Advisories: September 7, 2006

Debian GNU/Linux

Debian Security Advisory DSA 1171-1 [email protected]
http://www.debian.org/security/
Moritz Muehlenhoff
September 7th, 2006 http://www.debian.org/security/faq

Package : ethereal
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-4333 CVE-2005-3241 CVE-2005-3242 CVE-2005-3243
CVE-2005-3244 CVE-2005-3246 CVE-2005-3248
Debian Bug : 384528 334880

Several remote vulnerabilities have been discovered in the
Ethereal network scanner, which may lead to the execution of
arbitrary code. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2006-4333

It was discovered that the Q.2391 dissector is vulnerable to
denial of service caused by memory exhaustion.

CVE-2005-3241

It was discovered that the FC-FCS, RSVP and ISIS-LSP dissectors
are vulnerable to denial of service caused by memory
exhaustion.

CVE-2005-3242

It was discovered that the IrDA and SMB dissectors are
vulnerable to denial of service caused by memory corruption.

CVE-2005-3243

It was discovered that the SLIMP3 and AgentX dissectors are
vulnerable to code injection caused by buffer overflows.

CVE-2005-3244

It was discovered that the BER dissector is vulnerable to denial
of service caused by an infinite loop.

CVE-2005-3246

It was discovered that the NCP and RTnet dissectors are
vulnerable to denial of service caused by a null pointer
dereference.

CVE-2005-3248

It was discovered that the X11 dissector is vulnerable denial of
service caused by a division through zero.

This update also fixes a 64 bit-specific regression in the ASN.1
decoder, which has been introduced in a previous DSA.

For the stable distribution (sarge) these problems have been
fixed in version 0.10.10-2sarge8.

For the unstable distribution (sid) these problems have been
fixed in version 0.99.2-5.1 of wireshark, the network sniffer
formerly known as ethereal.

We recommend that you upgrade your ethereal packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Stable updates are available for alpha, amd64, arm, hppa, i386,
ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8.dsc

Size/MD5 checksum: 855
159309d848ffa90cb5ae336582a8e7d4
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz

Size/MD5 checksum: 7411510
e6b74468412c17bb66cd459bfb61471c
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8.diff.gz

Size/MD5 checksum: 177921
ee1ce43eb48106f1fc0b75bc9ff3c241

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_alpha.deb

Size/MD5 checksum: 5476146
cf5b01f923e68a3f07d0080ef69f2b57
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_alpha.deb

Size/MD5 checksum: 154566
615069b5905d6c2aec9a357eb0dd1306
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_alpha.deb

Size/MD5 checksum: 106250
cfe9461049fc5e1997d68cbd1a6d6b78
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_alpha.deb

Size/MD5 checksum: 543034
5c9eaadae44224a002902c4196847aa0

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_amd64.deb

Size/MD5 checksum: 154556
67cfc697c120e54c489e1552b1a58b6e
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_amd64.deb

Size/MD5 checksum: 99542
09093de7c28ec1741106dac694ffcae3
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_amd64.deb

Size/MD5 checksum: 486502
addeab1c3d70537c088574f9f68e6e6d
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_amd64.deb

Size/MD5 checksum: 5334616
1700b3e18c2b45594cbb80ef2ea58019

arm architecture (ARM)

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_arm.deb

Size/MD5 checksum: 95616
39dbfe3ac08048f95b19d74c644b780c
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_arm.deb

Size/MD5 checksum: 154596
209d45b3ebf7ba313bb7db0c00a095bd
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_arm.deb

Size/MD5 checksum: 472996
5f0d04db811734c1f1c8c814c93ceaaa
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_arm.deb

Size/MD5 checksum: 4687892
5b2737d93a7e3673630e96744f648b51

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_hppa.deb

Size/MD5 checksum: 5787290
f36dc8ae6a78acb2d6a8fa71b18af9cc
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_hppa.deb

Size/MD5 checksum: 154576
5ce456fee2af8fb5b4f19d786166faf6
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_hppa.deb

