Debian GNU/Linux
Debian Security Advisory DSA 988-1 [email protected]
http://www.debian.org/security/
Moritz Muehlenhoff
March 8th, 2006 http://www.debian.org/security/faq
Package : squirrelmail
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE IDs : CVE-2006-0377 CVE-2006-0195 CVE-2006-0188
Debian Bug : 354062 354063 354064 355424
Several vulnerabilities have been discovered in Squirrelmail, a
commonly used webmail system. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2006-0188
Martijn Brinkers and Ben Maurer found a flaw in webmail.php that
allows remote attackers to inject arbitrary web pages into the
right frame via a URL in the right_frame parameter.
CVE-2006-0195
Martijn Brinkers and Scott Hughes discovered an interpretation
conflict in the MagicHTML filter that allows remote attackers to
conduct cross-site scripting (XSS) attacks via style sheet
specifiers with invalid (1) “/*” and “*/” comments, or (2) slashes
inside the “url” keyword, which is processed by some web browsers
including Internet Explorer.
CVE-2006-0377
Vicente Aguilera of Internet Security Auditors, S.L. discovered
a CRLF injection vulnerability, which allows remote attackers to
inject arbitrary IMAP commands via newline characters in the
mailbox parameter of the sqimap_mailbox_select command, aka “IMAP
injection.” There’s no known way to exploit this yet.
For the old stable distribution (woody) these problems have been
fixed in version 1.2.6-5.
For the stable distribution (sarge) these problems have been
fixed in version 2:1.4.4-8.
For the unstable distribution (sid) these problems have been
fixed in version 2:1.4.6-1.
We recommend that you upgrade your squirrelmail package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-5.dsc
Size/MD5 checksum: 582
07fe8ca983ec4bf8a3355a91c79c9d78
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-5.diff.gz
Size/MD5 checksum: 24884
a65726611c8f71274582b353e309a9a1
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6.orig.tar.gz
Size/MD5 checksum: 1856087
be9e6be1de8d3dd818185d596b41a7f1
Architecture independent components:
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-5_all.deb
Size/MD5 checksum: 1841716
1d246bc2ffe2323e2503202bfc147d9c
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-8.dsc
Size/MD5 checksum: 678
140546ee9c0534419ddcaf3c7e632110
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-8.diff.gz
Size/MD5 checksum: 24654
15ddd8f4db234006a1ac290087640dfc
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4.orig.tar.gz
Size/MD5 checksum: 575871
f50548b6f4f24d28afb5e6048977f4da
Architecture independent components:
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-8_all.deb
Size/MD5 checksum: 570472
2087dcea05cd5e1c4033f15cf120761a
These files will probably be moved into the stable distribution
on its next update.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>
Fedora Legacy
Fedora Legacy Update Advisory
Synopsis: Updated XFree86 packages fix security issues
Advisory ID: FLSA:168264-1
Issue date: 2006-03-07
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-0605 CVE-2005-2495
1. Topic:
Updated XFree86 packages that fix security issues are now
available.
XFree86 is an open source implementation of the X Window System.
It provides the basic low-level functionality that full-fledged
graphical user interfaces (GUIs) such as GNOME and KDE are designed
upon.
2. Relevant releases/architectures:
Red Hat Linux 7.3 – i386
Red Hat Linux 9 – i386
Fedora Core 1 – i386
3. Problem description:
An integer overflow flaw was found in libXpm, which is used by
some applications for loading of XPM images. An attacker could
create a malicious XPM file that would execute arbitrary code if
opened by a victim using an application linked to the vulnerable
library. The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CVE-2005-0605 to this issue.
Several integer overflow bugs were found in the way XFree86
parses pixmap images. It is possible for a user to gain elevated
privileges by loading a specially crafted pixmap image. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CVE-2005-2495 to this issue.
Users of XFree86 should upgrade to these updated packages, which
contain backported patches and are not vulnerable to these
issues.
4. Solution:
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.
Please note that this update is also available via yum and apt.
