VARIoT IoT vulnerabilities database

Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information. FreeType 2 Is CFF A vulnerability exists in the handling of fonts. FreeType Is a library for handling various types of font files. FreeType 2 Is CFF A vulnerability exists in the processing of fonts that causes a stack corruption. Attack activity using this vulnerability has been confirmed.Crafted CFF Font FreeType 2 By loading it with an application that uses, arbitrary code may be executed by a remote third party. FreeType is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary-checks on user-supplied data. Failed exploit attempts will likely result in denial-of-service conditions. This BID has been updated to reflect details that may have been included in BID 42151. Apple iOS for iPhone, iPod touch, and iPad is prone to a local privilege-escalation vulnerability that affects the 'IOSurface' component. Successfully exploiting this issue can allow attackers to elevate privileges, leading to a complete compromise of the device. iOS versions 4.0.1 and prior are vulnerable. NOTE (August 12, 2010): This BID was previously titled 'Apple iOS Multiple Vulnerabilities' and included details about a remote code-execution vulnerability. Following further analysis, we determined that the remote code-execution issue was already documented in BID 42241 (FreeType Compact Font Format (CFF) Multiple Stack Based Buffer Overflow Vulnerabilities). It can be used to rasterize and map characters into bitmaps and provide support for other font-related businesses. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/freetype < 2.4.8 >= 2.4.8 Description =========== Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All FreeType users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.4.8" References ========== [ 1 ] CVE-2010-1797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1797 [ 2 ] CVE-2010-2497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2497 [ 3 ] CVE-2010-2498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2498 [ 4 ] CVE-2010-2499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2499 [ 5 ] CVE-2010-2500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2500 [ 6 ] CVE-2010-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2519 [ 7 ] CVE-2010-2520 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2520 [ 8 ] CVE-2010-2527 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2527 [ 9 ] CVE-2010-2541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2541 [ 10 ] CVE-2010-2805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2805 [ 11 ] CVE-2010-2806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2806 [ 12 ] CVE-2010-2807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2807 [ 13 ] CVE-2010-2808 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2808 [ 14 ] CVE-2010-3053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3053 [ 15 ] CVE-2010-3054 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3054 [ 16 ] CVE-2010-3311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3311 [ 17 ] CVE-2010-3814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3814 [ 18 ] CVE-2010-3855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3855 [ 19 ] CVE-2011-0226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0226 [ 20 ] CVE-2011-3256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3256 [ 21 ] CVE-2011-3439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3439 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201201-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-972-1 August 17, 2010 freetype vulnerabilities CVE-2010-1797, CVE-2010-2541, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libfreetype6 2.1.10-1ubuntu2.8 Ubuntu 8.04 LTS: libfreetype6 2.3.5-1ubuntu4.8.04.4 Ubuntu 9.04: libfreetype6 2.3.9-4ubuntu0.3 Ubuntu 9.10: libfreetype6 2.3.9-5ubuntu0.2 Ubuntu 10.04 LTS: libfreetype6 2.3.11-1ubuntu2.2 After a standard system update you need to restart your session to make all the necessary changes. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.8.diff.gz Size/MD5: 70961 d986f14b69d50fe1884e8dd5f9386731 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.8.dsc Size/MD5: 719 a91985ecc92b75aa3f3647506bad4039 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10.orig.tar.gz Size/MD5: 1323617 adf145ce51196ad1b3054d5fb032efe6 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_amd64.deb Size/MD5: 717794 f332d5b1974aa53f200e4e6ecf9df088 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_amd64.deb Size/MD5: 440974 afa83868cc67cec692f72a9dc93635ff http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_amd64.deb Size/MD5: 133902 dca56851436275285b4563c96388a070 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_amd64.udeb Size/MD5: 251958 358627e207009dbe0c5be095e7bed18d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_i386.deb Size/MD5: 677592 ee43f5e97f31b8da57582dbdb1e63033 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_i386.deb Size/MD5: 416328 ef092c08ba2c167af0da25ab743ea663 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_i386.deb Size/MD5: 117302 b2633ed4487657fe349fd3de76fce405 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_i386.udeb Size/MD5: 227436 f55ab8a9bb7e76ad743f6c0fa2974e64 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_powerpc.deb Size/MD5: 708654 ee71c714e62e96a9af4cf7ba909142e6 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_powerpc.deb Size/MD5: 431036 4f1c6a1e28d3a14b593bef37605119ab http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_powerpc.deb Size/MD5: 134260 66ba7d95f551eaadb1bba5a56d76529d http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_powerpc.udeb Size/MD5: 241726 d2c4f13b12c8280b1fad56cdc0965502 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.8_sparc.deb Size/MD5: 683964 49df9101deb9a317229351d72b5804ec http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.8_sparc.deb Size/MD5: 411982 efaca20d5deec9e51be023710902852b http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.8_sparc.deb Size/MD5: 120138 ff723720ed499e40049e3487844b9db3 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.8_sparc.udeb Size/MD5: 222676 71f172ba71fc507b04e5337d55b32ed6 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.4.diff.gz Size/MD5: 40949 1cc5014da4db8200edb54df32561fcd0 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.4.dsc Size/MD5: 907 7f698125814f4ca67a01b0a66d9bcfe9 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5.orig.tar.gz Size/MD5: 1536077 4a5bdbe1ab92f3fe4c4816f9934a5ec2 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_amd64.deb Size/MD5: 694322 c740e1665d09a0c691163a543c8d650b http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_amd64.deb Size/MD5: 362386 5b085e83764fcda129bede2c5c4ca179 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_amd64.deb Size/MD5: 221392 dbebbbaffc086dccf550468fff1daa92 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_amd64.udeb Size/MD5: 258454 f3903d4e43891753f3c6439cd862617f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_i386.deb Size/MD5: 663330 7601af27049730f0f7afcfa30244ae88 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_i386.deb Size/MD5: 347172 de53a441e28e385598d20333ff636026 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_i386.deb Size/MD5: 201266 c9c50bdc87d0a46fc43f3bbca26adec5 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_i386.udeb Size/MD5: 243462 16bb61f604fe48a301f6faeaa094d266 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_lpia.deb Size/MD5: 665120 bf0dcd13b8a171f6a740ca225d943e68 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_lpia.deb Size/MD5: 347512 d2beee3ccf7fe0233825d46cc61ca62d http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_lpia.deb Size/MD5: 205560 7879f630a5356e3d6e9c0609e8008de9 http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_lpia.udeb Size/MD5: 244324 4e10fb5e68a78312eb02c69508120c6a powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_powerpc.deb Size/MD5: 687156 6d36300396fa84d6f889147b0247f385 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_powerpc.deb Size/MD5: 358086 06b9874cc9ba11fdb6feb10b0831e890 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_powerpc.deb Size/MD5: 235578 ce514bab4cbc028a0451742c38c633cd http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_powerpc.udeb Size/MD5: 254526 d50f40a9421b52f4302c4d260170edb3 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.4_sparc.deb Size/MD5: 658094 184f0f51023baa8ce459fababaa190d9 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.4_sparc.deb Size/MD5: 332124 5aa036de5269896c893ea8f825329b84 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.4_sparc.deb Size/MD5: 199782 9323f9209333cf42114e97d3305d901c http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.4_sparc.udeb Size/MD5: 227810 7657e99ad137ad5ce654b74cfbbfdc10 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.3.diff.gz Size/MD5: 44032 17b27322a6448d40599c55561209c940 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.3.dsc Size/MD5: 1311 5124a4df7016a625a631c1ff4661aae9 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9.orig.tar.gz Size/MD5: 1624314 7b2ab681f1a436876ed888041204e478 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_amd64.deb Size/MD5: 729408 788a2af765a8356c4a7c01e893695b0b http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_amd64.udeb Size/MD5: 272950 a1f9a0ad0d036e5a14b073c139ce5408 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_amd64.deb Size/MD5: 407052 bfd510dc0c46a0f25dd3329693ee66a8 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_amd64.deb Size/MD5: 226474 9b8e6c521d8629b9b1db2760209460a3 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_i386.deb Size/MD5: 697818 9176ee8649b8441333d7c5d9359c53a6 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_i386.udeb Size/MD5: 257896 c26f46491d69a174fa9cad126a3201cf http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_i386.deb Size/MD5: 392692 648d0605a187b74291b3233e5e4930e3 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_i386.deb Size/MD5: 198834 0b41da08de5417a7db21e24e730e03d9 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_lpia.deb Size/MD5: 698682 12c20dd647db986bd87a250d8706e8e8 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_lpia.udeb Size/MD5: 257736 dee60e4b8a1824d2aa13364ec0f01602 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_lpia.deb Size/MD5: 392978 e19bcc3c8c0cec76227c64843b01516a http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_lpia.deb Size/MD5: 201636 a558e986b6c6e878e115126e7d3a28a5 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_powerpc.deb Size/MD5: 720040 70c8792cddd9cfe45480f8d760dd0163 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_powerpc.udeb Size/MD5: 265790 b356a500845d045f431db6ef4db4f811 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_powerpc.deb Size/MD5: 400532 91aa4eea6b8e9b67a721b552caab8468 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_powerpc.deb Size/MD5: 227834 fa22e303b8d06dfb99a8c3c1f2980061 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.3_sparc.deb Size/MD5: 689244 dff22369b1bb07d4ef7c6d9f474149db http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.3_sparc.udeb Size/MD5: 238164 cb1e597bd0065d2ffbad763a52088c1d http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.3_sparc.deb Size/MD5: 372422 c6f36ae3119f8f17368d796943ba9908 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.3_sparc.deb Size/MD5: 201390 c3f108859375787b11190d3c5a1d966b Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-5ubuntu0.2.diff.gz Size/MD5: 43530 f78681f1641b93f34d41ff4d6f31eb71 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-5ubuntu0.2.dsc Size/MD5: 1311 8a9a302e0a62f2dbe2a62aba456e2108 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9.orig.tar.gz Size/MD5: 1624314 7b2ab681f1a436876ed888041204e478 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_amd64.deb Size/MD5: 731028 3b5ed0ad073cca0c1eee212b0e12f255 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_amd64.udeb Size/MD5: 275110 a23822489a0d7d45152f341b86f0df20 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_amd64.deb Size/MD5: 409362 ba180d650e17df6980ca09b8d1a109e1 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_amd64.deb Size/MD5: 230774 a0a51691eefc0fb6e94d41c3282c3ab2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_i386.deb Size/MD5: 696892 ad2164ed812ccd9cf7829659cff219c7 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_i386.udeb Size/MD5: 258710 c2d256e87eaee83ab83592247588bee7 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_i386.deb Size/MD5: 393912 c8d04b785d17066229bab50a3c13e1af http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_i386.deb Size/MD5: 195702 02aa03f1f62a61383d829b5bf494b7b0 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_lpia.deb Size/MD5: 699382 ff8200917b43322062d2f3b5f3f6bab8 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_lpia.udeb Size/MD5: 259348 0395bdbaf357d161d0f1d3b257ae4732 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_lpia.deb Size/MD5: 394122 8481f2e278a5da28b28ef0fa79207662 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_lpia.deb Size/MD5: 198546 a3f0a848da83a64d14344b6744b33a90 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_powerpc.deb Size/MD5: 719762 bd7185c852b151794c27f8c2ead4da94 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_powerpc.udeb Size/MD5: 264578 58a77cbf2ae4c2a447a81cce72f6b8c5 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_powerpc.deb Size/MD5: 399118 c943fa66513b862ccb6ac99699c9e33c http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_powerpc.deb Size/MD5: 203834 842dd94d9b3fad52c0b1b6489775d2ea sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.2_sparc.deb Size/MD5: 691054 557de31093ac67c2dedec97e55998295 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.2_sparc.udeb Size/MD5: 240534 f3c79ed9e84e7169851de3f432b613c3 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.2_sparc.deb Size/MD5: 374982 e84af1b516f050ee9bdb93c213994943 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.2_sparc.deb Size/MD5: 195786 599978c8d9cff2525eba228c793833c3 Updated packages for Ubuntu 10.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11-1ubuntu2.2.diff.gz Size/MD5: 41646 9b97425327300eda74c492034fed50ad http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11-1ubuntu2.2.dsc Size/MD5: 1313 b7b625334a0d9c926bf34cc83dcc904c http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11.orig.tar.gz Size/MD5: 1709600 5aa22c0bc6aa3815b40a309ead2b9d1b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_amd64.deb Size/MD5: 739530 db9147ce9477b7ab22374f89d24b24ca http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_amd64.udeb Size/MD5: 277536 35fc46f3c281aee82eeed4e00cfdacdc http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_amd64.deb Size/MD5: 434932 1bf8e620c3008504b87354470e7be9a5 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_amd64.deb Size/MD5: 221434 4b4fcbd633bf1b3c2151617adae44835 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_i386.deb Size/MD5: 704694 f58601afde2b4bc257492762654cbf94 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_i386.udeb Size/MD5: 260916 a540a7f9ae973bce66bbd3fdb9a4f849 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_i386.deb Size/MD5: 419000 d4a78ce7ae146caa59b61f43b27d363c http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_i386.deb Size/MD5: 188710 e94b4202fcfe184fdf81409fe610a42a powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_powerpc.deb Size/MD5: 728090 5f2e98a54cb2a0ac03591c387aacf461 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_powerpc.udeb Size/MD5: 266750 66bf2b146ab219d1b78e1887d0053f2a http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_powerpc.deb Size/MD5: 424614 fd964644b45bbbc79729c9609c4b6bb8 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_powerpc.deb Size/MD5: 196686 b88a8cebff19c95b6c9c161f7d1bb472 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.2_sparc.deb Size/MD5: 707164 bf26d7cb1aa3f759ca31510f92888053 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.2_sparc.udeb Size/MD5: 250768 100b4d4b270421fb1dcb503c88b547e8 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.2_sparc.deb Size/MD5: 408132 b009cd0f1aafa500f8cc16273e9f2ed9 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.2_sparc.deb Size/MD5: 198302 504ec3da9ee2048391e2c4035d7149fc . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch 1. *Advisory Information* Title: Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch Advisory Id: CORE-2010-0825 Advisory URL: [http://www.coresecurity.com/content/Apple-OSX-ATSServer-CharStrings-Sign-Mismatch] Date published: 2010-11-08 Date of last update: 2010-11-08 Vendors contacted: Apple Release mode: User release 2. *Vulnerability Information* Class: Input validation error [CWE-20] Impact: Code execution Remotely Exploitable: Yes (client-side) Locally Exploitable: No CVE Name: CVE-2010-1797 Bugtraq ID: N/A 3. *Vulnerability Description* The Apple Type Services is prone to memory corruption due a sign mismatch vulnerability when handling the last offset value of the CharStrings INDEX structure. This vulnerability is a variation of the vulnerability labeled as CVE-2010-1797 (FreeType JailbreakMe iPhone exploit variation). 4. *Vulnerable packages* . Apple Mac OS X v10.5.x 5. *Solutions and Workarounds* According to information provided to us by Apple, a patch for this fix has already been developed. Apple provided us a release date for this patch in two opportunities but then failed to meet their our deadlines without giving us any notice or explanation. Apple Mac OSX 10.6 is not affected by this vulnerability, upgrading to this version is highly recommed when possible. 6. *Credits* This vulnerability was discovered and researched by Anibal Sacco [http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=researcher&name=Anibal_Sacco] and Matias Eissler [http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=researcher&name=Matias_Eissler], from Core Security Technologies. Publication was coordinated by Fernando Russ and Pedro Varangot. 7. *Technical Description* When loading a PDF with an embedded CFF font a sign mismatch error exists in ATSServer when handling the last offset value of the CharStrings INDEX structure. This could be triggered in different ways: . When trying to make a thumbnail of the file . When trying to open the file with the Preview app . Serving the file in a web server and tricking the user to click on it. Embedded in an email (if handled by Mail.app) This allows to corrupt the process memory by controlling the size parameter of a memcpy function call allowing an attacker to get code execution. At [00042AFA] we can see how the value obtained from the file is sign extended prior to be passed to the function loc_370F0. Inside this function this value will be used as the size parameter of memcpy: /----- 00042AF2 movsx eax, word ptr [edx+5Eh] 00042AF6 mov [esp+0Ch], eax 00042AFA movsx eax, word ptr [esi+4] 00042AFE mov [esp], edi 00042B01 mov [esp+8], eax 00042B05 mov eax, [ebp-2Ch] 00042B08 mov [esp+4], eax 00042B0C call loc_370F0 - -----/ An attacker could take advantage of this condition by setting a negative offset value (0xfffa) in the file that will be converted to a DWORD without enough validation leading to a memcpy of size 0xfffffffa. This vulnerability results in arbitrary code execution. 8. *Report Timeline* . 2010-08-26: Vendor contacted, a draft of this advisory is sent and September 28th is proposed as a coordinated publication date. Core remarks that since this is a variation of a publicly disclossed vulnerability it may have already been discovered by other security researchers like vulnerability research brokers or independent security researchers. 2010-08-28: The Apple Product Security team acknowledges the report, saying that they were able to reproduce the issue in Mac OS X 10.5 but not in Mac OS X 10.6, they also said that the deadline for September 28th will be imposible to meet. 2010-08-30: Core informs Apple that there is no problem changing the publication date for the report, whenever the new publication date remains reasonable. Also, Core asks for a tentive timeframe for the fix, and confirm that Mac OS X 10.6 does not seem to be affected. 2010-08-31: Apple acknowledges the comunication informing the publication timing, and state that they are still trying to determine the most appropiate timeframe. 2010-09-28: Core asks the vendor for an update regarding this issue. Also, Core asks for a specific timeframe for the fix, and sets October 18th as tentative publication date. 2010-09-28: Apple acknowledges the comunication informing that this issue will be fixed in the next security update of Mac OS X 10.5, which is tentatively scheduled for the end of October without a firm date of publication. 2010-08-31: Apple asks Core about credit information for the advisory. 2010-09-28: Core acknowledges the comunication sending the credit information for this report. 2010-10-20: Core asks Apple for a firm date for the release of this securiry issue since the initial propossed timeframe of October 18th is due. 2010-10-22: Apple acknowledges the comunication informing that the publication date is scheduled to the week of October 25th. Also, Apple notifies that the assigned identifier for this vulnerability is CVE-2010-1797. 2010-11-01: Core asks Apple for a new schedule for the publication, since there was no notice of any Apple security update during the week of October 25th. 2010-11-01: Apple acknowledges the communication informing that the publication date was rescheduled to the middle of the week of November 1st. 2010-11-03: Core informs Apple that the publication of this advisory was scheduled to Monday 8th, taking into account the last communication this is a final publication date. Core also informs that the information about how this vulnerability was found and how it can be exploited will be discussed in a small infosec related local event in Buenos Aires city. 2010-11-08: Core publishes advisory CORE-2010-0825. 9. *References* [1] [http://en.wikipedia.org/wiki/PostScript_fonts#Compact_Font_Format] 10. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: [http://corelabs.coresecurity.com]. 11. *About Core Security Technologies* Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their networks. The company's flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. CORE IMPACT evaluates network, endpoint and end-user vulnerabilities and identifies what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core Security Technologies augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at [http://www.coresecurity.com]. 12. *Disclaimer* The contents of this advisory are copyright (c) 2010 Core Security Technologies and (c) 2010 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: [http://creativecommons.org/licenses/by-nc-sa/3.0/us/] 13. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at [http://www.coresecurity.com/files/attachments/core_security_advisories.asc]. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzYayoACgkQyNibggitWa2PMgCfSvLwR5OgWfmFIwpONWL+dMa3 njEAnjIZFF+zG/wWK3IscWx3VyNW5F30 =XULv -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1797 https://bugzilla.redhat.com/show_bug.cgi?id=621144 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: e5b2f1ac6039b90de44e4c54a7dc15ad 2008.0/i586/libfreetype6-2.3.5-2.4mdv2008.0.i586.rpm ec559f7f70f91973c7c3337d170c2bf1 2008.0/i586/libfreetype6-devel-2.3.5-2.4mdv2008.0.i586.rpm 0f87bab9e3ba83faf24b13b13e8a16a5 2008.0/i586/libfreetype6-static-devel-2.3.5-2.4mdv2008.0.i586.rpm 0d6118b220d595e52174eb7cc2675980 2008.0/SRPMS/freetype2-2.3.5-2.4mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 5d3a64ac00fb880838ea068bceb28055 2008.0/x86_64/lib64freetype6-2.3.5-2.4mdv2008.0.x86_64.rpm d052dabc9b4f9fa41863eb8ca1fe334b 2008.0/x86_64/lib64freetype6-devel-2.3.5-2.4mdv2008.0.x86_64.rpm 281d278bf445567d29c510d0d27f7489 2008.0/x86_64/lib64freetype6-static-devel-2.3.5-2.4mdv2008.0.x86_64.rpm 0d6118b220d595e52174eb7cc2675980 2008.0/SRPMS/freetype2-2.3.5-2.4mdv2008.0.src.rpm Mandriva Linux 2009.0: ed81cc7ed3660ce94c3c6d00d556ac18 2009.0/i586/libfreetype6-2.3.7-1.3mdv2009.0.i586.rpm 325432a13a72aaf457847f4a205b9823 2009.0/i586/libfreetype6-devel-2.3.7-1.3mdv2009.0.i586.rpm bcd0dbb954f1a4e09d10e03556ea2497 2009.0/i586/libfreetype6-static-devel-2.3.7-1.3mdv2009.0.i586.rpm 373a3d35198adefaabfdb3d75c4359b1 2009.0/SRPMS/freetype2-2.3.7-1.3mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 4af7ec1921662eaa37e6a5b27998cdec 2009.0/x86_64/lib64freetype6-2.3.7-1.3mdv2009.0.x86_64.rpm c53e5285ea05fc68168a800df25a9556 2009.0/x86_64/lib64freetype6-devel-2.3.7-1.3mdv2009.0.x86_64.rpm 3a5b5a4aa2eec538b0479f066fa6e7e7 2009.0/x86_64/lib64freetype6-static-devel-2.3.7-1.3mdv2009.0.x86_64.rpm 373a3d35198adefaabfdb3d75c4359b1 2009.0/SRPMS/freetype2-2.3.7-1.3mdv2009.0.src.rpm Mandriva Linux 2009.1: ce6a11ba3156f8e1ac8339bf3c94f709 2009.1/i586/libfreetype6-2.3.9-1.4mdv2009.1.i586.rpm dc2573dc94973052652f2481651e927a 2009.1/i586/libfreetype6-devel-2.3.9-1.4mdv2009.1.i586.rpm aee56bcfbed1899495f00e87ddaed7ce 2009.1/i586/libfreetype6-static-devel-2.3.9-1.4mdv2009.1.i586.rpm aaa5a09d40624240e901b31d4f0e98c0 2009.1/SRPMS/freetype2-2.3.9-1.4mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 9e51fa000bb7e106189845ca6694ae15 2009.1/x86_64/lib64freetype6-2.3.9-1.4mdv2009.1.x86_64.rpm 2ec9a71562a8d40a8accaf967b3c2a75 2009.1/x86_64/lib64freetype6-devel-2.3.9-1.4mdv2009.1.x86_64.rpm 8e87a5ba6fd376aeceef71fe5b809f86 2009.1/x86_64/lib64freetype6-static-devel-2.3.9-1.4mdv2009.1.x86_64.rpm aaa5a09d40624240e901b31d4f0e98c0 2009.1/SRPMS/freetype2-2.3.9-1.4mdv2009.1.src.rpm Mandriva Linux 2010.0: faf191e76adc0e2f8f4bebfd97f36a49 2010.0/i586/libfreetype6-2.3.11-1.2mdv2010.0.i586.rpm 7202581d10580a63ba28eb4b0dce708c 2010.0/i586/libfreetype6-devel-2.3.11-1.2mdv2010.0.i586.rpm ecaad382e83f7005a1d76a585dfe879c 2010.0/i586/libfreetype6-static-devel-2.3.11-1.2mdv2010.0.i586.rpm 3c34f8f0e0352ef0a11c57d4eadc1ccd 2010.0/SRPMS/freetype2-2.3.11-1.