/libkdegraphics0-kghostview-devel-3.2.3-17.6.101mdk.i586.rpm

526292fb412d2f9c74a2aeb21b1b171e
10.1/RPMS/libkdegraphics0-kooka-3.2.3-17.6.101mdk.i586.rpm
b66775f4903077c438a81dfec7d717c9
10.1/RPMS/libkdegraphics0-kooka-devel-3.2.3-17.6.101mdk.i586.rpm

2a0a8fe2a53a9e1107aca10e9f6eb380
10.1/RPMS/libkdegraphics0-kpovmodeler-3.2.3-17.6.101mdk.i586.rpm

d94c21598a1a7472f38be5b18e8bf80e
10.1/RPMS/libkdegraphics0-kpovmodeler-devel-3.2.3-17.6.101mdk.i586.rpm

84f8c210b6b0deb984b4ba00554ee294
10.1/RPMS/libkdegraphics0-ksvg-3.2.3-17.6.101mdk.i586.rpm
26964c46bac9b629dea05be26c14df4d
10.1/RPMS/libkdegraphics0-ksvg-devel-3.2.3-17.6.101mdk.i586.rpm
d396c5030229a2a205ab627998199edb
10.1/RPMS/libkdegraphics0-kuickshow-3.2.3-17.6.101mdk.i586.rpm
a319545293db3114ad08c5324e3c7c47
10.1/RPMS/libkdegraphics0-kview-3.2.3-17.6.101mdk.i586.rpm
a7a115397b48c8a415263c4da545a9c6
10.1/RPMS/libkdegraphics0-kview-devel-3.2.3-17.6.101mdk.i586.rpm

e87e7c3d33361307b1509134fb1cf480
10.1/RPMS/libkdegraphics0-mrmlsearch-3.2.3-17.6.101mdk.i586.rpm
f88ed91b51df2448fb2f3c90232bb696
10.1/SRPMS/kdegraphics-3.2.3-17.6.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
75fa820aadefdf276d439fb2e24d365b
x86_64/10.1/RPMS/kdegraphics-3.2.3-17.6.101mdk.x86_64.rpm
83a42afdfa10f9a9625980865227238a
x86_64/10.1/RPMS/kdegraphics-common-3.2.3-17.6.101mdk.x86_64.rpm

28bdb8e8a18757c789665c9c09603ca1
x86_64/10.1/RPMS/kdegraphics-kdvi-3.2.3-17.6.101mdk.x86_64.rpm
04dde55b37d635c0b3501fc7a1d46319
x86_64/10.1/RPMS/kdegraphics-kfax-3.2.3-17.6.101mdk.x86_64.rpm
b9771318536ec9c521ff97ea9749b94b
x86_64/10.1/RPMS/kdegraphics-kghostview-3.2.3-17.6.101mdk.x86_64.rpm

0c0a5194f86d0e11501fad48b261bbd4
x86_64/10.1/RPMS/kdegraphics-kiconedit-3.2.3-17.6.101mdk.x86_64.rpm

e5a114da11ec948dbe2dbbb7800d0ba6
x86_64/10.1/RPMS/kdegraphics-kooka-3.2.3-17.6.101mdk.x86_64.rpm
544a9f8c661cecda45b068526c3720b1
x86_64/10.1/RPMS/kdegraphics-kpaint-3.2.3-17.6.101mdk.x86_64.rpm

5f70b3d662f3bf7bee932fc2c5811a86
x86_64/10.1/RPMS/kdegraphics-kpdf-3.2.3-17.6.101mdk.x86_64.rpm
1dbe39cc284d3af62a0b17ef8e114538
x86_64/10.1/RPMS/kdegraphics-kpovmodeler-3.2.3-17.6.101mdk.x86_64.rpm

f5d073cc03b5906afa27a77688dfbfac
x86_64/10.1/RPMS/kdegraphics-kruler-3.2.3-17.6.101mdk.x86_64.rpm

444278d216b84cfd7f50b59e34b8f911
x86_64/10.1/RPMS/kdegraphics-ksnapshot-3.2.3-17.6.101mdk.x86_64.rpm

c0fcf82120b4d406b7b659967497f047
x86_64/10.1/RPMS/kdegraphics-ksvg-3.2.3-17.6.101mdk.x86_64.rpm
11f7c99bf2dcb2a497d379cd62aeacc1
x86_64/10.1/RPMS/kdegraphics-kuickshow-3.2.3-17.6.101mdk.x86_64.rpm

db47ff720a6fdc66deaa9d5b1dd4204b
x86_64/10.1/RPMS/kdegraphics-kview-3.2.3-17.6.101mdk.x86_64.rpm
a76666265880afb772b141f0e11fe111
x86_64/10.1/RPMS/kdegraphics-mrmlsearch-3.2.3-17.6.101mdk.x86_64.rpm