Many people find this an easier way to apply updates. To use yum
issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that
you have yum or apt-get configured for obtaining Fedora Legacy
content. Please visit http://www.fedoralegacy.org/docs
for directions on how to configure yum and apt-get.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168264
6. RPMs required:
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/XFree86-4.2.1-16.73.31.legacy.src.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-doc-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-libs-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-twm-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-xdm-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-xfs-4.2.1-16.73.31.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/XFree86-Xvfb-4.2.1-16.73.31.legacy.i386.rpm
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/XFree86-4.3.0-2.90.61.legacy.src.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-devel-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-doc-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-libs-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-sdk-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-tools-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-twm-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-xauth-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-xdm-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-xfs-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-Xnest-4.3.0-2.90.61.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/XFree86-Xvfb-4.3.0-2.90.61.legacy.i386.rpm
Fedora Core 1:
SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/XFree86-4.3.0-60.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-100dpi-fonts-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-75dpi-fonts-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-base-fonts-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-devel-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-doc-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-font-utils-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-libs-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-libs-data-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-Mesa-libGL-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-Mesa-libGLU-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-sdk-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-syriac-fonts-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-tools-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-twm-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-xauth-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-xdm-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-xfs-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-Xnest-4.3.0-60.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/XFree86-Xvfb-4.3.0-60.legacy.i386.rpm
7. Verification:
SHA1 sum Package Name
0cbc1cb6499a8684d19f24cf111b4fea65ba92ae
redhat/7.3/updates/i386/XFree86-100dpi-fonts-4.2.1-16.73.31.legacy.i386.rpm
8c2025d75448c2f03b9bd2493cdc42f84741ba14
redhat/7.3/updates/i386/XFree86-4.2.1-16.73.31.legacy.i386.rpm
45d182c851d2d98fcf551ee5f4229ba76f7fe1ae
