Debian GNU/Linux
Debian Security Advisory DSA 1186-1 [email protected]
http://www.debian.org/security/
Moritz Muehlenhoff
September 30th, 2006 http://www.debian.org/security/faq
Package : cscope
Vulnerability : buffer overflows
Problem-Type : local(remote)
Debian-specific: no
CVE ID : CVE-2006-4262
Debian Bug : 385893
Will Drewry of the Google Security Team discovered several
buffer overflows in cscope, a source browsing tool, which might
lead to the execution of arbitrary code.
For the stable distribution (sarge) this problem has been fixed
in version cscope_15.5-1.1sarge2.
For the unstable distribution (sid) this problem has been fixed
in version 15.5+cvs20060902-1.
We recommend that you upgrade your cscope package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2.dsc
Size/MD5 checksum: 597
288d126f1a8e75401bec5758d21fca6e
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2.diff.gz
Size/MD5 checksum: 22685
efce07e2dbfdba7329ec88a143c811ad
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5.orig.tar.gz
Size/MD5 checksum: 243793
beb6032a301bb11524aec74bfb5e4840
Alpha architecture:
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_alpha.deb
Size/MD5 checksum: 164514
0a49e059085c6b7935d19ade91441abf
AMD64 architecture:
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_amd64.deb
Size/MD5 checksum: 152934
a10ede3f65739ef21806fd2eb139c572
ARM architecture:
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_arm.deb
Size/MD5 checksum: 147224
05f695127f6fcc7a934a4835c18d215c
HP Precision architecture:
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_hppa.deb
Size/MD5 checksum: 158482
faf5225195dcb6b89fb22711ff45547e
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_i386.deb
Size/MD5 checksum: 143350
94dda40490e976fb3ba9a7aac7ea92d7
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_ia64.deb
Size/MD5 checksum: 181116
52a1b55bcaa05bfe5731e53c14316620
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_m68k.deb
Size/MD5 checksum: 140118
762aebb7ffbdee7c6787c750b53cd02e
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_mips.deb
Size/MD5 checksum: 157354
87e2ffcf7dc6ebc10523391b29e1ab27
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_mipsel.deb
Size/MD5 checksum: 155750
a566cbfcd6689dca81b8730148f59965
PowerPC architecture:
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_powerpc.deb
Size/MD5 checksum: 154680
2a959a398cff553b7a7c51ce554b516e
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_s390.deb
Size/MD5 checksum: 154500
6dd06b7d5ba9b119a1daf0f23fc65d79
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_sparc.deb
Size/MD5 checksum: 148314
585ad5bb0f6e591e7f54ce8c147d1cfb
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 1187-1 [email protected]
http://www.debian.org/security/
Moritz Muehlenhoff
September 30th, 2006 http://www.debian.org/security/faq
Package : migrationtools
Vulnerability : insecure temporary files
Problem-Type : local
Debian-specific: no
CVE ID : CVE-2006-0512
Debian Bug : 338920
Jason Hoover discovered that migrationtools, a collection of
scripts to migrate user data to LDAP creates several temporary
files insecurely, which might lead to denial of service through a
symlink attack.
For the stable distribution (sarge) this problem has been fixed
in version 46-1sarge1.
For the unstable distribution (sid) this problem has been fixed
in version 46-2.1.
We recommend that you upgrade your migrationtools package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/m/migrationtools/migrationtools_46-1sarge1.dsc
Size/MD5 checksum: 612
5a355cf02190e34db6b1ce980451f834
http://security.debian.org/pool/updates/main/m/migrationtools/migrationtools_46-1sarge1.diff.gz
Size/MD5 checksum: 7507
9ac40aa23b34c01679b706fe8cd2805f
http://security.debian.org/pool/updates/main/m/migrationtools/migrationtools_46.orig.tar.gz
Size/MD5 checksum: 21069
dc80548f76d6aeba2b51b15751e08b21
Architecture independent components:
http://security.debian.org/pool/updates/main/m/migrationtools/migrationtools_46-1sarge1_all.deb
Size/MD5 checksum: 23284
762bca33fb8b2bf74efabe0735a490b8
These files will probably be moved into the stable distribution
on its next update.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>
rPath Linux
rPath Security Advisory: 2006-0175-2
Published: 2006-09-28
Updated:
2006-09-29 Resolved issue in patch for CVE-2006-2940 Products:
rPath Linux 1
Rating: Major
Exposure Level Classification: Remote Deterministic Unauthorized
Access
Updated Versions:
openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1
openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.5-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
http://issues.rpath.com/browse/RPL-613
Description:
Previous versions of the openssl package are vulnerable to
multiple attacks. Three of the vulnerabilities are denials of
service, but the other is a buffer overflow that is expected to
create remote unauthorized access vulnerabilities in other
applications. In particular, any connection that the mysql daemon
will accept may be vulnerable. In the default configuration of
mysql, that would be a local unauthorized access vulnerability, but
mysql can be configured to listen for network connections from
remote hosts, which would then enable remote unauthorized access.