Size/MD5 checksum: 489292
71832119d10ab77eb4547840cf7d3504
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_hppa.deb

Size/MD5 checksum: 98452
94aae2f351900a65edfddcae9e880bf6

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_i386.deb

Size/MD5 checksum: 443646
f830051bf5920e2999a8ef9bab332ed2
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_i386.deb

Size/MD5 checksum: 4529156
4f6c8ec5448ea7b6aa826fce639a5781
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_i386.deb

Size/MD5 checksum: 90878
45f09d9fe820e537fd9e140fbe86de07
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_i386.deb

Size/MD5 checksum: 154556
a1a78549f0981eb9aa0f77fdd9ce612b

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_ia64.deb

Size/MD5 checksum: 6630098
82fc3ba6dd822ee192c2050dc6f38dcf
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_ia64.deb

Size/MD5 checksum: 674420
9b84646b4f81e1c9415656768f6dc687
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_ia64.deb

Size/MD5 checksum: 129156
c3deca896916d3a3d1c1065f5e2717c8
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_ia64.deb

Size/MD5 checksum: 154554
e8a6435b4e1287af4ebfe3cb606c74af

m68k architecture (Motorola Mc680x0)

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_m68k.deb

Size/MD5 checksum: 90904
ab21fa89ad4a12f8e0c579872a1c07c4
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_m68k.deb

Size/MD5 checksum: 154614
b384ae036ab5c2b85f62af368b689a04
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_m68k.deb

Size/MD5 checksum: 447752
6a8378ecb8337071ef8b1199529700be
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_m68k.deb

Size/MD5 checksum: 5565186
647220c660fd8546c9ca4a18e9d7a792

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_mips.deb

Size/MD5 checksum: 154572
434928f40a6b3e4bf2d7dce6beb72edb
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_mips.deb

Size/MD5 checksum: 94736
4eb62077c31de2ac2ec10a760199b9eb
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_mips.deb

Size/MD5 checksum: 4723218
9c827aab812bef7a58d5429ee8287d74
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_mips.deb

Size/MD5 checksum: 462746
fa7d8236f1407836dcc601317afa8df2

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_mipsel.deb

Size/MD5 checksum: 94650
7f64290882d7c8c579818fdc1c7e215b
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_mipsel.deb

Size/MD5 checksum: 154584
934dc675944e857216c72fc29ec46a55
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_mipsel.deb

Size/MD5 checksum: 458030
487ea6f3a1fd7620b4ae33f4d5e8c8c3
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_mipsel.deb

Size/MD5 checksum: 4460700
e0062d687a84b9782e645b0d72cbb248

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_powerpc.deb

Size/MD5 checksum: 455716
a203882270b251513b2269b688d59256
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_powerpc.deb

Size/MD5 checksum: 5068470
7976f110d32b6bb83c00afa49fd75493
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_powerpc.deb

Size/MD5 checksum: 154570
7622c3b6ca781d622cb305e9a485f447
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_powerpc.deb

Size/MD5 checksum: 94320
5e5391b1f1dc2bc4992582930e28f2a3

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_s390.deb

Size/MD5 checksum: 5621642
092cf076ce4e6fd479ea09fdb14d6e87
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_s390.deb

Size/MD5 checksum: 154566
f3dae98783c87fb3ff088be62608aef7
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_s390.deb

Size/MD5 checksum: 479662
e4b854e30aa801eb67a33d1077eb1e9b
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_s390.deb

Size/MD5 checksum: 99904
0516f4694b47ae4637b09e82d321eecc

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_sparc.deb

Size/MD5 checksum: 5130234
44a97eeb06a2d82bbbcfba2712700792
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_sparc.deb

Size/MD5 checksum: 93828
4f44e9be92792058641044db66993758
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_sparc.deb

Size/MD5 checksum: 465390
42670783f2750c3d5f426fe76bd17696
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_sparc.deb

Size/MD5 checksum: 154566
6f25990f50443c48e802e29881ddc3ff

These files will probably be moved into the stable distribution
on its next update.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: [email protected]

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200609-05

http://security.gentoo.org/

Severity: Normal
Title: OpenSSL, AMD64 x86 emulation base libraries: RSA signature
forgery
Date: September 07, 2006
Bugs: #146375, #146438
ID: 200609-05

Synopsis

OpenSSL fails to properly validate PKCS #1 v1.5 signatures.