4757b83bf5e2f1854cca0d2037802877
x86_64/10.1/RPMS/lib64kdegraphics0-common-3.2.3-17.6.101mdk.x86_64.rpm

c4c2c44edb119653b8a2b61bde14df3d
x86_64/10.1/RPMS/lib64kdegraphics0-common-devel-3.2.3-17.6.101mdk.x86_64.rpm

d344b9dbd3ce873c1672294fe56aa41a
x86_64/10.1/RPMS/lib64kdegraphics0-kghostview-3.2.3-17.6.101mdk.x86_64.rpm

dcc543a33dfbc66687d3a044e54799a7
x86_64/10.1/RPMS/lib64kdegraphics0-kghostview-devel-3.2.3-17.6.101mdk.x86_64.rpm

ed46fc00ce534249fd0e6619b30acbc3
x86_64/10.1/RPMS/lib64kdegraphics0-kooka-3.2.3-17.6.101mdk.x86_64.rpm

f939761d81cb76e9f1c941053cc2c935
x86_64/10.1/RPMS/lib64kdegraphics0-kooka-devel-3.2.3-17.6.101mdk.x86_64.rpm

e79047a8a2f50deec546ec15274b8fbf
x86_64/10.1/RPMS/lib64kdegraphics0-kpovmodeler-3.2.3-17.6.101mdk.x86_64.rpm

52859e2cb424e396231e706839d3a45b
x86_64/10.1/RPMS/lib64kdegraphics0-kpovmodeler-devel-3.2.3-17.6.101mdk.x86_64.rpm

5f536f2f9b87135aea2f8562747b2e09
x86_64/10.1/RPMS/lib64kdegraphics0-ksvg-3.2.3-17.6.101mdk.x86_64.rpm

e4e35870b1f34f3fcbe81e86f6bfba42
x86_64/10.1/RPMS/lib64kdegraphics0-ksvg-devel-3.2.3-17.6.101mdk.x86_64.rpm

a0ae2ad1e7c77f49c4170b93f0d01426
x86_64/10.1/RPMS/lib64kdegraphics0-kuickshow-3.2.3-17.6.101mdk.x86_64.rpm

d55cd572007ebcb1efd1384314662be3
x86_64/10.1/RPMS/lib64kdegraphics0-kview-3.2.3-17.6.101mdk.x86_64.rpm

16e1e3b1026903e0681ccad04fcf763e
x86_64/10.1/RPMS/lib64kdegraphics0-kview-devel-3.2.3-17.6.101mdk.x86_64.rpm

62a2c347367639e259fc292da105c3dc
x86_64/10.1/RPMS/lib64kdegraphics0-mrmlsearch-3.2.3-17.6.101mdk.x86_64.rpm

ba351b5fc8f9ac39644dd2c8116af7af
x86_64/10.1/RPMS/libkdegraphics0-common-3.2.3-17.6.101mdk.i586.rpm

08e819b29d9c878555b2eca829d3ed43
x86_64/10.1/RPMS/libkdegraphics0-kghostview-3.2.3-17.6.101mdk.i586.rpm

526292fb412d2f9c74a2aeb21b1b171e
x86_64/10.1/RPMS/libkdegraphics0-kooka-3.2.3-17.6.101mdk.i586.rpm

2a0a8fe2a53a9e1107aca10e9f6eb380
x86_64/10.1/RPMS/libkdegraphics0-kpovmodeler-3.2.3-17.6.101mdk.i586.rpm

84f8c210b6b0deb984b4ba00554ee294
x86_64/10.1/RPMS/libkdegraphics0-ksvg-3.2.3-17.6.101mdk.i586.rpm

d396c5030229a2a205ab627998199edb
x86_64/10.1/RPMS/libkdegraphics0-kuickshow-3.2.3-17.6.101mdk.i586.rpm

a319545293db3114ad08c5324e3c7c47
x86_64/10.1/RPMS/libkdegraphics0-kview-3.2.3-17.6.101mdk.i586.rpm

e87e7c3d33361307b1509134fb1cf480
x86_64/10.1/RPMS/libkdegraphics0-mrmlsearch-3.2.3-17.6.101mdk.i586.rpm

f88ed91b51df2448fb2f3c90232bb696
x86_64/10.1/SRPMS/kdegraphics-3.2.3-17.6.101mdk.src.rpm

Corporate 3.0:
7bdd690051a2781f13499c39e34712a9
corporate/3.0/RPMS/kdegraphics-3.2-15.7.C30mdk.i586.rpm
461c16c30e583470e478fd50b648c000
corporate/3.0/RPMS/kdegraphics-common-3.2-15.7.C30mdk.i586.rpm
8b6223bf1127b4116150ab6609c00767
corporate/3.0/RPMS/kdegraphics-kdvi-3.2-15.7.C30mdk.i586.rpm
45308a6cae8e33b443d998c966cc0c64
corporate/3.0/RPMS/kdegraphics-kfax-3.2-15.7.C30mdk.i586.rpm
2c0c46baffa9b36f91a37957e92620bf
corporate/3.0/RPMS/kdegraphics-kghostview-3.2-15.7.C30mdk.i586.rpm