Any program that calls the SSL_get_shared_ciphers() function may be
vulnerable.
29 September 2006 Update: The initial fix for this vulnerability
was incomplete, and the fault in the fix could enable a Denial of
Service attack in some cases of the attack described in
CVE-2006-2940.
rPath Security Advisory: 2006-0176-1
Published: 2006-09-29
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification: Local Deterministic Privilege
Escalation
Updated Versions:
openldap=/conary.rpath.com@rpl:devel//1/2.2.26-8.4-1
openldap-clients=/conary.rpath.com@rpl:devel//1/2.2.26-8.4-1
openldap-servers=/conary.rpath.com@rpl:devel//1/2.2.26-8.4-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4600
https://issues.rpath.com/browse/RPL-667
Description:
Previous versions of the openldap package contain a slapd daemon
which allows remote authenticated users with selfwrite Access
Control List (ACL) privileges to modify arbitrary Distinguished
Names (DN), a privilege escalation vulnerability.
Slackware Linux
[slackware-security] openssl (SSA:2006-272-01)
New openssl packages are available for Slackware 9.0, 9.1, 10.0,
10.1, 10.2, and -current to fix security issues.
More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
Here are the details from the Slackware 10.2 ChangeLog:
+————————–+
patches/packages/openssl-0.9.7l-i486-1_slack10.2.tgz:
Upgraded to shared libraries from openssl-0.9.7l.
See openssl package update below.
(* Security fix *)
patches/packages/openssl-0.9.7l-i486-1_slack10.2.tgz:
Upgraded to openssl-0.9.7l.
This fixes a few security related issues:
During the parsing of certain invalid ASN.1 structures an error
condition is mishandled. This can result in an infinite loop which
consumes system memory (CVE-2006-2937). (This issue did not affect
OpenSSL versions prior to 0.9.7)
Thanks to Dr S. N. Henson of Open Network Security and NISCC.
Certain types of public key can take disproportionate amounts of
time to process. This could be used by an attacker in a denial of
service attack (CVE-2006-2940).
Thanks to Dr S. N. Henson of Open Network Security and NISCC. A
buffer overflow was discovered in the SSL_get_shared_ciphers()
utility function. An attacker could send a list of ciphers to an
application that uses this function and overrun a buffer.
(CVE-2006-3738)
Thanks to Tavis Ormandy and Will Drewry of the Google Security
Team. A flaw in the SSLv2 client code was discovered. When a client
application used OpenSSL to create an SSLv2 connection to a
malicious server, that server could cause the client to crash
(CVE-2006-4343). Thanks to Tavis Ormandy and Will Drewry of the
Google Security Team. Links to the CVE entries will be found
here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
(* Security fix *)
+————————–+
Where to find the new packages:
HINT: Getting slow download speeds from ftp ftp.slackware.com? Give slackware.osuosl.org/ a try. This
is another primary FTP site for Slackware that can be considerably
faster than downloading from ftp.slackware.com/.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating
additional FTP and rsync hosting to the Slackware project! 🙂
Also see the “Get Slack” section on http://slackware.com for additional
mirror sites near you.
Updated packages for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssl-solibs-0.9.7l-i386-1_slack9.0.tgz
Updated packages for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssl-solibs-0.9.7l-i486-1_slack9.1.tgz
Updated packages for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/openssl-solibs-0.9.7l-i486-1_slack10.0.tgz
Updated packages for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/openssl-solibs-0.9.7l-i486-1_slack10.1.tgz
Updated packages for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/openssl-solibs-0.9.7l-i486-1_slack10.2.tgz
Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-0.9.8d-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-0.9.8d-i486-1.tgz
MD5 signatures:
Slackware 9.0 packages:
3b17c8be79ca99cb16321d2675f2885d
openssl-0.9.7l-i386-1_slack9.0.tgz
a7cb86681f01b57f7bff49842b393a67
openssl-solibs-0.9.7l-i386-1_slack9.0.tgz
Slackware 9.1 packages:
f222c26925ce542a25a93df674e8106c
openssl-0.9.7l-i486-1_slack9.1.tgz
fca221391f0b591373b6e38f1d732d63
openssl-solibs-0.9.7l-i486-1_slack9.1.tgz
Slackware 10.0 packages:
a1013cef56210154a2259c5135f1d047
openssl-0.9.7l-i486-1_slack10.0.tgz
35c40208e50ca4bcd7e7e16ce5db1526
openssl-solibs-0.9.7l-i486-1_slack10.0.tgz
Slackware 10.1 packages:
6c87f5baca8855cd07031824b747fe80
openssl-0.9.7l-i486-1_slack10.1.tgz
3ae63bd5b7178f880e8ed5a3af602b50
openssl-solibs-0.9.7l-i486-1_slack10.1.tgz
Slackware 10.2 packages:
a97c874a4bf6dc4ca6a4617966108a45
openssl-0.9.7l-i486-1_slack10.2.tgz
06b462fad82d28af4fba3f35f2ed25a1
openssl-solibs-0.9.7l-i486-1_slack10.2.tgz
Slackware -current package:
88264ebbe45eb908c2d3f3f32c367cf6
openssl-solibs-0.9.8d-i486-1.tgz
9f9d2d98fefd5cbd9334cfa374934efa openssl-0.9.8d-i486-1.tgz
Installation instructions:
Upgrade the packages as root:
# upgradepkg openssl-solibs-0.9.7l-i486-1_slack10.2.tgz
openssl-0.9.7l-i486-1_slack10.2.tgz
+—–+
Slackware Linux Security Team
http://slackware.com/gpg-key
[email protected]
[slackware-security] openssh (SSA:2006-272-02)
New openssh packages are available for Slackware 8.1, 9.0, 9.1,
10.0, 10.1, 10.2, and -current to fix security issues.