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 9ffe17211ba4e4a6aa67e73e4c22e020 2010.0/x86_64/lib64freetype6-2.3.11-1.2mdv2010.0.x86_64.rpm eebaba0b5509b21da03a432699198342 2010.0/x86_64/lib64freetype6-devel-2.3.11-1.2mdv2010.0.x86_64.rpm 90e215bda5483ee6b5d5ca74bfedf7c0 2010.0/x86_64/lib64freetype6-static-devel-2.3.11-1.2mdv2010.0.x86_64.rpm 3c34f8f0e0352ef0a11c57d4eadc1ccd 2010.0/SRPMS/freetype2-2.3.11-1.2mdv2010.0.src.rpm Mandriva Linux 2010.1: 437be09971963217a5daef5dc04d451b 2010.1/i586/libfreetype6-2.3.12-1.2mdv2010.1.i586.rpm 42f5ddeeb25353a9fa20677112e9ae7c 2010.1/i586/libfreetype6-devel-2.3.12-1.2mdv2010.1.i586.rpm c77ce226104a1febd22c920c73a807f7 2010.1/i586/libfreetype6-static-devel-2.3.12-1.2mdv2010.1.i586.rpm 11f6a185216335c804f0988621dd637c 2010.1/SRPMS/freetype2-2.3.12-1.2mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: a4a5170f277a9654f19b208deab8027c 2010.1/x86_64/lib64freetype6-2.3.12-1.2mdv2010.1.x86_64.rpm 4637ff02b2739b2d29c94333f00ce59e 2010.1/x86_64/lib64freetype6-devel-2.3.12-1.2mdv2010.1.x86_64.rpm 20a9488e5100b9a4f925fb777e00248d 2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.2mdv2010.1.x86_64.rpm 11f6a185216335c804f0988621dd637c 2010.1/SRPMS/freetype2-2.3.12-1.2mdv2010.1.src.rpm Corporate 4.0: 516a71993da7404ae96b14699cb1aa5f corporate/4.0/i586/libfreetype6-2.1.10-9.11.20060mlcs4.i586.rpm 839108110543d3243a725c3c2153ea46 corporate/4.0/i586/libfreetype6-devel-2.1.10-9.11.20060mlcs4.i586.rpm 8c912e309a35917d533fcf3be251f662 corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.11.20060mlcs4.i586.rpm e6e59f81030a80f5a1704f130e34b3ec corporate/4.0/SRPMS/freetype2-2.1.10-9.11.20060mlcs4.src.rpm Corporate 4.0/X86_64: cf591c59af6e46e62609ff34892f52d3 corporate/4.0/x86_64/lib64freetype6-2.1.10-9.11.20060mlcs4.x86_64.rpm 55e0f089dee699185f317e863b12c590 corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.11.20060mlcs4.x86_64.rpm 7eec0361fb43382f4aa9558e2698af89 corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.11.20060mlcs4.x86_64.rpm e6e59f81030a80f5a1704f130e34b3ec corporate/4.0/SRPMS/freetype2-2.1.10-9.11.20060mlcs4.src.rpm Mandriva Enterprise Server 5: cfed1363663ad29113cb1655c3e56429 mes5/i586/libfreetype6-2.3.7-1.3mdvmes5.1.i586.rpm bfc520ee4832553381a304209442dcc1 mes5/i586/libfreetype6-devel-2.3.7-1.3mdvmes5.1.i586.rpm 92f6f546f2dad9a2bf7031261079294a mes5/i586/libfreetype6-static-devel-2.3.7-1.3mdvmes5.1.i586.rpm d32510c26f462ffb120f4c4284f412d4 mes5/SRPMS/freetype2-2.3.7-1.3mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 35c99bfa9c7a0799a4f304d3a2de2f11 mes5/x86_64/lib64freetype6-2.3.7-1.3mdvmes5.1.x86_64.rpm 9dcb3dfb3769618d8b2c93f3f4ba53db mes5/x86_64/lib64freetype6-devel-2.3.7-1.3mdvmes5.1.x86_64.rpm 165edd82ca0492d88d393e8a65ad5869 mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.3mdvmes5.1.x86_64.rpm d32510c26f462ffb120f4c4284f412d4 mes5/SRPMS/freetype2-2.3.7-1.3mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMZBO6mqjQ0CJFipgRAvckAKCpFuRGLxgICBqETRTbXhdZpg8RywCgjKjm 46cbqAt0xVJvR5AdhA3z/FY= =T9it -----END PGP SIGNATURE----- . CVE-2010-3053 bdf/bdflib.c in FreeType allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string. For the stable distribution (lenny), these problems have been fixed in version 2.3.7-2+lenny3 For the unstable distribution (sid) and the testing distribution (squeeze), these problems have been fixed in version 2.4.2-1 We recommend that you upgrade your freetype package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.diff.gz Size/MD5 checksum: 39230 95a3841e7258573ca2d3e0075b8e7f73 http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8 http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.dsc Size/MD5 checksum: 1219 2a2bf3d4568d92e2a48ebcda38140e73 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_alpha.deb Size/MD5 checksum: 775278 2f2ca060588fc33b6d7baae02201dbd2 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_alpha.deb Size/MD5 checksum: 412188 ad9537e93ed3fb61f9348470940f3ce5 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_alpha.udeb Size/MD5 checksum: 296592 e689b1c4b6bd7779e44d1cd641be9622 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_alpha.deb Size/MD5 checksum: 253786 287a98ca57139d4dee8041eba2881e3b amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_amd64.deb Size/MD5 checksum: 713260 f1d4002e7b6d185ff9f46bc25d67c4c9 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_amd64.deb Size/MD5 checksum: 223170 cb00f76d826be115243faa9dfd0b8a91 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_amd64.udeb Size/MD5 checksum: 269796 40762e686138c27ac92b20174e67012e http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_amd64.deb Size/MD5 checksum: 385848 0294d7e3e1d6b37532f98344a9849cde arm architecture (ARM) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_arm.deb Size/MD5 checksum: 686154 fbe32c7124ba2ce093b31f46736e002b http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_arm.deb Size/MD5 checksum: 357158 0d793d543a33cfa192098234c925d639 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_arm.udeb Size/MD5 checksum: 242196 1cfc9f7dc6a7cd0843aa234bab35b69e http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_arm.deb Size/MD5 checksum: 205120 39ab4dfbc19c8a63affc493e0b5aaf2d armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_armel.deb Size/MD5 checksum: 684568 325686fbc2fba7687da424ada57b9419 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_armel.deb Size/MD5 checksum: 209992 69f6a68fb90658ec74dfd7cc7cc0b766 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_armel.udeb Size/MD5 checksum: 236564 a48afca5c6798d16b140b3362dfac0ca http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_armel.deb Size/MD5 checksum: 353814 76960109910d6de2f74ec0e345f00854 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_i386.udeb Size/MD5 checksum: 254452 a34af74eda0feb2b763cfc6f5b8330c1 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_i386.deb Size/MD5 checksum: 371586 ec294ffffeb9ddec389e3e988d880534 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_i386.deb Size/MD5 checksum: 198558 3283ad058d37eed8bca46df743c6a915 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_i386.deb Size/MD5 checksum: 684624 014d335b35ed41022adb628796a0c122 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_ia64.deb Size/MD5 checksum: 332160 2dbb364f09414e4b0e0f59d9e91d1edc http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_ia64.deb Size/MD5 checksum: 876692 2f6d3421d6c8424523388347c5640666 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_ia64.deb Size/MD5 checksum: 531496 5dd7755f63271f597b64c3f513e8e7f1 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_ia64.udeb Size/MD5 checksum: 415934 ea2ba16157b3504d8b9c8f251b69b16f mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mips.deb Size/MD5 checksum: 717022 9ee8c246af10f4bf7cdf5cdc54010dd6 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mips.deb Size/MD5 checksum: 213212 3641ad81738e8935c5df2b648383c8e0 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mips.deb Size/MD5 checksum: 369018 18559e273ffcea5614e71ab32b95ef47 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mips.udeb Size/MD5 checksum: 253924 1be1e224f27a780beb6799d55fa74663 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mipsel.deb Size/MD5 checksum: 369772 6181d98166fe1f004fb033f2665ce4af http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mipsel.deb Size/MD5 checksum: 214802 6edbec67ff79e96921d1fe4bf57b0fce http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mipsel.deb Size/MD5 checksum: 712502 4a99ccc68b1913f88901c5e0686fea4f http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mipsel.udeb Size/MD5 checksum: 254212 e30825a94175fd78a561b8365392cbad powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_powerpc.udeb Size/MD5 checksum: 262804 d35ced8ba625f39dc7a04e3e61e0d49d http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_powerpc.deb Size/MD5 checksum: 233882 6e294c19dd0109ee80fe6cd401b6a185 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_powerpc.deb Size/MD5 checksum: 378612 c96a180e7132c543396486b14107cdad http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_powerpc.deb Size/MD5 checksum: 708212 9602a7786b2ebffd1d75d443901574c5 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_s390.deb Size/MD5 checksum: 225190 393c9515f7cd89bcd8b0c38d6d6dd7ac http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_s390.deb Size/MD5 checksum: 384160 4e20bc56e5fc65fb08529d8765d28850 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_s390.deb Size/MD5 checksum: 698798 f589b6b8882d998bb7b89fa1dfa40b3a http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_s390.udeb Size/MD5 checksum: 268272 7b6511b9ad657aa165e906a4fcbfee11 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_sparc.deb Size/MD5 checksum: 200078 29c1833cbde5b4da5c2e35aaf856ab58 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_sparc.udeb Size/MD5 checksum: 235424 e64a8fc3b744253b22161e31fbb6e92a http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_sparc.deb Size/MD5 checksum: 352544 a7f480889460b104bbab16fd8d8da2d5 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_sparc.deb Size/MD5 checksum: 676520 6d0f57a5bd6457a9b9b85271c7001531 These files will probably be moved into the stable distribution on its next update

JP1/Cm2/Network Node Manager is prone to a multiple remote code-execution and denial-of-service vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the affected application or cause denial-of-service conditions. ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Hitachi JP1/Cm2/Network Node Manager Unspecified Vulnerability SECUNIA ADVISORY ID: SA40784 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40784/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40784 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40784/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40784/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40784 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi JP1/Cm2/Network Node Manager, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Please see the vendor's advisory for fix information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-015/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Hitachi HiRDB is a database system developed by Hitachi. Hitachi HiRDB has errors in processing unknown data. Attackers can use the vulnerability to damage the HiRDB process and HiRDB unit. No detailed vulnerability details are provided at this time. Hitachi HiRDB is prone to an unspecified denial-of-service vulnerability because it fails to properly handle unexpected data. Successful exploits may allow attackers to cause the service to stop, effectively denying further service to legitimate users. ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Hitachi HiRDB Denial of Service Vulnerability SECUNIA ADVISORY ID: SA40768 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40768/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40768 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40768/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40768/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40768 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi HiRDB, which can be exploited by malicious people to cause a DoS (Denial of Service). Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Please see the vendor's advisory for fix information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-014/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows local users to obtain sensitive information via vectors involving (1) the mobile device or (2) a synchronized computer

SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. SAP NetWeaver has input validation errors that can be exploited by remote attackers for cross-site scripting attacks. Inputs passed to testsdic via the \"action\" parameter and passed to paramhelp.jsp via the \"helpstring\" parameter in the System Landscape directory component are not filtered before returning to the user, and the attacker can exploit the vulnerability to gain sensitive information or hijack the target user session

Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2) show_details, (3) filter_rst, or (4) txt_select parameters to the triggers page (tr_status.php). NOTE: some of these details are obtained from third party information. Zabbix is a CS network distributed network monitoring system. ZABBIX is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. ZABBIX version 1.8.2 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Zabbix PHP Frontend "formatQuery()" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA40679 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40679/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40679 RELEASE DATE: 2010-07-28 DISCUSS ADVISORY: http://secunia.com/advisories/40679/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40679/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40679 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Zabbix, which can be exploited by malicious people to conduct cross-site scripting attacks. Various input is not properly sanitised by the "formatQuery()" function of the "Curl" class in frontends/php/include/classes/class.curl.php before being returned to the user. SOLUTION: Fixed in version 1.8.3-rc1. PROVIDED AND/OR DISCOVERED BY: Reported as a normal bug by alixen. Later independently reported as cross-site scripting vulnerabilities in frontends/php/tr_status.php by Vupen. ORIGINAL ADVISORY: Zabbix: http://www.zabbix.com/forum/showthread.php?p=68770 https://support.zabbix.com/browse/ZBX-2326 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp. System Landscape Directory is prone to a cross-site scripting vulnerability. ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: SAP NetWeaver System Landscape Directory Component Cross-Site Scripting SECUNIA ADVISORY ID: SA40712 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40712/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40712 RELEASE DATE: 2010-07-28 DISCUSS ADVISORY: http://secunia.com/advisories/40712/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40712/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40712 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in SAP NetWeaver, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "action" parameter to testsdic and via the "helpstring" parameter to paramhelp.jsp in the System Landscape Directory component is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Patches are available via SAP note 1416047. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Alexander Polyakov, Digital Security Research Group [DSecRG] ORIGINAL ADVISORY: SAP (note 1416047): https://service.sap.com/sap/support/notes/1416047 DSecRG-09-068: http://dsecrg.com/pages/vul/show.php?id=168 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. Failed exploit attempts will likely result in denial-of-service conditions. QuickTime 7.6.6 (1671) for Windows is vulnerable; other versions may also be affected. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats

The webdav_mount function in webdav_vfsops.c in the WebDAV kernel extension (aka webdav_fs.kext) for Mac OS X 10.6 allows local users to cause a denial of service (panic) via a mount request with a large integer in the pa_socket_namelen field. Attackers can exploit this issue to trigger a kernel panic resulting in a denial-of-service condition. Mac OS X is a BSD-derived operating system developed and maintained by Apple. ==Notes on Disclosure== My disclosure of this issue prior to an official fix is not meant to be taken as a statement against Apple's management of security issues. Local denial-of-service issues are by nature low impact - many security teams do not regard these as security-relevant at all.\xa0 I believe the chances of exploitation of this in real life are practically non-existent.\xa0 Given that the vulnerability resides in an open source kernel extension, I chose to disclose this issue so that concerned administrators can apply a fix immediately, while the rest of us can benefit from a little increased awareness of potentially unsafe memory allocation situations.\xa0 Apple's security team was contacted prior to disclosure, and I'm sure they'll incorporate a fix in a future release. ==Solution== The WebDAV kernel extension can be obtained online [2].\xa0 The following patch can be applied to this extension, after which it should be recompiled to replace the existing extension at /System/Library/Extensions/webdav_fs.kext: --- webdav_fs.kextproj.orig/webdav_fs.kmodproj/webdav_vfsops.c 2010-07-21 09:51:09.000000000 -0400 +++ webdav_fs.kextproj/webdav_fs.kmodproj/webdav_vfsops.c 2010-07-21 10:32:43.000000000 -0400 @@ -319,6 +319,12 @@ static int webdav_mount(struct mount *mp \xa0\xa0\xa0\xa0 } \xa0\xa0\xa0\xa0 /* Get the server sockaddr from the args */ +\xa0\xa0\xa0 if(args.pa_socket_namelen > NAME_MAX) +\xa0\xa0\xa0 { +\xa0\xa0\xa0 \xa0\xa0\xa0 error = EINVAL; +\xa0\xa0\xa0 \xa0\xa0\xa0 goto bad; +\xa0\xa0\xa0 } + \xa0\xa0\xa0\xa0 MALLOC(fmp->pm_socket_name, struct sockaddr *, args.pa_socket_namelen, M_TEMP, M_WAITOK); \xa0\xa0\xa0\xa0 error = copyin(args.pa_socket_name, fmp->pm_socket_name, args.pa_socket_namelen); \xa0\xa0\xa0\xa0 if (error) ==Credits== This vulnerability was discovered by Dan Rosenberg (dan.j.rosenberg@gmail.com). ==References== CVE identifier CVE-2010-1794 has been assigned to this issue by Apple. [1] http://en.wikipedia.org/wiki/WebDAV [2] http://opensource.apple.com/source/webdavfs/webdavfs-293/webdav_fs.kextproj/webdav_fs.kmodproj/

The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. Apache HTTP Server is prone to multiple remote denial-of-service vulnerabilities. An attacker can exploit these issues to deny service to legitimate users. Versions prior to Apache 2.2.16 are vulnerable. Packages for 2008.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452 http://httpd.apache.org/security/vulnerabilities_22.html _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 06e857488c2b40c2a0aaf7004726a502 2008.0/i586/apache-base-2.2.6-8.6mdv2008.0.i586.rpm 2694040802b1329f0adac51bd7640136 2008.0/i586/apache-devel-2.2.6-8.6mdv2008.0.i586.rpm 6c4a5fb028605baa3459e03085b37d5e 2008.0/i586/apache-htcacheclean-2.2.6-8.6mdv2008.0.i586.rpm e8e0cff4447b3f7b264f660fbe379449 2008.0/i586/apache-mod_authn_dbd-2.2.6-8.6mdv2008.0.i586.rpm 582f3ecc2eb97e6eef6a3bdae1ff5498 2008.0/i586/apache-mod_cache-2.2.6-8.6mdv2008.0.i586.rpm 2a080305b7e8b11bdd97b61f79c03d6d 2008.0/i586/apache-mod_dav-2.2.6-8.6mdv2008.0.i586.rpm 902b29ea25196ddd0c718ba5ff8fb5bc 2008.0/i586/apache-mod_dbd-2.2.6-8.6mdv2008.0.i586.rpm 88820b4987fb8dbe91983a57448aefa4 2008.0/i586/apache-mod_deflate-2.2.6-8.6mdv2008.0.i586.rpm caf10ec66d8a7cc0abc3e41d0862da38 2008.0/i586/apache-mod_disk_cache-2.2.6-8.6mdv2008.0.i586.rpm 0c99ec09dc44adcd28816e6ea1362cde 2008.0/i586/apache-mod_file_cache-2.2.6-8.6mdv2008.0.i586.rpm 478b82672ede1c503fc865206d21a100 2008.0/i586/apache-mod_ldap-2.2.6-8.6mdv2008.0.i586.rpm fe63f0ff63ed611e682d2f7c40e017e9 2008.0/i586/apache-mod_mem_cache-2.2.6-8.6mdv2008.0.i586.rpm 7feee63e323c6a3b5183c42093b31e0d 2008.0/i586/apache-mod_proxy-2.2.6-8.6mdv2008.0.i586.rpm a92cb47580b48464e12ce9a22d083ed3 2008.0/i586/apache-mod_proxy_ajp-2.2.6-8.6mdv2008.0.i586.rpm 40911443f472c5af1ab59b1fff907872 2008.0/i586/apache-mod_ssl-2.2.6-8.6mdv2008.0.i586.rpm 665e6157da7ecc8a553c358627014137 2008.0/i586/apache-modules-2.2.6-8.6mdv2008.0.i586.rpm 23842ef27bc0cb4c2928ea30c461d7bc 2008.0/i586/apache-mod_userdir-2.2.6-8.6mdv2008.0.i586.rpm 0736f77fe06f01e7d22b921902ed73d2 2008.0/i586/apache-mpm-event-2.2.6-8.6mdv2008.0.i586.rpm ab1654f679b3f5a7032922dd9f6c8025 2008.0/i586/apache-mpm-itk-2.2.6-8.6mdv2008.0.i586.rpm eb834fb78041f217d30c532bf95c0143 2008.0/i586/apache-mpm-prefork-2.2.6-8.6mdv2008.0.i586.rpm add5fb58f78e7ce6689cd58c16ffdffb 2008.0/i586/apache-mpm-worker-2.2.6-8.6mdv2008.0.i586.rpm 2bd4caaf1128cb0fc94c4c44f2c56453 2008.0/i586/apache-source-2.2.6-8.6mdv2008.0.i586.rpm 57c08b6909e494350019980e757991f5 2008.0/SRPMS/apache-2.2.6-8.6mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 2a34fe7f0be72ccf8c9b734ca63be6e5 2008.0/x86_64/apache-base-2.2.6-8.6mdv2008.0.x86_64.rpm 3335fb591a6401a1b310d6bd8120660e 2008.0/x86_64/apache-devel-2.2.6-8.6mdv2008.0.x86_64.rpm de353f53148a32682f8a3ffb51b76ed5 2008.0/x86_64/apache-htcacheclean-2.2.6-8.6mdv2008.0.x86_64.rpm bfc150afb6ccbe9eab57849a94419e5f 2008.0/x86_64/apache-mod_authn_dbd-2.2.6-8.6mdv2008.0.x86_64.rpm a0481e9c6a2bbd44247782bc90e2b915 2008.0/x86_64/apache-mod_cache-2.2.6-8.6mdv2008.0.x86_64.rpm 06242bb4f8bdea11cf9ae424c5515231 2008.0/x86_64/apache-mod_dav-2.2.6-8.6mdv2008.0.x86_64.rpm 302f9ecc1dfb77352e296c05190afe24 2008.0/x86_64/apache-mod_dbd-2.2.6-8.6mdv2008.0.x86_64.rpm 2ab511c8144aa3dd8a1ad3a2feb82458 2008.0/x86_64/apache-mod_deflate-2.2.6-8.6mdv2008.0.x86_64.rpm 83b8eb7acd50b8a6d05b8519f7c6cb4b 2008.0/x86_64/apache-mod_disk_cache-2.2.6-8.6mdv2008.0.x86_64.rpm 427b3929d5e10ffc6064ca2cc38ccd88 2008.0/x86_64/apache-mod_file_cache-2.2.6-8.6mdv2008.0.x86_64.rpm 471cf9d248c1868bf9cb52e0cf544a10 2008.0/x86_64/apache-mod_ldap-2.2.6-8.6mdv2008.0.x86_64.rpm f32c311f6fd086c49cebfcd61b685fce 2008.0/x86_64/apache-mod_mem_cache-2.2.6-8.6mdv2008.0.x86_64.rpm d4f5e603a512172fb1079942eaa9c076 2008.0/x86_64/apache-mod_proxy-2.2.6-8.6mdv2008.0.x86_64.rpm 581b37d6fa9de183f81676686693e689 2008.0/x86_64/apache-mod_proxy_ajp-2.2.6-8.6mdv2008.0.x86_64.rpm 5e866de5a08f901f76ea0f37f6502624 2008.0/x86_64/apache-mod_ssl-2.2.6-8.6mdv2008.0.x86_64.rpm 9bae7e180f5aa6310a7c324fc787a4a6 2008.0/x86_64/apache-modules-2.2.6-8.6mdv2008.0.x86_64.rpm 4d21f60be29a3fe37865571977fe2ab5 2008.0/x86_64/apache-mod_userdir-2.2.6-8.6mdv2008.0.x86_64.rpm 28ebbf3878143f3887458f67acbed740 2008.0/x86_64/apache-mpm-event-2.2.6-8.6mdv2008.0.x86_64.rpm af1174cb9648d8be0a80a66a3edb7b92 2008.0/x86_64/apache-mpm-itk-2.2.6-8.6mdv2008.0.x86_64.rpm fcdfe3685f407af5649820bd14a79bce 2008.0/x86_64/apache-mpm-prefork-2.2.6-8.6mdv2008.0.x86_64.rpm 008ab6ab051abdbb1f901d9589eb96b3 2008.0/x86_64/apache-mpm-worker-2.2.6-8.6mdv2008.0.x86_64.rpm cb79c4764ef712acb77358b046a45af6 2008.0/x86_64/apache-source-2.2.6-8.6mdv2008.0.x86_64.rpm 57c08b6909e494350019980e757991f5 2008.0/SRPMS/apache-2.2.6-8.6mdv2008.0.src.rpm Mandriva Linux 2009.1: 438cc4f99ff6b9a3089abcf968b510fb 2009.1/i586/apache-base-2.2.11-10.10mdv2009.1.i586.rpm a697c7c99b63c9a53424b1275ad27eb3 2009.1/i586/apache-devel-2.2.11-10.10mdv2009.1.i586.rpm 531ae4a131f5020349dc5eaf4dceea4e 2009.1/i586/apache-htcacheclean-2.2.11-10.10mdv2009.1.i586.rpm 24aaa106a6875c2cf74bcde75cb92fa7 2009.1/i586/apache-mod_authn_dbd-2.2.11-10.10mdv2009.1.i586.rpm bfab01f304f9a63c33fa607a7bc1cfbc 2009.1/i586/apache-mod_cache-2.2.11-10.10mdv2009.1.i586.rpm 1646b80101227abc9aa3b4ad3727f130 2009.1/i586/apache-mod_dav-2.2.11-10.10mdv2009.1.i586.rpm 9f010b2842a1b3202c120750769e2e7c 2009.1/i586/apache-mod_dbd-2.2.11-10.10mdv2009.1.i586.rpm 029a02fb78004c129aa5f2cb8094a78b 2009.1/i586/apache-mod_deflate-2.2.11-10.10mdv2009.1.i586.rpm 05aa6334cad5a530f83de6d3d397b3c5 2009.1/i586/apache-mod_disk_cache-2.2.11-10.10mdv2009.1.i586.rpm 0a8ac878bc405034f60f26ee6b77a0a1 2009.1/i586/apache-mod_file_cache-2.2.11-10.10mdv2009.1.i586.rpm c1c8ce63df3a5216c1ed0d61c2eabd7f 2009.1/i586/apache-mod_ldap-2.2.11-10.10mdv2009.1.i586.rpm 07826ea42fc0969eecbebaf0a52f437c 2009.1/i586/apache-mod_mem_cache-2.2.11-10.10mdv2009.1.i586.rpm 9aa4372f650c53b4c9de7ef6a7703c0d 2009.1/i586/apache-mod_proxy-2.2.11-10.10mdv2009.1.i586.rpm 51001455d07cfcf3be903eee230d0d5c 2009.1/i586/apache-mod_proxy_ajp-2.2.11-10.10mdv2009.1.i586.rpm c3d7392dfedf7ef768ab22346310ed5f 2009.1/i586/apache-mod_ssl-2.2.11-10.10mdv2009.1.i586.rpm 733e414905d5053090729c360661d449 2009.1/i586/apache-modules-2.2.11-10.10mdv2009.1.i586.rpm d49fa50485969144d9fbe84618e05a0b 2009.1/i586/apache-mod_userdir-2.2.11-10.10mdv2009.1.i586.rpm b65c0045b7fcec8962942726f006dc15 2009.1/i586/apache-mpm-event-2.2.11-10.10mdv2009.1.i586.rpm 2ada36115bdd7f2b540db8a670c49f87 2009.1/i586/apache-mpm-itk-2.2.11-10.10mdv2009.1.i586.rpm 941eb5f837611ebf546602681c23ec63 2009.1/i586/apache-mpm-peruser-2.2.11-10.10mdv2009.1.i586.rpm 4b8bfd8c7836a334dc179b595667927a 2009.1/i586/apache-mpm-prefork-2.2.11-10.10mdv2009.1.i586.rpm 0d5ec80d9b80b0d696f1f96fb5d59969 2009.1/i586/apache-mpm-worker-2.2.11-10.10mdv2009.1.i586.rpm 79ca6f0054bfdaa2abaff9cec654a611 2009.1/i586/apache-source-2.2.11-10.10mdv2009.1.i586.rpm 3ae26760bb88faf07e2d3f23a8ad702e 2009.1/SRPMS/apache-2.2.11-10.10mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: f06534ae41a7ab731de03a28aca15046 2009.1/x86_64/apache-base-2.2.11-10.10mdv2009.1.x86_64.rpm 32e0e29ebcc149cbe2c7d49cac1ebe6c 2009.1/x86_64/apache-devel-2.2.11-10.10mdv2009.1.x86_64.rpm ad8f95bcc2f16c204a3e3a762524ce6f 2009.1/x86_64/apache-htcacheclean-2.2.11-10.10mdv2009.1.x86_64.rpm 81faf288d4ec397664badee3336b516e 2009.1/x86_64/apache-mod_authn_dbd-2.2.11-10.10mdv2009.1.x86_64.rpm d1237cf0a5e16b5b9e59fc9c0cb55109 2009.1/x86_64/apache-mod_cache-2.2.11-10.10mdv2009.1.x86_64.rpm 7cc14cdb79d2675730f28c4b8ae46664 2009.1/x86_64/apache-mod_dav-2.2.11-10.10mdv2009.1.x86_64.rpm db7421a8cabd21a128cefddfc29aaff6 2009.1/x86_64/apache-mod_dbd-2.2.11-10.10mdv2009.1.x86_64.rpm 3bd006d2f3610f2cc8c6cd26cd9d8bc6 2009.1/x86_64/apache-mod_deflate-2.2.11-10.10mdv2009.1.x86_64.rpm 1f32a2e5e45ab93247a3985a3c350175 2009.1/x86_64/apache-mod_disk_cache-2.2.11-10.10mdv2009.1.x86_64.rpm e2b3e4272944dda0ff28da011b35d8c1 2009.1/x86_64/apache-mod_file_cache-2.2.11-10.10mdv2009.1.x86_64.rpm f3d39731f291f4a4291849da20390610 2009.1/x86_64/apache-mod_ldap-2.2.11-10.10mdv2009.1.x86_64.rpm a439ba3cbc490e1dd7a76f3f8c7f56b5 2009.1/x86_64/apache-mod_mem_cache-2.2.11-10.10mdv2009.1.x86_64.rpm 71f0be1913da09692d0b8fd33a7da9f5 2009.1/x86_64/apache-mod_proxy-2.2.11-10.10mdv2009.1.x86_64.rpm f40caa33abd21ecb44334bd55ae8a7b7 2009.1/x86_64/apache-mod_proxy_ajp-2.2.11-10.10mdv2009.1.x86_64.rpm 4dfb70c0c3a54a656b418b01f480b36c 2009.1/x86_64/apache-mod_ssl-2.2.11-10.10mdv2009.1.x86_64.rpm a30c6a87cf0d89feb3cb28051d05e233 2009.1/x86_64/apache-modules-2.2.11-10.10mdv2009.1.x86_64.rpm 5a7d0c3c2c141162f14f7f1e22d87610 2009.1/x86_64/apache-mod_userdir-2.2.11-10.10mdv2009.1.x86_64.rpm a422a257fb958dbd142393a95909e59c 2009.1/x86_64/apache-mpm-event-2.2.11-10.10mdv2009.1.x86_64.rpm 7595de4a8ee906bff6aabd80f2c98353 2009.1/x86_64/apache-mpm-itk-2.2.11-10.10mdv2009.1.x86_64.rpm 8d23806b472a51e74994362a1dd21a80 2009.1/x86_64/apache-mpm-peruser-2.2.11-10.10mdv2009.1.x86_64.rpm d9a7d26c895f5bfa98cb757ca4c56c29 2009.1/x86_64/apache-mpm-prefork-2.2.11-10.10mdv2009.1.x86_64.rpm 54ab15addb1371d5efe612cf0a298268 2009.1/x86_64/apache-mpm-worker-2.2.11-10.10mdv2009.1.x86_64.rpm b7354e59c5f2f11b669b44ae1492b2fc 2009.1/x86_64/apache-source-2.2.11-10.10mdv2009.1.x86_64.rpm 3ae26760bb88faf07e2d3f23a8ad702e 2009.1/SRPMS/apache-2.2.11-10.10mdv2009.1.src.rpm Mandriva Linux 2010.0: 4a6b15a74ecf71f8ce6cfcb9acd53c02 2010.0/i586/apache-base-2.2.14-1.5mdv2010.0.i586.rpm 42c21ee835dce3b4b393692c4789b725 2010.0/i586/apache-devel-2.2.14-1.5mdv2010.0.i586.rpm 9cbc878de19a7a7734767f31801734b9 2010.0/i586/apache-htcacheclean-2.2.14-1.5mdv2010.0.i586.rpm c64d9828f49d631aac84d9e77d55b75e 2010.0/i586/apache-mod_authn_dbd-2.2.14-1.5mdv2010.0.i586.rpm 5ea4a68122fc7d4a67b50a71fcd24d66 2010.0/i586/apache-mod_cache-2.2.14-1.5mdv2010.0.i586.rpm daefdaefc755ba3f860e6cc0ce86b5b0 2010.0/i586/apache-mod_dav-2.2.14-1.5mdv2010.0.i586.rpm a2f69656e519f7b5cd7cc416a5df56c1 2010.0/i586/apache-mod_dbd-2.2.14-1.5mdv2010.0.i586.rpm bb3b5843edd4bda61eb42832b22c3c1f 2010.0/i586/apache-mod_deflate-2.2.14-1.5mdv2010.0.i586.rpm 8094be6c71416cb705fc0d665f6ff69f 2010.0/i586/apache-mod_disk_cache-2.2.14-1.5mdv2010.0.i586.rpm d2c4ac50a83a1a6bc1482a2c5f3f80c6 2010.0/i586/apache-mod_file_cache-2.2.14-1.5mdv2010.0.i586.rpm d47b635a8c017bb3136aa3964047e316 2010.0/i586/apache-mod_ldap-2.2.14-1.5mdv2010.0.i586.rpm 0e73b2a273ab891ddf37acf55825c7b3 2010.0/i586/apache-mod_mem_cache-2.2.14-1.5mdv2010.0.i586.rpm e521df25d9e94a05207d3de47840680d 2010.0/i586/apache-mod_proxy-2.2.14-1.5mdv2010.0.i586.rpm 65922d3276b06d2771ce75f67877b962 2010.0/i586/apache-mod_proxy_ajp-2.2.14-1.5mdv2010.0.i586.rpm b613e8dc796c0dbc5753aba6f86a779e 2010.0/i586/apache-mod_proxy_scgi-2.2.14-1.5mdv2010.0.i586.rpm 032eeba7e05d24b50fa4118c5116cbea 2010.0/i586/apache-mod_ssl-2.2.14-1.5mdv2010.0.i586.rpm e65d45117c978ac60cdcb32bbf5f345b 2010.0/i586/apache-modules-2.2.14-1.5mdv2010.0.i586.rpm 5b5b4a9a7b9e2f89c15f337b6ee96f20 2010.0/i586/apache-mod_userdir-2.2.14-1.5mdv2010.0.i586.rpm 450d10228a6748992c2071b1078679b3 2010.0/i586/apache-mpm-event-2.2.14-1.5mdv2010.0.i586.rpm 5752776f9e331c3fd6c939bf630c0846 2010.0/i586/apache-mpm-itk-2.2.14-1.5mdv2010.0.i586.rpm 8bc7831cabf5ff2d18560cc62680bab7 2010.0/i586/apache-mpm-peruser-2.2.14-1.5mdv2010.0.i586.rpm 40af5f4718daee77419e3fe7822ab6b9 2010.0/i586/apache-mpm-prefork-2.2.14-1.5mdv2010.0.i586.rpm e006560fcd253ae7464ddf6d0dfca21e 2010.0/i586/apache-mpm-worker-2.2.14-1.5mdv2010.0.i586.rpm ae6ca11f2b442159b8778dcf3ae69d98 2010.0/i586/apache-source-2.2.14-1.5mdv2010.0.i586.rpm 5119b9d8096e2e421e06879932b4c247 2010.0/SRPMS/apache-2.2.14-1.5mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 41e071cecc40e0a6318c774ac94dc430 2010.0/x86_64/apache-base-2.2.14-1.5mdv2010.0.x86_64.rpm eab3ff643cd7086ecf03841840f47b2b 2010.0/x86_64/apache-devel-2.2.14-1.5mdv2010.0.x86_64.rpm 61d145423f92bc0ffbca5e7773c91421 2010.0/x86_64/apache-htcacheclean-2.2.14-1.5mdv2010.0.x86_64.rpm c77512a7dfe7e694b3c9d7af203c897e 2010.0/x86_64/apache-mod_authn_dbd-2.2.14-1.5mdv2010.0.x86_64.rpm 6c24fa5660b2e44ecc49c0f9249d4ffa 2010.0/x86_64/apache-mod_cache-2.2.14-1.5mdv2010.0.x86_64.rpm 1dca27df1d4943a60c587123c10a701c 2010.0/x86_64/apache-mod_dav-2.2.14-1.5mdv2010.0.x86_64.rpm 58adc8e0a16b9eb1e28a945800ec2bde 2010.0/x86_64/apache-mod_dbd-2.2.14-1.5mdv2010.0.x86_64.rpm fb8b638e6209b222e9571d027a193aa4 2010.0/x86_64/apache-mod_deflate-2.2.14-1.5mdv2010.0.x86_64.rpm 59510a5e731fc66bb8190ec767dc10db 2010.0/x86_64/apache-mod_disk_cache-2.2.14-1.5mdv2010.0.x86_64.rpm 29347ec13ebfa486bc4890b883e01ad7 2010.0/x86_64/apache-mod_file_cache-2.2.14-1.5mdv2010.0.x86_64.rpm dfa08e0e2977d37b47cba99f56913ef2 2010.0/x86_64/apache-mod_ldap-2.2.14-1.5mdv2010.0.x86_64.rpm f693ee3a83823d631dd87a3cafd8a6ef 2010.0/x86_64/apache-mod_mem_cache-2.2.14-1.5mdv2010.0.x86_64.rpm 7721c2cbf5e43b7a234910810bec4519 2010.0/x86_64/apache-mod_proxy-2.2.14-1.5mdv2010.0.x86_64.rpm 00f3631e6de8a256c290d3966a4c7057 2010.0/x86_64/apache-mod_proxy_ajp-2.2.14-1.5mdv2010.0.x86_64.rpm aac0380502f3f44d0a30f7e43f211a72 2010.0/x86_64/apache-mod_proxy_scgi-2.2.14-1.5mdv2010.0.x86_64.rpm 1cb5133f3e78328abdd936221d9144df 2010.0/x86_64/apache-mod_ssl-2.2.14-1.5mdv2010.0.x86_64.rpm 0214a53c1c40a28eba373ab970af393d 2010.0/x86_64/apache-modules-2.2.14-1.5mdv2010.0.x86_64.rpm 4ea375cc538cb8721770a322425ef435 2010.0/x86_64/apache-mod_userdir-2.2.14-1.5mdv2010.0.x86_64.rpm f30b6d4d5bc6aeafef878a7882af8a42 2010.0/x86_64/apache-mpm-event-2.2.14-1.5mdv2010.0.x86_64.rpm 6655132e7e9fee08d356e0fdc05b9eaa 2010.0/x86_64/apache-mpm-itk-2.2.14-1.5mdv2010.0.x86_64.rpm 7c69b3713008f0e5b390bfb23d3316ac 2010.0/x86_64/apache-mpm-peruser-2.2.14-1.5mdv2010.0.x86_64.rpm 68112f2b1bd9a531568ee047460b708f 2010.0/x86_64/apache-mpm-prefork-2.2.14-1.5mdv2010.0.x86_64.rpm 4124d166bee84a0c3c0fd1396cc3970e 2010.0/x86_64/apache-mpm-worker-2.2.14-1.5mdv2010.0.x86_64.rpm f96b9c51cd923177a8d9f6c1fabddd92 2010.0/x86_64/apache-source-2.2.14-1.5mdv2010.0.x86_64.rpm 5119b9d8096e2e421e06879932b4c247 2010.0/SRPMS/apache-2.2.14-1.5mdv2010.0.src.rpm Mandriva Linux 2010.1: caf5da35cbd6ab037e849996dd84bbaf 2010.1/i586/apache-base-2.2.15-3.1mdv2010.1.i586.rpm 646cad2b1eefa8236392041038b8e1ca 2010.1/i586/apache-devel-2.2.15-3.1mdv2010.1.i586.rpm 795478d94b0623a6603e01535ac81cf3 2010.1/i586/apache-htcacheclean-2.2.15-3.1mdv2010.1.i586.rpm 7e5c8901a69c9a4c149ef3a97334b912 2010.1/i586/apache-mod_authn_dbd-2.2.15-3.1mdv2010.1.i586.rpm ce039cfac61295bc8582dd40f1b754ff 2010.1/i586/apache-mod_cache-2.2.15-3.1mdv2010.1.i586.rpm d2b7e8f30b2b7db77dede2c183891980 2010.1/i586/apache-mod_dav-2.2.15-3.1mdv2010.1.i586.rpm 598fb473552bb95b482d69fd12697970 2010.1/i586/apache-mod_dbd-2.2.15-3.1mdv2010.1.i586.rpm fb38e92846184dbe5e6c093832457709 2010.1/i586/apache-mod_deflate-2.2.15-3.1mdv2010.1.i586.rpm 55e8e36bb79b1670c87745bf9e9a79ff 2010.1/i586/apache-mod_disk_cache-2.2.15-3.1mdv2010.1.i586.rpm 7fcd6eaf9c80c09d252a03c3ad7b88c8 2010.1/i586/apache-mod_file_cache-2.2.15-3.1mdv2010.1.i586.rpm 7b97a103fbebcc14db232643e6abd003 2010.1/i586/apache-mod_ldap-2.2.15-3.1mdv2010.1.i586.rpm f998d39b152038bd617e92f40f8bfc22 2010.1/i586/apache-mod_mem_cache-2.2.15-3.1mdv2010.1.i586.rpm be5e3357abf707c0002fddaebc4c2345 2010.1/i586/apache-mod_proxy-2.2.15-3.1mdv2010.1.i586.rpm 3347e425568086756ac8494a61072484 2010.1/i586/apache-mod_proxy_ajp-2.2.15-3.1mdv2010.1.i586.rpm b2b5897d2c74b14df3dff1ab678a807f 2010.1/i586/apache-mod_proxy_scgi-2.2.15-3.1mdv2010.1.i586.rpm feca8c4579d7e9b709b552e52d82c31b 2010.1/i586/apache-mod_reqtimeout-2.2.15-3.1mdv2010.1.i586.rpm 197573516b2dd4b2fa4732e8ccd3312b 2010.1/i586/apache-mod_ssl-2.2.15-3.1mdv2010.1.i586.rpm 69a5700ef8b7e78b5f8d5bda2f7e19b8 2010.1/i586/apache-modules-2.2.15-3.1mdv2010.1.i586.rpm 4d5fb155f37ba883c6ebfab106d72259 2010.1/i586/apache-mod_userdir-2.2.15-3.1mdv2010.1.i586.rpm 79daa6e2928e5f98fe34ed04194d7609 2010.1/i586/apache-mpm-event-2.2.15-3.1mdv2010.1.i586.rpm 7f1d8518661ab5bafbe8aa36bdf9c849 2010.1/i586/apache-mpm-itk-2.2.15-3.1mdv2010.1.i586.rpm 4872dccb8b9b82f8d36b2379042f46bd 2010.1/i586/apache-mpm-peruser-2.2.15-3.1mdv2010.1.i586.rpm b108e0b234dc6ee0d5b568d9454c7130 2010.1/i586/apache-mpm-prefork-2.2.15-3.1mdv2010.1.i586.rpm ee4790aefd835fd456c40302c6c59a09 2010.1/i586/apache-mpm-worker-2.2.15-3.1mdv2010.1.i586.rpm 45e5f88e670493dc5a1cd889f88da44f 2010.1/i586/apache-source-2.2.15-3.1mdv2010.1.i586.rpm 3f43a061bf387d595407dfa14dc5673c 2010.1/SRPMS/apache-2.2.15-3.