3c88e7d1440b0cb727a8a69abfefd940
corporate/3.0/RPMS/kdegraphics-kiconedit-3.2-15.7.C30mdk.i586.rpm

4d24f84e1b964066a2a991c2b231cf7d
corporate/3.0/RPMS/kdegraphics-kooka-3.2-15.7.C30mdk.i586.rpm
9b0e4508982e861861b0b2e3c1c11d18
corporate/3.0/RPMS/kdegraphics-kpaint-3.2-15.7.C30mdk.i586.rpm
ac4339e19f980ade9fc4e4ef1c593508
corporate/3.0/RPMS/kdegraphics-kpdf-3.2-15.7.C30mdk.i586.rpm
20e41ae5af1220db1b58b963f31fb62a
corporate/3.0/RPMS/kdegraphics-kpovmodeler-3.2-15.7.C30mdk.i586.rpm

431670eff06780069e633d3a44bcbcd2
corporate/3.0/RPMS/kdegraphics-kruler-3.2-15.7.C30mdk.i586.rpm
deaaf84d7f78e1589e65550f2aea4f64
corporate/3.0/RPMS/kdegraphics-ksnapshot-3.2-15.7.C30mdk.i586.rpm

eef3bc6cd0cc5c798197a1a33b6977ef
corporate/3.0/RPMS/kdegraphics-ksvg-3.2-15.7.C30mdk.i586.rpm
de4e889fe54d997d238e33215352aa47
corporate/3.0/RPMS/kdegraphics-kuickshow-3.2-15.7.C30mdk.i586.rpm

1c533d666e6cf9d70ea3d52910c65d15
corporate/3.0/RPMS/kdegraphics-kview-3.2-15.7.C30mdk.i586.rpm
261619603a82c8498f5467b695ab39de
corporate/3.0/RPMS/kdegraphics-mrmlsearch-3.2-15.7.C30mdk.i586.rpm

0c743f8255079b7c062a9cc79ff0a71a
corporate/3.0/RPMS/libkdegraphics0-common-3.2-15.7.C30mdk.i586.rpm

e9fd93e0d384207e1f8c65ce3298de61
corporate/3.0/RPMS/libkdegraphics0-common-devel-3.2-15.7.C30mdk.i586.rpm

262f440373aeb4bba5b4bf581b4d1f7f
corporate/3.0/RPMS/libkdegraphics0-kooka-3.2-15.7.C30mdk.i586.rpm

2b422efc78edbfe73049bd036f003285
corporate/3.0/RPMS/libkdegraphics0-kooka-devel-3.2-15.7.C30mdk.i586.rpm

2dd452c9479e772cc0183888cea9a4f1
corporate/3.0/RPMS/libkdegraphics0-kpovmodeler-3.2-15.7.C30mdk.i586.rpm

a24170ad28e8dccc0ae39d0157a608f1
corporate/3.0/RPMS/libkdegraphics0-kpovmodeler-devel-3.2-15.7.C30mdk.i586.rpm

417c745c15fae6160d2c63bc61ede610
corporate/3.0/RPMS/libkdegraphics0-ksvg-3.2-15.7.C30mdk.i586.rpm

138256fcb7ac8f6130d8e8604678bbc7
corporate/3.0/RPMS/libkdegraphics0-ksvg-devel-3.2-15.7.C30mdk.i586.rpm

56a1c761e35d0b72e0d93c32db379afd
corporate/3.0/RPMS/libkdegraphics0-kuickshow-3.2-15.7.C30mdk.i586.rpm

1232af85c1f6927b546bed77315c9dd5
corporate/3.0/RPMS/libkdegraphics0-kview-3.2-15.7.C30mdk.i586.rpm

cebd2a74d0e90f21cdd40c2817f2aaee
corporate/3.0/RPMS/libkdegraphics0-kview-devel-3.2-15.7.C30mdk.i586.rpm

5f1b99f08ff5b023568c0b6d5ceb655d
corporate/3.0/RPMS/libkdegraphics0-mrmlsearch-3.2-15.7.C30mdk.i586.rpm

bb41a4c451ff10f36af329728d2b89f1
corporate/3.0/SRPMS/kdegraphics-3.2-15.7.C30mdk.src.rpm

Corporate 3.0/X86_64:
fe282cca73d9d5bb2e1eb987f78d06c1
x86_64/corporate/3.0/RPMS/kdegraphics-3.2-15.7.C30mdk.x86_64.rpm

4d5ce420686681668074d60b2bcd0e2b
x86_64/corporate/3.0/RPMS/kdegraphics-common-3.2-15.7.C30mdk.x86_64.rpm

c8ecce0b52ade90e58fa53361eaaaafc
x86_64/corporate/3.0/RPMS/kdegraphics-kdvi-3.2-15.7.C30mdk.x86_64.rpm

fda15766522630c574c138871b9b2e37
x86_64/corporate/3.0/RPMS/kdegraphics-kfax-3.2-15.7.C30mdk.x86_64.rpm