More details about these issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052
Here are the details from the Slackware 10.2 ChangeLog:
+————————–+
patches/packages/openssh-4.4p1-i486-1_slack10.2.tgz:
Upgraded to openssh-4.4p1.
This fixes a few security related issues. From the release notes
found at http://www.openssh.com/txt/release-4.4:
- Fix a pre-authentication denial of service found by Tavis
Ormandy, that would cause sshd(8) to spin until the login grace
time expired. - Fix an unsafe signal hander reported by Mark Dowd. The signal
handler was vulnerable to a race condition that could be exploited
to perform a pre-authentication denial of service. On portable
OpenSSH, this vulnerability could theoretically lead to
pre-authentication remote code execution if GSSAPI authentication
is enabled, but the likelihood of successful exploitation appears
remote. - On portable OpenSSH, fix a GSSAPI authentication abort that
could be used to determine the validity of usernames on some
platforms.
Links to the CVE entries will be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052
After this upgrade, make sure the permissions on /etc/rc.d/rc.sshd
are set the way you want them. Future upgrades will respect the
existing permissions settings. Thanks to Manuel Reimer for pointing
out that upgrading openssh would enable a previously disabled sshd
daemon.
Do better checking of passwd, shadow, and group to avoid adding
redundant entries to these files. Thanks to Menno Duursma.
(* Security fix *)
+————————–+
Where to find the new packages:
HINT: Getting slow download speeds from ftp ftp.slackware.com? Give slackware.osuosl.org/ a try. This
is another primary FTP site for Slackware that can be considerably
faster than downloading from ftp.slackware.com/.
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating
additional FTP and rsync hosting to the Slackware project! 🙂
Also see the “Get Slack” section on http://slackware.com for additional
mirror sites near you.
Updated package for Slackware 8.1:
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/openssh-4.4p1-i386-1_slack8.1.tgz
Updated package for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/openssh-4.4p1-i386-1_slack9.0.tgz
Updated package for Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/openssh-4.4p1-i486-1_slack9.1.tgz
Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/openssh-4.4p1-i486-1_slack10.0.tgz
Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/openssh-4.4p1-i486-1_slack10.1.tgz
Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/openssh-4.4p1-i486-1_slack10.2.tgz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssh-4.4p1-i486-1.tgz
MD5 signatures:
Slackware 8.1 package:
0a42fb286fd722f019dfc5f167d69ced
openssh-4.4p1-i386-1_slack8.1.tgz
Slackware 9.0 package:
92563664845d902251d7b19254b3dda1
openssh-4.4p1-i386-1_slack9.0.tgz
Slackware 9.1 package:
5814a00eefa0b1e1fe7673862525788e
openssh-4.4p1-i486-1_slack9.1.tgz
Slackware 10.0 package:
24ce8b2013b8759a173e5ccd7db54289
openssh-4.4p1-i486-1_slack10.0.tgz
Slackware 10.1 package:
e7950e6a357871092514ce07051f055e
openssh-4.4p1-i486-1_slack10.1.tgz
Slackware 10.2 package:
b8d2d67276a662de40d6adf9bfe00bce
openssh-4.4p1-i486-1_slack10.2.tgz
Slackware -current package:
6f2c30b503db9685180af6f4a87eadcc openssh-4.4p1-i486-1.tgz
Installation instructions:
Upgrade the package as root:
# upgradepkg openssh-4.4p1-i486-1_slack10.2.tgz
If you are running an sshd daemon, restart it:
sh /etc/rc.d/rc.sshd restart
+—–+
Slackware Linux Security Team
http://slackware.com/gpg-key
[email protected]
Trustix Secure Linux
Trustix Secure Linux Security Advisory #2006-0054
Package names: openssh, openssl
Summary: Multiple vulnerabilities
Date: 2006-09-29
Affected versions: Trustix Secure Linux 2.2 Trustix Secure Linux
3.0 Trustix Operating System – Enterprise Server 2
Package description:
openssh
Ssh (Secure Shell) is a program for logging into a remote machine
and for executing commands in a remote machine. It is intended to
replace rlogin and rsh, and provide secure encrypted communications
between two untrusted hosts over an insecure network. X11
connections and arbitrary TCP/IP ports can also be forwarded over
the secure channel.