redhat/7.3/updates/i386/XFree86-75dpi-fonts-4.2.1-16.73.31.legacy.i386.rpm
57d848f52c35787175eb7556350cf6202a3acc9e
redhat/7.3/updates/i386/XFree86-base-fonts-4.2.1-16.73.31.legacy.i386.rpm
6b7e1499d32cea54eda46c7a23586edff860b01f
redhat/7.3/updates/i386/XFree86-cyrillic-fonts-4.2.1-16.73.31.legacy.i386.rpm
5ae4db073a051453c1ea05328ba611820c54ac6e
redhat/7.3/updates/i386/XFree86-devel-4.2.1-16.73.31.legacy.i386.rpm
8f5ddf6f2ffc17a706368dbdcd9f6880cf163eca
redhat/7.3/updates/i386/XFree86-doc-4.2.1-16.73.31.legacy.i386.rpm
e80034e10d2babcab44f449040556f1c62b9c65b
redhat/7.3/updates/i386/XFree86-font-utils-4.2.1-16.73.31.legacy.i386.rpm
67b6b5d8b00a4f53ad300bc07d5c35c6c023280f
redhat/7.3/updates/i386/XFree86-ISO8859-15-100dpi-fonts-4.2.1-16.73.31.legacy.i386.rpm
c25c85a92e2fb2e80fb9ee2c19b0cb017e92b065
redhat/7.3/updates/i386/XFree86-ISO8859-15-75dpi-fonts-4.2.1-16.73.31.legacy.i386.rpm
a54081ce435b2ed6695231f895e8cce95972027f
redhat/7.3/updates/i386/XFree86-ISO8859-2-100dpi-fonts-4.2.1-16.73.31.legacy.i386.rpm
ceb5c88c82123d553c09ed2dceb7395abf893dfc
redhat/7.3/updates/i386/XFree86-ISO8859-2-75dpi-fonts-4.2.1-16.73.31.legacy.i386.rpm
9d8a2d217d1161cd8e37187ab82826592fced64b
redhat/7.3/updates/i386/XFree86-ISO8859-9-100dpi-fonts-4.2.1-16.73.31.legacy.i386.rpm
7b7684a8bca628231f42d04aa545624052ebd59b
redhat/7.3/updates/i386/XFree86-ISO8859-9-75dpi-fonts-4.2.1-16.73.31.legacy.i386.rpm
dc04b533163d6a61471e2ce404bbce11e8a026de
redhat/7.3/updates/i386/XFree86-libs-4.2.1-16.73.31.legacy.i386.rpm
58388c03cb94a1b74c4e65246a21b364e3e9bec0
redhat/7.3/updates/i386/XFree86-tools-4.2.1-16.73.31.legacy.i386.rpm
23d5801937faf0b0033db434d4713719bf13992f
redhat/7.3/updates/i386/XFree86-truetype-fonts-4.2.1-16.73.31.legacy.i386.rpm
ea0187127b7e4177c7d1653fe65c86d1b95f2dd9
redhat/7.3/updates/i386/XFree86-twm-4.2.1-16.73.31.legacy.i386.rpm
05d935b6e8e5b2dcc443556a3f15522aaa054278
redhat/7.3/updates/i386/XFree86-xdm-4.2.1-16.73.31.legacy.i386.rpm
7ec5886f06e93eac890fd5c47ed96b811b218b17
redhat/7.3/updates/i386/XFree86-xf86cfg-4.2.1-16.73.31.legacy.i386.rpm
cd5d813aa22857cea4ea75179befad39e643559d
redhat/7.3/updates/i386/XFree86-xfs-4.2.1-16.73.31.legacy.i386.rpm
53f7b20ad43180b4b860974a867030c484656b23
redhat/7.3/updates/i386/XFree86-Xnest-4.2.1-16.73.31.legacy.i386.rpm
e0629ed131499721c4384630364fa34a4338614f
redhat/7.3/updates/i386/XFree86-Xvfb-4.2.1-16.73.31.legacy.i386.rpm
f28c45eafb4b035d7fa814ed8b23c1270aea4d0b
redhat/7.3/updates/SRPMS/XFree86-4.2.1-16.73.31.legacy.src.rpm
fb1a1f39a9372aa0147c508eb5d4db52d581a1cc
redhat/9/updates/i386/XFree86-100dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
562913cdf6f7237b852062d1c6fd8f1a03482f9f
redhat/9/updates/i386/XFree86-4.3.0-2.90.61.legacy.i386.rpm
a0a44151d9c0c7b73e2b266b3c81f4e5cd2ba712
redhat/9/updates/i386/XFree86-75dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
0b6ae5bf6ea0938feadc805890c1b46b5de98870
redhat/9/updates/i386/XFree86-base-fonts-4.3.0-2.90.61.legacy.i386.rpm
6e06fe3b0262230d005020b9176a0601f8fe17fd
redhat/9/updates/i386/XFree86-cyrillic-fonts-4.3.0-2.90.61.legacy.i386.rpm
75ec411aeaa191642774ff3d6b2da778849fff86
redhat/9/updates/i386/XFree86-devel-4.3.0-2.90.61.legacy.i386.rpm
9ca5fb3e139559593e1d3b243c03fd660ebf1bde
redhat/9/updates/i386/XFree86-doc-4.3.0-2.90.61.legacy.i386.rpm