88bd0a320879f3cba14715f2eb0ac248
x86_64/corporate/3.0/RPMS/kdegraphics-kghostview-3.2-15.7.C30mdk.x86_64.rpm

4b59ec6414c9a2c5ce694c005a1af164
x86_64/corporate/3.0/RPMS/kdegraphics-kiconedit-3.2-15.7.C30mdk.x86_64.rpm

f8e94d373255b76723da972883c6f2a9
x86_64/corporate/3.0/RPMS/kdegraphics-kooka-3.2-15.7.C30mdk.x86_64.rpm

1137a6f2eef7eecf5cb001cc591542e9
x86_64/corporate/3.0/RPMS/kdegraphics-kpaint-3.2-15.7.C30mdk.x86_64.rpm

1794bef38df17af42548c6f20099bc60
x86_64/corporate/3.0/RPMS/kdegraphics-kpdf-3.2-15.7.C30mdk.x86_64.rpm

78dc61afc44f628e7eb698113fc8a090
x86_64/corporate/3.0/RPMS/kdegraphics-kpovmodeler-3.2-15.7.C30mdk.x86_64.rpm

0ce5a26731cb12d3c488da229f1b323d
x86_64/corporate/3.0/RPMS/kdegraphics-kruler-3.2-15.7.C30mdk.x86_64.rpm

4d5b07f7625b23bee4b7a4f652727ca6
x86_64/corporate/3.0/RPMS/kdegraphics-ksnapshot-3.2-15.7.C30mdk.x86_64.rpm

7863ea6b566c7a24ffd93129684a8499
x86_64/corporate/3.0/RPMS/kdegraphics-ksvg-3.2-15.7.C30mdk.x86_64.rpm

d639f55ba2ef4b043a9892774e97351c
x86_64/corporate/3.0/RPMS/kdegraphics-kuickshow-3.2-15.7.C30mdk.x86_64.rpm

730f45d6866474d3b73df5f74b458c97
x86_64/corporate/3.0/RPMS/kdegraphics-kview-3.2-15.7.C30mdk.x86_64.rpm

b34bef10e6fda5258e6d4f1da03e0204
x86_64/corporate/3.0/RPMS/kdegraphics-mrmlsearch-3.2-15.7.C30mdk.x86_64.rpm

a57b4d715199246d5656d37d14127bac
x86_64/corporate/3.0/RPMS/lib64kdegraphics0-common-3.2-15.7.C30mdk.x86_64.rpm

3633fb94d4dd9c3bbf3eb11c42fbc340
x86_64/corporate/3.0/RPMS/lib64kdegraphics0-common-devel-3.2-15.7.C30mdk.x86_64.rpm

26dbcf1edb8dc7c054925627219d878e
x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kooka-3.2-15.7.C30mdk.x86_64.rpm

dcd411e2bd6b513092119aad228abf7c
x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kooka-devel-3.2-15.7.C30mdk.x86_64.rpm

39d72b68f1a165ae7a6b08d6326fbe44
x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kpovmodeler-3.2-15.7.C30mdk.x86_64.rpm

76ba1035a689d12e65fbe217164d614a
x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kpovmodeler-devel-3.2-15.7.C30mdk.x86_64.rpm

9b05ac48eb3cf168cb47c39a0cd5c976
x86_64/corporate/3.0/RPMS/lib64kdegraphics0-ksvg-3.2-15.7.C30mdk.x86_64.rpm

2d8191c598086eeb39feee5378734d45
x86_64/corporate/3.0/RPMS/lib64kdegraphics0-ksvg-devel-3.2-15.7.C30mdk.x86_64.rpm

40078e8849d2e9a808a1bd2aa18f8cca
x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kuickshow-3.2-15.7.C30mdk.x86_64.rpm

1c9824d9aa8a06b765e06695fc879d83
x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kview-3.2-15.7.C30mdk.x86_64.rpm

1fa35be24b75f60bd4908b90a0714fbe
x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kview-devel-3.2-15.7.C30mdk.x86_64.rpm

d4d7e340d45a6df54ed5d10ee44806f6
x86_64/corporate/3.0/RPMS/lib64kdegraphics0-mrmlsearch-3.2-15.7.C30mdk.x86_64.rpm

bb41a4c451ff10f36af329728d2b89f1
x86_64/corporate/3.0/SRPMS/kdegraphics-3.2-15.7.C30mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>

Mandrakelinux Security Update Advisory

Package name: cyrus-imapd
Advisory ID: MDKSA-2005:051
Date: March 4th, 2005
Affected versions: 10.0, 10.1, Corporate 3.0

Problem Description:

Several overruns have been fixed in the IMAP annote extension as
well as in cached header handling which can be run by an
authenticated user. As well, additional bounds checking in
fetchnews was improved to avoid exploitation by a peer news
admin.