Background

OpenSSL is a toolkit implementing the Secure Sockets Layer,
Transport Layer Security protocols and a general-purpose
cryptography library. The x86 emulation base libraries for AMD64
contain a vulnerable version of OpenSSL.

Affected packages

     Package                  /  Vulnerable  /              Unaffected



  1  openssl                      < 0.9.7k                   >= 0.9.7k
  2  emul-x86-linux-baselibs       < 2.5.2                    >= 2.5.2
    -------------------------------------------------------------------
     # Package 2 [app-emulation/emul-x86-linux-baselibs] only applies
       to AMD64 users.

     NOTE: Any packages listed without architecture tags apply to all
           architectures...
    -------------------------------------------------------------------
     2 affected packages

Description

Daniel Bleichenbacher discovered that it might be possible to
forge signatures signed by RSA keys with the exponent of 3.

Impact

Since several CAs are using an exponent of 3 it might be
possible for an attacker to create a key with a false CA
signature.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7k"

All AMD64 x86 emulation base libraries users should upgrade to
the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-emulation/emul-x86-linux-baselibs-2.5.2"

References

[ 1 ] CVE-2006-4339

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200609-05.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2006:161
http://www.mandriva.com/security/

Package : openssl
Date : September 6, 2006
Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0

Problem Description:

Daniel Bleichenbacher recently described an attack on PKCS #1
v1.5 signatures where an RSA key with a small exponent used could
be vulnerable to forgery of a PKCS #1 v1.5 signature signed by that
key.

Any software using OpenSSL to verify X.509 certificates is
potentially vulnerable to this issue, as well as any other use of
PKCS #1 v1.5, including software uses OpenSSL for SSL or TLS.

Updated packages are patched to address this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339

http://www.openssl.org/news/secadv_20060905.txt

Updated Packages:

Mandriva Linux 2006.0:
8c5769bf04f65ba4c871556156e83a24
2006.0/RPMS/libopenssl0.9.7-0.9.7g-2.3.20060mdk.i586.rpm
f4f595e10bc3ca3f075847ac25e5d78b
2006.0/RPMS/libopenssl0.9.7-devel-0.9.7g-2.3.20060mdk.i586.rpm
448ca33d2bf74e29650a72c4324ee26d
2006.0/RPMS/libopenssl0.9.7-static-devel-0.9.7g-2.3.20060mdk.i586.rpm

1d084addaaed6cf3933e21a59c831f37
2006.0/RPMS/openssl-0.9.7g-2.3.20060mdk.i586.rpm
fffdadefbb4571005a0c48495eb9c112
2006.0/SRPMS/openssl-0.9.7g-2.3.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
c62f2df7b05b041498f0b8e335265d4f
x86_64/2006.0/RPMS/lib64openssl0.9.7-0.9.7g-2.3.20060mdk.x86_64.rpm

3a113e1603e4827ef5ce2cc3e6fd30a8
x86_64/2006.0/RPMS/lib64openssl0.9.7-devel-0.9.7g-2.3.20060mdk.x86_64.rpm

b991400c2bc6c2f1886ed8163fc64c46
x86_64/2006.0/RPMS/lib64openssl0.9.7-static-devel-0.9.7g-2.3.20060mdk.x86_64.rpm

a1bec4a4d34fb73ea5fcd72e22a4f291
x86_64/2006.0/RPMS/openssl-0.9.7g-2.3.20060mdk.x86_64.rpm
fffdadefbb4571005a0c48495eb9c112
x86_64/2006.0/SRPMS/openssl-0.9.7g-2.3.20060mdk.src.rpm

Corporate 3.0:
89b73fa8deec7e2b87b2dc29ad854420
corporate/3.0/RPMS/libopenssl0.9.7-0.9.7c-3.5.C30mdk.i586.rpm
fad4d18975f6eba4b0534fe8b1237512
corporate/3.0/RPMS/libopenssl0.9.7-devel-0.9.7c-3.5.C30mdk.i586.rpm

3755fdc390b94c4fd3e3ccbb69e27fa4
corporate/3.0/RPMS/libopenssl0.9.7-static-devel-0.9.7c-3.5.C30mdk.i586.rpm

f1cbc11423cc40e1421b781638f1910d
corporate/3.0/RPMS/openssl-0.9.7c-3.5.C30mdk.i586.rpm
2ecc834f99eceafe3567e8ed0e9277e3
corporate/3.0/SRPMS/openssl-0.9.7c-3.5.C30mdk.src.rpm

Corporate 3.0/X86_64:
f65a08626dcc23531a30f009ca6a8b52
x86_64/corporate/3.0/RPMS/lib64openssl0.9.7-0.9.7c-3.5.C30mdk.x86_64.rpm

67ac445d3ad9c1e2d19f4da624e6091f
x86_64/corporate/3.0/RPMS/lib64openssl0.9.7-devel-0.9.7c-3.5.C30mdk.x86_64.rpm

70b179ba036cad4bd59d79716dd0af41
x86_64/corporate/3.0/RPMS/lib64openssl0.9.7-static-devel-0.9.7c-3.5.C30mdk.x86_64.rpm

133be57ba3ba96ca84a2d09cf661ddb8
x86_64/corporate/3.0/RPMS/openssl-0.9.7c-3.5.C30mdk.x86_64.rpm
2ecc834f99eceafe3567e8ed0e9277e3
x86_64/corporate/3.0/SRPMS/openssl-0.9.7c-3.5.C30mdk.src.rpm

Multi Network Firewall 2.0:
9c361b601f34404e9d5809a726005303
mnf/2.0/RPMS/libopenssl0.9.7-0.9.7c-3.5.M20mdk.i586.rpm
aae1f0dcdb8c3f41c417f3f4cc823363
mnf/2.0/RPMS/libopenssl0.9.7-devel-0.9.7c-3.5.M20mdk.i586.rpm
d71945758cd4cab08bba725bc7086181
mnf/2.0/RPMS/libopenssl0.9.7-static-devel-0.9.7c-3.5.M20mdk.i586.rpm

1584f0ecda9e2a57a1c8f848e8422049
mnf/2.0/RPMS/openssl-0.9.7c-3.5.M20mdk.i586.rpm
efe79e9da865fdae6fa4d1bf377fb27e
mnf/2.0/SRPMS/openssl-0.9.7c-3.5.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2006:162
http://www.mandriva.com/security/

Package : php
Date : September 7, 2006
Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0

Problem Description:

The (1) file_exists and (2) imap_reopen functions in PHP before
5.1.5 do not check for the safe_mode and open_basedir settings,
which allows local users to bypass the settings
(CVE-2006-4481).

Buffer overflow in the LWZReadByte function in
ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5
allows remote attackers to have an unknown impact via a GIF file
with input_code_size greater than MAX_LWZ_BITS, which triggers an
overflow when initializing the table array (CVE-2006-4484).

The stripos function in PHP before 5.1.5 has unknown impact and
attack vectors related to an out-of-bounds read
(CVE-2006-4485).

CVE-2006-4485 does not affect the Corporate3 or MNF2 versions of
PHP.