77f4f6d9d41c8ae72ca152fa8c5d856dd0d14acb
redhat/9/updates/i386/XFree86-font-utils-4.3.0-2.90.61.legacy.i386.rpm
8a3282947adcb55f210534fa7930a2caf35ee31b
redhat/9/updates/i386/XFree86-ISO8859-14-100dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
00e356bf12d218e3cf4cfd16cbdbb3bb6c1f4ff6
redhat/9/updates/i386/XFree86-ISO8859-14-75dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
ffa1bfa1925f88314a916835609d2567593fee7d
redhat/9/updates/i386/XFree86-ISO8859-15-100dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
73ccf11e207edc656b4bb7dfce08ed804290ef4b
redhat/9/updates/i386/XFree86-ISO8859-15-75dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
38b67c16ea8b8191edb4b3df890d017b4c498397
redhat/9/updates/i386/XFree86-ISO8859-2-100dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
ec33602ea178f0c9b3133f5224c7230f373a19ff
redhat/9/updates/i386/XFree86-ISO8859-2-75dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
b47fb63d7c9dfbe83846a8c016a4e62725d8fad4
redhat/9/updates/i386/XFree86-ISO8859-9-100dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
b9c0e2552ccd4ce1f2cdd3494d38d956cd0e8c52
redhat/9/updates/i386/XFree86-ISO8859-9-75dpi-fonts-4.3.0-2.90.61.legacy.i386.rpm
f34539d0acccb62d0c39eda5d8e2f69677594505
redhat/9/updates/i386/XFree86-libs-4.3.0-2.90.61.legacy.i386.rpm
44c71e911bcbc53bf2692bdb4fa39d05b69777ec
redhat/9/updates/i386/XFree86-libs-data-4.3.0-2.90.61.legacy.i386.rpm
b65547fc07ae1c1880cbfb2905dbc61a3e97f7d3
redhat/9/updates/i386/XFree86-Mesa-libGL-4.3.0-2.90.61.legacy.i386.rpm
537c5f4aacb6eedd2c508ab2968f013396e52a76
redhat/9/updates/i386/XFree86-Mesa-libGLU-4.3.0-2.90.61.legacy.i386.rpm
2b4c1d714eec3c66cb5b01539ee8d179b49ffcc1
redhat/9/updates/i386/XFree86-sdk-4.3.0-2.90.61.legacy.i386.rpm
97b8aa8cf0cfcb6af5e594819d98486b32f9c965
redhat/9/updates/i386/XFree86-syriac-fonts-4.3.0-2.90.61.legacy.i386.rpm
7898a7ae919e67e4cfe63fd3121d815710240bf0
redhat/9/updates/i386/XFree86-tools-4.3.0-2.90.61.legacy.i386.rpm
d8b6e93b6c4fa6c0563bf9bc4f82b1e4828c9b30
redhat/9/updates/i386/XFree86-truetype-fonts-4.3.0-2.90.61.legacy.i386.rpm
3fdf5b8877cef9d337ae13deff0c72fdea156291
redhat/9/updates/i386/XFree86-twm-4.3.0-2.90.61.legacy.i386.rpm
612a4e120fcd790c5e8a3481e0cadd76fddb1cc7
redhat/9/updates/i386/XFree86-xauth-4.3.0-2.90.61.legacy.i386.rpm
6ceb66f35332408b2a19474533285b3d0fc17c9d
redhat/9/updates/i386/XFree86-xdm-4.3.0-2.90.61.legacy.i386.rpm
174dcc7e757da7175b270ff34f8ce9c4efd9563e
redhat/9/updates/i386/XFree86-xfs-4.3.0-2.90.61.legacy.i386.rpm
22b32e9c6460e4a52704f43d78675f0cdcce8291
redhat/9/updates/i386/XFree86-Xnest-4.3.0-2.90.61.legacy.i386.rpm
ec25c9cb7a1bff4eccd503fedd3b49862d9c2405
redhat/9/updates/i386/XFree86-Xvfb-4.3.0-2.90.61.legacy.i386.rpm
84bbfb5f2fa13f20d465a0a552041526cb26bc3b
redhat/9/updates/SRPMS/XFree86-4.3.0-2.90.61.legacy.src.rpm
2a09c30f05a126480d06220affc808bed0ccd831
fedora/1/updates/i386/XFree86-100dpi-fonts-4.3.0-60.legacy.i386.rpm
d168ebb164d69f9fa0edd668a27e50a4e43ea2dd
fedora/1/updates/i386/XFree86-4.3.0-60.legacy.i386.rpm
e6ab23ec2e99a2d6dcbfed6a073402d88e796563
fedora/1/updates/i386/XFree86-75dpi-fonts-4.3.0-60.legacy.i386.rpm
5573af42869b10f104a52ac6fa5221e4c125cd46
fedora/1/updates/i386/XFree86-base-fonts-4.3.0-60.legacy.i386.rpm
0ae445a93ae5b573b2afb72441a712ac858c002e