References:


http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=33723

Updated Packages:

Mandrakelinux 10.0:
15b7624cdc9037f9c4e79c600073ecf8
10.0/RPMS/cyrus-imapd-2.1.16-5.4.100mdk.i586.rpm
05600c038393a440b049b61e561221c3
10.0/RPMS/cyrus-imapd-devel-2.1.16-5.4.100mdk.i586.rpm
785c6f762ef8653dbd94820b0b6381a1
10.0/RPMS/cyrus-imapd-murder-2.1.16-5.4.100mdk.i586.rpm
c11e66f88672e11d1702725479a7f0d5
10.0/RPMS/cyrus-imapd-utils-2.1.16-5.4.100mdk.i586.rpm
71aa4e964c66ad49b2ae669cbb6e9bd1
10.0/RPMS/perl-Cyrus-2.1.16-5.4.100mdk.i586.rpm
ffeeb4eb0f65ca39e11c180601a35d68
10.0/SRPMS/cyrus-imapd-2.1.16-5.4.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
e8c78f838cca93171d2f8cd5c8c9a879
amd64/10.0/RPMS/cyrus-imapd-2.1.16-5.4.100mdk.amd64.rpm
e5477d6d98bc82e9ab8c1a839055cc43
amd64/10.0/RPMS/cyrus-imapd-devel-2.1.16-5.4.100mdk.amd64.rpm
a89538a6bc145fec9e2b6b17e37d2e5e
amd64/10.0/RPMS/cyrus-imapd-murder-2.1.16-5.4.100mdk.amd64.rpm
52b24414eee9d6fea4fe2ddf4f27bd1f
amd64/10.0/RPMS/cyrus-imapd-utils-2.1.16-5.4.100mdk.amd64.rpm
f802162383bf61b4d9187e180b2c2bf1
amd64/10.0/RPMS/perl-Cyrus-2.1.16-5.4.100mdk.amd64.rpm
ffeeb4eb0f65ca39e11c180601a35d68
amd64/10.0/SRPMS/cyrus-imapd-2.1.16-5.4.100mdk.src.rpm

Mandrakelinux 10.1:
f6cdca31a854112c2ca5f74776776f1c
10.1/RPMS/cyrus-imapd-2.2.8-4.2.101mdk.i586.rpm
8b5794bf11f4b7999830efa69e2d28f8
10.1/RPMS/cyrus-imapd-devel-2.2.8-4.2.101mdk.i586.rpm
4c11340d7e1f25bd0ab640a6d716ddd0
10.1/RPMS/cyrus-imapd-murder-2.2.8-4.2.101mdk.i586.rpm
0f0e1f74726f916c0e34f2d297f7fb98
10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.2.101mdk.i586.rpm
e336fb5ddea4b2b97e91aad061293160
10.1/RPMS/cyrus-imapd-utils-2.2.8-4.2.101mdk.i586.rpm
3a9335988510ec620e6a111f92aefb48
10.1/RPMS/perl-Cyrus-2.2.8-4.2.101mdk.i586.rpm
525da02530ca95c483aca8267b759219
10.1/SRPMS/cyrus-imapd-2.2.8-4.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
230bb0fcbe79666f2e7a58d86320277e
x86_64/10.1/RPMS/cyrus-imapd-2.2.8-4.2.101mdk.x86_64.rpm
7b9c9cd889f294a04952d6e4491ac8bf
x86_64/10.1/RPMS/cyrus-imapd-devel-2.2.8-4.2.101mdk.x86_64.rpm
d859ab07c750bfdfd50f770bd7e3c54d
x86_64/10.1/RPMS/cyrus-imapd-murder-2.2.8-4.2.101mdk.x86_64.rpm
1b88303a5c38ebf4dfff3867d95db3cf
x86_64/10.1/RPMS/cyrus-imapd-nntp-2.2.8-4.2.101mdk.x86_64.rpm
82ae917972b5cf748d7ba2401da0ec83
x86_64/10.1/RPMS/cyrus-imapd-utils-2.2.8-4.2.101mdk.x86_64.rpm
b8c33ab3333f8c6757bc554f1b735d8f
x86_64/10.1/RPMS/perl-Cyrus-2.2.8-4.2.101mdk.x86_64.rpm
525da02530ca95c483aca8267b759219
x86_64/10.1/SRPMS/cyrus-imapd-2.2.8-4.2.101mdk.src.rpm