Updated packages have been patched to correct these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4481

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4484

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4485

Updated Packages:

Mandriva Linux 2006.0:
146279492bdd9a03694778e265582d65
2006.0/RPMS/libphp5_common5-5.0.4-9.14.20060mdk.i586.rpm
ca99a7740c1b47df847a56cbb25a8e80
2006.0/RPMS/php-cgi-5.0.4-9.14.20060mdk.i586.rpm
665f72c14d5c2d485047c8c288946227
2006.0/RPMS/php-cli-5.0.4-9.14.20060mdk.i586.rpm
ddb6f8354c06c2f7bd78823dc846b2b5
2006.0/RPMS/php-devel-5.0.4-9.14.20060mdk.i586.rpm
a8ba6ed38bb91aa170882a2c0ad32e32
2006.0/RPMS/php-fcgi-5.0.4-9.14.20060mdk.i586.rpm
ddc3fc12907892012c0db9df119edaab
2006.0/RPMS/php-imap-5.0.4-2.4.20060mdk.i586.rpm
7231862a27ba9135e9cfcce3c455af3a
2006.0/SRPMS/php-5.0.4-9.14.20060mdk.src.rpm
69d5c165b33b00454cc56b27bb21eba7
2006.0/SRPMS/php-imap-5.0.4-2.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
4ba33ec1fd91fdad05aaffb2d8dc766a
x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.14.20060mdk.x86_64.rpm

023e44a6bc50c5edaa3abfe85a888ec3
x86_64/2006.0/RPMS/php-cgi-5.0.4-9.14.20060mdk.x86_64.rpm
29e82f10dba8da27a73e57df3ffc198b
x86_64/2006.0/RPMS/php-cli-5.0.4-9.14.20060mdk.x86_64.rpm
69fd9d2282d1bc50c19078f8537e4084
x86_64/2006.0/RPMS/php-devel-5.0.4-9.14.20060mdk.x86_64.rpm
a849151feb32d3bcca9f5d175289fce5
x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.14.20060mdk.x86_64.rpm
1551e3c19dde54eaa19dabe5fe8a31db
x86_64/2006.0/RPMS/php-imap-5.0.4-2.4.20060mdk.x86_64.rpm
7231862a27ba9135e9cfcce3c455af3a
x86_64/2006.0/SRPMS/php-5.0.4-9.14.20060mdk.src.rpm
69d5c165b33b00454cc56b27bb21eba7
x86_64/2006.0/SRPMS/php-imap-5.0.4-2.4.20060mdk.src.rpm

Corporate 3.0:
3eb436590e289bc53b5bf6560ba04b02
corporate/3.0/RPMS/libphp_common432-4.3.4-4.20.C30mdk.i586.rpm
25e55ccb44fe52f3a2dbbded0463c344
corporate/3.0/RPMS/php432-devel-4.3.4-4.20.C30mdk.i586.rpm
b970a8c32bc44c3736173d90dc251141
corporate/3.0/RPMS/php-cgi-4.3.4-4.20.C30mdk.i586.rpm
90098a78f8376e8abc5cad6d6eab75f9
corporate/3.0/RPMS/php-cli-4.3.4-4.20.C30mdk.i586.rpm
65ec1dc0a8da743bbc8c31b02b2e0463
corporate/3.0/RPMS/php-gd-4.3.4-1.4.C30mdk.i586.rpm
f301535d5f0f4eab5b0d6a1d9b231ef8
corporate/3.0/RPMS/php-imap-4.3.4-1.4.C30mdk.i586.rpm
e7eb6f56b39b5c72b3a2dbb602ab8d46
corporate/3.0/SRPMS/php-4.3.4-4.20.C30mdk.src.rpm
55da5f48aa9e2851b88377d436fc154b
corporate/3.0/SRPMS/php-gd-4.3.4-1.4.C30mdk.src.rpm
3133219ccf7cd83aec8f03823b6bcf48
corporate/3.0/SRPMS/php-imap-4.3.4-1.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
c5213371e2b3ff49c18bcb7eea366b86
x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.20.C30mdk.x86_64.rpm