fedora/1/updates/i386/XFree86-cyrillic-fonts-4.3.0-60.legacy.i386.rpm
c453822bd9aa5cdd6d7497bf7e629928a0424ebb
fedora/1/updates/i386/XFree86-devel-4.3.0-60.legacy.i386.rpm
b8768066b3f60ae86ab32559748c33590ae58b61
fedora/1/updates/i386/XFree86-doc-4.3.0-60.legacy.i386.rpm
142309e5f990556c9789bbe8e5b29e7b99ce9131
fedora/1/updates/i386/XFree86-font-utils-4.3.0-60.legacy.i386.rpm
02f4ffe56217dac4c263317c754be2221f11c2b1
fedora/1/updates/i386/XFree86-ISO8859-14-100dpi-fonts-4.3.0-60.legacy.i386.rpm
f5a98a73fcdc0ff03e2b24ed9b8e147c85e55487
fedora/1/updates/i386/XFree86-ISO8859-14-75dpi-fonts-4.3.0-60.legacy.i386.rpm
7d833db16f028ff40d6ee67e04c03e7bb351a0fd
fedora/1/updates/i386/XFree86-ISO8859-15-100dpi-fonts-4.3.0-60.legacy.i386.rpm
318f747bcdbd0be642d3fe1d52382772dec56634
fedora/1/updates/i386/XFree86-ISO8859-15-75dpi-fonts-4.3.0-60.legacy.i386.rpm
38395a9806da0e234d74b7c1e6e3dbed5d525726
fedora/1/updates/i386/XFree86-ISO8859-2-100dpi-fonts-4.3.0-60.legacy.i386.rpm
507cc1c515c2fe3f901704153819bcc62c133b46
fedora/1/updates/i386/XFree86-ISO8859-2-75dpi-fonts-4.3.0-60.legacy.i386.rpm
e5a19310f393f5fde53a72a7fa3d522e227bc7e7
fedora/1/updates/i386/XFree86-ISO8859-9-100dpi-fonts-4.3.0-60.legacy.i386.rpm
f65b8b8da1484ce2dd20737cc0279865ab5fdbd8
fedora/1/updates/i386/XFree86-ISO8859-9-75dpi-fonts-4.3.0-60.legacy.i386.rpm
1bbdad4b6bd3117c6495d7c3bdef3da6bcb9ab0b
fedora/1/updates/i386/XFree86-libs-4.3.0-60.legacy.i386.rpm
8a55ec0a7a0564c3cd3f4263b6cc8e4ed151ba8e
fedora/1/updates/i386/XFree86-libs-data-4.3.0-60.legacy.i386.rpm
c9eb4e6054d2159b1ff28a5ce52b640a4e9b0359
fedora/1/updates/i386/XFree86-Mesa-libGL-4.3.0-60.legacy.i386.rpm
5e9c2f7390b7200e573a77bd9051ec36eb67621f
fedora/1/updates/i386/XFree86-Mesa-libGLU-4.3.0-60.legacy.i386.rpm
9cde04ebb5610324b158a9ae2b5f0d04d56ed7cb
fedora/1/updates/i386/XFree86-sdk-4.3.0-60.legacy.i386.rpm
339d8521270468753b9db696306acd64cb8bbab1
fedora/1/updates/i386/XFree86-syriac-fonts-4.3.0-60.legacy.i386.rpm
c011244e0b99ce7d3929c3ad6958f409de1f6139
fedora/1/updates/i386/XFree86-tools-4.3.0-60.legacy.i386.rpm
36ba1b374ee3fae3b65712e2cd2a6b1e131524a5
fedora/1/updates/i386/XFree86-truetype-fonts-4.3.0-60.legacy.i386.rpm
36f807093616e0615f4a70dc46ebd91b256ce8d2
fedora/1/updates/i386/XFree86-twm-4.3.0-60.legacy.i386.rpm
5f82fea2f05c74f2433ebc6bc2e4db188ad9e7d2
fedora/1/updates/i386/XFree86-xauth-4.3.0-60.legacy.i386.rpm
2b5768e46ce851b22564cc3b824d0987d027b8d1
fedora/1/updates/i386/XFree86-xdm-4.3.0-60.legacy.i386.rpm
c11d8de359322a543e8876163581bc38fa06b954
fedora/1/updates/i386/XFree86-xfs-4.3.0-60.legacy.i386.rpm
a3b20af14a192aa110f0fe247d7c6d0478cebd98
fedora/1/updates/i386/XFree86-Xnest-4.3.0-60.legacy.i386.rpm
ba4f2c18b58be48594a48eafc97564d31aec0286
fedora/1/updates/i386/XFree86-Xvfb-4.3.0-60.legacy.i386.rpm
d1fe795457c17ae1348c63e859414623d8fd5c02
fedora/1/updates/SRPMS/XFree86-4.3.0-60.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our
key is available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm –checksig -v <filename>
If you only wish to verify that each package has not been
corrupted or tampered with, examine only the sha1sum with the
following command:
sha1sum <filename>
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2495
9. Contact:
The Fedora Legacy security contact is <[email protected]>.