Corporate 3.0:
5f9b9b9352a4bf01e1d7d60bc0b2acd4
corporate/3.0/RPMS/cyrus-imapd-2.1.16-5.4.C30mdk.i586.rpm
611e40f49b42c9bef517f577ae84e118
corporate/3.0/RPMS/cyrus-imapd-devel-2.1.16-5.4.C30mdk.i586.rpm
c5a7d27fec6bf10bc5a423d5228c3c97
corporate/3.0/RPMS/cyrus-imapd-murder-2.1.16-5.4.C30mdk.i586.rpm

ddaafa645b1052c4008805a6755983c6
corporate/3.0/RPMS/cyrus-imapd-utils-2.1.16-5.4.C30mdk.i586.rpm
00b8785bd521991143ab1dac0d5862c1
corporate/3.0/RPMS/perl-Cyrus-2.1.16-5.4.C30mdk.i586.rpm
709aa090996e807f3370552cb810f15e
corporate/3.0/SRPMS/cyrus-imapd-2.1.16-5.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
b6b638cfe6bffc99873d5ee0b0fcd8d0
x86_64/corporate/3.0/RPMS/cyrus-imapd-2.1.16-5.4.C30mdk.x86_64.rpm

2f4d38c95aaf387e3d60c3ccf5fa16eb
x86_64/corporate/3.0/RPMS/cyrus-imapd-devel-2.1.16-5.4.C30mdk.x86_64.rpm

47e1de6c31502c7b799eff36a555b5bd
x86_64/corporate/3.0/RPMS/cyrus-imapd-murder-2.1.16-5.4.C30mdk.x86_64.rpm

dfbb236b3d834829b29ddcb49a0261b0
x86_64/corporate/3.0/RPMS/cyrus-imapd-utils-2.1.16-5.4.C30mdk.x86_64.rpm

74c7c8947715bf3c911b691afc46c8ea
x86_64/corporate/3.0/RPMS/perl-Cyrus-2.1.16-5.4.C30mdk.x86_64.rpm

709aa090996e807f3370552cb810f15e
x86_64/corporate/3.0/SRPMS/cyrus-imapd-2.1.16-5.4.C30mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>

Mandrakelinux Security Update Advisory

Package name: gaim
Advisory ID: MDKSA-2005:049
Date: March 4th, 2005
Affected versions: 10.0, 10.1, Corporate 3.0

Problem Description:

Gaim versions prior to version 1.1.4 suffer from a few security
issues such as the HTML parses not sufficiently validating its
input. This allowed a remote attacker to crash the Gaim client be
sending certain malformed HTML messages (CAN-2005-0208 and
CAN-2005-0473).

As well, insufficient input validation was also discovered in
the “Oscar” protocol handler, used for ICQ and AIM. By sending
specially crafted packets, remote users could trigger an inifinite
loop in Gaim causing it to become unresponsive and hang
(CAN-2005-0472).

Gaim 1.1.4 is provided and fixes these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0208

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0472

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0473

http://gaim.sourceforge.net/security/index.php?id=10

http://gaim.sourceforge.net/security/index.php?id=11

http://gaim.sourceforge.net/security/index.php?id=12

Updated Packages:

Mandrakelinux 10.0:
ee4aaf22c265f3f6e7f37beccf212301
10.0/RPMS/gaim-1.1.4-2.1.100mdk.i586.rpm
b19bd7c212fa8c9427d88a5fa7b489ef
10.0/RPMS/gaim-devel-1.1.4-2.1.100mdk.i586.rpm
628d5e1b676124e01454dea9ea05aa73
10.0/RPMS/gaim-perl-1.1.4-2.1.100mdk.i586.rpm
797ab3e00c5d0f2616afb86edb782859
10.0/RPMS/gaim-tcl-1.1.4-2.1.100mdk.i586.rpm
8b9e89290a35eb7b4e4e9829e0275312
10.0/RPMS/libgaim-remote0-1.1.4-2.1.100mdk.i586.rpm
519796a3cd3ca9813369b6cb22954f89
10.0/RPMS/libgaim-remote0-devel-1.1.4-2.1.100mdk.i586.rpm
7819e5b641eb8fe7f34e930ff3d699a6
10.0/SRPMS/gaim-1.1.4-2.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
cc92e812426003d7b7e36ea7cee7a96d
amd64/10.0/RPMS/gaim-1.1.4-2.1.100mdk.amd64.rpm
9588ea7e5912fffa33bcb354c38c4a18
amd64/10.0/RPMS/gaim-devel-1.1.4-2.1.100mdk.amd64.rpm
b5a180a8888a5da8e8d323fa9a575e78
amd64/10.0/RPMS/gaim-perl-1.1.4-2.1.100mdk.amd64.rpm
1f591a16acfb9c69204865a41df0a917
amd64/10.0/RPMS/gaim-tcl-1.1.4-2.1.100mdk.amd64.rpm
81a37dafd3c90ece97fd228fe7d733df
amd64/10.0/RPMS/lib64gaim-remote0-1.1.4-2.1.100mdk.amd64.rpm
665f07ab92a205812235526599bf65df
amd64/10.0/RPMS/lib64gaim-remote0-devel-1.1.4-2.1.100mdk.amd64.rpm

7819e5b641eb8fe7f34e930ff3d699a6
amd64/10.0/SRPMS/gaim-1.1.4-2.1.100mdk.src.rpm

Mandrakelinux 10.1:
4cda3906dcb6520428b4f1bc42f6174e
10.1/RPMS/gaim-1.1.4-2.1.101mdk.i586.rpm
49f93da18c44ba5c22c87186e4c0988f
10.1/RPMS/gaim-devel-1.1.4-2.1.101mdk.i586.rpm
0f2dda29cdf649ba976cd0721b5a867c
10.1/RPMS/gaim-gevolution-1.1.4-2.1.101mdk.i586.rpm
1bb9c654b3d226b6209a95248fc1723f
10.1/RPMS/gaim-perl-1.1.4-2.1.101mdk.i586.rpm
d923dad213f3538205b1ef0cac626a35
10.1/RPMS/gaim-tcl-1.1.4-2.1.101mdk.i586.rpm
a930169e43850f519a0eacd11212e78a
10.1/RPMS/libgaim-remote0-1.1.4-2.1.101mdk.i586.rpm
dda84886d6c3f18fc24c5b73621bdaef
10.1/RPMS/libgaim-remote0-devel-1.1.4-2.1.101mdk.i586.rpm
729dca43d227506fcf39e6b8583496fa
10.1/SRPMS/gaim-1.1.4-2.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
697c22ee6faa5a0e5e745ca590704b6f
x86_64/10.1/RPMS/gaim-1.1.4-2.1.101mdk.x86_64.rpm
cd39d48dc21ead77da4c9739e9098de0
x86_64/10.1/RPMS/gaim-devel-1.1.4-2.1.101mdk.x86_64.rpm
01188511f0315df83f46cee36d9d3427
x86_64/10.1/RPMS/gaim-gevolution-1.1.4-2.1.101mdk.x86_64.rpm
5a44092f51a6de2bf1ebb5f516b91cfa
x86_64/10.1/RPMS/gaim-perl-1.1.4-2.1.101mdk.x86_64.rpm
82b356c4f8bd0f43a2bc390ce5c34442
x86_64/10.1/RPMS/gaim-tcl-1.1.4-2.1.101mdk.x86_64.rpm
038bb0b8edfa3eb9716e9bd08d24cd2c
x86_64/10.1/RPMS/lib64gaim-remote0-1.1.4-2.1.101mdk.x86_64.rpm
149c20340da5935666152c83749ca8d0
x86_64/10.1/RPMS/lib64gaim-remote0-devel-1.1.4-2.1.101mdk.x86_64.rpm

729dca43d227506fcf39e6b8583496fa
x86_64/10.1/SRPMS/gaim-1.1.4-2.1.101mdk.src.rpm

Corporate 3.0:
face699482ea9de9d93b42c5c8d5a384
corporate/3.0/RPMS/gaim-1.1.4-2.1.C30mdk.i586.rpm
39a2f2e483c68fb3ca5714a0d27e14e9
corporate/3.0/RPMS/gaim-devel-1.1.4-2.1.C30mdk.i586.rpm
a63a03508343e78353edbe99aca94ec9
corporate/3.0/RPMS/gaim-perl-1.1.4-2.1.C30mdk.i586.rpm
3bbcff0593e85157d0e0bb02dfbfa90c
corporate/3.0/RPMS/gaim-tcl-1.1.4-2.1.C30mdk.i586.rpm
87ac2f9b85cbaf9309c17ce0fbb9daf9
corporate/3.0/RPMS/libgaim-remote0-1.1.4-2.1.C30mdk.i586.rpm
2352333d9dc21a41645b0f26ae47f6b3
corporate/3.0/RPMS/libgaim-remote0-devel-1.1.4-2.1.C30mdk.i586.rpm

e9d4f10f138cdb3af653f3bb13319f62
corporate/3.0/SRPMS/gaim-1.1.4-2.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
fa834d8d43b2cde15f94da06d228c704
x86_64/corporate/3.0/RPMS/gaim-1.1.4-2.1.C30mdk.x86_64.rpm
dd31e9bf2d7497ab5452df2c75194e1b
x86_64/corporate/3.0/RPMS/gaim-devel-1.1.4-2.1.C30mdk.x86_64.rpm

8283718b4bc5a9fa51655b2affed2136
x86_64/corporate/3.0/RPMS/gaim-perl-1.1.4-2.1.C30mdk.x86_64.rpm
11ecf0ed5491cf98f68d0a3224765e1e
x86_64/corporate/3.0/RPMS/gaim-tcl-1.1.4-2.1.C30mdk.x86_64.rpm
3c10e0b33ec75788c0a4ac97e8057c58
x86_64/corporate/3.0/RPMS/lib64gaim-remote0-1.1.4-2.1.C30mdk.x86_64.rpm

f1a2c0cf86d65ed2366d984bfe5104bc
x86_64/corporate/3.0/RPMS/lib64gaim-remote0-devel-1.1.4-2.1.C30mdk.x86_64.rpm

e9d4f10f138cdb3af653f3bb13319f62
x86_64/corporate/3.0/SRPMS/gaim-1.1.4-2.1.C30mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>

Mandrakelinux Security Update Advisory

Package name: curl
Advisory ID: MDKSA-2005:048
Date: March 4th, 2005
Affected versions: 10.0, 10.1, Corporate 3.0

Problem Description:

“infamous41md” discovered a buffer overflow vulnerability in
libcurl’s NTLM authorization base64 decoding. This could allow a
remote attacker using a prepared remote server to execute arbitrary
code as the user running curl.

