Gentoo Linux
Gentoo Linux Security Advisory GLSA 200605-05
Severity: High
Title: rsync: Potential integer overflow
Date: May 06, 2006
Bugs: #131631
ID: 200605-05
Synopsis
An attacker having write access to an rsync module might be able
to execute arbitrary code on an rsync server.
Background
rsync is a server and client utility that provides fast
incremental file transfers. It is used to efficiently synchronize
files between hosts and is used by emerge to fetch Gentoo’s Portage
tree.
Affected packages
Package / Vulnerable / Unaffected
1 net-misc/rsync < 2.6.8 >= 2.6.8
Description
An integer overflow was found in the receive_xattr function from
the extended attributes patch (xattr.c) for rsync. The vulnerable
function is only present when the “acl” USE flag is set.
Impact
A remote attacker with write access to an rsync module could
craft malicious extended attributes which would trigger the integer
overflow, potentially resulting in the execution of arbitrary code
with the rights of the rsync daemon.
Workaround
Do not provide write access to an rsync module to untrusted
parties.
Resolution
All rsync users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/rsync-2.6.8"
References
[ 1 ] CVE-2006-2083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2083
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200605-05.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
Gentoo Linux Security Advisory GLSA 200605-06
Severity: Normal
Title: Mozilla Firefox: Potential remote code execution
Date: May 06, 2006
Bugs: #131138
ID: 200605-06
Synopsis
The Mozilla Firefox 1.5 line is vulnerable to a buffer overflow
in the JavaScript extension which may in theory lead to remote
execution of arbitrary code.
Background
Mozilla Firefox is the next-generation web browser from the
Mozilla project.
Affected packages
Package / Vulnerable / Unaffected
1 www-client/mozilla-firefox < 1.5.0.3 >= 1.5.0.3 < 1.5 2 www-client/mozilla-firefox-bin < 1.5.0.3 >= 1.5.0.3 < 1.5 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures.
Description
Martijn Wargers and Nick Mott discovered a vulnerability when
rendering malformed JavaScript content. The Mozilla Firefox 1.0
line is not affected.
Impact
If JavaScript is enabled, by tricking a user into visiting a
malicious web page which would send a specially crafted HTML script
that contains references to deleted objects with the “designMode”
property enabled, an attacker can crash the web browser and in
theory manage to execute arbitrary code with the rights of the user
running the browser.
Workaround
There is no known workaround at this time.
Resolution
All Mozilla Firefox 1.5 users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.3"
All Mozilla Firefox 1.5 binary users should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.3"
References
[ 1 ] CVE-2006-1993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1993
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200605-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
Mandriva Linux
Mandriva Linux Security Advisory MDKSA-2006:081-1
http://www.mandriva.com/security/
Package : xorg-x11
Date : May 4, 2006
Affected: 2006.0
Problem Description:
A problem was discovered in xorg-x11 where the X render
extension would mis-calculate the size of a buffer, leading to an
overflow that could possibly be exploited by clients of the X
server.
Update:
Rafael Bermudez noticed that the patch for 2006 was mis-applied.