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: b819ba22c97203bca6ab0d503eb06a13 2010.1/x86_64/apache-base-2.2.15-3.1mdv2010.1.x86_64.rpm ccebb263f1b8accceabd58c55b146919 2010.1/x86_64/apache-devel-2.2.15-3.1mdv2010.1.x86_64.rpm 3b920dea2e2c6876ed811f7ab58a3bb5 2010.1/x86_64/apache-htcacheclean-2.2.15-3.1mdv2010.1.x86_64.rpm 8c9ef5ee180a1ee0d04988f67d8123d2 2010.1/x86_64/apache-mod_authn_dbd-2.2.15-3.1mdv2010.1.x86_64.rpm c8a137110e651c47c8abf331e0e6a7f1 2010.1/x86_64/apache-mod_cache-2.2.15-3.1mdv2010.1.x86_64.rpm b9f81731ed94b15bf75bce8382650cd5 2010.1/x86_64/apache-mod_dav-2.2.15-3.1mdv2010.1.x86_64.rpm 60d56edcf9af3fe7384c8ea31f2592d2 2010.1/x86_64/apache-mod_dbd-2.2.15-3.1mdv2010.1.x86_64.rpm 0a522cb53f7fc2081442761b594e3bb8 2010.1/x86_64/apache-mod_deflate-2.2.15-3.1mdv2010.1.x86_64.rpm ce20afaaadcb926bb58b347294cdf78c 2010.1/x86_64/apache-mod_disk_cache-2.2.15-3.1mdv2010.1.x86_64.rpm 28f2b86f2049f2bac446ecd6f563b66a 2010.1/x86_64/apache-mod_file_cache-2.2.15-3.1mdv2010.1.x86_64.rpm c28699c7fd4b97f5425673c9834e3c46 2010.1/x86_64/apache-mod_ldap-2.2.15-3.1mdv2010.1.x86_64.rpm a2dde0e8181163fc33adc5aadb1a7771 2010.1/x86_64/apache-mod_mem_cache-2.2.15-3.1mdv2010.1.x86_64.rpm cdc09bcbbda04c0ccdd0af646cfbe720 2010.1/x86_64/apache-mod_proxy-2.2.15-3.1mdv2010.1.x86_64.rpm 055a9cf864d4c2427d94bfa90a427c72 2010.1/x86_64/apache-mod_proxy_ajp-2.2.15-3.1mdv2010.1.x86_64.rpm 05656b17fe5cd958861b98d4f922787c 2010.1/x86_64/apache-mod_proxy_scgi-2.2.15-3.1mdv2010.1.x86_64.rpm ff77c47a517e722f9c8053ad3178d2ed 2010.1/x86_64/apache-mod_reqtimeout-2.2.15-3.1mdv2010.1.x86_64.rpm 4c42fa164c7ef8a27c243b512e708ef6 2010.1/x86_64/apache-mod_ssl-2.2.15-3.1mdv2010.1.x86_64.rpm d50ca5db08d261eb1db7fe4ffc0baf43 2010.1/x86_64/apache-modules-2.2.15-3.1mdv2010.1.x86_64.rpm 67f5aca43ea08dfcd4870c898f3bcfd9 2010.1/x86_64/apache-mod_userdir-2.2.15-3.1mdv2010.1.x86_64.rpm 3778408b805e61537de5a57dea439af4 2010.1/x86_64/apache-mpm-event-2.2.15-3.1mdv2010.1.x86_64.rpm 4f710cb9926c7420b1dd98a8a8cb3547 2010.1/x86_64/apache-mpm-itk-2.2.15-3.1mdv2010.1.x86_64.rpm 1c052c41d4808add2d03861a0019fdff 2010.1/x86_64/apache-mpm-peruser-2.2.15-3.1mdv2010.1.x86_64.rpm 94a38ed6e9c09b46651e483d687c92d8 2010.1/x86_64/apache-mpm-prefork-2.2.15-3.1mdv2010.1.x86_64.rpm 4bdefa2fe6a9eeb472b763124d3ca761 2010.1/x86_64/apache-mpm-worker-2.2.15-3.1mdv2010.1.x86_64.rpm e54bc39182993e42a016244831763414 2010.1/x86_64/apache-source-2.2.15-3.1mdv2010.1.x86_64.rpm 3f43a061bf387d595407dfa14dc5673c 2010.1/SRPMS/apache-2.2.15-3.1mdv2010.1.src.rpm Corporate 4.0: 0404ef7ac86c12ece11c3817701718aa corporate/4.0/i586/apache-base-2.2.3-1.12.20060mlcs4.i586.rpm 3f93f65004e6605ebb049b707ebab6f6 corporate/4.0/i586/apache-devel-2.2.3-1.12.20060mlcs4.i586.rpm 4a7a5d0f6882f38b9d1bae484360c5a1 corporate/4.0/i586/apache-htcacheclean-2.2.3-1.12.20060mlcs4.i586.rpm ab110c22397dcffb8f4e2b6d45bc5669 corporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.12.20060mlcs4.i586.rpm d3502aca3c909a9b5f4b20d17a5e3685 corporate/4.0/i586/apache-mod_cache-2.2.3-1.12.20060mlcs4.i586.rpm fbb7da54b8c22f54569774efa2c226b2 corporate/4.0/i586/apache-mod_dav-2.2.3-1.12.20060mlcs4.i586.rpm 0a97028c22469edbb6de9ab7c5b21b42 corporate/4.0/i586/apache-mod_dbd-2.2.3-1.12.20060mlcs4.i586.rpm af7eab2e787b27474a30d12c8fe08267 corporate/4.0/i586/apache-mod_deflate-2.2.3-1.12.20060mlcs4.i586.rpm e5c4a612c59c1f9f9c4002977f493e9a corporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.12.20060mlcs4.i586.rpm 2a03d398b7367c59d061da0944318c8d corporate/4.0/i586/apache-mod_file_cache-2.2.3-1.12.20060mlcs4.i586.rpm 95f11057475009f8d728d8a0f8f354df corporate/4.0/i586/apache-mod_ldap-2.2.3-1.12.20060mlcs4.i586.rpm 883be9a3bbdf99b5797f95bcd86684cd corporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.12.20060mlcs4.i586.rpm 8a4b6c9c2d4f38c70b1d1c57c43f8f8b corporate/4.0/i586/apache-mod_proxy-2.2.3-1.12.20060mlcs4.i586.rpm 7871523480b1ab2885d94be8de209367 corporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.12.20060mlcs4.i586.rpm 4e9995c8827f7fb19c4df5683cf0b880 corporate/4.0/i586/apache-mod_ssl-2.2.3-1.12.20060mlcs4.i586.rpm 25b61feb0f905e9d77df12e8f29c6ce5 corporate/4.0/i586/apache-modules-2.2.3-1.12.20060mlcs4.i586.rpm 23cd15cf42b057b30104ff4a2e01ea7a corporate/4.0/i586/apache-mod_userdir-2.2.3-1.12.20060mlcs4.i586.rpm 6271b1bcff87ee688f201643b1aa368e corporate/4.0/i586/apache-mpm-prefork-2.2.3-1.12.20060mlcs4.i586.rpm 215d763d6a2d31360c3f0b6ca8d8fc3d corporate/4.0/i586/apache-mpm-worker-2.2.3-1.12.20060mlcs4.i586.rpm 9225c39001d023034a5a2cc05492d63c corporate/4.0/i586/apache-source-2.2.3-1.12.20060mlcs4.i586.rpm b87a4bb7750a1eeb213b041375655db2 corporate/4.0/SRPMS/apache-2.2.3-1.12.20060mlcs4.src.rpm Corporate 4.0/X86_64: 02a11f59079d6ed93e75080446cab75c corporate/4.0/x86_64/apache-base-2.2.3-1.12.20060mlcs4.x86_64.rpm 45eb12e5894da52db5998969628317c3 corporate/4.0/x86_64/apache-devel-2.2.3-1.12.20060mlcs4.x86_64.rpm 9d0c34163b2731c26ef5e3d423aa450b corporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.12.20060mlcs4.x86_64.rpm ffec999ef592adf07dbb6488342f92ff corporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.12.20060mlcs4.x86_64.rpm aeeee38f4e4b188bd1f66f767ea8d70d corporate/4.0/x86_64/apache-mod_cache-2.2.3-1.12.20060mlcs4.x86_64.rpm d85b9f61e5947575a6cd21ad4621a51e corporate/4.0/x86_64/apache-mod_dav-2.2.3-1.12.20060mlcs4.x86_64.rpm 2e88fd54598a392c20e47f0ced4299d5 corporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.12.20060mlcs4.x86_64.rpm ed045653f645821bdfc166fea401cf97 corporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.12.20060mlcs4.x86_64.rpm 12f3ef51c37be66a87b172dcfb175fe4 corporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.12.20060mlcs4.x86_64.rpm 5a9e17b78725b510ca4bd7843de17f43 corporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.12.20060mlcs4.x86_64.rpm e7dfc0678cde51fdabb6ab661bcfaa9f corporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.12.20060mlcs4.x86_64.rpm 0c9c544ea94c7aa89cb8daf055a58e03 corporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.12.20060mlcs4.x86_64.rpm 5c40b6b9a93a7edafad5637b0192bbc1 corporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.12.20060mlcs4.x86_64.rpm db912c24810608ce52278ad4f21079cf corporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.12.20060mlcs4.x86_64.rpm aad4e7736383461e132097d8a616c6fe corporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.12.20060mlcs4.x86_64.rpm 66e0cad4501ab964c6fc7c3890d3a740 corporate/4.0/x86_64/apache-modules-2.2.3-1.12.20060mlcs4.x86_64.rpm 21928801fe96c948f73d3a3cda9313ee corporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.12.20060mlcs4.x86_64.rpm 6f554fe6c0b0cbbf5f5d3c5a5b59cac4 corporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.12.20060mlcs4.x86_64.rpm 9261c820d088b3a4f6a465597f37c48e corporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.12.20060mlcs4.x86_64.rpm 2429eca9599e61e7535d0749651722ad corporate/4.0/x86_64/apache-source-2.2.3-1.12.20060mlcs4.x86_64.rpm b87a4bb7750a1eeb213b041375655db2 corporate/4.0/SRPMS/apache-2.2.3-1.12.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. HP System Management Homepage (SMH) before v7.0 running on Linux and Windows. RESOLUTION HP has provided HP System Management Homepage v7.0 or subsequent to resolve the vulnerabilities. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. This update fixes this bug. CVE-2010-1452 A vulnerability has been found in mod_dav that allows an attacker to cause a daemon crash, causing a denial of service. This issue only affects the Debian 5.0 oldstable/lenny distribution. The regression has been fixed in the following packages: For the oldstable distribution (lenny), this problem has been fixed in version 2.2.9-10+lenny11. For the stable distribution (squeeze), this problem has been fixed in version 2.2.16-6+squeeze3. For the testing distribution (wheezy), this problem will be fixed in version 2.2.20-1. For the unstable distribution (sid), this problem has been fixed in version 2.2.20-1. We recommend that you upgrade your apache2 packages. This update also contains updated apache2-mpm-itk packages which have been recompiled against the updated apache2 packages. The new version number for the oldstable distribution is 2.2.6-02-1+lenny6. In the stable distribution, apache2-mpm-itk has the same version number as apache2. Release Date: 2010-12-07 Last Updated: 2010-12-06 ------------------------------------------------------------------------------ Potential Security Impact: Local information disclosure, increase of privilege, remote Denial of Service (DoS) Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Apache-based Web Server. These vulnerabilities could be exploited locally to disclose information, increase privilege or remotely create a Denial of Service (DoS). References: CVE-2010-1452, CVE-2009-1956, CVE-2009-1955, CVE-2009-1891, CVE-2009-1890, CVE-2009-1195, CVE-2009-0023, CVE-2007-6203, CVE-2006-3918 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23 and B.11.31 running Apache-based Web Server prior to v2.0.63.01 Note: HP-UX Apache-based Web Server v2.0.63.01 is contained in HP-UX Web Server Suite v.2.32 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2010-1452 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2009-1956 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2009-1955 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2009-1891 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2009-1890 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2009-1195 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9 CVE-2009-0023 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2007-6203 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following software updates to resolve the vulnerabilities. The updates are available for download from http://software.hp.com Note: HP-UX Web Server Suite v.2.32 contains HP-UX Apache-based Web Server v2.0.63.01 Web Server Suite Version / Apache Depot name HP-UX Web Server Suite v.2.32 HP-UX 11i PA-RISC with IPv6 HP-UX 11i version 2 PA-RISC/IPF 64-bit HP-UX 11i version 2 PA-RISC/IPF 32-bit HP-UX 11i version 3 PA-RISC/IPF 64-bit HP-UX 11i version 3 PA-RISC/IPF 32-bit MANUAL ACTIONS: Yes - Update Install Apache-based Web Server v2.0.63.01 or subsequent. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX Web Server Suite v2.32 HP-UX B.11.11 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.63.01 or subsequent HP-UX B.11.23 ================== hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.63.01 or subsequent HP-UX B.11.31 ================== hpuxwsAPCH32.APACHE hpuxwsAPCH32.APACHE2 hpuxwsAPCH32.AUTH_LDAP hpuxwsAPCH32.AUTH_LDAP2 hpuxwsAPCH32.MOD_JK hpuxwsAPCH32.MOD_JK2 hpuxwsAPCH32.MOD_PERL hpuxwsAPCH32.MOD_PERL2 hpuxwsAPCH32.PHP hpuxwsAPCH32.PHP2 hpuxwsAPCH32.WEBPROXY hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.63.01 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 7 December 2010 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: JBoss Enterprise Web Server 1.0.2 update Advisory ID: RHSA-2011:0897-01 Product: JBoss Enterprise Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0897.html Issue date: 2011-06-22 CVE Names: CVE-2010-1157 CVE-2010-1452 CVE-2010-1623 CVE-2010-3718 CVE-2010-4172 CVE-2011-0013 CVE-2011-0419 ===================================================================== 1. Summary: JBoss Enterprise Web Server 1.0.2 is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: JBoss Enterprise Web Server 1.0 for RHEL 4 AS - i386, noarch, x86_64 JBoss Enterprise Web Server 1.0 for RHEL 4 ES - i386, noarch, x86_64 JBoss Enterprise Web Server 1.0 for RHEL 5 Server - i386, noarch, x86_64 JBoss Enterprise Web Server 1.0 for RHEL 6 Server - i386, noarch, x86_64 3. Description: JBoss Enterprise Web Server is a fully-integrated and certified set of components for hosting Java web applications. This is the first release of JBoss Enterprise Web Server for Red Hat Enterprise Linux 6. For Red Hat Enterprise Linux 4 and 5, this release serves as a replacement for JBoss Enterprise Web Server 1.0.1, and includes a number of bug fixes. Refer to the Release Notes, linked in the References, for more information. This update corrects security flaws in the following components: tomcat6: A cross-site scripting (XSS) flaw was found in the Manager application, used for managing web applications on Apache Tomcat. If a remote attacker could trick a user who is logged into the Manager application into visiting a specially-crafted URL, the attacker could perform Manager application tasks with the privileges of the logged in user. (CVE-2010-4172) tomcat5 and tomcat6: It was found that web applications could modify the location of the Apache Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web application could use this flaw to trick Tomcat into giving it read and write access to an arbitrary directory on the file system. (CVE-2010-3718) A second cross-site scripting (XSS) flaw was found in the Manager application. A malicious web application could use this flaw to conduct an XSS attack, leading to arbitrary web script execution with the privileges of victims who are logged into and viewing Manager application web pages. (CVE-2011-0013) A possible minor information leak was found in the way Apache Tomcat generated HTTP BASIC and DIGEST authentication requests. For configurations where a realm name was not specified and Tomcat was accessed via a proxy, the default generated realm contained the hostname and port used by the proxy to send requests to the Tomcat server. (CVE-2010-1452) apr: It was found that the apr_fnmatch() function used an unconstrained recursion when processing patterns with the '*' wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching (such as an httpd server using the mod_autoindex module), to exhaust all stack memory or use an excessive amount of CPU time when performing matching. (CVE-2011-0419) apr-util: It was found that certain input could cause the apr-util library to allocate more memory than intended in the apr_brigade_split_line() function. An attacker able to provide input in small chunks to an application using the apr-util library (such as httpd) could possibly use this flaw to trigger high memory consumption. Note: This issue only affected the JBoss Enterprise Web Server packages on Red Hat Enterprise Linux 4. (CVE-2010-1623) All users of JBoss Enterprise Web Server 1.0.1 are advised to upgrade to JBoss Enterprise Web Server 1.0.2, which corrects these issues. After installing this update, the relevant Apache Tomcat service ("tomcat5" or "tomcat6") and the Apache HTTP Server ("httpd") must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 585331 - CVE-2010-1157 tomcat: information disclosure in authentication headers 618189 - CVE-2010-1452 httpd mod_cache, mod_dav: DoS (httpd child process crash) by parsing URI structure with missing path segments 640281 - CVE-2010-1623 apr-util: high memory consumption in apr_brigade_split_line() 656246 - CVE-2010-4172 tomcat: cross-site-scripting vulnerability in the manager application 675786 - CVE-2011-0013 tomcat: XSS vulnerability in HTML Manager interface 675792 - CVE-2010-3718 tomcat: file permission bypass flaw 677655 - JBEWS 1.0.2 release tracker bug for RHEL 4 677657 - JBEWS 1.0.2 release tracker bug for RHEL-5 677659 - JBEWS 1.0.2 release tracker bug for RHEL-6 703390 - CVE-2011-0419 apr: unconstrained recursion in apr_fnmatch 6. Package List: JBoss Enterprise Web Server 1.0 for RHEL 4 AS: Source: ant-1.7.1-13.jdk6.ep5.el4.src.rpm antlr-2.7.7-7.ep5.el4.src.rpm bcel-5.2-8.1.ep5.el4.src.rpm cglib-2.2-5.1.1.jdk6.ep5.el4.src.rpm dom4j-1.6.1-11.ep5.el4.src.rpm ecj-3.3.1.1-3.2.2.jdk6.ep5.el4.src.rpm glassfish-jaf-1.1.0-6.1.1.jdk6.ep5.el4.src.rpm glassfish-javamail-1.4.2-0.4.ep5.el4.src.rpm glassfish-jsf-1.2_13-2.2.1.jdk6.ep5.el4.src.rpm hibernate3-3.3.2-1.5.GA_CP04.ep5.el4.src.rpm hibernate3-annotations-3.4.0-3.3.GA_CP04.ep5.el4.src.rpm hibernate3-commons-annotations-3.1.0-1.8.ep5.el4.src.rpm hibernate3-ejb-persistence-3.0-api-1.0.2-3.jdk6.ep5.el4.src.rpm hibernate3-entitymanager-3.4.0-4.3.GA_CP04.ep5.el4.src.rpm httpd22-2.2.17-14.ep5.el4.src.rpm jakarta-commons-beanutils-1.8.0-4.1.1.jdk6.ep5.el4.src.rpm jakarta-commons-chain-1.2-2.2.ep5.el4.src.rpm jakarta-commons-codec-1.3-9.1.1.jdk6.ep5.el4.src.rpm jakarta-commons-collections-3.2.1-4.ep5.el4.src.rpm jakarta-commons-daemon-1.0.5-1.ep5.el4.src.rpm jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el4.src.rpm jakarta-commons-dbcp-1.2.1-16.4.ep5.el4.src.rpm jakarta-commons-digester-1.8.1-8.1.jdk6.ep5.el4.src.rpm jakarta-commons-el-1.0-19.2.jdk6.ep5.el4.src.rpm jakarta-commons-fileupload-1.1.1-7.4.ep5.el4.src.rpm jakarta-commons-httpclient-3.1-1.1.1.jdk6.ep5.el4.src.rpm jakarta-commons-io-1.4-1.3.1.jdk6.ep5.el4.src.rpm jakarta-commons-launcher-1.1-4.6.1.ep5.el4.src.rpm jakarta-commons-logging-1.1.1-0.4.1.jdk6.ep5.el4.src.rpm jakarta-commons-logging-jboss-1.1-10.2.1.jdk6.ep5.el4.src.rpm jakarta-commons-modeler-2.0-4.ep5.el4.src.rpm jakarta-commons-pool-1.3-11.2.1.jdk6.ep5.el4.src.rpm jakarta-commons-validator-1.3.1-7.5.1.ep5.el4.src.rpm jakarta-oro-2.0.8-3.3.2.1.jdk6.ep5.el4.src.rpm jakarta-taglibs-standard-1.1.1-9.ep5.el4.src.rpm javassist-3.12.0-1.jdk6.ep5.el4.src.rpm jboss-common-core-2.2.17-1.ep5.el4.src.rpm jboss-common-logging-jdk-2.1.2-1.ep5.el4.src.rpm jboss-common-logging-spi-2.1.2-1.ep5.el4.src.rpm jboss-javaee-5.0.1-2.9.ep5.el4.src.rpm jcommon-1.0.16-1.2.1.jdk6.ep5.el4.src.rpm jfreechart-1.0.13-2.3.2.1.jdk6.ep5.el4.src.rpm log4j-1.2.14-18.1.jdk6.ep5.el4.src.rpm mod_cluster-1.0.10-2.GA_CP01.ep5.el4.src.rpm mod_cluster-native-1.0.10-2.GA_CP01.ep5.el4.src.rpm mod_jk-1.2.31-1.ep5.el4.src.rpm mx4j-3.0.1-9.3.4.ep5.el4.src.rpm objectweb-asm-3.1-5.3.1.jdk6.ep5.el4.src.rpm regexp-1.5-1.2.1.jdk6.ep5.el4.src.rpm struts12-1.2.9-3.ep5.el4.src.rpm tomcat-jkstatus-ant-1.2.31-2.ep5.el4.src.rpm tomcat-native-1.1.20-2.0.ep5.el4.src.rpm tomcat5-5.5.33-14_patch_04.ep5.el4.src.rpm tomcat6-6.0.32-15_patch_03.ep5.el4.src.rpm xalan-j2-2.7.1-5.3_patch_04.ep5.el4.src.rpm xerces-j2-2.9.1-3.patch01.1.ep5.el4.src.rpm xml-commons-1.3.04-7.12.ep5.el4.src.rpm i386: httpd22-2.2.17-14.ep5.el4.i386.rpm httpd22-apr-2.2.17-14.ep5.el4.i386.rpm httpd22-apr-devel-2.2.17-14.ep5.el4.i386.rpm httpd22-apr-util-2.2.17-14.ep5.el4.i386.rpm httpd22-apr-util-devel-2.2.17-14.ep5.el4.i386.rpm httpd22-debuginfo-2.2.17-14.ep5.el4.i386.rpm httpd22-devel-2.2.17-14.ep5.el4.i386.rpm httpd22-manual-2.2.17-14.ep5.el4.i386.rpm jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el4.i386.rpm jakarta-commons-daemon-jsvc-debuginfo-1.0.5-1.4.ep5.el4.i386.rpm mod_cluster-native-1.0.10-2.GA_CP01.ep5.el4.i386.rpm mod_cluster-native-debuginfo-1.0.10-2.GA_CP01.ep5.el4.i386.rpm mod_jk-ap20-1.2.31-1.ep5.el4.i386.rpm mod_jk-debuginfo-1.2.31-1.ep5.el4.i386.rpm mod_jk-manual-1.2.31-1.ep5.el4.i386.rpm mod_ssl22-2.2.17-14.ep5.el4.i386.rpm tomcat-native-1.1.20-2.0.ep5.el4.i386.rpm tomcat-native-debuginfo-1.1.20-2.0.ep5.el4.i386.rpm noarch: ant-1.7.1-13.jdk6.ep5.el4.noarch.rpm antlr-2.7.7-7.ep5.el4.noarch.rpm bcel-5.2-8.1.ep5.el4.noarch.rpm cglib-2.2-5.1.1.jdk6.ep5.el4.noarch.rpm dom4j-1.6.1-11.ep5.el4.noarch.rpm ecj-3.3.1.1-3.2.2.jdk6.ep5.el4.noarch.rpm glassfish-jaf-1.1.0-6.1.1.jdk6.ep5.el4.noarch.rpm glassfish-javamail-1.4.2-0.4.ep5.el4.noarch.rpm glassfish-jsf-1.2_13-2.2.1.jdk6.ep5.el4.noarch.rpm hibernate3-3.3.2-1.5.GA_CP04.ep5.el4.noarch.rpm hibernate3-annotations-3.4.0-3.3.GA_CP04.ep5.el4.noarch.rpm hibernate3-annotations-javadoc-3.4.0-3.3.GA_CP04.ep5.el4.noarch.rpm hibernate3-commons-annotations-3.1.0-1.8.ep5.el4.noarch.rpm hibernate3-commons-annotations-javadoc-3.1.0-1.8.ep5.el4.noarch.rpm hibernate3-ejb-persistence-3.0-api-1.0.2-3.jdk6.ep5.el4.noarch.rpm hibernate3-ejb-persistence-3.0-api-javadoc-1.0.2-3.jdk6.ep5.el4.noarch.rpm hibernate3-entitymanager-3.4.0-4.3.GA_CP04.ep5.el4.noarch.rpm hibernate3-entitymanager-javadoc-3.4.0-4.3.GA_CP04.ep5.el4.noarch.rpm hibernate3-javadoc-3.3.2-1.5.GA_CP04.ep5.el4.noarch.rpm jakarta-commons-beanutils-1.8.0-4.1.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-chain-1.2-2.2.ep5.el4.noarch.rpm jakarta-commons-codec-1.3-9.1.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-collections-3.2.1-4.ep5.el4.noarch.rpm jakarta-commons-collections-tomcat5-3.2.1-4.ep5.el4.noarch.rpm jakarta-commons-daemon-1.0.5-1.ep5.el4.noarch.rpm jakarta-commons-dbcp-1.2.1-16.4.ep5.el4.noarch.rpm jakarta-commons-dbcp-tomcat5-1.2.1-16.4.ep5.el4.noarch.rpm jakarta-commons-digester-1.8.1-8.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-el-1.0-19.2.jdk6.ep5.el4.noarch.rpm jakarta-commons-fileupload-1.1.1-7.4.ep5.el4.noarch.rpm jakarta-commons-httpclient-3.1-1.1.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-io-1.4-1.3.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-launcher-1.1-4.6.1.ep5.el4.noarch.rpm jakarta-commons-logging-1.1.1-0.4.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-logging-jboss-1.1-10.2.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-logging-tomcat6-1.1.1-0.4.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-modeler-2.0-4.ep5.el4.noarch.rpm jakarta-commons-pool-1.3-11.2.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-pool-tomcat5-1.3-11.2.