The updated packages are patched to deal with these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490

Updated Packages:

Mandrakelinux 10.0:
5e359e1440af3150fff501af3337f8f6
10.0/RPMS/curl-7.11.0-2.1.100mdk.i586.rpm
ed2893b0a0cd269175cc8e27c2d04a06
10.0/RPMS/libcurl2-7.11.0-2.1.100mdk.i586.rpm
34d0da12d64d6f27d17fb0dd46676870
10.0/RPMS/libcurl2-devel-7.11.0-2.1.100mdk.i586.rpm
53b2ac18baa15810a7f0321d24bbdea8
10.0/SRPMS/curl-7.11.0-2.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
0386f15dd07dffdafcc74c8957a4dc00
amd64/10.0/RPMS/curl-7.11.0-2.1.100mdk.amd64.rpm
cb3ac9ad77a6e68e9f6d7bcdb8776bee
amd64/10.0/RPMS/lib64curl2-7.11.0-2.1.100mdk.amd64.rpm
b5118a34cf3436c68ba3c0081a2681af
amd64/10.0/RPMS/lib64curl2-devel-7.11.0-2.1.100mdk.amd64.rpm
53b2ac18baa15810a7f0321d24bbdea8
amd64/10.0/SRPMS/curl-7.11.0-2.1.100mdk.src.rpm

Mandrakelinux 10.1:
a9a5c3b2af793fbfdc4f897a01788f27
10.1/RPMS/curl-7.12.1-1.1.101mdk.i586.rpm
caad27287f1db33094ac2171e6cfa860
10.1/RPMS/libcurl3-7.12.1-1.1.101mdk.i586.rpm
61bea15f364b11ba85ee708b48f8fe6a
10.1/RPMS/libcurl3-devel-7.12.1-1.1.101mdk.i586.rpm
e140c850303eb14c12b318538f2266ce
10.1/SRPMS/curl-7.12.1-1.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
9cc7757d89a688c3464f1f95a260d0eb
x86_64/10.1/RPMS/curl-7.12.1-1.1.101mdk.x86_64.rpm
37ad8e8e677c36655b36be00d0243201
x86_64/10.1/RPMS/lib64curl3-7.12.1-1.1.101mdk.x86_64.rpm
1328bfd561b123d7c49fc68345910c24
x86_64/10.1/RPMS/lib64curl3-devel-7.12.1-1.1.101mdk.x86_64.rpm
e140c850303eb14c12b318538f2266ce
x86_64/10.1/SRPMS/curl-7.12.1-1.1.101mdk.src.rpm

Corporate 3.0:
f99dfd0c67f16bbe2e57869c3c3ca7ea
corporate/3.0/RPMS/curl-7.11.0-2.1.C30mdk.i586.rpm
07547b2c4a4dc7051db43fd968af591d
corporate/3.0/RPMS/libcurl2-7.11.0-2.1.C30mdk.i586.rpm
695e859f8cc2ec503188722b606854d4
corporate/3.0/RPMS/libcurl2-devel-7.11.0-2.1.C30mdk.i586.rpm
8766893d25c2fccefa90d32f9da6500e
corporate/3.0/SRPMS/curl-7.11.0-2.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
7ed8e6b6e1611c97c02b357482694a3c
x86_64/corporate/3.0/RPMS/curl-7.11.0-2.1.C30mdk.x86_64.rpm
ff8bd600e1229333e14d25f9323a462d
x86_64/corporate/3.0/RPMS/lib64curl2-7.11.0-2.1.C30mdk.x86_64.rpm

4c01c4a92bfeca71b818b723fd4752f4
x86_64/corporate/3.0/RPMS/lib64curl2-devel-7.11.0-2.1.C30mdk.x86_64.rpm

8766893d25c2fccefa90d32f9da6500e
x86_64/corporate/3.0/SRPMS/curl-7.11.0-2.1.C30mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>

thumbnail
Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Recommended for you...

Blog
A Thorough Approach to Improve the Privacy and Security of Your Linux PC
Damien
Oct 24, 2024
Blog
Several Russian Maintainers Removed From Linux Kernel Due To Compliance Concerns
Senthil Kumar
Oct 23, 2024
Blog
OpenSSH Splits Again: New Authentication Binary Unveiled
Bobby Borisov
Oct 16, 2024
Blog
13 Best Free and Open Source Anti-Malware Tools
webmaster
Oct 14, 2024
Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

facebook
linkedin
x

Company

Contact us

Categories

News IT Management Infrastructure Developer Security High Performance Storage Blog

Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information