This update resolves that issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1526
Updated Packages:
Mandriva Linux 2006.0:
fc3e3a6a825dd0ed259803f0ec585514
2006.0/RPMS/libxorg-x11-6.9.0-5.6.20060mdk.i586.rpm
d81df0a49bd2c7178e93229756009bfe
2006.0/RPMS/libxorg-x11-devel-6.9.0-5.6.20060mdk.i586.rpm
f48af91d6c0cac186af5459d7ab84aaf
2006.0/RPMS/libxorg-x11-static-devel-6.9.0-5.6.20060mdk.i586.rpm
61090a0da61aa8be2df3df679069fbcb
2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.6.20060mdk.i586.rpm
76a44a4b56266c1a3782c437fa1f879a
2006.0/RPMS/xorg-x11-6.9.0-5.6.20060mdk.i586.rpm
93c2772c76d3c862d97b2e5b020e30a3
2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.6.20060mdk.i586.rpm
e7e765f1477cb88637aae30fb50fe626
2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.6.20060mdk.i586.rpm
272c396e96c45676792a6a453c65e7a6
2006.0/RPMS/xorg-x11-doc-6.9.0-5.6.20060mdk.i586.rpm
f956116db27ef01ca1f1f73bd720149e
2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.6.20060mdk.i586.rpm
d13be66590a678292d640625d40fa923
2006.0/RPMS/xorg-x11-server-6.9.0-5.6.20060mdk.i586.rpm
d6bda749c3aecfd11e143bcf2450967e
2006.0/RPMS/xorg-x11-xauth-6.9.0-5.6.20060mdk.i586.rpm
b3f05df67c81766894fa4adc6c9744fd
2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.6.20060mdk.i586.rpm
13b62b9ca1e8405c5b7fd4204a206a4c
2006.0/RPMS/xorg-x11-xfs-6.9.0-5.6.20060mdk.i586.rpm
7258f0fa58ea03ebe26d72e8f039eb82
2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.6.20060mdk.i586.rpm
ae9801aa6faf4ab58cfaf8fc590a6133
2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.6.20060mdk.i586.rpm
509555c18dbdb0337bd1d00e72c7bfd6
2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.6.20060mdk.i586.rpm
e333b8894ec5d3fbca38c95741d95935
2006.0/SRPMS/xorg-x11-6.9.0-5.6.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
505ab1a243407f7397e208a29228dd89
x86_64/2006.0/RPMS/lib64xorg-x11-6.9.0-5.6.20060mdk.x86_64.rpm
4e50a1d049a699571c6b509700721557
x86_64/2006.0/RPMS/lib64xorg-x11-devel-6.9.0-5.6.20060mdk.x86_64.rpm
955c4dbfaafe890868f60f34bf088da9
x86_64/2006.0/RPMS/lib64xorg-x11-static-devel-6.9.0-5.6.20060mdk.x86_64.rpm
fc3e3a6a825dd0ed259803f0ec585514
x86_64/2006.0/RPMS/libxorg-x11-6.9.0-5.6.20060mdk.i586.rpm
d81df0a49bd2c7178e93229756009bfe
x86_64/2006.0/RPMS/libxorg-x11-devel-6.9.0-5.6.20060mdk.i586.rpm
f48af91d6c0cac186af5459d7ab84aaf
x86_64/2006.0/RPMS/libxorg-x11-static-devel-6.9.0-5.6.20060mdk.i586.rpm
c7b65a75d52abde5e3634078eb84842d
x86_64/2006.0/RPMS/X11R6-contrib-6.9.0-5.6.20060mdk.x86_64.rpm
caad39791829b2ef86bef852021c3490
x86_64/2006.0/RPMS/xorg-x11-100dpi-fonts-6.9.0-5.6.20060mdk.x86_64.rpm
d004173e376cd1fc441fb23d367fe597
x86_64/2006.0/RPMS/xorg-x11-6.9.0-5.6.20060mdk.x86_64.rpm
cd364f6c76eedfba39a10c4ddf81cfb0
x86_64/2006.0/RPMS/xorg-x11-75dpi-fonts-6.9.0-5.6.20060mdk.x86_64.rpm
1f6c50c0665c21a78b07d3440ffd43c2
x86_64/2006.0/RPMS/xorg-x11-cyrillic-fonts-6.9.0-5.6.20060mdk.x86_64.rpm
f135965f13fcc76d4ca07fa128bd7620
x86_64/2006.0/RPMS/xorg-x11-doc-6.9.0-5.6.20060mdk.x86_64.rpm
3304d60e7288911924951718c74afa30
x86_64/2006.0/RPMS/xorg-x11-glide-module-6.9.0-5.6.20060mdk.x86_64.rpm
2d73dbacee80e596f3dbdf0db8a5ffda
x86_64/2006.0/RPMS/xorg-x11-server-6.9.0-5.6.20060mdk.x86_64.rpm
8793a61a6824c7ad5c0c8bffe4ce8ee5
x86_64/2006.0/RPMS/xorg-x11-xauth-6.9.0-5.6.20060mdk.x86_64.rpm
674f714d7fa826c12fb0b59429718d1f
x86_64/2006.0/RPMS/xorg-x11-Xdmx-6.9.0-5.6.20060mdk.x86_64.rpm
a07559d45b7622c3c9b0eed36a6c1000
x86_64/2006.0/RPMS/xorg-x11-xfs-6.9.0-5.6.20060mdk.x86_64.rpm
87abf49419cc1417f56e45227034f7bf
x86_64/2006.0/RPMS/xorg-x11-Xnest-6.9.0-5.6.20060mdk.x86_64.rpm
fcfcded879d21656bfddb8ecb91b47e2
x86_64/2006.0/RPMS/xorg-x11-Xprt-6.9.0-5.6.20060mdk.x86_64.rpm
efaeb4f777b5372d55fd8d9128bb80b6
x86_64/2006.0/RPMS/xorg-x11-Xvfb-6.9.0-5.6.20060mdk.x86_64.rpm
e333b8894ec5d3fbca38c95741d95935
x86_64/2006.0/SRPMS/xorg-x11-6.9.0-5.6.20060mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Trustix Secure Linux
Trustix Secure Linux Security Advisory #2006-0024
Package names: clamav, cyrus-sasl, kernel, libtiff, rsync,
xorg-x11
Summary: Multiple vulnerabilities
Date: 2006-05-05
Affected versions: Trustix Secure Linux 2.2 Trustix Secure Linux
3.0 Trustix Operating System – Enterprise Server 2
Package description:
clamav
Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main
purpose of this software is the integration with mail servers
(attachment scanning). The package provides a flexible and scalable
multi-threaded daemon, a command line scanner, and a tool for
automatic updating via Internet. The programs are based on a shared
library distributed with package, which you can use with your own
software.