More project details at http://www.fedoralegacy.org
Fedora Legacy Update Advisory
Synopsis: Updated X.org packages fix security issue
Advisory ID: FLSA:168264-2
Issue date: 2006-03-07
Product: Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-2495
1. Topic:
Updated X.org packages that fix a security issue are now
available.
X.org is an open source implementation of the X Window System.
It provides the basic low-level functionality that full-fledged
graphical user interfaces (GUIs) such as GNOME and KDE are designed
upon.
2. Relevant releases/architectures:
Fedora Core 2 – i386
3. Problem description:
Several integer overflow bugs were found in the way X.org parses
pixmap images. It is possible for a user to gain elevated
privileges by loading a specially crafted pixmap image. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CVE-2005-2495 to this issue.
Users of X.org should upgrade to these updated packages, which
contain a backported patch and are not vulnerable to this
issue.
4. Solution:
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.
Please note that this update is also available via yum and apt.
Many people find this an easier way to apply updates. To use yum
issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that
you have yum or apt-get configured for obtaining Fedora Legacy
content. Please visit http://www.fedoralegacy.org/docs
for directions on how to configure yum and apt-get.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168264
6. RPMs required:
Fedora Core 2:
SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/xorg-x11-6.7.0-14.1.legacy.src.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-devel-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-doc-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-libs-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-libs-data-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-sdk-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-tools-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-twm-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-xauth-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-xdm-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-xfs-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-Xnest-6.7.0-14.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/xorg-x11-Xvfb-6.7.0-14.1.legacy.i386.rpm
7. Verification:
SHA1 sum Package Name
fb2e8bbd5c2f1132d19ee20bd773be9d3179db9d
fedora/2/updates/i386/xorg-x11-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm
02ff368c88f7907764b2da5e385f2e079f3849cd
fedora/2/updates/i386/xorg-x11-6.7.0-14.1.legacy.i386.rpm
c81dda89910ea896c7070eab733df161dba54a39
fedora/2/updates/i386/xorg-x11-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm
501f87e1196be0a33d95f0d52ead826677a34f22
fedora/2/updates/i386/xorg-x11-base-fonts-6.7.0-14.1.legacy.i386.rpm
1e0c6b43d3965b5e7d2d049bbc790d9a8c73a7d0
fedora/2/updates/i386/xorg-x11-cyrillic-fonts-6.7.0-14.1.legacy.i386.rpm
82eb2326f5b8494f96761e6092e34056e700a809
fedora/2/updates/i386/xorg-x11-devel-6.7.0-14.1.legacy.i386.rpm
c0d1461ddb2c070cdabddf6b3ebccc34ec66d3ef
fedora/2/updates/i386/xorg-x11-doc-6.7.0-14.1.legacy.i386.rpm