48206012e77a6949d36188f3b2743afc
x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.20.C30mdk.x86_64.rpm

e37a90b7ba3b52fce6bbecd6ec8960bf
x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.20.C30mdk.x86_64.rpm
24ce234e4d366125e4a13ca5ac2d0bf6
x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.20.C30mdk.x86_64.rpm
60dd687ca2f9fc7b1aa8717533d1ed81
x86_64/corporate/3.0/RPMS/php-gd-4.3.4-1.4.C30mdk.x86_64.rpm
86ff3c6e121b52fd6a092c7f8e35885c
x86_64/corporate/3.0/RPMS/php-imap-4.3.4-1.4.C30mdk.x86_64.rpm
e7eb6f56b39b5c72b3a2dbb602ab8d46
x86_64/corporate/3.0/SRPMS/php-4.3.4-4.20.C30mdk.src.rpm
55da5f48aa9e2851b88377d436fc154b
x86_64/corporate/3.0/SRPMS/php-gd-4.3.4-1.4.C30mdk.src.rpm
3133219ccf7cd83aec8f03823b6bcf48
x86_64/corporate/3.0/SRPMS/php-imap-4.3.4-1.4.C30mdk.src.rpm

Multi Network Firewall 2.0:
90ed06dbf0316651afc4d8990477ca7d
mnf/2.0/RPMS/libphp_common432-4.3.4-4.20.M20mdk.i586.rpm
bbf7116a28e92bd9c6ce531e8014cc22
mnf/2.0/RPMS/php432-devel-4.3.4-4.20.M20mdk.i586.rpm
0c5f0a2f78cdb87ddd4a2a316d107e4c
mnf/2.0/RPMS/php-cgi-4.3.4-4.20.M20mdk.i586.rpm
27885acc0df6e7fa21ee1d165df8f426
mnf/2.0/RPMS/php-cli-4.3.4-4.20.M20mdk.i586.rpm
14c40d13e47645ceaddb28508008fd8f
mnf/2.0/RPMS/php-gd-4.3.4-1.4.M20mdk.i586.rpm
bfdf39861fc0614d9a81889f6c0dbac6
mnf/2.0/SRPMS/php-4.3.4-4.20.M20mdk.src.rpm
1c40bfd8df9786d467993f0eabc9eff9
mnf/2.0/SRPMS/php-gd-4.3.4-1.4.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Ubuntu

Ubuntu Security Notice USN-341-1 September 06, 2006
libxfont, xorg vulnerability
CVE-2006-3467

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
libfs6 6.8.2-10.3
xserver-xorg 6.8.2-10.3

Ubuntu 5.10:
libxfont1 1:0.99.0+cvs.20050909-1.1

Ubuntu 6.06 LTS:
libxfont1 1:1.0.0-0ubuntu3.1

After a standard system upgrade you need to reboot your computer
to effect the necessary changes.

Details follow:

An integer overflow has been discovered in X.org’s font handling
library. By using a specially crafted font file, this could be
exploited to crash the X server or execute arbitrary code with root
privileges.

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xorg_6.8.2-10.3.diff.gz
      Size/MD5: 1786935
aa47440ea4a03e4986e8f4033b2c66d2
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xorg_6.8.2-10.3.dsc
      Size/MD5: 3422
c4e1d22e94d62fc1444d24717bbbcb40
    http://security.ubuntu.com/ubuntu/pool/main/x/xorg/xorg_6.8.2.orig.tar.gz
      Size/MD5: 49471925
34cba217afe2c547e3a72657a3a27e37

Architecture independent packages:

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

Advisories: September 7, 2006

Debian GNU/Linux

Gentoo Linux

Synopsis

Background

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

Mandriva Linux

Ubuntu

Get the Free Newsletter!

Must Read

Great News! Linux Reaches 5% Desktop Market Share In USA

10 Little-Known Linux Commands You Probably Missed – Part 5

LTM Monthly Roundup #25.01: Sudo Flaws, Nitrux Hyprland, Disqus Alternative, Network Monitoring, Clipboard on Ubuntu, Coreboot Laptop & More!

Best Free and Open Source Software: June 2025 Updates

KDE Plasma 6.4.2 Improves the Kicker App Menu Widget, Spectacle, and More

Our Brands