cyrus-sasl
The cyrus-sasl package contains the Cyrus implementation of SASL.
SASL is the Simple Authentication and Security Layer, a method for
adding authentication support to connection-based protocols.
kernel
The kernel package contains the Linux kernel (vmlinuz), the core of
your Trustix Secure Linux operating system. The kernel handles the
basic functions of the operating system: memory allocation, process
allocation, device input and output, etc.
libtiff
The libtiff package contains a library of functions for
manipulating TIFF (Tagged Image File Format) image format files.
TIFF is a widely used file format for bitmapped images. TIFF files
usually end in the .tif extension and they are often quite
large.
rsync
Rsync uses a quick and reliable algorithm to very quickly bring
remote and host files into sync. Rsync is fast because it just
sends the differences in the files over the network (instead of
sending the complete files). Rsync is often used as a very powerful
mirroring process or just as a more capable replacement for the rcp
command. A technical report which describes the rsync algorithm is
included in this package.
xorg-x11
X.org X11 is an open source implementation of the X Window System.
It provides the basic low level functionality which full fledged
graphical user interfaces (GUIs) such as GNOME and KDE are designed
upon.
Problem description:
clamav < TSL 3.0 > < TSL 2.2 >
- New Upstream.
- SECURITY Fix: A vulnerability has been reported in ClamAV
caused due to a boundary error within the HTTP client in the
Freshclam command line utility. This can be exploited to cause a
stack-based buffer overflow when the HTTP headers received from a
web server exceeds 8KB.The Common Vulnerabilities and Exposures project has assigned
the name CVE-2006-1989 this issue.
cyrus-sasl < TSL 3.0 > < TSL 2.2 > < TSEL 2
>
- SECURITY Fix: Mu Security has reported a vulnerability in Cyrus
SASL library, which can be exploited by malicious people to cause a
DoS. The vulnerability is caused due to an unspecified error during
DIGEST-MD5 negotiation.The Common Vulnerabilities and Exposures project has assigned
the name CVE-2006-1721 this issue.
kernel < TSL 3.0 >
- New Upstream.
- SECURITY Fix: A vulnerability has been reported in Linux
Kernel, which can be exploited by malicious people to cause a DoS
(Denial of Service). The vulnerability is caused due to missing
checks on SCTP chunk sizes in the SCTP-netfilter code and may
result in an infinite loop exhausting system resources. - Directory traversal vulnerability in CIFS which allows local
users to escape chroot restrictions for an SMB-mounted filesystem
via “..” sequences.The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names
CVE-2006-1527 and CVE-2006-1863 to these issues.
libtiff < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- SECURITY Fix: Tavis Ormandy has reported some vulnerabilities
in LibTIFF, which can be exploited by malicious people to cause a
DoS and potentially to compromise a user’s system. - Several unspecified errors in the “TIFFFetchAnyArray()”
function and in the cleanup functions can be exploited to crash an
application linked against LibTIFF when a specially crafted TIFF
image is processed. - Integer overflow in the TIFFFetchData function in tif_dirread.c
allows context-dependent attackers to cause a denial of service and
possibly execute arbitrary code via a crafted TIFF image. - A double free error in tif_jpeg.c within the setfield/getfield
methods in the cleanup functions can be exploited to crash an
application linked against LibTIFF and may allow arbitrary code
execution when a specially crafted TIFF image is processed. - The TIFFToRGB function in libtiff allows remote attackers to
cause a denial of service (crash) via a crafted TIFF image with
Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers
an out-of-bounds read.The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names
CVE-2006-2024, CVE-2006-2025, CVE-2006-2026 and CVE-2006-2120 these
issues.
rsync < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- New Upstream.
- SECURITY Fix: A vulnerability has been reported in rsync caused
due to an integer overflow error in the “receive_xattr()” function
within the xattrs.diff patch. This can be exploited to cause a
buffer overflow and may allow arbitrary code execution via
specially crafted extended attributes.The Common Vulnerabilities and Exposures project has assigned
the name CVE-2006-2083 this issue.
xorg-x11 < TSL 3.0 >
- SECURITY Fix: A buffer overflow in the XRender extension allows
any X.Org user to execute arbitrary code with elevated privileges.
A typo causes the code to mis-compute the size of memory
allocations in the XRenderCompositeTriStrip and
XRenderCompositeTriFan requests.The Common Vulnerabilities and Exposures project has assigned
the name CVE-2006-1526 this issue.
Action:
We recommend that all systems with this package installed be
upgraded. Please note that if you do not need the functionality
provided by this package, you may want to remove it from your
system.
Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers.
With focus on security and stability, the system is painlessly kept
safe and up to date from day one using swup, the automated software
updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using ‘swup –upgrade’.
Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.2/>
and
<URI:http://www.trustix.org/errata/trustix-3.0/>
or directly at
<URI:http://www.trustix.org/errata/2006/0024/>
MD5sums of the packages:
8f9fd0f2b05c574bf2f42841eb84bb05
3.0/rpms/clamav-0.88.2-1tr.i586.rpm
f018f1d168962aca4312c6fe17d2b133
3.0/rpms/clamav-devel-0.88.2-1tr.i586.rpm
975e9e4a862f0518d892aded818d870d
3.0/rpms/cyrus-sasl-2.1.20-15tr.i586.rpm
10484d9cfc683b883bdbb5b20a02681d
3.0/rpms/cyrus-sasl-devel-2.1.20-15tr.i586.rpm
ed57cdfd3c9b21d3ee244d4825a61fc0
3.0/rpms/cyrus-sasl-md5-2.1.20-15tr.i586.rpm
bb6bd68737f8e2fa31489b88ca6163bd
3.0/rpms/cyrus-sasl-otp-2.1.20-15tr.i586.rpm
393f554144e646017016f813bbcaaf06
3.0/rpms/cyrus-sasl-plain-2.1.20-15tr.i586.rpm
6422bf4c3007cad3a35e5c6eecb29889
3.0/rpms/cyrus-sasl-sql-2.1.20-15tr.i586.rpm
29f1fc6b4dd34e6efc0314b38874c1a4
3.0/rpms/cyrus-sasl-utils-2.1.20-15tr.i586.rpm
fc0f1ce0337ef359fddce5c48610574c
3.0/rpms/kernel-2.6.16.13-1tr.i586.rpm
128a17a5ee280460228ff973d044c2d6
3.0/rpms/kernel-doc-2.6.16.13-1tr.i586.rpm
40b294479e91c9a35e68ce9e2b1e300d
3.0/rpms/kernel-headers-2.6.16.13-1tr.i586.rpm
a82b83e463fab1f07f3c11fa56e86055
3.0/rpms/kernel-smp-2.6.16.13-1tr.i586.rpm
a78d4799876d39e0ce5b3cba16454f69
3.0/rpms/kernel-smp-headers-2.6.16.13-1tr.i586.rpm
9eb0e5c0c63288246a4816d79b8c7d55
3.0/rpms/kernel-source-2.6.16.13-1tr.i586.rpm
cdde0ae2d48aa534dbaf20c67eb2eca6
3.0/rpms/kernel-utils-2.6.16.13-1tr.i586.rpm
8dbc912920dda86e2f9d623f6f88c5af
3.0/rpms/libtiff-3.7.3-2tr.i586.rpm
8e9a0e6917f9529c3720a3dcb101fe2c
3.0/rpms/libtiff-devel-3.7.3-2tr.i586.rpm
abb3f9444f533b610873eeb22100f2f3
3.0/rpms/libtiff-docs-3.7.3-2tr.i586.rpm
fc3d971697486d9cba85f81e617120cd
3.0/rpms/rsync-2.6.8-1tr.i586.rpm
fc722769b558d7f4d22e00bb929a4f5b
3.0/rpms/rsync-server-2.6.8-1tr.i586.rpm
c48de68cf51aaa7e97b3bc7727bb83cc
3.0/rpms/xorg-x11-6.8.2-11tr.i586.rpm
5d8bff276211197de40e04f19046d00f
3.0/rpms/xorg-x11-devel-6.8.2-11tr.i586.rpm
3a346ecc4f058d0c5fd1936b4b8c7826
3.0/rpms/xorg-x11-doc-6.8.2-11tr.i586.rpm
038487208366b11b1064feb8af2700ed
3.0/rpms/xorg-x11-fonts-100dpi-6.8.2-11tr.i586.rpm
f5768dab5cb3017630804184e150435e
3.0/rpms/xorg-x11-fonts-6.8.2-11tr.i586.rpm
d873cb5592008211ec7047e1c32ee857
3.0/rpms/xorg-x11-fonts-75dpi-6.8.2-11tr.i586.rpm
87f9a7b00656d1ee91df99a09eb96791
3.0/rpms/xorg-x11-fonts-cid-6.8.2-11tr.i586.rpm
5781bca9e84dc2339e83610254a456c3
3.0/rpms/xorg-x11-fonts-cyrillic-6.8.2-11tr.i586.rpm
58d6470e0fb229c87d2073dc15c21726
3.0/rpms/xorg-x11-fonts-otf-6.8.2-11tr.i586.rpm
ab6be3f5dbc41b1ba945188aafe76ba5
3.0/rpms/xorg-x11-fonts-speedo-6.8.2-11tr.i586.rpm
6f87b1cf6e840b10b8710427722db3d2
3.0/rpms/xorg-x11-fonts-ttf-6.8.2-11tr.i586.rpm
cee4c07f06da1ecf68a802d0a4d68bea
3.0/rpms/xorg-x11-fonts-type1-6.8.2-11tr.i586.rpm
10944512010fbd199a864d00c3383615
3.0/rpms/xorg-x11-libs-6.8.2-11tr.i586.rpm
9ea9d3e411b25eee89af0d65ccdf0eb5
3.0/rpms/xorg-x11-sdk-6.8.2-11tr.i586.rpm
4ce128f09ab5a6aebc814a4a8389cd51
2.2/rpms/clamav-0.88.2-1tr.i586.rpm
7c29e1c6eab44f4380af89384e18ce67
2.2/rpms/clamav-devel-0.88.2-1tr.i586.rpm
251875bae4da0c8812f392645454afeb
2.2/rpms/cyrus-sasl-2.1.20-7tr.i586.rpm
94398d80360b5166a71adc02a700846b
2.2/rpms/cyrus-sasl-devel-2.1.20-7tr.i586.rpm
0c6fe11ab11c80df5725a738b8500eb2
2.2/rpms/cyrus-sasl-md5-2.1.20-7tr.i586.rpm
058d6dc0df428df3c1453df769428e9c
2.2/rpms/cyrus-sasl-otp-2.1.20-7tr.i586.rpm
30d784607cb89d03aaaa860e2ded2902
2.2/rpms/cyrus-sasl-plain-2.1.20-7tr.i586.rpm
0f794362b7795c05d75f2847bcf1245b
2.2/rpms/cyrus-sasl-sql-2.1.20-7tr.i586.rpm
0d064a6ff40a2ae53cd93bfd14dbe10c
2.2/rpms/cyrus-sasl-utils-2.1.20-7tr.i586.rpm
21f4458df3cc75524d89c0ca050d6860
2.2/rpms/libtiff-3.7.3-2tr.i586.rpm
cb29f7ab911871682000de6316b8ee01
2.2/rpms/libtiff-devel-3.7.3-2tr.i586.rpm
c2f1d749f54379f1a60202eb7e71e79e
2.2/rpms/rsync-2.6.8-1tr.i586.rpm
a2ed791cd851db257914372034f448be
2.2/rpms/rsync-server-2.6.8-1tr.i586.rpm
Trustix Security Team