3f6382954c75e22ab177abbe1707140feea0170d
fedora/2/updates/i386/xorg-x11-font-utils-6.7.0-14.1.legacy.i386.rpm
6f0c373860e9d64c5efea95e77d3e6d5872dacc0
fedora/2/updates/i386/xorg-x11-ISO8859-14-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm
c861aa4032a4f169929f225d46e798f5e0f18890
fedora/2/updates/i386/xorg-x11-ISO8859-14-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm
83eb270f4395c14edd17cc55a1d78965e5f602e8
fedora/2/updates/i386/xorg-x11-ISO8859-15-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm
a99b042654bd86640eea6e7e1b76bda402d49b85
fedora/2/updates/i386/xorg-x11-ISO8859-15-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm
52b7c9ff7e29265605c4bb1d08a735b279287fc5
fedora/2/updates/i386/xorg-x11-ISO8859-2-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm
4e3900230a90728563f1173c8af82af2272dec03
fedora/2/updates/i386/xorg-x11-ISO8859-2-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm
5091477dffb64324caae7d3d558882ab73e26609
fedora/2/updates/i386/xorg-x11-ISO8859-9-100dpi-fonts-6.7.0-14.1.legacy.i386.rpm
9ef03f7f4355a5e1d3f19f71d597e541cad3e831
fedora/2/updates/i386/xorg-x11-ISO8859-9-75dpi-fonts-6.7.0-14.1.legacy.i386.rpm
f1ea8740e9802ad98b194284e8afb3eee8e1106d
fedora/2/updates/i386/xorg-x11-libs-6.7.0-14.1.legacy.i386.rpm
222037711ead385d31fac145142c10c9c93f8c51
fedora/2/updates/i386/xorg-x11-libs-data-6.7.0-14.1.legacy.i386.rpm
c21a7c11d52eaabe8bae5145e270c5301fcf8c17
fedora/2/updates/i386/xorg-x11-Mesa-libGL-6.7.0-14.1.legacy.i386.rpm
3314b29f2bc32e4ccd837b7973fc07847d073df0
fedora/2/updates/i386/xorg-x11-Mesa-libGLU-6.7.0-14.1.legacy.i386.rpm
3eac8219f4e3753644511090657ddc513a75c0c8
fedora/2/updates/i386/xorg-x11-sdk-6.7.0-14.1.legacy.i386.rpm
f99d01e683755302d4ed5ea8a03f09b4828b7ea0
fedora/2/updates/i386/xorg-x11-syriac-fonts-6.7.0-14.1.legacy.i386.rpm
d265d17e698e8d2e3a40c9b8519fe70cd01a1ca2
fedora/2/updates/i386/xorg-x11-tools-6.7.0-14.1.legacy.i386.rpm
ff8ff747514e3b9bf7945aac37ed19ab00293fbd
fedora/2/updates/i386/xorg-x11-truetype-fonts-6.7.0-14.1.legacy.i386.rpm
e6141cfe3188c556c6e8ba54eba44d5e8645f09b
fedora/2/updates/i386/xorg-x11-twm-6.7.0-14.1.legacy.i386.rpm
05fc596a5a8956e8fcbd1ac788bbba855e87fbba
fedora/2/updates/i386/xorg-x11-xauth-6.7.0-14.1.legacy.i386.rpm
70b47f7e0e944ef7402437135a044209cba064ae
fedora/2/updates/i386/xorg-x11-xdm-6.7.0-14.1.legacy.i386.rpm
f6b74e278a54a2477bbda52155daad7787721a81
fedora/2/updates/i386/xorg-x11-xfs-6.7.0-14.1.legacy.i386.rpm
c362a7d289c0c8d56ad63f0364e879819185871f
fedora/2/updates/i386/xorg-x11-Xnest-6.7.0-14.1.legacy.i386.rpm
fd3251aec6f906005c34d5a6e3324e38a0dcc510
fedora/2/updates/i386/xorg-x11-Xvfb-6.7.0-14.1.legacy.i386.rpm
af4f7aea4c1b550d1a0389c0f3213bc6c74d87e6
fedora/2/updates/SRPMS/xorg-x11-6.7.0-14.1.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our
key is available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm –checksig -v <filename>
If you only wish to verify that each package has not been
corrupted or tampered with, examine only the sha1sum with the
following command:
sha1sum <filename>
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2495
9. Contact:
The Fedora Legacy security contact is <[email protected]>.