openssl
A C library that provides various crytographic algorithms and
protocols, including DES, RC4, RSA, and SSL. Includes shared
libraries.
Problem description:
openssh < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- New Upstream.
- SECURITY Fix: Tavis Ormandy of Google Security Team has
reported a vulnerability in OpenSSH, which can be exploited by
malicious people to cause a DoS. If ssh protocol 1 is enabled, this
can be exploited to cause a DoS due to CPU consumption by sending
specially crafted ssh packets.
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names
CVE-2006-4924 to this issue.
openssl < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- New Upstream.
- SECURITY Fix: Dr. S. N. Henson has discovered vulnerabilities
in OpenSSL which could be exploited by attackers to cause denial of
service. - During the parsing of certain invalid ASN.1 structures an error
condition is mishandled. This can result in an infinite loop which
consumes system memory. - Certain types of public key can take disproportionate amounts
of time to process. This could be used by an attacker in a denial
of service attack. - Tavis Ormandy and Will Drewry of the Google Security Team has
discovered the following two vulnerabilities in OpenSSL : - Fix buffer overflow in SSL_get_shared_ciphers() utility
function which could allow an attacker to send a list of ciphers to
an application that uses it and overrun a buffer. - A flaw in the SSLv2 client code was discovered. When a client
application used OpenSSL to create an SSLv2 connection to a
malicious server, that server could cause the client to crash.
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names
CVE-2006-2937, CVE-2006-2940, CVE-2006-3738 and CVE-2006-4343 to
these issues.
Action:
We recommend that all systems with this package installed be
upgraded. Please note that if you do not need the functionality
provided by this package, you may want to remove it from your
system.
Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers.
With focus on security and stability, the system is painlessly kept
safe and up to date from day one using swup, the automated software
updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using ‘swup –upgrade’.
Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.2/>
and
<URI:http://www.trustix.org/errata/trustix-3.0/>
or directly at
<URI:http://www.trustix.org/errata/2006/0054/>
MD5sums of the packages:
a5faf9779658846330be8773282dee9a
3.0/rpms/openssh-4.4p1-1tr.i586.rpm
ea107d839fe1fd92a95cc36617f867d1
3.0/rpms/openssh-clients-4.4p1-1tr.i586.rpm
eb6af35b4723fdf43e4a5d503fb81eac
3.0/rpms/openssh-server-4.4p1-1tr.i586.rpm
67b5e440f4084a4b13c7d09616825c28
3.0/rpms/openssh-server-config-4.4p1-1tr.i586.rpm
95b5a4684f0a369b0608fd8cc1498689
3.0/rpms/openssl-0.9.7l-1tr.i586.rpm
4c91ef39f6e6fcf4c5f6a115ed303dc6
3.0/rpms/openssl-devel-0.9.7l-1tr.i586.rpm
4fa743c599b1360261331fbc5ac952fb
3.0/rpms/openssl-support-0.9.7l-1tr.i586.rpm
d015c23204973ef4faf7a2eda3b7cb18
2.2/rpms/openssh-4.4p1-1tr.i586.rpm
99a628780c247c3e41b3935bf00191d8
2.2/rpms/openssh-clients-4.4p1-1tr.i586.rpm
c5edde90178f272bc02eff144e5b09e7
2.2/rpms/openssh-server-4.4p1-1tr.i586.rpm
d3e5fe47d1b5f029759e91b7a546418a
2.2/rpms/openssh-server-config-4.4p1-1tr.i586.rpm
6dae40c79d72bb1ea9cd6070fcb23406
2.2/rpms/openssl-0.9.7e-8tr.i586.rpm
5bf290097a23b03d6722bd0f87ce521f
2.2/rpms/openssl-devel-0.9.7e-8tr.i586.rpm
1c2549f24bad413591c1c641191f4596
2.2/rpms/openssl-python-0.9.7e-8tr.i586.rpm
564b7888352bd078a0cfa6e7705b9b24
2.2/rpms/openssl-support-0.9.7e-8tr.i586.rpm
Trustix Security Team