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-validator-1.3.1-7.5.1.ep5.el4.noarch.rpm jakarta-oro-2.0.8-3.3.2.1.jdk6.ep5.el4.noarch.rpm jakarta-taglibs-standard-1.1.1-9.ep5.el4.noarch.rpm javassist-3.12.0-1.jdk6.ep5.el4.noarch.rpm jboss-common-core-2.2.17-1.ep5.el4.noarch.rpm jboss-common-logging-jdk-2.1.2-1.ep5.el4.noarch.rpm jboss-common-logging-spi-2.1.2-1.ep5.el4.noarch.rpm jboss-javaee-poms-5.0.1-2.9.ep5.el4.noarch.rpm jboss-jms-1.1-api-5.0.1-2.9.ep5.el4.noarch.rpm jboss-transaction-1.0.1-api-5.0.1-2.9.ep5.el4.noarch.rpm jcommon-1.0.16-1.2.1.jdk6.ep5.el4.noarch.rpm jfreechart-1.0.13-2.3.2.1.jdk6.ep5.el4.noarch.rpm log4j-1.2.14-18.1.jdk6.ep5.el4.noarch.rpm mod_cluster-demo-1.0.10-2.GA_CP01.ep5.el4.noarch.rpm mod_cluster-jbossas-1.0.10-2.GA_CP01.ep5.el4.noarch.rpm mod_cluster-jbossweb2-1.0.10-2.GA_CP01.ep5.el4.noarch.rpm mod_cluster-tomcat6-1.0.10-2.GA_CP01.ep5.el4.noarch.rpm mx4j-3.0.1-9.3.4.ep5.el4.noarch.rpm objectweb-asm-3.1-5.3.1.jdk6.ep5.el4.noarch.rpm regexp-1.5-1.2.1.jdk6.ep5.el4.noarch.rpm struts12-1.2.9-3.ep5.el4.noarch.rpm tomcat-jkstatus-ant-1.2.31-2.ep5.el4.noarch.rpm tomcat5-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-admin-webapps-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-common-lib-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-jasper-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-jasper-eclipse-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-jasper-javadoc-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-jsp-2.0-api-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-jsp-2.0-api-javadoc-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-parent-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-server-lib-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-servlet-2.4-api-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-servlet-2.4-api-javadoc-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-webapps-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat6-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-admin-webapps-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-docs-webapp-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-el-1.0-api-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-javadoc-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-jsp-2.1-api-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-lib-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-log4j-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-servlet-2.5-api-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-webapps-6.0.32-15_patch_03.ep5.el4.noarch.rpm xalan-j2-2.7.1-5.3_patch_04.ep5.el4.noarch.rpm xerces-j2-2.9.1-3.patch01.1.ep5.el4.noarch.rpm xml-commons-1.3.04-7.12.ep5.el4.noarch.rpm xml-commons-jaxp-1.2-apis-1.3.04-7.12.ep5.el4.noarch.rpm xml-commons-jaxp-1.3-apis-1.3.04-7.12.ep5.el4.noarch.rpm xml-commons-resolver12-1.3.04-7.12.ep5.el4.noarch.rpm x86_64: httpd22-2.2.17-14.ep5.el4.x86_64.rpm httpd22-apr-2.2.17-14.ep5.el4.x86_64.rpm httpd22-apr-devel-2.2.17-14.ep5.el4.x86_64.rpm httpd22-apr-util-2.2.17-14.ep5.el4.x86_64.rpm httpd22-apr-util-devel-2.2.17-14.ep5.el4.x86_64.rpm httpd22-debuginfo-2.2.17-14.ep5.el4.x86_64.rpm httpd22-devel-2.2.17-14.ep5.el4.x86_64.rpm httpd22-manual-2.2.17-14.ep5.el4.x86_64.rpm jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el4.x86_64.rpm jakarta-commons-daemon-jsvc-debuginfo-1.0.5-1.4.ep5.el4.x86_64.rpm mod_cluster-native-1.0.10-2.GA_CP01.ep5.el4.x86_64.rpm mod_cluster-native-debuginfo-1.0.10-2.GA_CP01.ep5.el4.x86_64.rpm mod_jk-ap20-1.2.31-1.ep5.el4.x86_64.rpm mod_jk-debuginfo-1.2.31-1.ep5.el4.x86_64.rpm mod_jk-manual-1.2.31-1.ep5.el4.x86_64.rpm mod_ssl22-2.2.17-14.ep5.el4.x86_64.rpm tomcat-native-1.1.20-2.0.ep5.el4.x86_64.rpm tomcat-native-debuginfo-1.1.20-2.0.ep5.el4.x86_64.rpm JBoss Enterprise Web Server 1.0 for RHEL 4 ES: Source: ant-1.7.1-13.jdk6.ep5.el4.src.rpm antlr-2.7.7-7.ep5.el4.src.rpm bcel-5.2-8.1.ep5.el4.src.rpm cglib-2.2-5.1.1.jdk6.ep5.el4.src.rpm dom4j-1.6.1-11.ep5.el4.src.rpm ecj-3.3.1.1-3.2.2.jdk6.ep5.el4.src.rpm glassfish-jaf-1.1.0-6.1.1.jdk6.ep5.el4.src.rpm glassfish-javamail-1.4.2-0.4.ep5.el4.src.rpm glassfish-jsf-1.2_13-2.2.1.jdk6.ep5.el4.src.rpm hibernate3-3.3.2-1.5.GA_CP04.ep5.el4.src.rpm hibernate3-annotations-3.4.0-3.3.GA_CP04.ep5.el4.src.rpm hibernate3-commons-annotations-3.1.0-1.8.ep5.el4.src.rpm hibernate3-ejb-persistence-3.0-api-1.0.2-3.jdk6.ep5.el4.src.rpm hibernate3-entitymanager-3.4.0-4.3.GA_CP04.ep5.el4.src.rpm httpd22-2.2.17-14.ep5.el4.src.rpm jakarta-commons-beanutils-1.8.0-4.1.1.jdk6.ep5.el4.src.rpm jakarta-commons-chain-1.2-2.2.ep5.el4.src.rpm jakarta-commons-codec-1.3-9.1.1.jdk6.ep5.el4.src.rpm jakarta-commons-collections-3.2.1-4.ep5.el4.src.rpm jakarta-commons-daemon-1.0.5-1.ep5.el4.src.rpm jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el4.src.rpm jakarta-commons-dbcp-1.2.1-16.4.ep5.el4.src.rpm jakarta-commons-digester-1.8.1-8.1.jdk6.ep5.el4.src.rpm jakarta-commons-el-1.0-19.2.jdk6.ep5.el4.src.rpm jakarta-commons-fileupload-1.1.1-7.4.ep5.el4.src.rpm jakarta-commons-httpclient-3.1-1.1.1.jdk6.ep5.el4.src.rpm jakarta-commons-io-1.4-1.3.1.jdk6.ep5.el4.src.rpm jakarta-commons-launcher-1.1-4.6.1.ep5.el4.src.rpm jakarta-commons-logging-1.1.1-0.4.1.jdk6.ep5.el4.src.rpm jakarta-commons-logging-jboss-1.1-10.2.1.jdk6.ep5.el4.src.rpm jakarta-commons-modeler-2.0-4.ep5.el4.src.rpm jakarta-commons-pool-1.3-11.2.1.jdk6.ep5.el4.src.rpm jakarta-commons-validator-1.3.1-7.5.1.ep5.el4.src.rpm jakarta-oro-2.0.8-3.3.2.1.jdk6.ep5.el4.src.rpm jakarta-taglibs-standard-1.1.1-9.ep5.el4.src.rpm javassist-3.12.0-1.jdk6.ep5.el4.src.rpm jboss-common-core-2.2.17-1.ep5.el4.src.rpm jboss-common-logging-jdk-2.1.2-1.ep5.el4.src.rpm jboss-common-logging-spi-2.1.2-1.ep5.el4.src.rpm jboss-javaee-5.0.1-2.9.ep5.el4.src.rpm jcommon-1.0.16-1.2.1.jdk6.ep5.el4.src.rpm jfreechart-1.0.13-2.3.2.1.jdk6.ep5.el4.src.rpm log4j-1.2.14-18.1.jdk6.ep5.el4.src.rpm mod_cluster-1.0.10-2.GA_CP01.ep5.el4.src.rpm mod_cluster-native-1.0.10-2.GA_CP01.ep5.el4.src.rpm mod_jk-1.2.31-1.ep5.el4.src.rpm mx4j-3.0.1-9.3.4.ep5.el4.src.rpm objectweb-asm-3.1-5.3.1.jdk6.ep5.el4.src.rpm regexp-1.5-1.2.1.jdk6.ep5.el4.src.rpm struts12-1.2.9-3.ep5.el4.src.rpm tomcat-jkstatus-ant-1.2.31-2.ep5.el4.src.rpm tomcat-native-1.1.20-2.0.ep5.el4.src.rpm tomcat5-5.5.33-14_patch_04.ep5.el4.src.rpm tomcat6-6.0.32-15_patch_03.ep5.el4.src.rpm xalan-j2-2.7.1-5.3_patch_04.ep5.el4.src.rpm xerces-j2-2.9.1-3.patch01.1.ep5.el4.src.rpm xml-commons-1.3.04-7.12.ep5.el4.src.rpm i386: httpd22-2.2.17-14.ep5.el4.i386.rpm httpd22-apr-2.2.17-14.ep5.el4.i386.rpm httpd22-apr-devel-2.2.17-14.ep5.el4.i386.rpm httpd22-apr-util-2.2.17-14.ep5.el4.i386.rpm httpd22-apr-util-devel-2.2.17-14.ep5.el4.i386.rpm httpd22-debuginfo-2.2.17-14.ep5.el4.i386.rpm httpd22-devel-2.2.17-14.ep5.el4.i386.rpm httpd22-manual-2.2.17-14.ep5.el4.i386.rpm jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el4.i386.rpm jakarta-commons-daemon-jsvc-debuginfo-1.0.5-1.4.ep5.el4.i386.rpm mod_cluster-native-1.0.10-2.GA_CP01.ep5.el4.i386.rpm mod_cluster-native-debuginfo-1.0.10-2.GA_CP01.ep5.el4.i386.rpm mod_jk-ap20-1.2.31-1.ep5.el4.i386.rpm mod_jk-debuginfo-1.2.31-1.ep5.el4.i386.rpm mod_jk-manual-1.2.31-1.ep5.el4.i386.rpm mod_ssl22-2.2.17-14.ep5.el4.i386.rpm tomcat-native-1.1.20-2.0.ep5.el4.i386.rpm tomcat-native-debuginfo-1.1.20-2.0.ep5.el4.i386.rpm noarch: ant-1.7.1-13.jdk6.ep5.el4.noarch.rpm antlr-2.7.7-7.ep5.el4.noarch.rpm bcel-5.2-8.1.ep5.el4.noarch.rpm cglib-2.2-5.1.1.jdk6.ep5.el4.noarch.rpm dom4j-1.6.1-11.ep5.el4.noarch.rpm ecj-3.3.1.1-3.2.2.jdk6.ep5.el4.noarch.rpm glassfish-jaf-1.1.0-6.1.1.jdk6.ep5.el4.noarch.rpm glassfish-javamail-1.4.2-0.4.ep5.el4.noarch.rpm glassfish-jsf-1.2_13-2.2.1.jdk6.ep5.el4.noarch.rpm hibernate3-3.3.2-1.5.GA_CP04.ep5.el4.noarch.rpm hibernate3-annotations-3.4.0-3.3.GA_CP04.ep5.el4.noarch.rpm hibernate3-annotations-javadoc-3.4.0-3.3.GA_CP04.ep5.el4.noarch.rpm hibernate3-commons-annotations-3.1.0-1.8.ep5.el4.noarch.rpm hibernate3-commons-annotations-javadoc-3.1.0-1.8.ep5.el4.noarch.rpm hibernate3-ejb-persistence-3.0-api-1.0.2-3.jdk6.ep5.el4.noarch.rpm hibernate3-ejb-persistence-3.0-api-javadoc-1.0.2-3.jdk6.ep5.el4.noarch.rpm hibernate3-entitymanager-3.4.0-4.3.GA_CP04.ep5.el4.noarch.rpm hibernate3-entitymanager-javadoc-3.4.0-4.3.GA_CP04.ep5.el4.noarch.rpm hibernate3-javadoc-3.3.2-1.5.GA_CP04.ep5.el4.noarch.rpm jakarta-commons-beanutils-1.8.0-4.1.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-chain-1.2-2.2.ep5.el4.noarch.rpm jakarta-commons-codec-1.3-9.1.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-collections-3.2.1-4.ep5.el4.noarch.rpm jakarta-commons-collections-tomcat5-3.2.1-4.ep5.el4.noarch.rpm jakarta-commons-daemon-1.0.5-1.ep5.el4.noarch.rpm jakarta-commons-dbcp-1.2.1-16.4.ep5.el4.noarch.rpm jakarta-commons-dbcp-tomcat5-1.2.1-16.4.ep5.el4.noarch.rpm jakarta-commons-digester-1.8.1-8.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-el-1.0-19.2.jdk6.ep5.el4.noarch.rpm jakarta-commons-fileupload-1.1.1-7.4.ep5.el4.noarch.rpm jakarta-commons-httpclient-3.1-1.1.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-io-1.4-1.3.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-launcher-1.1-4.6.1.ep5.el4.noarch.rpm jakarta-commons-logging-1.1.1-0.4.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-logging-jboss-1.1-10.2.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-logging-tomcat6-1.1.1-0.4.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-modeler-2.0-4.ep5.el4.noarch.rpm jakarta-commons-pool-1.3-11.2.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-pool-tomcat5-1.3-11.2.1.jdk6.ep5.el4.noarch.rpm jakarta-commons-validator-1.3.1-7.5.1.ep5.el4.noarch.rpm jakarta-oro-2.0.8-3.3.2.1.jdk6.ep5.el4.noarch.rpm jakarta-taglibs-standard-1.1.1-9.ep5.el4.noarch.rpm javassist-3.12.0-1.jdk6.ep5.el4.noarch.rpm jboss-common-core-2.2.17-1.ep5.el4.noarch.rpm jboss-common-logging-jdk-2.1.2-1.ep5.el4.noarch.rpm jboss-common-logging-spi-2.1.2-1.ep5.el4.noarch.rpm jboss-javaee-poms-5.0.1-2.9.ep5.el4.noarch.rpm jboss-jms-1.1-api-5.0.1-2.9.ep5.el4.noarch.rpm jboss-transaction-1.0.1-api-5.0.1-2.9.ep5.el4.noarch.rpm jcommon-1.0.16-1.2.1.jdk6.ep5.el4.noarch.rpm jfreechart-1.0.13-2.3.2.1.jdk6.ep5.el4.noarch.rpm log4j-1.2.14-18.1.jdk6.ep5.el4.noarch.rpm mod_cluster-demo-1.0.10-2.GA_CP01.ep5.el4.noarch.rpm mod_cluster-jbossas-1.0.10-2.GA_CP01.ep5.el4.noarch.rpm mod_cluster-jbossweb2-1.0.10-2.GA_CP01.ep5.el4.noarch.rpm mod_cluster-tomcat6-1.0.10-2.GA_CP01.ep5.el4.noarch.rpm mx4j-3.0.1-9.3.4.ep5.el4.noarch.rpm objectweb-asm-3.1-5.3.1.jdk6.ep5.el4.noarch.rpm regexp-1.5-1.2.1.jdk6.ep5.el4.noarch.rpm struts12-1.2.9-3.ep5.el4.noarch.rpm tomcat-jkstatus-ant-1.2.31-2.ep5.el4.noarch.rpm tomcat5-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-admin-webapps-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-common-lib-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-jasper-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-jasper-eclipse-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-jasper-javadoc-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-jsp-2.0-api-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-jsp-2.0-api-javadoc-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-parent-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-server-lib-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-servlet-2.4-api-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-servlet-2.4-api-javadoc-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat5-webapps-5.5.33-14_patch_04.ep5.el4.noarch.rpm tomcat6-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-admin-webapps-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-docs-webapp-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-el-1.0-api-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-javadoc-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-jsp-2.1-api-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-lib-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-log4j-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-servlet-2.5-api-6.0.32-15_patch_03.ep5.el4.noarch.rpm tomcat6-webapps-6.0.32-15_patch_03.ep5.el4.noarch.rpm xalan-j2-2.7.1-5.3_patch_04.ep5.el4.noarch.rpm xerces-j2-2.9.1-3.patch01.1.ep5.el4.noarch.rpm xml-commons-1.3.04-7.12.ep5.el4.noarch.rpm xml-commons-jaxp-1.2-apis-1.3.04-7.12.ep5.el4.noarch.rpm xml-commons-jaxp-1.3-apis-1.3.04-7.12.ep5.el4.noarch.rpm xml-commons-resolver12-1.3.04-7.12.ep5.el4.noarch.rpm x86_64: httpd22-2.2.17-14.ep5.el4.x86_64.rpm httpd22-apr-2.2.17-14.ep5.el4.x86_64.rpm httpd22-apr-devel-2.2.17-14.ep5.el4.x86_64.rpm httpd22-apr-util-2.2.17-14.ep5.el4.x86_64.rpm httpd22-apr-util-devel-2.2.17-14.ep5.el4.x86_64.rpm httpd22-debuginfo-2.2.17-14.ep5.el4.x86_64.rpm httpd22-devel-2.2.17-14.ep5.el4.x86_64.rpm httpd22-manual-2.2.17-14.ep5.el4.x86_64.rpm jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el4.x86_64.rpm jakarta-commons-daemon-jsvc-debuginfo-1.0.5-1.4.ep5.el4.x86_64.rpm mod_cluster-native-1.0.10-2.GA_CP01.ep5.el4.x86_64.rpm mod_cluster-native-debuginfo-1.0.10-2.GA_CP01.ep5.el4.x86_64.rpm mod_jk-ap20-1.2.31-1.ep5.el4.x86_64.rpm mod_jk-debuginfo-1.2.31-1.ep5.el4.x86_64.rpm mod_jk-manual-1.2.31-1.ep5.el4.x86_64.rpm mod_ssl22-2.2.17-14.ep5.el4.x86_64.rpm tomcat-native-1.1.20-2.0.ep5.el4.x86_64.rpm tomcat-native-debuginfo-1.1.20-2.0.ep5.el4.x86_64.rpm JBoss Enterprise Web Server 1.0 for RHEL 5 Server: Source: ant-1.7.1-13.jdk6.ep5.el5.src.rpm antlr-2.7.7-7.ep5.el5.src.rpm cglib-2.2-5.1.1.1.jdk6.ep5.el5.src.rpm dom4j-1.6.1-11.ep5.el5.src.rpm ecj3-3.3.1.1-3.1.1.1.jdk6.ep5.el5.src.rpm glassfish-jsf-1.2_13-3.1.1.jdk6.ep5.el5.src.rpm hibernate3-3.3.2-1.4.GA_CP04.ep5.el5.src.rpm hibernate3-annotations-3.4.0-3.2.GA_CP04.ep5.el5.src.rpm hibernate3-commons-annotations-3.1.0-1.8.ep5.el5.src.rpm hibernate3-ejb-persistence-3.0-api-1.0.2-3.1.jdk6.ep5.el5.src.rpm hibernate3-entitymanager-3.4.0-4.3.GA_CP04.ep5.el5.src.rpm httpd-2.2.17-11.1.ep5.el5.src.rpm jakarta-commons-beanutils-1.8.0-4.1.2.1.jdk6.ep5.el5.src.rpm jakarta-commons-chain-1.2-2.2.1.ep5.el5.src.rpm jakarta-commons-codec-1.3-9.2.1.1.jdk6.ep5.el5.src.rpm jakarta-commons-collections-3.2.1-4.1.ep5.el5.src.rpm jakarta-commons-daemon-1.0.5-1.ep5.el5.src.rpm jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el5.src.rpm jakarta-commons-dbcp-1.2.1-16.4.ep5.el5.src.rpm jakarta-commons-digester-1.8.1-8.1.jdk6.ep5.el5.src.rpm jakarta-commons-fileupload-1.1.1-7.4.ep5.el5.src.rpm jakarta-commons-httpclient-3.1-1.2.1.jdk6.ep5.el5.src.rpm jakarta-commons-io-1.4-1.3.1.jdk6.ep5.el5.src.rpm jakarta-commons-logging-1.1.1-0.4.1.jdk6.ep5.el5.src.rpm jakarta-commons-logging-jboss-1.1-10.2.1.jdk6.ep5.el5.src.rpm jakarta-commons-pool-1.3-11.2.1.jdk6.ep5.el5.src.rpm jakarta-commons-validator-1.3.1-7.5.2.ep5.el5.src.rpm jakarta-oro-2.0.8-3.3.2.1.1.1.jdk6.ep5.el5.src.rpm jakarta-taglibs-standard-1.1.1-9.1.ep5.el5.src.rpm javassist-3.12.0-1.jdk6.ep5.el5.src.rpm jboss-common-core-2.2.17-1.ep5.el5.src.rpm jboss-common-logging-jdk-2.1.2-1.ep5.el5.src.rpm jboss-common-logging-spi-2.1.2-1.ep5.el5.src.rpm jboss-javaee-5.0.1-2.9.ep5.el5.src.rpm jcommon-1.0.16-1.2.1.jdk6.ep5.el5.src.rpm jfreechart-1.0.13-2.3.2.1.jdk6.ep5.el5.src.rpm mod_cluster-1.0.10-2.1.GA_CP01.ep5.el5.src.rpm mod_cluster-native-1.0.10-2.1.GA_CP01.ep5.el5.src.rpm mod_jk-1.2.31-1.1.ep5.el5.src.rpm objectweb-asm-3.1-5.3.1.jdk6.ep5.el5.src.rpm struts12-1.2.9-3.1.ep5.el5.src.rpm tomcat-jkstatus-ant-1.2.31-2.ep5.el5.src.rpm tomcat-native-1.1.20-2.1.ep5.el5.src.rpm tomcat5-5.5.33-16_patch_04.ep5.el5.src.rpm tomcat6-6.0.32-15.1_patch_03.ep5.el5.src.rpm xalan-j2-2.7.1-5.3_patch_04.ep5.el5.src.rpm xerces-j2-2.9.1-3.patch01.1.ep5.el5.src.rpm xml-commons-1.3.04-7.10.jdk6.ep5.el5.src.rpm i386: httpd-2.2.17-11.1.ep5.el5.i386.rpm httpd-debuginfo-2.2.17-11.1.ep5.el5.i386.rpm httpd-devel-2.2.17-11.1.ep5.el5.i386.rpm httpd-manual-2.2.17-11.1.ep5.el5.i386.rpm jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el5.i386.rpm jakarta-commons-daemon-jsvc-debuginfo-1.0.5-1.4.ep5.el5.i386.rpm mod_cluster-native-1.0.10-2.1.GA_CP01.ep5.el5.i386.rpm mod_cluster-native-debuginfo-1.0.10-2.1.GA_CP01.ep5.el5.i386.rpm mod_jk-ap20-1.2.31-1.1.ep5.el5.i386.rpm mod_jk-debuginfo-1.2.31-1.1.ep5.el5.i386.rpm mod_jk-manual-1.2.31-1.1.ep5.el5.i386.rpm mod_ssl-2.2.17-11.1.ep5.el5.i386.rpm tomcat-native-1.1.20-2.1.ep5.el5.i386.rpm tomcat-native-debuginfo-1.1.20-2.1.ep5.el5.i386.rpm noarch: ant-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-antlr-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-apache-bcel-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-apache-bsf-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-apache-log4j-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-apache-oro-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-apache-regexp-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-apache-resolver-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-commons-logging-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-javamail-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-jdepend-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-jmf-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-jsch-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-junit-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-nodeps-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-scripts-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-swing-1.7.1-13.jdk6.ep5.el5.noarch.rpm ant-trax-1.7.1-13.jdk6.ep5.el5.noarch.rpm antlr-2.7.7-7.ep5.el5.noarch.rpm cglib-2.2-5.1.1.1.jdk6.ep5.el5.noarch.rpm dom4j-1.6.1-11.ep5.el5.noarch.rpm ecj3-3.3.1.1-3.1.1.1.jdk6.ep5.el5.noarch.rpm glassfish-jsf-1.2_13-3.1.1.jdk6.ep5.el5.noarch.rpm hibernate3-3.3.2-1.4.GA_CP04.ep5.el5.noarch.rpm hibernate3-annotations-3.4.0-3.2.GA_CP04.ep5.el5.noarch.rpm hibernate3-annotations-javadoc-3.4.0-3.2.GA_CP04.ep5.el5.noarch.rpm hibernate3-commons-annotations-3.1.0-1.8.ep5.el5.noarch.rpm hibernate3-commons-annotations-javadoc-3.1.0-1.8.ep5.el5.noarch.rpm hibernate3-ejb-persistence-3.0-api-1.0.2-3.1.jdk6.ep5.el5.noarch.rpm hibernate3-ejb-persistence-3.0-api-javadoc-1.0.2-3.1.jdk6.ep5.el5.noarch.rpm hibernate3-entitymanager-3.4.0-4.3.GA_CP04.ep5.el5.noarch.rpm hibernate3-entitymanager-javadoc-3.4.0-4.3.GA_CP04.ep5.el5.noarch.rpm hibernate3-javadoc-3.3.2-1.4.GA_CP04.ep5.el5.noarch.rpm jakarta-commons-beanutils-1.8.0-4.1.2.1.jdk6.ep5.el5.noarch.rpm jakarta-commons-chain-1.2-2.2.1.ep5.el5.noarch.rpm jakarta-commons-codec-1.3-9.2.1.1.jdk6.ep5.el5.noarch.rpm jakarta-commons-collections-3.2.1-4.1.ep5.el5.noarch.rpm jakarta-commons-collections-tomcat5-3.2.1-4.1.ep5.el5.noarch.rpm jakarta-commons-daemon-1.0.5-1.ep5.el5.noarch.rpm jakarta-commons-dbcp-1.2.1-16.4.ep5.el5.noarch.rpm jakarta-commons-dbcp-tomcat5-1.2.1-16.4.ep5.el5.noarch.rpm jakarta-commons-digester-1.8.1-8.1.jdk6.ep5.el5.noarch.rpm jakarta-commons-fileupload-1.1.1-7.4.ep5.el5.noarch.rpm jakarta-commons-httpclient-3.1-1.2.1.jdk6.ep5.el5.noarch.rpm jakarta-commons-io-1.4-1.3.1.jdk6.ep5.el5.noarch.rpm jakarta-commons-logging-1.1.1-0.4.1.jdk6.ep5.el5.noarch.rpm jakarta-commons-logging-jboss-1.1-10.2.1.jdk6.ep5.el5.noarch.rpm jakarta-commons-logging-tomcat6-1.1.1-0.4.1.jdk6.ep5.el5.noarch.rpm jakarta-commons-pool-1.3-11.2.1.jdk6.ep5.el5.noarch.rpm jakarta-commons-pool-tomcat5-1.3-11.2.1.jdk6.ep5.el5.noarch.rpm jakarta-commons-validator-1.3.1-7.5.2.ep5.el5.noarch.rpm jakarta-oro-2.0.8-3.3.2.1.1.1.jdk6.ep5.el5.noarch.rpm jakarta-taglibs-standard-1.1.1-9.1.ep5.el5.noarch.rpm javassist-3.12.0-1.jdk6.ep5.el5.noarch.rpm jboss-common-core-2.2.17-1.ep5.el5.noarch.rpm jboss-common-logging-jdk-2.1.2-1.ep5.el5.noarch.rpm jboss-common-logging-spi-2.1.2-1.ep5.el5.noarch.rpm jboss-javaee-5.0.1-2.9.ep5.el5.noarch.rpm jboss-javaee-poms-5.0.1-2.9.ep5.el5.noarch.rpm jboss-jms-1.1-api-5.0.1-2.9.ep5.el5.noarch.rpm jboss-transaction-1.0.1-api-5.0.1-2.9.ep5.el5.noarch.rpm jcommon-1.0.16-1.2.1.jdk6.ep5.el5.noarch.rpm jfreechart-1.0.13-2.3.2.1.jdk6.ep5.el5.noarch.rpm mod_cluster-demo-1.0.10-2.1.GA_CP01.ep5.el5.noarch.rpm mod_cluster-jbossas-1.0.10-2.1.GA_CP01.ep5.el5.noarch.rpm mod_cluster-jbossweb2-1.0.10-2.1.GA_CP01.ep5.el5.noarch.rpm mod_cluster-tomcat6-1.0.10-2.1.GA_CP01.ep5.el5.noarch.rpm objectweb-asm-3.1-5.3.1.jdk6.ep5.el5.noarch.rpm struts12-1.2.9-3.1.ep5.el5.noarch.rpm tomcat-jkstatus-ant-1.2.31-2.ep5.el5.noarch.rpm tomcat5-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat5-admin-webapps-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat5-common-lib-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat5-jasper-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat5-jasper-eclipse-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat5-jasper-javadoc-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat5-jsp-2.0-api-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat5-jsp-2.0-api-javadoc-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat5-parent-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat5-server-lib-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat5-servlet-2.4-api-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat5-servlet-2.4-api-javadoc-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat5-webapps-5.5.33-16_patch_04.ep5.el5.noarch.rpm tomcat6-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm tomcat6-admin-webapps-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm tomcat6-docs-webapp-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm tomcat6-el-1.0-api-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm tomcat6-javadoc-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm tomcat6-jsp-2.1-api-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm tomcat6-lib-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm tomcat6-log4j-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm tomcat6-servlet-2.5-api-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm tomcat6-webapps-6.0.32-15.1_patch_03.ep5.el5.noarch.rpm xalan-j2-2.7.1-5.3_patch_04.ep5.el5.noarch.rpm xerces-j2-2.9.1-3.patch01.1.ep5.el5.noarch.rpm xml-commons-1.3.04-7.10.jdk6.ep5.el5.noarch.rpm xml-commons-jaxp-1.2-apis-1.3.04-7.10.jdk6.ep5.el5.noarch.rpm xml-commons-jaxp-1.3-apis-1.3.04-7.10.jdk6.ep5.el5.noarch.rpm xml-commons-resolver12-1.3.04-7.10.jdk6.ep5.el5.noarch.rpm x86_64: httpd-2.2.17-11.1.ep5.el5.x86_64.rpm httpd-debuginfo-2.2.17-11.1.ep5.el5.x86_64.rpm httpd-devel-2.2.17-11.1.ep5.el5.x86_64.rpm httpd-manual-2.2.17-11.1.ep5.el5.x86_64.rpm jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el5.x86_64.rpm jakarta-commons-daemon-jsvc-debuginfo-1.0.5-1.4.ep5.el5.x86_64.rpm mod_cluster-native-1.0.10-2.1.GA_CP01.ep5.el5.x86_64.rpm mod_cluster-native-debuginfo-1.0.10-2.1.GA_CP01.ep5.el5.x86_64.rpm mod_jk-ap20-1.2.31-1.1.ep5.el5.x86_64.rpm mod_jk-debuginfo-1.2.31-1.1.ep5.el5.x86_64.rpm mod_jk-manual-1.2.31-1.1.ep5.el5.x86_64.rpm mod_ssl-2.2.17-11.1.ep5.el5.x86_64.rpm tomcat-native-1.1.20-2.1.ep5.el5.x86_64.rpm tomcat-native-debuginfo-1.1.20-2.1.ep5.el5.x86_64.rpm JBoss Enterprise Web Server 1.0 for RHEL 6 Server: Source: ant-1.7.1-14.ep5.el6.src.rpm antlr-2.7.7-7.ep5.el6.src.rpm cglib-2.2-5.4.ep5.el6.src.rpm dom4j-1.6.1-11.1.ep5.el6.src.rpm ecj3-3.3.1.1-4.ep5.el6.src.rpm glassfish-jsf-1.2_13-3.1.4.ep5.el6.src.rpm hibernate3-3.3.2-1.8.GA_CP04.ep5.el6.src.rpm hibernate3-annotations-3.4.0-3.5.GA_CP04.ep5.el6.src.rpm hibernate3-commons-annotations-3.1.0-1.8.ep5.el6.src.rpm hibernate3-ejb-persistence-3.0-api-1.0.2-3.3.ep5.el6.src.rpm hibernate3-entitymanager-3.4.0-4.4.GA_CP04.ep5.el6.src.rpm httpd-2.2.17-11.2.ep5.el6.src.rpm jakarta-commons-beanutils-1.8.0-9.ep5.el6.src.rpm jakarta-commons-chain-1.2-2.2.2.ep5.el6.src.rpm jakarta-commons-codec-1.3-12.1.ep5.el6.src.rpm jakarta-commons-collections-3.2.1-4.ep5.el6.src.rpm jakarta-commons-daemon-1.0.5-1.1.ep5.el6.src.rpm jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el6.src.rpm jakarta-commons-dbcp-1.2.1-16.2.ep5.el6.src.rpm jakarta-commons-digester-1.8.1-8.1.1.1.ep5.el6.src.rpm jakarta-commons-fileupload-1.1.1-7.5.ep5.el6.src.rpm jakarta-commons-httpclient-3.1-1.2.2.ep5.el6.src.rpm jakarta-commons-io-1.4-4.ep5.el6.src.rpm jakarta-commons-logging-1.1.1-1.ep5.el6.src.rpm jakarta-commons-logging-jboss-1.1-10.2.2.1.ep5.el6.src.rpm jakarta-commons-pool-1.3-15.ep5.el6.src.rpm jakarta-commons-validator-1.3.1-7.5.2.ep5.el6.src.rpm jakarta-oro-2.0.8-7.ep5.el6.src.rpm jakarta-taglibs-standard-1.1.1-12.ep5.el6.src.rpm javassist-3.12.0-3.ep5.el6.src.rpm jboss-common-core-2.2.17-1.2.ep5.el6.src.rpm jboss-common-logging-jdk-2.1.2-1.2.ep5.el6.src.rpm jboss-common-logging-spi-2.1.2-1.ep5.el6.src.rpm jboss-javaee-5.0.1-2.9.ep5.el6.src.rpm jcommon-1.0.16-1.2.2.ep5.el6.src.rpm jfreechart-1.0.13-2.3.2.1.2.ep5.el6.src.rpm mod_cluster-1.0.10-2.2.GA_CP01.ep5.el6.src.rpm mod_cluster-native-1.0.10-2.1.1.GA_CP01.ep5.el6.src.rpm mod_jk-1.2.31-1.1.2.ep5.el6.src.rpm objectweb-asm31-3.1-12.1.ep5.el6.src.rpm struts12-1.2.9-3.1.ep5.el6.src.rpm tomcat-jkstatus-ant-1.2.31-2.1.ep5.el6.src.rpm tomcat-native-1.1.20-2.1.2.ep5.el6.src.rpm tomcat5-5.5.33-15_patch_04.ep5.el6.src.rpm tomcat6-6.0.32-14_patch_03.ep5.el6.src.rpm xalan-j2-2.7.1-5.3_patch_04.ep5.el6.src.rpm xerces-j2-2.9.1-8.patch01.1.ep5.el6.src.rpm xml-commons-1.3.04-7.14.ep5.el6.src.rpm i386: httpd-2.2.17-11.2.ep5.el6.i386.rpm httpd-debuginfo-2.2.17-11.2.ep5.el6.i386.rpm httpd-devel-2.2.17-11.2.ep5.el6.i386.rpm httpd-manual-2.2.17-11.2.ep5.el6.i386.rpm httpd-tools-2.2.17-11.2.ep5.el6.i386.rpm jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el6.i386.rpm jakarta-commons-daemon-jsvc-debuginfo-1.0.5-1.4.ep5.el6.i386.rpm mod_cluster-native-1.0.10-2.1.1.GA_CP01.ep5.el6.i386.rpm mod_cluster-native-debuginfo-1.0.10-2.1.1.GA_CP01.ep5.el6.i386.rpm mod_jk-ap20-1.2.31-1.1.2.ep5.el6.i386.rpm mod_jk-debuginfo-1.2.31-1.1.2.ep5.el6.i386.rpm mod_jk-manual-1.2.31-1.1.2.ep5.el6.i386.rpm mod_ssl-2.2.17-11.2.ep5.el6.i386.rpm tomcat-native-1.1.20-2.1.2.ep5.el6.i386.rpm tomcat-native-debuginfo-1.1.20-2.1.2.ep5.el6.i386.rpm noarch: ant-1.7.1-14.ep5.el6.noarch.rpm ant-antlr-1.7.1-14.ep5.el6.noarch.rpm ant-apache-bcel-1.7.1-14.ep5.el6.noarch.rpm ant-apache-bsf-1.7.1-14.ep5.el6.noarch.rpm ant-apache-log4j-1.7.1-14.ep5.el6.noarch.rpm ant-apache-oro-1.7.1-14.ep5.el6.noarch.rpm ant-apache-regexp-1.7.1-14.ep5.el6.noarch.rpm ant-apache-resolver-1.7.1-14.ep5.el6.noarch.rpm ant-commons-logging-1.7.1-14.ep5.el6.noarch.rpm ant-commons-net-1.7.1-14.ep5.el6.noarch.rpm ant-javamail-1.7.1-14.ep5.el6.noarch.rpm ant-jdepend-1.7.1-14.ep5.el6.noarch.rpm ant-jmf-1.7.1-14.ep5.el6.noarch.rpm ant-jsch-1.7.1-14.ep5.el6.noarch.rpm ant-junit-1.7.1-14.ep5.el6.noarch.rpm ant-nodeps-1.7.1-14.ep5.el6.noarch.rpm ant-scripts-1.7.1-14.ep5.el6.noarch.rpm ant-swing-1.7.1-14.ep5.el6.noarch.rpm ant-trax-1.7.1-14.ep5.el6.noarch.rpm antlr-2.7.7-7.ep5.el6.noarch.rpm cglib-2.2-5.4.ep5.el6.noarch.rpm dom4j-1.6.1-11.1.ep5.el6.noarch.rpm ecj3-3.3.1.1-4.ep5.el6.noarch.rpm glassfish-jsf-1.2_13-3.1.4.ep5.el6.noarch.rpm hibernate3-3.3.2-1.8.GA_CP04.ep5.el6.noarch.rpm hibernate3-annotations-3.4.0-3.5.GA_CP04.ep5.el6.noarch.rpm hibernate3-annotations-javadoc-3.4.0-3.5.GA_CP04.ep5.el6.noarch.rpm hibernate3-commons-annotations-3.1.0-1.8.ep5.el6.noarch.rpm hibernate3-commons-annotations-javadoc-3.1.0-1.8.ep5.el6.noarch.rpm hibernate3-ejb-persistence-3.0-api-1.0.2-3.3.ep5.el6.noarch.rpm hibernate3-ejb-persistence-3.0-api-javadoc-1.0.2-3.3.ep5.el6.noarch.rpm hibernate3-entitymanager-3.4.0-4.4.GA_CP04.ep5.el6.noarch.rpm hibernate3-entitymanager-javadoc-3.4.0-4.4.GA_CP04.ep5.el6.noarch.rpm hibernate3-javadoc-3.3.2-1.8.GA_CP04.ep5.el6.noarch.rpm jakarta-commons-beanutils-1.8.0-9.ep5.el6.noarch.rpm jakarta-commons-chain-1.2-2.2.2.ep5.el6.noarch.rpm jakarta-commons-codec-1.3-12.1.ep5.el6.noarch.rpm jakarta-commons-collections-3.2.1-4.ep5.el6.noarch.rpm jakarta-commons-collections-tomcat5-3.2.1-4.ep5.el6.noarch.rpm jakarta-commons-daemon-1.0.5-1.1.ep5.el6.noarch.rpm jakarta-commons-dbcp-1.2.1-16.2.ep5.el6.noarch.rpm jakarta-commons-dbcp-tomcat5-1.2.1-16.2.ep5.el6.noarch.rpm jakarta-commons-digester-1.8.1-8.1.1.1.ep5.el6.noarch.rpm jakarta-commons-fileupload-1.1.1-7.5.ep5.el6.noarch.rpm jakarta-commons-httpclient-3.1-1.2.2.ep5.el6.noarch.rpm jakarta-commons-io-1.4-4.ep5.el6.noarch.rpm jakarta-commons-logging-1.1.1-1.ep5.el6.noarch.rpm jakarta-commons-logging-jboss-1.1-10.2.2.1.ep5.el6.noarch.rpm jakarta-commons-logging-tomcat6-1.1.1-1.ep5.el6.noarch.rpm jakarta-commons-pool-1.3-15.ep5.el6.noarch.rpm jakarta-commons-pool-tomcat5-1.3-15.ep5.el6.noarch.rpm jakarta-commons-validator-1.3.1-7.5.2.ep5.el6.noarch.rpm jakarta-oro-2.0.8-7.ep5.el6.noarch.rpm jakarta-taglibs-standard-1.1.1-12.ep5.el6.noarch.rpm javassist-3.12.0-3.ep5.el6.noarch.rpm jboss-common-core-2.2.17-1.2.ep5.el6.noarch.rpm jboss-common-logging-jdk-2.1.2-1.2.ep5.el6.noarch.rpm jboss-common-logging-spi-2.1.2-1.ep5.el6.noarch.rpm jboss-javaee-5.0.1-2.9.ep5.el6.noarch.rpm jboss-javaee-poms-5.0.1-2.9.ep5.el6.noarch.rpm jboss-jms-1.1-api-5.0.1-2.9.ep5.el6.noarch.rpm jboss-transaction-1.0.1-api-5.0.1-2.9.ep5.el6.noarch.rpm jcommon-1.0.16-1.2.2.ep5.el6.noarch.rpm jfreechart-1.0.13-2.3.2.1.2.ep5.el6.noarch.rpm mod_cluster-demo-1.0.10-2.2.GA_CP01.ep5.el6.noarch.rpm mod_cluster-jbossas-1.0.10-2.2.GA_CP01.ep5.el6.noarch.rpm mod_cluster-jbossweb2-1.0.10-2.2.GA_CP01.ep5.el6.noarch.rpm mod_cluster-tomcat6-1.0.10-2.2.GA_CP01.ep5.el6.noarch.rpm objectweb-asm31-3.1-12.1.ep5.el6.noarch.rpm struts12-1.2.9-3.1.ep5.el6.noarch.rpm tomcat-jkstatus-ant-1.2.31-2.1.ep5.el6.noarch.rpm tomcat5-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat5-admin-webapps-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat5-common-lib-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat5-jasper-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat5-jasper-eclipse-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat5-jasper-javadoc-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat5-jsp-2.0-api-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat5-jsp-2.0-api-javadoc-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat5-parent-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat5-server-lib-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat5-servlet-2.4-api-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat5-servlet-2.4-api-javadoc-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat5-webapps-5.5.33-15_patch_04.ep5.el6.noarch.rpm tomcat6-6.0.32-14_patch_03.ep5.el6.noarch.rpm tomcat6-admin-webapps-6.0.32-14_patch_03.ep5.el6.noarch.rpm tomcat6-docs-webapp-6.0.32-14_patch_03.ep5.el6.noarch.rpm tomcat6-el-1.0-api-6.0.32-14_patch_03.ep5.el6.noarch.rpm tomcat6-javadoc-6.0.32-14_patch_03.ep5.el6.noarch.rpm tomcat6-jsp-2.1-api-6.0.32-14_patch_03.ep5.el6.noarch.rpm tomcat6-lib-6.0.32-14_patch_03.ep5.el6.noarch.rpm tomcat6-log4j-6.0.32-14_patch_03.ep5.el6.noarch.rpm tomcat6-servlet-2.5-api-6.0.32-14_patch_03.ep5.el6.noarch.rpm tomcat6-webapps-6.0.32-14_patch_03.ep5.el6.noarch.rpm xalan-j2-2.7.1-5.3_patch_04.ep5.el6.noarch.rpm xerces-j2-2.9.1-8.patch01.1.ep5.el6.noarch.rpm xml-commons-1.3.04-7.14.ep5.el6.noarch.rpm xml-commons-jaxp-1.1-apis-1.3.04-7.14.ep5.el6.noarch.rpm xml-commons-jaxp-1.2-apis-1.3.04-7.14.ep5.el6.noarch.rpm xml-commons-jaxp-1.3-apis-1.3.04-7.14.ep5.el6.noarch.rpm xml-commons-resolver10-1.3.04-7.14.ep5.el6.noarch.rpm xml-commons-resolver11-1.3.04-7.14.ep5.el6.noarch.rpm xml-commons-resolver12-1.3.04-7.14.ep5.el6.noarch.rpm xml-commons-which10-1.3.04-7.14.ep5.el6.noarch.rpm xml-commons-which11-1.3.04-7.14.ep5.el6.noarch.rpm x86_64: httpd-2.2.17-11.2.ep5.el6.x86_64.rpm httpd-debuginfo-2.2.17-11.2.ep5.el6.x86_64.rpm httpd-devel-2.2.17-11.2.ep5.el6.x86_64.rpm httpd-manual-2.2.17-11.2.ep5.el6.x86_64.rpm httpd-tools-2.2.17-11.2.ep5.el6.x86_64.rpm jakarta-commons-daemon-jsvc-1.0.5-1.4.ep5.el6.x86_64.rpm jakarta-commons-daemon-jsvc-debuginfo-1.0.5-1.4.ep5.el6.x86_64.rpm mod_cluster-native-1.0.10-2.1.1.GA_CP01.ep5.el6.x86_64.rpm mod_cluster-native-debuginfo-1.0.10-2.1.1.GA_CP01.ep5.el6.x86_64.rpm mod_jk-ap20-1.2.31-1.1.2.ep5.el6.x86_64.rpm mod_jk-debuginfo-1.2.31-1.1.2.ep5.el6.x86_64.rpm mod_jk-manual-1.2.31-1.1.2.ep5.el6.x86_64.rpm mod_ssl-2.2.17-11.2.ep5.el6.x86_64.rpm tomcat-native-1.1.20-2.1.2.ep5.el6.x86_64.rpm tomcat-native-debuginfo-1.1.20-2.1.2.ep5.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-1157.html https://www.redhat.com/security/data/cve/CVE-2010-1452.html https://www.redhat.com/security/data/cve/CVE-2010-1623.html https://www.redhat.com/security/data/cve/CVE-2010-3718.html https://www.redhat.com/security/data/cve/CVE-2010-4172.html https://www.redhat.com/security/data/cve/CVE-2011-0013.html https://www.redhat.com/security/data/cve/CVE-2011-0419.html https://access.redhat.com/security/updates/classification/#moderate http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Web_Server/1.0/html-single/Release_Notes_1.0.2/index.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOAubvXlSAg2UNWIIRApW6AJ4kvQ3q2boy3UntDB/XSHBuOmN02QCgmLaj NXAWrqe0nO3HRh9R1bnYZR0= =YW2z -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . =========================================================== Ubuntu Security Notice USN-1021-1 November 25, 2010 apache2 vulnerabilities CVE-2010-1452, CVE-2010-1623 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.12 Ubuntu 8.04 LTS: apache2.2-common 2.2.8-1ubuntu0.19 Ubuntu 9.10: apache2.2-common 2.2.12-1ubuntu2.4 Ubuntu 10.04 LTS: apache2.2-common 2.2.14-5ubuntu8.4 Ubuntu 10.10: apache2.2-common 2.2.16-1ubuntu3.1 In general, a standard system update will make all the necessary changes. Details follow: It was discovered that Apache's mod_cache and mod_dav modules incorrectly handled requests that lacked a path. This issue affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-1452) It was discovered that Apache did not properly handle memory when destroying APR buckets. (CVE-2010-1623) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.12.diff.gz Size/MD5: 134865 3a8ddb93ba4acb10e5a25f8fedff76c8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.12.dsc Size/MD5: 1823 ea94bede6f84eff66e7ddbed098314b3 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.12_all.deb Size/MD5: 2126274 cabf3e5b4db7aa0fedb11a88f8b75bd6 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.12_amd64.deb Size/MD5: 835158 fe32a82ad3ebc2bcb3dd761089125095 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.12_amd64.deb Size/MD5: 229940 b5a9d6e605da9a7eaa482afe5209dc7b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.12_amd64.deb Size/MD5: 225020 ea417c30c902579143a7514c6ab9f85a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.12_amd64.deb Size/MD5: 229516 5fa43f8e2ff727ee42a0ba40cdb1fa69 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.12_amd64.deb Size/MD5: 173264 e23808d6fb41ebb4cd3a7bd2d02362f7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.12_amd64.deb Size/MD5: 174046 3e816aa3c599f5ee36de1061bdd49a6a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.12_amd64.deb Size/MD5: 95854 94297f57007c1b9161d2cb3357584f47 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.12_amd64.deb Size/MD5: 37898 7747042159ee5f8bb6c49d8a8c4ba4df http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.12_amd64.deb Size/MD5: 287552 041d5d83609f70f50b6aa142f13ba670 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.12_amd64.deb Size/MD5: 146132 e5da23a1537a20d723470a0ea65e842e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.12_i386.deb Size/MD5: 788394 9dec38ca7cf477fab1d5e235d722eb18 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.12_i386.deb Size/MD5: 204496 17b851c580fdd514732f26d4bbd259b6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.12_i386.deb Size/MD5: 200398 933aebfa68842dfe55408582cb7f9d86 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.12_i386.deb Size/MD5: 203956 58a25ad65c7231f12fb16eb5866e32cf http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.12_i386.deb Size/MD5: 173272 ee2c6892d43a29dc81b6d9ba8371b658 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.12_i386.deb Size/MD5: 174054 f2cbea79976c62934145b24d0a724e9b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.12_i386.deb Size/MD5: 93772 82e6a9c1c6d6df884c3af138c0775b67 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.12_i386.deb Size/MD5: 37898 8038ee56310c3e9ba48390fdf2fef08c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.12_i386.deb Size/MD5: 263514 f0612bf70590d673c89e3cb570e2fc6c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.12_i386.deb Size/MD5: 133962 50c5afa21c1885b85123ec625ec56ae3 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.12_powerpc.deb Size/MD5: 861224 cf92679fbac1e52c2d8a598ff44f188b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.12_powerpc.deb Size/MD5: 221912 7b83f2457d7cf8d19fd0cb7316d56e0e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.12_powerpc.deb Size/MD5: 217554 5fbbd3b402cdf67e53ba32736ab8053f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.12_powerpc.deb Size/MD5: 221388 dee996cd2f6ebc9145e6011ef53a2ee0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.12_powerpc.deb Size/MD5: 173274 94584b32580ebe3812025aa4afb9c955 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.12_powerpc.deb Size/MD5: 174052 98cb6b1ccf81313ff962bcb5b39ac7d2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.12_powerpc.deb Size/MD5: 105582 c4c9f9cc5720100d6bddd79db1307217 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.12_powerpc.deb Size/MD5: 37896 6b743ca1fca7190d0285566d13bda51d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.12_powerpc.deb Size/MD5: 283142 6a92a690cf5cc721aa63521aad9392cc http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.12_powerpc.deb Size/MD5: 143218 61e6e554125129329aa23caea6ab7d6d sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.12_sparc.deb Size/MD5: 805924 63dbfa9c4db04615df89b1f2c33ef244 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.12_sparc.deb Size/MD5: 212036 92c7ee68d10a57e7a5286330c4949c40 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.12_sparc.deb Size/MD5: 207740 508ef2ff0c8a3ff1957bab5239bd82ca http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.12_sparc.deb Size/MD5: 211424 26d7573f55a65f1c2179a6454a8a2247 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.12_sparc.deb Size/MD5: 173266 3e233d63f56f4db03c8f51fbe59d8bfd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.12_sparc.deb Size/MD5: 174060 86dbedfeba4eae832e919c411303ee29 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.12_sparc.deb Size/MD5: 94908 b5433d52f99b3e6e537e59f1c8d6d9da http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.12_sparc.deb Size/MD5: 37894 5e76d199949e5f9a8325ff3f7a645cd5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.12_sparc.deb Size/MD5: 269530 c1b082f05af3f78475ebf419439def01 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.12_sparc.deb Size/MD5: 131930 0a007c073d905b15132bfc31ccda1798 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.19.diff.gz Size/MD5: 147731 47643f18d53daf8750e4538970c83d07 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.19.dsc Size/MD5: 2046 1376672acd99ef14f01a6a8cc34c4346 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.19_all.deb Size/MD5: 1945340 4d59aa0089912c2624eb180d51b03c14 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.19_all.deb Size/MD5: 73650 77d5950a1c521b641aa72fb166eaa06f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.19_all.deb Size/MD5: 6458166 4e10a40f1f1e579be261f40a7be2e295 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.19_all.deb Size/MD5: 46410 6198a6eba06d945ad9597e82c280d9cb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.19_amd64.deb Size/MD5: 254742 fd54d116879ed6590105b26b01ff0dac http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.19_amd64.deb Size/MD5: 249806 b3b1fae6e7e4dbf28b4d7711aa56e978 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.19_amd64.deb Size/MD5: 254062 36933808b11f1f28501c9c864b399388 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.19_amd64.deb Size/MD5: 209526 bb74dd0a139b249c56d65868a9dc73e8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.19_amd64.deb Size/MD5: 210246 bfd89c9521fecf9ed688249ccbfec002 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.19_amd64.deb Size/MD5: 142524 f1940eea967b918bd45b47caab2f4569 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.19_amd64.deb Size/MD5: 818246 088f766f2ec56ec65bf755554a86b10d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.19_i386.deb Size/MD5: 237310 e10dd07bd6e8c12c6612a49a63b8be7d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.19_i386.deb Size/MD5: 233246 c8fd94e5d140caec9c66794a71549c03 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.19_i386.deb Size/MD5: 236460 14c91ad0347f05d6e7340f6a1f928e27 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.19_i386.deb Size/MD5: 208474 ef4b083322079968262bdcba6b3c6a67 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.19_i386.deb Size/MD5: 209230 c881dc1f09b1f6b44438447aae8f6a9d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.19_i386.deb Size/MD5: 141750 73549c8f179ff90ae2f46b8c0c8b15f8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.19_i386.deb Size/MD5: 771740 b1d59367bfecfac830bae15c80f35220 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.19_lpia.deb Size/MD5: 236226 48998dba63cfeaa6643d70566b3a4b01 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.19_lpia.deb Size/MD5: 231844 92cd164c9cd479000ba26116d3b02528 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.19_lpia.deb Size/MD5: 235380 6467532b910026e940667bb198713aae http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.19_lpia.deb Size/MD5: 206216 3138f3c4b223d1fe380f0225400e01bd http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.19_lpia.deb Size/MD5: 206970 cf900b47ca37e165bf27178bc2ace931 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.19_lpia.deb Size/MD5: 141842 112093d097022b08aed1b5c88124422c http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.19_lpia.deb Size/MD5: 750718 8c133b186cdac6c1ecb4545d6a3e694a powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.19_powerpc.deb Size/MD5: 254768 91f01fceef69cabdec4b757de95158f4 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.19_powerpc.deb Size/MD5: 250222 63f05e66592f62d2737af8d7cbe477b9 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.19_powerpc.deb Size/MD5: 254334 668e26ac957e82ecf2d453785694084b http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.19_powerpc.deb Size/MD5: 206226 18129b8fd8c67956365dcde559bc5d5d http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.19_powerpc.deb Size/MD5: 207008 f472f886b6ef23dd312b6f260ac0ad4a http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.19_powerpc.deb Size/MD5: 159022 cdc450f459faf8aa6e0aeea4302fb482 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.19_powerpc.deb Size/MD5: 907128 ebb5b80e3b8e86d65e737e9233adedf1 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.19_sparc.deb Size/MD5: 238036 08f53aec4792eb86f8703bc0c2704f6f http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.19_sparc.deb Size/MD5: 233776 75ee213b18e3a99bac748634268f5d4f http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.19_sparc.deb Size/MD5: 237202 27b608c9dc3e5e230c43f8f8c3ec700e http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.19_sparc.deb Size/MD5: 206232 5924f7ed7175f472504ef1cf6ce4d86c http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.19_sparc.deb Size/MD5: 206998 3c0e7c38872cef1e334feb1129b2692f http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.19_sparc.deb Size/MD5: 144452 50eaa5db62fba9c3c618b7cabe90a309 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.19_sparc.deb Size/MD5: 766340 8da38a1e49155f52ea46423fe4c4ee06 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.4.diff.gz Size/MD5: 188484 c434b577603818436c5ee70fe88edf0f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.4.dsc Size/MD5: 2553 7abc36d70b6407bf31d0260f8526e905 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12.orig.tar.gz Size/MD5: 6678149 17f017b571f88aa60abebfe2945d7caf Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.12-1ubuntu2.4_all.deb Size/MD5: 2246980 8e954b9a42e2fc44d823b610c63103f6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.12-1ubuntu2.4_all.deb Size/MD5: 2346 111dc0ced8a829de9835209e392cf3e7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.12-1ubuntu2.4_all.deb Size/MD5: 2376 a66e6d805229684af87c68ab069ea266 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.12-1ubuntu2.4_all.deb Size/MD5: 2314 0a40f20a353e1880aa3bc30aa875def7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.12-1ubuntu2.4_all.deb Size/MD5: 285472 2cf254bff1dd932e27a2f5eb0f2124a8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.12-1ubuntu2.4_all.deb Size/MD5: 1424 8200e0af179d043e28c2f13cd5f1238a http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.12-1ubuntu2.4_all.deb Size/MD5: 2372 4daddf09fd746f243e1c8e232741cd8b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.4_amd64.deb Size/MD5: 138384 c23f1742d1a4d1ff327012cc58cd28a6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.4_amd64.deb Size/MD5: 139496 80d1bf7089621f9c00605116bd4efb26 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.4_amd64.deb Size/MD5: 157192 3e2876e823a747c961f8b59df1900dc7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.4_amd64.deb Size/MD5: 1406140 f67eb0ab245047eb2719a695b671fa7d http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.4_amd64.deb Size/MD5: 93116 e92b6c82515c6103af4c84178defec73 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.4_amd64.deb Size/MD5: 91618 087b0450f9a88bb5317701537e0007b9 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.4_i386.deb Size/MD5: 137086 9fd8574d5a320f22ce3c83cc9317927e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.4_i386.deb Size/MD5: 138186 d1b822bee829beffc46f8a9aa94199e3 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.4_i386.deb Size/MD5: 155560 0025c5f7797bd018be99822a99119f40 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.4_i386.deb Size/MD5: 1309800 d94bad874d281bab671b0412cf17afb3 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.4_i386.deb Size/MD5: 92244 594282d8a9901fab271fb283b9bc9fbd http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.4_i386.deb Size/MD5: 90682 d4609ceb9bb59604ce158ca6e1014cb4 armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.4_armel.deb Size/MD5: 138226 c907c76b362a7bcf49dbe953071c2c4c http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.4_armel.deb Size/MD5: 139390 241cf4036e1794a425a618596eee14da http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.4_armel.deb Size/MD5: 158704 3258d4b715849de1ce8e43ded000c2e4 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.4_armel.deb Size/MD5: 1272916 b8242bb6da822d44ccec1a8fad064688 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.4_armel.deb Size/MD5: 92320 4b0485fe9f0df0bd32c6e3da0e42a87f http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.4_armel.deb Size/MD5: 90936 e9437ec0e9571f04f72f88dbe8ad369f lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.4_lpia.deb Size/MD5: 137098 2fba573c3a8a0beee6b720ddf7a147fa http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.4_lpia.deb Size/MD5: 138198 37dae52a4c96112916917dabab555b30 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.4_lpia.deb Size/MD5: 155464 dfd5669eafaf325fa75f1e64eb29bfad http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.4_lpia.deb Size/MD5: 1291192 6d4d11afb217b49470a4710eb4566143 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.4_lpia.deb Size/MD5: 92194 44e4c307a00e68e702c52ba8d10c7984 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.4_lpia.deb Size/MD5: 90690 399761c5a6fcd2014b219e7b8cd31d32 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.4_powerpc.deb Size/MD5: 137092 417a344f112a5b13ea5f36a600018d3c http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.4_powerpc.deb Size/MD5: 138196 3e2b46cf25a41c0d4ad1af6b24407c25 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.4_powerpc.deb Size/MD5: 161418 2b41d2b09b03e8e4066194a16774fec1 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.4_powerpc.deb Size/MD5: 1390750 edcd289885e3c92f7694efa4abc6188f http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.4_powerpc.deb Size/MD5: 92754 1c97103bbb049dd7ee8b836fe26b2031 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.4_powerpc.deb Size/MD5: 91142 034979974f2a357218bf614d882cfa23 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.12-1ubuntu2.4_sparc.deb Size/MD5: 137088 058fccf694c50b3852c281f0fa701e66 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.12-1ubuntu2.4_sparc.deb Size/MD5: 138186 625a413761fd36b9bf7755cab9a97118 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.12-1ubuntu2.4_sparc.deb Size/MD5: 159860 a1efd79d8fba8be9477305d221e43334 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.12-1ubuntu2.4_sparc.deb Size/MD5: 1298622 f2256441099614d6e416338cc05c6794 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.12-1ubuntu2.4_sparc.deb Size/MD5: 92524 61dc9b0d61de14659665b5b2908c0df6 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.12-1ubuntu2.4_sparc.deb Size/MD5: 90922 a843867aac530a79cda6005ed54a4ff1 Updated packages for Ubuntu 10.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.4.diff.gz Size/MD5: 214170 04cbe3e7dbcc5b4ddd35b21d0a3c3a21 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.4.dsc Size/MD5: 2697 97667571f87fad4f3bf780660bc8c9c2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14.orig.tar.gz Size/MD5: 6684081 2c1e3c7ba00bcaa0163da7b3e66aaa1e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.14-5ubuntu8.4_all.deb Size/MD5: 2257806 5ee35fe75e4686cf2c07ca2182e98763 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.4_amd64.deb Size/MD5: 2396 3495d9a0b12b11e9b84367f88154f25c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.4_amd64.deb Size/MD5: 2420 83460dfe877ea3410b48369f4a34af98 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.4_amd64.deb Size/MD5: 2366 e672be8888f996c88ecc89a7028e1627 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.4_amd64.deb Size/MD5: 136256 98cb1e84d40d909d4d0ad4aca6f30de2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.4_amd64.deb Size/MD5: 137296 515247ff5030aa36b60adba52442c740 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.4_amd64.deb Size/MD5: 161144 2bb237d9a4439f423f4fa114a2525a12 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.4_amd64.deb Size/MD5: 2730470 eab39d33b994199d36ebb957a123dbd4 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.4_amd64.deb Size/MD5: 290016 fddb6361852490101e224a7c1f82f05c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.4_amd64.deb Size/MD5: 1478 b7c29c953866efbc2ec4175fcf487f20 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.4_amd64.deb Size/MD5: 2416 9a58afd42551ead0286ed61d8d759480 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.4_amd64.deb Size/MD5: 96900 bac870aae281673809371b223e98730e http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.4_amd64.deb Size/MD5: 95280 a137d32d18872d9536e13f07ec6fd9b4 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.4_i386.deb Size/MD5: 2398 4970639c8f7929558a4f178918c71ed0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.4_i386.deb Size/MD5: 2426 46c5fa6d2335809a08df67ff56601eb2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.4_i386.deb Size/MD5: 2372 9a2309b55f8ff81d6910ba3e90768823 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.4_i386.deb Size/MD5: 136280 a34b804f15dd99cce4fef5d25176fb74 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.4_i386.deb Size/MD5: 137320 1c54433a0a33c3e3ed19201dc76e9f58 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.4_i386.deb Size/MD5: 159676 e2d37adb96e9617fbb1c8b969b1437da http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.4_i386.deb Size/MD5: 2622444 7516dddc543f6cb5f94b68c17912410e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.4_i386.deb Size/MD5: 290042 b12f37c292398c2a72251d3435ae4221 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.4_i386.deb Size/MD5: 1484 19ff1abb2167ccc156a684b18806c75d http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.4_i386.deb Size/MD5: 2422 cb08e644167f4d921256f14350be3574 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.4_i386.deb Size/MD5: 96256 7037d8cbe08da992b954dd8c0b40d772 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.4_i386.deb Size/MD5: 94688 4cd9bef52d2e6dc5b69e2feb22a53bb4 armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.4_armel.deb Size/MD5: 2418 7b269901e2ee8330bb9c663fd87a52f2 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.4_armel.deb Size/MD5: 2450 0eb9823e5732b2609b1bab4a9a015396 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.4_armel.deb Size/MD5: 2388 d36eeb0ff65a2ad7f77b711bd2b15536 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.4_armel.deb Size/MD5: 137490 fbbc19f8ec3b8e265806bbad838015f3 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.4_armel.deb Size/MD5: 138604 58930629457b7cbcb7bb376787cd58d1 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.4_armel.deb Size/MD5: 166036 11bb48cedf436f4f4165c91dd455cd0a http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.4_armel.deb Size/MD5: 2570184 bf5c8de7bd17f69c38f3c010aa6d0687 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.4_armel.deb Size/MD5: 296804 b7e72993adef3bb5ebccd01618f6497c http://ports.ubuntu.com/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.4_armel.deb Size/MD5: 1484 b666a37339a59449994e13eed862dcf8 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.4_armel.deb Size/MD5: 2430 b6db059708469f9a5e5ad6442b555632 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.4_armel.deb Size/MD5: 96048 9552f51119734d54d191de544648824e http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.4_armel.deb Size/MD5: 94420 e2ec6d54b05f732b5f6beda813050216 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.4_powerpc.deb Size/MD5: 2400 6d0d60a2ba2b0614f84c29615c2fab68 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.4_powerpc.deb Size/MD5: 2426 7b241f8cf87d2d1a2e0609d59233315f http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.4_powerpc.deb Size/MD5: 2370 7b7d53516231e64e9e33fcdb21fb79c8 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.4_powerpc.deb Size/MD5: 136286 ee325a5dadbfc853bb85833f4a9697a0 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.4_powerpc.deb Size/MD5: 137326 bafa0e2940b070741e9925d45b9929eb http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.4_powerpc.deb Size/MD5: 165972 7a162a07a604396bb869e48349987f20 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.4_powerpc.deb Size/MD5: 2765528 6433cf125eb9e0ef3d0e2f21d47a35e1 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.4_powerpc.deb Size/MD5: 290060 73c20ef9768548a99340075e5c62ad47 http://ports.ubuntu.com/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.4_powerpc.deb Size/MD5: 1482 68dd440815d96cc7c79e9b113c298432 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.4_powerpc.deb Size/MD5: 2422 d35130d8b0d0e64f240cc3d5838ec4dd http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.4_powerpc.deb Size/MD5: 96814 acc862b8a8fd0cce9968fe096c44d5e2 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.4_powerpc.deb Size/MD5: 95158 f60b2c25b5a1b01b1bb0a2b493cd6d02 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.14-5ubuntu8.4_sparc.deb Size/MD5: 2398 6929b88c9e44d507ab0e03865c1edb8e http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.14-5ubuntu8.4_sparc.deb Size/MD5: 2428 bab8d175709b58469ad9bcbf6a37fa75 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.14-5ubuntu8.4_sparc.deb Size/MD5: 2374 dd6508665c6085db3d481c301106b1ea http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.14-5ubuntu8.4_sparc.deb Size/MD5: 136266 17359c6d663f70cc875bc132e605bbcd http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.14-5ubuntu8.4_sparc.deb Size/MD5: 137304 fdadd775a849f1d509e3c06e897b16a1 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.14-5ubuntu8.4_sparc.deb Size/MD5: 165934 0038d53032dd272071361e87baa6b3db http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.14-5ubuntu8.4_sparc.deb Size/MD5: 2593250 834feb1137b15ed401121da6a3dde53e http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.14-5ubuntu8.4_sparc.deb Size/MD5: 290046 ccb65f6f739901f563c594b6ede83d14 http://ports.ubuntu.com/pool/main/a/apache2/apache2_2.2.14-5ubuntu8.4_sparc.deb Size/MD5: 1484 7364939ba13e0485a429f4cb0778401f http://ports.ubuntu.com/pool/universe/a/apache2/apache2-mpm-itk_2.2.14-5ubuntu8.4_sparc.deb Size/MD5: 2426 39ad9b647530c6a093f3af4e057186db http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.14-5ubuntu8.4_sparc.deb Size/MD5: 96708 1d9a1e4af412fce2ef9e8d59e76ba701 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.14-5ubuntu8.4_sparc.deb Size/MD5: 95030 24cae3e808f72d139e8c8f9a0a1a5f38 Updated packages for Ubuntu 10.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.16-1ubuntu3.1.diff.gz Size/MD5: 210573 e26889953d3627e2422fec608fc80c3d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.16-1ubuntu3.1.dsc Size/MD5: 2686 ea9a620794423fa14751e5cd43fa4ca5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.16.orig.tar.gz Size/MD5: 6369022 7f33f2c8b213ad758c009ae46d2795ed Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.16-1ubuntu3.1_all.deb Size/MD5: 2281132 494153ffbed2685dde1f6916f2a08cca amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.16-1ubuntu3.1_amd64.deb Size/MD5: 2346 00e768131218fed520005c54e40e003d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.16-1ubuntu3.1_amd64.deb Size/MD5: 2374 3d95d9e31bea8d0806c6eec320ac15cb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.16-1ubuntu3.1_amd64.deb Size/MD5: 2318 ca7c42028becd3dc67b57e7bef8ef10a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.16-1ubuntu3.1_amd64.deb Size/MD5: 136352 9c6890b3ea07d4bdb3bf61434331eea1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.16-1ubuntu3.1_amd64.deb Size/MD5: 137404 47b6cf10e5d1d2f6694f7e66075bb78d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.16-1ubuntu3.1_amd64.deb Size/MD5: 164446 051b56eca89069afe34fa087d61c733c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.16-1ubuntu3.1_amd64.deb Size/MD5: 2708768 c39117c9b15969612466f50b447c83fb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.16-1ubuntu3.1_amd64.deb Size/MD5: 301360 1dd5f68877240b580f4170eb8899ee78 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.16-1ubuntu3.1_amd64.deb Size/MD5: 1480 bf4687f34a36e2dd5fd6abeb8b4d4f95 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.16-1ubuntu3.1_amd64.deb Size/MD5: 2372 1f19a348c1d7b3ed9d6f0878b5b272e9 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.16-1ubuntu3.1_amd64.deb Size/MD5: 63248 fe1af941aa4eb9131ccccdba0e1f1d39 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.16-1ubuntu3.1_amd64.deb Size/MD5: 61608 470342447d4ac4918f1b1d085dff3145 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.16-1ubuntu3.1_i386.deb Size/MD5: 2348 08f85de3ba757debc03542b7fc8bb7f2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.16-1ubuntu3.1_i386.deb Size/MD5: 2370 ddc38a5cdc523d48f3b2245d15fab0e1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.16-1ubuntu3.1_i386.deb Size/MD5: 2318 10262b0fe6e8f4711dcf4f78e554ce48 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.16-1ubuntu3.1_i386.deb Size/MD5: 136346 8df092b1962d1f1b1a0fc2515ecba1ff http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.16-1ubuntu3.1_i386.deb Size/MD5: 137398 7f456e656957af71a105b354c82da467 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.16-1ubuntu3.1_i386.deb Size/MD5: 162926 543ef93eca3885696733bdb701a90f11 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-bin_2.2.16-1ubuntu3.1_i386.deb Size/MD5: 2599636 de6c8c71455af7457b3d5aed41f6a6a1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.16-1ubuntu3.1_i386.deb Size/MD5: 301338 0e03201bef1db838eae11578c300639c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.16-1ubuntu3.1_i386.deb Size/MD5: 1484 b9ab3e6acb3d599d3fe5151c99d4ed9b http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-mpm-itk_2.2.16-1ubuntu3.1_i386.deb Size/MD5: 2372 99101004b20ee162d8756260db08f3c6 http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec-custom_2.2.16-1ubuntu3.1_i386.deb Size/MD5: 62616 223469805f5385cc39303d40e15fde9f http://security.ubuntu.com/ubuntu/pool/universe/a/apache2/apache2-suexec_2.2.16-1ubuntu3.1_i386.deb Size/MD5: 61084 9bc45e0880ce5040fefe8bd69a43a336 armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.16-1ubuntu3.1_armel.deb Size/MD5: 2358 76401e331821ff276e7644756b27d226 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.16-1ubuntu3.1_armel.deb Size/MD5: 2386 e27b65bb92caa4de4454244ace916b5a http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.16-1ubuntu3.1_armel.deb Size/MD5: 2330 b930ca53ad10db075535a85b3c65998e http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.16-1ubuntu3.1_armel.deb Size/MD5: 137000 58a0c4cd01b9a74d6c70331910d3f675 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.16-1ubuntu3.1_armel.deb Size/MD5: 137980 f9abd743069a6a5b0d3d12b7b3f394bf http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.16-1ubuntu3.1_armel.deb Size/MD5: 171270 41c4177586990d5b0ffb6d400143dd05 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.16-1ubuntu3.1_armel.deb Size/MD5: 2597444 f39c0e92a9d29b576481f5aefa092942 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.16-1ubuntu3.1_armel.deb Size/MD5: 308998 e065288aef4c6eff945d875dc3ac0cfd http://ports.ubuntu.com/pool/main/a/apache2/apache2_2.2.16-1ubuntu3.1_armel.deb Size/MD5: 1484 a139b1e561a9e9aa5363b9c06a0b6850 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-mpm-itk_2.2.16-1ubuntu3.1_armel.deb Size/MD5: 2388 9ec0b59a116e500e700c196ef84afadf http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.16-1ubuntu3.1_armel.deb Size/MD5: 62568 d1354d5a2b5bc2007b7b0dfe0f7dd029 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.16-1ubuntu3.1_armel.deb Size/MD5: 61040 5c9f05ef22ab25d170adde8fc3ac1baa powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.16-1ubuntu3.1_powerpc.deb Size/MD5: 2356 e8d3ec459e0e6f561b512c43b5883261 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.16-1ubuntu3.1_powerpc.deb Size/MD5: 2376 090d1fa0b687fd98ef9c8a57d6436a46 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.16-1ubuntu3.1_powerpc.deb Size/MD5: 2328 eb2755e9de3df3adfdd0df8e139f8fd7 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.16-1ubuntu3.1_powerpc.deb Size/MD5: 136376 04fea44be8c57e9aac5c65692a98a33c http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.16-1ubuntu3.1_powerpc.deb Size/MD5: 137430 f773f801e1b1fb3cbfbcfe4199f1c708 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.16-1ubuntu3.1_powerpc.deb Size/MD5: 169084 8554332e458f686edd300669e824430a http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-bin_2.2.16-1ubuntu3.1_powerpc.deb Size/MD5: 2746688 692017e3371da59f57290dd720ec513e http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.16-1ubuntu3.1_powerpc.deb Size/MD5: 301376 aadf2f481ad35398288c1bf4f89f6d6e http://ports.ubuntu.com/pool/main/a/apache2/apache2_2.2.16-1ubuntu3.1_powerpc.deb Size/MD5: 1490 3364ae2f5f0388fb16de7d0927b0a17c http://ports.ubuntu.com/pool/universe/a/apache2/apache2-mpm-itk_2.2.16-1ubuntu3.1_powerpc.deb Size/MD5: 2376 09345c3706b6106802bbfa01ee2e8f52 http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec-custom_2.2.16-1ubuntu3.1_powerpc.deb Size/MD5: 63140 8163a71079cbc6f0aa8e004ddf082b2d http://ports.ubuntu.com/pool/universe/a/apache2/apache2-suexec_2.2.16-1ubuntu3.1_powerpc.deb Size/MD5: 61554 3d5ddc7250edc6c9d36b8323b8bb53c9 . BAC v8.07 supplies Apache 2.2.17

SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. The SAP NetWeaver wsnavigator component has a cross-site scripting attack that allows an attacker to exploit a vulnerability to gain sensitive information or hijack a target user session. SAP Netweaver is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. SAP Netweaver 6.4 through 7.0 is vulnerable; other versions may also be affected

Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995. libmikmod of loaders/load_it.c Contains a heap-based buffer overflow vulnerability. Libmikmod is a library used by Mikmod to play various types of audio modules. The problem with CVE-2009-3995 is not completely fixed correctly. The following problems exist: - Only volpts are checked, but similar problems affect panpts and pitpts. - Checking is done after calling IT_ProcessEnvelope, the function has modified name##env as the upper bound using name##pts, so an overflow can be triggered between checks. The -name##env information is read from name##tick and name##node, where the value contains ITENVCNT (25), so using sizeof(name##env) == ENVPOINTS (32) can still cause the array to read out of bounds. take. The 'libmikmod' library is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input. Attackers can leverage these issues to execute arbitrary code in the context of an application that uses the affected library. Failed attacks will cause denial-of-service conditions. These issues are due to an incomplete fix for CVE-2009-3995; BID 38114 (libmikmod Multiple Buffer Overflow Vulnerabilities) is related to these issues. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2081-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff August 01, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : libmikmod Vulnerability : buffer overflow Problem type : local(remote) Debian-specific: no CVE Id(s) : CVE-2010-2546 Tomas Hoger discovered that the upstream fix for CVE-2009-3995 was insufficient. This update provides a corrected package. For the unstable distribution (sid), these problems have been fixed in version 3.1.11-6.3. We recommend that you upgrade your libmikmod packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkxVxoUACgkQXm3vHE4uylrhwgCfXeJqgBnpGu10QyEu3DBjwWy/ y0YAoNP/beuWGyzKeCCNXuQwZ23f0oV2 =3XKq -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-995-1 September 29, 2010 libmikmod vulnerabilities CVE-2007-6720, CVE-2009-0179, CVE-2009-3995, CVE-2009-3996, CVE-2010-2546, CVE-2010-2971 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libmikmod2 3.1.11-6ubuntu3.8.04.1 Ubuntu 9.04: libmikmod2 3.1.11-6ubuntu3.9.04.1 Ubuntu 9.10: libmikmod2 3.1.11-6ubuntu4.1 In general, a standard system update will make all the necessary changes. Details follow: It was discovered that libMikMod incorrectly handled songs with different channel counts. (CVE-2007-6720) It was discovered that libMikMod incorrectly handled certain malformed XM files. (CVE-2009-0179) It was discovered that libMikMod incorrectly handled certain malformed Impulse Tracker files. (CVE-2009-3995, CVE-2010-2546, CVE-2010-2971) It was discovered that libMikMod incorrectly handled certain malformed Ultratracker files. (CVE-2009-3996) Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu3.8.04.1.diff.gz Size/MD5: 339148 88b89686ec91f5173c6dd8b80ce8e64e http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu3.8.04.1.dsc Size/MD5: 730 9d56dccce0535ee3c48ca642da04705a http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11.orig.tar.gz Size/MD5: 611590 705106da305e8de191549f1e7393185c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.8.04.1_amd64.deb Size/MD5: 266550 9200823b863117753bac8a1aae63c2ca http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.8.04.1_amd64.deb Size/MD5: 155628 cff0d15986f092c78cda7bb3a657e1f6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.8.04.1_i386.deb Size/MD5: 244016 27453dd915f85ccd7dba0710ecab4acc http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.8.04.1_i386.deb Size/MD5: 146476 b67d8d50c02001e45eb618d51f4329a1 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.8.04.1_lpia.deb Size/MD5: 248392 706f9438583e4364b4265ec8d8543bc4 http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.8.04.1_lpia.deb Size/MD5: 148608 5c727d7e661e44044017cb7bd6ab3402 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.8.04.1_powerpc.deb Size/MD5: 285392 c4ebd492d87451cc2979554da7e6fa34 http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.8.04.1_powerpc.deb Size/MD5: 173928 e45de26f887292b7482eca418459e60c sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.8.04.1_sparc.deb Size/MD5: 258120 702fbd120d05a9f1d645f85ec45ea211 http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.8.04.1_sparc.deb Size/MD5: 148446 029492bfe2015986538e1f141ab51f93 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu3.9.04.1.diff.gz Size/MD5: 338916 a771044f7ddf578a1618e1667effd243 http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu3.9.04.1.dsc Size/MD5: 1150 031a6ed819b4e9f59dc4614f42f91109 http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11.orig.tar.gz Size/MD5: 611590 705106da305e8de191549f1e7393185c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.9.04.1_amd64.deb Size/MD5: 265286 5189d1d5a185819b8f0a3860fd3ecc2b http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.9.04.1_amd64.deb Size/MD5: 156988 f76e952924eceebdde01d9671f96b9b9 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.9.04.1_i386.deb Size/MD5: 244312 00502a3a984d2b40bffdf46d016caa20 http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.9.04.1_i386.deb Size/MD5: 147096 8cb46dd80877e60c1300e0b471a42cba lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.9.04.1_lpia.deb Size/MD5: 247818 33fa14fe4ee9a538eb1c998928a302ab http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.9.04.1_lpia.deb Size/MD5: 148464 75e5cde38085b939f4c3ad709f2a6b0d powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.9.04.1_powerpc.deb Size/MD5: 281656 34e746a50fbd0acd34192b9e899e161f http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.9.04.1_powerpc.deb Size/MD5: 172672 69ec0a2145ea106602c2f3fa454bc346 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu3.9.04.1_sparc.deb Size/MD5: 255260 70cb1b7d5521b00ae993686d9336bb12 http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu3.9.04.1_sparc.deb Size/MD5: 149422 d9e458beb786bbe71ecbf51f3ba6e758 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu4.1.diff.gz Size/MD5: 338972 b044cd4c0262d4d38fc94de90fb520d4 http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11-6ubuntu4.1.dsc Size/MD5: 1130 1feb8d8fcb433337e8ddad65e2076e4a http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod_3.1.11.orig.tar.gz Size/MD5: 611590 705106da305e8de191549f1e7393185c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu4.1_amd64.deb Size/MD5: 267300 627cc54b1a4b2ed57ae5c1de295e614c http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu4.1_amd64.deb Size/MD5: 157340 c36998f34e2807dbb8af42934b8ede5e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu4.1_i386.deb Size/MD5: 244300 063e16e7e89f79a9d8b457a3881b5820 http://security.ubuntu.com/ubuntu/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu4.1_i386.deb Size/MD5: 148654 615e8ada1a87f7aee7e5ccd51c2dca4e lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu4.1_lpia.deb Size/MD5: 247994 fe717add1af434a346b59982f5e3c7c5 http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu4.1_lpia.deb Size/MD5: 151404 e13a0f651953441fc9cc5958ef874d0d powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu4.1_powerpc.deb Size/MD5: 281960 9199bd4701581881b31df45c5ede258f http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu4.1_powerpc.deb Size/MD5: 174950 ad1450f700117577ddede6fc3755d5da sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6ubuntu4.1_sparc.deb Size/MD5: 260378 cd74bc83de2b60ed9cf4fc442e0352e1 http://ports.ubuntu.com/pool/main/libm/libmikmod/libmikmod2_3.1.11-a-6ubuntu4.1_sparc.deb Size/MD5: 152910 b684a3227432d45c220bb1378a4ed3d7 . Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3996 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2971 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 3239adc6a61914a960c8bb07ebab58d2 2008.0/i586/libmikmod2-3.1.11a-8.2mdv2008.0.i586.rpm 4a88081c44652b1abbb2168bad46fc17 2008.0/i586/libmikmod-devel-3.1.11a-8.2mdv2008.0.i586.rpm ecdb3414bb5ff4fde670f2983432fe92 2008.0/SRPMS/libmikmod-3.1.11a-8.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 41d721fc0ade6181626d66527e08260f 2008.0/x86_64/lib64mikmod2-3.1.11a-8.2mdv2008.0.x86_64.rpm b9af3c6d02828c7c36f2d47275142a01 2008.0/x86_64/lib64mikmod-devel-3.1.11a-8.2mdv2008.0.x86_64.rpm ecdb3414bb5ff4fde670f2983432fe92 2008.0/SRPMS/libmikmod-3.1.11a-8.2mdv2008.0.src.rpm Mandriva Linux 2009.0: 0c32865a362e5949549bd0597f1c3288 2009.0/i586/libmikmod3-3.2.0-0.beta2.2.2mdv2009.0.i586.rpm 1f0c55a841c82430a4a455b9c0fd185f 2009.0/i586/libmikmod-devel-3.2.0-0.beta2.2.2mdv2009.0.i586.rpm 3b736a5f6560c844e05d797772240ff8 2009.0/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: da510127c478758616146f2069b013ca 2009.0/x86_64/lib64mikmod3-3.2.0-0.beta2.2.2mdv2009.0.x86_64.rpm ce57822efa45f0e36aa1d79f7cc75763 2009.0/x86_64/lib64mikmod-devel-3.2.0-0.beta2.2.2mdv2009.0.x86_64.rpm 3b736a5f6560c844e05d797772240ff8 2009.0/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdv2009.0.src.rpm Mandriva Linux 2009.1: 1987e95ad4486d0d70a5cb3f15462815 2009.1/i586/libmikmod3-3.2.0-0.beta2.3.1mdv2009.1.i586.rpm 7c1d6e99214eca60d5e1b27d742557ac 2009.1/i586/libmikmod-devel-3.2.0-0.beta2.3.1mdv2009.1.i586.rpm 2cf8f0a1794e134bad1f0510a4d4b255 2009.1/SRPMS/libmikmod-3.2.0-0.beta2.3.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 06d66faa37c282dbee789de65dc5b246 2009.1/x86_64/lib64mikmod3-3.2.0-0.beta2.3.1mdv2009.1.x86_64.rpm 5940b272dda3c628bbf27799e43db079 2009.1/x86_64/lib64mikmod-devel-3.2.0-0.beta2.3.1mdv2009.1.x86_64.rpm 2cf8f0a1794e134bad1f0510a4d4b255 2009.1/SRPMS/libmikmod-3.2.0-0.beta2.3.1mdv2009.1.src.rpm Mandriva Linux 2010.0: 754014cea8f3645395151dc2b7a4cc58 2010.0/i586/libmikmod3-3.2.0-0.beta2.6.1mdv2010.0.i586.rpm cd1e7fca287c53499d973478c7813a6f 2010.0/i586/libmikmod-devel-3.2.0-0.beta2.6.1mdv2010.0.i586.rpm 9db426850551cd0d47d49dce62bddf29 2010.0/SRPMS/libmikmod-3.2.0-0.beta2.6.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 477871f309a92d2912811fb31fea0943 2010.0/x86_64/lib64mikmod3-3.2.0-0.beta2.6.1mdv2010.0.x86_64.rpm 4c02e2863a04a2201233ce6f0822fbb5 2010.0/x86_64/lib64mikmod-devel-3.2.0-0.beta2.6.1mdv2010.0.x86_64.rpm 9db426850551cd0d47d49dce62bddf29 2010.0/SRPMS/libmikmod-3.2.0-0.beta2.6.1mdv2010.0.src.rpm Mandriva Linux 2010.1: 5dc9e3bcb87870d04daaeea37c1c7c90 2010.1/i586/libmikmod3-3.2.0-0.beta2.7.1mdv2010.1.i586.rpm 30fd5e1c50381c01c621c67f83e46c53 2010.1/i586/libmikmod-devel-3.2.0-0.beta2.7.1mdv2010.1.i586.rpm a8e35035a0439a36aed7acb4c6cd8c66 2010.1/SRPMS/libmikmod-3.2.0-0.beta2.7.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: c642403d884dcd4aef507757d7688b4a 2010.1/x86_64/lib64mikmod3-3.2.0-0.beta2.7.1mdv2010.1.x86_64.rpm b64cda55aeb0450fea2ad3af07fece31 2010.1/x86_64/lib64mikmod-devel-3.2.0-0.beta2.7.1mdv2010.1.x86_64.rpm a8e35035a0439a36aed7acb4c6cd8c66 2010.1/SRPMS/libmikmod-3.2.0-0.beta2.7.1mdv2010.1.src.rpm Mandriva Enterprise Server 5: 6798c40fffe0cec1532ed4ea2470b041 mes5/i586/libmikmod3-3.2.0-0.beta2.2.2mdvmes5.1.i586.rpm 2b4f452bcfcd7ccbc1f9eea217b3e8ed mes5/i586/libmikmod-devel-3.2.0-0.beta2.2.2mdvmes5.1.i586.rpm 18ee204b5ffc212d4fb027b912a75c0b mes5/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 5e4fb9c93420186fc60c96e38b9ea412 mes5/x86_64/lib64mikmod3-3.2.0-0.beta2.2.2mdvmes5.1.x86_64.rpm e285e5b3413fe8f0de6b71caa903c8f9 mes5/x86_64/lib64mikmod-devel-3.2.0-0.beta2.2.2mdvmes5.1.x86_64.rpm 18ee204b5ffc212d4fb027b912a75c0b mes5/SRPMS/libmikmod-3.2.0-0.beta2.2.2mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMaOgMmqjQ0CJFipgRAt6nAKCzxX60CsvAUagtg/MS8MzgHh/84wCfbLXV avaniwZZDpjBYi8uoj21mkM= =KovP -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Gentoo update for libmikmod SECUNIA ADVISORY ID: SA48244 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48244/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48244 RELEASE DATE: 2012-03-06 DISCUSS ADVISORY: http://secunia.com/advisories/48244/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48244/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48244 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for libmikmod. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise a vulnerable system. ORIGINAL ADVISORY: GLSA 201203-10: http://www.gentoo.org/security/en/glsa/glsa-201203-10.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libmikmod: User-assisted execution of arbitrary code Date: March 06, 2012 Bugs: #335892 ID: 201203-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple buffer overflow vulnerabilities in libmikmod may allow an attacker to execute arbitrary code or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All libmikmod 3.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=media-libs/libmikmod-3.2.0_beta2-r3" All libmikmod 3.1 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libmikmod-3.1.12-r1"= Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages. References ========== [ 1 ] CVE-2010-2546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2546 [ 2 ] CVE-2010-2971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2971 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201203-10.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus. WebKit is prone to a remote code-execution vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application. This issue has been addressed in Apple Safari 5.0.1 and 4.1.1. NOTE: This issue was previously covered in BID 42020 (Apple Safari Prior to 5.0.1 and 4.1.1 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. The updated packages have been upgraded to the latest version (1.2.7) to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Multiple packages, Multiple vulnerabilities fixed in 2011 Date: December 11, 2014 Bugs: #194151, #294253, #294256, #334087, #344059, #346897, #350598, #352608, #354209, #355207, #356893, #358611, #358785, #358789, #360891, #361397, #362185, #366697, #366699, #369069, #370839, #372971, #376793, #381169, #386321, #386361 ID: 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information. Background ========== For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 games-sports/racer-bin >= 0.5.0-r1 Vulnerable! 2 media-libs/fmod < 4.38.00 >= 4.38.00 3 dev-php/PEAR-Mail < 1.2.0 >= 1.2.0 4 sys-fs/lvm2 < 2.02.72 >= 2.02.72 5 app-office/gnucash < 2.4.4 >= 2.4.4 6 media-libs/xine-lib < 1.1.19 >= 1.1.19 7 media-sound/lastfmplayer < 1.5.4.26862-r3 >= 1.5.4.26862-r3 8 net-libs/webkit-gtk < 1.2.7 >= 1.2.7 9 sys-apps/shadow < 4.1.4.3 >= 4.1.4.3 10 dev-php/PEAR-PEAR < 1.9.2-r1 >= 1.9.2-r1 11 dev-db/unixODBC < 2.3.0-r1 >= 2.3.0-r1 12 sys-cluster/resource-agents < 1.0.4-r1 >= 1.0.4-r1 13 net-misc/mrouted < 3.9.5 >= 3.9.5 14 net-misc/rsync < 3.0.8 >= 3.0.8 15 dev-libs/xmlsec < 1.2.17 >= 1.2.17 16 x11-apps/xrdb < 1.0.9 >= 1.0.9 17 net-misc/vino < 2.32.2 >= 2.32.2 18 dev-util/oprofile < 0.9.6-r1 >= 0.9.6-r1 19 app-admin/syslog-ng < 3.2.4 >= 3.2.4 20 net-analyzer/sflowtool < 3.20 >= 3.20 21 gnome-base/gdm < 3.8.4-r3 >= 3.8.4-r3 22 net-libs/libsoup < 2.34.3 >= 2.34.3 23 app-misc/ca-certificates < 20110502-r1 >= 20110502-r1 24 dev-vcs/gitolite < 1.5.9.1 >= 1.5.9.1 25 dev-util/qt-creator < 2.1.0 >= 2.1.0 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 25 affected packages Description =========== Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. * FMOD Studio * PEAR Mail * LVM2 * GnuCash * xine-lib * Last.fm Scrobbler * WebKitGTK+ * shadow tool suite * PEAR * unixODBC * Resource Agents * mrouted * rsync * XML Security Library * xrdb * Vino * OProfile * syslog-ng * sFlow Toolkit * GNOME Display Manager * libsoup * CA Certificates * Gitolite * QtCreator * Racer Impact ====== A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround ========== There are no known workarounds at this time. Resolution ========== All FMOD Studio users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/fmod-4.38.00" All PEAR Mail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-Mail-1.2.0" All LVM2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-fs/lvm2-2.02.72" All GnuCash users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-office/gnucash-2.4.4" All xine-lib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.19" All Last.fm Scrobbler users should upgrade to the latest version: # emerge --sync # emerge -a --oneshot -v ">=media-sound/lastfmplayer-1.5.4.26862-r3" All WebKitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-1.2.7" All shadow tool suite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.1.4.3" All PEAR users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-PEAR-1.9.2-r1" All unixODBC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/unixODBC-2.3.0-r1" All Resource Agents users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=sys-cluster/resource-agents-1.0.4-r1" All mrouted users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/mrouted-3.9.5" All rsync users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.0.8" All XML Security Library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/xmlsec-1.2.17" All xrdb users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-apps/xrdb-1.0.9" All Vino users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/vino-2.32.2" All OProfile users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/oprofile-0.9.6-r1" All syslog-ng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-3.2.4" All sFlow Toolkit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/sflowtool-3.20" All GNOME Display Manager users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=gnome-base/gdm-3.8.4-r3" All libsoup users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/libsoup-2.34.3" All CA Certificates users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-misc/ca-certificates-20110502-r1" All Gitolite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/gitolite-1.5.9.1" All QtCreator users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/qt-creator-2.1.0" Gentoo has discontinued support for Racer. We recommend that users unmerge Racer: # emerge --unmerge "games-sports/racer-bin" NOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2012. It is likely that your system is already no longer affected by these issues. References ========== [ 1 ] CVE-2007-4370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4370 [ 2 ] CVE-2009-4023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4023 [ 3 ] CVE-2009-4111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4111 [ 4 ] CVE-2010-0778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0778 [ 5 ] CVE-2010-1780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1780 [ 6 ] CVE-2010-1782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1782 [ 7 ] CVE-2010-1783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1783 [ 8 ] CVE-2010-1784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1784 [ 9 ] CVE-2010-1785 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1785 [ 10 ] CVE-2010-1786 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1786 [ 11 ] CVE-2010-1787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1787 [ 12 ] CVE-2010-1788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1788 [ 13 ] CVE-2010-1790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1790 [ 14 ] CVE-2010-1791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1791 [ 15 ] CVE-2010-1792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1792 [ 16 ] CVE-2010-1793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1793 [ 17 ] CVE-2010-1807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1807 [ 18 ] CVE-2010-1812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1812 [ 19 ] CVE-2010-1814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1814 [ 20 ] CVE-2010-1815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1815 [ 21 ] CVE-2010-2526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2526 [ 22 ] CVE-2010-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2901 [ 23 ] CVE-2010-3255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3255 [ 24 ] CVE-2010-3257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3257 [ 25 ] CVE-2010-3259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3259 [ 26 ] CVE-2010-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3362 [ 27 ] CVE-2010-3374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3374 [ 28 ] CVE-2010-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3389 [ 29 ] CVE-2010-3812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3812 [ 30 ] CVE-2010-3813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3813 [ 31 ] CVE-2010-3999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3999 [ 32 ] CVE-2010-4042 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4042 [ 33 ] CVE-2010-4197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4197 [ 34 ] CVE-2010-4198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4198 [ 35 ] CVE-2010-4204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4204 [ 36 ] CVE-2010-4206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4206 [ 37 ] CVE-2010-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4492 [ 38 ] CVE-2010-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4493 [ 39 ] CVE-2010-4577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4577 [ 40 ] CVE-2010-4578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4578 [ 41 ] CVE-2011-0007 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0007 [ 42 ] CVE-2011-0465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0465 [ 43 ] CVE-2011-0482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0482 [ 44 ] CVE-2011-0721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0721 [ 45 ] CVE-2011-0727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0727 [ 46 ] CVE-2011-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0904 [ 47 ] CVE-2011-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0905 [ 48 ] CVE-2011-1072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1072 [ 49 ] CVE-2011-1097 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1097 [ 50 ] CVE-2011-1144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1144 [ 51 ] CVE-2011-1425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1425 [ 52 ] CVE-2011-1572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1572 [ 53 ] CVE-2011-1760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1760 [ 54 ] CVE-2011-1951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1951 [ 55 ] CVE-2011-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2471 [ 56 ] CVE-2011-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2472 [ 57 ] CVE-2011-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2473 [ 58 ] CVE-2011-2524 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2524 [ 59 ] CVE-2011-3365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3365 [ 60 ] CVE-2011-3366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3366 [ 61 ] CVE-2011-3367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3367 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a use element in an SVG document. WebKit is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application. This issue has been addressed in Apple Safari 5.0.1 and 4.1.1. NOTE: This issue was previously covered in BID 42020 (Apple Safari Prior to 5.0.1 and 4.1.1 Multiple Security Vulnerabilities) but has been given its own record to better document it. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. The updated packages have been upgraded to the latest version (1.2.7) to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Multiple packages, Multiple vulnerabilities fixed in 2011 Date: December 11, 2014 Bugs: #194151, #294253, #294256, #334087, #344059, #346897, #350598, #352608, #354209, #355207, #356893, #358611, #358785, #358789, #360891, #361397, #362185, #366697, #366699, #369069, #370839, #372971, #376793, #381169, #386321, #386361 ID: 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information. Background ========== For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 games-sports/racer-bin >= 0.5.0-r1 Vulnerable! 2 media-libs/fmod < 4.38.00 >= 4.38.00 3 dev-php/PEAR-Mail < 1.2.0 >= 1.2.0 4 sys-fs/lvm2 < 2.02.72 >= 2.02.72 5 app-office/gnucash < 2.4.4 >= 2.4.4 6 media-libs/xine-lib < 1.1.19 >= 1.1.19 7 media-sound/lastfmplayer < 1.5.4.26862-r3 >= 1.5.4.26862-r3 8 net-libs/webkit-gtk < 1.2.7 >= 1.2.7 9 sys-apps/shadow < 4.1.4.3 >= 4.1.4.3 10 dev-php/PEAR-PEAR < 1.9.2-r1 >= 1.9.2-r1 11 dev-db/unixODBC < 2.3.0-r1 >= 2.3.0-r1 12 sys-cluster/resource-agents < 1.0.4-r1 >= 1.0.4-r1 13 net-misc/mrouted < 3.9.5 >= 3.9.5 14 net-misc/rsync < 3.0.8 >= 3.0.8 15 dev-libs/xmlsec < 1.2.17 >= 1.2.17 16 x11-apps/xrdb < 1.0.9 >= 1.0.9 17 net-misc/vino < 2.32.2 >= 2.32.2 18 dev-util/oprofile < 0.9.6-r1 >= 0.9.6-r1 19 app-admin/syslog-ng < 3.2.4 >= 3.2.4 20 net-analyzer/sflowtool < 3.20 >= 3.20 21 gnome-base/gdm < 3.8.4-r3 >= 3.8.4-r3 22 net-libs/libsoup < 2.34.3 >= 2.34.3 23 app-misc/ca-certificates < 20110502-r1 >= 20110502-r1 24 dev-vcs/gitolite < 1.5.9.1 >= 1.5.9.1 25 dev-util/qt-creator < 2.1.0 >= 2.1.0 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 25 affected packages Description =========== Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. * FMOD Studio * PEAR Mail * LVM2 * GnuCash * xine-lib * Last.fm Scrobbler * WebKitGTK+ * shadow tool suite * PEAR * unixODBC * Resource Agents * mrouted * rsync * XML Security Library * xrdb * Vino * OProfile * syslog-ng * sFlow Toolkit * GNOME Display Manager * libsoup * CA Certificates * Gitolite * QtCreator * Racer Impact ====== A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround ========== There are no known workarounds at this time. Resolution ========== All FMOD Studio users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/fmod-4.38.00" All PEAR Mail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-Mail-1.2.0" All LVM2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-fs/lvm2-2.02.72" All GnuCash users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-office/gnucash-2.4.4" All xine-lib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.19" All Last.fm Scrobbler users should upgrade to the latest version: # emerge --sync # emerge -a --oneshot -v ">=media-sound/lastfmplayer-1.5.4.26862-r3" All WebKitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-1.2.7" All shadow tool suite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.1.4.3" All PEAR users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-PEAR-1.9.2-r1" All unixODBC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/unixODBC-2.3.0-r1" All Resource Agents users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=sys-cluster/resource-agents-1.0.4-r1" All mrouted users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/mrouted-3.9.5" All rsync users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.0.8" All XML Security Library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/xmlsec-1.2.17" All xrdb users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-apps/xrdb-1.0.9" All Vino users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/vino-2.32.2" All OProfile users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/oprofile-0.9.6-r1" All syslog-ng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-3.2.4" All sFlow Toolkit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/sflowtool-3.20" All GNOME Display Manager users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=gnome-base/gdm-3.8.4-r3" All libsoup users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/libsoup-2.34.3" All CA Certificates users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-misc/ca-certificates-20110502-r1" All Gitolite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/gitolite-1.5.9.1" All QtCreator users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/qt-creator-2.1.0" Gentoo has discontinued support for Racer. We recommend that users unmerge Racer: # emerge --unmerge "games-sports/racer-bin" NOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2012. It is likely that your system is already no longer affected by these issues. References ========== [ 1 ] CVE-2007-4370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4370 [ 2 ] CVE-2009-4023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4023 [ 3 ] CVE-2009-4111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4111 [ 4 ] CVE-2010-0778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0778 [ 5 ] CVE-2010-1780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1780 [ 6 ] CVE-2010-1782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1782 [ 7 ] CVE-2010-1783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1783 [ 8 ] CVE-2010-1784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1784 [ 9 ] CVE-2010-1785 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1785 [ 10 ] CVE-2010-1786 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1786 [ 11 ] CVE-2010-1787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1787 [ 12 ] CVE-2010-1788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1788 [ 13 ] CVE-2010-1790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1790 [ 14 ] CVE-2010-1791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1791 [ 15 ] CVE-2010-1792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1792 [ 16 ] CVE-2010-1793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1793 [ 17 ] CVE-2010-1807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1807 [ 18 ] CVE-2010-1812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1812 [ 19 ] CVE-2010-1814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1814 [ 20 ] CVE-2010-1815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1815 [ 21 ] CVE-2010-2526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2526 [ 22 ] CVE-2010-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2901 [ 23 ] CVE-2010-3255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3255 [ 24 ] CVE-2010-3257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3257 [ 25 ] CVE-2010-3259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3259 [ 26 ] CVE-2010-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3362 [ 27 ] CVE-2010-3374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3374 [ 28 ] CVE-2010-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3389 [ 29 ] CVE-2010-3812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3812 [ 30 ] CVE-2010-3813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3813 [ 31 ] CVE-2010-3999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3999 [ 32 ] CVE-2010-4042 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4042 [ 33 ] CVE-2010-4197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4197 [ 34 ] CVE-2010-4198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4198 [ 35 ] CVE-2010-4204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4204 [ 36 ] CVE-2010-4206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4206 [ 37 ] CVE-2010-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4492 [ 38 ] CVE-2010-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4493 [ 39 ] CVE-2010-4577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4577 [ 40 ] CVE-2010-4578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4578 [ 41 ] CVE-2011-0007 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0007 [ 42 ] CVE-2011-0465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0465 [ 43 ] CVE-2011-0482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0482 [ 44 ] CVE-2011-0721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0721 [ 45 ] CVE-2011-0727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0727 [ 46 ] CVE-2011-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0904 [ 47 ] CVE-2011-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0905 [ 48 ] CVE-2011-1072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1072 [ 49 ] CVE-2011-1097 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1097 [ 50 ] CVE-2011-1144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1144 [ 51 ] CVE-2011-1425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1425 [ 52 ] CVE-2011-1572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1572 [ 53 ] CVE-2011-1760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1760 [ 54 ] CVE-2011-1951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1951 [ 55 ] CVE-2011-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2471 [ 56 ] CVE-2011-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2472 [ 57 ] CVE-2011-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2473 [ 58 ] CVE-2011-2524 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2524 [ 59 ] CVE-2011-3365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3365 [ 60 ] CVE-2011-3366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3366 [ 61 ] CVE-2011-3367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3367 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields. Safari is prone to multiple security vulnerabilities that have been addressed in Apple security advisory APPLE-SA-2010-07-28-1. Attackers can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage. Successful attacks may result in information disclosure, remote code execution, denial of service, or other consequences. This BID is being retired. The following individual records exist to better document these issues: 41884 Apple Safari Personal Address Book AutoFill Information Disclosure Weakness 42034 WebKit Inline Elements Remote Memory Corruption Vulnerability 42035 WebKit CVE-2010-1783 Remote Memory Corruption Vulnerability 42036 WebKit CSS Counters Remote Memory Corruption Vulnerability 42037 WebKit ':first-letter' and ':first-line' Pseudo-Elements Remote Memory Corruption Vulnerability 42038 WebKit CVE-2010-1787 Floating Elements Remote Memory Corruption Vulnerability 42039 Apple Safari RSS Feed Information Disclosure Vulnerability 42041 WebKit 'use' Element Handling Remote Memory Corruption Vulnerability 42042 WebKit Regular Expression Handling Remote Memory Corruption Vulnerability 42043 WebKit Just-In-Time Compiled JavaScript Stubs Remote Code Execution Vulnerability 42044 WebKit Element Focus Use-After-Free Remote Code Execution Vulnerability 42045 WebKit JavaScript Array Signedness Error Remote Code Execution Vulnerability 42046 WebKit 'foreignObject' Elements Use-After-Free Remote Code Execution Vulnerability 42048 WebKit JavaScript String Object Remote Heap Based Buffer Overflow Vulnerability 42049 WebKit 'font-face' and 'use' Elements Use-After-Free Remote Code Execution Vulnerability. A remote attacker can exploit this issue to obtain sensitive information that may aid in further attacks. Safari 5.0 is vulnerable; other versions may also be affected

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the library's process for handling floating elements within an SVG document. During layout of the element, the application will mismanage references to the floating element. Later the application will attempt to destroy this reference triggering corruption. Successful exploitation can lead to code execution under the context of the application. WebKit is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. This issue has been addressed in Apple Safari 5.0.1 and 4.1.1. NOTE: This issue was previously covered in BID 42020 (Apple Safari Prior to 5.0.1 and 4.1.1 Multiple Security Vulnerabilities) but has been given its own record to better document it. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. The updated packages have been upgraded to the latest version (1.2.7) to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ZDI-10-153: Apple Webkit SVG Floating Text Element Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-153 August 11, 2010 -- CVE ID: CVE-2010-1787 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Apple -- Affected Products: Apple WebKit -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10147. -- Vendor Response: Apple states: Fixed in Safari 5.0.1: http://support.apple.com/kb/HT4276 -- Disclosure Timeline: 2010-06-01 - Vulnerability reported to vendor 2010-08-11 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * wushi of team509 -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Multiple packages, Multiple vulnerabilities fixed in 2011 Date: December 11, 2014 Bugs: #194151, #294253, #294256, #334087, #344059, #346897, #350598, #352608, #354209, #355207, #356893, #358611, #358785, #358789, #360891, #361397, #362185, #366697, #366699, #369069, #370839, #372971, #376793, #381169, #386321, #386361 ID: 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. Please see the package list and CVE identifiers below for more information. Background ========== For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 games-sports/racer-bin >= 0.5.0-r1 Vulnerable! 2 media-libs/fmod < 4.38.00 >= 4.38.00 3 dev-php/PEAR-Mail < 1.2.0 >= 1.2.0 4 sys-fs/lvm2 < 2.02.72 >= 2.02.72 5 app-office/gnucash < 2.4.4 >= 2.4.4 6 media-libs/xine-lib < 1.1.19 >= 1.1.19 7 media-sound/lastfmplayer < 1.5.4.26862-r3 >= 1.5.4.26862-r3 8 net-libs/webkit-gtk < 1.2.7 >= 1.2.7 9 sys-apps/shadow < 4.1.4.3 >= 4.1.4.3 10 dev-php/PEAR-PEAR < 1.9.2-r1 >= 1.9.2-r1 11 dev-db/unixODBC < 2.3.0-r1 >= 2.3.0-r1 12 sys-cluster/resource-agents < 1.0.4-r1 >= 1.0.4-r1 13 net-misc/mrouted < 3.9.5 >= 3.9.5 14 net-misc/rsync < 3.0.8 >= 3.0.8 15 dev-libs/xmlsec < 1.2.17 >= 1.2.17 16 x11-apps/xrdb < 1.0.9 >= 1.0.9 17 net-misc/vino < 2.32.2 >= 2.32.2 18 dev-util/oprofile < 0.9.6-r1 >= 0.9.6-r1 19 app-admin/syslog-ng < 3.2.4 >= 3.2.4 20 net-analyzer/sflowtool < 3.20 >= 3.20 21 gnome-base/gdm < 3.8.4-r3 >= 3.8.4-r3 22 net-libs/libsoup < 2.34.3 >= 2.34.3 23 app-misc/ca-certificates < 20110502-r1 >= 20110502-r1 24 dev-vcs/gitolite < 1.5.9.1 >= 1.5.9.1 25 dev-util/qt-creator < 2.1.0 >= 2.1.0 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 25 affected packages Description =========== Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. * FMOD Studio * PEAR Mail * LVM2 * GnuCash * xine-lib * Last.fm Scrobbler * WebKitGTK+ * shadow tool suite * PEAR * unixODBC * Resource Agents * mrouted * rsync * XML Security Library * xrdb * Vino * OProfile * syslog-ng * sFlow Toolkit * GNOME Display Manager * libsoup * CA Certificates * Gitolite * QtCreator * Racer Impact ====== A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround ========== There are no known workarounds at this time. Resolution ========== All FMOD Studio users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/fmod-4.38.00" All PEAR Mail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-Mail-1.2.0" All LVM2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-fs/lvm2-2.02.72" All GnuCash users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-office/gnucash-2.4.4" All xine-lib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.19" All Last.fm Scrobbler users should upgrade to the latest version: # emerge --sync # emerge -a --oneshot -v ">=media-sound/lastfmplayer-1.5.4.26862-r3" All WebKitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-1.2.7" All shadow tool suite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.1.4.3" All PEAR users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-PEAR-1.9.2-r1" All unixODBC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/unixODBC-2.3.0-r1" All Resource Agents users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=sys-cluster/resource-agents-1.0.4-r1" All mrouted users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/mrouted-3.9.5" All rsync users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.0.8" All XML Security Library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/xmlsec-1.2.17" All xrdb users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-apps/xrdb-1.0.9" All Vino users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/vino-2.32.2" All OProfile users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/oprofile-0.9.6-r1" All syslog-ng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-3.2.4" All sFlow Toolkit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/sflowtool-3.20" All GNOME Display Manager users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=gnome-base/gdm-3.8.4-r3" All libsoup users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/libsoup-2.34.3" All CA Certificates users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-misc/ca-certificates-20110502-r1" All Gitolite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/gitolite-1.5.9.1" All QtCreator users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/qt-creator-2.1.0" Gentoo has discontinued support for Racer. We recommend that users unmerge Racer: # emerge --unmerge "games-sports/racer-bin" NOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2012. It is likely that your system is already no longer affected by these issues. References ========== [ 1 ] CVE-2007-4370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4370 [ 2 ] CVE-2009-4023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4023 [ 3 ] CVE-2009-4111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4111 [ 4 ] CVE-2010-0778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0778 [ 5 ] CVE-2010-1780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1780 [ 6 ] CVE-2010-1782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1782 [ 7 ] CVE-2010-1783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1783 [ 8 ] CVE-2010-1784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1784 [ 9 ] CVE-2010-1785 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1785 [ 10 ] CVE-2010-1786 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1786 [ 11 ] CVE-2010-1787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1787 [ 12 ] CVE-2010-1788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1788 [ 13 ] CVE-2010-1790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1790 [ 14 ] CVE-2010-1791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1791 [ 15 ] CVE-2010-1792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1792 [ 16 ] CVE-2010-1793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1793 [ 17 ] CVE-2010-1807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1807 [ 18 ] CVE-2010-1812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1812 [ 19 ] CVE-2010-1814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1814 [ 20 ] CVE-2010-1815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1815 [ 21 ] CVE-2010-2526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2526 [ 22 ] CVE-2010-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2901 [ 23 ] CVE-2010-3255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3255 [ 24 ] CVE-2010-3257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3257 [ 25 ] CVE-2010-3259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3259 [ 26 ] CVE-2010-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3362 [ 27 ] CVE-2010-3374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3374 [ 28 ] CVE-2010-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3389 [ 29 ] CVE-2010-3812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3812 [ 30 ] CVE-2010-3813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3813 [ 31 ] CVE-2010-3999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3999 [ 32 ] CVE-2010-4042 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4042 [ 33 ] CVE-2010-4197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4197 [ 34 ] CVE-2010-4198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4198 [ 35 ] CVE-2010-4204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4204 [ 36 ] CVE-2010-4206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4206 [ 37 ] CVE-2010-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4492 [ 38 ] CVE-2010-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4493 [ 39 ] CVE-2010-4577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4577 [ 40 ] CVE-2010-4578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4578 [ 41 ] CVE-2011-0007 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0007 [ 42 ] CVE-2011-0465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0465 [ 43 ] CVE-2011-0482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0482 [ 44 ] CVE-2011-0721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0721 [ 45 ] CVE-2011-0727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0727 [ 46 ] CVE-2011-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0904 [ 47 ] CVE-2011-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0905 [ 48 ] CVE-2011-1072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1072 [ 49 ] CVE-2011-1097 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1097 [ 50 ] CVE-2011-1144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1144 [ 51 ] CVE-2011-1425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1425 [ 52 ] CVE-2011-1572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1572 [ 53 ] CVE-2011-1760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1760 [ 54 ] CVE-2011-1951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1951 [ 55 ] CVE-2011-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2471 [ 56 ] CVE-2011-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2472 [ 57 ] CVE-2011-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2473 [ 58 ] CVE-2011-2524 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2524 [ 59 ] CVE-2011-3365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3365 [ 60 ] CVE-2011-3366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3366 [ 61 ] CVE-2011-3367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3367 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document. WebKit is prone to a remote code-execution vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application. This issue has been addressed in Apple Safari 5.0.1 and 4.1.1. NOTE: This issue was previously covered in BID 42020 (Apple Safari Prior to 5.0.1 and 4.1.1 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. The updated packages have been upgraded to the latest version (1.2.7) to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Multiple packages, Multiple vulnerabilities fixed in 2011 Date: December 11, 2014 Bugs: #194151, #294253, #294256, #334087, #344059, #346897, #350598, #352608, #354209, #355207, #356893, #358611, #358785, #358789, #360891, #361397, #362185, #366697, #366699, #369069, #370839, #372971, #376793, #381169, #386321, #386361 ID: 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information. Background ========== For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 games-sports/racer-bin >= 0.5.0-r1 Vulnerable! 2 media-libs/fmod < 4.38.00 >= 4.38.00 3 dev-php/PEAR-Mail < 1.2.0 >= 1.2.0 4 sys-fs/lvm2 < 2.02.72 >= 2.02.72 5 app-office/gnucash < 2.4.4 >= 2.4.4 6 media-libs/xine-lib < 1.1.19 >= 1.1.19 7 media-sound/lastfmplayer < 1.5.4.26862-r3 >= 1.5.4.26862-r3 8 net-libs/webkit-gtk < 1.2.7 >= 1.2.7 9 sys-apps/shadow < 4.1.4.3 >= 4.1.4.3 10 dev-php/PEAR-PEAR < 1.9.2-r1 >= 1.9.2-r1 11 dev-db/unixODBC < 2.3.0-r1 >= 2.3.0-r1 12 sys-cluster/resource-agents < 1.0.4-r1 >= 1.0.4-r1 13 net-misc/mrouted < 3.9.5 >= 3.9.5 14 net-misc/rsync < 3.0.8 >= 3.0.8 15 dev-libs/xmlsec < 1.2.17 >= 1.2.17 16 x11-apps/xrdb < 1.0.9 >= 1.0.9 17 net-misc/vino < 2.32.2 >= 2.32.2 18 dev-util/oprofile < 0.9.6-r1 >= 0.9.6-r1 19 app-admin/syslog-ng < 3.2.4 >= 3.2.4 20 net-analyzer/sflowtool < 3.20 >= 3.20 21 gnome-base/gdm < 3.8.4-r3 >= 3.8.4-r3 22 net-libs/libsoup < 2.34.3 >= 2.34.3 23 app-misc/ca-certificates < 20110502-r1 >= 20110502-r1 24 dev-vcs/gitolite < 1.5.9.1 >= 1.5.9.1 25 dev-util/qt-creator < 2.1.0 >= 2.1.0 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 25 affected packages Description =========== Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. * FMOD Studio * PEAR Mail * LVM2 * GnuCash * xine-lib * Last.fm Scrobbler * WebKitGTK+ * shadow tool suite * PEAR * unixODBC * Resource Agents * mrouted * rsync * XML Security Library * xrdb * Vino * OProfile * syslog-ng * sFlow Toolkit * GNOME Display Manager * libsoup * CA Certificates * Gitolite * QtCreator * Racer Impact ====== A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround ========== There are no known workarounds at this time. Resolution ========== All FMOD Studio users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/fmod-4.38.00" All PEAR Mail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-Mail-1.2.0" All LVM2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-fs/lvm2-2.02.72" All GnuCash users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-office/gnucash-2.4.4" All xine-lib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.19" All Last.fm Scrobbler users should upgrade to the latest version: # emerge --sync # emerge -a --oneshot -v ">=media-sound/lastfmplayer-1.5.4.26862-r3" All WebKitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-1.2.7" All shadow tool suite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.1.4.3" All PEAR users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-PEAR-1.9.2-r1" All unixODBC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/unixODBC-2.3.0-r1" All Resource Agents users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=sys-cluster/resource-agents-1.0.4-r1" All mrouted users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/mrouted-3.9.5" All rsync users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.0.8" All XML Security Library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/xmlsec-1.2.17" All xrdb users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-apps/xrdb-1.0.9" All Vino users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/vino-2.32.2" All OProfile users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/oprofile-0.9.6-r1" All syslog-ng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-3.2.4" All sFlow Toolkit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/sflowtool-3.20" All GNOME Display Manager users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=gnome-base/gdm-3.8.4-r3" All libsoup users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/libsoup-2.34.3" All CA Certificates users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-misc/ca-certificates-20110502-r1" All Gitolite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/gitolite-1.5.9.1" All QtCreator users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/qt-creator-2.1.0" Gentoo has discontinued support for Racer. We recommend that users unmerge Racer: # emerge --unmerge "games-sports/racer-bin" NOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2012. It is likely that your system is already no longer affected by these issues. References ========== [ 1 ] CVE-2007-4370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4370 [ 2 ] CVE-2009-4023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4023 [ 3 ] CVE-2009-4111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4111 [ 4 ] CVE-2010-0778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0778 [ 5 ] CVE-2010-1780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1780 [ 6 ] CVE-2010-1782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1782 [ 7 ] CVE-2010-1783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1783 [ 8 ] CVE-2010-1784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1784 [ 9 ] CVE-2010-1785 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1785 [ 10 ] CVE-2010-1786 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1786 [ 11 ] CVE-2010-1787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1787 [ 12 ] CVE-2010-1788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1788 [ 13 ] CVE-2010-1790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1790 [ 14 ] CVE-2010-1791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1791 [ 15 ] CVE-2010-1792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1792 [ 16 ] CVE-2010-1793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1793 [ 17 ] CVE-2010-1807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1807 [ 18 ] CVE-2010-1812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1812 [ 19 ] CVE-2010-1814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1814 [ 20 ] CVE-2010-1815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1815 [ 21 ] CVE-2010-2526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2526 [ 22 ] CVE-2010-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2901 [ 23 ] CVE-2010-3255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3255 [ 24 ] CVE-2010-3257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3257 [ 25 ] CVE-2010-3259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3259 [ 26 ] CVE-2010-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3362 [ 27 ] CVE-2010-3374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3374 [ 28 ] CVE-2010-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3389 [ 29 ] CVE-2010-3812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3812 [ 30 ] CVE-2010-3813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3813 [ 31 ] CVE-2010-3999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3999 [ 32 ] CVE-2010-4042 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4042 [ 33 ] CVE-2010-4197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4197 [ 34 ] CVE-2010-4198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4198 [ 35 ] CVE-2010-4204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4204 [ 36 ] CVE-2010-4206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4206 [ 37 ] CVE-2010-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4492 [ 38 ] CVE-2010-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4493 [ 39 ] CVE-2010-4577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4577 [ 40 ] CVE-2010-4578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4578 [ 41 ] CVE-2011-0007 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0007 [ 42 ] CVE-2011-0465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0465 [ 43 ] CVE-2011-0482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0482 [ 44 ] CVE-2011-0721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0721 [ 45 ] CVE-2011-0727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0727 [ 46 ] CVE-2011-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0904 [ 47 ] CVE-2011-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0905 [ 48 ] CVE-2011-1072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1072 [ 49 ] CVE-2011-1097 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1097 [ 50 ] CVE-2011-1144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1144 [ 51 ] CVE-2011-1425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1425 [ 52 ] CVE-2011-1572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1572 [ 53 ] CVE-2011-1760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1760 [ 54 ] CVE-2011-1951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1951 [ 55 ] CVE-2011-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2471 [ 56 ] CVE-2011-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2472 [ 57 ] CVE-2011-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2473 [ 58 ] CVE-2011-2524 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2524 [ 59 ] CVE-2011-3365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3365 [ 60 ] CVE-2011-3366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3366 [ 61 ] CVE-2011-3367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3367 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index. This issue has been addressed in Apple Safari 5.0.1 and 4.1.1. Safari is prone to multiple security vulnerabilities that have been addressed in Apple security advisory APPLE-SA-2010-07-28-1. These issues affect versions prior to Safari 5.0.1 and 4.1.1 running on Apple Mac OS X, Windows 7, XP, and Vista. Attackers can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage. Successful attacks may result in information disclosure, remote code execution, denial of service, or other consequences. This BID is being retired. The following individual records exist to better document these issues: 41884 Apple Safari Personal Address Book AutoFill Information Disclosure Weakness 42034 WebKit Inline Elements Remote Memory Corruption Vulnerability 42035 WebKit CVE-2010-1783 Remote Memory Corruption Vulnerability 42036 WebKit CSS Counters Remote Memory Corruption Vulnerability 42037 WebKit ':first-letter' and ':first-line' Pseudo-Elements Remote Memory Corruption Vulnerability 42038 WebKit CVE-2010-1787 Floating Elements Remote Memory Corruption Vulnerability 42039 Apple Safari RSS Feed Information Disclosure Vulnerability 42041 WebKit 'use' Element Handling Remote Memory Corruption Vulnerability 42042 WebKit Regular Expression Handling Remote Memory Corruption Vulnerability 42043 WebKit Just-In-Time Compiled JavaScript Stubs Remote Code Execution Vulnerability 42044 WebKit Element Focus Use-After-Free Remote Code Execution Vulnerability 42045 WebKit JavaScript Array Signedness Error Remote Code Execution Vulnerability 42046 WebKit 'foreignObject' Elements Use-After-Free Remote Code Execution Vulnerability 42048 WebKit JavaScript String Object Remote Heap Based Buffer Overflow Vulnerability 42049 WebKit 'font-face' and 'use' Elements Use-After-Free Remote Code Execution Vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. The updated packages have been upgraded to the latest version (1.2.7) to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple iOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42314 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42314/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42314 RELEASE DATE: 2010-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/42314/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42314/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42314 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose sensitive information, bypass certain security restrictions, or to compromise a user's system. For more information: SA40257 SA41328 SA42151 SA42312 SOLUTION: Upgrade to iOS 4.2 (downloadable and installable via iTunes). ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4456 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Multiple packages, Multiple vulnerabilities fixed in 2011 Date: December 11, 2014 Bugs: #194151, #294253, #294256, #334087, #344059, #346897, #350598, #352608, #354209, #355207, #356893, #358611, #358785, #358789, #360891, #361397, #362185, #366697, #366699, #369069, #370839, #372971, #376793, #381169, #386321, #386361 ID: 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. Please see the package list and CVE identifiers below for more information. Background ========== For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 games-sports/racer-bin >= 0.5.0-r1 Vulnerable! 2 media-libs/fmod < 4.38.00 >= 4.38.00 3 dev-php/PEAR-Mail < 1.2.0 >= 1.2.0 4 sys-fs/lvm2 < 2.02.72 >= 2.02.72 5 app-office/gnucash < 2.4.4 >= 2.4.4 6 media-libs/xine-lib < 1.1.19 >= 1.1.19 7 media-sound/lastfmplayer < 1.5.4.26862-r3 >= 1.5.4.26862-r3 8 net-libs/webkit-gtk < 1.2.7 >= 1.2.7 9 sys-apps/shadow < 4.1.4.3 >= 4.1.4.3 10 dev-php/PEAR-PEAR < 1.9.2-r1 >= 1.9.2-r1 11 dev-db/unixODBC < 2.3.0-r1 >= 2.3.0-r1 12 sys-cluster/resource-agents < 1.0.4-r1 >= 1.0.4-r1 13 net-misc/mrouted < 3.9.5 >= 3.9.5 14 net-misc/rsync < 3.0.8 >= 3.0.8 15 dev-libs/xmlsec < 1.2.17 >= 1.2.17 16 x11-apps/xrdb < 1.0.9 >= 1.0.9 17 net-misc/vino < 2.32.2 >= 2.32.2 18 dev-util/oprofile < 0.9.6-r1 >= 0.9.6-r1 19 app-admin/syslog-ng < 3.2.4 >= 3.2.4 20 net-analyzer/sflowtool < 3.20 >= 3.20 21 gnome-base/gdm < 3.8.4-r3 >= 3.8.4-r3 22 net-libs/libsoup < 2.34.3 >= 2.34.3 23 app-misc/ca-certificates < 20110502-r1 >= 20110502-r1 24 dev-vcs/gitolite < 1.5.9.1 >= 1.5.9.1 25 dev-util/qt-creator < 2.1.0 >= 2.1.0 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 25 affected packages Description =========== Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. * FMOD Studio * PEAR Mail * LVM2 * GnuCash * xine-lib * Last.fm Scrobbler * WebKitGTK+ * shadow tool suite * PEAR * unixODBC * Resource Agents * mrouted * rsync * XML Security Library * xrdb * Vino * OProfile * syslog-ng * sFlow Toolkit * GNOME Display Manager * libsoup * CA Certificates * Gitolite * QtCreator * Racer Impact ====== A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround ========== There are no known workarounds at this time. Resolution ========== All FMOD Studio users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/fmod-4.38.00" All PEAR Mail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-Mail-1.2.0" All LVM2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-fs/lvm2-2.02.72" All GnuCash users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-office/gnucash-2.4.4" All xine-lib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.19" All Last.fm Scrobbler users should upgrade to the latest version: # emerge --sync # emerge -a --oneshot -v ">=media-sound/lastfmplayer-1.5.4.26862-r3" All WebKitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-1.2.7" All shadow tool suite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.1.4.3" All PEAR users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-PEAR-1.9.2-r1" All unixODBC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/unixODBC-2.3.0-r1" All Resource Agents users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=sys-cluster/resource-agents-1.0.4-r1" All mrouted users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/mrouted-3.9.5" All rsync users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.0.8" All XML Security Library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/xmlsec-1.2.17" All xrdb users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-apps/xrdb-1.0.9" All Vino users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/vino-2.32.2" All OProfile users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/oprofile-0.9.6-r1" All syslog-ng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-3.2.4" All sFlow Toolkit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/sflowtool-3.20" All GNOME Display Manager users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=gnome-base/gdm-3.8.4-r3" All libsoup users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/libsoup-2.34.3" All CA Certificates users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-misc/ca-certificates-20110502-r1" All Gitolite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/gitolite-1.5.9.1" All QtCreator users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/qt-creator-2.1.0" Gentoo has discontinued support for Racer. We recommend that users unmerge Racer: # emerge --unmerge "games-sports/racer-bin" NOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2012. It is likely that your system is already no longer affected by these issues. References ========== [ 1 ] CVE-2007-4370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4370 [ 2 ] CVE-2009-4023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4023 [ 3 ] CVE-2009-4111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4111 [ 4 ] CVE-2010-0778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0778 [ 5 ] CVE-2010-1780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1780 [ 6 ] CVE-2010-1782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1782 [ 7 ] CVE-2010-1783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1783 [ 8 ] CVE-2010-1784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1784 [ 9 ] CVE-2010-1785 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1785 [ 10 ] CVE-2010-1786 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1786 [ 11 ] CVE-2010-1787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1787 [ 12 ] CVE-2010-1788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1788 [ 13 ] CVE-2010-1790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1790 [ 14 ] CVE-2010-1791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1791 [ 15 ] CVE-2010-1792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1792 [ 16 ] CVE-2010-1793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1793 [ 17 ] CVE-2010-1807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1807 [ 18 ] CVE-2010-1812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1812 [ 19 ] CVE-2010-1814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1814 [ 20 ] CVE-2010-1815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1815 [ 21 ] CVE-2010-2526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2526 [ 22 ] CVE-2010-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2901 [ 23 ] CVE-2010-3255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3255 [ 24 ] CVE-2010-3257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3257 [ 25 ] CVE-2010-3259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3259 [ 26 ] CVE-2010-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3362 [ 27 ] CVE-2010-3374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3374 [ 28 ] CVE-2010-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3389 [ 29 ] CVE-2010-3812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3812 [ 30 ] CVE-2010-3813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3813 [ 31 ] CVE-2010-3999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3999 [ 32 ] CVE-2010-4042 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4042 [ 33 ] CVE-2010-4197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4197 [ 34 ] CVE-2010-4198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4198 [ 35 ] CVE-2010-4204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4204 [ 36 ] CVE-2010-4206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4206 [ 37 ] CVE-2010-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4492 [ 38 ] CVE-2010-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4493 [ 39 ] CVE-2010-4577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4577 [ 40 ] CVE-2010-4578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4578 [ 41 ] CVE-2011-0007 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0007 [ 42 ] CVE-2011-0465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0465 [ 43 ] CVE-2011-0482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0482 [ 44 ] CVE-2011-0721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0721 [ 45 ] CVE-2011-0727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0727 [ 46 ] CVE-2011-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0904 [ 47 ] CVE-2011-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0905 [ 48 ] CVE-2011-1072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1072 [ 49 ] CVE-2011-1097 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1097 [ 50 ] CVE-2011-1144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1144 [ 51 ] CVE-2011-1425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1425 [ 52 ] CVE-2011-1572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1572 [ 53 ] CVE-2011-1760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1760 [ 54 ] CVE-2011-1951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1951 [ 55 ] CVE-2011-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2471 [ 56 ] CVE-2011-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2472 [ 57 ] CVE-2011-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2473 [ 58 ] CVE-2011-2524 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2524 [ 59 ] CVE-2011-3365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3365 [ 60 ] CVE-2011-3366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3366 [ 61 ] CVE-2011-3367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3367 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . For more information: SA32349 SA33495 SA35095 SA35379 SA35411 SA35449 SA35758 SA36269 SA36677 SA37273 SA37346 SA37769 SA38061 SA38545 SA38932 SA39029 SA39091 SA39384 SA39661 SA39937 SA40002 SA40072 SA40105 SA40112 SA40148 SA40196 SA40257 SA40664 SA40783 SA41014 SA41085 SA41242 SA41328 SA41390 SA41443 SA41535 SA41841 SA41888 SA41968 SA42151 SA42264 SA42290 SA42312 SA42443 SA42461 SA42658 SA42769 SA42886 SA42956 SA43053 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression. This issue has been addressed in Apple Safari 5.0.1 and 4.1.1. Safari is prone to multiple security vulnerabilities that have been addressed in Apple security advisory APPLE-SA-2010-07-28-1. Attackers can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage. Successful attacks may result in information disclosure, remote code execution, denial of service, or other consequences. This BID is being retired. The following individual records exist to better document these issues: 41884 Apple Safari Personal Address Book AutoFill Information Disclosure Weakness 42034 WebKit Inline Elements Remote Memory Corruption Vulnerability 42035 WebKit CVE-2010-1783 Remote Memory Corruption Vulnerability 42036 WebKit CSS Counters Remote Memory Corruption Vulnerability 42037 WebKit ':first-letter' and ':first-line' Pseudo-Elements Remote Memory Corruption Vulnerability 42038 WebKit CVE-2010-1787 Floating Elements Remote Memory Corruption Vulnerability 42039 Apple Safari RSS Feed Information Disclosure Vulnerability 42041 WebKit 'use' Element Handling Remote Memory Corruption Vulnerability 42042 WebKit Regular Expression Handling Remote Memory Corruption Vulnerability 42043 WebKit Just-In-Time Compiled JavaScript Stubs Remote Code Execution Vulnerability 42044 WebKit Element Focus Use-After-Free Remote Code Execution Vulnerability 42045 WebKit JavaScript Array Signedness Error Remote Code Execution Vulnerability 42046 WebKit 'foreignObject' Elements Use-After-Free Remote Code Execution Vulnerability 42048 WebKit JavaScript String Object Remote Heap Based Buffer Overflow Vulnerability 42049 WebKit 'font-face' and 'use' Elements Use-After-Free Remote Code Execution Vulnerability. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Ubuntu update for webkit SECUNIA ADVISORY ID: SA41856 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41856/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41856 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41856/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41856/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41856 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for webkit. This fixes multiple vulnerabilities, some of which have an unknown impact while others can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct spoofing or cross-site scripting attacks, and potentially compromise a user's system. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1006-1: http://www.ubuntu.com/usn/usn-1006-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Multiple packages, Multiple vulnerabilities fixed in 2011 Date: December 11, 2014 Bugs: #194151, #294253, #294256, #334087, #344059, #346897, #350598, #352608, #354209, #355207, #356893, #358611, #358785, #358789, #360891, #361397, #362185, #366697, #366699, #369069, #370839, #372971, #376793, #381169, #386321, #386361 ID: 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. Please see the package list and CVE identifiers below for more information. Background ========== For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 games-sports/racer-bin >= 0.5.0-r1 Vulnerable! 2 media-libs/fmod < 4.38.00 >= 4.38.00 3 dev-php/PEAR-Mail < 1.2.0 >= 1.2.0 4 sys-fs/lvm2 < 2.02.72 >= 2.02.72 5 app-office/gnucash < 2.4.4 >= 2.4.4 6 media-libs/xine-lib < 1.1.19 >= 1.1.19 7 media-sound/lastfmplayer < 1.5.4.26862-r3 >= 1.5.4.26862-r3 8 net-libs/webkit-gtk < 1.2.7 >= 1.2.7 9 sys-apps/shadow < 4.1.4.3 >= 4.1.4.3 10 dev-php/PEAR-PEAR < 1.9.2-r1 >= 1.9.2-r1 11 dev-db/unixODBC < 2.3.0-r1 >= 2.3.0-r1 12 sys-cluster/resource-agents < 1.0.4-r1 >= 1.0.4-r1 13 net-misc/mrouted < 3.9.5 >= 3.9.5 14 net-misc/rsync < 3.0.8 >= 3.0.8 15 dev-libs/xmlsec < 1.2.17 >= 1.2.17 16 x11-apps/xrdb < 1.0.9 >= 1.0.9 17 net-misc/vino < 2.32.2 >= 2.32.2 18 dev-util/oprofile < 0.9.6-r1 >= 0.9.6-r1 19 app-admin/syslog-ng < 3.2.4 >= 3.2.4 20 net-analyzer/sflowtool < 3.20 >= 3.20 21 gnome-base/gdm < 3.8.4-r3 >= 3.8.4-r3 22 net-libs/libsoup < 2.34.3 >= 2.34.3 23 app-misc/ca-certificates < 20110502-r1 >= 20110502-r1 24 dev-vcs/gitolite < 1.5.9.1 >= 1.5.9.1 25 dev-util/qt-creator < 2.1.0 >= 2.1.0 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 25 affected packages Description =========== Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. * FMOD Studio * PEAR Mail * LVM2 * GnuCash * xine-lib * Last.fm Scrobbler * WebKitGTK+ * shadow tool suite * PEAR * unixODBC * Resource Agents * mrouted * rsync * XML Security Library * xrdb * Vino * OProfile * syslog-ng * sFlow Toolkit * GNOME Display Manager * libsoup * CA Certificates * Gitolite * QtCreator * Racer Impact ====== A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround ========== There are no known workarounds at this time. Resolution ========== All FMOD Studio users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/fmod-4.38.00" All PEAR Mail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-Mail-1.2.0" All LVM2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-fs/lvm2-2.02.72" All GnuCash users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-office/gnucash-2.4.4" All xine-lib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.19" All Last.fm Scrobbler users should upgrade to the latest version: # emerge --sync # emerge -a --oneshot -v ">=media-sound/lastfmplayer-1.5.4.26862-r3" All WebKitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-1.2.7" All shadow tool suite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.1.4.3" All PEAR users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-PEAR-1.9.2-r1" All unixODBC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/unixODBC-2.3.0-r1" All Resource Agents users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=sys-cluster/resource-agents-1.0.4-r1" All mrouted users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/mrouted-3.9.5" All rsync users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.0.8" All XML Security Library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/xmlsec-1.2.17" All xrdb users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-apps/xrdb-1.0.9" All Vino users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/vino-2.32.2" All OProfile users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/oprofile-0.9.6-r1" All syslog-ng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-3.2.4" All sFlow Toolkit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/sflowtool-3.20" All GNOME Display Manager users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=gnome-base/gdm-3.8.4-r3" All libsoup users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/libsoup-2.34.3" All CA Certificates users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-misc/ca-certificates-20110502-r1" All Gitolite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/gitolite-1.5.9.1" All QtCreator users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/qt-creator-2.1.0" Gentoo has discontinued support for Racer. We recommend that users unmerge Racer: # emerge --unmerge "games-sports/racer-bin" NOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2012. It is likely that your system is already no longer affected by these issues. References ========== [ 1 ] CVE-2007-4370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4370 [ 2 ] CVE-2009-4023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4023 [ 3 ] CVE-2009-4111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4111 [ 4 ] CVE-2010-0778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0778 [ 5 ] CVE-2010-1780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1780 [ 6 ] CVE-2010-1782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1782 [ 7 ] CVE-2010-1783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1783 [ 8 ] CVE-2010-1784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1784 [ 9 ] CVE-2010-1785 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1785 [ 10 ] CVE-2010-1786 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1786 [ 11 ] CVE-2010-1787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1787 [ 12 ] CVE-2010-1788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1788 [ 13 ] CVE-2010-1790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1790 [ 14 ] CVE-2010-1791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1791 [ 15 ] CVE-2010-1792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1792 [ 16 ] CVE-2010-1793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1793 [ 17 ] CVE-2010-1807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1807 [ 18 ] CVE-2010-1812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1812 [ 19 ] CVE-2010-1814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1814 [ 20 ] CVE-2010-1815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1815 [ 21 ] CVE-2010-2526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2526 [ 22 ] CVE-2010-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2901 [ 23 ] CVE-2010-3255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3255 [ 24 ] CVE-2010-3257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3257 [ 25 ] CVE-2010-3259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3259 [ 26 ] CVE-2010-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3362 [ 27 ] CVE-2010-3374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3374 [ 28 ] CVE-2010-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3389 [ 29 ] CVE-2010-3812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3812 [ 30 ] CVE-2010-3813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3813 [ 31 ] CVE-2010-3999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3999 [ 32 ] CVE-2010-4042 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4042 [ 33 ] CVE-2010-4197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4197 [ 34 ] CVE-2010-4198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4198 [ 35 ] CVE-2010-4204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4204 [ 36 ] CVE-2010-4206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4206 [ 37 ] CVE-2010-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4492 [ 38 ] CVE-2010-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4493 [ 39 ] CVE-2010-4577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4577 [ 40 ] CVE-2010-4578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4578 [ 41 ] CVE-2011-0007 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0007 [ 42 ] CVE-2011-0465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0465 [ 43 ] CVE-2011-0482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0482 [ 44 ] CVE-2011-0721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0721 [ 45 ] CVE-2011-0727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0727 [ 46 ] CVE-2011-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0904 [ 47 ] CVE-2011-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0905 [ 48 ] CVE-2011-1072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1072 [ 49 ] CVE-2011-1097 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1097 [ 50 ] CVE-2011-1144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1144 [ 51 ] CVE-2011-1425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1425 [ 52 ] CVE-2011-1572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1572 [ 53 ] CVE-2011-1760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1760 [ 54 ] CVE-2011-1951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1951 [ 55 ] CVE-2011-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2471 [ 56 ] CVE-2011-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2472 [ 57 ] CVE-2011-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2473 [ 58 ] CVE-2011-2524 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2524 [ 59 ] CVE-2011-3365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3365 [ 60 ] CVE-2011-3366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3366 [ 61 ] CVE-2011-3367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3367 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM)

Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object. This issue has been addressed in Apple Safari 5.0.1 and 4.1.1. Safari is prone to multiple security vulnerabilities that have been addressed in Apple security advisory APPLE-SA-2010-07-28-1. Attackers can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage. Successful attacks may result in information disclosure, remote code execution, denial of service, or other consequences. This BID is being retired. The following individual records exist to better document these issues: 41884 Apple Safari Personal Address Book AutoFill Information Disclosure Weakness 42034 WebKit Inline Elements Remote Memory Corruption Vulnerability 42035 WebKit CVE-2010-1783 Remote Memory Corruption Vulnerability 42036 WebKit CSS Counters Remote Memory Corruption Vulnerability 42037 WebKit ':first-letter' and ':first-line' Pseudo-Elements Remote Memory Corruption Vulnerability 42038 WebKit CVE-2010-1787 Floating Elements Remote Memory Corruption Vulnerability 42039 Apple Safari RSS Feed Information Disclosure Vulnerability 42041 WebKit 'use' Element Handling Remote Memory Corruption Vulnerability 42042 WebKit Regular Expression Handling Remote Memory Corruption Vulnerability 42043 WebKit Just-In-Time Compiled JavaScript Stubs Remote Code Execution Vulnerability 42044 WebKit Element Focus Use-After-Free Remote Code Execution Vulnerability 42045 WebKit JavaScript Array Signedness Error Remote Code Execution Vulnerability 42046 WebKit 'foreignObject' Elements Use-After-Free Remote Code Execution Vulnerability 42048 WebKit JavaScript String Object Remote Heap Based Buffer Overflow Vulnerability 42049 WebKit 'font-face' and 'use' Elements Use-After-Free Remote Code Execution Vulnerability. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple iOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42314 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42314/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42314 RELEASE DATE: 2010-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/42314/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42314/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42314 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose sensitive information, bypass certain security restrictions, or to compromise a user's system. For more information: SA40257 SA41328 SA42151 SA42312 SOLUTION: Upgrade to iOS 4.2 (downloadable and installable via iTunes). ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4456 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . For more information: SA32349 SA33495 SA35095 SA35379 SA35411 SA35449 SA35758 SA36269 SA36677 SA37273 SA37346 SA37769 SA38061 SA38545 SA38932 SA39029 SA39091 SA39384 SA39661 SA39937 SA40002 SA40072 SA40105 SA40112 SA40148 SA40196 SA40257 SA40664 SA40783 SA41014 SA41085 SA41242 SA41328 SA41390 SA41443 SA41535 SA41841 SA41888 SA41968 SA42151 SA42264 SA42290 SA42312 SA42443 SA42461 SA42658 SA42769 SA42886 SA42956 SA43053 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server