More project details at http://www.fedoralegacy.org
Fedora Legacy Update Advisory
Synopsis: Updated pcre packages fix a security issue
Advisory ID: FLSA:168516
Issue date: 2006-03-07
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-2491
1. Topic:
Updated pcre packages are now available to correct a security
issue.
PCRE is a Perl-compatible regular expression library.
2. Relevant releases/architectures:
Red Hat Linux 7.3 – i386
Red Hat Linux 9 – i386
Fedora Core 1 – i386
Fedora Core 2 – i386
3. Problem description:
An integer overflow flaw was found in PCRE, triggered by a
maliciously crafted regular expression. On systems that accept
arbitrary regular expressions from untrusted users, this could be
exploited to execute arbitrary code with the privileges of the
application using the library. The Common Vulnerabilities and
Exposures project assigned the name CVE-2005-2491 to this
issue.
Users should update to these erratum packages that contain a
backported patch to correct this issue.
4. Solution:
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.
Please note that this update is also available via yum and apt.
Many people find this an easier way to apply updates. To use yum
issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that
you have yum or apt-get configured for obtaining Fedora Legacy
content. Please visit http://www.fedoralegacy.org/docs
for directions on how to configure yum and apt-get.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168516
6. RPMs required:
Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/pcre-3.9-2.1.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/pcre-3.9-2.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/pcre-devel-3.9-2.1.legacy.i386.rpm
Red Hat Linux 9:
SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/pcre-3.9-10.1.legacy.src.rpm
i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/pcre-3.9-10.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/pcre-devel-3.9-10.1.legacy.i386.rpm
Fedora Core 1:
SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/pcre-4.4-1.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/pcre-4.4-1.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/pcre-devel-4.4-1.2.legacy.i386.rpm
Fedora Core 2:
SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/pcre-4.5-2.2.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/pcre-4.5-2.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/pcre-devel-4.5-2.2.legacy.i386.rpm
7. Verification:
SHA1 sum Package Name
9b641aa989639c706065bafc146d34bb6e282a22
redhat/7.3/updates/i386/pcre-3.9-2.1.legacy.i386.rpm
7d8b094083c7a85991d194d6741a0a664204a19d
redhat/7.3/updates/i386/pcre-devel-3.9-2.1.legacy.i386.rpm
9a49145385042483532254fb5d05fae6c3f252f3
redhat/7.3/updates/SRPMS/pcre-3.9-2.1.legacy.src.rpm
d876a7f4cdb3a936b2f72fb629fae928d3db6e96
redhat/9/updates/i386/pcre-3.9-10.1.legacy.i386.rpm
9e516b5e44944b25a47171b15c0229423b10f99d
redhat/9/updates/i386/pcre-devel-3.9-10.1.legacy.i386.rpm
55de51292b97aacbad6c375b4ad8578561ac5fe3
redhat/9/updates/SRPMS/pcre-3.9-10.1.legacy.src.rpm
4edc206f1e0fc0c3df459b6f8de289f27417974b
fedora/1/updates/i386/pcre-4.4-1.2.legacy.i386.rpm
0fcc5801dc238bb1fac0d59b8403e6cdcc72f126
fedora/1/updates/i386/pcre-devel-4.4-1.2.legacy.i386.rpm
57b3a2c5c2bb3435d3c7971daf29c665fb2c1687
fedora/1/updates/SRPMS/pcre-4.4-1.2.legacy.src.rpm
bff4b330e8c9a76262020c7ddb2b48f71bf01788
fedora/2/updates/i386/pcre-4.5-2.2.legacy.i386.rpm
8354926500e18905dd94dddc1e6bf44cd236df68
fedora/2/updates/i386/pcre-devel-4.5-2.2.legacy.i386.rpm
9f43e7d484412d93734dfe4b08f87d2ef133100a
fedora/2/updates/SRPMS/pcre-4.5-2.2.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our
key is available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm –checksig -v <filename>
If you only wish to verify that each package has not been
corrupted or tampered with, examine only the sha1sum with the
following command:
sha1sum <filename>
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491
9. Contact: